open-appsec helm chart update Mon Feb 12 17:56:07 IST 2024

build_system/charts/open-appsec-kong/ci/.chartsnap.yaml

@@ -0,0 +1,26 @@
+# It's a configuration file used by helm-chartsnap to ignore dynamically generated fields
+# when comparing the chart's snapshot with the rendered chart.
+# See https://github.com/jlandowner/helm-chartsnap?tab=readme-ov-file#handling-dynamic-values-.
+dynamicFields:
+  - apiVersion: v1
+    kind: Secret
+    name: chartsnap-postgresql
+    jsonPath:
+      - /data/postgres-password
+  - apiVersion: v1
+    kind: Secret
+    name: chartsnap-kong-validation-webhook-keypair
+    jsonPath:
+      - /data/tls.crt
+      - /data/tls.key
+  - apiVersion: v1
+    kind: Secret
+    name: chartsnap-kong-validation-webhook-ca-keypair
+    jsonPath:
+      - /data/tls.crt
+      - /data/tls.key
+  - apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    name: chartsnap-kong-validations
+    jsonPath:
+      - /webhooks/0/clientConfig/caBundle

build_system/charts/open-appsec-kong/ci/__snapshots__/admin-api-service-clusterip-values.snap

@@ -0,0 +1,371 @@
+[admin-api-service-clusterip-values]
+SnapShot = """
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    checksum/dbless.config: 626be043e4a43b0d55af934d06216254abe132b29af82450379439ecd927219a
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_DECLARATIVE_CONFIG
+                          value: /kong_dbless/kong.yml
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8444
+                          name: admin-tls
+                          protocol: TCP
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                        - mountPath: /kong_dbless/
+                          name: kong-custom-dbless-config-volume
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_DECLARATIVE_CONFIG
+                          value: /kong_dbless/kong.yml
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                        - mountPath: /kong_dbless/
+                          name: kong-custom-dbless-config-volume
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - configMap:
+                        name: chartsnap-kong-custom-dbless-config
+                      name: kong-custom-dbless-config-volume
+- object:
+    apiVersion: v1
+    data:
+        kong.yml: |
+            _format_version: \"1.1\"
+            services:
+            - name: example.com
+              url: http://example.com
+              routes:
+              - name: example
+                paths:
+                - \"/example\"
+    kind: ConfigMap
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-custom-dbless-config
+        namespace: default
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-admin
+        namespace: default
+    spec:
+        ports:
+            - name: kong-admin-tls
+              port: 8444
+              protocol: TCP
+              targetPort: 8444
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: ClusterIP
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/custom-labels-values.snap

@@ -0,0 +1,888 @@
+[custom-labels-values]
+SnapShot = """
+- object:
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validations
+        namespace: default
+    webhooks:
+        - admissionReviewVersions:
+            - v1beta1
+          clientConfig:
+            caBundle: '###DYNAMIC_FIELD###'
+            service:
+                name: chartsnap-kong-validation-webhook
+                namespace: default
+          failurePolicy: Ignore
+          name: validations.kong.konghq.com
+          objectSelector:
+            matchExpressions:
+                - key: owner
+                  operator: NotIn
+                  values:
+                    - helm
+          rules:
+            - apiGroups:
+                - configuration.konghq.com
+              apiVersions:
+                - '*'
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - kongconsumers
+                - kongplugins
+                - kongclusterplugins
+                - kongingresses
+            - apiGroups:
+                - \"\"
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - secrets
+                - services
+            - apiGroups:
+                - networking.k8s.io
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - ingresses
+            - apiGroups:
+                - gateway.networking.k8s.io
+              apiVersions:
+                - v1alpha2
+                - v1beta1
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - gateways
+                - httproutes
+          sideEffects: None
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    acme.com/some-key: some-value
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - args: null
+                      env:
+                        - name: POD_NAME
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.name
+                        - name: POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.namespace
+                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+                          value: 0.0.0.0:8080
+                        - name: CONTROLLER_ELECTION_ID
+                          value: kong-ingress-controller-leader-kong
+                        - name: CONTROLLER_INGRESS_CLASS
+                          value: kong
+                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+                          value: \"true\"
+                        - name: CONTROLLER_KONG_ADMIN_URL
+                          value: https://localhost:8444
+                        - name: CONTROLLER_PUBLISH_SERVICE
+                          value: default/chartsnap-kong-proxy
+                      image: kong/kubernetes-ingress-controller:3.0
+                      imagePullPolicy: IfNotPresent
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /healthz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: ingress-controller
+                      ports:
+                        - containerPort: 8080
+                          name: webhook
+                          protocol: TCP
+                        - containerPort: 10255
+                          name: cmetrics
+                          protocol: TCP
+                        - containerPort: 10254
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /readyz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /admission-webhook
+                          name: webhook-cert
+                          readOnly: true
+                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+                          name: chartsnap-kong-token
+                          readOnly: true
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - name: webhook-cert
+                      secret:
+                        secretName: chartsnap-kong-validation-webhook-keypair
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    rules:
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - nodes
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - pods
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - secrets
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - ingressclassparameterses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - discovery.k8s.io
+          resources:
+            - endpointslices
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - apiextensions.k8s.io
+          resources:
+            - customresourcedefinitions
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    rules:
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+            - pods
+            - secrets
+            - namespaces
+          verbs:
+            - get
+        - apiGroups:
+            - \"\"
+          resourceNames:
+            - kong-ingress-controller-leader-kong-kong
+          resources:
+            - configmaps
+          verbs:
+            - get
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+          verbs:
+            - create
+        - apiGroups:
+            - \"\"
+            - coordination.k8s.io
+          resources:
+            - configmaps
+            - leases
+          verbs:
+            - get
+            - list
+            - watch
+            - create
+            - update
+            - patch
+            - delete
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-ca-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    spec:
+        ports:
+            - name: webhook
+              port: 443
+              protocol: TCP
+              targetPort: webhook
+        selector:
+            acme.com/some-key: some-value
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            acme.com/some-key: some-value
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/default-values.snap

@@ -0,0 +1,880 @@
+[default-values]
+SnapShot = """
+- object:
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validations
+        namespace: default
+    webhooks:
+        - admissionReviewVersions:
+            - v1beta1
+          clientConfig:
+            caBundle: '###DYNAMIC_FIELD###'
+            service:
+                name: chartsnap-kong-validation-webhook
+                namespace: default
+          failurePolicy: Ignore
+          name: validations.kong.konghq.com
+          objectSelector:
+            matchExpressions:
+                - key: owner
+                  operator: NotIn
+                  values:
+                    - helm
+          rules:
+            - apiGroups:
+                - configuration.konghq.com
+              apiVersions:
+                - '*'
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - kongconsumers
+                - kongplugins
+                - kongclusterplugins
+                - kongingresses
+            - apiGroups:
+                - \"\"
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - secrets
+                - services
+            - apiGroups:
+                - networking.k8s.io
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - ingresses
+            - apiGroups:
+                - gateway.networking.k8s.io
+              apiVersions:
+                - v1alpha2
+                - v1beta1
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - gateways
+                - httproutes
+          sideEffects: None
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - args: null
+                      env:
+                        - name: POD_NAME
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.name
+                        - name: POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.namespace
+                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+                          value: 0.0.0.0:8080
+                        - name: CONTROLLER_ANONYMOUS_REPORTS
+                          value: \"false\"
+                        - name: CONTROLLER_ELECTION_ID
+                          value: kong-ingress-controller-leader-kong
+                        - name: CONTROLLER_INGRESS_CLASS
+                          value: kong
+                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+                          value: \"true\"
+                        - name: CONTROLLER_KONG_ADMIN_URL
+                          value: https://localhost:8444
+                        - name: CONTROLLER_PUBLISH_SERVICE
+                          value: default/chartsnap-kong-proxy
+                      image: kong/kubernetes-ingress-controller:3.0
+                      imagePullPolicy: IfNotPresent
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /healthz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: ingress-controller
+                      ports:
+                        - containerPort: 8080
+                          name: webhook
+                          protocol: TCP
+                        - containerPort: 10255
+                          name: cmetrics
+                          protocol: TCP
+                        - containerPort: 10254
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /readyz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /admission-webhook
+                          name: webhook-cert
+                          readOnly: true
+                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+                          name: chartsnap-kong-token
+                          readOnly: true
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - name: webhook-cert
+                      secret:
+                        secretName: chartsnap-kong-validation-webhook-keypair
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    rules:
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - nodes
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - pods
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - secrets
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - ingressclassparameterses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - discovery.k8s.io
+          resources:
+            - endpointslices
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - apiextensions.k8s.io
+          resources:
+            - customresourcedefinitions
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    rules:
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+            - pods
+            - secrets
+            - namespaces
+          verbs:
+            - get
+        - apiGroups:
+            - \"\"
+          resourceNames:
+            - kong-ingress-controller-leader-kong-kong
+          resources:
+            - configmaps
+          verbs:
+            - get
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+          verbs:
+            - create
+        - apiGroups:
+            - \"\"
+            - coordination.k8s.io
+          resources:
+            - configmaps
+            - leases
+          verbs:
+            - get
+            - list
+            - watch
+            - create
+            - update
+            - patch
+            - delete
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-ca-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    spec:
+        ports:
+            - name: webhook
+              port: 443
+              protocol: TCP
+              targetPort: webhook
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-1-values.snap

@@ -0,0 +1,909 @@
+[kong-ingress-1-values]
+SnapShot = """
+- object:
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validations
+        namespace: default
+    webhooks:
+        - admissionReviewVersions:
+            - v1beta1
+          clientConfig:
+            caBundle: '###DYNAMIC_FIELD###'
+            service:
+                name: chartsnap-kong-validation-webhook
+                namespace: default
+          failurePolicy: Ignore
+          name: validations.kong.konghq.com
+          objectSelector:
+            matchExpressions:
+                - key: owner
+                  operator: NotIn
+                  values:
+                    - helm
+          rules:
+            - apiGroups:
+                - configuration.konghq.com
+              apiVersions:
+                - '*'
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - kongconsumers
+                - kongplugins
+                - kongclusterplugins
+                - kongingresses
+            - apiGroups:
+                - \"\"
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - secrets
+                - services
+            - apiGroups:
+                - networking.k8s.io
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - ingresses
+            - apiGroups:
+                - gateway.networking.k8s.io
+              apiVersions:
+                - v1alpha2
+                - v1beta1
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - gateways
+                - httproutes
+          sideEffects: None
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - args: null
+                      env:
+                        - name: POD_NAME
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.name
+                        - name: POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.namespace
+                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+                          value: 0.0.0.0:8080
+                        - name: CONTROLLER_ELECTION_ID
+                          value: kong-ingress-controller-leader-kong
+                        - name: CONTROLLER_INGRESS_CLASS
+                          value: kong
+                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+                          value: \"true\"
+                        - name: CONTROLLER_KONG_ADMIN_URL
+                          value: https://localhost:8444
+                        - name: CONTROLLER_PUBLISH_SERVICE
+                          value: default/chartsnap-kong-proxy
+                      image: kong/kubernetes-ingress-controller:3.0
+                      imagePullPolicy: IfNotPresent
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /healthz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: ingress-controller
+                      ports:
+                        - containerPort: 8080
+                          name: webhook
+                          protocol: TCP
+                        - containerPort: 10255
+                          name: cmetrics
+                          protocol: TCP
+                        - containerPort: 10254
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /readyz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /admission-webhook
+                          name: webhook-cert
+                          readOnly: true
+                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+                          name: chartsnap-kong-token
+                          readOnly: true
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - name: webhook-cert
+                      secret:
+                        secretName: chartsnap-kong-validation-webhook-keypair
+- object:
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        rules:
+            - http:
+                paths:
+                    - backend:
+                        service:
+                            name: chartsnap-kong-proxy
+                            port:
+                                number: 443
+                      path: /
+                      pathType: ImplementationSpecific
+        tls:
+            - hosts: null
+              secretName: kong.proxy.example.secret
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    rules:
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - nodes
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - pods
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - secrets
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - ingressclassparameterses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - discovery.k8s.io
+          resources:
+            - endpointslices
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - apiextensions.k8s.io
+          resources:
+            - customresourcedefinitions
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    rules:
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+            - pods
+            - secrets
+            - namespaces
+          verbs:
+            - get
+        - apiGroups:
+            - \"\"
+          resourceNames:
+            - kong-ingress-controller-leader-kong-kong
+          resources:
+            - configmaps
+          verbs:
+            - get
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+          verbs:
+            - create
+        - apiGroups:
+            - \"\"
+            - coordination.k8s.io
+          resources:
+            - configmaps
+            - leases
+          verbs:
+            - get
+            - list
+            - watch
+            - create
+            - update
+            - patch
+            - delete
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-ca-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+        tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+    kind: Secret
+    metadata:
+        name: kong.proxy.example.secret
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    spec:
+        ports:
+            - name: webhook
+              port: 443
+              protocol: TCP
+              targetPort: webhook
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-2-values.snap

@@ -0,0 +1,911 @@
+[kong-ingress-2-values]
+SnapShot = """
+- object:
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validations
+        namespace: default
+    webhooks:
+        - admissionReviewVersions:
+            - v1beta1
+          clientConfig:
+            caBundle: '###DYNAMIC_FIELD###'
+            service:
+                name: chartsnap-kong-validation-webhook
+                namespace: default
+          failurePolicy: Ignore
+          name: validations.kong.konghq.com
+          objectSelector:
+            matchExpressions:
+                - key: owner
+                  operator: NotIn
+                  values:
+                    - helm
+          rules:
+            - apiGroups:
+                - configuration.konghq.com
+              apiVersions:
+                - '*'
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - kongconsumers
+                - kongplugins
+                - kongclusterplugins
+                - kongingresses
+            - apiGroups:
+                - \"\"
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - secrets
+                - services
+            - apiGroups:
+                - networking.k8s.io
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - ingresses
+            - apiGroups:
+                - gateway.networking.k8s.io
+              apiVersions:
+                - v1alpha2
+                - v1beta1
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - gateways
+                - httproutes
+          sideEffects: None
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - args: null
+                      env:
+                        - name: POD_NAME
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.name
+                        - name: POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.namespace
+                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+                          value: 0.0.0.0:8080
+                        - name: CONTROLLER_ELECTION_ID
+                          value: kong-ingress-controller-leader-kong
+                        - name: CONTROLLER_INGRESS_CLASS
+                          value: kong
+                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+                          value: \"true\"
+                        - name: CONTROLLER_KONG_ADMIN_URL
+                          value: https://localhost:8444
+                        - name: CONTROLLER_PUBLISH_SERVICE
+                          value: default/chartsnap-kong-proxy
+                      image: kong/kubernetes-ingress-controller:3.0
+                      imagePullPolicy: IfNotPresent
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /healthz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: ingress-controller
+                      ports:
+                        - containerPort: 8080
+                          name: webhook
+                          protocol: TCP
+                        - containerPort: 10255
+                          name: cmetrics
+                          protocol: TCP
+                        - containerPort: 10254
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /readyz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /admission-webhook
+                          name: webhook-cert
+                          readOnly: true
+                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+                          name: chartsnap-kong-token
+                          readOnly: true
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - name: webhook-cert
+                      secret:
+                        secretName: chartsnap-kong-validation-webhook-keypair
+- object:
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        rules:
+            - host: proxy.kong.example
+              http:
+                paths:
+                    - backend:
+                        service:
+                            name: chartsnap-kong-proxy
+                            port:
+                                number: 443
+                      path: /
+                      pathType: ImplementationSpecific
+        tls:
+            - hosts:
+                - proxy.kong.example
+              secretName: kong.proxy.example.secret
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    rules:
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - nodes
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - pods
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - secrets
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - ingressclassparameterses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - discovery.k8s.io
+          resources:
+            - endpointslices
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - apiextensions.k8s.io
+          resources:
+            - customresourcedefinitions
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    rules:
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+            - pods
+            - secrets
+            - namespaces
+          verbs:
+            - get
+        - apiGroups:
+            - \"\"
+          resourceNames:
+            - kong-ingress-controller-leader-kong-kong
+          resources:
+            - configmaps
+          verbs:
+            - get
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+          verbs:
+            - create
+        - apiGroups:
+            - \"\"
+            - coordination.k8s.io
+          resources:
+            - configmaps
+            - leases
+          verbs:
+            - get
+            - list
+            - watch
+            - create
+            - update
+            - patch
+            - delete
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-ca-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+        tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+    kind: Secret
+    metadata:
+        name: kong.proxy.example.secret
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    spec:
+        ports:
+            - name: webhook
+              port: 443
+              protocol: TCP
+              targetPort: webhook
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-3-values.snap

@@ -0,0 +1,898 @@
+[kong-ingress-3-values]
+SnapShot = """
+- object:
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validations
+        namespace: default
+    webhooks:
+        - admissionReviewVersions:
+            - v1beta1
+          clientConfig:
+            caBundle: '###DYNAMIC_FIELD###'
+            service:
+                name: chartsnap-kong-validation-webhook
+                namespace: default
+          failurePolicy: Ignore
+          name: validations.kong.konghq.com
+          objectSelector:
+            matchExpressions:
+                - key: owner
+                  operator: NotIn
+                  values:
+                    - helm
+          rules:
+            - apiGroups:
+                - configuration.konghq.com
+              apiVersions:
+                - '*'
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - kongconsumers
+                - kongplugins
+                - kongclusterplugins
+                - kongingresses
+            - apiGroups:
+                - \"\"
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - secrets
+                - services
+            - apiGroups:
+                - networking.k8s.io
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - ingresses
+            - apiGroups:
+                - gateway.networking.k8s.io
+              apiVersions:
+                - v1alpha2
+                - v1beta1
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - gateways
+                - httproutes
+          sideEffects: None
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - args: null
+                      env:
+                        - name: POD_NAME
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.name
+                        - name: POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.namespace
+                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+                          value: 0.0.0.0:8080
+                        - name: CONTROLLER_ELECTION_ID
+                          value: kong-ingress-controller-leader-kong
+                        - name: CONTROLLER_INGRESS_CLASS
+                          value: kong
+                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+                          value: \"true\"
+                        - name: CONTROLLER_KONG_ADMIN_URL
+                          value: https://localhost:8444
+                        - name: CONTROLLER_PUBLISH_SERVICE
+                          value: default/chartsnap-kong-proxy
+                      image: kong/kubernetes-ingress-controller:3.0
+                      imagePullPolicy: IfNotPresent
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /healthz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: ingress-controller
+                      ports:
+                        - containerPort: 8080
+                          name: webhook
+                          protocol: TCP
+                        - containerPort: 10255
+                          name: cmetrics
+                          protocol: TCP
+                        - containerPort: 10254
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /readyz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /admission-webhook
+                          name: webhook-cert
+                          readOnly: true
+                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+                          name: chartsnap-kong-token
+                          readOnly: true
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - name: webhook-cert
+                      secret:
+                        secretName: chartsnap-kong-validation-webhook-keypair
+- object:
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        rules:
+            - host: proxy.kong.example
+              http:
+                paths:
+                    - backend:
+                        service:
+                            name: chartsnap-kong-proxy
+                            port:
+                                number: 443
+                      path: /
+                      pathType: ImplementationSpecific
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    rules:
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - nodes
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - pods
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - secrets
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - ingressclassparameterses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - discovery.k8s.io
+          resources:
+            - endpointslices
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - apiextensions.k8s.io
+          resources:
+            - customresourcedefinitions
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    rules:
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+            - pods
+            - secrets
+            - namespaces
+          verbs:
+            - get
+        - apiGroups:
+            - \"\"
+          resourceNames:
+            - kong-ingress-controller-leader-kong-kong
+          resources:
+            - configmaps
+          verbs:
+            - get
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+          verbs:
+            - create
+        - apiGroups:
+            - \"\"
+            - coordination.k8s.io
+          resources:
+            - configmaps
+            - leases
+          verbs:
+            - get
+            - list
+            - watch
+            - create
+            - update
+            - patch
+            - delete
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-ca-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    spec:
+        ports:
+            - name: webhook
+              port: 443
+              protocol: TCP
+              targetPort: webhook
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-4-values.snap

@@ -0,0 +1,951 @@
+[kong-ingress-4-values]
+SnapShot = """
+- object:
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validations
+        namespace: default
+    webhooks:
+        - admissionReviewVersions:
+            - v1beta1
+          clientConfig:
+            caBundle: '###DYNAMIC_FIELD###'
+            service:
+                name: chartsnap-kong-validation-webhook
+                namespace: default
+          failurePolicy: Ignore
+          name: validations.kong.konghq.com
+          objectSelector:
+            matchExpressions:
+                - key: owner
+                  operator: NotIn
+                  values:
+                    - helm
+          rules:
+            - apiGroups:
+                - configuration.konghq.com
+              apiVersions:
+                - '*'
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - kongconsumers
+                - kongplugins
+                - kongclusterplugins
+                - kongingresses
+            - apiGroups:
+                - \"\"
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - secrets
+                - services
+            - apiGroups:
+                - networking.k8s.io
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - ingresses
+            - apiGroups:
+                - gateway.networking.k8s.io
+              apiVersions:
+                - v1alpha2
+                - v1beta1
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - gateways
+                - httproutes
+          sideEffects: None
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - args: null
+                      env:
+                        - name: POD_NAME
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.name
+                        - name: POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.namespace
+                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+                          value: 0.0.0.0:8080
+                        - name: CONTROLLER_ELECTION_ID
+                          value: kong-ingress-controller-leader-kong
+                        - name: CONTROLLER_INGRESS_CLASS
+                          value: kong
+                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+                          value: \"true\"
+                        - name: CONTROLLER_KONG_ADMIN_URL
+                          value: https://localhost:8444
+                        - name: CONTROLLER_PUBLISH_SERVICE
+                          value: default/chartsnap-kong-proxy
+                      image: kong/kubernetes-ingress-controller:3.0
+                      imagePullPolicy: IfNotPresent
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /healthz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: ingress-controller
+                      ports:
+                        - containerPort: 8080
+                          name: webhook
+                          protocol: TCP
+                        - containerPort: 10255
+                          name: cmetrics
+                          protocol: TCP
+                        - containerPort: 10254
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /readyz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /admission-webhook
+                          name: webhook-cert
+                          readOnly: true
+                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+                          name: chartsnap-kong-token
+                          readOnly: true
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - name: webhook-cert
+                      secret:
+                        secretName: chartsnap-kong-validation-webhook-keypair
+- object:
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        rules:
+            - host: proxy.kong.example
+              http:
+                paths:
+                    - backend:
+                        service:
+                            name: chartsnap-kong-proxy
+                            port:
+                                number: 443
+                      path: /
+                      pathType: ImplementationSpecific
+            - host: proxy2.kong.example
+              http:
+                paths:
+                    - backend:
+                        service:
+                            name: chartsnap-kong-proxy
+                            port:
+                                number: 443
+                      path: /foo
+                      pathType: Prefix
+                    - backend:
+                        service:
+                            name: chartsnap-kong-proxy
+                            port:
+                                number: 443
+                      path: /bar
+                      pathType: Prefix
+            - host: proxy3.kong.example
+              http:
+                paths:
+                    - backend:
+                        service:
+                            name: chartsnap-kong-proxy
+                            port:
+                                number: 443
+                      path: /baz
+                      pathType: Prefix
+        tls:
+            - hosts:
+                - proxy.kong.example
+              secretName: proxy.kong.example.secret
+            - hosts:
+                - proxy2.kong.example
+                - proxy3.kong.example
+              secretName: proxy.kong.example.secret2
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    rules:
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - nodes
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - pods
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - secrets
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - ingressclassparameterses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - discovery.k8s.io
+          resources:
+            - endpointslices
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - apiextensions.k8s.io
+          resources:
+            - customresourcedefinitions
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    rules:
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+            - pods
+            - secrets
+            - namespaces
+          verbs:
+            - get
+        - apiGroups:
+            - \"\"
+          resourceNames:
+            - kong-ingress-controller-leader-kong-kong
+          resources:
+            - configmaps
+          verbs:
+            - get
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+          verbs:
+            - create
+        - apiGroups:
+            - \"\"
+            - coordination.k8s.io
+          resources:
+            - configmaps
+            - leases
+          verbs:
+            - get
+            - list
+            - watch
+            - create
+            - update
+            - patch
+            - delete
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-ca-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+        tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+    kind: Secret
+    metadata:
+        name: kong.proxy.example.secret
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1ZQ0NRREVtWjF0cnJwaURqQU5CZ2txaGtpRzl3MEJBUXNGQURDQmdERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhGekFWCkJnTlZCQU1NRGlvdWEyOXVaeTVsZUdGdGNHeGxNQjRYRFRJek1EWXlPVEE0TVRjek4xb1hEVE16TURZeU5qQTQKTVRjek4xb3dnWUF4Q3pBSkJnTlZCQVlUQWxoWU1SSXdFQVlEVlFRSURBbFRkR0YwWlU1aGJXVXhFVEFQQmdOVgpCQWNNQ0VOcGRIbE9ZVzFsTVJRd0VnWURWUVFLREF0RGIyMXdZVzU1VG1GdFpURWJNQmtHQTFVRUN3d1NRMjl0CmNHRnVlVk5sWTNScGIyNU9ZVzFsTVJjd0ZRWURWUVFEREE0cUxtdHZibWN1WlhoaGJYQnNaVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDlSR1g1VytsRW8wcGg2eTJqeHN6TGZOcjMvNlpFOQpPR0pPMGl1WmpwRml2dHBya24ydDlqYTRaNUdYOGh4NUczS1FsRkhrVFBmV01BWmUzdldINTF0alZzYjZwY2UwCjlkMUo4WXNxWkh5RHVlUzBrS3RUbEFmc0F5MnVjL3ZvUUdmOTdZeUI2TlJ4TEJmNHBnSVJ4eHpGM3o0Q1ZOSTgKTzE5Ym1PYVo1Vkk1QWZpbENSMUI1ekxuN2VoeEJHOHhTQmRtQUg0eWFob2t5RXk2a0ZtRzJCaEtJWjdsL1BZYQpqbU1yQ3cwekRVampvblBublZTWTkxL0EwNUJVTVk5OEZsME00QVV5T1V3enBaajhqMXhLMTNqUVlGeXJwUHQwCklHNUdLR044akVCcnRkdGVlcGZIdFZuekFWYnhoT0hkcXZoUWhrSDJDSGVwOStIQkNIL25VL1VDQXdFQUFUQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQkcxVVYyUFRJekhrNEt4cjBHT0NXalhjTTdKUU9hbUJQM3dZSCswRgpyc09YUG9IOHVLV25XYjhSSGE1MDhMenU4MGNzS1lYcnZ4SEhDcmcxdXJjRnl3bnNMaUtMNGhsQklTd2ZMNzFFClVXODhQdGYyWTdjTnJZRzNLc2MvMWVpait1RWd5bVdCbjkraVYzbzE5VERwRjlZZWZwYzNUUDJqMGhNUHcwMlgKa1gzSlh3b250NnBQaDhlQjhXRU1OZkF5NzZmb0lMcytVd0Fjck56QkpjSVZSTERoZWFNMFNFd0xCNUpuaWZ5ZwplRE1aSE56MkhLais0NU1wTzFOSDBtd3ZJRTRLQjNITUNSSlMybmZFbWVMcFdCMWpmZTV6T2o1bWhTeS82M0RVCldDQll1aUhtelFWaGxJS21lQzBlVmd3bGtkMTFrUDRNM1hoWnB6V09aQ1BoaGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+        tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQy9VUmwrVnZwUktOS1kKZXN0bzhiTXkzemE5LyttUlBUaGlUdElybVk2UllyN2FhNUo5cmZZMnVHZVJsL0ljZVJ0eWtKUlI1RXozMWpBRwpYdDcxaCtkYlkxYkcrcVhIdFBYZFNmR0xLbVI4Zzdua3RKQ3JVNVFIN0FNdHJuUDc2RUJuL2UyTWdlalVjU3dYCitLWUNFY2NjeGQ4K0FsVFNQRHRmVzVqbW1lVlNPUUg0cFFrZFFlY3k1KzNvY1FSdk1VZ1haZ0IrTW1vYUpNaE0KdXBCWmh0Z1lTaUdlNWZ6MkdvNWpLd3NOTXcxSTQ2Sno1NTFVbVBkZndOT1FWREdQZkJaZERPQUZNamxNTTZXWQovSTljU3RkNDBHQmNxNlQ3ZENCdVJpaGpmSXhBYTdYYlhucVh4N1ZaOHdGVzhZVGgzYXI0VUlaQjlnaDNxZmZoCndRaC81MVAxQWdNQkFBRUNnZ0VCQUlCZ0l3TXJ5ZnY3c0pTd2tSMXlVaFNvdzByckZnZG5WUlppWFpUMERUNXgKVEMrMFR6QVdNMGkwcElxRnN1aDRPM3E4bVVuNkw4dDk1ZXZnYlN2RWJmSmN6alhtcXFjL1BsdW02blcvbEg0WQp4Znc1VFhvcE13Tzkwc1FzYzVkdFdRcHUwWitlN0dUaEsvMUowOXMvb3FRa0FwRFJiNmxDMFhSRE9tNUNoaWFNCi95Z2M2dGUzUHkrRXpzSmRMRm9YWndFQnVQWTB2KzlBclhpNmlUMllaN1ZacE9iZzQxcm1ocHNObTFLNmdJajUKZFZKNGZYa2Z5V0hsSmJBYzVTRDkrVWMrTGFjUEcxSjVJUWx6eTM0WlM0ZG9VQ2lmODZuVHFzSnFVTU1sNXYxcAp3SFFUZFI2MkdnWnRPM1grOU4vdHE3SExqU0tHY0JEd3E4bEM4QXZ0VHdFQ2dZRUErWWpVdzI1em42aWhjaXFpCmo3dDJiQVdLdzdlbng1RXFzU25ZOG1PYzR2TDdNa1YyN2ZhYXp1cW8wUEtOeWJOa1grUlhIMDN4S0NDd0x0N0UKLzRDUlFHMGNkQmhBQ2szMkpadllrQmxESUZ3VmtnMHVnNGk4Snp6VjVCT2hEeWdwZUhJTDVVTkx2eGJDbVh6MAo1bXNYRktPYW1HYkFCbE9KTEZsR1R4WWdzeWtDZ1lFQXhFWWI0dFVmRmhiTmpJTUMyd1hFRXdWZkJYOFJqNzVqCjN6SkwxV3o4YWxUQmxFemZYOTZiNmg3VjFNT1NHcmlabFJ1cGpEaUFsUkhPZytDSXlPbmdISFkwd2xTaHNmemQKSDluL2dOdUZsanFuQkF3OVpaSW9hbE1zUVVER3RLSnVIejhEYzlVNzRFMGM3WldQWk1Ub0pNdFV2Zkl5T0pZSgpQODh1YnYvam4rMENnWUJaNmpzNFhKRmZRNFZCUFNtc2Z4RXg1V0ZXR3RSakxlVGpSNy83djNjbHRBWmQyL2Y1CjBUV0JQNzhxNDJ2QjlWbEMwR1d3U3dhTnZoR2VJZmw4VTVpRFRZM0dLNExQODcyeFdaSFVnclhVY0RuNWtiUmsKQXg1QlNVT05WcUZmYzhwVnMwcWtCdmJCV1hNdm1YNHBsUWNSRWM3QUFhNUoyVW9CWi8zVXU1VjIyUUtCZ0ZnVQpKanQ2N0lKYkpVN2pGQXI1NFcydndWNlVFV3R5UXh0TVZOK29FdlljcHVwSVBRMm10azB3SFVGbnFrODNmQ1IvCnoyeFBodFJlczFCWEdNc2d1U1BNb0F4OU1qclBnT1BrVGxhakxLV29HSDhtaHY3bndoOUV4OTFZbGxORmVTbW8KZTRJbHRNTUpsK3UrYkNVS2dDclMzR3FKSDZScElDbDBiaC85MFVaWkFvR0FaUEsrdldLQ0N6aHNhSnVWak1VSQpiTEJlMi9CM0xxTVBhakFLTjVTNU9GYlpBZm5NeE9BT1lnd25iWmdpZGVkcVk2QkIyLytVVGt4MW1IUjhKcmpGCnRyN20wS2VvRFY4dmQxSENvSkF3b2hqQ1B6SkJhSW9WYWNkRFNsMDNIOVFEck4yd0RFYUxoWFBlVkRoNGZ2NmQKa3d6V3FZWUlETzRKQlp5L21Wa0t4NFU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+    kind: Secret
+    metadata:
+        name: kong.proxy.example.secret2
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    spec:
+        ports:
+            - name: webhook
+              port: 443
+              protocol: TCP
+              targetPort: webhook
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/service-account.snap

@@ -0,0 +1,874 @@
+[service-account]
+SnapShot = """
+- object:
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validations
+        namespace: default
+    webhooks:
+        - admissionReviewVersions:
+            - v1beta1
+          clientConfig:
+            caBundle: '###DYNAMIC_FIELD###'
+            service:
+                name: chartsnap-kong-validation-webhook
+                namespace: default
+          failurePolicy: Ignore
+          name: validations.kong.konghq.com
+          objectSelector:
+            matchExpressions:
+                - key: owner
+                  operator: NotIn
+                  values:
+                    - helm
+          rules:
+            - apiGroups:
+                - configuration.konghq.com
+              apiVersions:
+                - '*'
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - kongconsumers
+                - kongplugins
+                - kongclusterplugins
+                - kongingresses
+            - apiGroups:
+                - \"\"
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - secrets
+                - services
+            - apiGroups:
+                - networking.k8s.io
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - ingresses
+            - apiGroups:
+                - gateway.networking.k8s.io
+              apiVersions:
+                - v1alpha2
+                - v1beta1
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - gateways
+                - httproutes
+          sideEffects: None
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: my-kong-sa-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - args: null
+                      env:
+                        - name: POD_NAME
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.name
+                        - name: POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.namespace
+                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+                          value: 0.0.0.0:8080
+                        - name: CONTROLLER_ELECTION_ID
+                          value: kong-ingress-controller-leader-kong
+                        - name: CONTROLLER_INGRESS_CLASS
+                          value: kong
+                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+                          value: \"true\"
+                        - name: CONTROLLER_KONG_ADMIN_URL
+                          value: https://localhost:8444
+                        - name: CONTROLLER_PUBLISH_SERVICE
+                          value: default/chartsnap-kong-proxy
+                      image: kong/kubernetes-ingress-controller:3.0
+                      imagePullPolicy: IfNotPresent
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /healthz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: ingress-controller
+                      ports:
+                        - containerPort: 8080
+                          name: webhook
+                          protocol: TCP
+                        - containerPort: 10255
+                          name: cmetrics
+                          protocol: TCP
+                        - containerPort: 10254
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /readyz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /admission-webhook
+                          name: webhook-cert
+                          readOnly: true
+                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+                          name: my-kong-sa-token
+                          readOnly: true
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                securityContext: {}
+                serviceAccountName: my-kong-sa
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: my-kong-sa-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - name: webhook-cert
+                      secret:
+                        secretName: chartsnap-kong-validation-webhook-keypair
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    rules:
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - nodes
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - pods
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - secrets
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - ingressclassparameterses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - discovery.k8s.io
+          resources:
+            - endpointslices
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - apiextensions.k8s.io
+          resources:
+            - customresourcedefinitions
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: my-kong-sa
+          namespace: default
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    rules:
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+            - pods
+            - secrets
+            - namespaces
+          verbs:
+            - get
+        - apiGroups:
+            - \"\"
+          resourceNames:
+            - kong-ingress-controller-leader-kong-kong
+          resources:
+            - configmaps
+          verbs:
+            - get
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+          verbs:
+            - create
+        - apiGroups:
+            - \"\"
+            - coordination.k8s.io
+          resources:
+            - configmaps
+            - leases
+          verbs:
+            - get
+            - list
+            - watch
+            - create
+            - update
+            - patch
+            - delete
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: my-kong-sa
+          namespace: default
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-ca-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    spec:
+        ports:
+            - name: webhook
+              port: 443
+              protocol: TCP
+              targetPort: webhook
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: my-kong-sa
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/single-image-default-values.snap

@@ -0,0 +1,880 @@
+[single-image-default-values]
+SnapShot = """
+- object:
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validations
+        namespace: default
+    webhooks:
+        - admissionReviewVersions:
+            - v1beta1
+          clientConfig:
+            caBundle: '###DYNAMIC_FIELD###'
+            service:
+                name: chartsnap-kong-validation-webhook
+                namespace: default
+          failurePolicy: Ignore
+          name: validations.kong.konghq.com
+          objectSelector:
+            matchExpressions:
+                - key: owner
+                  operator: NotIn
+                  values:
+                    - helm
+          rules:
+            - apiGroups:
+                - configuration.konghq.com
+              apiVersions:
+                - '*'
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - kongconsumers
+                - kongplugins
+                - kongclusterplugins
+                - kongingresses
+            - apiGroups:
+                - \"\"
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - secrets
+                - services
+            - apiGroups:
+                - networking.k8s.io
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - ingresses
+            - apiGroups:
+                - gateway.networking.k8s.io
+              apiVersions:
+                - v1alpha2
+                - v1beta1
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - gateways
+                - httproutes
+          sideEffects: None
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - args: null
+                      env:
+                        - name: POD_NAME
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.name
+                        - name: POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.namespace
+                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+                          value: 0.0.0.0:8080
+                        - name: CONTROLLER_ANONYMOUS_REPORTS
+                          value: \"false\"
+                        - name: CONTROLLER_ELECTION_ID
+                          value: kong-ingress-controller-leader-kong
+                        - name: CONTROLLER_INGRESS_CLASS
+                          value: kong
+                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+                          value: \"true\"
+                        - name: CONTROLLER_KONG_ADMIN_URL
+                          value: https://localhost:8444
+                        - name: CONTROLLER_PUBLISH_SERVICE
+                          value: default/chartsnap-kong-proxy
+                      image: kong/kubernetes-ingress-controller:3.0
+                      imagePullPolicy: IfNotPresent
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /healthz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: ingress-controller
+                      ports:
+                        - containerPort: 8080
+                          name: webhook
+                          protocol: TCP
+                        - containerPort: 10255
+                          name: cmetrics
+                          protocol: TCP
+                        - containerPort: 10254
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /readyz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /admission-webhook
+                          name: webhook-cert
+                          readOnly: true
+                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+                          name: chartsnap-kong-token
+                          readOnly: true
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.4.1
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.4.1
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - name: webhook-cert
+                      secret:
+                        secretName: chartsnap-kong-validation-webhook-keypair
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    rules:
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - nodes
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - pods
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - secrets
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - ingressclassparameterses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - discovery.k8s.io
+          resources:
+            - endpointslices
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - apiextensions.k8s.io
+          resources:
+            - customresourcedefinitions
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    rules:
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+            - pods
+            - secrets
+            - namespaces
+          verbs:
+            - get
+        - apiGroups:
+            - \"\"
+          resourceNames:
+            - kong-ingress-controller-leader-kong-kong
+          resources:
+            - configmaps
+          verbs:
+            - get
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+          verbs:
+            - create
+        - apiGroups:
+            - \"\"
+            - coordination.k8s.io
+          resources:
+            - configmaps
+            - leases
+          verbs:
+            - get
+            - list
+            - watch
+            - create
+            - update
+            - patch
+            - delete
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-ca-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    spec:
+        ports:
+            - name: webhook
+              port: 443
+              protocol: TCP
+              targetPort: webhook
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap

@@ -0,0 +1,311 @@
+['test-enterprise-version-3.4.0.0-values']
+SnapShot = """
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong/kong-gateway:3.4.0.0
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 1
+                        periodSeconds: 1
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong/kong-gateway:3.4.0.0
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/test1-values.snap

@@ -0,0 +1,967 @@
+[test1-values]
+SnapShot = """
+- object:
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validations
+        namespace: default
+    webhooks:
+        - admissionReviewVersions:
+            - v1beta1
+          clientConfig:
+            caBundle: '###DYNAMIC_FIELD###'
+            service:
+                name: chartsnap-kong-validation-webhook
+                namespace: default
+          failurePolicy: Ignore
+          name: validations.kong.konghq.com
+          objectSelector:
+            matchExpressions:
+                - key: owner
+                  operator: NotIn
+                  values:
+                    - helm
+          rules:
+            - apiGroups:
+                - configuration.konghq.com
+              apiVersions:
+                - '*'
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - kongconsumers
+                - kongplugins
+                - kongclusterplugins
+                - kongingresses
+            - apiGroups:
+                - \"\"
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - secrets
+                - services
+            - apiGroups:
+                - networking.k8s.io
+              apiVersions:
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - ingresses
+            - apiGroups:
+                - gateway.networking.k8s.io
+              apiVersions:
+                - v1alpha2
+                - v1beta1
+                - v1
+              operations:
+                - CREATE
+                - UPDATE
+              resources:
+                - gateways
+                - httproutes
+          sideEffects: None
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    environment: test
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - args: null
+                      env:
+                        - name: POD_NAME
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.name
+                        - name: POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                                apiVersion: v1
+                                fieldPath: metadata.namespace
+                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+                          value: 0.0.0.0:8080
+                        - name: CONTROLLER_ANONYMOUS_REPORTS
+                          value: \"false\"
+                        - name: CONTROLLER_ELECTION_ID
+                          value: kong-ingress-controller-leader-kong
+                        - name: CONTROLLER_INGRESS_CLASS
+                          value: kong
+                        - name: CONTROLLER_KONG_ADMIN_HEADER
+                          value: foo:bar
+                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+                          value: \"true\"
+                        - name: CONTROLLER_KONG_ADMIN_URL
+                          value: https://localhost:8444
+                        - name: CONTROLLER_PUBLISH_SERVICE
+                          value: default/chartsnap-kong-proxy
+                      image: kong/kubernetes-ingress-controller:3.0
+                      imagePullPolicy: IfNotPresent
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /healthz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: ingress-controller
+                      ports:
+                        - containerPort: 8080
+                          name: webhook
+                          protocol: TCP
+                        - containerPort: 10255
+                          name: cmetrics
+                          protocol: TCP
+                        - containerPort: 10254
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /readyz
+                            port: 10254
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /admission-webhook
+                          name: webhook-cert
+                          readOnly: true
+                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+                          name: chartsnap-kong-token
+                          readOnly: true
+                        - mountPath: /tmp/foo
+                          name: tmpdir
+                          readOnly: true
+                        - mountPath: /tmp/controller
+                          name: controllerdir
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_API_URI
+                          value: http://admin.kong.example
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_API_URL
+                          value: http://admin.kong.example
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                        - mountPath: /tmp/foo
+                          name: tmpdir
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_API_URI
+                          value: http://admin.kong.example
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_API_URL
+                          value: http://admin.kong.example
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_KIC
+                          value: \"on\"
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                    - command:
+                        - /bin/sh
+                        - -c
+                        - \"true\"
+                      image: bash:latest
+                      name: bash
+                      resources:
+                        limits:
+                            cpu: 100m
+                            memory: 64Mi
+                        requests:
+                            cpu: 100m
+                            memory: 64Mi
+                      volumeMounts:
+                        - mountPath: /tmp/foo
+                          name: tmpdir
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - name: webhook-cert
+                      secret:
+                        secretName: chartsnap-kong-validation-webhook-keypair
+                    - emptyDir: {}
+                      name: tmpdir
+                    - emptyDir: {}
+                      name: controllerdir
+- object:
+    apiVersion: autoscaling/v2
+    kind: HorizontalPodAutoscaler
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        maxReplicas: 5
+        metrics:
+            - resource:
+                name: cpu
+                target:
+                    averageUtilization: 80
+                    type: Utilization
+              type: Resource
+        minReplicas: 2
+        scaleTargetRef:
+            apiVersion: apps/v1
+            kind: Deployment
+            name: chartsnap-kong
+- object:
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        rules:
+            - host: proxy.kong.example
+              http:
+                paths:
+                    - backend:
+                        service:
+                            name: chartsnap-kong-proxy
+                            port:
+                                number: 443
+                      path: /
+                      pathType: ImplementationSpecific
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    rules:
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongupstreampolicies/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumergroups/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - nodes
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - pods
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - secrets
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - ingressclassparameterses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongconsumers/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - tcpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - udpingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - discovery.k8s.io
+          resources:
+            - endpointslices
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - configuration.konghq.com
+          resources:
+            - kongclusterplugins/status
+          verbs:
+            - get
+            - patch
+            - update
+        - apiGroups:
+            - apiextensions.k8s.io
+          resources:
+            - customresourcedefinitions
+          verbs:
+            - list
+            - watch
+        - apiGroups:
+            - networking.k8s.io
+          resources:
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    rules:
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+            - pods
+            - secrets
+            - namespaces
+          verbs:
+            - get
+        - apiGroups:
+            - \"\"
+          resourceNames:
+            - kong-ingress-controller-leader-kong-kong
+          resources:
+            - configmaps
+          verbs:
+            - get
+            - update
+        - apiGroups:
+            - \"\"
+          resources:
+            - configmaps
+          verbs:
+            - create
+        - apiGroups:
+            - \"\"
+            - coordination.k8s.io
+          resources:
+            - configmaps
+            - leases
+          verbs:
+            - get
+            - list
+            - watch
+            - create
+            - update
+            - patch
+            - delete
+        - apiGroups:
+            - \"\"
+          resources:
+            - events
+          verbs:
+            - create
+            - patch
+        - apiGroups:
+            - \"\"
+          resources:
+            - services
+          verbs:
+            - get
+- object:
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: chartsnap-kong
+    subjects:
+        - kind: ServiceAccount
+          name: chartsnap-kong
+          namespace: default
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-ca-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    data:
+        tls.crt: '###DYNAMIC_FIELD###'
+        tls.key: '###DYNAMIC_FIELD###'
+    kind: Secret
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook-keypair
+        namespace: default
+    type: kubernetes.io/tls
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    spec:
+        ports:
+            - name: webhook
+              port: 443
+              protocol: TCP
+              targetPort: webhook
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/test3-values.snap

@@ -0,0 +1,369 @@
+[test3-values]
+SnapShot = """
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_DECLARATIVE_CONFIG
+                          value: /kong_dbless/kong.yml
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                        - mountPath: /kong_dbless/
+                          name: kong-custom-dbless-config-volume
+                        - mountPath: /opt/tmp
+                          name: tmpdir
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_DECLARATIVE_CONFIG
+                          value: /kong_dbless/kong.yml
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                        - mountPath: /kong_dbless/
+                          name: kong-custom-dbless-config-volume
+                    - command:
+                        - /bin/sh
+                        - -c
+                        - \"true\"
+                      image: bash:latest
+                      name: bash
+                      resources:
+                        limits:
+                            cpu: 100m
+                            memory: 64Mi
+                        requests:
+                            cpu: 100m
+                            memory: 64Mi
+                      volumeMounts:
+                        - mountPath: /opt/tmp
+                          name: tmpdir
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - configMap:
+                        name: chartsnap-kong-custom-dbless-config
+                      name: kong-custom-dbless-config-volume
+                    - emptyDir: {}
+                      name: tmpdir
+- object:
+    apiVersion: v1
+    data:
+        kong.yml: |
+            _format_version: \"1.1\"
+            services:
+              - name: example.com
+                url: http://example.com
+                routes:
+                - name: example
+                  paths:
+                  - \"/example\"
+    kind: ConfigMap
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-custom-dbless-config
+        namespace: default
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/__snapshots__/test4-values.snap

@@ -0,0 +1,386 @@
+[test4-values]
+SnapShot = """
+- object:
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+        labels:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+    spec:
+        replicas: 1
+        selector:
+            matchLabels:
+                app.kubernetes.io/component: app
+                app.kubernetes.io/instance: chartsnap
+                app.kubernetes.io/name: kong
+        template:
+            metadata:
+                annotations:
+                    checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a
+                    kuma.io/gateway: enabled
+                    kuma.io/service-account-token-volume: chartsnap-kong-token
+                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
+                labels:
+                    app: chartsnap-kong
+                    app.kubernetes.io/component: app
+                    app.kubernetes.io/instance: chartsnap
+                    app.kubernetes.io/managed-by: Helm
+                    app.kubernetes.io/name: kong
+                    app.kubernetes.io/version: \"3.5\"
+                    helm.sh/chart: kong-2.35.1
+                    version: \"3.5\"
+            spec:
+                automountServiceAccountToken: false
+                containers:
+                    - env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_DECLARATIVE_CONFIG
+                          value: /kong_dbless/kong.yml
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+                        - name: KONG_NGINX_DAEMON
+                          value: \"off\"
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      lifecycle:
+                        preStop:
+                            exec:
+                                command:
+                                    - kong
+                                    - quit
+                                    - --wait=15
+                      livenessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      name: proxy
+                      ports:
+                        - containerPort: 8000
+                          name: proxy
+                          protocol: TCP
+                        - containerPort: 8443
+                          name: proxy-tls
+                          protocol: TCP
+                        - containerPort: 9000
+                          name: stream-9000
+                          protocol: TCP
+                        - containerPort: 9001
+                          name: stream-9001
+                          protocol: TCP
+                        - containerPort: 8100
+                          name: status
+                          protocol: TCP
+                      readinessProbe:
+                        failureThreshold: 3
+                        httpGet:
+                            path: /status/ready
+                            port: status
+                            scheme: HTTP
+                        initialDelaySeconds: 5
+                        periodSeconds: 10
+                        successThreshold: 1
+                        timeoutSeconds: 5
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                        - mountPath: /kong_dbless/
+                          name: kong-custom-dbless-config-volume
+                initContainers:
+                    - command:
+                        - rm
+                        - -vrf
+                        - $KONG_PREFIX/pids
+                      env:
+                        - name: KONG_ADMIN_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_GUI_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_ADMIN_GUI_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ADMIN_LISTEN
+                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+                        - name: KONG_ANONYMOUS_REPORTS
+                          value: \"off\"
+                        - name: KONG_CLUSTER_LISTEN
+                          value: \"off\"
+                        - name: KONG_DATABASE
+                          value: \"off\"
+                        - name: KONG_DECLARATIVE_CONFIG
+                          value: /kong_dbless/kong.yml
+                        - name: KONG_LUA_PACKAGE_PATH
+                          value: /opt/?.lua;/opt/?/init.lua;;
+                        - name: KONG_NGINX_WORKER_PROCESSES
+                          value: \"2\"
+                        - name: KONG_PORTAL_API_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PORTAL_API_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PORT_MAPS
+                          value: 80:8000, 443:8443
+                        - name: KONG_PREFIX
+                          value: /kong_prefix/
+                        - name: KONG_PROXY_ACCESS_LOG
+                          value: /dev/stdout
+                        - name: KONG_PROXY_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_PROXY_LISTEN
+                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+                        - name: KONG_PROXY_STREAM_ACCESS_LOG
+                          value: /dev/stdout basic
+                        - name: KONG_PROXY_STREAM_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_ROUTER_FLAVOR
+                          value: traditional
+                        - name: KONG_STATUS_ACCESS_LOG
+                          value: \"off\"
+                        - name: KONG_STATUS_ERROR_LOG
+                          value: /dev/stderr
+                        - name: KONG_STATUS_LISTEN
+                          value: 0.0.0.0:8100, [::]:8100
+                        - name: KONG_STREAM_LISTEN
+                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+                      image: kong:3.5
+                      imagePullPolicy: IfNotPresent
+                      name: clear-stale-pid
+                      resources: {}
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                            drop:
+                                - ALL
+                        readOnlyRootFilesystem: true
+                        runAsNonRoot: true
+                        runAsUser: 1000
+                        seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - mountPath: /kong_prefix/
+                          name: chartsnap-kong-prefix-dir
+                        - mountPath: /tmp
+                          name: chartsnap-kong-tmp
+                        - mountPath: /kong_dbless/
+                          name: kong-custom-dbless-config-volume
+                securityContext: {}
+                serviceAccountName: chartsnap-kong
+                terminationGracePeriodSeconds: 30
+                volumes:
+                    - emptyDir:
+                        sizeLimit: 256Mi
+                      name: chartsnap-kong-prefix-dir
+                    - emptyDir:
+                        sizeLimit: 1Gi
+                      name: chartsnap-kong-tmp
+                    - name: chartsnap-kong-token
+                      projected:
+                        sources:
+                            - serviceAccountToken:
+                                expirationSeconds: 3607
+                                path: token
+                            - configMap:
+                                items:
+                                    - key: ca.crt
+                                      path: ca.crt
+                                name: kube-root-ca.crt
+                            - downwardAPI:
+                                items:
+                                    - fieldRef:
+                                        apiVersion: v1
+                                        fieldPath: metadata.namespace
+                                      path: namespace
+                    - configMap:
+                        name: chartsnap-kong-custom-dbless-config
+                      name: kong-custom-dbless-config-volume
+- object:
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        rules:
+            - http:
+                paths:
+                    - backend:
+                        service:
+                            name: chartsnap-kong-proxy
+                            port:
+                                number: 443
+                      path: /
+                      pathType: ImplementationSpecific
+- object:
+    apiVersion: v1
+    data:
+        kong.yml: |
+            _format_version: \"1.1\"
+            services:
+              - name: example.com
+                url: http://example.com
+                routes:
+                - name: example
+                  paths:
+                  - \"/example\"
+    kind: ConfigMap
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-custom-dbless-config
+        namespace: default
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-manager
+        namespace: default
+    spec:
+        ports:
+            - name: kong-manager
+              port: 8002
+              protocol: TCP
+              targetPort: 8002
+            - name: kong-manager-tls
+              port: 8445
+              protocol: TCP
+              targetPort: 8445
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: NodePort
+- object:
+    apiVersion: v1
+    kind: Service
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            enable-metrics: \"true\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong-proxy
+        namespace: default
+    spec:
+        ports:
+            - name: kong-proxy
+              port: 80
+              protocol: TCP
+              targetPort: 8000
+            - name: kong-proxy-tls
+              port: 443
+              protocol: TCP
+              targetPort: 8443
+            - name: stream-9000
+              port: 9000
+              protocol: TCP
+              targetPort: 9000
+            - name: stream-9001
+              port: 9001
+              protocol: TCP
+              targetPort: 9001
+        selector:
+            app.kubernetes.io/component: app
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/name: kong
+        type: LoadBalancer
+- object:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+        labels:
+            app.kubernetes.io/instance: chartsnap
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: kong
+            app.kubernetes.io/version: \"3.5\"
+            helm.sh/chart: kong-2.35.1
+        name: chartsnap-kong
+        namespace: default
+"""

build_system/charts/open-appsec-kong/ci/test2-values.yaml

@@ -11,6 +11,9 @@ ingressController:
     timeoutSeconds: 5
   env:
     anonymous_reports: "false"
+  envFrom:
+  - configMapRef:
+      name: env-config
   customEnv:
     TZ: "Europe/Berlin"
   watchNamespaces:
@@ -23,6 +26,9 @@ postgresql:
 env:
   anonymous_reports: "off"
   database: "postgres"
+envFrom:
+- configMapRef:
+    name: env-config
 # - ingress resources are created without hosts
 admin:
   ingress:
@@ -63,3 +69,11 @@ deployment:
         requests:
           cpu: "100m"
           memory: "64Mi"
+
+extraObjects:
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: env-config
+  data:
+    test-env: test