From 1d07dfb1dbdfc9df153c84e185758df4c03b7d49 Mon Sep 17 00:00:00 2001 From: jonahjon Date: Tue, 27 Jun 2023 11:18:23 -0500 Subject: [PATCH] patching_helm_charts_packages Signed-off-by: jonahjon --- Makefile | 12 +- build-aux/prelude_go.mk | 2 +- charts/crds/.helmignore | 23 + charts/crds/Chart.yaml | 6 + charts/crds/README.md | 11 + charts/crds/templates/_helpers.tpl | 4 + charts/crds/templates/apiext.yaml | 186 + charts/crds/templates/crds.yaml | 5257 +++++++++++++++++ charts/crds/templates/namespace.yaml | 6 + charts/crds/values.yaml | 11 + charts/emissary-ingress/.gitignore | 4 - .../{Chart.yaml.in => Chart.yaml} | 33 +- charts/emissary-ingress/OWNERS | 10 - .../emissary-ingress/ci.in/01-psp-values.yaml | 41 - .../emissary-ingress/ci.in/06-hpa-values.yaml | 9 - .../ci.in/08-single-namespace-values.yaml | 9 - .../ci.in/09-redis-false-values.yaml | 10 - .../ci.in/12-daemonset-values.yaml | 9 - .../ci.in/14-deployment-labels.yaml | 4 - .../ci.in/15-test-resolvers.yaml | 12 - .../ci.in/16-test-module.yaml | 10 - .../ci.in/17-test-canary.yaml | 7 - .../ci.in/18-test-progress-deadline.yaml | 3 - .../ci.in/19-test-lifecycle-values.yaml | 15 - .../ci.in/tests/manifests/backend.yaml | 47 - .../tests/manifests/ci-default-values.yaml | 9 - .../ci.in/tests/manifests/helm-init.yaml | 18 - .../ci.in/tests/manifests/helm2-values.yaml | 2 - .../ci.in/tests/manifests/tls.yaml | 18 - charts/emissary-ingress/readme.tpl | 87 - charts/emissary-ingress/templates/NOTES.txt | 14 +- .../emissary-ingress/templates/_helpers.tpl | 17 +- .../templates/admin-service.yaml | 2 +- .../templates/ambassador-agent.yaml | 284 - charts/emissary-ingress/templates/config.yaml | 2 +- .../templates/deployment-canary.yaml | 4 +- .../templates/deployment.yaml | 6 +- .../templates/exporter-config.yaml | 2 +- charts/emissary-ingress/templates/hpa.yaml | 2 +- .../emissary-ingress/templates/listener.yaml | 4 +- charts/emissary-ingress/templates/module.yaml | 2 +- .../emissary-ingress/templates/namespace.yaml | 2 +- charts/emissary-ingress/templates/pdb.yaml | 2 +- .../templates/podsecuritypolicy.yaml | 2 +- charts/emissary-ingress/templates/rbac.yaml | 8 +- .../emissary-ingress/templates/resolvers.yaml | 4 +- .../templates/service-canary.yaml | 4 +- .../emissary-ingress/templates/service.yaml | 4 +- .../templates/serviceaccount.yaml | 2 +- .../templates/servicemonitor.yaml | 4 +- .../{values.yaml.in => values.yaml} | 51 +- 51 files changed, 5573 insertions(+), 724 deletions(-) create mode 100644 charts/crds/.helmignore create mode 100644 charts/crds/Chart.yaml create mode 100644 charts/crds/README.md create mode 100644 charts/crds/templates/_helpers.tpl create mode 100644 charts/crds/templates/apiext.yaml create mode 100644 charts/crds/templates/crds.yaml create mode 100644 charts/crds/templates/namespace.yaml create mode 100644 charts/crds/values.yaml rename charts/emissary-ingress/{Chart.yaml.in => Chart.yaml} (54%) delete mode 100644 charts/emissary-ingress/OWNERS delete mode 100644 charts/emissary-ingress/ci.in/01-psp-values.yaml delete mode 100644 charts/emissary-ingress/ci.in/06-hpa-values.yaml delete mode 100644 charts/emissary-ingress/ci.in/08-single-namespace-values.yaml delete mode 100644 charts/emissary-ingress/ci.in/09-redis-false-values.yaml delete mode 100644 charts/emissary-ingress/ci.in/12-daemonset-values.yaml delete mode 100644 charts/emissary-ingress/ci.in/14-deployment-labels.yaml delete mode 100644 charts/emissary-ingress/ci.in/15-test-resolvers.yaml delete mode 100644 charts/emissary-ingress/ci.in/16-test-module.yaml delete mode 100644 charts/emissary-ingress/ci.in/17-test-canary.yaml delete mode 100644 charts/emissary-ingress/ci.in/18-test-progress-deadline.yaml delete mode 100644 charts/emissary-ingress/ci.in/19-test-lifecycle-values.yaml delete mode 100644 charts/emissary-ingress/ci.in/tests/manifests/backend.yaml delete mode 100644 charts/emissary-ingress/ci.in/tests/manifests/ci-default-values.yaml delete mode 100644 charts/emissary-ingress/ci.in/tests/manifests/helm-init.yaml delete mode 100644 charts/emissary-ingress/ci.in/tests/manifests/helm2-values.yaml delete mode 100644 charts/emissary-ingress/ci.in/tests/manifests/tls.yaml delete mode 100644 charts/emissary-ingress/readme.tpl delete mode 100644 charts/emissary-ingress/templates/ambassador-agent.yaml rename charts/emissary-ingress/{values.yaml.in => values.yaml} (89%) diff --git a/Makefile b/Makefile index ba986e954..b0daa056a 100644 --- a/Makefile +++ b/Makefile @@ -19,12 +19,12 @@ _go-version/deps = docker/base-python/Dockerfile _go-version/cmd = sed -En 's,.*https://dl\.google\.com/go/go([0-9a-z.-]*)\.linux-amd64\.tar\.gz.*,\1,p' < $(_go-version/deps) ifneq ($(MAKECMDGOALS),$(OSS_HOME)/build-aux/go-version.txt) $(call _prelude.go.ensure,$(shell $(_go-version/cmd))) - ifneq ($(filter $(shell go env GOROOT),$(subst :, ,$(shell go env GOPATH))),) - $(error Your $$GOPATH (where *your* Go stuff goes) and $$GOROOT (where Go *itself* is installed) are both set to the same directory ($(shell go env GOROOT)); it is remarkable that it has not blown up catastrophically before now) - endif - ifneq ($(foreach gopath,$(subst :, ,$(shell go env GOPATH)),$(filter $(gopath)/%,$(CURDIR))),) - $(error Your emissary.git checkout is inside of your $$GOPATH ($(shell go env GOPATH)); Emissary-ingress uses Go modules and so GOPATH need not be pointed at it (in a post-modules world, the only role of GOPATH is to store the module download cache); and indeed some of the Kubernetes tools will get confused if GOPATH is pointed at it) - endif +# ifneq ($(filter $(shell go env GOROOT),$(subst :, ,$(shell go env GOPATH))),) +# $(error Your $$GOPATH (where *your* Go stuff goes) and $$GOROOT (where Go *itself* is installed) are both set to the same directory ($(shell go env GOROOT)); it is remarkable that it has not blown up catastrophically before now) +# endif +# ifneq ($(foreach gopath,$(subst :, ,$(shell go env GOPATH)),$(filter $(gopath)/%,$(CURDIR))),) +# $(error Your emissary.git checkout is inside of your $$GOPATH ($(shell go env GOPATH)); Emissary-ingress uses Go modules and so GOPATH need not be pointed at it (in a post-modules world, the only role of GOPATH is to store the module download cache); and indeed some of the Kubernetes tools will get confused if GOPATH is pointed at it) +# endif VERSION := $(or $(VERSION),$(shell go run ./tools/src/goversion)) $(if $(filter v3.%,$(VERSION)),\ diff --git a/build-aux/prelude_go.mk b/build-aux/prelude_go.mk index 9547b2ca7..7de3d3244 100644 --- a/build-aux/prelude_go.mk +++ b/build-aux/prelude_go.mk @@ -75,7 +75,7 @@ _prelude.go.VERSION.ge = $(call _prelude.go.VERSION._ge,$(call _prelude.go.VERSI # # Evaluates to $(TRUE) if `go` is >= the specified version, $(FALSE) # otherwise. -_prelude.go.VERSION.HAVE = $(if $(_prelude.go.HAVE),$(call _prelude.go.VERSION.ge,$(_prelude.go.VERSION),$1)) +_prelude.go.VERSION.HAVE = $(TRUE) # # Building Go programs for use by build-aux diff --git a/charts/crds/.helmignore b/charts/crds/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/crds/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/crds/Chart.yaml b/charts/crds/Chart.yaml new file mode 100644 index 000000000..5341adee3 --- /dev/null +++ b/charts/crds/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: v3.6.0 +description: Emissary CRDs +type: application +version: 3.6.0-d0c301dec3634d263f8957745c8557a39caf8204 +name: crds diff --git a/charts/crds/README.md b/charts/crds/README.md new file mode 100644 index 000000000..fe60db2a3 --- /dev/null +++ b/charts/crds/README.md @@ -0,0 +1,11 @@ +# crds + +![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) + +Emissary CRDs + +**Homepage:** + +## Source Code + +* diff --git a/charts/crds/templates/_helpers.tpl b/charts/crds/templates/_helpers.tpl new file mode 100644 index 000000000..084b6db5f --- /dev/null +++ b/charts/crds/templates/_helpers.tpl @@ -0,0 +1,4 @@ +{{/* Generate image repository path. */}} +{{- define "image.repository.path" -}} +{{- .repository }}@{{ .digest -}} +{{- end -}} diff --git a/charts/crds/templates/apiext.yaml b/charts/crds/templates/apiext.yaml new file mode 100644 index 000000000..cee6c1874 --- /dev/null +++ b/charts/crds/templates/apiext.yaml @@ -0,0 +1,186 @@ +################################################################################ +# Cluster permissions # +################################################################################ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: emissary-apiext + namespace: emissary-system + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: emissary-apiext + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext +rules: + - apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + verbs: [ "list", "watch" ] + - apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + resourceNames: + - authservices.getambassador.io + - consulresolvers.getambassador.io + - devportals.getambassador.io + - hosts.getambassador.io + - kubernetesendpointresolvers.getambassador.io + - kubernetesserviceresolvers.getambassador.io + - listeners.getambassador.io + - logservices.getambassador.io + - mappings.getambassador.io + - modules.getambassador.io + - ratelimitservices.getambassador.io + - tcpmappings.getambassador.io + - tlscontexts.getambassador.io + - tracingservices.getambassador.io + verbs: [ "update" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: emissary-apiext + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: emissary-apiext +subjects: + - kind: ServiceAccount + namespace: emissary-system + name: emissary-apiext +--- +################################################################################ +# Namespaced permissions # +################################################################################ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: emissary-apiext + namespace: emissary-system + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["emissary-ingress-webhook-ca"] + verbs: ["get", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: emissary-apiext + namespace: emissary-system + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: emissary-apiext +subjects: +- kind: ServiceAccount + namespace: emissary-system + name: emissary-apiext +--- +################################################################################ +# Main # +################################################################################ +--- +apiVersion: v1 +kind: Service +metadata: + name: emissary-apiext + namespace: emissary-system + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext +spec: + type: ClusterIP + ports: + - name: https + port: 443 + targetPort: https + selector: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: emissary-apiext + namespace: emissary-system + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext +spec: + selector: + matchLabels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + replicas: 2 + template: + metadata: + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + spec: + serviceAccountName: emissary-apiext + containers: + - name: emissary-apiext + image: {{ .Values.sourceRegistry }}/{{ include "image.repository.path" .Values.image }} + imagePullPolicy: Always + command: [ "apiext", "emissary-apiext" ] + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + startupProbe: + httpGet: + path: /probes/live + port: 8080 + failureThreshold: 10 + periodSeconds: 3 + livenessProbe: + httpGet: + scheme: HTTP + path: /probes/live + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 3 + failureThreshold: 3 + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/crds/templates/crds.yaml b/charts/crds/templates/crds.yaml new file mode 100644 index 000000000..a9c12386d --- /dev/null +++ b/charts/crds/templates/crds.yaml @@ -0,0 +1,5257 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: authservices.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: AuthService + listKind: AuthServiceList + plural: authservices + singular: authservice + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: AuthService is the Schema for the authservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AuthServiceSpec defines the desired state of AuthService + properties: + add_auth_headers: + additionalProperties: + type: string + type: object + add_linkerd_headers: + type: boolean + allow_request_body: + type: boolean + allowed_authorization_headers: + items: + type: string + type: array + allowed_request_headers: + items: + type: string + type: array + auth_service: + type: string + failure_mode_allow: + type: boolean + include_body: + properties: + allow_partial: + type: boolean + max_bytes: + description: These aren't pointer types because they are required. + type: integer + required: + - allow_partial + - max_bytes + type: object + path_prefix: + type: string + proto: + enum: + - http + - grpc + type: string + protocol_version: + enum: + - v2 + - v3 + type: string + status_on_error: + description: Why isn't this just an int?? + properties: + code: + type: integer + type: object + timeout_ms: + type: integer + v3CircuitBreakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + v3StatsName: + type: string + required: + - auth_service + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: AuthService is the Schema for the authservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AuthServiceSpec defines the desired state of AuthService + properties: + add_auth_headers: + additionalProperties: + type: string + type: object + add_linkerd_headers: + type: boolean + allow_request_body: + type: boolean + allowed_authorization_headers: + items: + type: string + type: array + allowed_request_headers: + items: + type: string + type: array + auth_service: + type: string + failure_mode_allow: + type: boolean + include_body: + properties: + allow_partial: + type: boolean + max_bytes: + description: These aren't pointer types because they are required. + type: integer + required: + - allow_partial + - max_bytes + type: object + path_prefix: + type: string + proto: + enum: + - http + - grpc + type: string + protocol_version: + enum: + - v2 + - v3 + type: string + status_on_error: + description: Why isn't this just an int?? + properties: + code: + type: integer + type: object + timeout_ms: + type: integer + v3CircuitBreakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + v3StatsName: + type: string + required: + - auth_service + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: AuthService is the Schema for the authservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AuthServiceSpec defines the desired state of AuthService + properties: + add_auth_headers: + additionalProperties: + type: string + type: object + add_linkerd_headers: + type: boolean + allow_request_body: + description: 'TODO(lukeshu): In v3alpha2, drop allow_request_body + in favor of include_body. allow_request_body has been deprecated + for a long time.' + type: boolean + allowed_authorization_headers: + items: + type: string + type: array + allowed_request_headers: + items: + type: string + type: array + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + auth_service: + description: 'TODO(lukeshu): In v3alpha2, consider renameing `auth_service` + to just `service`, for consistency with the other resource types.' + type: string + circuit_breakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + failure_mode_allow: + type: boolean + include_body: + properties: + allow_partial: + type: boolean + max_bytes: + description: These aren't pointer types because they are required. + type: integer + required: + - allow_partial + - max_bytes + type: object + path_prefix: + type: string + proto: + enum: + - http + - grpc + type: string + protocol_version: + description: ProtocolVersion is the envoy api transport protocol version + enum: + - v2 + - v3 + type: string + stats_name: + type: string + status_on_error: + description: 'TODO(lukeshu): In v3alpha2, consider getting rid of + this struct type in favor of just using an int (i.e. `statusOnError: + 500` instead of the current `statusOnError: { code: 500 }`).' + properties: + code: + type: integer + type: object + timeout_ms: + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' + type: integer + tls: + type: string + v2ExplicitTLS: + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. + properties: + serviceScheme: + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." + pattern: ^([hH][tT][tT][pP][sS]?://)?$ + type: string + tls: + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." + enum: + - "" + - "null" + - bool:true + - bool:false + - string + type: string + type: object + required: + - auth_service + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: consulresolvers.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: ConsulResolver + listKind: ConsulResolverList + plural: consulresolvers + singular: consulresolver + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ConsulResolver is the Schema for the ConsulResolver API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsulResolver tells Ambassador to use Consul to resolve + services. In addition to the AmbassadorID, it needs information about + which Consul server and DC to use. + properties: + address: + type: string + datacenter: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: ConsulResolver is the Schema for the ConsulResolver API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsulResolver tells Ambassador to use Consul to resolve + services. In addition to the AmbassadorID, it needs information about + which Consul server and DC to use. + properties: + address: + type: string + datacenter: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: ConsulResolver is the Schema for the ConsulResolver API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsulResolver tells Ambassador to use Consul to resolve + services. In addition to the AmbassadorID, it needs information about + which Consul server and DC to use. + properties: + address: + type: string + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + datacenter: + type: string + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: devportals.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: DevPortal + listKind: DevPortalList + plural: devportals + singular: devportal + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "DevPortal is the Schema for the DevPortals API \n DevPortal + resources specify the `what` and `how` is shown in a DevPortal: \n 1. `what` + is in a DevPortal can be controlled with \n - a `selector`, that can + be used for filtering `Mappings`. \n - a `docs` listing of (services, + url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git repository + \ with go-templates/markdown/css). \n Multiple `DevPortal`s can exist + in the cluster, and the Dev Portal server will show them at different endpoints. + A `DevPortal` resource with a special name, `ambassador`, will be used for + configuring the default Dev Portal (served at `/docs/` by default)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DevPortalSpec defines the desired state of DevPortal + properties: + content: + description: Content specifies where the content shown in the DevPortal + come from + properties: + branch: + type: string + dir: + type: string + url: + type: string + type: object + default: + description: Default must be true when this is the default DevPortal + type: boolean + docs: + description: Docs is a static docs definition + items: + description: 'DevPortalDocsSpec is a static documentation definition: + instead of using a Selector for finding documentation for services, + users can provide a static list of : tuples. These + services will be shown in the Dev Portal with the documentation + obtained from this URL.' + properties: + service: + description: Service is the service being documented + type: string + timeout_ms: + description: Timeout specifies the amount of time devportal + will wait for the downstream service to report an openapi + spec back + type: integer + url: + description: URL is the URL used for obtaining docs + type: string + type: object + type: array + naming_scheme: + description: Describes how to display "services" in the DevPortal. + Default namespace.name + enum: + - namespace.name + - name.prefix + type: string + preserve_servers: + description: Configures this DevPortal to use server definitions from + the openAPI doc instead of rewriting them based on the url used + for the connection. + type: boolean + search: + description: DevPortalSearchSpec allows configuration over search + functionality for the DevPortal + properties: + enabled: + type: boolean + type: + description: 'Type of search. "title-only" does a fuzzy search + over openapi and page titles "all-content" will fuzzy search + over all openapi and page content. "title-only" is the default. + warning: using all-content may incur a larger memory footprint' + enum: + - title-only + - all-content + type: string + type: object + selector: + description: Selector is used for choosing what is shown in the DevPortal + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels specifies the list of labels that must + be present in Mappings for being present in this DevPortal. + type: object + matchNamespaces: + description: MatchNamespaces is a list of namespaces that will + be included in this DevPortal. + items: + type: string + type: array + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: "DevPortal is the Schema for the DevPortals API \n DevPortal + resources specify the `what` and `how` is shown in a DevPortal: \n 1. `what` + is in a DevPortal can be controlled with \n - a `selector`, that can + be used for filtering `Mappings`. \n - a `docs` listing of (services, + url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git repository + \ with go-templates/markdown/css). \n Multiple `DevPortal`s can exist + in the cluster, and the Dev Portal server will show them at different endpoints. + A `DevPortal` resource with a special name, `ambassador`, will be used for + configuring the default Dev Portal (served at `/docs/` by default)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DevPortalSpec defines the desired state of DevPortal + properties: + content: + description: Content specifies where the content shown in the DevPortal + come from + properties: + branch: + type: string + dir: + type: string + url: + type: string + type: object + default: + description: Default must be true when this is the default DevPortal + type: boolean + docs: + description: Docs is a static docs definition + items: + description: 'DevPortalDocsSpec is a static documentation definition: + instead of using a Selector for finding documentation for services, + users can provide a static list of : tuples. These + services will be shown in the Dev Portal with the documentation + obtained from this URL.' + properties: + service: + description: Service is the service being documented + type: string + timeout_ms: + description: Timeout specifies the amount of time devportal + will wait for the downstream service to report an openapi + spec back + type: integer + url: + description: URL is the URL used for obtaining docs + type: string + type: object + type: array + naming_scheme: + description: Describes how to display "services" in the DevPortal. + Default namespace.name + enum: + - namespace.name + - name.prefix + type: string + preserve_servers: + description: Configures this DevPortal to use server definitions from + the openAPI doc instead of rewriting them based on the url used + for the connection. + type: boolean + search: + description: DevPortalSearchSpec allows configuration over search + functionality for the DevPortal + properties: + enabled: + type: boolean + type: + description: 'Type of search. "title-only" does a fuzzy search + over openapi and page titles "all-content" will fuzzy search + over all openapi and page content. "title-only" is the default. + warning: using all-content may incur a larger memory footprint' + enum: + - title-only + - all-content + type: string + type: object + selector: + description: Selector is used for choosing what is shown in the DevPortal + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels specifies the list of labels that must + be present in Mappings for being present in this DevPortal. + type: object + matchNamespaces: + description: MatchNamespaces is a list of namespaces that will + be included in this DevPortal. + items: + type: string + type: array + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: "DevPortal is the Schema for the DevPortals API \n DevPortal + resources specify the `what` and `how` is shown in a DevPortal: \n 1. `what` + is in a DevPortal can be controlled with \n - a `selector`, that can + be used for filtering `Mappings`. \n - a `docs` listing of (services, + url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git repository + \ with go-templates/markdown/css). \n Multiple `DevPortal`s can exist + in the cluster, and the Dev Portal server will show them at different endpoints. + A `DevPortal` resource with a special name, `ambassador`, will be used for + configuring the default Dev Portal (served at `/docs/` by default)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DevPortalSpec defines the desired state of DevPortal + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + content: + description: Content specifies where the content shown in the DevPortal + come from + properties: + branch: + type: string + dir: + type: string + url: + type: string + type: object + default: + description: Default must be true when this is the default DevPortal + type: boolean + docs: + description: Docs is a static docs definition + items: + description: 'DevPortalDocsSpec is a static documentation definition: + instead of using a Selector for finding documentation for services, + users can provide a static list of : tuples. These + services will be shown in the Dev Portal with the documentation + obtained from this URL.' + properties: + service: + description: Service is the service being documented + type: string + timeout_ms: + description: Timeout specifies the amount of time devportal + will wait for the downstream service to report an openapi + spec back + type: integer + url: + description: URL is the URL used for obtaining docs + type: string + type: object + type: array + naming_scheme: + description: Describes how to display "services" in the DevPortal. + Default namespace.name + enum: + - namespace.name + - name.prefix + type: string + preserve_servers: + description: Configures this DevPortal to use server definitions from + the openAPI doc instead of rewriting them based on the url used + for the connection. + type: boolean + search: + description: DevPortalSearchSpec allows configuration over search + functionality for the DevPortal + properties: + enabled: + type: boolean + type: + description: 'Type of search. "title-only" does a fuzzy search + over openapi and page titles "all-content" will fuzzy search + over all openapi and page content. "title-only" is the default. + warning: using all-content may incur a larger memory footprint' + enum: + - title-only + - all-content + type: string + type: object + selector: + description: Selector is used for choosing what is shown in the DevPortal + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels specifies the list of labels that must + be present in Mappings for being present in this DevPortal. + type: object + matchNamespaces: + description: MatchNamespaces is a list of namespaces that will + be included in this DevPortal. + items: + type: string + type: array + type: object + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: hosts.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: Host + listKind: HostList + plural: hosts + singular: host + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.hostname + name: Hostname + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .status.phaseCompleted + name: Phase Completed + type: string + - jsonPath: .status.phasePending + name: Phase Pending + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: Host is the Schema for the hosts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostSpec defines the desired state of Host + properties: + acmeProvider: + description: Specifies whether/who to talk ACME with to automatically + manage the $tlsSecret. + properties: + authority: + description: Specifies who to talk ACME with to get certs. Defaults + to Let's Encrypt; if "none" (case-insensitive), do not try to + do ACME for this Host. + type: string + email: + type: string + privateKeySecret: + description: "Specifies the Kubernetes Secret to use to store + the private key of the ACME account (essentially, where to store + the auto-generated password for the auto-created ACME account). + \ You should not normally need to set this--the default value + is based on a combination of the ACME authority being registered + wit and the email address associated with the account. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because + we're opinionated, it does not support referencing a Secret + in another namespace (because most native Kubernetes resources + don't support that), but if we ever abandon that opinion and + decide to support non-local references it, it would be by adding + a `namespace:` field by changing it from a core.v1.LocalObjectReference + to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` + notation." + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + registration: + description: This is normally set automatically + type: string + type: object + hostname: + description: Hostname by which the Ambassador can be reached. + type: string + previewUrl: + description: Configuration for the Preview URL feature of Service + Preview. Defaults to preview URLs not enabled. + properties: + enabled: + description: Is the Preview URL feature enabled? + type: boolean + type: + description: What type of Preview URL is allowed? + enum: + - Path + type: string + type: object + requestPolicy: + description: Request policy definition. + properties: + insecure: + properties: + action: + enum: + - Redirect + - Reject + - Route + type: string + additionalPort: + type: integer + type: object + type: object + selector: + description: Selector by which we can find further configuration. + Defaults to hostname=$hostname + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + tls: + description: TLS configuration. It is not valid to specify both `tlsContext` + and `tls`. + properties: + alpn_protocols: + type: string + ca_secret: + type: string + cacert_chain_file: + type: string + cert_chain_file: + type: string + cert_required: + type: boolean + cipher_suites: + items: + type: string + type: array + ecdh_curves: + items: + type: string + type: array + max_tls_version: + type: string + min_tls_version: + type: string + private_key_file: + type: string + redirect_cleartext_from: + type: integer + sni: + type: string + v3CRLSecret: + type: string + type: object + tlsContext: + description: "Name of the TLSContext the Host resource is linked with. + It is not valid to specify both `tlsContext` and `tls`. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because we're + opinionated, it does not support referencing a Secret in another + namespace (because most native Kubernetes resources don't support + that), but if we ever abandon that opinion and decide to support + non-local references it, it would be by adding a `namespace:` field + by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, + not by adopting the `{name}.{namespace}` notation." + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + tlsSecret: + description: Name of the Kubernetes secret into which to save generated + certificates. If ACME is enabled (see $acmeProvider), then the + default is $hostname; otherwise the default is "". If the value + is "", then we do not do TLS for this Host. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: HostStatus defines the observed state of Host + properties: + errorBackoff: + type: string + errorReason: + description: errorReason, errorTimestamp, and errorBackoff are valid + when state==Error. + type: string + errorTimestamp: + format: date-time + type: string + phaseCompleted: + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. + enum: + - NA + - DefaultsFilled + - ACMEUserPrivateKeyCreated + - ACMEUserRegistered + - ACMECertificateChallenge + type: string + phasePending: + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. + enum: + - NA + - DefaultsFilled + - ACMEUserPrivateKeyCreated + - ACMEUserRegistered + - ACMECertificateChallenge + type: string + state: + description: The first value listed in the Enum marker becomes the + "zero" value, and it would be great if "Pending" could be the default + value; but it's Important that the "zero" value be able to be shown + as empty/omitted from display, and we really do want `kubectl get + hosts` to say "Pending" in the "STATE" column, and not leave the + column empty. + enum: + - Initial + - Pending + - Ready + - Error + type: string + tlsCertificateSource: + enum: + - Unknown + - None + - Other + - ACME + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.hostname + name: Hostname + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .status.phaseCompleted + name: Phase Completed + type: string + - jsonPath: .status.phasePending + name: Phase Pending + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v3alpha1 + schema: + openAPIV3Schema: + description: Host is the Schema for the hosts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostSpec defines the desired state of Host + properties: + acmeProvider: + description: Specifies whether/who to talk ACME with to automatically + manage the $tlsSecret. + properties: + authority: + description: Specifies who to talk ACME with to get certs. Defaults + to Let's Encrypt; if "none" (case-insensitive), do not try to + do ACME for this Host. + type: string + email: + type: string + privateKeySecret: + description: "Specifies the Kubernetes Secret to use to store + the private key of the ACME account (essentially, where to store + the auto-generated password for the auto-created ACME account). + \ You should not normally need to set this--the default value + is based on a combination of the ACME authority being registered + wit and the email address associated with the account. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because + we're opinionated, it does not support referencing a Secret + in another namespace (because most native Kubernetes resources + don't support that), but if we ever abandon that opinion and + decide to support non-local references it, it would be by adding + a `namespace:` field by changing it from a core.v1.LocalObjectReference + to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` + notation." + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + registration: + description: This is normally set automatically + type: string + type: object + ambassador_id: + description: Common to all Ambassador objects (and optional). + items: + type: string + type: array + hostname: + description: Hostname by which the Ambassador can be reached. + type: string + mappingSelector: + description: Selector for Mappings we'll associate with this Host. + At the moment, Selector and MappingSelector are synonyms, but that + will change soon. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + previewUrl: + description: Configuration for the Preview URL feature of Service + Preview. Defaults to preview URLs not enabled. + properties: + enabled: + description: Is the Preview URL feature enabled? + type: boolean + type: + description: What type of Preview URL is allowed? + enum: + - Path + type: string + type: object + requestPolicy: + description: Request policy definition. + properties: + insecure: + properties: + action: + enum: + - Redirect + - Reject + - Route + type: string + additionalPort: + type: integer + type: object + type: object + selector: + description: "DEPRECATED: Selector by which we can find further configuration. + Use MappingSelector instead. \n TODO(lukeshu): In v3alpha2, figure + out how to get rid of HostSpec.DeprecatedSelector." + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + tls: + description: TLS configuration. It is not valid to specify both `tlsContext` + and `tls`. + properties: + alpn_protocols: + type: string + ca_secret: + type: string + cacert_chain_file: + type: string + cert_chain_file: + type: string + cert_required: + type: boolean + cipher_suites: + items: + type: string + type: array + crl_secret: + type: string + ecdh_curves: + items: + type: string + type: array + max_tls_version: + type: string + min_tls_version: + type: string + private_key_file: + type: string + redirect_cleartext_from: + type: integer + sni: + type: string + type: object + tlsContext: + description: "Name of the TLSContext the Host resource is linked with. + It is not valid to specify both `tlsContext` and `tls`. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because we're + opinionated, it does not support referencing a Secret in another + namespace (because most native Kubernetes resources don't support + that), but if we ever abandon that opinion and decide to support + non-local references it, it would be by adding a `namespace:` field + by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, + not by adopting the `{name}.{namespace}` notation." + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + tlsSecret: + description: Name of the Kubernetes secret into which to save generated + certificates. If ACME is enabled (see $acmeProvider), then the + default is $hostname; otherwise the default is "". If the value + is "", then we do not do TLS for this Host. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + type: object + status: + description: HostStatus defines the observed state of Host + properties: + errorBackoff: + type: string + errorReason: + description: errorReason, errorTimestamp, and errorBackoff are valid + when state==Error. + type: string + errorTimestamp: + format: date-time + type: string + phaseCompleted: + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. + enum: + - NA + - DefaultsFilled + - ACMEUserPrivateKeyCreated + - ACMEUserRegistered + - ACMECertificateChallenge + type: string + phasePending: + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. + enum: + - NA + - DefaultsFilled + - ACMEUserPrivateKeyCreated + - ACMEUserRegistered + - ACMECertificateChallenge + type: string + state: + description: The first value listed in the Enum marker becomes the + "zero" value, and it would be great if "Pending" could be the default + value; but it's Important that the "zero" value be able to be shown + as empty/omitted from display, and we really do want `kubectl get + hosts` to say "Pending" in the "STATE" column, and not leave the + column empty. + enum: + - Initial + - Pending + - Ready + - Error + type: string + tlsCertificateSource: + enum: + - Unknown + - None + - Other + - ACME + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: kubernetesendpointresolvers.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: KubernetesEndpointResolver + listKind: KubernetesEndpointResolverList + plural: kubernetesendpointresolvers + singular: kubernetesendpointresolver + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubernetesEndpointResolver tells Ambassador to use Kubernetes + Endpoints resources to resolve services. It actually has no spec other + than the AmbassadorID. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubernetesEndpointResolver tells Ambassador to use Kubernetes + Endpoints resources to resolve services. It actually has no spec other + than the AmbassadorID. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubernetesEndpointResolver tells Ambassador to use Kubernetes + Endpoints resources to resolve services. It actually has no spec other + than the AmbassadorID. + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: kubernetesserviceresolvers.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: KubernetesServiceResolver + listKind: KubernetesServiceResolverList + plural: kubernetesserviceresolvers + singular: kubernetesserviceresolver + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubernetesServiceResolver tells Ambassador to use Kubernetes + Service resources to resolve services. It actually has no spec other + than the AmbassadorID. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubernetesServiceResolver tells Ambassador to use Kubernetes + Service resources to resolve services. It actually has no spec other + than the AmbassadorID. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubernetesServiceResolver tells Ambassador to use Kubernetes + Service resources to resolve services. It actually has no spec other + than the AmbassadorID. + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: listeners.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: Listener + listKind: ListenerList + plural: listeners + singular: listener + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.port + name: Port + type: string + - jsonPath: .spec.protocol + name: Protocol + type: string + - jsonPath: .spec.protocolStack + name: Stack + type: string + - jsonPath: .spec.statsPrefix + name: StatsPrefix + type: string + - jsonPath: .spec.securityModel + name: Security + type: string + - jsonPath: .spec.l7Depth + name: L7Depth + type: string + name: v3alpha1 + schema: + openAPIV3Schema: + description: Listener is the Schema for the hosts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ListenerSpec defines the desired state of this Port + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + hostBinding: + description: HostBinding allows restricting which Hosts will be used + for this Listener. + properties: + namespace: + description: NamespaceBindingType defines we we specify which + namespaces to look for Hosts in. + properties: + from: + description: NamespaceFromType defines how we evaluate a NamespaceBindingType. + enum: + - SELF + - ALL + - SELECTOR + type: string + type: object + selector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + type: object + l7Depth: + description: L7Depth specifies how many layer 7 load balancers are + between us and the edge of the network. + format: int32 + type: integer + port: + description: Port is the network port. Only one Listener can use a + given port. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: Protocol is a shorthand for certain predefined stacks. + Exactly one of Protocol or ProtocolStack must be supplied. + enum: + - HTTP + - HTTPS + - HTTPPROXY + - HTTPSPROXY + - TCP + - TLS + - UDP + type: string + protocolStack: + description: ProtocolStack explicitly specifies the protocol stack + to set up. Exactly one of Protocol or ProtocolStack must be supplied. + items: + description: ProtocolStackElement defines specific layers that may + be combined in a protocol stack for processing connections to + a port. + enum: + - HTTP + - PROXY + - TLS + - TCP + - UDP + type: string + type: array + securityModel: + description: SecurityModel specifies how to determine whether connections + to this port are secure or insecure. + enum: + - XFP + - SECURE + - INSECURE + type: string + statsPrefix: + description: 'StatsPrefix specifies the prefix for statistics sent + by Envoy about this Listener. The default depends on the protocol: + "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".' + type: string + required: + - hostBinding + - port + - securityModel + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: logservices.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: LogService + listKind: LogServiceList + plural: logservices + singular: logservice + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: LogService is the Schema for the logservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LogServiceSpec defines the desired state of LogService + properties: + driver: + enum: + - tcp + - http + type: string + driver_config: + properties: + additional_log_headers: + items: + properties: + during_request: + type: boolean + during_response: + type: boolean + during_trailer: + type: boolean + header_name: + type: string + type: object + type: array + type: object + flush_interval_byte_size: + type: integer + flush_interval_time: + type: integer + grpc: + type: boolean + service: + type: string + v3ProtocolVersion: + enum: + - v2 + - v3 + type: string + v3StatsName: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: LogService is the Schema for the logservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LogServiceSpec defines the desired state of LogService + properties: + driver: + enum: + - tcp + - http + type: string + driver_config: + properties: + additional_log_headers: + items: + properties: + during_request: + type: boolean + during_response: + type: boolean + during_trailer: + type: boolean + header_name: + type: string + type: object + type: array + type: object + flush_interval_byte_size: + type: integer + flush_interval_time: + type: integer + grpc: + type: boolean + service: + type: string + v3ProtocolVersion: + enum: + - v2 + - v3 + type: string + v3StatsName: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: LogService is the Schema for the logservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LogServiceSpec defines the desired state of LogService + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + driver: + enum: + - tcp + - http + type: string + driver_config: + properties: + additional_log_headers: + items: + properties: + during_request: + type: boolean + during_response: + type: boolean + during_trailer: + type: boolean + header_name: + type: string + type: object + type: array + type: object + flush_interval_byte_size: + type: integer + flush_interval_time: + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}s`/`SecondDuration` + fields to `{foo}`/`metav1.Duration`.' + type: integer + grpc: + description: 'TODO(lukeshu): In v3alpha2, drop this LogService.spec.grpc. Due + to sloppy implementation it is required to be present, and required + to be ''true''. It is silly to have a required field with only + one valid value, we should just remove the thing.' + type: boolean + protocol_version: + description: ProtocolVersion is the envoy api transport protocol version + enum: + - v2 + - v3 + type: string + service: + type: string + stats_name: + type: string + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: mappings.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: Mapping + listKind: MappingList + plural: mappings + singular: mapping + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.host + name: Source Host + type: string + - jsonPath: .spec.prefix + name: Source Prefix + type: string + - jsonPath: .spec.service + name: Dest Service + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .status.reason + name: Reason + type: string + name: v1 + schema: + openAPIV3Schema: + description: Mapping is the Schema for the mappings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MappingSpec defines the desired state of Mapping + properties: + add_linkerd_headers: + type: boolean + add_request_headers: + type: object + x-kubernetes-preserve-unknown-fields: true + add_response_headers: + type: object + x-kubernetes-preserve-unknown-fields: true + allow_upgrade: + description: "A case-insensitive list of the non-HTTP protocols to + allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" + mechanism[1]. After the upgrade, Ambassador does not interpret + the traffic, and behaves similarly to how it does for TCPMappings. + \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, + if your upstream service supports WebSockets, you would write \n + \ allow_upgrade: - websocket \n Or if your upstream service + supports upgrading from HTTP to SPDY (as the Kubernetes apiserver + does for `kubectl exec` functionality), you would write \n allow_upgrade: + \ - spdy/3.1" + items: + type: string + type: array + auth_context_extensions: + additionalProperties: + type: string + type: object + auto_host_rewrite: + type: boolean + bypass_auth: + type: boolean + bypass_error_response_overrides: + description: If true, bypasses any `error_response_overrides` set + on the Ambassador module. + type: boolean + case_sensitive: + type: boolean + circuit_breakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + cluster_idle_timeout_ms: + type: integer + cluster_max_connection_lifetime_ms: + type: integer + cluster_tag: + type: string + connect_timeout_ms: + type: integer + cors: + properties: + credentials: + type: boolean + max_age: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + dns_type: + type: string + docs: + description: DocsInfo provides some extra information about the docs + for the Mapping (used by the Dev Portal) + properties: + display_name: + type: string + ignored: + type: boolean + path: + type: string + timeout_ms: + type: integer + url: + type: string + type: object + enable_ipv4: + type: boolean + enable_ipv6: + type: boolean + envoy_override: + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. + type: object + x-kubernetes-preserve-unknown-fields: true + error_response_overrides: + description: Error response overrides for this Mapping. Replaces all + of the `error_response_overrides` set on the Ambassador module, + if any. + items: + description: A response rewrite for an HTTP error response + properties: + body: + description: The new response body + properties: + content_type: + description: The content type to set on the error response + body when using text_format or text_format_source. Defaults + to 'text/plain'. + type: string + json_format: + additionalProperties: + type: string + description: 'A JSON response with content-type: application/json. + The values can contain format text like in text_format.' + type: object + text_format: + description: A format string representing a text response + body. Content-Type can be set using the `content_type` + field below. + type: string + text_format_source: + description: A format string sourced from a file on the + Ambassador container. Useful for larger response bodies + that should not be placed inline in configuration. + properties: + filename: + description: The name of a file on the Ambassador pod + that contains a format text string. + type: string + type: object + type: object + on_status_code: + description: The status code to match on -- not a pointer because + it's required. + maximum: 599 + minimum: 400 + type: integer + required: + - body + - on_status_code + type: object + minItems: 1 + type: array + grpc: + type: boolean + headers: + type: object + x-kubernetes-preserve-unknown-fields: true + host: + type: string + host_redirect: + type: boolean + host_regex: + type: boolean + host_rewrite: + type: string + idle_timeout_ms: + type: integer + keepalive: + properties: + idle_time: + type: integer + interval: + type: integer + probes: + type: integer + type: object + labels: + additionalProperties: + description: A MappingLabelGroupsArray is an array of MappingLabelGroups. + I know, complex. + items: + description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: + a second map, where the key is a human-readable name that identifies + the group.' + maxProperties: 1 + minProperties: 1 + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + description: A DomainMap is the overall Mapping.spec.Labels type. + It maps domains (kind of like namespaces for Mapping labels) to + arrays of label groups. + type: object + load_balancer: + properties: + cookie: + properties: + name: + type: string + path: + type: string + ttl: + type: string + required: + - name + type: object + header: + type: string + policy: + enum: + - round_robin + - ring_hash + - maglev + - least_request + type: string + source_ip: + type: boolean + required: + - policy + type: object + method: + type: string + method_regex: + type: boolean + modules: + items: + description: UntypedDict is relatively opaque as a Go type, but + it preserves its contents in a roundtrippable way. + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + outlier_detection: + type: string + path_redirect: + description: Path replacement to use when generating an HTTP redirect. + Used with `host_redirect`. + type: string + precedence: + type: integer + prefix: + type: string + prefix_exact: + type: boolean + prefix_redirect: + description: Prefix rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. + type: string + prefix_regex: + type: boolean + priority: + type: string + query_parameters: + type: object + x-kubernetes-preserve-unknown-fields: true + redirect_response_code: + description: The response code to use when generating an HTTP redirect. + Defaults to 301. Used with `host_redirect`. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + regex_headers: + additionalProperties: + type: string + type: object + regex_query_parameters: + additionalProperties: + type: string + type: object + regex_redirect: + description: Prefix regex rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. + properties: + pattern: + type: string + substitution: + type: string + type: object + regex_rewrite: + properties: + pattern: + type: string + substitution: + type: string + type: object + resolver: + type: string + respect_dns_ttl: + type: boolean + retry_policy: + properties: + num_retries: + type: integer + per_try_timeout: + type: string + retry_on: + enum: + - 5xx + - gateway-error + - connect-failure + - retriable-4xx + - refused-stream + - retriable-status-codes + type: string + type: object + rewrite: + type: string + service: + type: string + shadow: + type: boolean + timeout_ms: + description: The timeout for requests that use this Mapping. Overrides + `cluster_request_timeout_ms` set on the Ambassador Module, if it + exists. + type: integer + use_websocket: + description: 'use_websocket is deprecated, and is equivlaent to setting + `allow_upgrade: ["websocket"]`' + type: boolean + v3StatsName: + type: string + v3health_checks: + items: + description: HealthCheck specifies settings for performing active + health checking on upstreams + properties: + health_check: + description: Configuration for where the healthcheck request + should be made to + maxProperties: 1 + minProperties: 1 + properties: + grpc: + description: HealthCheck for gRPC upstreams. Only one of + grpc_health_check or http_health_check may be specified + properties: + authority: + description: The value of the :authority header in the + gRPC health check request. If left empty the upstream + name will be used. + type: string + upstream_name: + description: The upstream name parameter which will + be sent to gRPC service in the health check message + type: string + required: + - upstream_name + type: object + http: + description: HealthCheck for HTTP upstreams. Only one of + http_health_check or grpc_health_check may be specified + properties: + add_request_headers: + additionalProperties: + properties: + append: + type: boolean + v2Representation: + enum: + - "" + - string + - "null" + type: string + value: + type: string + type: object + type: object + expected_statuses: + items: + description: A range of response statuses from Start + to End inclusive + properties: + max: + description: End of the statuses to include. Must + be between 100 and 599 (inclusive) + maximum: 599 + minimum: 100 + type: integer + min: + description: Start of the statuses to include. + Must be between 100 and 599 (inclusive) + maximum: 599 + minimum: 100 + type: integer + required: + - max + - min + type: object + type: array + hostname: + type: string + path: + type: string + remove_request_headers: + items: + type: string + type: array + required: + - path + type: object + type: object + healthy_threshold: + description: Number of expected responses for the upstream to + be considered healthy. Defaults to 1. + type: integer + interval: + description: Interval between health checks. Defaults to every + 5 seconds. + type: string + timeout: + description: Timeout for connecting to the health checking endpoint. + Defaults to 3 seconds. + type: string + unhealthy_threshold: + description: Number of non-expected responses for the upstream + to be considered unhealthy. A single 503 will mark the upstream + as unhealthy regardless of the threshold. Defaults to 2. + type: integer + required: + - health_check + type: object + minItems: 1 + type: array + weight: + type: integer + required: + - prefix + - service + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: MappingStatus defines the observed state of Mapping + properties: + reason: + type: string + state: + enum: + - "" + - Inactive + - Running + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.host + name: Source Host + type: string + - jsonPath: .spec.prefix + name: Source Prefix + type: string + - jsonPath: .spec.service + name: Dest Service + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .status.reason + name: Reason + type: string + name: v2 + schema: + openAPIV3Schema: + description: Mapping is the Schema for the mappings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MappingSpec defines the desired state of Mapping + properties: + add_linkerd_headers: + type: boolean + add_request_headers: + type: object + x-kubernetes-preserve-unknown-fields: true + add_response_headers: + type: object + x-kubernetes-preserve-unknown-fields: true + allow_upgrade: + description: "A case-insensitive list of the non-HTTP protocols to + allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" + mechanism[1]. After the upgrade, Ambassador does not interpret + the traffic, and behaves similarly to how it does for TCPMappings. + \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, + if your upstream service supports WebSockets, you would write \n + \ allow_upgrade: - websocket \n Or if your upstream service + supports upgrading from HTTP to SPDY (as the Kubernetes apiserver + does for `kubectl exec` functionality), you would write \n allow_upgrade: + \ - spdy/3.1" + items: + type: string + type: array + auth_context_extensions: + additionalProperties: + type: string + type: object + auto_host_rewrite: + type: boolean + bypass_auth: + type: boolean + bypass_error_response_overrides: + description: If true, bypasses any `error_response_overrides` set + on the Ambassador module. + type: boolean + case_sensitive: + type: boolean + circuit_breakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + cluster_idle_timeout_ms: + type: integer + cluster_max_connection_lifetime_ms: + type: integer + cluster_tag: + type: string + connect_timeout_ms: + type: integer + cors: + properties: + credentials: + type: boolean + max_age: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + dns_type: + type: string + docs: + description: DocsInfo provides some extra information about the docs + for the Mapping (used by the Dev Portal) + properties: + display_name: + type: string + ignored: + type: boolean + path: + type: string + timeout_ms: + type: integer + url: + type: string + type: object + enable_ipv4: + type: boolean + enable_ipv6: + type: boolean + envoy_override: + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. + type: object + x-kubernetes-preserve-unknown-fields: true + error_response_overrides: + description: Error response overrides for this Mapping. Replaces all + of the `error_response_overrides` set on the Ambassador module, + if any. + items: + description: A response rewrite for an HTTP error response + properties: + body: + description: The new response body + properties: + content_type: + description: The content type to set on the error response + body when using text_format or text_format_source. Defaults + to 'text/plain'. + type: string + json_format: + additionalProperties: + type: string + description: 'A JSON response with content-type: application/json. + The values can contain format text like in text_format.' + type: object + text_format: + description: A format string representing a text response + body. Content-Type can be set using the `content_type` + field below. + type: string + text_format_source: + description: A format string sourced from a file on the + Ambassador container. Useful for larger response bodies + that should not be placed inline in configuration. + properties: + filename: + description: The name of a file on the Ambassador pod + that contains a format text string. + type: string + type: object + type: object + on_status_code: + description: The status code to match on -- not a pointer because + it's required. + maximum: 599 + minimum: 400 + type: integer + required: + - body + - on_status_code + type: object + minItems: 1 + type: array + grpc: + type: boolean + headers: + type: object + x-kubernetes-preserve-unknown-fields: true + host: + type: string + host_redirect: + type: boolean + host_regex: + type: boolean + host_rewrite: + type: string + idle_timeout_ms: + type: integer + keepalive: + properties: + idle_time: + type: integer + interval: + type: integer + probes: + type: integer + type: object + labels: + additionalProperties: + description: A MappingLabelGroupsArray is an array of MappingLabelGroups. + I know, complex. + items: + description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: + a second map, where the key is a human-readable name that identifies + the group.' + maxProperties: 1 + minProperties: 1 + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + description: A DomainMap is the overall Mapping.spec.Labels type. + It maps domains (kind of like namespaces for Mapping labels) to + arrays of label groups. + type: object + load_balancer: + properties: + cookie: + properties: + name: + type: string + path: + type: string + ttl: + type: string + required: + - name + type: object + header: + type: string + policy: + enum: + - round_robin + - ring_hash + - maglev + - least_request + type: string + source_ip: + type: boolean + required: + - policy + type: object + method: + type: string + method_regex: + type: boolean + modules: + items: + description: UntypedDict is relatively opaque as a Go type, but + it preserves its contents in a roundtrippable way. + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + outlier_detection: + type: string + path_redirect: + description: Path replacement to use when generating an HTTP redirect. + Used with `host_redirect`. + type: string + precedence: + type: integer + prefix: + type: string + prefix_exact: + type: boolean + prefix_redirect: + description: Prefix rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. + type: string + prefix_regex: + type: boolean + priority: + type: string + query_parameters: + type: object + x-kubernetes-preserve-unknown-fields: true + redirect_response_code: + description: The response code to use when generating an HTTP redirect. + Defaults to 301. Used with `host_redirect`. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + regex_headers: + additionalProperties: + type: string + type: object + regex_query_parameters: + additionalProperties: + type: string + type: object + regex_redirect: + description: Prefix regex rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. + properties: + pattern: + type: string + substitution: + type: string + type: object + regex_rewrite: + properties: + pattern: + type: string + substitution: + type: string + type: object + resolver: + type: string + respect_dns_ttl: + type: boolean + retry_policy: + properties: + num_retries: + type: integer + per_try_timeout: + type: string + retry_on: + enum: + - 5xx + - gateway-error + - connect-failure + - retriable-4xx + - refused-stream + - retriable-status-codes + type: string + type: object + rewrite: + type: string + service: + type: string + shadow: + type: boolean + timeout_ms: + description: The timeout for requests that use this Mapping. Overrides + `cluster_request_timeout_ms` set on the Ambassador Module, if it + exists. + type: integer + use_websocket: + description: 'use_websocket is deprecated, and is equivlaent to setting + `allow_upgrade: ["websocket"]`' + type: boolean + v3StatsName: + type: string + v3health_checks: + items: + description: HealthCheck specifies settings for performing active + health checking on upstreams + properties: + health_check: + description: Configuration for where the healthcheck request + should be made to + maxProperties: 1 + minProperties: 1 + properties: + grpc: + description: HealthCheck for gRPC upstreams. Only one of + grpc_health_check or http_health_check may be specified + properties: + authority: + description: The value of the :authority header in the + gRPC health check request. If left empty the upstream + name will be used. + type: string + upstream_name: + description: The upstream name parameter which will + be sent to gRPC service in the health check message + type: string + required: + - upstream_name + type: object + http: + description: HealthCheck for HTTP upstreams. Only one of + http_health_check or grpc_health_check may be specified + properties: + add_request_headers: + additionalProperties: + properties: + append: + type: boolean + v2Representation: + enum: + - "" + - string + - "null" + type: string + value: + type: string + type: object + type: object + expected_statuses: + items: + description: A range of response statuses from Start + to End inclusive + properties: + max: + description: End of the statuses to include. Must + be between 100 and 599 (inclusive) + maximum: 599 + minimum: 100 + type: integer + min: + description: Start of the statuses to include. + Must be between 100 and 599 (inclusive) + maximum: 599 + minimum: 100 + type: integer + required: + - max + - min + type: object + type: array + hostname: + type: string + path: + type: string + remove_request_headers: + items: + type: string + type: array + required: + - path + type: object + type: object + healthy_threshold: + description: Number of expected responses for the upstream to + be considered healthy. Defaults to 1. + type: integer + interval: + description: Interval between health checks. Defaults to every + 5 seconds. + type: string + timeout: + description: Timeout for connecting to the health checking endpoint. + Defaults to 3 seconds. + type: string + unhealthy_threshold: + description: Number of non-expected responses for the upstream + to be considered unhealthy. A single 503 will mark the upstream + as unhealthy regardless of the threshold. Defaults to 2. + type: integer + required: + - health_check + type: object + minItems: 1 + type: array + weight: + type: integer + required: + - prefix + - service + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: MappingStatus defines the observed state of Mapping + properties: + reason: + type: string + state: + enum: + - "" + - Inactive + - Running + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.host + name: Source Host + type: string + - jsonPath: .spec.prefix + name: Source Prefix + type: string + - jsonPath: .spec.service + name: Dest Service + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .status.reason + name: Reason + type: string + name: v3alpha1 + schema: + openAPIV3Schema: + description: Mapping is the Schema for the mappings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MappingSpec defines the desired state of Mapping + properties: + add_linkerd_headers: + type: boolean + add_request_headers: + additionalProperties: + properties: + append: + type: boolean + v2Representation: + enum: + - "" + - string + - "null" + type: string + value: + type: string + type: object + type: object + add_response_headers: + additionalProperties: + properties: + append: + type: boolean + v2Representation: + enum: + - "" + - string + - "null" + type: string + value: + type: string + type: object + type: object + allow_upgrade: + description: "A case-insensitive list of the non-HTTP protocols to + allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" + mechanism[1]. After the upgrade, Ambassador does not interpret + the traffic, and behaves similarly to how it does for TCPMappings. + \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, + if your upstream service supports WebSockets, you would write \n + \ allow_upgrade: - websocket \n Or if your upstream service + supports upgrading from HTTP to SPDY (as the Kubernetes apiserver + does for `kubectl exec` functionality), you would write \n allow_upgrade: + \ - spdy/3.1" + items: + type: string + type: array + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + auth_context_extensions: + additionalProperties: + type: string + type: object + auto_host_rewrite: + type: boolean + bypass_auth: + type: boolean + bypass_error_response_overrides: + description: If true, bypasses any `error_response_overrides` set + on the Ambassador module. + type: boolean + case_sensitive: + type: boolean + circuit_breakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + cluster_idle_timeout_ms: + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' + type: integer + cluster_max_connection_lifetime_ms: + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' + type: integer + cluster_tag: + type: string + connect_timeout_ms: + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' + type: integer + cors: + properties: + credentials: + type: boolean + exposed_headers: + items: + type: string + type: array + headers: + items: + type: string + type: array + max_age: + type: string + methods: + items: + type: string + type: array + origins: + items: + type: string + type: array + v2CommaSeparatedOrigins: + type: boolean + type: object + dns_type: + type: string + docs: + description: DocsInfo provides some extra information about the docs + for the Mapping. Docs is used by both the agent and the DevPortal. + properties: + display_name: + type: string + ignored: + type: boolean + path: + type: string + timeout_ms: + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' + type: integer + url: + type: string + type: object + enable_ipv4: + type: boolean + enable_ipv6: + type: boolean + envoy_override: + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. + type: object + x-kubernetes-preserve-unknown-fields: true + error_response_overrides: + description: Error response overrides for this Mapping. Replaces all + of the `error_response_overrides` set on the Ambassador module, + if any. + items: + description: A response rewrite for an HTTP error response + properties: + body: + description: The new response body + properties: + content_type: + description: The content type to set on the error response + body when using text_format or text_format_source. Defaults + to 'text/plain'. + type: string + json_format: + additionalProperties: + type: string + description: 'A JSON response with content-type: application/json. + The values can contain format text like in text_format.' + type: object + text_format: + description: A format string representing a text response + body. Content-Type can be set using the `content_type` + field below. + type: string + text_format_source: + description: A format string sourced from a file on the + Ambassador container. Useful for larger response bodies + that should not be placed inline in configuration. + properties: + filename: + description: The name of a file on the Ambassador pod + that contains a format text string. + type: string + type: object + type: object + on_status_code: + description: The status code to match on -- not a pointer because + it's required. + maximum: 599 + minimum: 400 + type: integer + required: + - body + - on_status_code + type: object + minItems: 1 + type: array + grpc: + type: boolean + headers: + additionalProperties: + type: string + type: object + health_checks: + items: + description: HealthCheck specifies settings for performing active + health checking on upstreams + properties: + health_check: + description: Configuration for where the healthcheck request + should be made to + maxProperties: 1 + minProperties: 1 + properties: + grpc: + description: HealthCheck for gRPC upstreams. Only one of + grpc_health_check or http_health_check may be specified + properties: + authority: + description: The value of the :authority header in the + gRPC health check request. If left empty the upstream + name will be used. + type: string + upstream_name: + description: The upstream name parameter which will + be sent to gRPC service in the health check message + type: string + required: + - upstream_name + type: object + http: + description: HealthCheck for HTTP upstreams. Only one of + http_health_check or grpc_health_check may be specified + properties: + add_request_headers: + additionalProperties: + properties: + append: + type: boolean + v2Representation: + enum: + - "" + - string + - "null" + type: string + value: + type: string + type: object + type: object + expected_statuses: + items: + description: A range of response statuses from Start + to End inclusive + properties: + max: + description: End of the statuses to include. Must + be between 100 and 599 (inclusive) + maximum: 599 + minimum: 100 + type: integer + min: + description: Start of the statuses to include. + Must be between 100 and 599 (inclusive) + maximum: 599 + minimum: 100 + type: integer + required: + - max + - min + type: object + type: array + hostname: + type: string + path: + type: string + remove_request_headers: + items: + type: string + type: array + required: + - path + type: object + type: object + healthy_threshold: + description: Number of expected responses for the upstream to + be considered healthy. Defaults to 1. + type: integer + interval: + description: Interval between health checks. Defaults to every + 5 seconds. + type: string + timeout: + description: Timeout for connecting to the health checking endpoint. + Defaults to 3 seconds. + type: string + unhealthy_threshold: + description: Number of non-expected responses for the upstream + to be considered unhealthy. A single 503 will mark the upstream + as unhealthy regardless of the threshold. Defaults to 2. + type: integer + required: + - health_check + type: object + minItems: 1 + type: array + host: + description: "Exact match for the hostname of a request if HostRegex + is false; regex match for the hostname if HostRegex is true. \n + Host specifies both a match for the ':authority' header of a request, + as well as a match criterion for Host CRDs: a Mapping that specifies + Host will not associate with a Host that doesn't have a matching + Hostname. \n If both Host and Hostname are set, an error is logged, + Host is ignored, and Hostname is used. \n DEPRECATED: Host is either + an exact match or a regex, depending on HostRegex. Use HostName + instead. \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.host + and MappingSpec.host_regex in favor of a MappingSpec.deprecated_hostname_regex." + type: string + host_redirect: + type: boolean + host_regex: + description: "DEPRECATED: Host is either an exact match or a regex, + depending on HostRegex. Use HostName instead. \n TODO(lukeshu): + In v3alpha2, get rid of MappingSpec.host and MappingSpec.host_regex + in favor of a MappingSpec.deprecated_hostname_regex." + type: boolean + host_rewrite: + type: string + hostname: + description: "Hostname is a DNS glob specifying the hosts to which + this Mapping applies. \n Hostname specifies both a match for the + ':authority' header of a request, as well as a match criterion for + Host CRDs: a Mapping that specifies Hostname will not associate + with a Host that doesn't have a matching Hostname. \n If both Host + and Hostname are set, an error is logged, Host is ignored, and Hostname + is used." + type: string + idle_timeout_ms: + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' + type: integer + keepalive: + properties: + idle_time: + type: integer + interval: + type: integer + probes: + type: integer + type: object + labels: + additionalProperties: + description: A MappingLabelGroupsArray is an array of MappingLabelGroups. + I know, complex. + items: + additionalProperties: + description: 'A MappingLabelsArray is the value in the MappingLabelGroup: + an array of label specifiers.' + items: + description: "A MappingLabelSpecifier (finally!) defines a + single label. \n This mimics envoy/config/route/v3/route_components.proto:RateLimit:Action:action_specifier." + maxProperties: 1 + minProperties: 1 + properties: + destination_cluster: + description: Sets the label "destination_cluster=«Envoy + destination cluster name»". + properties: + key: + enum: + - destination_cluster + type: string + required: + - key + type: object + generic_key: + description: Sets the label "«key»=«value»" (where by + default «key» is "generic_key"). + properties: + key: + description: The default is "generic_key". + type: string + v2Shorthand: + type: boolean + value: + type: string + required: + - value + type: object + remote_address: + description: Sets the label "remote_address=«IP address + of the client»". + properties: + key: + enum: + - remote_address + type: string + required: + - key + type: object + request_headers: + description: If the «header_name» header is set, then + set the label "«key»=«Value of the «header_name» header»"; + otherwise skip applying this label group. + properties: + header_name: + type: string + key: + type: string + omit_if_not_present: + type: boolean + required: + - header_name + - key + type: object + source_cluster: + description: Sets the label "source_cluster=«Envoy source + cluster name»". + properties: + key: + enum: + - source_cluster + type: string + required: + - key + type: object + type: object + type: array + description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: + a second map, where the key is a human-readable name that identifies + the group.' + maxProperties: 1 + minProperties: 1 + type: object + type: array + description: A DomainMap is the overall Mapping.spec.Labels type. + It maps domains (kind of like namespaces for Mapping labels) to + arrays of label groups. + type: object + load_balancer: + properties: + cookie: + properties: + name: + type: string + path: + type: string + ttl: + type: string + required: + - name + type: object + header: + type: string + policy: + enum: + - round_robin + - ring_hash + - maglev + - least_request + type: string + source_ip: + type: boolean + required: + - policy + type: object + method: + type: string + method_regex: + type: boolean + modules: + items: + description: UntypedDict is relatively opaque as a Go type, but + it preserves its contents in a roundtrippable way. + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + outlier_detection: + type: string + path_redirect: + description: Path replacement to use when generating an HTTP redirect. + Used with `host_redirect`. + type: string + precedence: + type: integer + prefix: + type: string + prefix_exact: + type: boolean + prefix_redirect: + description: Prefix rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. + type: string + prefix_regex: + type: boolean + priority: + type: string + query_parameters: + additionalProperties: + type: string + type: object + redirect_response_code: + description: The response code to use when generating an HTTP redirect. + Defaults to 301. Used with `host_redirect`. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + regex_headers: + additionalProperties: + type: string + type: object + regex_query_parameters: + additionalProperties: + type: string + type: object + regex_redirect: + description: Prefix regex rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. + properties: + pattern: + type: string + substitution: + type: string + type: object + regex_rewrite: + properties: + pattern: + type: string + substitution: + type: string + type: object + remove_request_headers: + items: + type: string + type: array + remove_response_headers: + items: + type: string + type: array + resolver: + type: string + respect_dns_ttl: + type: boolean + retry_policy: + properties: + num_retries: + type: integer + per_try_timeout: + type: string + retry_on: + enum: + - 5xx + - gateway-error + - connect-failure + - retriable-4xx + - refused-stream + - retriable-status-codes + type: string + type: object + rewrite: + type: string + service: + type: string + shadow: + type: boolean + stats_name: + type: string + timeout_ms: + description: The timeout for requests that use this Mapping. Overrides + `cluster_request_timeout_ms` set on the Ambassador Module, if it + exists. + type: integer + tls: + type: string + use_websocket: + description: "use_websocket is deprecated, and is equivlaent to setting + `allow_upgrade: [\"websocket\"]` \n TODO(lukeshu): In v3alpha2, + get rid of MappingSpec.DeprecatedUseWebsocket." + type: boolean + v2BoolHeaders: + items: + type: string + type: array + v2BoolQueryParameters: + items: + type: string + type: array + v2ExplicitTLS: + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. + properties: + serviceScheme: + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." + pattern: ^([hH][tT][tT][pP][sS]?://)?$ + type: string + tls: + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." + enum: + - "" + - "null" + - bool:true + - bool:false + - string + type: string + type: object + weight: + type: integer + required: + - prefix + - service + type: object + status: + description: MappingStatus defines the observed state of Mapping + properties: + reason: + type: string + state: + enum: + - "" + - Inactive + - Running + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: modules.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: Module + listKind: ModuleList + plural: modules + singular: module + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "A Module defines system-wide configuration. The type of module + is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". + \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module + https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: "A Module defines system-wide configuration. The type of module + is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". + \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module + https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: "A Module defines system-wide configuration. The type of module + is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". + \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module + https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'TODO(lukeshu): In v3alpha2, get rid of unnecessary nesting + and move `ModuleSpec.config.*` to `ModuleSpec.*`.' + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + config: + description: "TODO(lukeshu): In v3alpha2, change the default from + `diagnostics.enabled=true` to `diagnostics.enabled=false`. This + needs conversion support in apiext. See the related comment in + irambassador.py. \n TODO(lukeshu): Structurally type ModuleSpec.Config." + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - config + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: ratelimitservices.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: RateLimitService + listKind: RateLimitServiceList + plural: ratelimitservices + singular: ratelimitservice + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: RateLimitService is the Schema for the ratelimitservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RateLimitServiceSpec defines the desired state of RateLimitService + properties: + domain: + type: string + failure_mode_deny: + description: FailureModeDeny when set to true, envoy will deny traffic + if it is unable to communicate with the rate limit service. + type: boolean + protocol_version: + enum: + - v2 + - v3 + type: string + service: + type: string + timeout_ms: + type: integer + v3StatsName: + type: string + required: + - service + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: RateLimitService is the Schema for the ratelimitservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RateLimitServiceSpec defines the desired state of RateLimitService + properties: + domain: + type: string + failure_mode_deny: + description: FailureModeDeny when set to true, envoy will deny traffic + if it is unable to communicate with the rate limit service. + type: boolean + protocol_version: + enum: + - v2 + - v3 + type: string + service: + type: string + timeout_ms: + type: integer + v3StatsName: + type: string + required: + - service + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: RateLimitService is the Schema for the ratelimitservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RateLimitServiceSpec defines the desired state of RateLimitService + properties: + ambassador_id: + description: Common to all Ambassador objects. + items: + type: string + type: array + domain: + type: string + failure_mode_deny: + description: FailureModeDeny when set to true, envoy will deny traffic + if it is unable to communicate with the rate limit service. + type: boolean + protocol_version: + description: ProtocolVersion is the envoy api transport protocol version + enum: + - v2 + - v3 + type: string + service: + type: string + stats_name: + type: string + timeout_ms: + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' + type: integer + tls: + type: string + v2ExplicitTLS: + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. + properties: + serviceScheme: + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." + pattern: ^([hH][tT][tT][pP][sS]?://)?$ + type: string + tls: + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." + enum: + - "" + - "null" + - bool:true + - bool:false + - string + type: string + type: object + required: + - service + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: tcpmappings.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: TCPMapping + listKind: TCPMappingList + plural: tcpmappings + singular: tcpmapping + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: TCPMapping is the Schema for the tcpmappings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TCPMappingSpec defines the desired state of TCPMapping + properties: + address: + type: string + circuit_breakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + cluster_tag: + type: string + enable_ipv4: + type: boolean + enable_ipv6: + type: boolean + host: + type: string + idle_timeout_ms: + description: 'FIXME(lukeshu): Surely this should be an ''int''?' + type: string + port: + description: Port isn't a pointer because it's required. + type: integer + resolver: + type: string + service: + type: string + v3StatsName: + type: string + weight: + type: integer + required: + - port + - service + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: TCPMapping is the Schema for the tcpmappings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TCPMappingSpec defines the desired state of TCPMapping + properties: + address: + type: string + circuit_breakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + cluster_tag: + type: string + enable_ipv4: + type: boolean + enable_ipv6: + type: boolean + host: + type: string + idle_timeout_ms: + description: 'FIXME(lukeshu): Surely this should be an ''int''?' + type: string + port: + description: Port isn't a pointer because it's required. + type: integer + resolver: + type: string + service: + type: string + v3StatsName: + type: string + weight: + type: integer + required: + - port + - service + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: TCPMapping is the Schema for the tcpmappings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TCPMappingSpec defines the desired state of TCPMapping + properties: + address: + type: string + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + circuit_breakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + cluster_tag: + type: string + enable_ipv4: + type: boolean + enable_ipv6: + type: boolean + host: + type: string + idle_timeout_ms: + description: 'FIXME(lukeshu): Surely this should be an ''int''?' + type: string + port: + description: Port isn't a pointer because it's required. + type: integer + resolver: + type: string + service: + type: string + stats_name: + type: string + tls: + type: string + v2ExplicitTLS: + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. + properties: + serviceScheme: + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." + pattern: ^([hH][tT][tT][pP][sS]?://)?$ + type: string + tls: + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." + enum: + - "" + - "null" + - bool:true + - bool:false + - string + type: string + type: object + weight: + type: integer + required: + - port + - service + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: tlscontexts.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: TLSContext + listKind: TLSContextList + plural: tlscontexts + singular: tlscontext + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: TLSContext is the Schema for the tlscontexts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSContextSpec defines the desired state of TLSContext + properties: + alpn_protocols: + type: string + ca_secret: + type: string + cacert_chain_file: + type: string + cert_chain_file: + type: string + cert_required: + type: boolean + cipher_suites: + items: + type: string + type: array + ecdh_curves: + items: + type: string + type: array + hosts: + items: + type: string + type: array + max_tls_version: + enum: + - v1.0 + - v1.1 + - v1.2 + - v1.3 + type: string + min_tls_version: + enum: + - v1.0 + - v1.1 + - v1.2 + - v1.3 + type: string + private_key_file: + type: string + redirect_cleartext_from: + type: integer + secret: + type: string + secret_namespacing: + type: boolean + sni: + type: string + v3CRLSecret: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: TLSContext is the Schema for the tlscontexts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSContextSpec defines the desired state of TLSContext + properties: + alpn_protocols: + type: string + ca_secret: + type: string + cacert_chain_file: + type: string + cert_chain_file: + type: string + cert_required: + type: boolean + cipher_suites: + items: + type: string + type: array + ecdh_curves: + items: + type: string + type: array + hosts: + items: + type: string + type: array + max_tls_version: + enum: + - v1.0 + - v1.1 + - v1.2 + - v1.3 + type: string + min_tls_version: + enum: + - v1.0 + - v1.1 + - v1.2 + - v1.3 + type: string + private_key_file: + type: string + redirect_cleartext_from: + type: integer + secret: + type: string + secret_namespacing: + type: boolean + sni: + type: string + v3CRLSecret: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: TLSContext is the Schema for the tlscontexts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSContextSpec defines the desired state of TLSContext + properties: + alpn_protocols: + type: string + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + ca_secret: + type: string + cacert_chain_file: + type: string + cert_chain_file: + type: string + cert_required: + type: boolean + cipher_suites: + items: + type: string + type: array + crl_secret: + type: string + ecdh_curves: + items: + type: string + type: array + hosts: + items: + type: string + type: array + max_tls_version: + enum: + - v1.0 + - v1.1 + - v1.2 + - v1.3 + type: string + min_tls_version: + enum: + - v1.0 + - v1.1 + - v1.2 + - v1.3 + type: string + private_key_file: + type: string + redirect_cleartext_from: + type: integer + secret: + type: string + secret_namespacing: + type: boolean + sni: + type: string + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + labels: + app.kubernetes.io/instance: emissary-apiext + app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml + app.kubernetes.io/name: emissary-apiext + app.kubernetes.io/part-of: emissary-apiext + name: tracingservices.getambassador.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: emissary-apiext + namespace: emissary-system + conversionReviewVersions: + - v1beta1 + group: getambassador.io + names: + categories: + - ambassador-crds + kind: TracingService + listKind: TracingServiceList + plural: tracingservices + singular: tracingservice + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: TracingService is the Schema for the tracingservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TracingServiceSpec defines the desired state of TracingService + properties: + config: + properties: + access_token_file: + type: string + collector_cluster: + type: string + collector_endpoint: + type: string + collector_endpoint_version: + enum: + - HTTP_JSON_V1 + - HTTP_JSON + - HTTP_PROTO + type: string + collector_hostname: + type: string + service_name: + type: string + shared_span_context: + type: boolean + trace_id_128bit: + type: boolean + v3PropagationModes: + items: + enum: + - ENVOY + - LIGHTSTEP + - B3 + - TRACE_CONTEXT + type: string + type: array + type: object + driver: + enum: + - lightstep + - zipkin + - datadog + - opentelemetry + type: string + sampling: + properties: + client: + type: integer + overall: + type: integer + random: + type: integer + type: object + service: + type: string + tag_headers: + items: + type: string + type: array + v3CustomTags: + items: + description: TracingCustomTag provides a data structure for capturing + envoy's `type.tracing.v3.CustomTag` + properties: + environment: + description: Environment explicitly specifies the protocol stack + to set up. Exactly one of Literal, Environment or Header must + be supplied. + properties: + default_value: + type: string + name: + type: string + required: + - name + type: object + literal: + description: Literal explicitly specifies the protocol stack + to set up. Exactly one of Literal, Environment or Header must + be supplied. + properties: + value: + type: string + required: + - value + type: object + request_header: + description: Header explicitly specifies the protocol stack + to set up. Exactly one of Literal, Environment or Header must + be supplied. + properties: + default_value: + type: string + name: + type: string + required: + - name + type: object + tag: + type: string + required: + - tag + type: object + type: array + v3StatsName: + type: string + required: + - driver + - service + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + - name: v2 + schema: + openAPIV3Schema: + description: TracingService is the Schema for the tracingservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TracingServiceSpec defines the desired state of TracingService + properties: + config: + properties: + access_token_file: + type: string + collector_cluster: + type: string + collector_endpoint: + type: string + collector_endpoint_version: + enum: + - HTTP_JSON_V1 + - HTTP_JSON + - HTTP_PROTO + type: string + collector_hostname: + type: string + service_name: + type: string + shared_span_context: + type: boolean + trace_id_128bit: + type: boolean + v3PropagationModes: + items: + enum: + - ENVOY + - LIGHTSTEP + - B3 + - TRACE_CONTEXT + type: string + type: array + type: object + driver: + enum: + - lightstep + - zipkin + - datadog + - opentelemetry + type: string + sampling: + properties: + client: + type: integer + overall: + type: integer + random: + type: integer + type: object + service: + type: string + tag_headers: + items: + type: string + type: array + v3CustomTags: + items: + description: TracingCustomTag provides a data structure for capturing + envoy's `type.tracing.v3.CustomTag` + properties: + environment: + description: Environment explicitly specifies the protocol stack + to set up. Exactly one of Literal, Environment or Header must + be supplied. + properties: + default_value: + type: string + name: + type: string + required: + - name + type: object + literal: + description: Literal explicitly specifies the protocol stack + to set up. Exactly one of Literal, Environment or Header must + be supplied. + properties: + value: + type: string + required: + - value + type: object + request_header: + description: Header explicitly specifies the protocol stack + to set up. Exactly one of Literal, Environment or Header must + be supplied. + properties: + default_value: + type: string + name: + type: string + required: + - name + type: object + tag: + type: string + required: + - tag + type: object + type: array + v3StatsName: + type: string + required: + - driver + - service + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + - name: v3alpha1 + schema: + openAPIV3Schema: + description: TracingService is the Schema for the tracingservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TracingServiceSpec defines the desired state of TracingService + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." + items: + type: string + type: array + config: + properties: + access_token_file: + type: string + collector_cluster: + type: string + collector_endpoint: + type: string + collector_endpoint_version: + enum: + - HTTP_JSON_V1 + - HTTP_JSON + - HTTP_PROTO + type: string + collector_hostname: + type: string + propagation_modes: + items: + enum: + - ENVOY + - LIGHTSTEP + - B3 + - TRACE_CONTEXT + type: string + type: array + service_name: + type: string + shared_span_context: + type: boolean + trace_id_128bit: + type: boolean + type: object + custom_tags: + items: + description: TracingCustomTag provides a data structure for capturing + envoy's `type.tracing.v3.CustomTag` + properties: + environment: + description: Environment explicitly specifies the protocol stack + to set up. Exactly one of Literal, Environment or Header must + be supplied. + properties: + default_value: + type: string + name: + type: string + required: + - name + type: object + literal: + description: Literal explicitly specifies the protocol stack + to set up. Exactly one of Literal, Environment or Header must + be supplied. + properties: + value: + type: string + required: + - value + type: object + request_header: + description: Header explicitly specifies the protocol stack + to set up. Exactly one of Literal, Environment or Header must + be supplied. + properties: + default_value: + type: string + name: + type: string + required: + - name + type: object + tag: + type: string + required: + - tag + type: object + type: array + driver: + enum: + - lightstep + - zipkin + - datadog + - opentelemetry + type: string + sampling: + properties: + client: + type: integer + overall: + type: integer + random: + type: integer + type: object + service: + type: string + stats_name: + type: string + tag_headers: + description: 'Deprecated: tag_headers is deprecated. Use custom_tags + instead. `tag_headers: ["header"]` can be defined as `custom_tags: + [{"request_header": {"name": "header"}}]`.' + items: + type: string + type: array + required: + - driver + - service + type: object + type: object + served: true + storage: false diff --git a/charts/crds/templates/namespace.yaml b/charts/crds/templates/namespace.yaml new file mode 100644 index 000000000..f0b1c7eb0 --- /dev/null +++ b/charts/crds/templates/namespace.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: emissary-system +--- diff --git a/charts/crds/values.yaml b/charts/crds/values.yaml new file mode 100644 index 000000000..278971856 --- /dev/null +++ b/charts/crds/values.yaml @@ -0,0 +1,11 @@ +imagePullSecrets: [] + +sourceRegistry: "public.ecr.aws/eks-anywhere" + +image: + # Emissary Ingress ecr repo + repository: emissary-ingress/emissary + digest: {{emissary-ingress/emissary}} + tag: + # Pod container image pull policy + pullPolicy: IfNotPresent diff --git a/charts/emissary-ingress/.gitignore b/charts/emissary-ingress/.gitignore index d19c5dc9a..42b472400 100644 --- a/charts/emissary-ingress/.gitignore +++ b/charts/emissary-ingress/.gitignore @@ -1,7 +1,3 @@ -# Generated from .in files -/Chart.yaml -/values.yaml - # Generated from values.yaml by kubepack.dev/chart-doc-gen /README.md diff --git a/charts/emissary-ingress/Chart.yaml.in b/charts/emissary-ingress/Chart.yaml similarity index 54% rename from charts/emissary-ingress/Chart.yaml.in rename to charts/emissary-ingress/Chart.yaml index b974e5198..c58248d85 100644 --- a/charts/emissary-ingress/Chart.yaml.in +++ b/charts/emissary-ingress/Chart.yaml @@ -1,13 +1,8 @@ -apiVersion: v1 -appVersion: @version@ +apiVersion: v2 +appVersion: 3.6.0 description: A Helm chart for Emissary Ingress -name: emissary-ingress -version: @chartVersion@ -icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ -sources: -- https://github.com/datawire/ambassador -- https://github.com/prometheus/statsd_exporter +icon: https://www.getambassador.io/images/logo.png keywords: - api gateway - ambassador @@ -16,12 +11,16 @@ keywords: - emissary - emissary ingress maintainers: -- name: flydiverny - email: markus@maga.se -- name: kflynn - email: flynn@datawire.io -- name: nbkrause - email: nkrause@datawire.io -- name: lukeshu - email: lukeshu@datawire.io -engine: gotpl +- email: markus@maga.se + name: flydiverny +- email: flynn@datawire.io + name: kflynn +- email: nkrause@datawire.io + name: nbkrause +- email: lukeshu@datawire.io + name: lukeshu +name: emissary +sources: +- https://github.com/datawire/ambassador +- https://github.com/prometheus/statsd_exporter +version: 3.6.0-d0c301dec3634d263f8957745c8557a39caf8204 diff --git a/charts/emissary-ingress/OWNERS b/charts/emissary-ingress/OWNERS deleted file mode 100644 index 42543ecf6..000000000 --- a/charts/emissary-ingress/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -approvers: -- flydiverny -- kflynn -- nbkrause -- lukeshu -reviewers: -- flydiverny -- kflynn -- nbkrause -- lukeshu diff --git a/charts/emissary-ingress/ci.in/01-psp-values.yaml b/charts/emissary-ingress/ci.in/01-psp-values.yaml deleted file mode 100644 index 163be3e84..000000000 --- a/charts/emissary-ingress/ci.in/01-psp-values.yaml +++ /dev/null @@ -1,41 +0,0 @@ -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: - # Add AppArmor and Seccomp annotations - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - annotations: - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - spec: - seLinux: - rule: RunAsAny - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - privileged: false - allowPrivilegeEscalation: false - runAsUser: - rule: MustRunAsNonRoot -createDefaultListeners: true diff --git a/charts/emissary-ingress/ci.in/06-hpa-values.yaml b/charts/emissary-ingress/ci.in/06-hpa-values.yaml deleted file mode 100644 index 28d953e10..000000000 --- a/charts/emissary-ingress/ci.in/06-hpa-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -deploymentStrategy: - type: Recreate - -service: - type: NodePort - -autoscaling: - enabled: true -createDefaultListeners: true diff --git a/charts/emissary-ingress/ci.in/08-single-namespace-values.yaml b/charts/emissary-ingress/ci.in/08-single-namespace-values.yaml deleted file mode 100644 index 20f7af8fe..000000000 --- a/charts/emissary-ingress/ci.in/08-single-namespace-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -service: - type: NodePort - -deploymentStrategy: - type: Recreate - -scope: - singleNamespace: true -createDefaultListeners: true diff --git a/charts/emissary-ingress/ci.in/09-redis-false-values.yaml b/charts/emissary-ingress/ci.in/09-redis-false-values.yaml deleted file mode 100644 index bdacc851d..000000000 --- a/charts/emissary-ingress/ci.in/09-redis-false-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -service: - type: NodePort - -redis: - enabled: false - # Annotations for Ambassador Pro's redis instance. - -deploymentStrategy: - type: Recreate -createDefaultListeners: true diff --git a/charts/emissary-ingress/ci.in/12-daemonset-values.yaml b/charts/emissary-ingress/ci.in/12-daemonset-values.yaml deleted file mode 100644 index 2aa0263e1..000000000 --- a/charts/emissary-ingress/ci.in/12-daemonset-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -service: - type: NodePort - -deploymentStrategy: - type: RollingUpdate - -daemonSet: true - -createDefaultListeners: true diff --git a/charts/emissary-ingress/ci.in/14-deployment-labels.yaml b/charts/emissary-ingress/ci.in/14-deployment-labels.yaml deleted file mode 100644 index ef82c41dc..000000000 --- a/charts/emissary-ingress/ci.in/14-deployment-labels.yaml +++ /dev/null @@ -1,4 +0,0 @@ -deploymentLabels: - label: foo - label2: bar -createDefaultListeners: true diff --git a/charts/emissary-ingress/ci.in/15-test-resolvers.yaml b/charts/emissary-ingress/ci.in/15-test-resolvers.yaml deleted file mode 100644 index 4471dfb35..000000000 --- a/charts/emissary-ingress/ci.in/15-test-resolvers.yaml +++ /dev/null @@ -1,12 +0,0 @@ -resolvers: - endpoint: - create: true - name: endpoint-foo - - consul: - create: true - name: consul-foo - spec: - address: ${HOST_IP} - datacenter: dc1 -createDefaultListeners: true diff --git a/charts/emissary-ingress/ci.in/16-test-module.yaml b/charts/emissary-ingress/ci.in/16-test-module.yaml deleted file mode 100644 index 16dc5df31..000000000 --- a/charts/emissary-ingress/ci.in/16-test-module.yaml +++ /dev/null @@ -1,10 +0,0 @@ -module: - lua_scripts: | - function envoy_on_response(response_handle) - response_handle:headers():add("Lua-Scripts-Enabled", "Processed") - end - - ip_allow: - - peer: 127.0.0.1 - - remote: 99.99.0.0/16 -createDefaultListeners: true diff --git a/charts/emissary-ingress/ci.in/17-test-canary.yaml b/charts/emissary-ingress/ci.in/17-test-canary.yaml deleted file mode 100644 index 93489c2e2..000000000 --- a/charts/emissary-ingress/ci.in/17-test-canary.yaml +++ /dev/null @@ -1,7 +0,0 @@ -canary: - enabled: true - mixPods: true - replicaCount: 0 - envRaw: | - - name: AES_LOG_LEVEL - value: "debug" \ No newline at end of file diff --git a/charts/emissary-ingress/ci.in/18-test-progress-deadline.yaml b/charts/emissary-ingress/ci.in/18-test-progress-deadline.yaml deleted file mode 100644 index 1c7f68303..000000000 --- a/charts/emissary-ingress/ci.in/18-test-progress-deadline.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# configures progressDeadlineSeconds for deployments -progressDeadlines: - ambassador: 800 \ No newline at end of file diff --git a/charts/emissary-ingress/ci.in/19-test-lifecycle-values.yaml b/charts/emissary-ingress/ci.in/19-test-lifecycle-values.yaml deleted file mode 100644 index 54975d9ac..000000000 --- a/charts/emissary-ingress/ci.in/19-test-lifecycle-values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -deploymentStrategy: - type: Recreate - -service: - type: NodePort - -lifecycle: - preStop: - exec: - command: - - "sh" - - "-c" - - "/bin/sleep 3" - -createDefaultListeners: true diff --git a/charts/emissary-ingress/ci.in/tests/manifests/backend.yaml b/charts/emissary-ingress/ci.in/tests/manifests/backend.yaml deleted file mode 100644 index b2d9205df..000000000 --- a/charts/emissary-ingress/ci.in/tests/manifests/backend.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -apiVersion: getambassador.io/v1 -kind: Mapping -metadata: - name: quote-backend -spec: - prefix: /backend/ - service: quote ---- -apiVersion: v1 -kind: Service -metadata: - name: quote -spec: - ports: - - name: http - port: 80 - targetPort: 8080 - selector: - app: quote ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: quote -spec: - replicas: 1 - selector: - matchLabels: - app: quote - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: quote - spec: - containers: - - name: backend - image: datawire/quote:0.4.0 - ports: - - name: http - containerPort: 8080 - resources: - limits: - cpu: "0.1" - memory: 100Mi diff --git a/charts/emissary-ingress/ci.in/tests/manifests/ci-default-values.yaml b/charts/emissary-ingress/ci.in/tests/manifests/ci-default-values.yaml deleted file mode 100644 index 0a1ec852e..000000000 --- a/charts/emissary-ingress/ci.in/tests/manifests/ci-default-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -#env: -# AMBASSADOR_SINGLE_NAMESPACE: true -# AMBASSADOR_NO_KUBEWATCH: no_kubewatch - -deploymentStrategy: - type: Recreate - -service: - type: NodePort diff --git a/charts/emissary-ingress/ci.in/tests/manifests/helm-init.yaml b/charts/emissary-ingress/ci.in/tests/manifests/helm-init.yaml deleted file mode 100644 index 1fcf47dca..000000000 --- a/charts/emissary-ingress/ci.in/tests/manifests/helm-init.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tiller - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tiller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: tiller - namespace: kube-system diff --git a/charts/emissary-ingress/ci.in/tests/manifests/helm2-values.yaml b/charts/emissary-ingress/ci.in/tests/manifests/helm2-values.yaml deleted file mode 100644 index eb6ea6526..000000000 --- a/charts/emissary-ingress/ci.in/tests/manifests/helm2-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: NodePort diff --git a/charts/emissary-ingress/ci.in/tests/manifests/tls.yaml b/charts/emissary-ingress/ci.in/tests/manifests/tls.yaml deleted file mode 100644 index bc25cf664..000000000 --- a/charts/emissary-ingress/ci.in/tests/manifests/tls.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: v1 -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzRENDQVpnQ0NRRHVzSjFYNE54NjJEQU5CZ2txaGtpRzl3MEJBUXNGQURBYU1SZ3dGZ1lEVlFRRERBOWgKYldKaGMzTmhaRzl5TFdObGNuUXdIaGNOTVRreE1qRXpNakV3TXpBNVdoY05NakF4TWpFeU1qRXdNekE1V2pBYQpNUmd3RmdZRFZRUUREQTloYldKaGMzTmhaRzl5TFdObGNuUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJjcms1OTk0dklURnZpUGNJRjJpd3R0dVdpajFTeUZNSzVpbERieFByMmJCL3RmbDYKcmRwVUFlWkkrMTVDR2VHbi80ZitwRlFXODdwZ2ZvbDhlL3lCSTUvWStpdVIrQUY1bzhQV2h4aHBJdVk3RXdVbgpyT3ZJajcxaUZWa1Q4akRYZW9RWWdKalQ1MWh4SisyelVLZ3VtZDB6L05USEwrQndFbHZ4Z1ZuWlhUdlhsVGFiClBoWloyK3dZdDQvSnozN3lBMHJwNURKeTg5SStQNmVRSmNseUVyWmsvRUNuRFBxTlhDK1VyclVySXBsNkRScHUKdGZWOE9KM3BJZWc2YjBWQi9TQnRPNzFhMThkaXFPclFVREU5MEFOSWJsYWp0ODN5M0FIc29SNytpVGI0QXFvVwpiNG5LcVV1bEQ2QU0xVUg0TzR0SExIM05SemVOL1E1ZUtVb0ZBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBQ045b050OVJXT2JOTTBmajg1cm9GUG1zRE1UWElFOU5SNmpDMjV1SGtpY0lnamtGd043NTFkTnQxT0YKZWZLSkFzTDlSWmZUNmVmMUMxOFlnWE1xbTF5Yis0Q1VWWU9RZW96MlgweEdyT1lLZUhPM0hqamNqcXZ1cUxTeApTQ2duVlM1NkhqZU15MzJBNnIxcUhBL1FsYkkraGJFbHN0MVNwYnFSOG95dE9oUzZpNFNWbWxacWxBRkx5WFRRCjZ6Nm5wc25lTmdXMXhkdDN2UkpleXVFWEFZL0Z0eUxmZnkxdk5uODhhTkg2Y2Z2eWJjaHNkaWlRNnVXTnowVGMKeVVodGZUYWFRVjA1d21KZEJ3ZmJndXF0UjFxbXdyNCtzcjA0MEhoQ0pSVmlRUUdHa2VWSVU5ZHFPY0ZkZk5FTQo5NmczU01YWGRrcVhBYzFFb2hZdEthMWwvNTA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdG5LNU9mZmVMeUV4YjRqM0NCZG9zTGJibG9vOVVzaFRDdVlwUTI4VDY5bXdmN1g1CmVxM2FWQUhtU1B0ZVFobmhwLytIL3FSVUZ2TzZZSDZKZkh2OGdTT2YyUG9ya2ZnQmVhUEQxb2NZYVNMbU94TUYKSjZ6cnlJKzlZaFZaRS9JdzEzcUVHSUNZMCtkWWNTZnRzMUNvTHBuZE0velV4eS9nY0JKYjhZRloyVjA3MTVVMgptejRXV2R2c0dMZVB5YzkrOGdOSzZlUXljdlBTUGorbmtDWEpjaEsyWlB4QXB3ejZqVnd2bEs2MUt5S1plZzBhCmJyWDFmRGlkNlNIb09tOUZRZjBnYlR1OVd0ZkhZcWpxMEZBeFBkQURTRzVXbzdmTjh0d0I3S0VlL29rMitBS3EKRm0rSnlxbExwUStnRE5WQitEdUxSeXg5elVjM2pmME9YaWxLQlFJREFRQUJBb0lCQUVOQy9qaDV3Z2E4QlA2cQpqdkFEdVV2VXpoV3N0empxczNyRUtaZzd2aXRvSU9La1V1cEFaOG9xdlJ4UTE0b2xBb1V0OXBRUlB4TUxIYjN2ClNINkZNeXprMWt4bXhtTlUvQzQ5Q3Jqdkt6ZXZieE4rU3BzNjY5NFA1L0RlRCs0RGpyQVI4ZHNhcGIwUmdCQ1AKZU5sdnRlRWdSbVdoSTB5ZndPMXdSMGM4dWNRaE5GcjNNd0lMQ1FES0Zpa2NDSi9GV0FmNXc4ZGFnYnBYTXAxawo3ci9ya1BFcVh6NnRxam04eWZZWlRoaGIwUE5LcSsxOGdkaCtLeTZPL1RnTVZ2d1BLVkIrZUhoQmJZY2R6VGYxCmxia3pVeUFhZmR3VlBTTnhVOWhzSzBqNExWZG83YlVkajZySHNXTlBWcm1Ib1VsUnNjcno2aDhPZlQ0bU9WTi8KRmhtcEhvRUNnWUVBNlVENVlWMUJrWEg4S21WRjhiVGVGVGlTY1IvRGI4TVlRY3NLNzQrNEg5aEFmbjR3d3ZWeQpidi9kL2NsOWZHY0xXN0w1QWM1WWRxNlNWZGFHRVZpVzVOTy8xV0wwN3JjaG8xZTRaSzlPemJiUllNWW51cWRHCmF5eGhoUks0R25ubzZXMTlMWWc1d1F3TUJvUzNSbFVxUWN3UU1ESiszMVc4emwrazdpODk0dVVDZ1lFQXlEMXIKZHVMSGRMcG9UWEd2ZjZIVk9HQ1pWczQvSXg1M1B1WnRXY1FkYkc5MDZNWHRwdldWdDN1ek8rVVd2WGJIWHBSMQpjZWVrUHRucTI4a1BFT2oyd3NoVFRQQ05OT0dUWE01SzREbTVjNjVaeWY0WVJjQ0NZNEpSSUNqWHExeE9uc21nCk8ydTZiYlVQWE9veXFmVllWK0wwK25zcHNLOUNCd0ZaMjJqMXVLRUNnWUVBbzcyZTBzQ2FaTFcxcFRWT3NteWIKY2g0eWZ3TWpPUE9sdFpvSlpUNW9yTUlzRkNBVnJ1YUtuRzAxc3hDYzdKV1JuWiszdVpMVyt3bDFaSmlocU0rZApyYWtRQTRYaUZ5bXJqWFRvMXBWU0pvcnQxSmVHRUR1WTdXZE1WaFJiOVFvYmZMSUZxODd6YkJjKzRkeU1vK3pwCkt5TkxRZXBRc2dzSDdYK3EwaUdMdWhrQ2dZQUlYQWdRZm9jMUtGTVNhSnliQjNhUFUva1MxcWxzSGVsOGhzSXAKN1RZTlFObnduZEsrRmFLYWRsK1ZNSXN5ZmJMMUQ5MlhVOFJYbTJGaXE1SWxjcFJhcldKTTQvNEJKeW12eGl6NgpEMjdlbFhqS0pnRjlaL3dKaTNjM2tIendlbm9OeHYwWmZmWGFmcVNWakhGeEJ2MFpMakJzQkpoSStBZ1pvc1ROCmxDUXVBUUtCZ1FESHVxNUVseU1RS2NZWm5tRlN6T2ZYWXNJYm8rZEJJTlEyNnB0OFdacGMydnpsNkNrQXV3TWwKQU9jRllrbjBXSnVJRXRubnhPT3Rwcnh0VGRIWGIvOWZWY090Unp2TitvVjN2OVNEalZjWTRESWp3MXlpMkt1Vwp6MmV1N1lCNExlbG13TFlHMEJUMWp0ejJJREUxYW85MzgybEpWV2J4Y1dsdHArWTFCRWhkdmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - name: self-signed-cert -type: kubernetes.io/tls ---- -apiVersion: getambassador.io/v1 -kind: TLSContext -metadata: - name: tls -spec: - hosts: ["*"] - secret: self-signed-cert - diff --git a/charts/emissary-ingress/readme.tpl b/charts/emissary-ingress/readme.tpl deleted file mode 100644 index cf5e60609..000000000 --- a/charts/emissary-ingress/readme.tpl +++ /dev/null @@ -1,87 +0,0 @@ -# {{ .Project.ShortName }} - -[{{ .Project.Name }}]({{ .Project.URL }}) - {{ .Project.Description }} - -## TL;DR; - -```console -$ helm repo add {{ .Repository.Name }} {{ .Repository.URL }} -$ helm repo update -$ helm install {{ .Release.Name }} --devel {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }} -``` - -## Introduction - -This chart deploys {{ .Project.App }} on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -This chart is used to install the 2.0 release line of {{ .Project.App }}. - -Versions in the older 1.0 release line of Emissary Ingress and Ambassador Edge Stack share a -single chart that can be found in this repository under the branch for the specific release, e.g. -[the release/v1.14 branch] for the latest 1.14 chart, [release/v1.13] for 1.13, and so on. - -> Note that for 1.0 releases, the `enableAES` helm value is used to control installing Edge Stack or - Emissary Ingress. - -As of version 2.0, Emissary Ingress and Ambassador Edge Stack have separate charts. The helm chart -for Ambassador Edge Stack 2.0 lives in the [Ambassador Edge Stack chart repository]. - -See the [Ambassador Edge Stack FAQ] for more information about the differences between Emissary -Ingress and Ambassador Edge Stack. - -[the release/v1.14 branch]: https://github.com/emissary-ingress/emissary/tree/release/v1.14/charts/ambassador -[release/v1.13]: https://github.com/emissary-ingress/emissary/tree/release/v1.13/charts/ambassador -[Ambassador Edge Stack chart repository]: https://github.com/datawire/edge-stack/tree/main/charts/edge-stack -[Ambassador Edge Stack FAQ]: https://www.getambassador.io/docs/edge-stack/latest/about/faq/#whats-the-difference-between-ossproductname-and-aesproductname - -## Prerequisites -{{ range .Prerequisites }} -- {{ . }} -{{- end }} - -## Installing the Chart - -To install the chart with the release name `{{ .Release.Name }}`: - -```console -$ helm install {{ .Release.Name }} --devel {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }} -``` - -The command deploys {{ .Project.App }} on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `{{ .Release.Name }}`: - -```console -$ helm delete {{ .Release.Name }} -n {{ .Release.Namespace }} -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Changelog - -Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md) - -{{ if .Chart.Values -}} -## Configuration - -The following table lists the configurable parameters of the `{{ .Chart.Name }}` chart and their default values. - -{{ .Chart.Values }} - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: - -```console -$ helm install {{ .Release.Name }} --devel {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }} --set {{ .Chart.ValuesExample }} -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while -installing the chart. For example: - -```console -$ helm install {{ .Release.Name }} --devel {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }} --values values.yaml -``` -{{- end }} diff --git a/charts/emissary-ingress/templates/NOTES.txt b/charts/emissary-ingress/templates/NOTES.txt index dbcfc7c93..b8ecadd70 100644 --- a/charts/emissary-ingress/templates/NOTES.txt +++ b/charts/emissary-ingress/templates/NOTES.txt @@ -5,22 +5,16 @@ To get the IP address of Emissary, run the following commands: {{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace | default .Values.defaultNamespace | quote }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace | default .Values.defaultNamespace | quote }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }}' - - On GKE/Azure: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - - On AWS: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') + You can watch the status of by running 'kubectl get svc -w --namespace {{ .Release.Namespace | default .Values.defaultNamespace | quote }} {{ include "ambassador.fullname" . }}' echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "ambassador.namespace" .}} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace | default .Values.defaultNamespace | quote }} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 {{- end }} diff --git a/charts/emissary-ingress/templates/_helpers.tpl b/charts/emissary-ingress/templates/_helpers.tpl index 35bb75791..23bd122ef 100644 --- a/charts/emissary-ingress/templates/_helpers.tpl +++ b/charts/emissary-ingress/templates/_helpers.tpl @@ -78,18 +78,6 @@ disabled if fullImageOverride is present {{- end -}} {{- end -}} - -{{/* -Create chart namespace based on override value. -*/}} -{{- define "ambassador.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - {{/* Create chart name and version as used by the chart label. */}} @@ -125,3 +113,8 @@ Define the http port of the Ambassador service {{- end -}} {{- end -}} {{- end -}} + +{{/* Generate image repository path. */}} +{{- define "image.repository.path" -}} +{{- .repository }}@{{ .digest -}} +{{- end -}} diff --git a/charts/emissary-ingress/templates/admin-service.yaml b/charts/emissary-ingress/templates/admin-service.yaml index 77f628459..6b32df2e8 100644 --- a/charts/emissary-ingress/templates/admin-service.yaml +++ b/charts/emissary-ingress/templates/admin-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "ambassador.fullname" . }}-admin - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} diff --git a/charts/emissary-ingress/templates/ambassador-agent.yaml b/charts/emissary-ingress/templates/ambassador-agent.yaml deleted file mode 100644 index 15e1ad4c1..000000000 --- a/charts/emissary-ingress/templates/ambassador-agent.yaml +++ /dev/null @@ -1,284 +0,0 @@ -{{- if .Values.agent.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -{{- if .Values.docker.useImagePullSecret }} -imagePullSecrets: -- name: {{ .Values.docker.imagePullSecretName }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "ambassador.fullname" . }}-agent-config - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.fullname" . }}-agent-config -subjects: -- kind: ServiceAccount - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "ambassador.fullname" . }}-agent-config - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -rules: -- apiGroups: [""] - resources: [ "configmaps" ] - verbs: [ "get", "list", "watch" ] -- apiGroups: [""] - resources: [ "secrets"] - verbs: [ "get", "create", "delete", "patch", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.fullname" . }}-agent - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.fullname" . }}-agent -subjects: -- kind: ServiceAccount - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-pods - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -rules: -- apiGroups: [""] - resources: [ "pods"] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-deployments - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -rules: -- apiGroups: ["apps", "extensions"] - resources: [ "deployments" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-endpoints - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -rules: -- apiGroups: [""] - resources: [ "endpoints" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-configmaps - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -rules: -- apiGroups: [""] - resources: [ "configmaps" ] - verbs: [ "get", "list", "watch" ] ---- -{{- if .Values.agent.createArgoRBAC }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-rollouts - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -rules: -- apiGroups: ["argoproj.io"] - resources: [ "rollouts", "rollouts/status" ] - verbs: [ "get", "list", "watch", "patch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-applications - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -rules: -- apiGroups: ["argoproj.io"] - resources: [ "applications" ] - verbs: [ "get", "list", "watch" ] -{{- end }} -{{ if ne .Values.agent.cloudConnectToken "" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "ambassador.fullname" . }}-agent-cloud-token - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent-cloud-token - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -data: - CLOUD_CONNECT_TOKEN: {{ .Values.agent.cloudConnectToken }} -{{ end }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - {{- include "ambassador.labels" . | nindent 4 }} - product: aes -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - {{- include "ambassador.labels" . | nindent 8 }} - product: aes - spec: - {{- with .Values.agent.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "ambassador.fullname" . }}-agent - containers: - - name: agent - image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" - imagePullPolicy: {{ .Values.agent.image.pullPolicy }} - ports: - - containerPort: 8080 - name: http - {{- with .Values.agent.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - env: - - name: AGENT_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AGENT_CONFIG_RESOURCE_NAME - value: {{ include "ambassador.fullname" . }}-agent-cloud-token - - name: RPC_CONNECTION_ADDRESS - value: {{ .Values.agent.rpcAddress }} - - name: AES_SNAPSHOT_URL - value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.snapshotPort }}/snapshot-external" - - name: AES_REPORT_DIAGNOSTICS_TO_CLOUD - value: {{ .Values.agent.reportDiagnostics | quote }} - - name: AES_DIAGNOSTICS_URL - value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.port }}/ambassador/v0/diag/?json=true" - - {{- with .Values.agent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.agent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.agent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - - {{ if .Values.progressDeadlines }} - {{ if hasKey .Values.progressDeadlines "agent" }} - progressDeadlineSeconds: {{ .Values.progressDeadlines.agent }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -spec: - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/emissary-ingress/templates/config.yaml b/charts/emissary-ingress/templates/config.yaml index cd6184dde..4ba1c911a 100644 --- a/charts/emissary-ingress/templates/config.yaml +++ b/charts/emissary-ingress/templates/config.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: '{{ include "ambassador.fullname" . }}-file-config' - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} diff --git a/charts/emissary-ingress/templates/deployment-canary.yaml b/charts/emissary-ingress/templates/deployment-canary.yaml index 4c8094f14..2fa451574 100644 --- a/charts/emissary-ingress/templates/deployment-canary.yaml +++ b/charts/emissary-ingress/templates/deployment-canary.yaml @@ -8,7 +8,7 @@ metadata: {{- else }} name: {{ include "ambassador.fullname" . }}-canary {{- end }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} @@ -138,7 +138,7 @@ spec: {{- if ne (include "ambassador.canaryImage" .) "" }} image: {{ include "ambassador.canaryImage" . }} {{- else }} - image: {{ include "ambassador.image" . }} + image: {{ .Values.sourceRegistry }}/{{ include "image.repository.path" .Values.image }} {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: diff --git a/charts/emissary-ingress/templates/deployment.yaml b/charts/emissary-ingress/templates/deployment.yaml index 6571eef94..e6d6f75d1 100644 --- a/charts/emissary-ingress/templates/deployment.yaml +++ b/charts/emissary-ingress/templates/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Pod metadata: name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} {{- else }} {{- if .Values.daemonSet }} apiVersion: apps/v1 @@ -18,7 +18,7 @@ metadata: {{- else }} name: {{ include "ambassador.fullname" . }} {{- end }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} @@ -156,7 +156,7 @@ spec: {{- toYaml .Values.prometheusExporter.resources | nindent 12 }} {{- end }} - name: {{ if .Values.containerNameOverride }}{{ .Values.containerNameOverride }}{{ else }}{{ .Chart.Name }}{{ end }} - image: {{ include "ambassador.image" . }} + image: {{ .Values.sourceRegistry }}/{{ include "image.repository.path" .Values.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: {{- range .Values.service.ports }} diff --git a/charts/emissary-ingress/templates/exporter-config.yaml b/charts/emissary-ingress/templates/exporter-config.yaml index c15802767..633a607ce 100644 --- a/charts/emissary-ingress/templates/exporter-config.yaml +++ b/charts/emissary-ingress/templates/exporter-config.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: '{{ include "ambassador.fullname" . }}-exporter-config' - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} diff --git a/charts/emissary-ingress/templates/hpa.yaml b/charts/emissary-ingress/templates/hpa.yaml index a9fdb2ce0..38a6f3f29 100644 --- a/charts/emissary-ingress/templates/hpa.yaml +++ b/charts/emissary-ingress/templates/hpa.yaml @@ -3,7 +3,7 @@ apiVersion: autoscaling/v2{{- if semverCompare "<1.23" .Capabilities.KubeVersion kind: HorizontalPodAutoscaler metadata: name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} diff --git a/charts/emissary-ingress/templates/listener.yaml b/charts/emissary-ingress/templates/listener.yaml index 033051cc8..671c2444e 100644 --- a/charts/emissary-ingress/templates/listener.yaml +++ b/charts/emissary-ingress/templates/listener.yaml @@ -4,7 +4,7 @@ apiVersion: getambassador.io/v3alpha1 kind: Listener metadata: name: {{ include "ambassador.fullname" . }}-https-listener - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} spec: port: 8443 protocol: HTTPS @@ -21,7 +21,7 @@ apiVersion: getambassador.io/v3alpha1 kind: Listener metadata: name: {{ include "ambassador.fullname" . }}-http-listener - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} spec: port: 8080 protocol: HTTP diff --git a/charts/emissary-ingress/templates/module.yaml b/charts/emissary-ingress/templates/module.yaml index 619f9859b..8a66c6a60 100644 --- a/charts/emissary-ingress/templates/module.yaml +++ b/charts/emissary-ingress/templates/module.yaml @@ -3,7 +3,7 @@ apiVersion: getambassador.io/v3alpha1 kind: Module metadata: name: ambassador - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} diff --git a/charts/emissary-ingress/templates/namespace.yaml b/charts/emissary-ingress/templates/namespace.yaml index 4535c74f2..c3cde61b4 100644 --- a/charts/emissary-ingress/templates/namespace.yaml +++ b/charts/emissary-ingress/templates/namespace.yaml @@ -4,5 +4,5 @@ kind: Namespace metadata: labels: product: aes - name: {{ include "ambassador.namespace" . }} + name: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} {{- end }} diff --git a/charts/emissary-ingress/templates/pdb.yaml b/charts/emissary-ingress/templates/pdb.yaml index 549a66fd6..2c5a124c9 100644 --- a/charts/emissary-ingress/templates/pdb.yaml +++ b/charts/emissary-ingress/templates/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} diff --git a/charts/emissary-ingress/templates/podsecuritypolicy.yaml b/charts/emissary-ingress/templates/podsecuritypolicy.yaml index 7c0a7489f..455fe9d33 100644 --- a/charts/emissary-ingress/templates/podsecuritypolicy.yaml +++ b/charts/emissary-ingress/templates/podsecuritypolicy.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} diff --git a/charts/emissary-ingress/templates/rbac.yaml b/charts/emissary-ingress/templates/rbac.yaml index b177db0d7..cdcf282ca 100644 --- a/charts/emissary-ingress/templates/rbac.yaml +++ b/charts/emissary-ingress/templates/rbac.yaml @@ -35,7 +35,7 @@ roleRef: name: {{ include "ambassador.rbacName" . }} subjects: - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} kind: ServiceAccount --- @@ -68,7 +68,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} {{- else }} kind: ClusterRole metadata: @@ -139,7 +139,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} @@ -150,7 +150,7 @@ roleRef: name: {{ include "ambassador.rbacName" . }} subjects: - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} kind: ServiceAccount {{- end }} diff --git a/charts/emissary-ingress/templates/resolvers.yaml b/charts/emissary-ingress/templates/resolvers.yaml index 53633ee88..7ecb2fc97 100644 --- a/charts/emissary-ingress/templates/resolvers.yaml +++ b/charts/emissary-ingress/templates/resolvers.yaml @@ -4,7 +4,7 @@ apiVersion: getambassador.io/v3alpha1 kind: KubernetesEndpointResolver metadata: name: {{ .Values.resolvers.endpoint.name }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} @@ -20,7 +20,7 @@ apiVersion: getambassador.io/v3alpha1 kind: ConsulResolver metadata: name: {{ .Values.resolvers.consul.name }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} diff --git a/charts/emissary-ingress/templates/service-canary.yaml b/charts/emissary-ingress/templates/service-canary.yaml index 742473cd1..1a0b7c901 100644 --- a/charts/emissary-ingress/templates/service-canary.yaml +++ b/charts/emissary-ingress/templates/service-canary.yaml @@ -8,7 +8,7 @@ metadata: {{- else }} name: {{ include "ambassador.fullname" . }}-canary {{- end }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} @@ -22,7 +22,7 @@ metadata: a8r.io/chat: http://a8r.io/Slack a8r.io/bugs: https://github.com/datawire/ambassador/issues a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ include "ambassador.namespace" . }} + a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ .Release.Namespace | default .Values.defaultNamespace | quote }} {{- if .Values.service.annotations }} {{- range $key, $value := .Values.service.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/charts/emissary-ingress/templates/service.yaml b/charts/emissary-ingress/templates/service.yaml index 1f3a6706c..6427f1080 100644 --- a/charts/emissary-ingress/templates/service.yaml +++ b/charts/emissary-ingress/templates/service.yaml @@ -6,7 +6,7 @@ metadata: {{- else }} name: {{ include "ambassador.fullname" . }} {{- end }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} @@ -20,7 +20,7 @@ metadata: a8r.io/chat: http://a8r.io/Slack a8r.io/bugs: https://github.com/datawire/ambassador/issues a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ include "ambassador.namespace" . }} + a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ .Release.Namespace | default .Values.defaultNamespace | quote }} {{- if .Values.service.annotations }} {{- range $key, $value := .Values.service.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/charts/emissary-ingress/templates/serviceaccount.yaml b/charts/emissary-ingress/templates/serviceaccount.yaml index ef30c7659..a20596210 100644 --- a/charts/emissary-ingress/templates/serviceaccount.yaml +++ b/charts/emissary-ingress/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app.kubernetes.io/name: {{ include "ambassador.name" . }} {{- include "ambassador.labels" . | nindent 4 }} diff --git a/charts/emissary-ingress/templates/servicemonitor.yaml b/charts/emissary-ingress/templates/servicemonitor.yaml index b2c8122a1..8f33136cf 100644 --- a/charts/emissary-ingress/templates/servicemonitor.yaml +++ b/charts/emissary-ingress/templates/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: app: {{ include "ambassador.name" . }} {{- if .Values.metrics.serviceMonitor.selector }} @@ -21,7 +21,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ include "ambassador.namespace" . }} + - {{ .Release.Namespace | default .Values.defaultNamespace | quote }} selector: matchLabels: service: ambassador-admin diff --git a/charts/emissary-ingress/values.yaml.in b/charts/emissary-ingress/values.yaml similarity index 89% rename from charts/emissary-ingress/values.yaml.in rename to charts/emissary-ingress/values.yaml index 3b7ed1b6b..94e66a04b 100644 --- a/charts/emissary-ingress/values.yaml.in +++ b/charts/emissary-ingress/values.yaml @@ -2,11 +2,11 @@ nameOverride: '' # Override the generated release name. Defaults to .Release.Name. fullnameOverride: '' -# Override the generated release namespace. Defaults to .Release.Namespace. -namespaceOverride: '' + +defaultNamespace: emissary-system # Number of Ambassador replicas -replicaCount: 3 +replicaCount: 2 # If true, Create a DaemonSet. By default Deployment controller will be created daemonSet: false # If true, Create a bare Pod instead of a Deployment or DaemonSet; for @@ -148,11 +148,13 @@ security: # runAsUser: # rule: MustRunAsNonRoot +sourceRegistry: "public.ecr.aws/eks-anywhere" + image: - # Emissary Ingress docker repo - repository: @imageRepo@ - # Emissary Ingress docker tag - tag: @version@ + # Emissary Ingress ecr repo + repository: emissary-ingress/emissary + digest: {{emissary-ingress/emissary}} + tag: # Pod container image pull policy pullPolicy: IfNotPresent @@ -357,7 +359,6 @@ resolvers: # +doc-gen:break module: diagnostics: enabled: false - allow_non_local: true # DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it # @@ -393,40 +394,6 @@ prometheusExporter: # +doc-gen:break # securityContext: # runAsUser: 8888 - -# Configure the ambassador agent -agent: - # If `true`, installs the ambassador-agent Deployment, ServiceAccount and ClusterRole in the ambassador namespace, enabling the Ambassador Cloud connectivity. - enabled: true - # API token for reporting snapshots to [Ambassador Cloud](https://app.getambassador.io/cloud/); - # If empty, agent will not report snapshots - cloudConnectToken: '' - # Address of the Ambassador Cloud rpc server. - rpcAddress: https://app.getambassador.io/ - - # If `true`, Ambassador Agent will report diagnostics to Ambassador Cloud - reportDiagnostics: true - - createArgoRBAC: true - image: - # Leave blank to use image.repository and image.tag - tag: 1.0.3 - repository: docker.io/ambassador/ambassador-agent - pullPolicy: IfNotPresent - - podSecurityContext: {} - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#podsecuritycontext-v1-core - # runAsUser: 8888 - - containerSecurityContext: {} - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#securitycontext-v1-core - # allowPrivilegeEscalation: false - - nodeSelector: {} - tolerations: [] - affinity: {} - - deploymentTool: '' # configure docker to pull from private registry -- 2.40.1