From 1ed094bf304a8fb19775120e453ee38d3b40a02f Mon Sep 17 00:00:00 2001 From: saikumarbommakanti <134491380+saikumarbommakanti@users.noreply.github.com> Date: Mon, 6 Nov 2023 17:29:09 +0530 Subject: [PATCH] This PR will provide the support of using latest ambassador edge-stack (#2410) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit changes: • Updated all services to use the latest Ambassador Edge Stack routing rules. fixes #2359 Signed-off-by: saikumarbommakanti --- .../charts/indy-node/templates/service.yaml | 56 +- .../helm_component/node/templates/node.tpl | 19 +- platforms/shared/charts/ambassador/Chart.yaml | 26 - .../shared/charts/ambassador/crds/filter.yaml | 1010 ---------------- .../charts/ambassador/crds/filterpolicy.yaml | 244 ---- .../crds/getambassador.io_authservices.yaml | 299 ----- .../getambassador.io_consulresolvers.yaml | 109 -- .../crds/getambassador.io_devportals.yaml | 273 ----- .../crds/getambassador.io_hosts.yaml | 103 -- ...ssador.io_kubernetesendpointresolvers.yaml | 103 -- ...assador.io_kubernetesserviceresolvers.yaml | 103 -- .../crds/getambassador.io_listener.yaml | 195 ---- .../crds/getambassador.io_logservices.yaml | 176 --- .../crds/getambassador.io_mappings.yaml | 1014 ----------------- .../crds/getambassador.io_modules.yaml | 118 -- .../getambassador.io_ratelimitservices.yaml | 180 --- .../crds/getambassador.io_tcpmappings.yaml | 233 ---- .../crds/getambassador.io_tlscontexts.yaml | 193 ---- .../getambassador.io_tracingservices.yaml | 306 ----- .../charts/ambassador/crds/ratelimit.yaml | 379 ------ .../charts/ambassador/templates/NOTES.txt | 60 - .../charts/ambassador/templates/_helpers.tpl | 72 -- .../ambassador/templates/admin-service.yaml | 46 - .../ambassador/templates/aes-authservice.yaml | 31 - .../ambassador/templates/aes-injector.yaml | 148 --- .../ambassador/templates/aes-internal.yaml | 117 -- .../ambassador/templates/aes-ratelimit.yaml | 27 - .../ambassador/templates/aes-redis.yaml | 78 -- .../ambassador/templates/aes-secret.yaml | 19 - .../charts/ambassador/templates/config.yaml | 20 - .../ambassador/templates/crd-delete.yaml | 123 -- .../ambassador/templates/crds-rbac.yaml | 62 - .../charts/ambassador/templates/crds.yaml | 6 - .../ambassador/templates/deployment.yaml | 265 ----- .../ambassador/templates/exporter-config.yaml | 23 - .../charts/ambassador/templates/hpa.yaml | 26 - .../charts/ambassador/templates/pdb.yaml | 23 - .../templates/podsecuritypolicy.yaml | 25 - .../ambassador/templates/projects-rbac.yaml | 69 -- .../charts/ambassador/templates/projects.yaml | 336 ------ .../charts/ambassador/templates/rbac.yaml | 115 -- .../charts/ambassador/templates/service.yaml | 121 -- .../ambassador/templates/serviceaccount.yaml | 18 - .../ambassador/templates/servicemonitor.yaml | 28 - .../templates/tests/test-ready.yaml | 24 - .../templates/traffic-agent-rbac.yaml | 135 --- .../ambassador/templates/traffic-manager.yaml | 177 --- .../shared/charts/ambassador/values.yaml | 484 -------- .../roles/setup/ambassador/meta/main.yaml | 25 - .../roles/setup/ambassador/tasks/main.yaml | 271 ----- .../roles/setup/edge-stack/tasks/main.yaml | 35 +- .../templates/aes-custom-resources.tpl | 13 + .../templates/aes-custom-values.tpl | 9 +- .../configuration/setup-k8s-environment.yaml | 14 - 54 files changed, 104 insertions(+), 8080 deletions(-) delete mode 100644 platforms/shared/charts/ambassador/Chart.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/filter.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/filterpolicy.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_authservices.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_consulresolvers.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_devportals.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_hosts.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_kubernetesendpointresolvers.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_kubernetesserviceresolvers.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_listener.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_logservices.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_mappings.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_modules.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_ratelimitservices.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_tcpmappings.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_tlscontexts.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/getambassador.io_tracingservices.yaml delete mode 100644 platforms/shared/charts/ambassador/crds/ratelimit.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/NOTES.txt delete mode 100644 platforms/shared/charts/ambassador/templates/_helpers.tpl delete mode 100644 platforms/shared/charts/ambassador/templates/admin-service.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/aes-authservice.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/aes-injector.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/aes-internal.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/aes-ratelimit.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/aes-redis.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/aes-secret.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/config.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/crd-delete.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/crds-rbac.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/crds.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/deployment.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/exporter-config.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/hpa.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/pdb.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/podsecuritypolicy.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/projects-rbac.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/projects.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/rbac.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/service.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/serviceaccount.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/servicemonitor.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/tests/test-ready.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/traffic-agent-rbac.yaml delete mode 100644 platforms/shared/charts/ambassador/templates/traffic-manager.yaml delete mode 100644 platforms/shared/charts/ambassador/values.yaml delete mode 100644 platforms/shared/configuration/roles/setup/ambassador/meta/main.yaml delete mode 100644 platforms/shared/configuration/roles/setup/ambassador/tasks/main.yaml diff --git a/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml b/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml index e06fd9962fa..c09aa104e61 100644 --- a/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml +++ b/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml @@ -9,11 +9,6 @@ kind: Service metadata: name: "{{ $.Values.metadata.name }}" namespace: "{{ $.Values.metadata.namespace }}" - {{ if $.Values.ambassador.annotations }} - annotations: - getambassador.io/config: | - {{ $.Values.ambassador.annotations | nindent 6 }} - {{ end }} spec: type: {{ $.Values.service.type }} ports: @@ -30,4 +25,53 @@ spec: nodePort: {{ $.Values.service.ports.clientTargetPort }} {{ end }} selector: - app: "{{ $.Values.metadata.name }}" \ No newline at end of file + app: "{{ $.Values.metadata.name }}" + +{{- if eq $.Values.proxy.provider "ambassador" }} +--- +apiVersion: getambassador.io/v3alpha1 +kind: Listener +metadata: + name: "{{ .Values.node.name }}-node-listener" + namespace: {{ .Values.metadata.namespace }} +spec: + port: {{ .Values.node.ambassadorPort }} + protocol: TCP + securityModel: XFP + hostBinding: + namespace: + from: SELF +--- +apiVersion: getambassador.io/v3alpha1 +kind: TCPMapping +metadata: + name: "{{ .Values.node.name }}-node-mapping" + namespace: {{ .Values.metadata.namespace }} +spec: + port: {{ .Values.node.ambassadorPort }} + service: "{{ .Values.node.name }}.{{ .Values.metadata.namespace }}:{{ .Values.node.targetPort }}" + +--- +apiVersion: getambassador.io/v3alpha1 +kind: Listener +metadata: + name: "{{ .Values.node.name }}-client-listener" + namespace: {{ .Values.metadata.namespace }} +spec: + port: {{ .Values.client.ambassadorPort }} + protocol: TCP + securityModel: XFP + hostBinding: + namespace: + from: SELF +--- +apiVersion: getambassador.io/v3alpha1 +kind: TCPMapping +metadata: + name: "{{ .Values.node.name }}-client-mapping" + namespace: {{ .Values.metadata.namespace }} +spec: + port: {{ .Values.client.ambassadorPort }} + service: "{{ .Values.client.name }}.{{ .Values.metadata.namespace }}:{{ .Values.client.targetPort }}" +{{- end }} + diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/templates/node.tpl b/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/templates/node.tpl index f235bf3797f..0006eee891b 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/templates/node.tpl +++ b/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/templates/node.tpl @@ -19,6 +19,8 @@ spec: metadata: name: {{ component_name }} namespace: {{ component_ns }} + proxy: + provider: {{ network.env.proxy }} network: name: {{ network.name }} organization: @@ -80,21 +82,7 @@ spec: # Directory to store node info. NODE_INFO_DIR = '/var/lib/indy/data' ambassador: -{% if organizationItem.cloud_provider != 'minikube' and network.env.proxy == 'ambassador' %} - annotations: |- - --- - apiVersion: ambassador/v2 - kind: TCPMapping - name: {{ component_name|e }}-node-mapping - port: {{ stewardItem.node.ambassador }} - service: {{ component_name|e }}.{{ component_ns }}:{{ stewardItem.node.targetPort }} - --- - apiVersion: ambassador/v2 - kind: TCPMapping - name: {{ component_name|e }}-client-mapping - port: {{ stewardItem.client.ambassador }} - service: {{ component_name|e }}.{{ component_ns }}:{{ stewardItem.client.targetPort }} -{% else %} +{% if organizationItem.cloud_provider == 'minikube' and network.env.proxy != 'ambassador' %} disabled: true {% endif %} vault: @@ -111,3 +99,4 @@ spec: keys: storagesize: 3Gi storageClassName: {{ sc_name }} + diff --git a/platforms/shared/charts/ambassador/Chart.yaml b/platforms/shared/charts/ambassador/Chart.yaml deleted file mode 100644 index 304c6898c1b..00000000000 --- a/platforms/shared/charts/ambassador/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -appVersion: 1.11.0 -ossVersion: 1.11.0 -description: A Helm chart for Datawire Ambassador -name: ambassador -version: 6.5.17 -icon: https://www.getambassador.io/images/logo.png -home: https://www.getambassador.io/ -sources: - - https://github.com/datawire/ambassador - - https://github.com/prometheus/statsd_exporter -keywords: - - api gateway - - ambassador - - datawire - - envoy -maintainers: - - name: flydiverny - email: markus@maga.se - - name: kflynn - email: flynn@datawire.io - - name: nbkrause - email: nkrause@datawire.io - - name: lukeshu - email: lukeshu@datawire.io -engine: gotpl diff --git a/platforms/shared/charts/ambassador/crds/filter.yaml b/platforms/shared/charts/ambassador/crds/filter.yaml deleted file mode 100644 index e37067156a6..00000000000 --- a/platforms/shared/charts/ambassador/crds/filter.yaml +++ /dev/null @@ -1,1010 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: filters.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Filter - listKind: FilterList - plural: filters - shortNames: - - fil - singular: filter - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta2 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - External: - description: FilterExternal closely mimics AuthService.getambassador.io. - properties: - add_linkerd_headers: - type: boolean - allow_request_body: - type: boolean - allowed_authorization_headers: - items: - type: string - type: array - allowed_request_headers: - items: - type: string - type: array - auth_service: - type: string - failure_mode_allow: - type: boolean - include_body: - properties: - allow_partial: - type: boolean - max_bytes: - type: integer - type: object - path_prefix: - type: string - proto: - enum: - - http - - grpc - type: string - status_on_error: - properties: - code: - type: integer - type: object - timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - tls: - description: Emissary supports setting "tls" to the name of a - TLSContext. Edge Stack External Filters do NOT yet support - that; in External Filters "tls" is a boolean indicating whether - to originate TLS. - type: boolean - required: - - auth_service - type: object - JWT: - description: "FilterJWT \n Currently supported algorithms: \n - RSA - \ - \"RS256\" - \"RS384\" - \"RS512\" \n - RSA-PSS - \"PS256\" - \ - \"PS384\" - \"PS512\" \n - ECDSA - \"ES256\" - \"ES384\" - \ - \"ES512\" \n - HMAC-SHA - \"HS256\" - \"HS384\" - \"HS512\" - \n - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go - v3.2.0. Keep this list in sync if we pull in a jwt-go update. More - algorithms can be added with jwt.RegistersigningMethod(). \n Haha, - JK, our JWKS parser only understands RSA keys." - properties: - audience: - type: string - errorResponse: - properties: - bodyTemplate: - type: string - contentType: - type: string - headers: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - realm: - type: string - type: object - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - insecureTLS: - type: boolean - issuer: - type: string - jwksURI: - type: string - leewayForExpiresAt: - type: string - leewayForIssuedAt: - type: string - leewayForNotBefore: - type: string - renegotiateTLS: - enum: - - never - - onceAsClient - - freelyAsClient - type: string - requireAudience: - type: boolean - requireExpiresAt: - type: boolean - requireIssuedAt: - type: boolean - requireIssuer: - type: boolean - requireNotBefore: - type: boolean - v3MaxStale: - type: string - validAlgorithms: - items: - type: string - type: array - type: object - OAuth2: - properties: - accessTokenJWTFilter: - properties: - arguments: - properties: - scope: - items: - type: string - type: array - type: object - inheritScopeArgument: - type: boolean - name: - type: string - namespace: - type: string - stripInheritedScope: - type: boolean - type: object - accessTokenValidation: - type: string - allowMalformedAccessToken: - type: boolean - audience: - type: string - authorizationURL: - type: string - clientAuthentication: - properties: - jwtAssertion: - properties: - audience: - type: string - lifetime: - type: string - nbfSafetyMargin: - type: string - otherClaims: - description: UntypedDict is relatively opaque as a Go - type, but it preserves its contents in a roundtrippable - way. - type: object - x-kubernetes-preserve-unknown-fields: true - otherHeaderParameters: - description: UntypedDict is relatively opaque as a Go - type, but it preserves its contents in a roundtrippable - way. - type: object - x-kubernetes-preserve-unknown-fields: true - setClientID: - type: boolean - setIAT: - type: boolean - setNBF: - type: boolean - signingMethod: - enum: - - ES256 - - ES384 - - ES512 - - HS256 - - HS384 - - HS512 - - PS256 - - PS384 - - PS512 - - RS256 - - RS384 - - RS512 - - none - type: string - type: object - method: - enum: - - "" - - HeaderPassword - - BodyPassword - - JWTAssertion - type: string - type: object - clientID: - type: string - clientURL: - type: string - expirationSafetyMargin: - type: string - extraAuthorizationParameters: - additionalProperties: - type: string - type: object - grantType: - type: string - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - insecureTLS: - type: boolean - maxStale: - type: string - protectedOrigins: - items: - properties: - includeSubdomains: - type: boolean - internalOrigin: - type: string - origin: - type: string - type: object - type: array - renegotiateTLS: - enum: - - never - - onceAsClient - - freelyAsClient - type: string - secret: - type: string - secretName: - type: string - secretNamespace: - type: string - stateTTL: - type: string - useSessionCookies: - properties: - ifRequestHeader: - description: HeaderFieldSelector allows for matching on header - fields using an exact match value or using a regular expression - match. - properties: - name: - type: string - negate: - type: boolean - value: - description: Value is an exact match, empty is a valid - value - type: string - valueRegex: - type: string - required: - - name - type: object - value: - type: boolean - type: object - type: object - Plugin: - properties: - name: - type: string - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - - name: v2 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - External: - description: FilterExternal closely mimics AuthService.getambassador.io. - properties: - add_linkerd_headers: - type: boolean - allow_request_body: - type: boolean - allowed_authorization_headers: - items: - type: string - type: array - allowed_request_headers: - items: - type: string - type: array - auth_service: - type: string - failure_mode_allow: - type: boolean - include_body: - properties: - allow_partial: - type: boolean - max_bytes: - type: integer - type: object - path_prefix: - type: string - proto: - enum: - - http - - grpc - type: string - status_on_error: - properties: - code: - type: integer - type: object - timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - tls: - description: Emissary supports setting "tls" to the name of a - TLSContext. Edge Stack External Filters do NOT yet support - that; in External Filters "tls" is a boolean indicating whether - to originate TLS. - type: boolean - v3ProtocolVersion: - enum: - - v2 - - v3 - type: string - required: - - auth_service - type: object - JWT: - description: "FilterJWT \n Currently supported algorithms: \n - RSA - \ - \"RS256\" - \"RS384\" - \"RS512\" \n - RSA-PSS - \"PS256\" - \ - \"PS384\" - \"PS512\" \n - ECDSA - \"ES256\" - \"ES384\" - \ - \"ES512\" \n - HMAC-SHA - \"HS256\" - \"HS384\" - \"HS512\" - \n - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go - v3.2.0. Keep this list in sync if we pull in a jwt-go update. More - algorithms can be added with jwt.RegistersigningMethod(). \n Haha, - JK, our JWKS parser only understands RSA keys." - properties: - audience: - type: string - errorResponse: - properties: - bodyTemplate: - type: string - contentType: - type: string - headers: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - realm: - type: string - type: object - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - insecureTLS: - type: boolean - issuer: - type: string - jwksURI: - type: string - leewayForExpiresAt: - type: string - leewayForIssuedAt: - type: string - leewayForNotBefore: - type: string - renegotiateTLS: - enum: - - never - - onceAsClient - - freelyAsClient - type: string - requireAudience: - type: boolean - requireExpiresAt: - type: boolean - requireIssuedAt: - type: boolean - requireIssuer: - type: boolean - requireNotBefore: - type: boolean - v3MaxStale: - type: string - validAlgorithms: - items: - type: string - type: array - type: object - OAuth2: - properties: - accessTokenJWTFilter: - properties: - arguments: - properties: - scope: - items: - type: string - type: array - type: object - inheritScopeArgument: - type: boolean - name: - type: string - namespace: - type: string - stripInheritedScope: - type: boolean - type: object - accessTokenValidation: - type: string - allowMalformedAccessToken: - type: boolean - audience: - type: string - authorizationURL: - type: string - clientAuthentication: - properties: - jwtAssertion: - properties: - audience: - type: string - lifetime: - type: string - nbfSafetyMargin: - type: string - otherClaims: - description: UntypedDict is relatively opaque as a Go - type, but it preserves its contents in a roundtrippable - way. - type: object - x-kubernetes-preserve-unknown-fields: true - otherHeaderParameters: - description: UntypedDict is relatively opaque as a Go - type, but it preserves its contents in a roundtrippable - way. - type: object - x-kubernetes-preserve-unknown-fields: true - setClientID: - type: boolean - setIAT: - type: boolean - setNBF: - type: boolean - signingMethod: - enum: - - ES256 - - ES384 - - ES512 - - HS256 - - HS384 - - HS512 - - PS256 - - PS384 - - PS512 - - RS256 - - RS384 - - RS512 - - none - type: string - type: object - method: - enum: - - "" - - HeaderPassword - - BodyPassword - - JWTAssertion - type: string - type: object - clientID: - type: string - clientURL: - type: string - expirationSafetyMargin: - type: string - extraAuthorizationParameters: - additionalProperties: - type: string - type: object - grantType: - type: string - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - insecureTLS: - type: boolean - maxStale: - type: string - protectedOrigins: - items: - properties: - includeSubdomains: - type: boolean - internalOrigin: - type: string - origin: - type: string - type: object - type: array - renegotiateTLS: - enum: - - never - - onceAsClient - - freelyAsClient - type: string - secret: - type: string - secretName: - type: string - secretNamespace: - type: string - stateTTL: - type: string - useSessionCookies: - properties: - ifRequestHeader: - description: HeaderFieldSelector allows for matching on header - fields using an exact match value or using a regular expression - match. - properties: - name: - type: string - negate: - type: boolean - value: - description: Value is an exact match, empty is a valid - value - type: string - valueRegex: - type: string - required: - - name - type: object - value: - type: boolean - type: object - v3postLogoutRedirectURI: - type: string - type: object - Plugin: - properties: - name: - type: string - type: object - v3APIKey: - description: FilterAPIKey enforce a set of API Keys. - properties: - httpHeader: - type: string - keys: - items: - description: APIKeyItem defines how to resolve the values of - the keys. - properties: - secretName: - type: string - type: object - type: array - required: - - keys - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - APIKey: - description: FilterAPIKey enforce a set of API Keys. - properties: - httpHeader: - type: string - keys: - items: - description: APIKeyItem defines how to resolve the values of - the keys. - properties: - secretName: - type: string - type: object - type: array - required: - - keys - type: object - External: - description: FilterExternal closely mimics AuthService.getambassador.io. - properties: - add_linkerd_headers: - type: boolean - allow_request_body: - type: boolean - allowed_authorization_headers: - items: - type: string - type: array - allowed_request_headers: - items: - type: string - type: array - auth_service: - type: string - failure_mode_allow: - type: boolean - include_body: - properties: - allow_partial: - type: boolean - max_bytes: - type: integer - type: object - path_prefix: - type: string - proto: - enum: - - http - - grpc - type: string - protocol_version: - enum: - - v2 - - v3 - type: string - status_on_error: - description: 'TODO(lukeshu): In v3alpha2, consider getting rid - of this struct type in favor of just using an int (i.e. `statusOnError: - 500` instead of the current `statusOnError: { code: 500 }`).' - properties: - code: - type: integer - type: object - timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - tls: - description: Emissary supports setting "tls" to the name of a - TLSContext. Edge Stack External Filters do NOT yet support - that; in External Filters "tls" is a boolean indicating whether - to originate TLS. - type: boolean - required: - - auth_service - type: object - JWT: - description: "FilterJWT \n Currently supported algorithms: \n - RSA - \ - \"RS256\" - \"RS384\" - \"RS512\" \n - RSA-PSS - \"PS256\" - \ - \"PS384\" - \"PS512\" \n - ECDSA - \"ES256\" - \"ES384\" - \ - \"ES512\" \n - HMAC-SHA - \"HS256\" - \"HS384\" - \"HS512\" - \n - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go - v3.2.0. Keep this list in sync if we pull in a jwt-go update. More - algorithms can be added with jwt.RegistersigningMethod(). \n Haha, - JK, our JWKS parser only understands RSA keys." - properties: - audience: - type: string - errorResponse: - properties: - bodyTemplate: - type: string - contentType: - type: string - headers: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - realm: - type: string - type: object - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - insecureTLS: - type: boolean - issuer: - type: string - jwksURI: - type: string - leewayForExpiresAt: - type: string - leewayForIssuedAt: - type: string - leewayForNotBefore: - type: string - maxStale: - type: string - renegotiateTLS: - enum: - - never - - onceAsClient - - freelyAsClient - type: string - requireAudience: - type: boolean - requireExpiresAt: - type: boolean - requireIssuedAt: - type: boolean - requireIssuer: - type: boolean - requireNotBefore: - type: boolean - validAlgorithms: - items: - type: string - type: array - type: object - OAuth2: - properties: - accessTokenJWTFilter: - properties: - arguments: - properties: - scope: - items: - type: string - type: array - type: object - inheritScopeArgument: - type: boolean - name: - type: string - namespace: - type: string - stripInheritedScope: - type: boolean - type: object - accessTokenValidation: - type: string - allowMalformedAccessToken: - type: boolean - audience: - type: string - authorizationURL: - type: string - clientAuthentication: - properties: - jwtAssertion: - properties: - audience: - type: string - lifetime: - type: string - nbfSafetyMargin: - type: string - otherClaims: - description: UntypedDict is relatively opaque as a Go - type, but it preserves its contents in a roundtrippable - way. - type: object - x-kubernetes-preserve-unknown-fields: true - otherHeaderParameters: - description: UntypedDict is relatively opaque as a Go - type, but it preserves its contents in a roundtrippable - way. - type: object - x-kubernetes-preserve-unknown-fields: true - setClientID: - type: boolean - setIAT: - type: boolean - setNBF: - type: boolean - signingMethod: - enum: - - ES256 - - ES384 - - ES512 - - HS256 - - HS384 - - HS512 - - PS256 - - PS384 - - PS512 - - RS256 - - RS384 - - RS512 - - none - type: string - type: object - method: - enum: - - "" - - HeaderPassword - - BodyPassword - - JWTAssertion - type: string - type: object - clientID: - type: string - clientURL: - type: string - expirationSafetyMargin: - type: string - extraAuthorizationParameters: - additionalProperties: - type: string - type: object - grantType: - type: string - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - insecureTLS: - type: boolean - maxStale: - type: string - postLogoutRedirectURI: - type: string - protectedOrigins: - items: - properties: - includeSubdomains: - type: boolean - internalOrigin: - type: string - origin: - type: string - type: object - type: array - renegotiateTLS: - enum: - - never - - onceAsClient - - freelyAsClient - type: string - secret: - type: string - secretName: - type: string - secretNamespace: - type: string - stateTTL: - type: string - useSessionCookies: - properties: - ifRequestHeader: - description: HeaderFieldSelector allows for matching on header - fields using an exact match value or using a regular expression - match. - properties: - name: - type: string - negate: - type: boolean - value: - description: Value will do an exact match on header value, - empty is a valid value - type: string - valueRegex: - description: ValueRegex will do a match on the header - value based on the provide header regular expression - type: string - required: - - name - type: object - value: - type: boolean - type: object - type: object - Plugin: - properties: - name: - type: string - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false diff --git a/platforms/shared/charts/ambassador/crds/filterpolicy.yaml b/platforms/shared/charts/ambassador/crds/filterpolicy.yaml deleted file mode 100644 index d4597dddd33..00000000000 --- a/platforms/shared/charts/ambassador/crds/filterpolicy.yaml +++ /dev/null @@ -1,244 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: filterpolicies.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: FilterPolicy - listKind: FilterPolicyList - plural: filterpolicies - shortNames: - - fp - singular: filterpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta2 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - rules: - items: - description: Rule defines authorization rules object. - properties: - filters: - items: - properties: - arguments: - description: UntypedDict is relatively opaque as a Go - type, but it preserves its contents in a roundtrippable - way. - type: object - x-kubernetes-preserve-unknown-fields: true - ifRequestHeader: - properties: - name: - type: string - negate: - type: boolean - value: - type: string - valueRegex: - type: string - required: - - name - type: object - name: - type: string - namespace: - type: string - onAllow: - type: string - onDeny: - type: string - type: object - type: array - host: - type: string - path: - type: string - type: object - type: array - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - - name: v2 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - rules: - items: - description: Rule defines authorization rules object. - properties: - filters: - items: - properties: - arguments: - description: UntypedDict is relatively opaque as a Go - type, but it preserves its contents in a roundtrippable - way. - type: object - x-kubernetes-preserve-unknown-fields: true - ifRequestHeader: - description: HeaderFieldSelector allows for matching on - header fields using an exact match value or using a - regular expression match. - properties: - name: - type: string - negate: - type: boolean - value: - description: Value is an exact match, empty is a valid - value - type: string - valueRegex: - type: string - required: - - name - type: object - name: - type: string - namespace: - type: string - onAllow: - type: string - onDeny: - type: string - type: object - type: array - host: - type: string - path: - type: string - v3Precedence: - type: integer - type: object - type: array - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - rules: - items: - description: Rule defines authorization rules object. - properties: - filters: - items: - properties: - arguments: - description: UntypedDict is relatively opaque as a Go - type, but it preserves its contents in a roundtrippable - way. - type: object - x-kubernetes-preserve-unknown-fields: true - ifRequestHeader: - description: HeaderFieldSelector allows for matching on - header fields using an exact match value or using a - regular expression match. - properties: - name: - type: string - negate: - type: boolean - value: - description: Value will do an exact match on header - value, empty is a valid value - type: string - valueRegex: - description: ValueRegex will do a match on the header - value based on the provide header regular expression - type: string - required: - - name - type: object - name: - type: string - namespace: - type: string - onAllow: - type: string - onDeny: - type: string - type: object - type: array - host: - type: string - path: - type: string - precedence: - type: integer - type: object - type: array - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_authservices.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_authservices.yaml deleted file mode 100644 index 8dcafa38c42..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_authservices.yaml +++ /dev/null @@ -1,299 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: authservices.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: AuthService - listKind: AuthServiceList - plural: authservices - singular: authservice - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: AuthService is the Schema for the authservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AuthServiceSpec defines the desired state of AuthService - properties: - add_auth_headers: - additionalProperties: - type: string - type: object - add_linkerd_headers: - type: boolean - allow_request_body: - type: boolean - allowed_authorization_headers: - items: - type: string - type: array - allowed_request_headers: - items: - type: string - type: array - auth_service: - type: string - failure_mode_allow: - type: boolean - include_body: - properties: - allow_partial: - type: boolean - max_bytes: - description: These aren't pointer types because they are required. - type: integer - required: - - allow_partial - - max_bytes - type: object - path_prefix: - type: string - proto: - enum: - - http - - grpc - type: string - protocol_version: - enum: - - v2 - - v3 - type: string - status_on_error: - description: Why isn't this just an int?? - properties: - code: - type: integer - type: object - timeout_ms: - type: integer - v3CircuitBreakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - v3StatsName: - type: string - required: - - auth_service - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: AuthService is the Schema for the authservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AuthServiceSpec defines the desired state of AuthService - properties: - add_auth_headers: - additionalProperties: - type: string - type: object - add_linkerd_headers: - type: boolean - allow_request_body: - description: 'TODO(lukeshu): In v3alpha2, drop allow_request_body - in favor of include_body. allow_request_body has been deprecated - for a long time.' - type: boolean - allowed_authorization_headers: - items: - type: string - type: array - allowed_request_headers: - items: - type: string - type: array - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - auth_service: - description: 'TODO(lukeshu): In v3alpha2, consider renameing `auth_service` - to just `service`, for consistency with the other resource types.' - type: string - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - failure_mode_allow: - type: boolean - include_body: - properties: - allow_partial: - type: boolean - max_bytes: - description: These aren't pointer types because they are required. - type: integer - required: - - allow_partial - - max_bytes - type: object - path_prefix: - type: string - proto: - enum: - - http - - grpc - type: string - protocol_version: - description: ProtocolVersion is the envoy api transport protocol version - enum: - - v2 - - v3 - type: string - stats_name: - type: string - status_on_error: - description: 'TODO(lukeshu): In v3alpha2, consider getting rid of - this struct type in favor of just using an int (i.e. `statusOnError: - 500` instead of the current `statusOnError: { code: 500 }`).' - properties: - code: - type: integer - type: object - timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - tls: - type: string - v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements - when converting from v3alpha1 to v2. The values in an V2ExplicitTLS - should not in any way affect the runtime operation of Emissary; - except that it may affect internal names in the Envoy config, which - may in turn affect stats names. But it should not affect any end-user - observable behavior. - properties: - serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize - the scheme-part of the service URL. \n Acceptable values are - \"http://\" (case-insensitive), \"https://\" (case-insensitive), - or \"\". The value is used if it agrees with whether or not - this resource enables TLS origination, or if something else - in the resource overrides the scheme." - pattern: ^([hH][tT][tT][pP][sS]?://)?$ - type: string - tls: - description: "TLS controls whether and how to represent the \"tls\" - field when its value could be implied by the \"service\" field. - \ In v2, there were a lot of different ways to spell an \"empty\" - value, and this field specifies which way to spell it (and will - therefore only be used if the value will indeed be empty). \n - \ | Value | Representation | Meaning - of representation | |--------------+---------------------------------------+------------------------------------| - \ | \"\" | omit the field | - defer to service (no TLSContext) | | \"null\" | store - an explicit \"null\" in the field | defer to service (no TLSContext) - \ | | \"string\" | store an empty string in the field - \ | defer to service (no TLSContext) | | \"bool:false\" - | store a Boolean \"false\" in the field | defer to service - (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" - in the field | originate TLS (no TLSContext) | \n If - the meaning of the representation contradicts anything else - (if a TLSContext is to be used, or in the case of \"bool:true\" - if TLS is not to be originated), then this field is ignored." - enum: - - "" - - "null" - - bool:true - - bool:false - - string - type: string - type: object - required: - - auth_service - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: AuthService is the Schema for the authservices API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_consulresolvers.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_consulresolvers.yaml deleted file mode 100644 index 2b56ab7f9bb..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_consulresolvers.yaml +++ /dev/null @@ -1,109 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: consulresolvers.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ConsulResolver - listKind: ConsulResolverList - plural: consulresolvers - singular: consulresolver - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: ConsulResolver is the Schema for the ConsulResolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsulResolver tells Ambassador to use Consul to resolve - services. In addition to the AmbassadorID, it needs information about - which Consul server and DC to use. - properties: - address: - type: string - datacenter: - type: string - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: ConsulResolver is the Schema for the ConsulResolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsulResolver tells Ambassador to use Consul to resolve - services. In addition to the AmbassadorID, it needs information about - which Consul server and DC to use. - properties: - address: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - datacenter: - type: string - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: ConsulResolver is the Schema for the ConsulResolver API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_devportals.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_devportals.yaml deleted file mode 100644 index 8da1617f672..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_devportals.yaml +++ /dev/null @@ -1,273 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: devportals.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: DevPortal - listKind: DevPortalList - plural: devportals - singular: devportal - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: "DevPortal is the Schema for the DevPortals API \n DevPortal - resources specify the `what` and `how` is shown in a DevPortal: \n 1. `what` - is in a DevPortal can be controlled with \n - a `selector`, that can - be used for filtering `Mappings`. \n - a `docs` listing of (services, - url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git repository - \ with go-templates/markdown/css). \n Multiple `DevPortal`s can exist - in the cluster, and the Dev Portal server will show them at different endpoints. - A `DevPortal` resource with a special name, `ambassador`, will be used for - configuring the default Dev Portal (served at `/docs/` by default)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DevPortalSpec defines the desired state of DevPortal - properties: - content: - description: Content specifies where the content shown in the DevPortal - come from - properties: - branch: - type: string - dir: - type: string - url: - type: string - type: object - default: - description: Default must be true when this is the default DevPortal - type: boolean - docs: - description: Docs is a static docs definition - items: - description: 'DevPortalDocsSpec is a static documentation definition: - instead of using a Selector for finding documentation for services, - users can provide a static list of : tuples. These - services will be shown in the Dev Portal with the documentation - obtained from this URL.' - properties: - service: - description: Service is the service being documented - type: string - timeout_ms: - description: Timeout specifies the amount of time devportal - will wait for the downstream service to report an openapi - spec back - type: integer - url: - description: URL is the URL used for obtaining docs - type: string - type: object - type: array - naming_scheme: - description: Describes how to display "services" in the DevPortal. - Default namespace.name - enum: - - namespace.name - - name.prefix - type: string - preserve_servers: - description: Configures this DevPortal to use server definitions from - the openAPI doc instead of rewriting them based on the url used - for the connection. - type: boolean - search: - description: DevPortalSearchSpec allows configuration over search - functionality for the DevPortal - properties: - enabled: - type: boolean - type: - description: 'Type of search. "title-only" does a fuzzy search - over openapi and page titles "all-content" will fuzzy search - over all openapi and page content. "title-only" is the default. - warning: using all-content may incur a larger memory footprint' - enum: - - title-only - - all-content - type: string - type: object - selector: - description: Selector is used for choosing what is shown in the DevPortal - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels specifies the list of labels that must - be present in Mappings for being present in this DevPortal. - type: object - matchNamespaces: - description: MatchNamespaces is a list of namespaces that will - be included in this DevPortal. - items: - type: string - type: array - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: "DevPortal is the Schema for the DevPortals API \n DevPortal - resources specify the `what` and `how` is shown in a DevPortal: \n 1. `what` - is in a DevPortal can be controlled with \n - a `selector`, that can - be used for filtering `Mappings`. \n - a `docs` listing of (services, - url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git repository - \ with go-templates/markdown/css). \n Multiple `DevPortal`s can exist - in the cluster, and the Dev Portal server will show them at different endpoints. - A `DevPortal` resource with a special name, `ambassador`, will be used for - configuring the default Dev Portal (served at `/docs/` by default)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DevPortalSpec defines the desired state of DevPortal - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - content: - description: Content specifies where the content shown in the DevPortal - come from - properties: - branch: - type: string - dir: - type: string - url: - type: string - type: object - default: - description: Default must be true when this is the default DevPortal - type: boolean - docs: - description: Docs is a static docs definition - items: - description: 'DevPortalDocsSpec is a static documentation definition: - instead of using a Selector for finding documentation for services, - users can provide a static list of : tuples. These - services will be shown in the Dev Portal with the documentation - obtained from this URL.' - properties: - service: - description: Service is the service being documented - type: string - timeout_ms: - description: Timeout specifies the amount of time devportal - will wait for the downstream service to report an openapi - spec back - type: integer - url: - description: URL is the URL used for obtaining docs - type: string - type: object - type: array - naming_scheme: - description: Describes how to display "services" in the DevPortal. - Default namespace.name - enum: - - namespace.name - - name.prefix - type: string - preserve_servers: - description: Configures this DevPortal to use server definitions from - the openAPI doc instead of rewriting them based on the url used - for the connection. - type: boolean - search: - description: DevPortalSearchSpec allows configuration over search - functionality for the DevPortal - properties: - enabled: - type: boolean - type: - description: 'Type of search. "title-only" does a fuzzy search - over openapi and page titles "all-content" will fuzzy search - over all openapi and page content. "title-only" is the default. - warning: using all-content may incur a larger memory footprint' - enum: - - title-only - - all-content - type: string - type: object - selector: - description: Selector is used for choosing what is shown in the DevPortal - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels specifies the list of labels that must - be present in Mappings for being present in this DevPortal. - type: object - matchNamespaces: - description: MatchNamespaces is a list of namespaces that will - be included in this DevPortal. - items: - type: string - type: array - type: object - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: DevPortal is the Schema for the DevPortals API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_hosts.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_hosts.yaml deleted file mode 100644 index b01b9e718fa..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_hosts.yaml +++ /dev/null @@ -1,103 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: kubernetesendpointresolvers.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: KubernetesEndpointResolver - listKind: KubernetesEndpointResolverList - plural: kubernetesendpointresolvers - singular: kubernetesendpointresolver - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes - Endpoints resources to resolve services. It actually has no spec other - than the AmbassadorID. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes - Endpoints resources to resolve services. It actually has no spec other - than the AmbassadorID. - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver - API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_kubernetesendpointresolvers.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_kubernetesendpointresolvers.yaml deleted file mode 100644 index b01b9e718fa..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_kubernetesendpointresolvers.yaml +++ /dev/null @@ -1,103 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: kubernetesendpointresolvers.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: KubernetesEndpointResolver - listKind: KubernetesEndpointResolverList - plural: kubernetesendpointresolvers - singular: kubernetesendpointresolver - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes - Endpoints resources to resolve services. It actually has no spec other - than the AmbassadorID. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes - Endpoints resources to resolve services. It actually has no spec other - than the AmbassadorID. - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver - API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_kubernetesserviceresolvers.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_kubernetesserviceresolvers.yaml deleted file mode 100644 index 1b978ae1223..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_kubernetesserviceresolvers.yaml +++ /dev/null @@ -1,103 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: kubernetesserviceresolvers.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: KubernetesServiceResolver - listKind: KubernetesServiceResolverList - plural: kubernetesserviceresolvers - singular: kubernetesserviceresolver - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesServiceResolver tells Ambassador to use Kubernetes - Service resources to resolve services. It actually has no spec other - than the AmbassadorID. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesServiceResolver tells Ambassador to use Kubernetes - Service resources to resolve services. It actually has no spec other - than the AmbassadorID. - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver - API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_listener.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_listener.yaml deleted file mode 100644 index a3ae07b112b..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_listener.yaml +++ /dev/null @@ -1,195 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: listeners.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Listener - listKind: ListenerList - plural: listeners - singular: listener - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.port - name: Port - type: string - - jsonPath: .spec.protocol - name: Protocol - type: string - - jsonPath: .spec.protocolStack - name: Stack - type: string - - jsonPath: .spec.statsPrefix - name: StatsPrefix - type: string - - jsonPath: .spec.securityModel - name: Security - type: string - - jsonPath: .spec.l7Depth - name: L7Depth - type: string - name: v3alpha1 - schema: - openAPIV3Schema: - description: Listener is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ListenerSpec defines the desired state of this Port - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - hostBinding: - description: HostBinding allows restricting which Hosts will be used - for this Listener. - properties: - namespace: - description: NamespaceBindingType defines we we specify which - namespaces to look for Hosts in. - properties: - from: - description: NamespaceFromType defines how we evaluate a NamespaceBindingType. - enum: - - SELF - - ALL - - SELECTOR - type: string - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An - empty label selector matches all objects. A null label selector - matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - type: object - l7Depth: - description: L7Depth specifies how many layer 7 load balancers are - between us and the edge of the network. - format: int32 - type: integer - port: - description: Port is the network port. Only one Listener can use a - given port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - description: Protocol is a shorthand for certain predefined stacks. - Exactly one of Protocol or ProtocolStack must be supplied. - enum: - - HTTP - - HTTPS - - HTTPPROXY - - HTTPSPROXY - - TCP - - TLS - - UDP - type: string - protocolStack: - description: ProtocolStack explicitly specifies the protocol stack - to set up. Exactly one of Protocol or ProtocolStack must be supplied. - items: - description: ProtocolStackElement defines specific layers that may - be combined in a protocol stack for processing connections to - a port. - enum: - - HTTP - - PROXY - - TLS - - TCP - - UDP - type: string - type: array - securityModel: - description: SecurityModel specifies how to determine whether connections - to this port are secure or insecure. - enum: - - XFP - - SECURE - - INSECURE - type: string - statsPrefix: - description: 'StatsPrefix specifies the prefix for statistics sent - by Envoy about this Listener. The default depends on the protocol: - "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".' - type: string - required: - - hostBinding - - port - - securityModel - type: object - type: object - served: true - storage: true - subresources: {} diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_logservices.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_logservices.yaml deleted file mode 100644 index 1ca0eb66589..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_logservices.yaml +++ /dev/null @@ -1,176 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: logservices.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: LogService - listKind: LogServiceList - plural: logservices - singular: logservice - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: LogService is the Schema for the logservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: LogServiceSpec defines the desired state of LogService - properties: - driver: - enum: - - tcp - - http - type: string - driver_config: - properties: - additional_log_headers: - items: - properties: - during_request: - type: boolean - during_response: - type: boolean - during_trailer: - type: boolean - header_name: - type: string - type: object - type: array - type: object - flush_interval_byte_size: - type: integer - flush_interval_time: - type: integer - grpc: - type: boolean - service: - type: string - v3ProtocolVersion: - enum: - - v2 - - v3 - type: string - v3StatsName: - type: string - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: LogService is the Schema for the logservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: LogServiceSpec defines the desired state of LogService - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - driver: - enum: - - tcp - - http - type: string - driver_config: - properties: - additional_log_headers: - items: - properties: - during_request: - type: boolean - during_response: - type: boolean - during_trailer: - type: boolean - header_name: - type: string - type: object - type: array - type: object - flush_interval_byte_size: - type: integer - flush_interval_time: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}s`/`SecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - grpc: - description: 'TODO(lukeshu): In v3alpha2, drop this LogService.spec.grpc. Due - to sloppy implementation it is required to be present, and required - to be ''true''. It is silly to have a required field with only - one valid value, we should just remove the thing.' - type: boolean - protocol_version: - description: ProtocolVersion is the envoy api transport protocol version - enum: - - v2 - - v3 - type: string - service: - type: string - stats_name: - type: string - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: LogService is the Schema for the logservices API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_mappings.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_mappings.yaml deleted file mode 100644 index 063a5e1ef2d..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_mappings.yaml +++ /dev/null @@ -1,1014 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: mappings.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Mapping - listKind: MappingList - plural: mappings - singular: mapping - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.host - name: Source Host - type: string - - jsonPath: .spec.prefix - name: Source Prefix - type: string - - jsonPath: .spec.service - name: Dest Service - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.reason - name: Reason - type: string - name: v2 - schema: - openAPIV3Schema: - description: Mapping is the Schema for the mappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MappingSpec defines the desired state of Mapping - properties: - add_linkerd_headers: - type: boolean - add_request_headers: - type: object - x-kubernetes-preserve-unknown-fields: true - add_response_headers: - type: object - x-kubernetes-preserve-unknown-fields: true - allow_upgrade: - description: "A case-insensitive list of the non-HTTP protocols to - allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" - mechanism[1]. After the upgrade, Ambassador does not interpret - the traffic, and behaves similarly to how it does for TCPMappings. - \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, - if your upstream service supports WebSockets, you would write \n - \ allow_upgrade: - websocket \n Or if your upstream service - supports upgrading from HTTP to SPDY (as the Kubernetes apiserver - does for `kubectl exec` functionality), you would write \n allow_upgrade: - \ - spdy/3.1" - items: - type: string - type: array - auth_context_extensions: - additionalProperties: - type: string - type: object - auto_host_rewrite: - type: boolean - bypass_auth: - type: boolean - bypass_error_response_overrides: - description: If true, bypasses any `error_response_overrides` set - on the Ambassador module. - type: boolean - case_sensitive: - type: boolean - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_idle_timeout_ms: - type: integer - cluster_max_connection_lifetime_ms: - type: integer - cluster_tag: - type: string - connect_timeout_ms: - type: integer - cors: - properties: - credentials: - type: boolean - max_age: - type: string - type: object - x-kubernetes-preserve-unknown-fields: true - dns_type: - type: string - docs: - description: DocsInfo provides some extra information about the docs - for the Mapping (used by the Dev Portal) - properties: - display_name: - type: string - ignored: - type: boolean - path: - type: string - timeout_ms: - type: integer - url: - type: string - type: object - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - envoy_override: - description: UntypedDict is relatively opaque as a Go type, but it - preserves its contents in a roundtrippable way. - type: object - x-kubernetes-preserve-unknown-fields: true - error_response_overrides: - description: Error response overrides for this Mapping. Replaces all - of the `error_response_overrides` set on the Ambassador module, - if any. - items: - description: A response rewrite for an HTTP error response - properties: - body: - description: The new response body - properties: - content_type: - description: The content type to set on the error response - body when using text_format or text_format_source. Defaults - to 'text/plain'. - type: string - json_format: - additionalProperties: - type: string - description: 'A JSON response with content-type: application/json. - The values can contain format text like in text_format.' - type: object - text_format: - description: A format string representing a text response - body. Content-Type can be set using the `content_type` - field below. - type: string - text_format_source: - description: A format string sourced from a file on the - Ambassador container. Useful for larger response bodies - that should not be placed inline in configuration. - properties: - filename: - description: The name of a file on the Ambassador pod - that contains a format text string. - type: string - type: object - type: object - on_status_code: - description: The status code to match on -- not a pointer because - it's required. - maximum: 599 - minimum: 400 - type: integer - required: - - body - - on_status_code - type: object - minItems: 1 - type: array - grpc: - type: boolean - headers: - type: object - x-kubernetes-preserve-unknown-fields: true - host: - type: string - host_redirect: - type: boolean - host_regex: - type: boolean - host_rewrite: - type: string - idle_timeout_ms: - type: integer - keepalive: - properties: - idle_time: - type: integer - interval: - type: integer - probes: - type: integer - type: object - labels: - additionalProperties: - description: A MappingLabelGroupsArray is an array of MappingLabelGroups. - I know, complex. - items: - description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: - a second map, where the key is a human-readable name that identifies - the group.' - maxProperties: 1 - minProperties: 1 - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - description: A DomainMap is the overall Mapping.spec.Labels type. - It maps domains (kind of like namespaces for Mapping labels) to - arrays of label groups. - type: object - load_balancer: - properties: - cookie: - properties: - name: - type: string - path: - type: string - ttl: - type: string - required: - - name - type: object - header: - type: string - policy: - enum: - - round_robin - - ring_hash - - maglev - - least_request - type: string - source_ip: - type: boolean - required: - - policy - type: object - method: - type: string - method_regex: - type: boolean - modules: - items: - description: UntypedDict is relatively opaque as a Go type, but - it preserves its contents in a roundtrippable way. - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - outlier_detection: - type: string - path_redirect: - description: Path replacement to use when generating an HTTP redirect. - Used with `host_redirect`. - type: string - precedence: - type: integer - prefix: - type: string - prefix_exact: - type: boolean - prefix_redirect: - description: Prefix rewrite to use when generating an HTTP redirect. - Used with `host_redirect`. - type: string - prefix_regex: - type: boolean - priority: - type: string - query_parameters: - type: object - x-kubernetes-preserve-unknown-fields: true - redirect_response_code: - description: The response code to use when generating an HTTP redirect. - Defaults to 301. Used with `host_redirect`. - enum: - - 301 - - 302 - - 303 - - 307 - - 308 - type: integer - regex_headers: - additionalProperties: - type: string - type: object - regex_query_parameters: - additionalProperties: - type: string - type: object - regex_redirect: - description: Prefix regex rewrite to use when generating an HTTP redirect. - Used with `host_redirect`. - properties: - pattern: - type: string - substitution: - type: string - type: object - regex_rewrite: - properties: - pattern: - type: string - substitution: - type: string - type: object - resolver: - type: string - respect_dns_ttl: - type: boolean - retry_policy: - properties: - num_retries: - type: integer - per_try_timeout: - type: string - retry_on: - enum: - - 5xx - - gateway-error - - connect-failure - - retriable-4xx - - refused-stream - - retriable-status-codes - type: string - type: object - rewrite: - type: string - service: - type: string - shadow: - type: boolean - timeout_ms: - description: The timeout for requests that use this Mapping. Overrides - `cluster_request_timeout_ms` set on the Ambassador Module, if it - exists. - type: integer - use_websocket: - description: 'use_websocket is deprecated, and is equivlaent to setting - `allow_upgrade: ["websocket"]`' - type: boolean - v3StatsName: - type: string - weight: - type: integer - required: - - prefix - - service - type: object - x-kubernetes-preserve-unknown-fields: true - status: - description: MappingStatus defines the observed state of Mapping - properties: - reason: - type: string - state: - enum: - - "" - - Inactive - - Running - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.host - name: Source Host - type: string - - jsonPath: .spec.prefix - name: Source Prefix - type: string - - jsonPath: .spec.service - name: Dest Service - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.reason - name: Reason - type: string - name: v3alpha1 - schema: - openAPIV3Schema: - description: Mapping is the Schema for the mappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MappingSpec defines the desired state of Mapping - properties: - add_linkerd_headers: - type: boolean - add_request_headers: - additionalProperties: - properties: - append: - type: boolean - v2Representation: - enum: - - "" - - string - - "null" - type: string - value: - type: string - type: object - type: object - add_response_headers: - additionalProperties: - properties: - append: - type: boolean - v2Representation: - enum: - - "" - - string - - "null" - type: string - value: - type: string - type: object - type: object - allow_upgrade: - description: "A case-insensitive list of the non-HTTP protocols to - allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" - mechanism[1]. After the upgrade, Ambassador does not interpret - the traffic, and behaves similarly to how it does for TCPMappings. - \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, - if your upstream service supports WebSockets, you would write \n - \ allow_upgrade: - websocket \n Or if your upstream service - supports upgrading from HTTP to SPDY (as the Kubernetes apiserver - does for `kubectl exec` functionality), you would write \n allow_upgrade: - \ - spdy/3.1" - items: - type: string - type: array - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - auth_context_extensions: - additionalProperties: - type: string - type: object - auto_host_rewrite: - type: boolean - bypass_auth: - type: boolean - bypass_error_response_overrides: - description: If true, bypasses any `error_response_overrides` set - on the Ambassador module. - type: boolean - case_sensitive: - type: boolean - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_idle_timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - cluster_max_connection_lifetime_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - cluster_tag: - type: string - connect_timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - cors: - properties: - credentials: - type: boolean - exposed_headers: - items: - type: string - type: array - headers: - items: - type: string - type: array - max_age: - type: string - methods: - items: - type: string - type: array - origins: - items: - type: string - type: array - v2CommaSeparatedOrigins: - type: boolean - type: object - dns_type: - type: string - docs: - description: DocsInfo provides some extra information about the docs - for the Mapping. Docs is used by both the agent and the DevPortal. - properties: - display_name: - type: string - ignored: - type: boolean - path: - type: string - timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - url: - type: string - type: object - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - envoy_override: - description: UntypedDict is relatively opaque as a Go type, but it - preserves its contents in a roundtrippable way. - type: object - x-kubernetes-preserve-unknown-fields: true - error_response_overrides: - description: Error response overrides for this Mapping. Replaces all - of the `error_response_overrides` set on the Ambassador module, - if any. - items: - description: A response rewrite for an HTTP error response - properties: - body: - description: The new response body - properties: - content_type: - description: The content type to set on the error response - body when using text_format or text_format_source. Defaults - to 'text/plain'. - type: string - json_format: - additionalProperties: - type: string - description: 'A JSON response with content-type: application/json. - The values can contain format text like in text_format.' - type: object - text_format: - description: A format string representing a text response - body. Content-Type can be set using the `content_type` - field below. - type: string - text_format_source: - description: A format string sourced from a file on the - Ambassador container. Useful for larger response bodies - that should not be placed inline in configuration. - properties: - filename: - description: The name of a file on the Ambassador pod - that contains a format text string. - type: string - type: object - type: object - on_status_code: - description: The status code to match on -- not a pointer because - it's required. - maximum: 599 - minimum: 400 - type: integer - required: - - body - - on_status_code - type: object - minItems: 1 - type: array - grpc: - type: boolean - headers: - additionalProperties: - type: string - type: object - host: - description: "Exact match for the hostname of a request if HostRegex - is false; regex match for the hostname if HostRegex is true. \n - Host specifies both a match for the ':authority' header of a request, - as well as a match criterion for Host CRDs: a Mapping that specifies - Host will not associate with a Host that doesn't have a matching - Hostname. \n If both Host and Hostname are set, an error is logged, - Host is ignored, and Hostname is used. \n DEPRECATED: Host is either - an exact match or a regex, depending on HostRegex. Use HostName - instead. \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.host - and MappingSpec.host_regex in favor of a MappingSpec.deprecated_hostname_regex." - type: string - host_redirect: - type: boolean - host_regex: - description: "DEPRECATED: Host is either an exact match or a regex, - depending on HostRegex. Use HostName instead. \n TODO(lukeshu): - In v3alpha2, get rid of MappingSpec.host and MappingSpec.host_regex - in favor of a MappingSpec.deprecated_hostname_regex." - type: boolean - host_rewrite: - type: string - hostname: - description: "Hostname is a DNS glob specifying the hosts to which - this Mapping applies. \n Hostname specifies both a match for the - ':authority' header of a request, as well as a match criterion for - Host CRDs: a Mapping that specifies Hostname will not associate - with a Host that doesn't have a matching Hostname. \n If both Host - and Hostname are set, an error is logged, Host is ignored, and Hostname - is used." - type: string - idle_timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - keepalive: - properties: - idle_time: - type: integer - interval: - type: integer - probes: - type: integer - type: object - labels: - additionalProperties: - description: A MappingLabelGroupsArray is an array of MappingLabelGroups. - I know, complex. - items: - additionalProperties: - description: 'A MappingLabelsArray is the value in the MappingLabelGroup: - an array of label specifiers.' - items: - description: "A MappingLabelSpecifier (finally!) defines a - single label. \n This mimics envoy/config/route/v3/route_components.proto:RateLimit:Action:action_specifier." - maxProperties: 1 - minProperties: 1 - properties: - destination_cluster: - description: Sets the label "destination_cluster=«Envoy - destination cluster name»". - properties: - key: - enum: - - destination_cluster - type: string - required: - - key - type: object - generic_key: - description: Sets the label "«key»=«value»" (where by - default «key» is "generic_key"). - properties: - key: - description: The default is "generic_key". - type: string - v2Shorthand: - type: boolean - value: - type: string - required: - - value - type: object - remote_address: - description: Sets the label "remote_address=«IP address - of the client»". - properties: - key: - enum: - - remote_address - type: string - required: - - key - type: object - request_headers: - description: If the «header_name» header is set, then - set the label "«key»=«Value of the «header_name» header»"; - otherwise skip applying this label group. - properties: - header_name: - type: string - key: - type: string - omit_if_not_present: - type: boolean - required: - - header_name - - key - type: object - source_cluster: - description: Sets the label "source_cluster=«Envoy source - cluster name»". - properties: - key: - enum: - - source_cluster - type: string - required: - - key - type: object - type: object - type: array - description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: - a second map, where the key is a human-readable name that identifies - the group.' - maxProperties: 1 - minProperties: 1 - type: object - type: array - description: A DomainMap is the overall Mapping.spec.Labels type. - It maps domains (kind of like namespaces for Mapping labels) to - arrays of label groups. - type: object - load_balancer: - properties: - cookie: - properties: - name: - type: string - path: - type: string - ttl: - type: string - required: - - name - type: object - header: - type: string - policy: - enum: - - round_robin - - ring_hash - - maglev - - least_request - type: string - source_ip: - type: boolean - required: - - policy - type: object - method: - type: string - method_regex: - type: boolean - modules: - items: - description: UntypedDict is relatively opaque as a Go type, but - it preserves its contents in a roundtrippable way. - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - outlier_detection: - type: string - path_redirect: - description: Path replacement to use when generating an HTTP redirect. - Used with `host_redirect`. - type: string - precedence: - type: integer - prefix: - type: string - prefix_exact: - type: boolean - prefix_redirect: - description: Prefix rewrite to use when generating an HTTP redirect. - Used with `host_redirect`. - type: string - prefix_regex: - type: boolean - priority: - type: string - query_parameters: - additionalProperties: - type: string - type: object - redirect_response_code: - description: The response code to use when generating an HTTP redirect. - Defaults to 301. Used with `host_redirect`. - enum: - - 301 - - 302 - - 303 - - 307 - - 308 - type: integer - regex_headers: - additionalProperties: - type: string - type: object - regex_query_parameters: - additionalProperties: - type: string - type: object - regex_redirect: - description: Prefix regex rewrite to use when generating an HTTP redirect. - Used with `host_redirect`. - properties: - pattern: - type: string - substitution: - type: string - type: object - regex_rewrite: - properties: - pattern: - type: string - substitution: - type: string - type: object - remove_request_headers: - items: - type: string - type: array - remove_response_headers: - items: - type: string - type: array - resolver: - type: string - respect_dns_ttl: - type: boolean - retry_policy: - properties: - num_retries: - type: integer - per_try_timeout: - type: string - retry_on: - enum: - - 5xx - - gateway-error - - connect-failure - - retriable-4xx - - refused-stream - - retriable-status-codes - type: string - type: object - rewrite: - type: string - service: - type: string - shadow: - type: boolean - stats_name: - type: string - timeout_ms: - description: The timeout for requests that use this Mapping. Overrides - `cluster_request_timeout_ms` set on the Ambassador Module, if it - exists. - type: integer - tls: - type: string - use_websocket: - description: "use_websocket is deprecated, and is equivlaent to setting - `allow_upgrade: [\"websocket\"]` \n TODO(lukeshu): In v3alpha2, - get rid of MappingSpec.DeprecatedUseWebsocket." - type: boolean - v2BoolHeaders: - items: - type: string - type: array - v2BoolQueryParameters: - items: - type: string - type: array - v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements - when converting from v3alpha1 to v2. The values in an V2ExplicitTLS - should not in any way affect the runtime operation of Emissary; - except that it may affect internal names in the Envoy config, which - may in turn affect stats names. But it should not affect any end-user - observable behavior. - properties: - serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize - the scheme-part of the service URL. \n Acceptable values are - \"http://\" (case-insensitive), \"https://\" (case-insensitive), - or \"\". The value is used if it agrees with whether or not - this resource enables TLS origination, or if something else - in the resource overrides the scheme." - pattern: ^([hH][tT][tT][pP][sS]?://)?$ - type: string - tls: - description: "TLS controls whether and how to represent the \"tls\" - field when its value could be implied by the \"service\" field. - \ In v2, there were a lot of different ways to spell an \"empty\" - value, and this field specifies which way to spell it (and will - therefore only be used if the value will indeed be empty). \n - \ | Value | Representation | Meaning - of representation | |--------------+---------------------------------------+------------------------------------| - \ | \"\" | omit the field | - defer to service (no TLSContext) | | \"null\" | store - an explicit \"null\" in the field | defer to service (no TLSContext) - \ | | \"string\" | store an empty string in the field - \ | defer to service (no TLSContext) | | \"bool:false\" - | store a Boolean \"false\" in the field | defer to service - (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" - in the field | originate TLS (no TLSContext) | \n If - the meaning of the representation contradicts anything else - (if a TLSContext is to be used, or in the case of \"bool:true\" - if TLS is not to be originated), then this field is ignored." - enum: - - "" - - "null" - - bool:true - - bool:false - - string - type: string - type: object - weight: - type: integer - required: - - prefix - - service - type: object - status: - description: MappingStatus defines the observed state of Mapping - properties: - reason: - type: string - state: - enum: - - "" - - Inactive - - Running - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1 - schema: - openAPIV3Schema: - description: Mapping is the Schema for the mappings API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_modules.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_modules.yaml deleted file mode 100644 index a03748a0071..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_modules.yaml +++ /dev/null @@ -1,118 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: modules.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Module - listKind: ModuleList - plural: modules - singular: module - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: "A Module defines system-wide configuration. The type of module - is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". - \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module - https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - config: - description: UntypedDict is relatively opaque as a Go type, but it - preserves its contents in a roundtrippable way. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: "A Module defines system-wide configuration. The type of module - is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". - \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module - https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'TODO(lukeshu): In v3alpha2, get rid of unnecessary nesting - and move `ModuleSpec.config.*` to `ModuleSpec.*`.' - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - config: - description: "TODO(lukeshu): In v3alpha2, change the default from - `diagnostics.enabled=true` to `diagnostics.enabled=false`. This - needs conversion support in apiext. See the related comment in - irambassador.py. \n TODO(lukeshu): Structurally type ModuleSpec.Config." - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - config - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: A Module defines system-wide configuration. The type of module - is controlled by the .metadata.name; valid names are "ambassador" or "tls". - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_ratelimitservices.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_ratelimitservices.yaml deleted file mode 100644 index 388a52cf47a..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_ratelimitservices.yaml +++ /dev/null @@ -1,180 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: ratelimitservices.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: RateLimitService - listKind: RateLimitServiceList - plural: ratelimitservices - singular: ratelimitservice - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: RateLimitService is the Schema for the ratelimitservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RateLimitServiceSpec defines the desired state of RateLimitService - properties: - domain: - type: string - failure_mode_deny: - description: FailureModeDeny when set to true, envoy will deny traffic - if it is unable to communicate with the rate limit service. - type: boolean - protocol_version: - enum: - - v2 - - v3 - type: string - service: - type: string - timeout_ms: - type: integer - v3StatsName: - type: string - required: - - service - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: RateLimitService is the Schema for the ratelimitservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RateLimitServiceSpec defines the desired state of RateLimitService - properties: - ambassador_id: - description: Common to all Ambassador objects. - items: - type: string - type: array - domain: - type: string - failure_mode_deny: - description: FailureModeDeny when set to true, envoy will deny traffic - if it is unable to communicate with the rate limit service. - type: boolean - protocol_version: - description: ProtocolVersion is the envoy api transport protocol version - enum: - - v2 - - v3 - type: string - service: - type: string - stats_name: - type: string - timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` - fields to `{foo}`/`metav1.Duration`.' - type: integer - tls: - type: string - v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements - when converting from v3alpha1 to v2. The values in an V2ExplicitTLS - should not in any way affect the runtime operation of Emissary; - except that it may affect internal names in the Envoy config, which - may in turn affect stats names. But it should not affect any end-user - observable behavior. - properties: - serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize - the scheme-part of the service URL. \n Acceptable values are - \"http://\" (case-insensitive), \"https://\" (case-insensitive), - or \"\". The value is used if it agrees with whether or not - this resource enables TLS origination, or if something else - in the resource overrides the scheme." - pattern: ^([hH][tT][tT][pP][sS]?://)?$ - type: string - tls: - description: "TLS controls whether and how to represent the \"tls\" - field when its value could be implied by the \"service\" field. - \ In v2, there were a lot of different ways to spell an \"empty\" - value, and this field specifies which way to spell it (and will - therefore only be used if the value will indeed be empty). \n - \ | Value | Representation | Meaning - of representation | |--------------+---------------------------------------+------------------------------------| - \ | \"\" | omit the field | - defer to service (no TLSContext) | | \"null\" | store - an explicit \"null\" in the field | defer to service (no TLSContext) - \ | | \"string\" | store an empty string in the field - \ | defer to service (no TLSContext) | | \"bool:false\" - | store a Boolean \"false\" in the field | defer to service - (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" - in the field | originate TLS (no TLSContext) | \n If - the meaning of the representation contradicts anything else - (if a TLSContext is to be used, or in the case of \"bool:true\" - if TLS is not to be originated), then this field is ignored." - enum: - - "" - - "null" - - bool:true - - bool:false - - string - type: string - type: object - required: - - service - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: RateLimitService is the Schema for the ratelimitservices API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_tcpmappings.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_tcpmappings.yaml deleted file mode 100644 index 0c0a01c9d30..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_tcpmappings.yaml +++ /dev/null @@ -1,233 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: tcpmappings.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TCPMapping - listKind: TCPMappingList - plural: tcpmappings - singular: tcpmapping - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: TCPMapping is the Schema for the tcpmappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPMappingSpec defines the desired state of TCPMapping - properties: - address: - type: string - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_tag: - type: string - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - host: - type: string - idle_timeout_ms: - description: 'FIXME(lukeshu): Surely this should be an ''int''?' - type: string - port: - description: Port isn't a pointer because it's required. - type: integer - resolver: - type: string - service: - type: string - v3StatsName: - type: string - weight: - type: integer - required: - - port - - service - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: TCPMapping is the Schema for the tcpmappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPMappingSpec defines the desired state of TCPMapping - properties: - address: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_tag: - type: string - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - host: - type: string - idle_timeout_ms: - description: 'FIXME(lukeshu): Surely this should be an ''int''?' - type: string - port: - description: Port isn't a pointer because it's required. - type: integer - resolver: - type: string - service: - type: string - stats_name: - type: string - tls: - type: string - v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements - when converting from v3alpha1 to v2. The values in an V2ExplicitTLS - should not in any way affect the runtime operation of Emissary; - except that it may affect internal names in the Envoy config, which - may in turn affect stats names. But it should not affect any end-user - observable behavior. - properties: - serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize - the scheme-part of the service URL. \n Acceptable values are - \"http://\" (case-insensitive), \"https://\" (case-insensitive), - or \"\". The value is used if it agrees with whether or not - this resource enables TLS origination, or if something else - in the resource overrides the scheme." - pattern: ^([hH][tT][tT][pP][sS]?://)?$ - type: string - tls: - description: "TLS controls whether and how to represent the \"tls\" - field when its value could be implied by the \"service\" field. - \ In v2, there were a lot of different ways to spell an \"empty\" - value, and this field specifies which way to spell it (and will - therefore only be used if the value will indeed be empty). \n - \ | Value | Representation | Meaning - of representation | |--------------+---------------------------------------+------------------------------------| - \ | \"\" | omit the field | - defer to service (no TLSContext) | | \"null\" | store - an explicit \"null\" in the field | defer to service (no TLSContext) - \ | | \"string\" | store an empty string in the field - \ | defer to service (no TLSContext) | | \"bool:false\" - | store a Boolean \"false\" in the field | defer to service - (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" - in the field | originate TLS (no TLSContext) | \n If - the meaning of the representation contradicts anything else - (if a TLSContext is to be used, or in the case of \"bool:true\" - if TLS is not to be originated), then this field is ignored." - enum: - - "" - - "null" - - bool:true - - bool:false - - string - type: string - type: object - weight: - type: integer - required: - - port - - service - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: TCPMapping is the Schema for the tcpmappings API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_tlscontexts.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_tlscontexts.yaml deleted file mode 100644 index 8faaee19553..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_tlscontexts.yaml +++ /dev/null @@ -1,193 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: tlscontexts.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TLSContext - listKind: TLSContextList - plural: tlscontexts - singular: tlscontext - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: TLSContext is the Schema for the tlscontexts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSContextSpec defines the desired state of TLSContext - properties: - alpn_protocols: - type: string - ca_secret: - type: string - cacert_chain_file: - type: string - cert_chain_file: - type: string - cert_required: - type: boolean - cipher_suites: - items: - type: string - type: array - ecdh_curves: - items: - type: string - type: array - hosts: - items: - type: string - type: array - max_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - min_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - private_key_file: - type: string - redirect_cleartext_from: - type: integer - secret: - type: string - secret_namespacing: - type: boolean - sni: - type: string - v3CRLSecret: - type: string - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: TLSContext is the Schema for the tlscontexts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSContextSpec defines the desired state of TLSContext - properties: - alpn_protocols: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - ca_secret: - type: string - cacert_chain_file: - type: string - cert_chain_file: - type: string - cert_required: - type: boolean - cipher_suites: - items: - type: string - type: array - crl_secret: - type: string - ecdh_curves: - items: - type: string - type: array - hosts: - items: - type: string - type: array - max_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - min_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - private_key_file: - type: string - redirect_cleartext_from: - type: integer - secret: - type: string - secret_namespacing: - type: boolean - sni: - type: string - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: TLSContext is the Schema for the tlscontexts API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/getambassador.io_tracingservices.yaml b/platforms/shared/charts/ambassador/crds/getambassador.io_tracingservices.yaml deleted file mode 100644 index 4148a6b53bf..00000000000 --- a/platforms/shared/charts/ambassador/crds/getambassador.io_tracingservices.yaml +++ /dev/null @@ -1,306 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: tracingservices.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TracingService - listKind: TracingServiceList - plural: tracingservices - singular: tracingservice - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v2 - schema: - openAPIV3Schema: - description: TracingService is the Schema for the tracingservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TracingServiceSpec defines the desired state of TracingService - properties: - config: - properties: - access_token_file: - type: string - collector_cluster: - type: string - collector_endpoint: - type: string - collector_endpoint_version: - enum: - - HTTP_JSON_V1 - - HTTP_JSON - - HTTP_PROTO - type: string - collector_hostname: - type: string - service_name: - type: string - shared_span_context: - type: boolean - trace_id_128bit: - type: boolean - v3PropagationModes: - items: - enum: - - ENVOY - - LIGHTSTEP - - B3 - - TRACE_CONTEXT - type: string - type: array - type: object - driver: - enum: - - lightstep - - zipkin - - datadog - type: string - sampling: - properties: - client: - type: integer - overall: - type: integer - random: - type: integer - type: object - service: - type: string - tag_headers: - items: - type: string - type: array - v3CustomTags: - items: - description: TracingCustomTag provides a data structure for capturing - envoy's `type.tracing.v3.CustomTag` - properties: - environment: - description: Environment explicitly specifies the protocol stack - to set up. Exactly one of Literal, Environment or Header must - be supplied. - properties: - default_value: - type: string - name: - type: string - required: - - name - type: object - literal: - description: Literal explicitly specifies the protocol stack - to set up. Exactly one of Literal, Environment or Header must - be supplied. - properties: - value: - type: string - required: - - value - type: object - request_header: - description: Header explicitly specifies the protocol stack - to set up. Exactly one of Literal, Environment or Header must - be supplied. - properties: - default_value: - type: string - name: - type: string - required: - - name - type: object - tag: - type: string - required: - - tag - type: object - type: array - v3StatsName: - type: string - required: - - driver - - service - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - description: TracingService is the Schema for the tracingservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TracingServiceSpec defines the desired state of TracingService - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should - pay attention to this resource. If no value is provided, the default - is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, - consider renaming all of the `ambassador_id` (singular) fields to - `ambassador_ids` (plural)." - items: - type: string - type: array - config: - properties: - access_token_file: - type: string - collector_cluster: - type: string - collector_endpoint: - type: string - collector_endpoint_version: - enum: - - HTTP_JSON_V1 - - HTTP_JSON - - HTTP_PROTO - type: string - collector_hostname: - type: string - propagation_modes: - items: - enum: - - ENVOY - - LIGHTSTEP - - B3 - - TRACE_CONTEXT - type: string - type: array - service_name: - type: string - shared_span_context: - type: boolean - trace_id_128bit: - type: boolean - type: object - custom_tags: - items: - description: TracingCustomTag provides a data structure for capturing - envoy's `type.tracing.v3.CustomTag` - properties: - environment: - description: Environment explicitly specifies the protocol stack - to set up. Exactly one of Literal, Environment or Header must - be supplied. - properties: - default_value: - type: string - name: - type: string - required: - - name - type: object - literal: - description: Literal explicitly specifies the protocol stack - to set up. Exactly one of Literal, Environment or Header must - be supplied. - properties: - value: - type: string - required: - - value - type: object - request_header: - description: Header explicitly specifies the protocol stack - to set up. Exactly one of Literal, Environment or Header must - be supplied. - properties: - default_value: - type: string - name: - type: string - required: - - name - type: object - tag: - type: string - required: - - tag - type: object - type: array - driver: - enum: - - lightstep - - zipkin - - datadog - type: string - sampling: - properties: - client: - type: integer - overall: - type: integer - random: - type: integer - type: object - service: - type: string - stats_name: - type: string - tag_headers: - description: 'Deprecated: tag_headers is deprecated. Use custom_tags - instead. `tag_headers: ["header"]` can be defined as `custom_tags: - [{"request_header": {"name": "header"}}]`.' - items: - type: string - type: array - required: - - driver - - service - type: object - type: object - served: true - storage: false - - name: v1 - schema: - openAPIV3Schema: - description: TracingService is the Schema for the tracingservices API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false diff --git a/platforms/shared/charts/ambassador/crds/ratelimit.yaml b/platforms/shared/charts/ambassador/crds/ratelimit.yaml deleted file mode 100644 index 910e1aa6bcd..00000000000 --- a/platforms/shared/charts/ambassador/crds/ratelimit.yaml +++ /dev/null @@ -1,379 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - name: ratelimits.getambassador.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: emissary-apiext - namespace: emissary-system - conversionReviewVersions: - - v1beta1 - group: getambassador.io - names: - categories: - - ambassador-crds - kind: RateLimit - listKind: RateLimitList - plural: ratelimits - shortNames: - - rl - singular: ratelimit - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - domain: - type: string - limits: - items: - properties: - action: - pattern: ^([eE][nN][fF][oO][rR][cC][eE]|[lL][oO][gG][oO][nN][lL][yY])$ - type: string - burstFactor: - format: int32 - type: integer - errorResponse: - properties: - bodyTemplate: - type: string - contentType: - type: string - headers: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - realm: - type: string - type: object - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - injectResponseHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - name: - type: string - pattern: - items: - additionalProperties: - type: string - type: object - type: array - rate: - format: int32 - type: integer - unit: - pattern: ^([uU][nN][kK][nN][oO][wW][nN]|[sS][eE][cC][oO][nN][dD]|[mM][iI][nN][uU][tT][eE]|[hH][oO][uU][rR]|[dD][aA][yY])$ - type: string - type: object - type: array - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - - name: v1beta2 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - domain: - type: string - limits: - items: - properties: - action: - pattern: ^([eE][nN][fF][oO][rR][cC][eE]|[lL][oO][gG][oO][nN][lL][yY])$ - type: string - burstFactor: - format: int32 - type: integer - errorResponse: - properties: - bodyTemplate: - type: string - contentType: - type: string - headers: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - realm: - type: string - type: object - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - injectResponseHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - name: - type: string - pattern: - items: - additionalProperties: - type: string - type: object - type: array - rate: - format: int32 - type: integer - unit: - pattern: ^([uU][nN][kK][nN][oO][wW][nN]|[sS][eE][cC][oO][nN][dD]|[mM][iI][nN][uU][tT][eE]|[hH][oO][uU][rR]|[dD][aA][yY])$ - type: string - type: object - type: array - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - - name: v2 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - domain: - type: string - limits: - items: - properties: - action: - pattern: ^([eE][nN][fF][oO][rR][cC][eE]|[lL][oO][gG][oO][nN][lL][yY])$ - type: string - burstFactor: - format: int32 - type: integer - errorResponse: - properties: - bodyTemplate: - type: string - contentType: - type: string - headers: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - realm: - type: string - type: object - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - injectResponseHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - name: - type: string - pattern: - items: - additionalProperties: - type: string - type: object - type: array - rate: - format: int32 - type: integer - unit: - pattern: ^([uU][nN][kK][nN][oO][wW][nN]|[sS][eE][cC][oO][nN][dD]|[mM][iI][nN][uU][tT][eE]|[hH][oO][uU][rR]|[dD][aA][yY])$ - type: string - type: object - type: array - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - - name: v3alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - domain: - type: string - limits: - items: - properties: - action: - enum: - - Enforce - - LogOnly - type: string - burstFactor: - format: int32 - type: integer - errorResponse: - properties: - bodyTemplate: - type: string - contentType: - type: string - headers: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - realm: - type: string - type: object - injectRequestHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - injectResponseHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - name: - type: string - pattern: - items: - additionalProperties: - type: string - type: object - type: array - rate: - format: int32 - type: integer - unit: - pattern: ^([uU][nN][kK][nN][oO][wW][nN]|[sS][eE][cC][oO][nN][dD]|[mM][iI][nN][uU][tT][eE]|[hH][oO][uU][rR]|[dD][aA][yY])$ - type: string - type: object - type: array - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false diff --git a/platforms/shared/charts/ambassador/templates/NOTES.txt b/platforms/shared/charts/ambassador/templates/NOTES.txt deleted file mode 100644 index 2e66e8d3c36..00000000000 --- a/platforms/shared/charts/ambassador/templates/NOTES.txt +++ /dev/null @@ -1,60 +0,0 @@ -------------------------------------------------------------------------------- -{{- if .Values.enableAES }} -Congratulations! You have successfully installed The Ambassador Edge Stack! - -{{- if empty .Values.licenseKey.value }} -------------------------------------------------------------------------------- -NOTE: You are currently running The Ambassador Edge Stack in EVALUATION MODE. - -Request a free community license key at https://SERVICE_IP/edge_stack_admin/#dashboard -to unlock all the features of The Ambassador Edge Stack and update the value of -licenseKey.value in your values.yaml file. -{{- end }} - -{{- if or .Values.authService.create .Values.rateLimit.create }} -------------------------------------------------------------------------------- -WARNING: - -With your installation of the Ambassador Edge Stack, you have created a: -{{ if .Values.authService.create }} -- AuthService named {{include "ambassador.fullname" .}}-auth -{{ end }} {{ if .Values.rateLimit.create }} -- RateLimitService named {{include "ambassador.fullname" .}}-ratelimit -{{ end }} -in the {{ include "ambassador.namespace" . }} namespace. - -Please ensure there is not another of these resources configured in your cluster. -If there is, please either remove the old resource or run - -helm upgrade {{ .Release.Name }} -n {{ .Release.Namespace }} --set authService.create=false --set RateLimit.create=false - -{{- end }} -{{- else }} - Congratulations! You've successfully installed Ambassador! - -------------------------------------------------------------------------------- -To get the IP address of Ambassador, run the following commands: - -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} -NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }}' - - On GKE/Azure: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - - On AWS: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') - - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "ambassador.namespace" .}} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} -{{- end }} - -For help, visit our Slack at https://d6e.co/slack or view the documentation online at https://www.getambassador.io. diff --git a/platforms/shared/charts/ambassador/templates/_helpers.tpl b/platforms/shared/charts/ambassador/templates/_helpers.tpl deleted file mode 100644 index a708275354d..00000000000 --- a/platforms/shared/charts/ambassador/templates/_helpers.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "ambassador.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ambassador.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart namespace based on override value. -*/}} -{{- define "ambassador.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ambassador.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "ambassador.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the RBAC to use -*/}} -{{- define "ambassador.rbacName" -}} -{{ default (include "ambassador.fullname" .) .Values.rbac.nameOverride }} -{{- end -}} - -{{/* -Define the http port of the Ambassador service -*/}} -{{- define "ambassador.servicePort" -}} -{{- range .Values.service.ports -}} -{{- if (eq .name "http") -}} -{{ default .port }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/platforms/shared/charts/ambassador/templates/admin-service.yaml b/platforms/shared/charts/ambassador/templates/admin-service.yaml deleted file mode 100644 index 539fc05daff..00000000000 --- a/platforms/shared/charts/ambassador/templates/admin-service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.adminService.create -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-admin - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - # Hard-coded label for Prometheus Operator ServiceMonitor - service: ambassador-admin - product: aes - {{- with .Values.adminService.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.adminService.type }} - ports: - - port: {{ .Values.adminService.port }} - targetPort: admin - protocol: TCP - name: ambassador-admin - {{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }} - nodePort: {{ int .Values.adminService.nodePort }} - {{- end }} - selector: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if eq .Values.adminService.type "LoadBalancer" }} - {{- if not (empty .Values.adminService.loadBalancerIP) }} - loadBalancerIP: {{ .Values.adminService.loadBalancerIP | quote }} - {{- end }} - {{- if not (empty .Values.adminService.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- toYaml .Values.adminService.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/platforms/shared/charts/ambassador/templates/aes-authservice.yaml b/platforms/shared/charts/ambassador/templates/aes-authservice.yaml deleted file mode 100644 index a796205e1f8..00000000000 --- a/platforms/shared/charts/ambassador/templates/aes-authservice.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ if and .Values.authService.create .Values.enableAES }} ---- -apiVersion: getambassador.io/v2 -kind: AuthService -metadata: - name: {{ include "ambassador.fullname" . }}-auth - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-auth - product: aes -spec: - proto: grpc - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - auth_service: 127.0.0.1:8500 - {{- if .Values.authService.optional_configurations }} - {{- toYaml .Values.authService.optional_configurations | nindent 2}} - {{- end }} -{{ end }} \ No newline at end of file diff --git a/platforms/shared/charts/ambassador/templates/aes-injector.yaml b/platforms/shared/charts/ambassador/templates/aes-injector.yaml deleted file mode 100644 index 40eecdf77f6..00000000000 --- a/platforms/shared/charts/ambassador/templates/aes-injector.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled .Values.servicePreview.trafficAgent.injector.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - spec: - containers: - - name: webhook - image: "{{ .Values.servicePreview.trafficAgent.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "aes-injector" ] - env: - - name: AGENT_MANAGER_NAMESPACE - value: "{{ include "ambassador.namespace" . }}" - - name: TRAFFIC_AGENT_IMAGE - value: "{{ .Values.servicePreview.trafficAgent.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" - - name: TRAFFIC_AGENT_AGENT_LISTEN_PORT - value: "{{ .Values.servicePreview.trafficAgent.port }}" - {{- if .Values.servicePreview.trafficAgent.singleNamespace }} - - name: TRAFFIC_AGENT_SERVICE_ACCOUNT_NAME - value: "{{ .Values.servicePreview.trafficAgent.serviceAccountName }}" - {{- end }} - ports: - - containerPort: 8443 - name: https - livenessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - volumeMounts: - - mountPath: /var/run/secrets/tls - name: tls - readOnly: true - volumes: - - name: tls - secret: - secretName: {{ include "ambassador.fullname" . }}-injector-tls ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - name: {{ include "ambassador.fullname" . }}-injector - port: 443 - targetPort: https ---- -kind: Secret -apiVersion: v1 -metadata: - name: {{ include "ambassador.fullname" . }}-injector-tls - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-tls - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -type: Opaque -data: - {{ $ca := genCA (printf "%s-injector.%s.svc" (include "ambassador.fullname" .) (include "ambassador.namespace" .)) 365 -}} - crt.pem: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} - key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.servicePreview.trafficAgent.injector.keyPEM)) (empty .Values.servicePreview.trafficAgent.injector.keyPEM) }} ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ include "ambassador.fullname" . }}-injector-webhook-config - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-webhook-config - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -webhooks: -- name: {{ include "ambassador.fullname" . }}-injector.getambassador.io - clientConfig: - service: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - path: "/traffic-agent" - caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} - failurePolicy: Ignore - rules: - - operations: ["CREATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- end }} \ No newline at end of file diff --git a/platforms/shared/charts/ambassador/templates/aes-internal.yaml b/platforms/shared/charts/ambassador/templates/aes-internal.yaml deleted file mode 100644 index 1b7be63385e..00000000000 --- a/platforms/shared/charts/ambassador/templates/aes-internal.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{ if and .Values.createDevPortalMappings .Values.enableAES }} ---- -# Configure DevPortal -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is referenced by convention, it's important to leave as-is. - name: {{ include "ambassador.fullname" . }}-devportal - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /documentation/ - rewrite: "/docs/" - service: "127.0.0.1:8500" ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - name: {{ include "ambassador.fullname" . }}-devportal-assets - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-assets - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /documentation/(assets|styles)/(.*)(.css) - prefix_regex: true - regex_rewrite: - pattern: /documentation/(.*) - substitution: /docs/\1 - service: "127.0.0.1:8500" - add_response_headers: - cache-control: - value: "public, max-age=3600, immutable" - append: false ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is what the demo uses. Sigh. - name: {{ include "ambassador.fullname" . }}-devportal-demo - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-demo - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /docs/ - rewrite: "/docs/" - service: "127.0.0.1:8500" ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is referenced by convention, it's important to leave as-is. - name: {{ include "ambassador.fullname" . }}-devportal-api - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-api - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /openapi/ - rewrite: "" - service: "127.0.0.1:8500" -{{ end }} diff --git a/platforms/shared/charts/ambassador/templates/aes-ratelimit.yaml b/platforms/shared/charts/ambassador/templates/aes-ratelimit.yaml deleted file mode 100644 index fb4546db950..00000000000 --- a/platforms/shared/charts/ambassador/templates/aes-ratelimit.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if and .Values.rateLimit.create .Values.enableAES }} ---- -apiVersion: getambassador.io/v2 -kind: RateLimitService -metadata: - name: {{ include "ambassador.fullname" . }}-ratelimit - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - service: 127.0.0.1:8500 -{{ end }} diff --git a/platforms/shared/charts/ambassador/templates/aes-redis.yaml b/platforms/shared/charts/ambassador/templates/aes-redis.yaml deleted file mode 100644 index be680ffd192..00000000000 --- a/platforms/shared/charts/ambassador/templates/aes-redis.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{ if and .Values.redis.create .Values.enableAES }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-redis - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - {{- toYaml .Values.redis.annotations.service | nindent 4}} -spec: - type: ClusterIP - ports: - - port: 6379 - targetPort: 6379 - selector: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-redis - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - annotations: - {{- toYaml .Values.redis.annotations.deployment | nindent 4}} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - containers: - - name: redis - image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}" - imagePullPolicy: {{ .Values.redis.image.pullPolicy }} - resources: - {{- toYaml .Values.redis.resources | nindent 10 }} - restartPolicy: Always - {{- with .Values.redis.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{ end }} diff --git a/platforms/shared/charts/ambassador/templates/aes-secret.yaml b/platforms/shared/charts/ambassador/templates/aes-secret.yaml deleted file mode 100644 index a16db0cedc5..00000000000 --- a/platforms/shared/charts/ambassador/templates/aes-secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.licenseKey.createSecret .Values.enableAES }} -apiVersion: v1 -kind: Secret -metadata: - annotations: - helm.sh/resource-policy: keep - {{- if .Values.licenseKey.annotations }} - {{- toYaml .Values.licenseKey.annotations | nindent 4 }} - {{- end }} - {{- if .Values.licenseKey.secretName }} - name: {{ .Values.licenseKey.secretName }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-edge-stack - {{- end }} - namespace: {{ include "ambassador.namespace" . }} -type: Opaque -data: - license-key: {{- if .Values.licenseKey.value }} {{ .Values.licenseKey.value | b64enc }} {{- else }} "" {{- end }} -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/config.yaml b/platforms/shared/charts/ambassador/templates/config.yaml deleted file mode 100644 index b2c2d64bc5b..00000000000 --- a/platforms/shared/charts/ambassador/templates/config.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.ambassadorConfig }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: '{{ include "ambassador.fullname" . }}-file-config' - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -data: - ambassadorConfig: |- - {{- .Values.ambassadorConfig | nindent 4 }} -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/crd-delete.yaml b/platforms/shared/charts/ambassador/templates/crd-delete.yaml deleted file mode 100644 index 065ce265ace..00000000000 --- a/platforms/shared/charts/ambassador/templates/crd-delete.yaml +++ /dev/null @@ -1,123 +0,0 @@ -{{- if and .Values.crds.enabled (not .Values.crds.keep)}} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.serviceAccountName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [ "apiextensions.k8s.io" ] - resources: [ "customresourcedefinitions" ] - verbs: ["get", "list", "watch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.rbacName" . }}-crd-delete -subjects: - - name: {{ include "ambassador.serviceAccountName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "ambassador.fullname" . }}-crd-cleanup - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "3" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - template: - metadata: - name: {{ include "ambassador.fullname" . }}-crd-cleanup - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - spec: - {{- if .Values.rbac.create }} - serviceAccountName: {{ include "ambassador.serviceAccountName" . }}-crd-delete - {{- end }} - containers: - - name: kubectl - image: "buoyantio/kubectl" - args: - - delete - - crds - - -l app.kubernetes.io/name=ambassador - restartPolicy: OnFailure -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/crds-rbac.yaml b/platforms/shared/charts/ambassador/templates/crds-rbac.yaml deleted file mode 100644 index fd26201f374..00000000000 --- a/platforms/shared/charts/ambassador/templates/crds-rbac.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if .Values.crds.enabled }} -{{- if .Values.rbac.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-crds - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [ "apiextensions.k8s.io" ] - resources: - - customresourcedefinitions - resourceNames: - - authservices.getambassador.io - - mappings.getambassador.io - - modules.getambassador.io - - ratelimitservices.getambassador.io - - tcpmappings.getambassador.io - - tlscontexts.getambassador.io - - tracingservices.getambassador.io - - kubernetesendpointresolvers.getambassador.io - - kubernetesserviceresolvers.getambassador.io - - consulresolvers.getambassador.io - - filters.getambassador.io - - filterpolicies.getambassador.io - - ratelimits.getambassador.io - - hosts.getambassador.io - - logservices.getambassador.io - verbs: ["get", "list", "watch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }}-crds - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.rbacName" . }}-crds -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - kind: ServiceAccount -{{- end }} -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/crds.yaml b/platforms/shared/charts/ambassador/templates/crds.yaml deleted file mode 100644 index 3b3bf16d541..00000000000 --- a/platforms/shared/charts/ambassador/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.crds.create }} -{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/deployment.yaml b/platforms/shared/charts/ambassador/templates/deployment.yaml deleted file mode 100644 index 6887502e961..00000000000 --- a/platforms/shared/charts/ambassador/templates/deployment.yaml +++ /dev/null @@ -1,265 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.daemonSet }} -kind: DaemonSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - {{- if .Values.deploymentLabels }} - {{- toYaml .Values.deploymentLabels | nindent 4 }} - {{- end }} - {{- if .Values.deploymentAnnotations }} - annotations: - {{- toYaml .Values.deploymentAnnotations | nindent 4 }} - {{- end }} -spec: -{{- if and (not .Values.autoscaling.enabled) (not .Values.daemonSet) }} - replicas: {{ .Values.replicaCount }} -{{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.daemonSet }} - updateStrategy: - {{- else }} - strategy: - {{- end }} - {{- toYaml .Values.deploymentStrategy | nindent 4}} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - spec: - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- /* Check if .Values.securityContext is set for backwards compatibility */ -}} - {{- if .Values.securityContext -}} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- else -}} - {{- with .Values.security.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end -}} - {{- if .Values.restartPolicy }} - restartPolicy: {{ .Values.restartPolicy }} - {{- end }} - serviceAccountName: {{ include "ambassador.serviceAccountName" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - volumes: - - name: ambassador-pod-info - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - {{- if .Values.prometheusExporter.enabled }} - - name: stats-exporter-mapping-config - configMap: - name: {{ include "ambassador.fullname" . }}-exporter-config - items: - - key: exporterConfiguration - path: mapping-config.yaml - {{- end }} - {{- if .Values.ambassadorConfig }} - - name: ambassador-config - configMap: - name: {{ include "ambassador.fullname" . }}-file-config - items: - - key: ambassadorConfig - path: ambassador-config.yaml - {{- end }} - {{- if and .Values.licenseKey.createSecret .Values.enableAES }} - - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets - secret: - {{- if .Values.licenseKey.secretName }} - secretName: {{ .Values.licenseKey.secretName }} - {{- else }} - secretName: {{ include "ambassador.fullname" . }}-edge-stack - {{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - {{- if .Values.prometheusExporter.enabled }} - - name: prometheus-exporter - image: "{{ .Values.prometheusExporter.repository }}:{{ .Values.prometheusExporter.tag }}" - imagePullPolicy: {{ .Values.prometheusExporter.pullPolicy }} - ports: - - name: metrics - containerPort: 9102 - - name: listener - containerPort: 8125 - args: - - --statsd.listen-udp=:8125 - - --web.listen-address=:9102 - - --statsd.mapping-config=/statsd-exporter/mapping-config.yaml - volumeMounts: - - name: stats-exporter-mapping-config - mountPath: /statsd-exporter/ - readOnly: true - resources: - {{- toYaml .Values.prometheusExporter.resources | nindent 12 }} - {{- end }} - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - containerPort: {{ int .targetPort }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- if .hostPort }} - hostPort: {{ .hostPort }} - {{- end }} - {{- end}} - - name: admin - containerPort: 8877 - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if and (or .Values.redis.create .Values.redisURL) (.Values.enableAES) }} - - name: REDIS_URL - {{- if .Values.redisURL }} - value: {{ .Values.redisURL }} - {{- else }} - value: {{ include "ambassador.fullname" . }}-redis:6379 - {{- end }} - {{- end }} - {{- if and .Values.licenseKey.secretName .Values.enableAES}} - - name: AMBASSADOR_AES_SECRET_NAME - value: {{ .Values.licenseKey.secretName }} - {{- end }} - {{- if .Values.prometheusExporter.enabled }} - - name: STATSD_ENABLED - value: "true" - - name: STATSD_HOST - value: "localhost" - {{- end }} - {{- if .Values.scope.singleNamespace }} - - name: AMBASSADOR_SINGLE_NAMESPACE - value: "YES" - {{- end }} - - name: AMBASSADOR_NAMESPACE - {{- if .Values.namespace }} - value: {{ .Values.namespace.name | quote }} - {{ else }} - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end -}} - {{- if .Values.redisEnv }} - {{ toYaml .Values.redisEnv | nindent 12 }} - {{- end }} - {{- if .Values.env }} - {{- range $key,$value := .Values.env }} - - name: {{ $key | upper | quote}} - value: {{ $value | quote}} - {{- end }} - {{- end }} - {{- if .Values.envRaw }} - {{- with .Values.envRaw }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- end }} - {{- with .Values.security.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - livenessProbe: - httpGet: - path: /ambassador/v0/check_alive - port: admin - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - readinessProbe: - httpGet: - path: /ambassador/v0/check_ready - port: admin - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - volumeMounts: - - name: ambassador-pod-info - mountPath: /tmp/ambassador-pod-info - readOnly: true - {{- if .Values.ambassadorConfig }} - - name: ambassador-config - mountPath: /ambassador/ambassador-config/ambassador-config.yaml - subPath: ambassador-config.yaml - {{- end }} - {{- if and .Values.licenseKey.createSecret .Values.enableAES }} - - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets - mountPath: /.config/ambassador - readOnly: true - {{- end }} - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.sidecarContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - imagePullSecrets: - {{- toYaml .Values.imagePullSecrets | nindent 8 }} - dnsPolicy: {{ .Values.dnsPolicy }} - hostNetwork: {{ .Values.hostNetwork }} diff --git a/platforms/shared/charts/ambassador/templates/exporter-config.yaml b/platforms/shared/charts/ambassador/templates/exporter-config.yaml deleted file mode 100644 index 69b817f9d82..00000000000 --- a/platforms/shared/charts/ambassador/templates/exporter-config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.prometheusExporter.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: '{{ include "ambassador.fullname" . }}-exporter-config' - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -data: - exporterConfiguration: -{{- if .Values.prometheusExporter.configuration }} | - {{- .Values.prometheusExporter.configuration | nindent 4 }} -{{- else }} '' -{{- end }} -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/hpa.yaml b/platforms/shared/charts/ambassador/templates/hpa.yaml deleted file mode 100644 index 18cbbdbf6d9..00000000000 --- a/platforms/shared/charts/ambassador/templates/hpa.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.autoscaling.enabled (not .Values.daemonSet) }} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "ambassador.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- toYaml .Values.autoscaling.metrics | nindent 4 }} -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/pdb.yaml b/platforms/shared/charts/ambassador/templates/pdb.yaml deleted file mode 100644 index 4044fda60a0..00000000000 --- a/platforms/shared/charts/ambassador/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/podsecuritypolicy.yaml b/platforms/shared/charts/ambassador/templates/podsecuritypolicy.yaml deleted file mode 100644 index 3da289039eb..00000000000 --- a/platforms/shared/charts/ambassador/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.security.podSecurityPolicy }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- with .Values.security.podSecurityPolicy.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.security.podSecurityPolicy.spec }} -spec: - {{- toYaml . | nindent 2}} -{{- end }} -{{ end }} \ No newline at end of file diff --git a/platforms/shared/charts/ambassador/templates/projects-rbac.yaml b/platforms/shared/charts/ambassador/templates/projects-rbac.yaml deleted file mode 100644 index eb6b1470417..00000000000 --- a/platforms/shared/charts/ambassador/templates/projects-rbac.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if and .Values.rbac.create .Values.registry.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.scope.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }}-projects - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "secrets", "services" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: ["apps"] - resources: [ "deployments" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: ["batch"] - resources: [ "jobs" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: [""] - resources: [ "pods" ] - verbs: [ "get", "list", "watch" ] -- apiGroups: [""] - resources: [ "pods/log" ] - verbs: [ "get" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.scope.singleNamespace }} -kind: RoleBinding -{{- else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }}-projects - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.scope.singleNamespace }} - kind: Role - {{- else }} - kind: ClusterRole - {{- end }} - name: {{ include "ambassador.rbacName" . }}-projects -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/projects.yaml b/platforms/shared/charts/ambassador/templates/projects.yaml deleted file mode 100644 index c516d5d5d75..00000000000 --- a/platforms/shared/charts/ambassador/templates/projects.yaml +++ /dev/null @@ -1,336 +0,0 @@ -{{- if .Values.registry.create }} -###################################################################### -# In-cluster Registry for Projects - -# This mapping will make every host function as a docker -# registry. It's not ideal to take over the "v2" mapping, but there -# are a number of constraints that make this the least worst option -# explored so far. These constraints are: -# -# - We need a registry where docker push/pull and similar (e.g. crictl -# push/pull) can work with no special client configuration since we -# don't control the clients and we can't expect our users to -# reconfigure their clusters to use a special push/pull -# configuration. -# -# - GKE's push/pull implementation (I think it's docker) and crictl -# push/pull (used by default in k3s clusters) have different default -# behaviors with respect to localhost registries. The docker -# implementation is very permissive, it will try both cleartext and -# TLS and it does not verify the TLS connection, so self-signed -# registries work fine. The crictl implementation is moving in this -# direction, but the version used in k3s (based on rancher's fork of -# containerd at v1.3.3) is not there yet. It only tries cleartext by -# default. -# -# - We want to minimize the requirements for users to have the -# access/understanding to create special DNS configurations -# (e.g. wildcard or a separate dns name for the registry). -# -# - You can configure the docker registry to have a prefix, -# e.g. //v2/..., however without special -# configuration to override the defaults, clients can't push/pull -# from a registry served at a prefix. If your image is named -# /, the client will look for /v2/... endpoints. -# -# Given all the prior constraints we are left with creating this -# mapping for all hosts. If this is a problem there are a few -# alternatives we could consider. We can provide a way to limit this -# mapping to only one host so they can have distinct hosts for their -# site and their registry. We could also look into creating a -# daemonset that binds to localhost and proxies cleartext to -# TLS. Based on what I know of GKE and k3s its a good guess that this -# would accommodate both of them, but possibly not other clusters with -# different configurations. -# -# Another reason to lean towards an externally accessible registry is -# that there are likely some people that would want this as a feature -# so they can docker push/pull images from other systems into/out of -# the builtin registry. While it's true that security minded people -# might not like having this registry externally accessible, it's also -# quite likely those people would want to run their own fancy registry -# that scans/audits images, etc. The focus for RtC is really a smooth -# out of the box experience that functions end-to-end without -# requiring you to build your own platform. For more security minded -# people we should expect to eventually be able to configure an -# external registry and/or turn off the builtin one. ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - name: {{ include "ambassador.fullname" . }}-registry - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - prefix: /v2/ - rewrite: /v2/ - service: https://{{ include "ambassador.fullname" . }}-registry - timeout_ms: 300000 ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-registry - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - port: 443 - targetPort: 5000 - -# The registry deployment. The deployment includes a persistent volume -# mount for storing images, a config-map mount for customizing the -# registry configuration, and a secret mounted for tls. ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-registry - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 0 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - annotations: - foo: "5" - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - containers: - - name: registry - image: registry:2 - ports: - - containerPort: 5000 - volumeMounts: - - mountPath: /var/lib/registry - name: registry-data - - name: registry-config - mountPath: /etc/docker/registry - - name: registry-tls - mountPath: /etc/tls - volumes: - - name: registry-config - configMap: - # Provide the name of the ConfigMap containing the files you want - # to add to the container - name: {{ include "ambassador.fullname" . }}-registry-config - - name: registry-data - persistentVolumeClaim: - claimName: {{ include "ambassador.fullname" . }}-registry-data - - name: registry-tls - secret: - secretName: {{ include "ambassador.fullname" . }}-registry-tls - -# The configuration file for our registry. ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "ambassador.fullname" . }}-registry-config - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -data: - config.yml: | - version: 0.1 - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - filesystem: - rootdirectory: /var/lib/registry - http: - addr: :5000 - headers: - X-Content-Type-Options: [nosniff] - tls: - certificate: /etc/tls/tls.crt - key: /etc/tls/tls.key - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - -# The persistent volume for our registry. ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "ambassador.fullname" . }}-registry-data - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - -# The self-signed tls secret for our registry. We should look into -# generating this on install with a job. ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "ambassador.fullname" . }}-registry-tls - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -type: kubernetes.io/tls -data: - tls.crt: | - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVEekNDQXZlZ0F3SUJBZ0lVSVZrWlJGSkVJ - VCtOTlJiMFJ0TkxwZFp5TTVnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daWXhDekFKQmdOVkJBWVRB - bFZUTVJZd0ZBWURWUVFJREExTllYTnpZV05vZFhObGRIUnpNUk13RVFZRApWUVFIREFwVGIyMWxj - blpwYkd4bE1SRXdEd1lEVlFRS0RBaEVZWFJoZDJseVpURVVNQklHQTFVRUN3d0xSVzVuCmFXNWxa - WEpwYm1jeEVUQVBCZ05WQkFNTUNISmxaMmx6ZEhKNU1SNHdIQVlKS29aSWh2Y05BUWtCRmc5a1pY - WkEKWkdGMFlYZHBjbVV1YVc4d0hoY05NakF3TVRNd01qRXdNVFV5V2hjTk1qRXdNVEk1TWpFd01U - VXlXakNCbGpFTApNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdNRFUxaGMzTmhZMmgxYzJWMGRI - TXhFekFSQmdOVkJBY01DbE52CmJXVnlkbWxzYkdVeEVUQVBCZ05WQkFvTUNFUmhkR0YzYVhKbE1S - UXdFZ1lEVlFRTERBdEZibWRwYm1WbGNtbHUKWnpFUk1BOEdBMVVFQXd3SWNtVm5hWE4wY25reEhq - QWNCZ2txaGtpRzl3MEJDUUVXRDJSbGRrQmtZWFJoZDJseQpaUzVwYnpDQ0FTSXdEUVlKS29aSWh2 - Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFRtZ21wb2szVVdCVkhqCjFqb2R5eG9LZFJad09Y - WnhiZ25ITXlMa2xxLzUydGdmTEJmVlU1TzB2aE5iVm5vcEVSRWdWV0pTd3dlN0dOS0EKSjlaWWxC - Qlc1Q1U5Q3FNalU2TTVOdTdiVWRQblNyNGRFSFlWcmhEakJYcVpDUElEaFhZS2ZZYWh0YlB4cis1 - egpueS9qQktKU2JwM3RWU3d5SEhsY3JJNHdOU2R1Q2x5UFplOFR0Q2hGQUxhcU5rWUMvclNGK0w0 - SWcwZmY1N0duClpFVmsyZDJja09Xbkp6akRXMGhYL3FUcXhUKzZwV2tUQThWQ0FVS2FabEY5VkRK - c20rOW1XM2dBWmZ5NWdFWloKajcvaktqNTd5R1BUR2xWQXhra2J2WlJJVWQ5LzVkVmE3V1RCYnlR - dkxvOEkyWWQ3S1h6Y3BjcElpS2hRREdPQQpHbGVoa2JVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZ - RUZGTDV5NnNIb09tV0FRWVVGano4VHNETGFnUTdNQjhHCkExVWRJd1FZTUJhQUZGTDV5NnNIb09t - V0FRWVVGano4VHNETGFnUTdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFF - TEJRQURnZ0VCQUFZdHlnNDNDTEJsbVlvY0NkSjVpSlF0NTR0anFGU2hIMzdFd3h4WQp1QVExRHRW - a0Q3QngzUURZZ1cxeU1QYzFTRDhYenFUcWxjQUlOQTZwdVB0SlNPcC8wUUVqVFJSMkFSZFF5VURI - ClZOZEZzcHp5MGRnbllqOXY2ckl4akdOazVHZXI3cUp4TURaUUY0dC82NHZLYWNyOHZOQ3dnSmI5 - WEZaMTBjNlEKdVNSNVVVN1pMTWJPeWd4a0hPQStMMXp3S2pSaXZUb2ZMbExPOURQNUJwMk9hOGgr - TmZhVkJ4ZHFUS2l0UzFaOApnUnZhOTFuRHZwTjl5aHBiNFJVN2FoWW9tWGF4VE5ZVEJxVE1uZWhE - aWhPQjdBS2Z0VVErdjJWZ2VlM1FxaGJ4CjRUSlJpTTUxR2VIWEtoVWw5ZXBxRnBlYllIa1BnU1ln - bU1OUy9aT3JSWmFxajVRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: | - LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB - QVNDQktZd2dnU2lBZ0VBQW9JQkFRQzA1b0pxYUpOMUZnVlIKNDlZNkhjc2FDblVXY0RsMmNXNEp4 - ek1pNUphditkcllIeXdYMVZPVHRMNFRXMVo2S1JFUklGVmlVc01IdXhqUwpnQ2ZXV0pRUVZ1UWxQ - UXFqSTFPak9UYnUyMUhUNTBxK0hSQjJGYTRRNHdWNm1RanlBNFYyQ24yR29iV3o4YS91CmM1OHY0 - d1NpVW02ZDdWVXNNaHg1WEt5T01EVW5iZ3BjajJYdkU3UW9SUUMycWpaR0F2NjBoZmkrQ0lOSDMr - ZXgKcDJSRlpObmRuSkRscHljNHcxdElWLzZrNnNVL3VxVnBFd1BGUWdGQ21tWlJmVlF5Ykp2dlps - dDRBR1g4dVlCRwpXWSsvNHlvK2U4aGoweHBWUU1aSkc3MlVTRkhmZitYVld1MWt3VzhrTHk2UENO - bUhleWw4M0tYS1NJaW9VQXhqCmdCcFhvWkcxQWdNQkFBRUNnZ0VBWUxiMGRxdGVXclRoTnp6V0pk - QVQ2K0kzWXoyd214QmR3a0NMcUZZSjhoOWsKenpNclFicTlxalJ4Z3F2TWVoZEdscDl3eHRaMGlz - ZU9wOHY0Z0hKdkJxVk42RkxRUXhQNS9VUHppSlFkRld1TQozRU54cjVBN3RhK0tHRmVGSHM2Zkpk - TEo5WmF6TEhkRWxmbWUyOTFGZHZzWFJMdkVVNUtmQW90M2ZiVnNWWjFxCnRucVIzY0dET3JVQ00v - ZzJKZmVBYk5wSUJjTnlCV0diOGRQbm5SaHZRNW5YN1ozUnJiNTlhQnhOcldCSkFkbnEKOUtkS3BR - UmU4cjBiRGJ0WVZQamxXRldpOVluWVQ0WHpQOG9TU0t5a3R4TWZraEM2dlVKb0gwNHFOSmRkWjVM - WAozWjRKUm14RnlUZU1rUG0xa2dnSVVRZGJhRWp1WG0rOThOeXVkZitKcVFLQmdRRGx6SS9XMzZM - am1pRE9MSDVUCnFhZTFnazNMV2lTY3hwZzRhazEyenhLSlkrWUJiNnc4UG5EVmlvY2tPa0lsSERh - V0xzQ2VpRkJsM2lPSDlUWWcKQm9iY3JVZVNUbWdOaUNqSlpIWVhIUlY1TEN2bGE0UkhhcXNMWG43 - elptTE5GVW9YRlhaTkoyQzlqUEp5TStyQQpqOWJLWlFvQTF2NC9qOUdMTXN3eEJZem1pd0tCZ1FE - SmhxNDhrYmV0MlRTRFhyMUxuY3FMVU9wak1hQmNyOEJKCnpDNlBwK3F0ck01QVE1RnkwaHRoV2Zn - bDkzZU5vMWRQT2pCRDZ6amIyd2dNSHhBR2w1V0pIN005enFBSWJSaW0KbDFNcmsrUkprbUVGeUls - cU95TG9jNlg0V1pPN1BwejZPQkdWTExGOFlBR09UcldaRzZwUStDeVJWN3hHUS9PWAo4QlN5UVVh - d3Z3S0JnRWFXWG55dmQxYVlpb2txUzZlaFRuM0h4K08yRGRjR2ZjMmVnYXNFRW5xWGNCaHkyQ0l0 - ClAvV29OcmpmR0dCVDJVU3FtY3BZcnZHTG1iaHlqeXlwTkpYbXVEeHR6ektRNTQ1dFNJVHpEeHlJ - Zi9kWjNta2QKaityUEhRbmhJbXBDcHQ2T1hpZDIrQlZoalR1ZFRQZlhkeS8yZDJzb256S2hGOG05 - VWRHaEZkWGZBb0dBRkZ0QwpabVBoeGZIVzJCNU55TUdib0E4QVhoeTVNaU9lck5XdkxsdXIzUGRE - cmtJbEF4QXVLOXRHc2E4WnFIa0RiTUZYCjlzUmY3ZlZtRHJOa2p3WG8yUDBXd2Z1Sk50Q3VXTVdZ - WlNKL1FOOUVaYTBvRkU3ODY3WWk0YjlLcVBOZUwvaFIKN2x1aFlncmduVnRlQktWQ3d3TU9uVy9i - V00yc1lZQ2kxbzY1Y1VrQ2dZQUR4SUJmOGZUOURDS0NaZ1FvQXNDYwpvSzcvdzdDYk1hOEp5TjZa - ZDRiSlIrSzRzUEtQekd2M3dEandxRzFTRkN6UU1FR01mOWt6TWFYb09XdzNaN2NCCklIZTJDUXFF - N2NZdW1LYjFkOTFueU1qMVdQVC9CWEJKZzB3aUNMV0RjakdQR0xNWTJyeGsvMWwzL2xjKy9WVkcK - NjRZZUh1YlllOE9Iemp5UEZGSnJZdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - -###################################################################### -# Project Controller -# -# Comment this out if you want to disable the micro CI/CD functionality: ---- -apiVersion: getambassador.io/v2 -kind: ProjectController -metadata: - name: {{ include "ambassador.fullname" . }}-projectcontroller - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-projectcontroller - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - projects.getambassador.io/ambassador_id: {{ if hasKey .Values.env "AMBASSADOR_ID" }}{{ .Values.env.AMBASSADOR_ID | quote }}{{ else }}default{{ end }} - product: aes -{{- end }} \ No newline at end of file diff --git a/platforms/shared/charts/ambassador/templates/rbac.yaml b/platforms/shared/charts/ambassador/templates/rbac.yaml deleted file mode 100644 index ada218eee01..00000000000 --- a/platforms/shared/charts/ambassador/templates/rbac.yaml +++ /dev/null @@ -1,115 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.scope.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: - - namespaces - - services - - secrets - - endpoints - verbs: ["get", "list", "watch"] - - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update", "patch", "create", "delete" ] - - - apiGroups: [ "apiextensions.k8s.io" ] - resources: [ "customresourcedefinitions" ] - verbs: ["get", "list", "watch", "delete"] - - - apiGroups: [ "networking.internal.knative.dev"] - resources: [ "clusteringresses" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "extensions", "networking.k8s.io" ] - resources: [ "ingresses", "ingressclasses" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "extensions", "networking.k8s.io" ] - resources: [ "ingresses/status" ] - verbs: ["update"] - - {{- if .Values.enableAES }} - - apiGroups: [""] - resources: [ "secrets" ] - verbs: ["get", "list", "watch", "create", "update"] - - - apiGroups: [""] - resources: [ "events" ] - verbs: ["get", "list", "watch", "create", "patch"] - - - apiGroups: ["coordination.k8s.io"] - resources: [ "leases" ] - verbs: ["get", "create", "update"] - - - apiGroups: [""] - resources: [ "endpoints" ] - verbs: ["get", "list", "watch", "create", "update"] - {{- end }} - - {{- if or .Values.rbac.podSecurityPolicies .Values.security.podSecurityPolicy }} - - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - {{- if .Values.rbac.podSecurityPolicies }} - {{- toYaml .Values.rbac.podSecurityPolicies | nindent 6 }} - {{- end }} - {{- if .Values.security.podSecurityPolicy }} - - {{ include "ambassador.fullname" . }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.scope.singleNamespace }} -kind: RoleBinding -{{- else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.scope.singleNamespace }} - kind: Role - {{- else }} - kind: ClusterRole - {{- end }} - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- end -}} diff --git a/platforms/shared/charts/ambassador/templates/service.yaml b/platforms/shared/charts/ambassador/templates/service.yaml deleted file mode 100644 index 43d5323e186..00000000000 --- a/platforms/shared/charts/ambassador/templates/service.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: ambassador-service - product: aes -{{- if .Values.service.annotations }} - annotations: - {{- range $key, $value := .Values.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - annotations: - getambassador.io/config: | - --- - apiVersion: ambassador/v2 - kind: TLSContext - name: ambassador_context - hosts: - - "*" - secret: ambassador-default-tls.default - secret_namespacing: true - min_tls_version: v1.2 - {{- if .Values.ambassador.eip }} - --- - apiVersion: ambassador/v2 - kind: Module - name: ambassador - config: - use_proxy_proto: true - use_remote_address: false - service.beta.kubernetes.io/aws-load-balancer-type: nlb - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-eip-allocations: "{{ .Values.ambassador.eip }}" - {{- end }} - {{- if .Values.ambassador.grpc }} - --- - apiVersion: ambassador/v2 - kind: Module - name: ambassador - config: - enable_grpc_http11_bridge: true - enable_grpc_web: true - use_remote_address: false - x_forwarded_proto_redirect: true - service.beta.kubernetes.io/aws-load-balancer-type: nlb - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" - {{- end }} - {{- if .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ .Values.service.externalTrafficPolicy }}" - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: - {{- toYaml .Values.service.sessionAffinityConfig | nindent 4 }} - {{- end }} - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - port: {{ int .port }} - {{- if .targetPort }} - targetPort: {{ int .targetPort }} - {{- end }} - {{- if .nodePort }} - nodePort: {{ int .nodePort }} - {{- end }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- end }} -{{- with .Values.ambassador.otherPorts.portRange }} -{{- if and .from .to }} - {{- range untilStep (.from | int) (.to | int) 1 }} - - port: {{ . }} - name: port-{{- . }} - targetPort: {{ . }} - {{- end }} - - port: {{ .to }} - name: port-{{- .to }} - targetPort: {{ .to }} -{{- end }} -{{- end }} -{{- range .Values.ambassador.otherPorts.ports }} - - port: {{ . | int }} - name: port-{{- . }} - targetPort: {{ . | int }} -{{- end }} - selector: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.ambassador.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range .Values.ambassador.loadBalancerSourceRanges }} - - {{ . }} - {{- end }} - {{- else }} - loadBalancerSourceRanges: - - 0.0.0.0/0 - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: - {{- toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} diff --git a/platforms/shared/charts/ambassador/templates/serviceaccount.yaml b/platforms/shared/charts/ambassador/templates/serviceaccount.yaml deleted file mode 100644 index 62227fe043a..00000000000 --- a/platforms/shared/charts/ambassador/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -{{- end -}} diff --git a/platforms/shared/charts/ambassador/templates/servicemonitor.yaml b/platforms/shared/charts/ambassador/templates/servicemonitor.yaml deleted file mode 100644 index b2c8122a13c..00000000000 --- a/platforms/shared/charts/ambassador/templates/servicemonitor.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.adminService.create .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app: {{ include "ambassador.name" . }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- toYaml .Values.metrics.serviceMonitor.selector | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: ambassador-admin - path: /metrics - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "ambassador.namespace" . }} - selector: - matchLabels: - service: ambassador-admin -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/tests/test-ready.yaml b/platforms/shared/charts/ambassador/templates/tests/test-ready.yaml deleted file mode 100644 index ec96235f7a6..00000000000 --- a/platforms/shared/charts/ambassador/templates/tests/test-ready.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (.Values.test.enabled) (not .Values.daemonSet) }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "ambassador.fullname" . }}-test-ready" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: {{ .Values.test.image | default "busybox" }} - command: ['wget'] - args: ['{{ include "ambassador.fullname" . }}:{{ include "ambassador.servicePort" . }}/ambassador/v0/check_ready'] - restartPolicy: Never -{{- end }} diff --git a/platforms/shared/charts/ambassador/templates/traffic-agent-rbac.yaml b/platforms/shared/charts/ambassador/templates/traffic-agent-rbac.yaml deleted file mode 100644 index 1c034fb4cf3..00000000000 --- a/platforms/shared/charts/ambassador/templates/traffic-agent-rbac.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled }} -{{- if .Values.servicePreview.trafficAgent.singleNamespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - annotations: - # Required because Helm creates secrets before ServiceAccount, but service-account-token depends on an existing SA. - "helm.sh/hook": "pre-install" - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -## Create a service-account-token for traffic-agent with a matching name. -## Since the ambassador-injector will use this token name, it must be deterministic and not auto-generated. -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - annotations: - kubernetes.io/service-account.name: traffic-agent -type: kubernetes.io/service-account-token ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: [ "namespaces", "services", "secrets" ] - verbs: ["get", "list", "watch"] - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- else }} -## If we install Service Preview cluster-wide, this means we can't use the 'traffic-agent' ServiceAccount -## as it does not exist in every namespace. We must instead grant new Roles to all ServiceAccounts (cluster-wide). ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: [ "namespaces", "services", "secrets" ] - verbs: ["get", "list", "watch"] - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} -subjects: - - name: system:serviceaccounts - kind: Group - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} \ No newline at end of file diff --git a/platforms/shared/charts/ambassador/templates/traffic-manager.yaml b/platforms/shared/charts/ambassador/templates/traffic-manager.yaml deleted file mode 100644 index 03bf79a43c2..00000000000 --- a/platforms/shared/charts/ambassador/templates/traffic-manager.yaml +++ /dev/null @@ -1,177 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.scope.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: ["namespaces", "services", "pods", "secrets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.scope.singleNamespace }} -kind: RoleBinding -{{- else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.scope.singleNamespace }} - kind: Role - {{- else }} - kind: ClusterRole - {{- end }} - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} -subjects: - - kind: ServiceAccount - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: telepresence-proxy - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - containers: - - name: telepresence-proxy - image: "{{ .Values.servicePreview.trafficManager.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficManager.image.tag | default .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "traffic-manager" ] - env: - {{- if .Values.scope.singleNamespace }} - - name: AMBASSADOR_SINGLE_NAMESPACE - value: "true" - {{- end }} - - name: AMBASSADOR_NAMESPACE - {{- if .Values.namespace }} - value: {{ .Values.namespace.name | quote }} - {{ else }} - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end -}} - {{- if or .Values.redis.create .Values.redisURL }} - - name: REDIS_URL - {{- if .Values.redisURL }} - value: {{ .Values.redisURL }} - {{- else }} - value: {{ include "ambassador.fullname" . }}-redis:6379 - {{- end }} - {{- end }} - ports: - - name: sshd - containerPort: 8022 - volumeMounts: - - mountPath: /tmp/ambassador-pod-info - name: pod-info - restartPolicy: Always - terminationGracePeriodSeconds: 0 - volumes: - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - name: pod-info - serviceAccountName: {{ .Values.servicePreview.trafficManager.serviceAccountName }} ---- -apiVersion: v1 -kind: Service -metadata: - name: telepresence-proxy - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - selector: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - name: sshd - protocol: TCP - port: 8022 - - name: api - protocol: TCP - port: 8081 -{{- end }} \ No newline at end of file diff --git a/platforms/shared/charts/ambassador/values.yaml b/platforms/shared/charts/ambassador/values.yaml deleted file mode 100644 index 4ba9557e70a..00000000000 --- a/platforms/shared/charts/ambassador/values.yaml +++ /dev/null @@ -1,484 +0,0 @@ ---- -# Default values for ambassador. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Manually set metadata for the Release. -# -# Defaults to .Chart.Name -nameOverride: "ambassador" -# Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador" -fullnameOverride: "ambassador" -# Defaults to .Release.Namespace -namespaceOverride: "" - -ambassador: - loadBalancerSourceRanges: # provide the load balancer source ranges - otherPorts: - ports: # Use this when specific ports are needed - portRange: # For a range of ports # use this when a range of ports are needed - from: 15000 - to: 15001 - -replicaCount: 3 -daemonSet: false - -# This will enable the test-ready Pod (https://github.com/Accenture-BAF/ambassador-chart/blob/main/templates/tests/test-ready.yaml). -# It will spawn a busybox container to call Ambassador's check_ready endpoint to validate it is working correctly. -test: - enabled: true - image: busybox - -# Enable autoscaling using HorizontalPodAutoscaler -# daemonSet: true, autoscaling will be disabled -autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 60 - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 60 - -podDisruptionBudget: {} - -# namespace: - # name: default - -# Additional container environment variable -# Uncomment or add additional environment variables for the container here. -env: {} - # Exposing statistics via StatsD - # STATSD_ENABLED: true - # STATSD_HOST: statsd-sink - # sets the minimum number of seconds between Envoy restarts - # AMBASSADOR_RESTART_TIME: 15 - # sets the number of seconds that the Envoy will wait for open connections to drain on a restart - # AMBASSADOR_DRAIN_TIME: 5 - # sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart - # AMBASSADOR_SHUTDOWN_TIME: 10 - # labels Ambassador with an ID to allow for configuring multiple Ambassadors in a cluster - # AMBASSADOR_ID: default - -# Additional container environment variable in raw YAML format -# Uncomment or add additional environment variables for the container here. -envRaw: {} -# - name: REDIS_PASSWORD -# value: password -# valueFrom: -# secretKeyRef: -# name: redis-password -# key: password -# - name: POD_IP -# valueFrom: -# fieldRef: -# fieldPath: status.podIP - -imagePullSecrets: [] - -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "main" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"main" Releases. - podSecurityPolicy: {} - # # Add AppArmor and Seccomp annotations - # # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - # annotations: - # spec: - # seLinux: - # rule: RunAsAny - # supplementalGroups: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # fsGroup: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # privileged: false - # allowPrivilegeEscalation: false - # runAsUser: - # rule: MustRunAsNonRoot - -image: - repository: docker.io/datawire/aes - tag: 1.13.9 - pullPolicy: IfNotPresent - -dnsPolicy: "ClusterFirst" -hostNetwork: false - -service: - type: LoadBalancer - - # Note that target http ports need to match your ambassador configurations service_port - # https://www.getambassador.io/reference/modules/#the-ambassador-module - ports: - - name: http - port: 80 - targetPort: 8080 - # protocol: TCP - # nodePort: 30080 - # hostPort: 80 - - name: https - port: 443 - targetPort: 8443 - # protocol: TCP - # nodePort: 30443 - # hostPort: 443 - # TCPMapping_Port - # port: 2222 - # targetPort: 2222 - # protocol: TCP - # nodePort: 30222 - - externalTrafficPolicy: - - sessionAffinity: - - sessionAffinityConfig: - - externalIPs: [] - - annotations: {} - ############################################################################# - ## Ambassador should be configured using CRD definition. If you want - ## to use annotations, the following is an example of annotating the - ## Ambassador service with global configuration manifest. - ## - ## See https://www.getambassador.io/reference/core/ambassador and - ## https://www.getambassador.io/reference/core/tls for more info - ############################################################################# - # - # getambassador.io/config: | - # --- - # apiVersion: ambassador/v2 - # kind: TLSContext - # name: ambassador - # secret: ambassador-certs - # hosts: ["*"] - # --- - # apiVersion: ambassador/v2 - # kind: Module - # name: ambassador - # config: - # admin_port: 8001 - # diag_port: 8877 - # diagnostics: - # enabled: true - # enable_grpc_http11_bridge: false - # enable_grpc_web: false - # enable_http10: false - # enable_ipv4: true - # enable_ipv6: false - # liveness_probe: - # enabled: true - # lua_scripts: - # readiness_probe: - # enabled: true - # server_name: envoy - # service_port: 8080 - # use_proxy_proto: false - # use_remote_address: true - # xff_num_trusted_hops: 0 - # x_forwarded_proto_redirect: false - # load_balancer: - # policy: round_robin - # circuit_breakers: - # max_connections: 2048 - # retry_policy: - # retry_on: "5xx" - # cors: - -adminService: - create: true - type: ClusterIP - port: 8877 - # NodePort used if type is NodePort - # nodePort: 38877 - annotations: - {} - -rbac: - # Specifies whether RBAC resources should be created - create: true - # List of Pod Security Policies to use on the container. - # If security.podSecurityPolicy is set, it will be appended to the list - podSecurityPolicies: [] - # Name of the RBAC resources defaults to the name of the release. - # Set nameOverride when installing Ambassador with cluster-wide scope in - # different namespaces with the same release name to avoid conflicts. - nameOverride: - -scope: - # tells Ambassador to only use resources in the namespace or namespace set by namespace.name - singleNamespace: false - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: ambassador - -deploymentStrategy: - type: RollingUpdate - -restartPolicy: - -terminationGracePeriodSeconds: - -initContainers: [] - -sidecarContainers: [] - -livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 3 - failureThreshold: 3 - -readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 3 - failureThreshold: 3 - - -volumes: [] - -volumeMounts: [] - -podLabels: - {} - -podAnnotations: - {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "9102" - -deploymentLabels: - {} - -deploymentAnnotations: - {} - # configmap.reloader.stakater.com/auto: "true" - -resources: - # Recommended resource requests and limits for Ambassador - limits: - cpu: 1000m - memory: 600Mi - requests: - cpu: 200m - memory: 300Mi - -priorityClassName: "" - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -ambassadorConfig: "" - -crds: - enabled: true - create: true - keep: true - -# Prometheus Operator ServiceMonitor configuration -# See documentation: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor -metrics: - serviceMonitor: - enabled: false - # interval: 30s - # scrapeTimeout: 30s - # selector: {} - -################################################################################ -## Ambassador Edge Stack Configuration ## -################################################################################ - -# The Ambassador Edge Stack is free for limited use without a license key. -# Go to https://{ambassador-host}/edge_stack/admin/#dashboard to register -# for a community license key. - -enableAES: true - -# Set createSecret: false is installing multiple releases of The Ambassador -# Edge Stack in the same namespace. -licenseKey: - value: - createSecret: false - secretName: ambassador-stack-license - # Annotations to attach to the license-key-secret. - annotations: - {} - -# The DevPortal is exposed at /docs/ endpoint in the AES container. -# Setting this to true will automatically create routes for the DevPortal. -createDevPortalMappings: false - -# The Ambassador Edge Stack uses a redis instance for managing authentication, -# rate limiting, and sharing minor configuration details between pods for -# centralized management. These values configure the redis instance that ships -# by default with The Ambassador Edge Stack. -# -# URL of your redis instance. Defaults to redis instance created below. -redisURL: - -# Ambassador ships with a basic redis instance. Configure the deployment with the options below. -redis: - create: true - image: - repository: redis - tag: 5.0.1 - pullPolicy: IfNotPresent - # Annotations for Ambassador Pro's redis instance. - annotations: - deployment: - {} - service: - {} - resources: {} - # If you want to specify resources, uncomment the following - # lines and remove the curly braces after 'resources:'. - # These are placeholder values and must be tuned. - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - nodeSelector: {} - affinity: {} - tolerations: {} - - -# Configures the AuthService that ships with the Ambassador Edge Stack. -# Setting authService.create: false will not install the AES AuthService and -# allow you to define your own. -# -# Typically when using the AES, you will want to keep this set to true and use -# the External Filter to communicate with a custom authentication service. -# https://www.getambassador.io/reference/filter-reference/#filter-type-external -authService: - create: true - # Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information - optional_configurations: - # include_body: - # max_bytes: 4096 - # allow_partial: true - # status_on_error: - # code: 403 - # failure_mode_allow: false - # retry_policy: - # retry_on: "5xx" - # num_retries: 2 - # add_linkerd_headers: true - # timeout_ms: 30000 - - -# Configures the RateLimitService in the Ambassador Edge Stack. -# Keep this enabled to configure RateLimits in AES. -rateLimit: - create: true - -# Projects are a beta feature of Ambassador that allow developers to stage and -# deploy code with nothing more than a Github repository. -# See: https://www.getambassador.io/docs/latest/topics/using/projects/ -registry: - create: false - -################################################################################ -## DEPRECATED configuration objects ## -################################################################################ - -# DEPRECATED: Ambassador now exposes the /metrics endpoint in Envoy. -# DEPRECATED: See https://www.getambassador.io/user-guide/monitoring#deployment for more information on how to use the /metrics endpoint -# -# DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it -prometheusExporter: - enabled: false - repository: prom/statsd-exporter - tag: v0.8.1 - pullPolicy: IfNotPresent - resources: {} - # If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - # You can configure the statsd exporter to modify the behavior of mappings and other features. - # See documentation: https://github.com/prometheus/statsd_exporter/tree/v0.8.1#metric-mapping-and-configuration - # Uncomment the following line if you wish to specify a custom configuration: - # configuration: | - # --- - # mappings: - # - match: 'envoy.cluster.*.upstream_cx_connect_ms' - # name: "envoy_cluster_upstream_cx_connect_time" - # timer_type: 'histogram' - # labels: - # cluster_name: "$1" - -# DEPRECATED: Use security.podSecurityContext -# securityContext: -# runAsUser: 8888 - - -# Configures Service Preview that ships with the Ambassador Edge Stack and edgectl. -# Setting servicePreview.enabled: true will install the Traffic Agent Service Account, Traffic Manager with RBAC, and ambassador-injector -servicePreview: - enabled: false - trafficManager: - image: - # Leave blank to use image.repository and image.tag - repository: - tag: - serviceAccountName: "traffic-manager" - trafficAgent: - image: - # Leave blank to use image.repository and image.tag - repository: - tag: - singleNamespace: true - serviceAccountName: "traffic-agent" - port: 9900 - - # Configure the ambassador-injector webhook for Service Preview Traffic Agent automatic sidecar injection. - injector: - enabled: true - - # If no injector.crtPEM and injector.keyPEM are provided, a self-signed certificate will be issued - # for the Common Name (CN) of `..svc`, which is the cluster-internal DNS name - # for the service. - crtPEM: "" - keyPEM: "" diff --git a/platforms/shared/configuration/roles/setup/ambassador/meta/main.yaml b/platforms/shared/configuration/roles/setup/ambassador/meta/main.yaml deleted file mode 100644 index 0d26800f7b7..00000000000 --- a/platforms/shared/configuration/roles/setup/ambassador/meta/main.yaml +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- -dependencies: - - role: "aws-auth" - vars: - aws_authenticator: - os: "{{ install_os }}" - arch: "{{ install_arch }}" - bin_directory: "{{ bin_install_dir }}" - checksum: "" - kubeconfig_path: "{{ item.k8s.config_file }}" - kubecontext: "{{ item.k8s.context }}" - when: item.cloud_provider == 'aws' - - role: "helm" - vars: - helm: - os: "{{ install_os }}" - arch: "{{ install_arch }}" - bin_directory: "{{ bin_install_dir }}" - checksum: "" diff --git a/platforms/shared/configuration/roles/setup/ambassador/tasks/main.yaml b/platforms/shared/configuration/roles/setup/ambassador/tasks/main.yaml deleted file mode 100644 index c7f5120b232..00000000000 --- a/platforms/shared/configuration/roles/setup/ambassador/tasks/main.yaml +++ /dev/null @@ -1,271 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- -# We have enabled additional ports on Ambassador for TCP. By default 8443 is exposed. -# The extra ports are pass as parameter --set ambassador.otherPorts={10010,10020} is taken from network.env.ambassadorPorts -- name: Set proxy namespace - set_fact: - proxy_namespace: "{{ network.env.namespace | default('default') }}" - -- name: Check if ambassador installed - k8s_info: - api_version: v1 - kind: Service - name: ambassador - kubeconfig: "{{ kubeconfig_path }}" - namespace: "{{ proxy_namespace }}" - register: result - -- name: Set ambassador installed - set_fact: - ambassador_installed: "{{ result.resources|length > 0 }}" - -- name: Get available ports of installed ambassador - set_fact: - ports: "{{ result | json_query('resources[0].spec.ports[*].port') }}" - when: ambassador_installed - -- name: Format ambassador ports - args: - executable: /bin/bash - shell: | - json='{{ stewards | to_json }}' - length=$(echo "${json}" | jq '.[] | length') - index=0 - declare -A ports - while [[ ${index} < ${length} ]] - do - steward=$( echo ${json} | jq ".[${index}]") - name=$(echo ${steward} | jq '.name' | tr -d '"') - node_port=$(echo ${steward} | jq '.node.ambassador' | tr -d '"') - client_port=$(echo ${steward} | jq '.client.ambassador' | tr -d '"') - if [[ ${name} != null ]] - then - if [[ ${ports["{{ kubecontext }}"]} != "" ]] - then - ports+=( ["{{ kubecontext }}"]+=, ) - fi - ports+=( ["{{ kubecontext }}"]+=${node_port},${client_port} ) - fi - index=$(( ${index} + 1 )) - done - echo ${ports["{{ kubecontext }}"]} - register: terminal - when: - - network['type'] == 'indy' and item.services.stewards is defined - -- name: Get Elastic IP - environment: - AWS_ACCESS_KEY_ID: "{{ aws.access_key }}" - AWS_SECRET_ACCESS_KEY: "{{ aws.secret_key }}" - shell: | - # format ip addresses list to string with space separator - ips=$(echo '{{ item.publicIps }}' | tr -d '["]' | sed 's/,/\ /g') - data=$(aws ec2 describe-addresses --public-ips ${ips} --region {{ aws.region }} --output json | jq '.Addresses[].AllocationId') - # format eip addresses list to string with comma separator (comma has to be escaped) - echo ${data} | tr -d '"' | sed 's/\ /\\,/g' - register: allocation_ips - when: - - (network.type == 'indy' and item.services.stewards is defined ) - - item.cloud_provider == 'aws' or item.cloud_provider == 'aws-baremetal' #As this shell code is specific to AWS, cloud provider check has been added - tags: - - notest - -- name: Format ambassador range - args: - executable: /bin/bash - shell: | - from='{{ network.env.ambassadorPorts.portRange.from | default('') }}' - to='{{ network.env.ambassadorPorts.portRange.to | default('') }}' - if [ -z "$from" ] || [ -z "$to" ] - then - echo "" - else - echo "--set ambassador.otherPorts.portRange.from=${from} --set ambassador.otherPorts.portRange.to=${to}" - fi - register: ambassadorRange - -- name: Format ambassador ports for Corda/Besu/Quorum - args: - executable: /bin/bash - shell: | - ports=$(echo '{{ network.env.ambassadorPorts.ports | default('') }}' | sed -e 's/\[/\{/' -e 's/\]/\}/') - if [ -z "$ports" ] - then - echo "" - else - echo "--set ambassador.otherPorts.ports={'${ports}'}" - fi - register: ambassadorPorts - when: - - network.type != 'indy' - -- name: Format ambassador ports for Indy - args: - executable: /bin/bash - shell: | - ports=$(echo '{{ network.env.ambassadorPorts.ports | default('') }}' | sed -e 's/\[/\{/' -e 's/\]/\}/') - terminalPorts='{{ terminal.stdout | default('') }}' - if [ -z "$ports" ] - then - echo "" - else - echo "--set ambassador.otherPorts.ports={'${ports},${terminalPorts}'}" - fi - register: ambassadorPortsIndy - when: - - network.type == 'indy' - -# return true when the ambassador is with required set of ports else return false -- name: check required ports available for Corda/Besu/Quorum - args: - executable: /bin/bash - shell: | - availablePortRange=$(echo '{{ ports }}' | sed -e 's/\[/\(/' -e 's/\]/\)/' | sed 's/,/\n/g') - from='{{ network.env.ambassadorPorts.portRange.from | default('') }}' - to='{{ network.env.ambassadorPorts.portRange.to | default('') }}' - - if [[ "$from" == "" || "$to" == "" ]]; then - echo "false" && exit 0 - fi - arr=( $(seq $from $to) ) - - for i in "${arr[@]}" - do - if [[ ! ${availablePortRange[*]} =~ ${i} ]]; then - echo "false" && exit 0 - fi - done - echo "true" - register: ports_available - when: - - network.type != 'indy' - - ambassador_installed - -# return true when the ambassador is with required set of ports else return false -- name: check required ports available for Indy - args: - executable: /bin/bash - shell: | - availablePortRange=$(echo '{{ ports }}' | sed -e 's/\[/\(/' -e 's/\]/\)/' | sed 's/,/\n/g') - from=$(echo '{{ network.env.ambassadorPorts.ports | default('') }}' |sed -e 's/\[/\(/' -e 's/\]/\)/' | sed 's/,/\n/g') - to='{{ terminal.stdout | default('') }}' - - if [[ "$from" == "" || "$to" == "" ]]; then - echo "false" && exit 0 - fi - arr=( $(seq $from $to) ) - - for i in "${arr[@]}" - do - if [[ ! ${availablePortRange[*]} =~ ${i} ]]; then - echo "false" && exit 0 - fi - done - echo "true" - register: indy_ports_available - when: - - network.type == 'indy' - - ambassador_installed - -- set_fact: - ports_found: "{{ ports_available.stdout | bool }}" - when: ports_available.stdout is defined -- set_fact: - ports_found: "{{ indy_ports_available.stdout | bool }}" - when: indy_ports_available.stdout is defined - -# Remove default selfsigned ambassador tls if already exists -- name: Remove Ambassador cred if exists - k8s: - kind: Secret - namespace: "{{ proxy_namespace }}" - state: absent - name: "ambassador-default-tls" - kubeconfig: "{{ kubeconfig_path }}" - context: "{{ kubecontext }}" - -# Create and store selfsigned ambassador default certificate -- name: Create Ambassador default certificate - shell: | - mkdir -p ./build/ambassador && cd ./build/ambassador/ - openssl req -x509 -days 365 -out default_ambassador_tls.pem -keyout default_ambassador_tls.key -newkey rsa:2048 -nodes -sha256 -subj "/CN={{ item.external_url_suffix }}" - KUBECONFIG={{ kubeconfig_path }} kubectl create secret tls ambassador-default-tls --cert="default_ambassador_tls.pem" --key="default_ambassador_tls.key" -n {{ proxy_namespace }} - when: - - network.env.external_dns is defined - - network.env.external_dns == 'enabled' - - (organization.issuer is undefined) or (organization.issuer | lower == default) - -# Checks Ingress class for Ambassador -- name: checks IngressClass for ambassador - k8s_info: - kind: IngressClass - name: ambassador - namespace: default - kubeconfig: "{{ kubeconfig_path }}" - register: ingressclass - -# Create Ingress class for Ambassador -- name: creates IngressClass for ambassador - k8s: - state: present - kubeconfig: "{{ kubeconfig_path }}" - definition: - apiVersion: networking.k8s.io/v1 - kind: IngressClass - metadata: - name: ambassador - annotations: - ingressclass.kubernetes.io/is-default-class: "true" - spec: - controller: getambassador.io/ingress-controller - when: ingressclass.resources[0] is undefined - -- name: Install Ambassador with EIP for Indy - shell: | - KUBECONFIG={{ kubeconfig_path }} helm upgrade --install --namespace {{ proxy_namespace }} {{ ambassadorRange.stdout }} {{ ambassadorPortsIndy.stdout }} --set ambassador.eip='{{ allocation_ips.stdout }}' --set ambassador.loadBalancerSourceRanges={"{{ network.env.loadBalancerSourceRanges | default('0.0.0.0/0') }}"} ambassador {{ playbook_dir }}/../../../platforms/shared/charts/ambassador - when: - - network.type == 'indy' - - allocation_ips.stdout is defined - - not ambassador_installed or not ports_found - tags: - - ambassador - -- name: Install Ambassador for Corda/Quorum/Besu/Fabric/Substrate - shell: | - KUBECONFIG={{ kubeconfig_path }} helm upgrade --install --namespace {{ proxy_namespace }} {{ ambassadorRange.stdout }} {{ ambassadorPorts.stdout }} --set ambassador.loadBalancerSourceRanges={"{{ network.env.loadBalancerSourceRanges | default('0.0.0.0/0') }}"} ambassador {{ playbook_dir }}/../../../platforms/shared/charts/ambassador - when: - - network.type != 'indy' - - not ambassador_installed or not ports_found - tags: - - ambassador - -- name: Enable external DNS - shell: | - KUBECONFIG={{ kubeconfig_path }} kubectl annotate service ambassador --overwrite "external-dns.alpha.kubernetes.io/hostname=*.{{ item.external_url_suffix }}." - when: - - (network.type == 'indy' and allocation_ips.stdout is defined) or network.type != 'indy' - - network.env.external_dns is defined - - network.env.external_dns == 'enabled' - tags: - - ambassador - -# Wait for Ambassador pods to start running -- name: wait for pods to come up - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" - vars: - namespace: "{{ proxy_namespace }}" - kubeconfig: "{{ kubeconfig_path }}" - context: "{{ kubecontext }}" - component_name: ambassador - component_type: "Pod" - label_selectors: - - app.kubernetes.io/name=ambassador - when: - - (network.type == 'indy' and allocation_ips.stdout is defined) or network.type != 'indy' - - not ambassador_installed or not ports_found diff --git a/platforms/shared/configuration/roles/setup/edge-stack/tasks/main.yaml b/platforms/shared/configuration/roles/setup/edge-stack/tasks/main.yaml index 6c8f1fa10d7..0cbd69d028c 100644 --- a/platforms/shared/configuration/roles/setup/edge-stack/tasks/main.yaml +++ b/platforms/shared/configuration/roles/setup/edge-stack/tasks/main.yaml @@ -22,17 +22,32 @@ port_range_to: "{{ network.env.ambassadorPorts.portRange.to }}" when: network.env.ambassadorPorts.portRange is defined -# Apply the ambassador edge stack crds -- name: Apply aes-crds manifest. - kubernetes.core.k8s: - kubeconfig: "{{ kubeconfig_path }}" - state: present - src: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/edge-stack/templates/aes-crds.yaml" +# As this shell code is specific to AWS, cloud provider check has been added +- name: Get Elastic IP + environment: + AWS_ACCESS_KEY_ID: "{{ aws.access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ aws.secret_key }}" + shell: | + ips="{{ item.publicIps | join(' ') }}" + data=$(aws ec2 describe-addresses --public-ips $ips --region {{ aws.region }} --output json | jq -r '.Addresses[].AllocationId' | tr '\n' ',') + echo "${data%,}" # Remove trailing comma + register: allocation_ips + when: + - network.type == 'indy' + - item.cloud_provider in ['aws', 'aws-baremetal'] + +# Set allocation_ips_stdout +- name: Set Helm value for ambassador_eip + set_fact: + allocation_ips_stdout: "{{ allocation_ips.stdout }}" + when: + - allocation_ips is defined # Create custom values for ambassador edge stack (aes) helm chart - name: Create custom values for aes helm chart vars: ports: "{{ network.env.ambassadorPorts.ports | default([]) }}" + elastic_ip: "{{ allocation_ips_stdout | default('') }}" lbSourceRangeDefault: - 0.0.0.0/0 loadBalancerSourceRanges: "{{ network.env.loadBalancerSourceRanges | default(lbSourceRangeDefault) }}" @@ -40,6 +55,13 @@ src={{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-values.tpl dest={{ playbook_dir }}/../../../platforms/shared/configuration/build/aes-custom-values.yaml +# Apply the ambassador edge stack crds +- name: Apply aes-crds manifest. + kubernetes.core.k8s: + kubeconfig: "{{ kubeconfig_path }}" + state: present + src: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/edge-stack/templates/aes-crds.yaml" + # Adding the datawire chart repo - name: Add datawire chart repo kubernetes.core.helm_repository: @@ -99,3 +121,4 @@ component_type: "Pod" label_selectors: - app.kubernetes.io/name=edge-stack + diff --git a/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-resources.tpl b/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-resources.tpl index a77cc6ea09f..7f4c7bf0374 100644 --- a/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-resources.tpl +++ b/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-resources.tpl @@ -17,3 +17,16 @@ spec: namespace: {{ ambassadorDefaultTlsSecretNamespace }} tls: min_tls_version: v1.2 +{% if network.type == 'indy' %} +--- +apiVersion: getambassador.io/v3alpha1 +kind: Module +metadata: + name: ambassador-module + namespace: ambassador +spec: + config: + use_proxy_proto: true + use_remote_address: false +{% endif %} + diff --git a/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-values.tpl b/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-values.tpl index 02e4e5cf28b..dae458b6b3b 100644 --- a/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-values.tpl +++ b/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-values.tpl @@ -14,6 +14,12 @@ namespaceOverride: '' # Emissary Chart Values. emissary-ingress: service: +{% if network.type == 'indy' %} + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" + service.beta.kubernetes.io/aws-load-balancer-eip-allocations: "{{ elastic_ip }}" +{% endif %} type: LoadBalancer # Note that target http ports need to match your ambassador configurations service_port @@ -30,7 +36,7 @@ emissary-ingress: port: {{ port | int }} targetPort: {{ port | int }} {% endfor %} -{% if (port_range_from and port_range_to) is defined %} +{% if (port_range_from is defined) and (port_range_to is defined) %} {% for port in range(port_range_from | int, port_range_to | int + 1) %} - name: tcp-{{ port }} port: {{ port }} @@ -62,3 +68,4 @@ licenseKey: secretName: # Annotations to attach to the license-key-secret. annotations: {} + diff --git a/platforms/shared/configuration/setup-k8s-environment.yaml b/platforms/shared/configuration/setup-k8s-environment.yaml index 6fc20524b39..e0e8d5eb1cd 100644 --- a/platforms/shared/configuration/setup-k8s-environment.yaml +++ b/platforms/shared/configuration/setup-k8s-environment.yaml @@ -45,19 +45,6 @@ loop_var: organizationItem when: organizationItem.services.stewards is defined and network['type'] == 'indy' - # Setup ambassador legacy - - include_role: - name: setup/ambassador - vars: - kubeconfig_path: "{{ item.k8s.config_file }}" - kubecontext: "{{ item.k8s.context }}" - aws: "{{ item.aws }}" - organization: "{{ item }}" - with_items: "{{ network.organizations }}" - when: - - network.env.proxy == 'ambassador' - - network['type'] == 'indy' - # Setup ambassador edge stack (enabled for besu and quorum) - include_role: name: setup/edge-stack @@ -69,7 +56,6 @@ with_items: "{{ network.organizations }}" when: - network.env.proxy == 'ambassador' - - network['type'] != 'indy' # Installs cert-manager - include_role: