Release v0.38.0

[skip ci]
ory · Dec 12, 2023 · d3ffdad · d3ffdad
1 parent e5b2ccb
commit d3ffdad
Show file tree

Hide file tree

Showing 31 changed files with 1,297 additions and 1,107 deletions.
diff --git a/docs/helm/charts/example-idp-0.38.0.tgz b/docs/helm/charts/example-idp-0.38.0.tgz
diff --git a/docs/helm/charts/hydra-0.38.0.tgz b/docs/helm/charts/hydra-0.38.0.tgz
diff --git a/docs/helm/charts/hydra-maester-0.38.0.tgz b/docs/helm/charts/hydra-maester-0.38.0.tgz
diff --git a/docs/helm/charts/index.yaml b/docs/helm/charts/index.yaml
diff --git a/docs/helm/charts/keto-0.38.0.tgz b/docs/helm/charts/keto-0.38.0.tgz
diff --git a/docs/helm/charts/kratos-0.38.0.tgz b/docs/helm/charts/kratos-0.38.0.tgz
diff --git a/docs/helm/charts/kratos-selfservice-ui-node-0.38.0.tgz b/docs/helm/charts/kratos-selfservice-ui-node-0.38.0.tgz
diff --git a/docs/helm/charts/oathkeeper-0.38.0.tgz b/docs/helm/charts/oathkeeper-0.38.0.tgz
diff --git a/docs/helm/charts/oathkeeper-maester-0.38.0.tgz b/docs/helm/charts/oathkeeper-maester-0.38.0.tgz
diff --git a/helm/charts/example-idp/Chart.yaml b/helm/charts/example-idp/Chart.yaml
@@ -4,5 +4,5 @@ description:
   A Helm chart for deploying the reference implementation for the User Login and
   Consent Flow in Kubernetes
 name: example-idp
-version: 0.37.1
+version: 0.38.0
 type: application
diff --git a/helm/charts/example-idp/README.md b/helm/charts/example-idp/README.md
@@ -1,6 +1,6 @@
 # example-idp
 
-![Version: 0.37.1](https://img.shields.io/badge/Version-0.37.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.6](https://img.shields.io/badge/AppVersion-1.4.6-informational?style=flat-square)
+![Version: 0.38.0](https://img.shields.io/badge/Version-0.38.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.6](https://img.shields.io/badge/AppVersion-1.4.6-informational?style=flat-square)
 
 A Helm chart for deploying the reference implementation for the User Login and Consent Flow in Kubernetes
 

diff --git a/helm/charts/hydra-maester/Chart.yaml b/helm/charts/hydra-maester/Chart.yaml
@@ -3,5 +3,5 @@ appVersion: "v0.0.29"
 description: A Helm chart for Kubernetes
 name: hydra-maester
 icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-hydra.svg
-version: 0.37.1
+version: 0.38.0
 type: application
diff --git a/helm/charts/hydra-maester/README.md b/helm/charts/hydra-maester/README.md
@@ -1,6 +1,6 @@
 # hydra-maester
 
-![Version: 0.37.1](https://img.shields.io/badge/Version-0.37.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.29](https://img.shields.io/badge/AppVersion-v0.0.29-informational?style=flat-square)
+![Version: 0.38.0](https://img.shields.io/badge/Version-0.38.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.29](https://img.shields.io/badge/AppVersion-v0.0.29-informational?style=flat-square)
 
 A Helm chart for Kubernetes
 
@@ -28,8 +28,24 @@ A Helm chart for Kubernetes
 | deployment.podMetadata | object | `{"annotations":{},"labels":{}}` | Specify pod metadata, this metadata is added directly to the pod, and not higher objects |
 | deployment.podMetadata.annotations | object | `{}` | Extra pod level annotations |
 | deployment.podMetadata.labels | object | `{}` | Extra pod level labels |
+| deployment.podSecurityContext.fsGroup | int | `65534` |  |
+| deployment.podSecurityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` |  |
+| deployment.podSecurityContext.runAsGroup | int | `65534` |  |
+| deployment.podSecurityContext.runAsNonRoot | bool | `true` |  |
+| deployment.podSecurityContext.runAsUser | int | `65534` |  |
+| deployment.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
+| deployment.podSecurityContext.supplementalGroups | list | `[]` |  |
+| deployment.podSecurityContext.sysctls | list | `[]` |  |
 | deployment.resources | object | `{}` |  |
-| deployment.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | Default security context |
+| deployment.securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| deployment.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| deployment.securityContext.privileged | bool | `false` |  |
+| deployment.securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| deployment.securityContext.runAsGroup | int | `65534` |  |
+| deployment.securityContext.runAsNonRoot | bool | `true` |  |
+| deployment.securityContext.runAsUser | int | `65534` |  |
+| deployment.securityContext.seLinuxOptions.level | string | `"s0:c123,c456"` |  |
+| deployment.securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | deployment.serviceAccount | object | `{"annotations":{}}` | Configure service account |
 | deployment.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | deployment.tolerations | list | `[]` | Configure node tolerations. |
@@ -40,7 +56,7 @@ A Helm chart for Kubernetes
 | image.repository | string | `"oryd/hydra-maester"` | Ory Hydra-maester image |
 | image.tag | string | `"v0.0.32-amd64"` | Ory Hydra-maester version |
 | imagePullSecrets | list | `[]` | Image pull secrets |
-| pdb | object | `{"enabled":false,"spec":{"minAvailable":1}}` | PodDistributionBudget configuration |
+| pdb | object | `{"enabled":false,"spec":{"maxUnavailable":"","minAvailable":""}}` | PodDistributionBudget configuration |
 | priorityClassName | string | `""` | Pod priority # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ |
 | replicaCount | int | `1` | Number of replicas in deployment |
 | revisionHistoryLimit | int | `5` | Number of revisions kept in history |

diff --git a/helm/charts/hydra/Chart.lock b/helm/charts/hydra/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: hydra-maester
   repository: file://../hydra-maester
-  version: 0.37.1
-digest: sha256:039419857cbab9ae9bd92f8fdf5735729f57b2f670f96e401787f01e008656c6
-generated: "2023-12-01T14:05:18.381047248Z"
+  version: 0.38.0
+digest: sha256:582e27be4271456be4eff978612c55e6a597679a9b2c3e45fb883b07e38c8ed4
+generated: "2023-12-12T13:00:00.081691663Z"
diff --git a/helm/charts/hydra/Chart.yaml b/helm/charts/hydra/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: "v2.1.2"
 description: A Helm chart for deploying ORY Hydra in Kubernetes
 name: hydra
 icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-hydra.svg
-version: 0.37.1
+version: 0.38.0
 keywords:
   - oauth2
   - openid-connect
@@ -23,7 +23,7 @@ maintainers: # (optional)
 type: application
 dependencies:
   - name: hydra-maester
-    version: 0.37.1
+    version: 0.38.0
     condition: maester.enabled
     alias: hydra-maester
     repository: file://../hydra-maester

diff --git a/helm/charts/hydra/README.md b/helm/charts/hydra/README.md
@@ -1,6 +1,6 @@
 # hydra
 
-![Version: 0.37.1](https://img.shields.io/badge/Version-0.37.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.1.2](https://img.shields.io/badge/AppVersion-v2.1.2-informational?style=flat-square)
+![Version: 0.38.0](https://img.shields.io/badge/Version-0.38.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.1.2](https://img.shields.io/badge/AppVersion-v2.1.2-informational?style=flat-square)
 
 A Helm chart for deploying ORY Hydra in Kubernetes
 
@@ -21,7 +21,7 @@ A Helm chart for deploying ORY Hydra in Kubernetes
 
 | Repository | Name | Version |
 |------------|------|---------|
-| file://../hydra-maester | hydra-maester(hydra-maester) | 0.37.1 |
+| file://../hydra-maester | hydra-maester(hydra-maester) | 0.38.0 |
 
 ## Values
 
@@ -72,16 +72,25 @@ A Helm chart for deploying ORY Hydra in Kubernetes
 | deployment.podMetadata | object | `{"annotations":{},"labels":{}}` | Specify pod metadata, this metadata is added directly to the pod, and not higher objects |
 | deployment.podMetadata.annotations | object | `{}` | Extra pod level annotations |
 | deployment.podMetadata.labels | object | `{}` | Extra pod level labels |
-| deployment.podSecurityContext | object | `{}` |  |
+| deployment.podSecurityContext.fsGroup | int | `65534` |  |
+| deployment.podSecurityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` |  |
+| deployment.podSecurityContext.runAsGroup | int | `65534` |  |
+| deployment.podSecurityContext.runAsNonRoot | bool | `true` |  |
+| deployment.podSecurityContext.runAsUser | int | `65534` |  |
+| deployment.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
+| deployment.podSecurityContext.supplementalGroups | list | `[]` |  |
+| deployment.podSecurityContext.sysctls | list | `[]` |  |
 | deployment.readinessProbe | object | `{"failureThreshold":5,"initialDelaySeconds":5,"periodSeconds":10}` | Default probe timers |
 | deployment.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user.  This also increases chances charts run on environments with little  resources, such as Minikube. If you do want to specify resources, uncomment the following  lines, adjust them as necessary, and remove the curly braces after 'resources:'.  limits:    cpu: 100m    memory: 128Mi  requests:    cpu: 100m  memory: 128Mi |
 | deployment.revisionHistoryLimit | int | `5` | Number of revisions kept in history |
 | deployment.securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | deployment.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | deployment.securityContext.privileged | bool | `false` |  |
 | deployment.securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| deployment.securityContext.runAsGroup | int | `65534` |  |
 | deployment.securityContext.runAsNonRoot | bool | `true` |  |
-| deployment.securityContext.runAsUser | int | `100` |  |
+| deployment.securityContext.runAsUser | int | `65534` |  |
+| deployment.securityContext.seLinuxOptions.level | string | `"s0:c123,c456"` |  |
 | deployment.securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | deployment.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Specify the serviceAccountName value. In some situations it is needed to provides specific permissions to Hydra deployments Like for example installing Hydra on a cluster with a PosSecurityPolicy and Istio. Uncoment if it is needed to provide a ServiceAccount for the Hydra deployment. |
 | deployment.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
@@ -143,7 +152,7 @@ A Helm chart for deploying ORY Hydra in Kubernetes
 | job.tolerations | list | `[]` | Configure node tolerations. |
 | maester | object | `{"enabled":true}` | Configures controller setup |
 | nameOverride | string | `""` |  |
-| pdb | object | `{"enabled":false,"spec":{"minAvailable":1}}` | PodDistributionBudget configuration |
+| pdb | object | `{"enabled":false,"spec":{"maxUnavailable":"","minAvailable":""}}` | PodDistributionBudget configuration |
 | priorityClassName | string | `""` | Pod priority https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ |
 | replicaCount | int | `1` | Number of ORY Hydra members |
 | secret.enabled | bool | `true` | switch to false to prevent creating the secret |

diff --git a/helm/charts/hydra/charts/hydra-maester-0.37.1.tgz b/helm/charts/hydra/charts/hydra-maester-0.37.1.tgz
diff --git a/helm/charts/hydra/charts/hydra-maester-0.38.0.tgz b/helm/charts/hydra/charts/hydra-maester-0.38.0.tgz
diff --git a/helm/charts/keto/Chart.yaml b/helm/charts/keto/Chart.yaml
@@ -21,7 +21,7 @@ maintainers:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.37.1
+version: 0.38.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

diff --git a/helm/charts/keto/README.md b/helm/charts/keto/README.md
@@ -1,6 +1,6 @@
 # keto
 
-![Version: 0.37.1](https://img.shields.io/badge/Version-0.37.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.11.1](https://img.shields.io/badge/AppVersion-v0.11.1-informational?style=flat-square)
+![Version: 0.38.0](https://img.shields.io/badge/Version-0.38.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.11.1](https://img.shields.io/badge/AppVersion-v0.11.1-informational?style=flat-square)
 
 Access Control Policies as a Server
 
@@ -83,15 +83,31 @@ Access Control Policies as a Server
 | keto.config | object | `{"dsn":"memory","namespaces":[{"id":0,"name":"sample"}],"serve":{"metrics":{"port":4468},"read":{"port":4466},"write":{"port":4467}}}` | Direct keto config. Full documentation can be found in https://www.ory.sh/keto/docs/reference/configuration |
 | keto.customArgs | list | `[]` | Ability to override arguments of the entrypoint. Can be used in-depended of customCommand |
 | nameOverride | string | `""` |  |
-| pdb | object | `{"enabled":false,"spec":{"minAvailable":1}}` | PodDistributionBudget configuration |
+| pdb | object | `{"enabled":false,"spec":{"maxUnavailable":"","minAvailable":""}}` | PodDistributionBudget configuration |
+| podSecurityContext.fsGroup | int | `65534` |  |
+| podSecurityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` |  |
+| podSecurityContext.runAsGroup | int | `65534` |  |
+| podSecurityContext.runAsNonRoot | bool | `true` |  |
+| podSecurityContext.runAsUser | int | `65534` |  |
+| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
+| podSecurityContext.supplementalGroups | list | `[]` |  |
+| podSecurityContext.sysctls | list | `[]` |  |
 | priorityClassName | string | `""` | Pod priority https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ |
 | replicaCount | int | `1` | Number of replicas in deployment |
 | secret | object | `{"enabled":true,"hashSumEnabled":true,"nameOverride":"","secretAnnotations":{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation","helm.sh/hook-weight":"0","helm.sh/resource-policy":"keep"}}` | Secret management |
 | secret.enabled | bool | `true` | Switch to false to prevent creating the secret |
 | secret.hashSumEnabled | bool | `true` | switch to false to prevent checksum annotations being maintained and propogated to the pods |
 | secret.nameOverride | string | `""` | Provide custom name of existing secret, or custom name of secret to be created |
 | secret.secretAnnotations | object | `{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation","helm.sh/hook-weight":"0","helm.sh/resource-policy":"keep"}` | Annotations to be added to secret. Annotations are added only when secret is being created. Existing secret will not be modified. |
-| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":100,"seccompProfile":{"type":"RuntimeDefault"}}` | Default security context configuration |
+| securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.privileged | bool | `false` |  |
+| securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| securityContext.runAsGroup | int | `65534` |  |
+| securityContext.runAsNonRoot | bool | `true` |  |
+| securityContext.runAsUser | int | `65534` |  |
+| securityContext.seLinuxOptions.level | string | `"s0:c123,c456"` |  |
+| securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | service | object | `{"metrics":{"annotations":{},"enabled":false,"loadBalancerIP":"","name":"http-metrics","port":80,"type":"ClusterIP"},"read":{"appProtocol":"grpc","enabled":true,"loadBalancerIP":"","name":"grpc-read","port":80,"type":"ClusterIP"},"write":{"appProtocol":"grpc","enabled":true,"loadBalancerIP":"","name":"grpc-write","port":80,"type":"ClusterIP"}}` | Service configurations |
 | service.metrics | object | `{"annotations":{},"enabled":false,"loadBalancerIP":"","name":"http-metrics","port":80,"type":"ClusterIP"}` | Metrics service |
 | service.metrics.loadBalancerIP | string | `""` | The load balancer IP |

diff --git a/helm/charts/kratos-selfservice-ui-node/Chart.yaml b/helm/charts/kratos-selfservice-ui-node/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 appVersion: "v0.13.0-4"
 description: A Helm chart for ORY Kratos's example ui for Kubernetes
 name: kratos-selfservice-ui-node
-version: 0.37.1
+version: 0.38.0
 type: application
diff --git a/helm/charts/kratos-selfservice-ui-node/README.md b/helm/charts/kratos-selfservice-ui-node/README.md
@@ -1,6 +1,6 @@
 # kratos-selfservice-ui-node
 
-![Version: 0.37.1](https://img.shields.io/badge/Version-0.37.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0-4](https://img.shields.io/badge/AppVersion-v0.13.0--4-informational?style=flat-square)
+![Version: 0.38.0](https://img.shields.io/badge/Version-0.38.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0-4](https://img.shields.io/badge/AppVersion-v0.13.0--4-informational?style=flat-square)
 
 A Helm chart for ORY Kratos's example ui for Kubernetes
 
@@ -10,6 +10,7 @@ A Helm chart for ORY Kratos's example ui for Kubernetes
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
 | basePath | string | `""` | The basePath |
+| config | object | `{"csrfCookieName":"","secrets":{}}` | Application config |
 | deployment | object | `{"annotations":{},"automountServiceAccountToken":false,"dnsConfig":{},"extraEnv":[],"extraVolumeMounts":[],"extraVolumes":[],"labels":{},"nodeSelector":{},"resources":{},"tolerations":[],"topologySpreadConstraints":[]}` | Deployment configuration |
 | deployment.dnsConfig | object | `{}` | Configure pod dnsConfig. |
 | deployment.extraEnv | list | `[]` | Array of extra envs to be passed to the deployment. Kubernetes format is expected - name: FOO   value: BAR |
@@ -18,19 +19,24 @@ A Helm chart for ORY Kratos's example ui for Kubernetes
 | deployment.tolerations | list | `[]` | Configure node tolerations. |
 | deployment.topologySpreadConstraints | list | `[]` | Configure pod topologySpreadConstraints. |
 | fullnameOverride | string | `""` |  |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"oryd/kratos-selfservice-ui-node","tag":"v0.13.0-4"}` | Deployment image settings |
-| image.tag | string | `"v0.13.0-4"` | ORY KRATOS VERSION |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"oryd/kratos-selfservice-ui-node","tag":"v0.13.0-20"}` | Deployment image settings |
+| image.tag | string | `"v0.13.0-20"` | ORY KRATOS VERSION |
 | imagePullSecrets | list | `[]` |  |
 | ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configration |
 | jwksUrl | string | `"http://oathkeeper-api"` | The jwksUrl |
 | kratosAdminUrl | string | `"http://kratos-admin"` | Set this to ORY Kratos's Admin URL |
 | kratosBrowserUrl | string | `"http://kratos-browserui"` | Set this to ORY Kratos's public URL accessible from the outside world. |
 | kratosPublicUrl | string | `"http://kratos-public"` | Set this to ORY Kratos's public URL |
 | nameOverride | string | `""` |  |
+| podSecurityContext | object | `{"fsGroup":10000,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":10000,"runAsNonRoot":true,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"},"supplementalGroups":[],"sysctls":[]}` | Pod level security context |
 | projectName | string | `"SecureApp"` |  |
 | replicaCount | int | `1` | Number of replicas in deployment |
 | revisionHistoryLimit | int | `5` | Number of revisions kept in history |
-| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"}}` | Deployment level securityContext |
+| secret.enabled | bool | `true` | switch to false to prevent creating the secret |
+| secret.hashSumEnabled | bool | `true` | switch to false to prevent checksum annotations being maintained and propogated to the pods |
+| secret.nameOverride | string | `""` | Provide custom name of existing secret, or custom name of secret to be created |
+| secret.secretAnnotations | object | `{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation","helm.sh/hook-weight":"0","helm.sh/resource-policy":"keep"}` | Annotations to be added to secret. Annotations are added only when secret is being created. Existing secret will not be modified. |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":false,"runAsGroup":10000,"runAsNonRoot":true,"runAsUser":10000,"seLinuxOptions":{"level":"s0:c123,c456"},"seccompProfile":{"type":"RuntimeDefault"}}` | Container level security context |
 | service | object | `{"loadBalancerIP":"","name":"http","port":80,"type":"ClusterIP"}` | Service configuration |
 | service.loadBalancerIP | string | `""` | The load balancer IP |
 | service.name | string | `"http"` | The service port name. Useful to set a custom service port name if it must follow a scheme (e.g. Istio) |