apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: name: contour.tanzu.vmware.com.1.29.3+vmware.1-tkg.1 spec: capacityRequirementsDescription: Varies significantly based on number of Services, Ingresses/HTTPProxies, etc. A starting point is 128MB RAM and 0.5 CPU for each Contour and Envoy pod, but this can and should be tuned based on observed usage. licenses: - "VMware\u2019s End User License Agreement (Underlying OSS license: Apache License\ \ 2.0)" refName: contour.tanzu.vmware.com releaseNotes: contour 1.29.3 https://github.com/projectcontour/contour/releases/tag/v1.29.3 releasedAt: '2024-02-13T00:00:00Z' template: spec: deploy: - kapp: rawOptions: - --wait-timeout=5m - --kube-api-qps=20 - --kube-api-burst=30 fetch: - imgpkgBundle: image: projects.packages.broadcom.com/vsphere/supervisor/packages/2025.1.23/vks-standard-packages@sha256:05eda21030c23f11a7fc6d10b9688bb924b9a55fd878a183f80a90d5932f4eda template: - ytt: ignoreUnknownComments: true paths: - config/ - kbld: paths: - '-' - .imgpkg/images.yml valuesSchema: openAPIv3: additionalProperties: false description: OpenAPIv3 Schema for Contour 1.29.3 properties: certificates: additionalProperties: false description: Settings for the TLS certificates for securing communication between Contour and Envoy. properties: caDuration: default: 8760h description: How long the CA certificate should be valid for. type: string caRenewBefore: default: 720h description: How long before expiration the CA certificate should be renewed. type: string duration: default: null description: 'How long the certificates should be valid for. Deprecated: Use caDuration and leafDuration instead. For backwards compatibility if this is set it will take precedence over caDuration and leafDuration.' nullable: true type: string leafDuration: default: 720h description: How long the leaf certificates should be valid for. The leaf certificates are the certificates signed by the CA certificate. type: string leafRenewBefore: default: 360h description: How long before expiration the leaf certificates should be renewed. The leaf certificates are the certificates signed by the CA certificate. It is recommended to set this to a value that is at least the leaf duration minus the ca certificate renew before, so the leaf certificates can be rotated every CA renew cycle. type: string renewBefore: default: null description: 'How long before expiration the certificates should be renewed. Deprecated: Use caRenewBefore and leafRenewBefore instead. For backwards compatibility if this is set it will take precedence over caRenewBefore and leafRenewBefore.' nullable: true type: string type: object contour: additionalProperties: false description: Settings for the Contour component. properties: configFileContents: default: null description: The YAML contents of the Contour config file. See https://projectcontour.io/docs/1.29/configuration/#configuration-file for more information. nullable: true listenIPFamily: default: IPv6 description: The IP family for the Contour control plane's xDS, metrics and health servers. IPv6 (the default) listens on IPv6 and IPv4 addresses, while IPv4 only listens on IPv4. type: string logLevel: default: info description: The Contour log level. Valid options are 'info' and 'debug'. type: string pspNames: default: vmware-system-restricted description: Pod security policy names to apply to Contour. type: string replicas: default: 2 description: How many Contour pod replicas to have. type: integer resources: additionalProperties: false description: Resource requests and limits to apply to containers in the Contour pods. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information including allowed units. properties: contour: additionalProperties: false description: Resource requests and limits to apply to the contour container. nullable: true properties: limits: additionalProperties: false description: Resource limits to apply to the contour container. nullable: true properties: cpu: default: '' description: CPU limit to apply to the contour container. type: string memory: default: '' description: Memory limit to apply to the contour container. type: string type: object requests: additionalProperties: false description: Resource requests to apply to the contour container. nullable: true properties: cpu: default: '' description: CPU request to apply to the contour container. type: string memory: default: '' description: Memory request to apply to the contour container. type: string type: object type: object type: object service: additionalProperties: false description: Contour service settings. properties: ipFamilies: default: [] description: The IP families for the Contour service. If not specified, this is determined by Kubernetes based on the IP family policy and the cluster's configuration. items: default: '' type: string type: array ipFamilyPolicy: default: '' description: The IP family policy for the Contour service. If not specified, the Kubernetes default (SingleStack) applies. type: string type: object useProxyProtocol: default: false description: Whether to enable PROXY protocol for all Envoy listeners. type: boolean type: object envoy: additionalProperties: false description: Settings for the Envoy component. properties: hostNetwork: default: false description: Whether to enable host networking for the Envoy pods. type: boolean hostPorts: additionalProperties: false description: Host port settings for the Envoy pods. properties: enable: default: true description: Whether to enable host ports. If false, http & https are ignored. type: boolean http: default: 80 description: If enable == true, the host port number to expose Envoy's HTTP listener on. type: integer https: default: 443 description: If enable == true, the host port number to expose Envoy's HTTPS listener on. type: integer type: object listenIPFamily: default: IPv6 description: The IP family for the Envoy listeners. IPv6 (the default) listens on IPv6 and IPv4 addresses, while IPv4 only listens on IPv4. type: string logLevel: default: info description: The Envoy log level. type: string pspNames: default: '' description: Pod security policy names to apply to Envoy. type: string service: additionalProperties: false description: Envoy service settings. properties: annotations: default: null description: Annotations to set on the Envoy service. nullable: true aws: additionalProperties: false description: AWS-specific settings for the Envoy service. If infrastructure provider is not 'aws', these settings are ignored. properties: LBType: default: classic description: The type of AWS load balancer to provision. Options are 'classic' and 'nlb'. type: string type: object disableWait: default: false description: This setting is no longer supported and is included in the schema for backwards compatibility only. type: boolean externalTrafficPolicy: default: '' description: The external traffic policy for the Envoy service. If type is 'ClusterIP', this field is ignored. Otherwise, defaults to 'Cluster' for vsphere and 'Local' for others. type: string ipFamilies: default: [] description: The IP families for the Envoy service. If not specified, this is determined by Kubernetes based on the IP family policy and the cluster's configuration. items: default: '' type: string type: array ipFamilyPolicy: default: '' description: The IP family policy for the Envoy service. If not specified, the Kubernetes default (SingleStack) applies. type: string loadBalancerIP: default: '' description: The desired load balancer IP. If type is not 'LoadBalancer', this field is ignored. It is up to the cloud provider whether to honor this request. If not specified, then load balancer IP will be assigned by the cloud provider. This field configures the Service.Spec.LoadBalancerIP field which is deprecated as of Kubernetes 1.24. Users are encouraged to use cloud-provider specific Service annotations instead. type: string loadBalancerTLSTermination: default: false description: When true, forwards traffic from 443 on the LoadBalancer to 8080 on the Envoy pod when terminating TLS at the LoadBalancer. Removes the http port entry on the Envoy Service. type: boolean nodePorts: additionalProperties: false description: NodePort settings for the Envoy service. If type is not 'NodePort' or 'LoadBalancer', these settings are ignored. properties: http: default: 0 description: The node port number to expose Envoy's HTTP listener on. If not specified, a node port will be auto-assigned by Kubernetes. If loadBalancerTLSTermination is true, this value will be ignored, as the http port entry will be removed. type: integer https: default: 0 description: The node port number to expose Envoy's HTTPS listener on. If not specified, a node port will be auto-assigned by Kubernetes. type: integer type: object type: default: '' description: The type of Kubernetes service to provision for Envoy. Valid values are 'LoadBalancer', 'NodePort', and 'ClusterIP'. If not specified, will default to 'NodePort' for vsphere and 'LoadBalancer' for others. type: string type: object terminationGracePeriodSeconds: default: 300 description: The termination grace period, in seconds, for the Envoy pods. type: integer workload: additionalProperties: false description: Envoy workload settings. properties: replicas: default: 2 description: The number of Envoy replicas to deploy when 'type' is set to 'Deployment'. If not specified, it will default to '2'. type: integer resources: additionalProperties: false description: Resource requests and limits to apply to containers in the Envoy pods. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information including allowed units. properties: envoy: additionalProperties: false description: Resource requests and limits to apply to the envoy container. nullable: true properties: limits: additionalProperties: false description: Resource limits to apply to the envoy container. nullable: true properties: cpu: default: '' description: CPU limit to apply to the envoy container. type: string memory: default: '' description: Memory limit to apply to the envoy container. type: string type: object requests: additionalProperties: false description: Resource requests to apply to the envoy container. nullable: true properties: cpu: default: '' description: CPU request to apply to the envoy container. type: string memory: default: '' description: Memory request to apply to the envoy container. type: string type: object type: object shutdownManager: additionalProperties: false description: Resource requests and limits to apply to the shutdown-manager container. nullable: true properties: limits: additionalProperties: false description: Resource limits to apply to the shutdown-manager container. nullable: true properties: cpu: default: '' description: CPU limit to apply to the shutdown-manager container. type: string memory: default: '' description: Memory limit to apply to the shutdown-manager container. type: string type: object requests: additionalProperties: false description: Resource requests to apply to the shutdown-manager container. nullable: true properties: cpu: default: '' description: CPU request to apply to the shutdown-manager container. type: string memory: default: '' description: Memory request to apply to the shutdown-manager container. type: string type: object type: object type: object type: default: DaemonSet description: The type of Kubernetes workload Envoy is deployed as. Options are 'Deployment' or 'DaemonSet'. If not specified, will default to 'DaemonSet'. type: string type: object type: object infrastructure_provider: default: vsphere description: The underlying infrastructure provider. Options are vsphere, aws, and azure. This field is not required, but enables better validation and defaulting if provided. type: string kubernetes_distribution: default: '' description: The distribution of Kubernetes, used to determine if distribution-specific configurations need to be applied. Options are empty and openshift. If running on an Openshift cluster, this must be set to openshift. When set to openshift, a Role and RoleBinding are created to associate Contour's controllers with the appropriate Openshift Security Context Constraint resource. type: string kubernetes_version: default: 0.0.0 description: The version of Kubernetes being used, for enabling version-specific behaviors. Accept any valid major.minor.patch version of Kubernetes. This field is optional. Currently only has effect when kubernetes_distribution is set to openshift. type: string namespace: default: tanzu-system-ingress description: The namespace in which to deploy Contour and Envoy. type: string registry_secret_names: default: - contour-reg-creds description: The names of the placeholder secrets that will contain registry credentials to pull the Contour and Envoy images. items: default: '' type: string type: array type: object version: 1.29.3+vmware.1-tkg.1 --- apiVersion: data.packaging.carvel.dev/v1alpha1 kind: PackageMetadata metadata: name: contour.tanzu.vmware.com spec: categories: - ingress - envoy - contour displayName: contour iconSVGBase64: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAzNjAgMzYwIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6IzAwOWNkYzt9PC9zdHlsZT48L2RlZnM+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMjMzLjQ5MzU0LDEzLjYwNzQyQTE3Mi41NDE2NiwxNzIuNTQxNjYsMCwwLDAsMTg5LjYwMSw1LjQzODE0Yy0xOC4xMDk1OSw5OS44NzYtNjguMDE5MzUsMTY5Ljc2MzQyLTExMS4yOTYzNCwyMTMuNTM4QTQzMC42MDM4OCw0MzAuNjAzODgsMCwwLDEsMjcuOTk3LDI2Mi40ODQzN2ExNzQuMTU5ODMsMTc0LjE1OTgzLDAsMCwwLDEzLjk4MDY2LDIxLjQwNzc1YzI3LjIyMi0xNy4yMzI0Niw1Mi4xNzU4Mi0zNi44MDY1OCw3MS42ODAzLTU1LjM4NTc3QzE2MC4yODkzNiwxODQuMDg3NTgsMjE0LjA3NzQ2LDExMy40OTg1NSwyMzMuNDkzNTQsMTMuNjA3NDJaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMjkxLjg4OTM3LDEyMy45NDY3QTM3Mi41NDI4OSwzNzIuNTQyODksMCwwLDAsMzE1LjI5NjE5LDcwLjAzOSwxNzUuMTA3NzIsMTc1LjEwNzcyLDAsMCwwLDI4NC42NjU3Nyw0MC4zMDMyYy0yMy44NDQxMiw5NC4xNzk4Ny03OS40NDQ1NywxNjIuMTA2MTMtMTI3Ljk3OTI4LDIwNS45MDM1OWE0OTcuNjM2NjIsNDk3LjYzNjYyLDAsMCwxLTg5LjYyNDgyLDY0LjI1NDI5LDE3NC43NzM3MywxNzQuNzczNzMsMCwwLDAsMTQuNzE4NywxMS4zNzIzN0E1MTcuMTc5NDksNTE3LjE3OTQ5LDAsMCwwLDE4OC4yNzg2NSwyNTEuMTM2QzIzMi4xOTIxLDIxMy40MDI2NywyNjcuMDUyMTIsMTcwLjYwOTcxLDI5MS44ODkzNywxMjMuOTQ2N1oiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yNzcuMTUwODIsMzQuODk4ODFBMTczLjI0MjA2LDE3My4yNDIwNiwwLDAsMCwyMzguODU1OSwxNS40MjU3MkMyMTkuMDU2MSwxMTYuMzIxLDE2NC42ODA0MiwxODcuNjQ2MjUsMTE3LjUyMzI4LDIzMi41NjUxYTQ2NC4xMzgyNyw0NjQuMTM4MjcsMCwwLDEtNzEuODE3NzcsNTYuMDY4MDYsMTc1LjAzNSwxNzUuMDM1LDAsMCwwLDE0LjYyNDM1LDE1LjcyODI1LDQ4NS4yMjExNyw0ODUuMjIxMTcsMCwwLDAsOTAuNjEzMjYtNjQuNTE4OTVDMTk5LjA2NTQyLDE5Ni40MTY4MiwyNTQuMjY4MjYsMTI4Ljc5ODg3LDI3Ny4xNTA4MiwzNC44OTg4MVoiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0zMzYuMTM0MDUsMTMzLjIwMDIxYzIuNTE3MzctNC40ODYxMyw0Ljg5Mjc2LTkuMDA2MTcsNy4yMDMtMTMuNTQxMzdBMTczLjI1NTE3LDE3My4yNTUxNywwLDAsMCwzMjMuNjQxNTQsODEuMjQ4MSwzODYuMDQ3MywzODYuMDQ3MywwLDAsMSwzMDIuMDc2NjYsMTI5LjM2OWMtMjUuNTEzNzgsNDcuOTM0ODctNjEuMjcxMyw5MS44NDgzMi0xMDYuMjc3MTEsMTMwLjUyMDgzQTUzMy40ODk2Niw1MzMuNDg5NjYsMCwwLDEsOTMuMTcyLDMyOS4wMzE2MXE3LjA2MTUxLDQuMTAxNiwxNC41MjQ1OCw3LjU0NGE1NTAuMDcyMDUsNTUwLjA3MjA1LDAsMCwwLDExNy45Ni03NC4xNzkyN0MyNzIuNDI3MSwyMjMuOTYzNTgsMzA5LjU5NjMsMTgwLjQ5NTU0LDMzNi4xMzQwNSwxMzMuMjAwMjFaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMTg2LjkzNzg4LDUuMzQwMzZjLTIuMjc3MDctLjA4OTEyLTQuNTU1NDEtLjE3MzkxLTYuODUzOTUtLjE3MzkxLTk1Ljc0NDcsMC0xNzMuNjM5NTksNzcuODk3MDYtMTczLjYzOTU5LDE3My42Mzk2YTE3Mi41MzM5NCwxNzIuNTMzOTQsMCwwLDAsMjAuMjg4MzQsODEuMzMzMjMsNDI3Ljk2NDczLDQyNy45NjQ3MywwLDAsMCw0OS42OTY1MS00My4wMTc5MkMxMTkuMzY5NzMsMTczLjY4Njg4LDE2OC44ODQzOSwxMDQuMzc1MjksMTg2LjkzNzg4LDUuMzQwMzZaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMzQ4Ljc4NjU3LDE0MC4yOTk4N2MtMjcuNDIyNDYsNDguODczMzMtNjUuNzQ5ODUsOTMuNzI0NTMtMTEzLjkxNzgsMTMzLjMwNjQ2QTU3MS4zMjU2Niw1NzEuMzI1NjYsMCwwLDEsMTI2LjExOSwzNDMuODE2NTJhMTcyLjg4MDA3LDE3Mi44ODAwNywwLDAsMCw1My45NjQ4OSw4LjYyOTEzYzk1Ljc0NDM1LDAsMTczLjYzOTYtNzcuODk2ODgsMTczLjYzOTYtMTczLjYzOTZBMTczLjM3NTE4LDE3My4zNzUxOCwwLDAsMCwzNDkuMTkxLDEzOS41NDJDMzQ5LjA1MDg2LDEzOS43OTMyOSwzNDguOTI3NDcsMTQwLjA0ODc1LDM0OC43ODY1NywxNDAuMjk5ODdaIi8+PC9zdmc+ longDescription: An Envoy-based ingress controller that supports dynamic configuration updates and multi-team ingress delegation. See https://projectcontour.io for more information. maintainers: - name: Steve Kriss - name: Sunjay Bhatia providerName: VMware shortDescription: An ingress controller supportDescription: Support provided by VMware for deployment on Tanzu clusters. Best-effort support for deployment on any conformant Kubernetes cluster. Contact support by opening a support request via VMware Cloud Services or my.vmware.com.