maintain helm chart test.yaml file (#2872)

Signed-off-by: BobDu <i@bobdu.cc> Signed-off-by: BobDu <i@bobdu.cc>

Author: BobDu

helm/aws-load-balancer-controller/.helmignore

@@ -22,3 +22,4 @@
 *.tmproj
 .vscode/
 crds/kustomization.yaml
+test.yaml

helm/aws-load-balancer-controller/test.yaml

@@ -6,16 +6,13 @@ replicaCount: 2
 
 image:
  repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller
- tag: v2.2.0
+ tag: v2.4.4
  pullPolicy: IfNotPresent
 
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
-# The name of the Kubernetes cluster. A non-empty value is required
-clusterName: test-cluster
-
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
@@ -26,6 +23,9 @@ serviceAccount:
  name:
  # Automount API credentials for a Service Account.
  automountServiceAccountToken: true
+ # List of image pull secrets to add to the Service Account.
+ imagePullSecrets:
+ # - name: docker
 
 rbac:
  # Specifies whether rbac resources should be created
@@ -61,30 +61,70 @@ nodeSelector: {}
 
 tolerations: []
 
+# affinity specifies a custom affinity for the controller pods
 affinity: {}
 
+# configureDefaultAffinity specifies whether to configure a default affinity for the controller pods to prevent
+# co-location on the same node. This will get ignored if you specify a custom affinity configuration.
+configureDefaultAffinity: true
+
 # topologySpreadConstraints is a stable feature of k8s v1.19 which provides the ability to
 # control how Pods are spread across your cluster among failure-domains such as regions, zones,
 # nodes, and other user-defined topology domains.
-# 
+#
 # more details here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 topologySpreadConstraints: {}
 
+updateStrategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+
+# serviceAnnotations contains annotations to be added to the provisioned webhook service resource
+serviceAnnotations: {}
+
+# deploymentAnnotations contains annotations for the controller deployment
 deploymentAnnotations: {}
 
 podAnnotations: {}
 
 podLabels: {}
 
+# additionalLabels -- Labels to add to each object of the chart.
 additionalLabels: {}
 
 # Enable cert-manager
 enableCertManager: false
 
+# The name of the Kubernetes cluster. A non-empty value is required
+clusterName: test-cluster
+
+# cluster contains configurations specific to the kubernetes cluster
+cluster:
+ # Cluster DNS domain (required for requesting TLS certificates)
+ dnsDomain: cluster.local
+
 # The ingress class this controller will satisfy. If not specified, controller will match all
 # ingresses without ingress class annotation and ingresses of type alb
 ingressClass: alb
 
+# ingressClassParams specify the IngressCLassParams that enforce settings for a set of Ingresses when using with ingress Controller.
+ingressClassParams:
+ create: true
+ # The name of ingressClassParams resource will be referred in ingressClass
+ name:
+ spec: {}
+ # You always can set specifications in `helm install` command through `--set` or `--set-string`
+ # If you do want to specify specifications in values.yaml, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'spec:'.
+ # namespaceSelector:
+ # matchLabels:
+ # group:
+ # scheme:
+ # ipAddressType:
+ # tags:
+
 # To use IngressClass resource instead of annotation, before you need to install the IngressClass resource pointing to controller.
 # If specified as true, the IngressClass resource will be created.
 createIngressClassResource: true
@@ -95,9 +135,19 @@ region:
 # The VPC ID for the Kubernetes cluster. Set this manually when your pods are unable to use the metadata service to determine this automatically
 vpcId:
 
+# Custom AWS API Endpoints (serviceID1=URL1,serviceID2=URL2)
+awsApiEndpoints:
+
+# awsApiThrottle specifies custom AWS API throttle settings (serviceID1:operationRegex1=rate:burst,serviceID2:operationRegex2=rate:burst)
+# example: --set awsApiThrottle="{Elastic Load Balancing v2:RegisterTargets|DeregisterTargets=4:20,Elastic Load Balancing v2:.*=10:40}"
+awsApiThrottle:
+
 # Maximum retries for AWS APIs (default 10)
 awsMaxRetries:
 
+
+
+
 # If enabled, targetHealth readiness gate will get injected to the pod spec for the matching endpoint pods (default true)
 enablePodReadinessGateInject:
 
@@ -122,12 +172,31 @@ metricsBindAddr: ""
 # The TCP port the Webhook server binds to. (default 9443)
 webhookBindPort:
 
+# webhookTLS specifies TLS cert/key for the webhook
+webhookTLS:
+ caCert:
+ cert:
+ key:
+
+# array of namespace selectors for the webhook
+webhookNamespaceSelectors:
+ - key: elbv2.k8s.aws/pod-readiness-gate-inject
+ operator: In
+ values:
+ - enabled
+
+# keepTLSSecret specifies whether to reuse existing TLS secret for chart upgrade
+keepTLSSecret: true
+
 # Maximum number of concurrently running reconcile loops for service (default 3)
 serviceMaxConcurrentReconciles:
 
 # Maximum number of concurrently running reconcile loops for targetGroupBinding
 targetgroupbindingMaxConcurrentReconciles:
 
+# Maximum duration of exponential backoff for targetGroupBinding reconcile failures
+targetgroupbindingMaxExponentialBackoffDelay:
+
 # Period at which the controller forces the repopulation of its local object stores. (default 1h0m0s)
 syncPeriod:
 
@@ -157,6 +226,8 @@ livenessProbe:
 # We strongly discourage programming access credentials in the controller environment. You should setup IRSA or
 # comparable solutions like kube2iam, kiam etc instead.
 env:
+# ENV_1: ""
+# ENV_2: ""
 
 # Specifies if aws-load-balancer-controller should be started in hostNetwork mode.
 #
@@ -174,20 +245,20 @@ dnsPolicy:
 
 # extraVolumeMounts are the additional volume mounts. This enables setting up IRSA on non-EKS Kubernetes cluster
 extraVolumeMounts:
-  - name: aws-iam-token
-  mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
-  readOnly: true
+ - name: aws-iam-token
+ mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
+ readOnly: true
 
 # extraVolumes for the extraVolumeMounts. Useful to mount a projected service account token for example.
 extraVolumes:
-  - name: aws-iam-token
-  projected:
-  defaultMode: 420
-  sources:
- - serviceAccountToken:
- audience: sts.amazonaws.com
- expirationSeconds: 86400
- path: token
+ - name: aws-iam-token
+ projected:
+ defaultMode: 420
+ sources:
+  - serviceAccountToken:
+  audience: sts.amazonaws.com
+  expirationSeconds: 86400
+  path: token
 
 # defaultTags are the tags to apply to all AWS resources managed by this controller
 defaultTags:
@@ -201,3 +272,55 @@ podDisruptionBudget:
 
 # externalManagedTags is the list of tag keys on AWS resources that will be managed externally
 externalManagedTags: []
+
+# enableEndpointSlices enables k8s EndpointSlices for IP targets instead of Endpoints (default false)
+enableEndpointSlices:
+
+# enableBackendSecurityGroup enables shared security group for backend traffic (default true)
+enableBackendSecurityGroup:
+
+# backendSecurityGroup specifies backend security group id (default controller auto create backend security group)
+backendSecurityGroup:
+
+# disableRestrictedSecurityGroupRules specifies whether to disable creating port-range restricted security group rules for traffic
+disableRestrictedSecurityGroupRules:
+
+# controllerConfig specifies controller configuration
+controllerConfig:
+ # featureGates set of key: value pairs that describe AWS load balance controller features
+ featureGates: {}
+ # ServiceTypeLoadBalancerOnly: true
+ # EndpointsFailOpen: true
+
+# objectSelector for webhook
+objectSelector:
+ matchExpressions:
+ # - key: <key>
+ # operator: <operator>
+ # values:
+ # - <value>
+ matchLabels:
+ # key: value
+
+serviceMonitor:
+ # Specifies whether a service monitor should be created
+ enabled: false
+ # Labels to add to the service account
+ additionalLabels: {}
+ # Prometheus scrape interval
+ interval: 1m
+ # Namespace to create the service monitor in
+ namespace:
+
+# clusterSecretsPermissions lets you configure RBAC permissions for secret resources
+# Access to secrets resource is required only if you use the OIDC feature, and instead of
+# enabling access to all secrets, we recommend configuring namespaced role/rolebinding.
+# This option is for backwards compatibility only, and will potentially be deprecated in future.
+clusterSecretsPermissions:
+ # allowAllSecrets allows the controller to access all secrets in the cluster.
+ # This is to get backwards compatible behavior, but *NOT* recommended for security reasons
+ allowAllSecrets: false
+
+# ingressClassConfig contains configurations specific to the ingress class
+ingressClassConfig:
+ default: false