Merge pull request #71 from signadot/base-for-v0.19.2

Base for release v0.19.2

Author: foxish

signadot/operator/Chart.yaml

@@ -6,10 +6,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "0.19.1"
+version: "0.19.2"
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.19.1"
+appVersion: "0.19.2"

signadot/operator/README.md

@@ -5,12 +5,14 @@ cluster config template
 {{- define "compileClusterConfig" -}}
 {{- $allowedNamespaces := (include "getAllowedNamespaces" . | fromJsonArray) -}}
 allowedNamespaces: {{ if gt (len $allowedNamespaces) 0 }}{{ printf "\n" }}{{ toYaml $allowedNamespaces | indent 2}}{{- else -}}[]{{- end }}
+allowOrphanedResources: {{ if hasKey .Values "allowOrphanedResources" -}}{{ toString .Values.allowOrphanedResources }}{{- else -}}false{{- end }}
 routing:
   istio:
     enabled: {{ if and (hasKey .Values "istio") (hasKey .Values.istio "enabled") -}}{{ toString .Values.istio.enabled }}{{- else -}}false{{- end }}
     enableHostRouting: {{ if and (hasKey .Values "istio") (hasKey .Values.istio "enableDeprecatedHostRouting") -}}{{ toString .Values.istio.enableDeprecatedHostRouting }}{{- else -}}false{{- end }}
   linkerd:
     enabled: {{ if and (hasKey .Values "linkerd") (hasKey .Values.linkerd "enabled") -}}{{ toString .Values.linkerd.enabled }}{{- else -}}false{{- end }}
+  iptablesMode: {{ if and (hasKey .Values "routing") (hasKey .Values.routing "iptablesMode") -}}{{ .Values.routing.iptablesMode }}{{- else -}}legacy{{- end }}
   customHeaders: {{ with .Values }}{{ with .routing }}{{ with .customHeaders }}{{ printf "\n" }}{{ toYaml . | indent 4}}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}
 sandboxTrafficManager:
   enabled: {{ if and (hasKey .Values "sandboxTrafficManager") (hasKey .Values.sandboxTrafficManager "enabled") -}}{{ toString .Values.sandboxTrafficManager.enabled }}{{- else -}}true{{- end }}

signadot/operator/templates/_helpers.tpl

@@ -22,6 +22,8 @@ spec:
   selector:
     matchLabels:
       app: signadot-agent
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -59,7 +61,7 @@ spec:
             secretKeyRef:
               key: token
               name: cluster-agent
-        image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v0.19.1{{- end }}{{- else -}}signadot/agent:v0.19.1{{- end }}{{- else -}}signadot/agent:v0.19.1{{- end }}
+        image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v0.19.2{{- end }}{{- else -}}signadot/agent:v0.19.2{{- end }}{{- else -}}signadot/agent:v0.19.2{{- end }}
         imagePullPolicy: {{ with .Values }}{{ with .agent }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
         livenessProbe:
           httpGet:
@@ -72,5 +74,9 @@ spec:
           httpGet:
             path: /healthz
             port: 8088
+{{- with .Values }}{{- with .agent }}{{- with .resources }}
+        resources:
+{{ toYaml . | indent 10 }}
+{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
       serviceAccountName: agent
 {{ end }}

signadot/operator/templates/agent-deployment.yaml

@@ -1,4 +1,5 @@
 # This file is generated. Do not edit.
+{{ if not .Values.disableAgent }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -28,3 +29,4 @@ spec:
   selector:
     app: signadot-agent
   type: ClusterIP
+{{ end }}

signadot/operator/templates/agent-metrics-service.yaml

@@ -17,3 +17,23 @@ subjects:
   name: signadot-controller-manager
   namespace: signadot
 {{ end }}
+{{ if not .Values.disableAgent }}
+# Bind the ClusterRole containing agent permissions to the agent's
+# ServiceAccount only in the specified namespaces.
+{{ range $namespace := $allowedNamespaces }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: signadot-agent-namespaced
+  namespace: {{ $namespace | quote }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: signadot-agent-namespaced
+subjects:
+- kind: ServiceAccount
+  name: agent
+  namespace: signadot
+{{ end }}
+{{ end }}

signadot/operator/templates/allowed_namespaces.yaml

@@ -71,6 +71,8 @@ spec:
                 - kind
                 - name
                 type: object
+              disableSandboxTrafficManager:
+                type: boolean
               patches:
                 description: List of patches to be applied to the baseline workload
                 items:

signadot/operator/templates/forkedworkloads.signadot.com-customresourcedefinition.yaml

@@ -40,9 +40,13 @@ spec:
         - /app/io-context-server
         - -tls=secretns=signadot
         - -port=8443
-        image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v0.19.1{{- end }}{{- else -}}signadot/io-context-server:v0.19.1{{- end }}{{- else -}}signadot/io-context-server:v0.19.1{{- end }}
+        image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v0.19.2{{- end }}{{- else -}}signadot/io-context-server:v0.19.2{{- end }}{{- else -}}signadot/io-context-server:v0.19.2{{- end }}
         imagePullPolicy: {{ with .Values }}{{ with .ioContextServer }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
         name: io-context-server
         ports:
         - containerPort: 8443
+{{- with .Values }}{{- with .ioContextServer }}{{- with .resources }}
+        resources:
+{{ toYaml . | indent 10 }}
+{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
       serviceAccountName: io-context-server

signadot/operator/templates/io-context-server-deployment.yaml

@@ -151,11 +151,16 @@ spec:
               trafficManager:
                 description: Traffic manager settings
                 properties:
+                  enabled:
+                    description: Explicitly enable traffic manager in runner pods
+                      for this job.
+                    type: boolean
                   injectRoutingKey:
                     default: Disabled
                     description: |-
                       Enable the automatic insertion of routing key headers for HTTP and gRPC
-                      (H2C) traffic
+                      (H2C) traffic. The "auto" value will overwrite the value of the Enabled
+                      field, setting it to true.
                     enum:
                     - Disabled
                     - Auto

signadot/operator/templates/jobs.signadot.com-customresourcedefinition.yaml

@@ -36,7 +36,7 @@ spec:
         {{- end }}
     spec:
       containers:
-      - image: {{ with .Values }}{{ with .routeServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-server:v0.19.1{{- end }}{{- else -}}signadot/route-server:v0.19.1{{- end }}{{- else -}}signadot/route-server:v0.19.1{{- end }}
+      - image: {{ with .Values }}{{ with .routeServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-server:v0.19.2{{- end }}{{- else -}}signadot/route-server:v0.19.2{{- end }}{{- else -}}signadot/route-server:v0.19.2{{- end }}
         imagePullPolicy: {{ with .Values }}{{ with .routeServer }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
         name: routeserver
         ports:
@@ -48,4 +48,8 @@ spec:
           name: http-legacy
         - containerPort: 9090
           name: http-metrics
+{{- with .Values }}{{- with .routeServer }}{{- with .resources }}
+        resources:
+{{ toYaml . | indent 10 }}
+{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
       serviceAccountName: routeserver

signadot/operator/templates/routeserver-deployment.yaml

@@ -38,51 +38,9 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - pods
-  - pods/log
-  - services
   - namespaces
   verbs:
   - get
   - list
   - watch
-- apiGroups:
-  - ""
-  - events.k8s.io
-  resources:
-  - events
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  - replicasets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - rollouts
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resourceNames:
-  - signadot-cluster-config
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
 {{ end }}

signadot/operator/templates/signadot-agent-clusterrole.yaml

@@ -0,0 +1,55 @@
+# This file is generated. Do not edit.
+{{ if not .Values.disableAgent }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    {{- range $key, $val := .Values.commonAnnotations }}
+    {{ $key | quote }}: {{ $val | quote }}
+    {{- end }}
+  labels:
+    {{- range $key, $val := .Values.commonLabels }}
+    {{ $key | quote }}: {{ $val | quote }}
+    {{- end }}
+  name: signadot-agent-namespaced
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - replicasets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - argoproj.io
+  resources:
+  - rollouts
+  verbs:
+  - get
+  - list
+  - watch
+{{ end }}

signadot/operator/templates/signadot-agent-namespaced-clusterrole.yaml

@@ -0,0 +1,23 @@
+# This file is generated. Do not edit.
+{{ if and (not .Values.allowedNamespaces) (not .Values.disableAgent) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    {{- range $key, $val := .Values.commonAnnotations }}
+    {{ $key | quote }}: {{ $val | quote }}
+    {{- end }}
+  labels:
+    {{- range $key, $val := .Values.commonLabels }}
+    {{ $key | quote }}: {{ $val | quote }}
+    {{- end }}
+  name: signadot-agent-namespaced
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: signadot-agent-namespaced
+subjects:
+- kind: ServiceAccount
+  name: agent
+  namespace: signadot
+{{ end }}

signadot/operator/templates/signadot-agent-namespaced-clusterrolebinding.yaml

@@ -0,0 +1,27 @@
+# This file is generated. Do not edit.
+{{ if not .Values.disableAgent }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    {{- range $key, $val := .Values.commonAnnotations }}
+    {{ $key | quote }}: {{ $val | quote }}
+    {{- end }}
+  labels:
+    {{- range $key, $val := .Values.commonLabels }}
+    {{ $key | quote }}: {{ $val | quote }}
+    {{- end }}
+  name: signadot-agent
+  namespace: signadot
+rules:
+- apiGroups:
+  - ""
+  resourceNames:
+  - signadot-cluster-config
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+{{ end }}

signadot/operator/templates/signadot-agent-role.yaml

@@ -0,0 +1,24 @@
+# This file is generated. Do not edit.
+{{ if not .Values.disableAgent }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    {{- range $key, $val := .Values.commonAnnotations }}
+    {{ $key | quote }}: {{ $val | quote }}
+    {{- end }}
+  labels:
+    {{- range $key, $val := .Values.commonLabels }}
+    {{ $key | quote }}: {{ $val | quote }}
+    {{- end }}
+  name: signadot-agent
+  namespace: signadot
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: signadot-agent
+subjects:
+- kind: ServiceAccount
+  name: agent
+  namespace: signadot
+{{ end }}

signadot/operator/templates/signadot-agent-rolebinding.yaml

@@ -81,26 +81,26 @@ spec:
         - name: SANDBOX_TRAFFICMANAGER_SIDECAR_IMAGE_PULL_SECRET
           value: {{ with .Values }}{{ with .sandboxTrafficManager }}{{ with .sidecar }}{{ with .imagePullSecret }}{{ . }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}
         - name: SIDECAR_INIT_IMAGE
-          value: {{ with .Values }}{{ with .routeInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar-init:v0.19.1{{- end }}{{- else -}}signadot/route-sidecar-init:v0.19.1{{- end }}{{- else -}}signadot/route-sidecar-init:v0.19.1{{- end }}
+          value: {{ with .Values }}{{ with .routeInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar-init:v0.19.2{{- end }}{{- else -}}signadot/route-sidecar-init:v0.19.2{{- end }}{{- else -}}signadot/route-sidecar-init:v0.19.2{{- end }}
         - name: LEGACY_SIDECAR_INIT_IMAGE
           value: {{ with .Values }}{{ with .routeInit }}{{ with .legacy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/sd-init-networking:latest{{- end }}{{- else -}}signadot/sd-init-networking:latest{{- end }}{{- else -}}signadot/sd-init-networking:latest{{- end }}{{- else -}}signadot/sd-init-networking:latest{{- end }}
         - name: ROUTE_SIDECAR_IMAGE
-          value: {{ with .Values }}{{ with .routeSidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar:v0.19.1{{- end }}{{- else -}}signadot/route-sidecar:v0.19.1{{- end }}{{- else -}}signadot/route-sidecar:v0.19.1{{- end }}
+          value: {{ with .Values }}{{ with .routeSidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar:v0.19.2{{- end }}{{- else -}}signadot/route-sidecar:v0.19.2{{- end }}{{- else -}}signadot/route-sidecar:v0.19.2{{- end }}
         - name: LEGACY_ROUTE_SIDECAR_IMAGE
-          value: {{ with .Values }}{{ with .routeSidecar }}{{ with .legacy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar-legacy:v0.19.1{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.19.1{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.19.1{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.19.1{{- end }}
+          value: {{ with .Values }}{{ with .routeSidecar }}{{ with .legacy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar-legacy:v0.19.2{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.19.2{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.19.2{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.19.2{{- end }}
         - name: IO_INIT_IMAGE
-          value: {{ with .Values }}{{ with .ioInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-init:v0.19.1{{- end }}{{- else -}}signadot/io-init:v0.19.1{{- end }}{{- else -}}signadot/io-init:v0.19.1{{- end }}
+          value: {{ with .Values }}{{ with .ioInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-init:v0.19.2{{- end }}{{- else -}}signadot/io-init:v0.19.2{{- end }}{{- else -}}signadot/io-init:v0.19.2{{- end }}
         - name: IO_SIDECAR_IMAGE
-          value: {{ with .Values }}{{ with .ioSidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-sidecar:v0.19.1{{- end }}{{- else -}}signadot/io-sidecar:v0.19.1{{- end }}{{- else -}}signadot/io-sidecar:v0.19.1{{- end }}
+          value: {{ with .Values }}{{ with .ioSidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-sidecar:v0.19.2{{- end }}{{- else -}}signadot/io-sidecar:v0.19.2{{- end }}{{- else -}}signadot/io-sidecar:v0.19.2{{- end }}
         - name: JOB_EXECUTOR_INIT_IMAGE
-          value: {{ with .Values }}{{ with .jobExecutorInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/job-executor-init:v0.19.1{{- end }}{{- else -}}signadot/job-executor-init:v0.19.1{{- end }}{{- else -}}signadot/job-executor-init:v0.19.1{{- end }}
+          value: {{ with .Values }}{{ with .jobExecutorInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/job-executor-init:v0.19.2{{- end }}{{- else -}}signadot/job-executor-init:v0.19.2{{- end }}{{- else -}}signadot/job-executor-init:v0.19.2{{- end }}
         - name: JOB_EXECUTOR_PROXY_IMAGE
-          value: {{ with .Values }}{{ with .jobExecutorProxy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/job-executor-proxy:v0.19.1{{- end }}{{- else -}}signadot/job-executor-proxy:v0.19.1{{- end }}{{- else -}}signadot/job-executor-proxy:v0.19.1{{- end }}
+          value: {{ with .Values }}{{ with .jobExecutorProxy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/job-executor-proxy:v0.19.2{{- end }}{{- else -}}signadot/job-executor-proxy:v0.19.2{{- end }}{{- else -}}signadot/job-executor-proxy:v0.19.2{{- end }}
         - name: SANDBOX_TRAFFICMANAGER_INIT_IMAGE
-          value: {{ with .Values }}{{ with .sandboxTrafficManager }}{{ with .init }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/sandbox-traffic-manager-init:v0.19.1{{- end }}{{- else -}}signadot/sandbox-traffic-manager-init:v0.19.1{{- end }}{{- else -}}signadot/sandbox-traffic-manager-init:v0.19.1{{- end }}{{- else -}}signadot/sandbox-traffic-manager-init:v0.19.1{{- end }}
+          value: {{ with .Values }}{{ with .sandboxTrafficManager }}{{ with .init }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/sandbox-traffic-manager-init:v0.19.2{{- end }}{{- else -}}signadot/sandbox-traffic-manager-init:v0.19.2{{- end }}{{- else -}}signadot/sandbox-traffic-manager-init:v0.19.2{{- end }}{{- else -}}signadot/sandbox-traffic-manager-init:v0.19.2{{- end }}
         - name: SANDBOX_TRAFFICMANAGER_SIDECAR_IMAGE
-          value: {{ with .Values }}{{ with .sandboxTrafficManager }}{{ with .sidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/sandbox-traffic-manager-sidecar:v0.19.1{{- end }}{{- else -}}signadot/sandbox-traffic-manager-sidecar:v0.19.1{{- end }}{{- else -}}signadot/sandbox-traffic-manager-sidecar:v0.19.1{{- end }}{{- else -}}signadot/sandbox-traffic-manager-sidecar:v0.19.1{{- end }}
-        image: {{ with .Values }}{{ with .operator }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/operator:v0.19.1{{- end }}{{- else -}}signadot/operator:v0.19.1{{- end }}{{- else -}}signadot/operator:v0.19.1{{- end }}
+          value: {{ with .Values }}{{ with .sandboxTrafficManager }}{{ with .sidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/sandbox-traffic-manager-sidecar:v0.19.2{{- end }}{{- else -}}signadot/sandbox-traffic-manager-sidecar:v0.19.2{{- end }}{{- else -}}signadot/sandbox-traffic-manager-sidecar:v0.19.2{{- end }}{{- else -}}signadot/sandbox-traffic-manager-sidecar:v0.19.2{{- end }}
+        image: {{ with .Values }}{{ with .operator }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/operator:v0.19.2{{- end }}{{- else -}}signadot/operator:v0.19.2{{- end }}{{- else -}}signadot/operator:v0.19.2{{- end }}
         imagePullPolicy: {{ with .Values }}{{ with .operator }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
         livenessProbe:
           httpGet:
@@ -119,13 +119,10 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           periodSeconds: 10
+{{- with .Values }}{{- with .operator }}{{- with .resources }}
         resources:
-          limits:
-            cpu: {{ with .Values }}{{ with .operator }}{{ with .cpu }}{{ . | quote}}{{- else -}}100m{{- end }}{{- else -}}100m{{- end }}{{- else -}}100m{{- end }}
-            memory: {{ with .Values }}{{ with .operator }}{{ with .memory }}{{ . | quote}}{{- else -}}512Mi{{- end }}{{- else -}}512Mi{{- end }}{{- else -}}512Mi{{- end }}
-          requests:
-            cpu: {{ with .Values }}{{ with .operator }}{{ with .cpu }}{{ . | quote}}{{- else -}}100m{{- end }}{{- else -}}100m{{- end }}{{- else -}}100m{{- end }}
-            memory: {{ with .Values }}{{ with .operator }}{{ with .memory }}{{ . | quote}}{{- else -}}512Mi{{- end }}{{- else -}}512Mi{{- end }}{{- else -}}512Mi{{- end }}
+{{ toYaml . | indent 10 }}
+{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
         securityContext:
           allowPrivilegeEscalation: false
         volumeMounts:

signadot/operator/templates/signadot-controller-manager-deployment.yaml

@@ -209,6 +209,8 @@ spec:
                       type: string
                     type: array
                 type: object
+              disableSandboxTrafficManager:
+                type: boolean
               externalWorkloads:
                 description: |-
                   This is the list of externally controlled workloads this sandbox will route