andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add back in assets from main branch

pull/138/head
Arvind Iyengar 2021-08-18 11:45:22 -07:00
parent 8e47015594
commit 2e1d11ad69
No known key found for this signature in database
GPG Key ID: A8DD9BFD6C811498
1439 changed files with 168235 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/ambassador/ambassador-6.7.1100.tgz Normal file
View File

Binary file not shown.

BIN
assets/artifactory-ha/artifactory-ha-3.0.1400.tgz Normal file
View File

Binary file not shown.

BIN
assets/artifactory-ha/artifactory-ha-4.13.000.tgz Normal file
View File

Binary file not shown.

BIN
assets/artifactory-ha/artifactory-ha-4.7.600.tgz Normal file
View File

Binary file not shown.

BIN
assets/artifactory-jcr/artifactory-jcr-2.5.100.tgz Normal file
View File

Binary file not shown.

BIN
assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz Normal file
View File

Binary file not shown.

BIN
assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100.tgz Normal file
View File

Binary file not shown.

BIN
assets/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller-1.8.2800.tgz Normal file
View File

Binary file not shown.

BIN
assets/cloudcasa/cloudcasa-0.1.000.tgz Normal file
View File

Binary file not shown.

BIN
assets/cloudcasa/cloudcasa-1.tgz Normal file
View File

Binary file not shown.

BIN
assets/cockroachdb/cockroachdb-4.1.200.tgz Normal file
View File

Binary file not shown.

BIN
assets/csi-wekafs/csi-wekafsplugin-0.6.400.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-2.4.200.tgz Normal file
View File

Binary file not shown.

BIN
assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz Normal file
View File

Binary file not shown.

BIN
assets/falcon-sensor/falcon-sensor-0.9.300.tgz Normal file
View File

Binary file not shown.

BIN
assets/federatorai/federatorai-4.5.100.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.12.100.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.12.500.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.4.300.tgz Normal file
View File

Binary file not shown.

BIN
assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz Normal file
View File

Binary file not shown.

BIN
assets/hpe-csi-driver/hpe-csi-driver-1.4.200.tgz Normal file
View File

Binary file not shown.

BIN
assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.000.tgz Normal file
View File

Binary file not shown.

BIN
assets/instana-agent/instana-agent-1.0.2900.tgz Normal file
View File

Binary file not shown.

BIN
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500.tgz Normal file
View File

Binary file not shown.

BIN
assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.70.000.tgz Normal file
View File

Binary file not shown.

BIN
assets/logos/cloudcasa.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100.tgz Normal file
View File

Binary file not shown.

BIN
assets/openebs/openebs-1.12.300.tgz Normal file
View File

Binary file not shown.

BIN
assets/portshift-operator/portshift-operator-0.1.000.tgz Normal file
View File

Binary file not shown.

BIN
assets/streamsets/control-agent-2.0.100.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.9.200.tgz Normal file
View File

Binary file not shown.

BIN
assets/universal-crossplane/universal-crossplane-1.2.200100.tgz Normal file
View File

Binary file not shown.

23
charts/ambassador/ambassador/6.7.1100/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
OWNERS

528
charts/ambassador/ambassador/6.7.1100/CHANGELOG.md Normal file
View File

@ -0,0 +1,528 @@
# Change Log
This file documents all notable changes to Ambassador Helm Chart. The release
numbering uses [semantic versioning](http://semver.org).
## Next Release
(no changes yet)
## v6.7.11
- Update Ambassador API Gateway chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
- Update Ambassador Edge Stack chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
- Bugfix: remove duplicate label key in ambassador-agent deployment
## v6.7.10
- Update Ambassador API Gateway chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
- Update Ambassador Edge Stack chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
## v6.7.9
- Update Ambassador chart image to version 1.13.6: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.8
- Update Ambassador chart image to version 1.13.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.7
- Bugfix: ambassador-injector and telepresence-proxy now use the correct default image repository
## v6.7.6
- Update Ambassador chart image to version 1.13.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Change: unless image.repository or image.fullImageOverride is explicitly set, the ambassador image used will be templated on .Values.enableAES. If AES is enabled, the chart will use docker.io/datawire/aes, otherwise will use docker.io/datawire/ambassador.
## v6.7.5
- Update Ambassador chart image to version v1.13.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.4
- Feature: The [Ambassador Module](https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/) can now be configured and managed by Helm
## v6.7.3
- Update Ambassador chart image to version v1.13.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.2
- Bugfix: Don't change the Role name when running in singleNamespace mode.
## v6.7.1
- Update Ambassador chart image to version v1.13.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.0
- Update Ambassador to version 1.13.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Ambassador Agent now available for API Gateway (https://app.getambassador.io)
- Feature: Add support for [pod toplology spread constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) via the `topologySpreadConstraints` helm value to the Ambassador deployment. (thanks, [@lawliet89](https://github.com/lawliet89)!)
- BugFix: Add missing `ambassador_id` for resolvers.
- Change: Ambassador ClusterRoles are now aggregated under the label `rbac.getambassador.io/role-group`. The aggregated role has the same name as the previous role name (so no need to update ClusterRoleBindings).
## v6.6.4
- Update Ambassador to version 1.12.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.6.3
- Update Ambassador to version 1.12.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.6.2
- Update Ambassador to version 1.12.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.6.1
- Fix metadata field in ConsulRevoler
- Make resolvers available to OSS
## v6.6.0
- Update Ambassador to version 1.12.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Apply Ambassador Agent deployment by default to enable Service Catalog reporting (https://app.getambassador.io)
## v6.5.22
- Bugfix: Disable the cloud agent by default. The agent will be enabled in 6.6.0.
- Bugfix: Adds a check to prevent the cloud agent from being installed if AES version is less than 1.12.0
## v6.5.21
- Update Ambassador to version 1.12.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Add support for the ambassador-agent, reporting to Service Catalog (https://app.getambassador.io)
- Feature: All services are automatically instrumented with discovery annotations.
## v6.5.20
- Update Ambassador to version v1.11.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.19
- Make all `livenessProbe` and `readinessProbe` configurations available to the values file
## v6.5.18
- Update Ambassador to version v1.11.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.17
- Update Ambassador to version v1.11.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Bugfix: Fix Mapping definition to correctly support labels in use.
## v6.5.16
- Bugfix: Ambassador CRD cleanup will now execute as expected.
## v6.5.15
- Bugfix: Ambassador RBAC now includes permissions for IngressClasses.
## v6.5.14
- Update for Ambassador v1.10.0
## v6.5.13
- Update for Ambassador v1.9.1
## v6.5.12
- Feature: Add ability to configure `terminationGracePeriodSeconds` for the Ambassador container
- Update for Ambassador v1.9.0
## v6.5.11
- Feature: add affinity and tolerations support for redis pods
## v6.5.10
- Update Ambassador to version 1.8.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.9
- Update Ambassador to version 1.8.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Bugfix: The RBAC for AES now grants permission to "patch" Events.v1.core. Previously it granted "create" but not "patch".
## v6.5.8
- Update Ambassador to version 1.7.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.7
- Update Ambassador to version 1.7.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- The BusyBox image image used by `test-ready` is now configurable (thanks, [Alan Silva](https://github.com/OmegaVVeapon)!)
## v6.5.6
- Update Ambassador to version 1.7.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Allow overriding the namespace for the release using the values file: [ambassador-chart/#122](https://github.com/datawire/ambassador-chart/pull/122)
## v6.5.5
- Allow hyphens in service annotations: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.4
- Upgrade Ambassador to version 1.7.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.3
- Upgrade Ambassador to version 1.7.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.2
- Feature: Add support for DaemonSet/Deployment labels: [ambassador-chart/#114](https://github.com/datawire/ambassador-chart/pull/114)
- Upgrade Ambassador to version 1.6.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.1
- Upgrade Ambassador to version 1.6.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.0
- Upgrade Ambassador to version 1.6.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.10
- Feature: Allow specifying annotations for the license-key-secret: [ambassador-chart/#106](https://github.com/datawire/ambassador-chart/issues/106)
- Feature: Annotation for keeping the AES secret on removal: [ambassador-chart/#110](https://github.com/datawire/ambassador-chart/issues/110)
- Fix: do not mount the secret if we do not want a secret: [ambassador-chart/#103](https://github.com/datawire/ambassador-chart/issues/103)
- Internal CI refactorings.
## v6.4.9
- BugFix: Cannot specify podSecurityPolicies: [ambassador-chart/#97](https://github.com/datawire/ambassador-chart/issues/97)
## v6.4.8
- Upgrade Ambassador to version 1.5.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.7
- BugFix: Registry service is now using the proper `app.kubernetes.io/name`
- BugFix: Restore ability to set `REDIS` env vars in `env` instead of `redisEnv`
- Feature: Add `envRaw` to support supplying raw yaml for environment variables. Deprecates `redisEnv`.
## v6.4.6
- Upgrade Ambassador to version 1.5.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Added support setting external IPs for the ambassador service (thanks, [Jason Smith](https://github.com/jasons42)!)
## v6.4.5
- Upgrade Ambassador to version 1.5.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.4
- Feature flag for enabling or disabling the [`Project` registry](https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/)
- redisEnv for setting environment variables to control how Ambassador interacts with redis. See [redis environment](https://www.getambassador.io/docs/edge-stack/latest/topics/running/environment/#redis)
## v6.4.3
- Upgrade Ambassador to version 1.5.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.2
- Upgrade Ambassador to version 1.5.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.1
- BugFix: The `PodSecurityPolicy` should not be created by default since it is a cluster-wide resource that should only be created once.
If you would like to use the default `PodSecurityPolicy`, make sure to unset `security.podSecurityPolicy` it in all other releases.
## v6.4.0
- Upgrade Ambassador to version 1.5.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- AuthService and RateLimitService are now installed in the same namespace as Ambassador.
- Changes RBAC permissions to better support single-namespace installations and detecting getambassador.io CRDs.
- Add option to install Service Preview components (traffic-manager, traffic-agent).
- Add option to install ambassador-injector, alongside Service Preview.
- Add additional security policy configurations.
`securityContext` has been deprecated in favor of `security` which allows you to set container and pod security contexts as well as a default `PodSecurityPolicy`.
## v6.3.6
- Switch from Quay.io to DockerHub
## v6.3.5
- Upgrade Ambassador to version 1.4.3: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.4
- Minor bug fixes
## v6.3.3
- Add extra labels to ServiceMonitor: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.2
- Upgrade Ambassador to version 1.4.2: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.1
- Upgrade Ambassador to version 1.4.1: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.0
- Adds: Option to create a ServiceMonitor for scraping via Prometheus Operator
## v6.2.5
- Upgrade Ambassador to version 1.4.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.2.4
- Fix typing so that Helm3 doesn't complain (thanks, [Fabrice Rabaute](https://github.com/jfrabaute)!)
## v6.2.3
- Upgrade Ambassador to version 1.3.2.
- Use explicit types for things like ports, so that things like `helm .. --set service.ports[0].port=80` will be integers instead of ending up as strings
## v6.2.2
- Upgrade Ambassador to version 1.3.1.
- Remove unnecessary `version` field from CRDs.
- Add static label to AES resources, to better support `edgectl install`
## v6.2.1
- Upgrade Ambassador to version 1.3.0.
## v6.2.0
- Add option to not create DevPortal routes
## v6.1.5
- Upgrade Ambassador to version 1.2.2.
## v6.1.4
- Upgrade from Ambassador 1.2.0 to 1.2.1.
## v6.1.3
- Upgrade from Ambassador 1.1.1 to 1.2.0.
## v6.1.2
- Upgrade from Ambassador 1.1.0 to 1.1.1.
## v6.1.1
Minor Improvements:
- Adds: Option to override the name of the RBAC resources
## v6.1.0
Minor improvements including:
- Adds: Option to set `restartPolicy`
- Adds: Option to give the AES license key secret a custom name
- Fixes: Assumption that the AES will be installed only from the `datawire/aes` repository. The `enableAES` flag now configures whether the AES is installed.
- Clarification on how to install OSS
## v6.0.0
Introduces Ambassador Edge Stack being installed by default.
### Breaking changes
Ambassador Pro support has been removed in 6.0.0. Please upgrade to the Ambassador Edge Stack.
## v5.0.0
### Breaking changes
**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified.
- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed
## v4.0.0
### Breaking Changes
- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core
- The license key is now stored and read from a Kubernetes secret by default
- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret.
### Minor Changes
- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance
- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/))
- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true`
- Fixed misnamed selector for redis instance that failed in an edge case
- Exposes annotations for redis deployment and service
## v3.0.0
### Breaking Changes
- The default annotation has been removed. The service port will be set dynamically to 8080 or 8443 for http and https respectively.
- `service.http`, `service.https`, and `additionalTCPPort` has been replaced with `service.ports`.
- `rbac.namespaced` has been removed. Use `scope.singleNamespace` instead.
### Minor Changes
- Ambassador Pro will pick up when `AMBASSADOR_ID` is set in `.Values.env` [[#15025]](https://github.com/helm/charts/issues/15025).
- `{{release name}}-admins` has been renamed to `{{release name}}-admin` to match YAML install templates
- RBAC configuration has been updated to allow for CRD use when `scope.singleNamespace: true`. [[ambassador/#1576]](https://github.com/datawire/ambassador/issues/1576)
- RBAC configuration now allows for multiple Ambassadors to use CRDs. Set `crds.enabled` in releases that expect CRDs [[ambassador/#1679]](https://github.com/datawire/ambassador/issues/1679)
## v2.6.0
### Minor Changes
- Add ambassador CRDs!
- Update ambassador to 0.70.0
## v2.5.1
### Minor Changes
- Update ambassador to 0.61.1
## v2.5.0
### Minor Changes
- Add support for autoscaling using HPA, see `autoscaling` values.
## v2.4.1
### Minor Changes
- Update ambassador to 0.61.0
## v2.4.0
### Minor Changes
- Allow configuring `hostNetwork` and `dnsPolicy`
## v2.3.1
### Minor Changes
- Adds HOST_IP environment variable
## v2.3.0
### Minor Changes
- Adds support for init containers using `initContainers` and pod labels `podLabels`
## v2.2.5
### Minor Changes
- Update ambassador to 0.60.3
## v2.2.4
### Minor Changes
- Add support for Ambassador PRO [see readme](https://github.com/helm/charts/blob/master/stable/ambassador/README.md#ambassador-pro)
## v2.2.3
### Minor Changes
- Update ambassador to 0.60.2
## v2.2.2
### Minor Changes
- Update ambassador to 0.60.1
## v2.2.1
### Minor Changes
- Fix RBAC for ambassador 0.60.0
## v2.2.0
### Minor Changes
- Update ambassador to 0.60.0
## v2.1.0
### Minor Changes
- Added `scope.singleNamespace` for configuring ambassador to run in single namespace
## v2.0.2
### Minor Changes
- Update ambassador to 0.53.1
## v2.0.1
### Minor Changes
- Update ambassador to 0.52.0
## v2.0.0
### Major Changes
- Removed `ambassador.id` and `namespace.single` in favor of setting environment variables.
## v1.1.5
### Minor Changes
- Update ambassador to 0.50.3
## v1.1.4
### Minor Changes
- support targetPort specification
## v1.1.3
### Minor Changes
- Update ambassador to 0.50.2
## v1.1.2
### Minor Changes
- Add additional chart maintainer
## v1.1.1
### Minor Changes
- Default replicas -> 3
## v1.1.0
### Minor Changes
- Allow RBAC to be namespaced (`rbac.namespaced`)
## v1.0.0
### Major Changes
- First release of Ambassador Helm Chart in helm/charts
- For migration see [Migrating from datawire/ambassador chart](https://github.com/helm/charts/tree/master/stable/ambassador#migrating-from-datawireambassador-chart-chart-version-0400-or-0500)

23
charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md Normal file
View File

@ -0,0 +1,23 @@
# Contributing to the Ambassador Helm Chart
This Helm chart is used to install The Ambassador Edge Stack (AES) and is
maintained by Datawire.
## Developing
All work on the helm chart should be done in a separate branch off `master` and
contributed with a Pull Request targeting `master`.
**Note**: All updates to the chart require you update the `version` in
`Chart.yaml`.
## Testing
The `ci/` directory contains scripts that will be run on PRs to `master`.
- `ci/run_tests.sh` will run the tests of the chart.
## Releasing
Releasing a new chart is done by pushing a tag to `master`. Travis will then
run the tests and push the chart to `https://getambassador.io/helm`.

28
charts/ambassador/ambassador/6.7.1100/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Ambassador Edge Stack
catalog.cattle.io/release-name: ambassador
apiVersion: v1
appVersion: 1.13.8
description: A Helm chart for Datawire Ambassador
home: https://www.getambassador.io/
icon: https://www.getambassador.io/images/logo.png
keywords:
- api gateway
- ambassador
- datawire
- envoy
maintainers:
- email: markus@maga.se
name: flydiverny
- email: flynn@datawire.io
name: kflynn
- email: nkrause@datawire.io
name: nbkrause
- email: lukeshu@datawire.io
name: lukeshu
name: ambassador
sources:
- https://github.com/datawire/ambassador
- https://github.com/prometheus/statsd_exporter
version: 6.7.1100

37
charts/ambassador/ambassador/6.7.1100/Makefile Normal file
View File

@ -0,0 +1,37 @@
HELM_TEST_IMAGE = quay.io/helmpack/chart-testing:v3.0.0-rc.1
K3D_CLUSTER_NAME = helm-chart-test-cluster
CHART_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST)))))
CHART_KUBECONFIG := /tmp/kubeconfig/k3dconfig
CT_EXEC = docker run --rm -v $(CHART_KUBECONFIG):/root/.kube/config -v $(CHART_DIR):/charts --network host $(HELM_TEST_IMAGE) ct
K3D_EXEC := KUBECONFIG=$(CHART_KUBECONFIG) k3d
test-chart: lint-chart preflight-chart-test chart-create-cluster
$(CT_EXEC) install --config /charts/ct.yaml && \
$(MAKE) chart-delete-cluster
.PHONY: test-chart
lint-chart: preflight-kubeconfig
$(CT_EXEC) lint --config /charts/ct.yaml
.PHONY: lint-chart
preflight-chart-test: preflight-kubeconfig
# check if k3d is installed
@if ! command -v k3d 2> /dev/null ; then \
printf 'k3d not installed, plz do that'; \
false; \
fi
.PHONY: preflight-chart-test
preflight-kubeconfig:
mkdir -p `dirname $(CHART_KUBECONFIG)`
touch $(CHART_KUBECONFIG)
.PHONY: preflight-kubeconfig
chart-create-cluster: preflight-kubeconfig
$(MAKE) chart-delete-cluster || true
$(K3D_EXEC) cluster create $(K3D_CLUSTER_NAME) --k3s-server-arg "--no-deploy=traefik"
.PHONY: chart-create-cluster
chart-delete-cluster:
$(K3D_EXEC) cluster delete $(K3D_CLUSTER_NAME)
.PHONY: chart-delete-cluster

478
charts/ambassador/ambassador/6.7.1100/README.md Normal file
View File

@ -0,0 +1,478 @@
# Ambassador
The Ambassador Edge Stack is a self-service, comprehensive edge stack that is Kubernetes-native and built on [Envoy Proxy](https://www.envoyproxy.io/).
## TL;DR;
```console
$ helm repo add datawire https://getambassador.io
$ helm install ambassador datawire/ambassador
```
## Introduction
This chart bootstraps an [Ambassador](https://www.getambassador.io) deployment on
a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.11+
## Add this Helm repository to your Helm client
```console
helm repo add datawire https://getambassador.io
```
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ kubectl create namespace ambassador
$ helm install my-release datawire/ambassador -n ambassador
```
The command deploys Ambassador Edge Stack in the ambassador namespace on the Kubernetes cluster in the default configuration.
It is recommended to use the ambassador namespace for easy upgrades.
The [configuration](#configuration) section lists the parameters that can be configured during installation.
### Ambassador Edge Stack Installation
This chart defaults to installing The Ambassador Edge Stack with all of its configuration objects.
- A Redis instance
- `AuthService` resource for enabling authentication
- `RateLimitService` resource for enabling rate limiting
- `Mapping`s for internal request routing
If installing alongside another deployment of Ambassador, some of these resources can cause configuration errors since only one `AuthService` or `RateLimitService` can be configured at a time.
If you already have one of these resources configured in your cluster, please see the [configuration](#configuration) section below for information on how to disable them in the chart.
### Ambassador OSS Installation
This chart can still be used to install Ambassador OSS.
To install OSS, change the `image` to use the OSS image and set `enableAES: false` to skip the install of any AES resources.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm uninstall my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Changelog
Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md)
## Configuration
The following tables lists the configurable parameters of the Ambassador chart and their default values.
| Parameter | Description | Default |
|----------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
| `nameOverride` | Override the generated chart name. Defaults to .Chart.Name. | |
| `fullnameOverride` | Override the generated release name. Defaults to .Release.Name. | |
| `namespaceOverride` | Override the generated release namespace. Defaults to .Release.Namespace. | |
| `adminService.create` | If `true`, create a service for Ambassador's admin UI | `true` |
| `adminService.nodePort` | If explicit NodePort for admin service is required | `true` |
| `adminService.type` | Ambassador's admin service type to be used | `ClusterIP` |
| `adminService.annotations` | Annotations to apply to Ambassador admin service | `{}` |
| `adminService.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` |
| `adminService.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None |
| `ambassadorConfig` | Config thats mounted to `/ambassador/ambassador-config` | `""` |
| `crds.enabled` | If `true`, enables CRD resources for the installation. | `true` |
| `crds.create` | If `true`, Creates CRD resources | `true` |
| `crds.keep` | If `true`, if the ambassador CRDs should be kept when the chart is deleted | `true` |
| `daemonSet` | If `true`, Create a DaemonSet. By default Deployment controller will be created | `false` |
| `test.enabled` | If `true`, Create test Pod to verify the Ambassador service works correctly (Only created on `helm test`) | `true` |
| `test.image` | Image to use for the test Pod | `busybox` |
| `hostNetwork` | If `true`, uses the host network, useful for on-premise setups | `false` |
| `dnsPolicy` | Dns policy, when hostNetwork set to ClusterFirstWithHostNet | `ClusterFirst` |
| `env` | Any additional environment variables for ambassador pods | `{}` |
| `envRaw` | Additional environment variables in raw YAML format | `{}` |
| `image.pullPolicy` | Ambassador image pull policy | `IfNotPresent` |
| `image.repository` | Ambassador image | `docker.io/datawire/aes` |
| `image.tag` | Ambassador image tag | `1.13.8` |
| `imagePullSecrets` | Image pull secrets | `[]` |
| `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` |
| `scope.singleNamespace` | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false` |
| `podAnnotations` | Additional annotations for ambassador pods | `{}` |
| `deploymentAnnotations` | Additional annotations for ambassador DaemonSet/Deployment | `{}` |
| `podLabels` | Additional labels for ambassador pods | |
| `deploymentLabels` | Additional labels for ambassador DaemonSet/Deployment | |
| `affinity` | Affinity for ambassador pods | `{}` |
| `topologySpreadConstraints` | Topology Spread Constraints for Ambassador pods. Stable since 1.19. | `[]` |
| `nodeSelector` | NodeSelector for ambassador pods | `{}` |
| `priorityClassName` | The name of the priorityClass for the ambassador DaemonSet/Deployment | `""` |
| `rbac.create` | If `true`, create and use RBAC resources | `true` |
| `rbac.podSecurityPolicies` | pod security polices to bind to | |
| `rbac.nameOverride` | Overrides the default name of the RBAC resources | `` |
| `replicaCount` | Number of Ambassador replicas | `3` |
| `resources` | CPU/memory resource requests/limits | `{ "limits":{"cpu":"1000m","memory":"600Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` |
| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` |
| `security.podSecurityContext` | Set the security context for the Ambassador pod | `{ "runAsUser": "8888" }` |
| `security.containerSecurityContext` | Set the security context for the Ambassador container | `{ "allowPrivilegeEscalation": false }` |
| `security.podSecurityPolicy` | Create a PodSecurityPolicy to be used for the pod. | `{}` |
| `restartPolicy` | Set the `restartPolicy` for pods | `` |
| `terminationGracePeriodSeconds` | Set the `terminationGracePeriodSeconds` for the pod. Defaults to 30 if unset. | `` |
| `initContainers` | Containers used to initialize context for pods | `[]` |
| `sidecarContainers` | Containers that share the pod context | `[]` |
| `livenessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's liveness probe | `30` |
| `livenessProbe.periodSeconds` | Probe period (s) for Ambassador pod's liveness probe | `3` |
| `livenessProbe.failureThreshold` | Failure threshold for Ambassador pod's liveness probe | `3` |
| `readinessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's readiness probe | `30` |
| `readinessProbe.periodSeconds` | Probe period (s) for Ambassador pod's readiness probe | `3` |
| `readinessProbe.failureThreshold` | Failure threshold for Ambassador pod's readiness probe | `3` |
| `service.annotations` | Annotations to apply to Ambassador service | `""` |
| `service.externalTrafficPolicy` | Sets the external traffic policy for the service | `""` |
| `service.nameOverride` | Sets the name of the service | `ambassador.fullname` |
| `service.ports` | List of ports Ambassador is listening on | `[{"name": "http","port": 80,"targetPort": 8080},{"name": "https","port": 443,"targetPort": 8443}]` |
| `service.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` |
| `service.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None |
| `service.sessionAffinity` | Sets the session affinity policy for the service | `""` |
| `service.sessionAffinityConfig` | Sets the session affinity config for the service | `""` |
| `service.type` | Service type to be used | `LoadBalancer` |
| `service.externalIPs` | External IPs to route to the ambassador service | `[]` |
| `serviceAccount.create` | If `true`, create a new service account | `true` |
| `serviceAccount.name` | Service account to be used | `ambassador` |
| `volumeMounts` | Volume mounts for the ambassador service | `[]` |
| `volumes` | Volumes for the ambassador service | `[]` |
| `enableAES` | Create the [AES configuration objects](#ambassador-edge-stack-installation) | `true` |
| `createDevPortalMappings` | Expose the dev portal on `/docs/` and `/documentation/` | `true` |
| `licenseKey.value` | Ambassador Edge Stack license. Empty will install in evaluation mode. | `` |
| `licenseKey.createSecret` | Set to `false` if installing mutltiple Ambassdor Edge Stacks in a namespace. | `true` |
| `licenseKey.secretName` | Name of the secret to store Ambassador license key in. | `` |
| `licenseKey.annotations` | Annotations to attach to the license-key-secret. | {} |
| `redisURL` | URL of redis instance not created by the release | `""` |
| `redisEnv` | (**DEPRECATED:** Use `envRaw`) Set env vars that control how Ambassador interacts with redis. | `""` |
| `redis.create` | Create a basic redis instance with default configurations | `true` |
| `redis.annotations` | Annotations for the redis service and deployment | `""` |
| `redis.resources` | Resource requests for the redis instance | `""` |
| `redis.nodeSelector` | NodeSelector for redis pods | `{}` |
| `redis.affinity` | Affinity for redis pods | `{}` |
| `redis.tolerations` | Tolerations for redis pods | `{}` |
| `authService.create` | Create the `AuthService` CRD for Ambassador Edge Stack | `true` |
| `authService.optional_configurations` | Config options for the `AuthService` CRD | `""` |
| `rateLimit.create` | Create the `RateLimit` CRD for Ambassador Edge Stack | `true` |
| `registry.create` | Create the `Project` registry. | `false` |
| `autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | `false` |
| `autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2` |
| `autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `5` |
| `autoscaling.metrics` | If autoscaling enabled, configure hpa metrics | |
| `podDisruptionBudget` | Pod disruption budget rules | `{}` |
| `resolvers.endpoint.create` | Create a KubernetesEndpointResolver | `false` |
| `resolvers.endpoint.name` | If creating a KubernetesEndpointResolver, the resolver name | `endpoint` |
| `resolvers.consul.create` | Create a ConsulResolver | `false` |
| `resolvers.consul.name` | If creating a ConsulResolver, the resolver name | `consul-dc1` |
| `resolvers.consul.spec` | If creating a ConsulResolver, additional configuration | `{}` |
| `module` | Configure and manage the Ambassador Module from the Chart | `{}` |
| `prometheusExporter.enabled` | DEPRECATED: Prometheus exporter side-car enabled | `false` |
| `prometheusExporter.pullPolicy` | DEPRECATED: Image pull policy | `IfNotPresent` |
| `prometheusExporter.repository` | DEPRECATED: Prometheus exporter image | `prom/statsd-exporter` |
| `prometheusExporter.tag` | DEPRECATED: Prometheus exporter image | `v0.8.1` |
| `prometheusExporter.resources` | DEPRECATED: CPU/memory resource requests/limits | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object (`adminService.create` should be to `true`) | `false` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
| `metrics.serviceMonitor.selector` | Label Selector for Prometheus to find ServiceMonitors | `{ prometheus: kube-prometheus }` |
| `servicePreview.enabled` | If true, install Service Preview components: traffic-manager & traffic-agent (`enableAES` needs to also be to `true`) | `false` |
| `servicePreview.trafficManager.image.repository` | Ambassador Traffic-manager image | Same value as `image.repository` |
| `servicePreview.trafficManager.image.tag` | Ambassador Traffic-manager image tag | Same value as `image.tag` |
| `servicePreview.trafficManager.serviceAccountName` | Traffic-manager Service Account to be used | `traffic-manager` |
| `servicePreview.trafficAgent.image.repository` | Ambassador Traffic-agent image | Same value as `image.repository` |
| `servicePreview.trafficAgent.image.tag` | Ambassador Traffic-agent image tag | Same value as `image.tag` |
| `servicePreview.trafficAgent.injector.enabled` | If true, install the ambassador-injector | `true` |
| `servicePreview.trafficAgent.injector.crtPEM` | TLS certificate for the Common Name of <ambassador-injector>.<namespace>.svc | Auto-generated, valid for 365 days |
| `servicePreview.trafficAgent.injector.keyPEM` | TLS private key for the Common Name of <ambassador-injector>.<namespace>.svc | Auto-generated, valid for 365 days |
| `servicePreview.trafficAgent.port` | Traffic-agent listening port number when injected with ambassador-injector | `9900` |
| `servicePreview.trafficAgent.serviceAccountName` | Label Selector for Prometheus to find ServiceMonitors | `traffic-agent` |
| `servicePreview.trafficAgent.singleNamespace` | If `true`, installs the traffic-agent ServiceAccount and Role in the current installation namespace; Otherwise uses a global ClusterRole applied to every ServiceAccount | `true` |
| `agent.enabled` | If `true`, installs the ambassador-agent Deployment, ServiceAccount and ClusterRole in the ambassador namespace | `true` |
| `agent.cloudConnectionToken` | API token for reporting snapshots to the [Service Catalog](https://app.getambassador.io/cloud/catalog/); If empty, agent will not report snapshots | `""` |
| `agent.rpcAddress` | Address of the ambassador Service Catalog rpc server. | `https://app.getambassador.io/` |
| `agent.image.repository` | Image repository for the ambassador-agent deployment. Defaults to value of `image.repository` | Same value as `image.repository` |
| `agent.image.tag` | Image tag for the ambassador-agent deployment. Defaults to value of `image.tag` | Same value as `image.tag` |
**NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations.
### The Ambasssador Edge Stack
The Ambassador Edge Stack provides a comprehensive, self-service edge stack in
the Kubernetes cluster with a decentralized deployment model and a declarative
paradigm.
By default, this chart will install the latest image of The Ambassador Edge
Stack which will replace your existing deployment of Ambassador with no changes
to functionality.
### CRDs
This helm chart includes the creation of the core CRDs Ambassador uses for
configuration.
The `crds` flags (Helm 2 only) let you configure how a release manages crds.
- `crds.create` Can only be set on your first/master Ambassador release.
- `crds.enabled` Should be set on all releases using Ambassador CRDs
- `crds.keep` Configures if the CRDs are deleted when the master release is
purged. This value is only checked for the master release and can be set to
any value on secondary releases.
### Security
Ambassador takes security very seriously. For this reason, the YAML installation will default with a couple of basic security policies in place.
The `security` field of the `values.yaml` file configures these default policies and replaces the `securityContext` field used earlier.
The defaults will configure the pod to run as a non-root user and prohibit privilege escalation and outline a `PodSecurityPolicy` to ensure these conditions are met.
```yaml
security:
# Security Context for all containers in the pod.
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core
podSecurityContext:
runAsUser: 8888
# Security Context for the Ambassador container specifically
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
# A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
#
# A set of reasonable defaults is outlined below. This is not created by default as it should only
# be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in
# the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies`
# in all non-"master" Releases.
podSecurityPolicy: {}
# # Add AppArmor and Seccomp annotations
# # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
# annotations:
# spec:
# seLinux:
# rule: RunAsAny
# supplementalGroups:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# fsGroup:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# privileged: false
# allowPrivilegeEscalation: false
# runAsUser:
# rule: MustRunAsNonRoot
```
### Annotations
Ambassador is configured using Kubernetes Custom Resource Definitions (CRDs). If you are unable to use CRDs, Ambassador can also be configured using annotations on services. The `service.annotations` section of the values file contains commented out examples of [Ambassador Module](https://www.getambassador.io/reference/core/ambassador) and a global [TLSContext](https://www.getambassador.io/reference/core/tls) configurations which are typically created in the Ambassador service.
If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above.
### Prometheus Metrics
Using the Prometheus Exporter has been deprecated and is no longer recommended. You can now use `metrics.serviceMonitor.enabled` to create a `ServiceMonitor` from the chart if the [Prometheus Operator](https://github.com/coreos/prometheus-operator) has been installed on your cluster.
Please see Ambassador's [monitoring with Prometheus](https://www.getambassador.io/user-guide/monitoring/) docs for more information on using the `/metrics` endpoint for metrics collection.
### Specifying Values
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install --wait my-release \
--set adminService.type=NodePort \
datawire/ambassador
```
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
$ helm install --wait my-release -f values.yaml datawire/ambassador
```
---
# Upgrading
## To 6.0.0
Introduces Ambassador Edge Stack being installed by default.
### Breaking changes
Ambassador Pro support has been removed in 6.0.0. Please [upgrade to the Ambassador Edge Stack](https://www.getambassador.io/user-guide/helm).
## To 5.0.0
### Breaking changes
**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified.
- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed
## To 4.0.0
The 4.0.0 chart contains a number of changes to the way Ambassador Pro is installed.
- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core
- The license key is now stored and read from a Kubernetes secret by default
- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret.
- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance
- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/))
- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true`
- Fixed misnamed selector for redis instance that failed in an edge case
- Exposes annotations for redis deployment and service
### Breaking changes
The value of `.Values.pro.image.tag` has been shortened to assume `amb-sidecar` (and `amb-core` for Ambassador core)
`values.yaml`
```diff
<3.0.0>
image:
repository: quay.io/datawire/ambassador_pro
- tag: amb-sidecar-0.6.0
<4.0.0+>
image:
repository: quay.io/datawire/ambassador_pro
+ tag: 0.7.0
```
Method for creating a Kubernetes secret to hold the license key has been changed
`values.yaml`
```diff
<3.0.0>
- secret: false
<4.0.0>
+ secret:
+ enabled: true
+ create: true
```
## To 3.0.0
### Service Ports
The way ports are assigned has been changed for a more dynamic method.
Now, instead of setting the port assignments for only the http and https, any port can be open on the load balancer using a list like you would in a standard Kubernetes YAML manifest.
`pre-3.0.0`
```yaml
service:
http:
enabled: true
port: 80
targetPort: 8080
https:
enabled: true
port: 443
targetPort: 8443
```
`3.0.0`
```yaml
service:
ports:
- name: http
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
```
This change has also replaced the `.additionalTCPPorts` configuration. Additional TCP ports can be created the same as the http and https ports above.
### Annotations and `service_port`
The below Ambassador `Module` annotation is no longer being applied by default.
```yaml
getambassador.io/config: |
---
apiVersion: ambassador/v1
kind: Module
name: ambassador
config:
service_port: 8080
```
This was causing confusion with the `service_port` being hard-coded when enabling TLS termination in Ambassador.
Ambassador has been listening on port 8080 for HTTP and 8443 for HTTPS by default since version `0.60.0` (chart version 2.2.0).
### RBAC and CRDs
A `ClusterRole` and `ClusterRoleBinding` named `{{release name}}-crd` will be created to watch for the Ambassador Custom Resource Definitions. This will be created regardless of the value of `scope.singleNamespace` since CRDs are created the cluster scope.
`rbac.namespaced` has been removed. For namespaced RBAC, set `scope.singleNamespace: true` and `rbac.enabled: true`.
`crds.enabled` will indicate that you are using CRDs and will create the rbac resources regardless of the value of `crds.create`. This allows for multiple deployments to use the CRDs.
## To 2.0.0
### Ambassador ID
ambassador.id has been removed in favor of setting it via an environment variable in `env`. `AMBASSADOR_ID` defaults to `default` if not set in the environment. This is mainly used for [running multiple Ambassadors](https://www.getambassador.io/reference/running#ambassador_id) in the same cluster.
| Parameter | Env variables |
| --------------- | --------------- |
| `ambassador.id` | `AMBASSADOR_ID` |
## Migrating from `datawire/ambassador` chart (chart version 0.40.0 or 0.50.0)
Chart now runs ambassador as non-root by default, so you might need to update your ambassador module config to match this.
### Timings
Timings values have been removed in favor of setting the env variables using `env´
| Parameter | Env variables |
| ----------------- | -------------------------- |
| `timing.restart` | `AMBASSADOR_RESTART_TIME` |
| `timing.drain` | `AMBASSADOR_DRAIN_TIME` |
| `timing.shutdown` | `AMBASSADOR_SHUTDOWN_TIME` |
### Single namespace
| Parameter | Env variables |
| ------------------ | ----------------------------- |
| `namespace.single` | `AMBASSADOR_SINGLE_NAMESPACE` |
### Renamed values
Service ports values have changed names and target ports have new defaults.
| Previous parameter | New parameter | New default value |
| --------------------------- | -------------------------- | ----------------- |
| `service.enableHttp` | `service.http.enabled` | |
| `service.httpPort` | `service.http.port` | |
| `service.httpNodePort` | `service.http.nodePort` | |
| `service.targetPorts.http` | `service.http.targetPort` | `8080` |
| `service.enableHttps` | `service.https.enabled` | |
| `service.httpsPort` | `service.https.port` | |
| `service.httpsNodePort` | `service.https.nodePort` | |
| `service.targetPorts.https` | `service.https.targetPort` | `8443` |
### Exporter sidecar
Pre version `0.50.0` ambassador was using socat and required a sidecar to export statsd metrics. In `0.50.0` ambassador no longer uses socat and doesn't need a sidecar anymore to export its statsd metrics. Statsd metrics are disabled by default and can be enabled by setting environment `STATSD_ENABLED`, this will (in 0.50) send metrics to a service named `statsd-sink`, if you want to send it to another service or namespace it can be changed by setting `STATSD_HOST`
If you are using prometheus the chart allows you to enable a sidecar which can export to prometheus see the `prometheusExporter` values.

8
charts/ambassador/ambassador/6.7.1100/RELEASE.tpl Normal file
View File

@ -0,0 +1,8 @@
## :tada: Ambassador Chart $CHART_VERSION :tada:
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md
---

1
charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl Normal file
View File

@ -0,0 +1 @@
Ambassador Chart $CHART_VERSION

13
charts/ambassador/ambassador/6.7.1100/app-readme.md Normal file
View File

@ -0,0 +1,13 @@
# Ambassador Edge Stack and Emissary Ingress Chart
[Ambassador Edge Stack](https://www.getambassador.io/products/edge-stack/) and its open source CNCF counterpart [Emissary-Ingress](https://www.getambassador.io/products/api-gateway/) are Kubernetes native, high-performance Ingress controllers designed with GitOps workflows and developer experience in mind. The Edge Stack allows users to manage [Authentication](https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/), [Rate Limits](https://www.getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/), [TLS](https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/) and more with easy-to-use resources for [managing your APIs](https://www.getambassador.io/docs/edge-stack/latest/topics/using/intro-mappings/).
## Service Catalog
The default installation of Ambassador Edge Stack includes the deployment needed to get started with [Service Catalog](https://www.getambassador.io/products/service-catalog/) and the [Developer Control Plane](https://www.getambassador.io/developer-control-plane/). Simply generate your [Cloud Token](https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/#1-connect-your-cluster-to-ambassador-cloud) and add it in the Service Catalog section as you're setting up the chart.
## More Info
Visit the [Quick Start](https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/) page for more instructions, or check out our [documentation](https://www.getambassador.io/docs/edge-stack). For any questions, or to join the community, visit our [Slack](https://a8r.io/slack) and say hi!
* Ambassador recommends a Kubernetes version of 1.16 or higher.

40
charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml Normal file
View File

@ -0,0 +1,40 @@
security:
# Security Context for all containers in the pod.
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core
podSecurityContext:
runAsUser: 8888
# Security Context for the Ambassador container specifically
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
# A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
#
# A set of reasonable defaults is outlined below. This is not created by default as it should only
# be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in
# the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies`
# in all non-"master" Releases.
podSecurityPolicy:
# Add AppArmor and Seccomp annotations
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
annotations:
seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: MustRunAsNonRoot

8
charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml Normal file
View File

@ -0,0 +1,8 @@
# install the Ambassador API Gateway
image:
pullPolicy: IfNotPresent
enableAES: false
deploymentStrategy:
type: Recreate

8
charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml Normal file
View File

@ -0,0 +1,8 @@
service:
type: NodePort
authService:
create: false
deploymentStrategy:
type: Recreate

8
charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml Normal file
View File

@ -0,0 +1,8 @@
deploymentStrategy:
type: Recreate
service:
type: NodePort
autoscaling:
enabled: true

8
charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml Normal file
View File

@ -0,0 +1,8 @@
service:
type: NodePort
deploymentStrategy:
type: Recreate
scope:
singleNamespace: true

9
charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml Normal file
View File

@ -0,0 +1,9 @@
service:
type: NodePort
redis:
enabled: false
# Annotations for Ambassador Pro's redis instance.
deploymentStrategy:
type: Recreate

7
charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml Normal file
View File

@ -0,0 +1,7 @@
service:
type: NodePort
deploymentStrategy:
type: RollingUpdate
daemonSet: true

8
charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml Normal file
View File

@ -0,0 +1,8 @@
service:
type: NodePort
rateLimit:
create: false
deploymentStrategy:
type: Recreate

3
charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml Normal file
View File

@ -0,0 +1,3 @@
deploymentLabels:
label: foo
label2: bar

11
charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml Normal file
View File

@ -0,0 +1,11 @@
resolvers:
endpoint:
create: true
name: endpoint-foo
consul:
create: true
name: consul-foo
spec:
address: ${HOST_IP}
datacenter: dc1

9
charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml Normal file
View File

@ -0,0 +1,9 @@
module:
lua_scripts: |
function envoy_on_response(response_handle)
response_handle:headers():add("Lua-Scripts-Enabled", "Processed")
end
ip_allow:
- peer: 127.0.0.1
- remote: 99.99.0.0/16

5
charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml Normal file
View File

@ -0,0 +1,5 @@
servicePreview:
enabled: true
trafficAgent:
injector:
enabled: true

21
charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
set -e
CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; }
TOP_DIR=$CURR_DIR/..
# shellcheck source=common.sh
source "$CURR_DIR/common.sh"
echo ${TOP_DIR}
chart_version=$(get_chart_version ${TOP_DIR})
if ! grep "## v${chart_version}" ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then
echo "Current chart version does not appear in the changelog."
echo "Please run ambassador.git/charts/ambassador/ci/update_chart_changelog.sh and commit."
exit 1
fi
echo "Changelog looks good!"

47
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: quote-backend
spec:
prefix: /backend/
service: quote
---
apiVersion: v1
kind: Service
metadata:
name: quote
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: quote
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: quote
spec:
replicas: 1
selector:
matchLabels:
app: quote
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: quote
spec:
containers:
- name: backend
image: datawire/quote:0.4.0
ports:
- name: http
containerPort: 8080
resources:
limits:
cpu: "0.1"
memory: 100Mi

9
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml Normal file
View File

@ -0,0 +1,9 @@
#env:
# AMBASSADOR_SINGLE_NAMESPACE: true
# AMBASSADOR_NO_KUBEWATCH: no_kubewatch
deploymentStrategy:
type: Recreate
service:
type: NodePort

18
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system

6
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml Normal file
View File

@ -0,0 +1,6 @@
service:
type: NodePort
crds:
create: false

18
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml Normal file
View File

@ -0,0 +1,18 @@
---
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzRENDQVpnQ0NRRHVzSjFYNE54NjJEQU5CZ2txaGtpRzl3MEJBUXNGQURBYU1SZ3dGZ1lEVlFRRERBOWgKYldKaGMzTmhaRzl5TFdObGNuUXdIaGNOTVRreE1qRXpNakV3TXpBNVdoY05NakF4TWpFeU1qRXdNekE1V2pBYQpNUmd3RmdZRFZRUUREQTloYldKaGMzTmhaRzl5TFdObGNuUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJjcms1OTk0dklURnZpUGNJRjJpd3R0dVdpajFTeUZNSzVpbERieFByMmJCL3RmbDYKcmRwVUFlWkkrMTVDR2VHbi80ZitwRlFXODdwZ2ZvbDhlL3lCSTUvWStpdVIrQUY1bzhQV2h4aHBJdVk3RXdVbgpyT3ZJajcxaUZWa1Q4akRYZW9RWWdKalQ1MWh4SisyelVLZ3VtZDB6L05USEwrQndFbHZ4Z1ZuWlhUdlhsVGFiClBoWloyK3dZdDQvSnozN3lBMHJwNURKeTg5SStQNmVRSmNseUVyWmsvRUNuRFBxTlhDK1VyclVySXBsNkRScHUKdGZWOE9KM3BJZWc2YjBWQi9TQnRPNzFhMThkaXFPclFVREU5MEFOSWJsYWp0ODN5M0FIc29SNytpVGI0QXFvVwpiNG5LcVV1bEQ2QU0xVUg0TzR0SExIM05SemVOL1E1ZUtVb0ZBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBQ045b050OVJXT2JOTTBmajg1cm9GUG1zRE1UWElFOU5SNmpDMjV1SGtpY0lnamtGd043NTFkTnQxT0YKZWZLSkFzTDlSWmZUNmVmMUMxOFlnWE1xbTF5Yis0Q1VWWU9RZW96MlgweEdyT1lLZUhPM0hqamNqcXZ1cUxTeApTQ2duVlM1NkhqZU15MzJBNnIxcUhBL1FsYkkraGJFbHN0MVNwYnFSOG95dE9oUzZpNFNWbWxacWxBRkx5WFRRCjZ6Nm5wc25lTmdXMXhkdDN2UkpleXVFWEFZL0Z0eUxmZnkxdk5uODhhTkg2Y2Z2eWJjaHNkaWlRNnVXTnowVGMKeVVodGZUYWFRVjA1d21KZEJ3ZmJndXF0UjFxbXdyNCtzcjA0MEhoQ0pSVmlRUUdHa2VWSVU5ZHFPY0ZkZk5FTQo5NmczU01YWGRrcVhBYzFFb2hZdEthMWwvNTA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdG5LNU9mZmVMeUV4YjRqM0NCZG9zTGJibG9vOVVzaFRDdVlwUTI4VDY5bXdmN1g1CmVxM2FWQUhtU1B0ZVFobmhwLytIL3FSVUZ2TzZZSDZKZkh2OGdTT2YyUG9ya2ZnQmVhUEQxb2NZYVNMbU94TUYKSjZ6cnlJKzlZaFZaRS9JdzEzcUVHSUNZMCtkWWNTZnRzMUNvTHBuZE0velV4eS9nY0JKYjhZRloyVjA3MTVVMgptejRXV2R2c0dMZVB5YzkrOGdOSzZlUXljdlBTUGorbmtDWEpjaEsyWlB4QXB3ejZqVnd2bEs2MUt5S1plZzBhCmJyWDFmRGlkNlNIb09tOUZRZjBnYlR1OVd0ZkhZcWpxMEZBeFBkQURTRzVXbzdmTjh0d0I3S0VlL29rMitBS3EKRm0rSnlxbExwUStnRE5WQitEdUxSeXg5elVjM2pmME9YaWxLQlFJREFRQUJBb0lCQUVOQy9qaDV3Z2E4QlA2cQpqdkFEdVV2VXpoV3N0empxczNyRUtaZzd2aXRvSU9La1V1cEFaOG9xdlJ4UTE0b2xBb1V0OXBRUlB4TUxIYjN2ClNINkZNeXprMWt4bXhtTlUvQzQ5Q3Jqdkt6ZXZieE4rU3BzNjY5NFA1L0RlRCs0RGpyQVI4ZHNhcGIwUmdCQ1AKZU5sdnRlRWdSbVdoSTB5ZndPMXdSMGM4dWNRaE5GcjNNd0lMQ1FES0Zpa2NDSi9GV0FmNXc4ZGFnYnBYTXAxawo3ci9ya1BFcVh6NnRxam04eWZZWlRoaGIwUE5LcSsxOGdkaCtLeTZPL1RnTVZ2d1BLVkIrZUhoQmJZY2R6VGYxCmxia3pVeUFhZmR3VlBTTnhVOWhzSzBqNExWZG83YlVkajZySHNXTlBWcm1Ib1VsUnNjcno2aDhPZlQ0bU9WTi8KRmhtcEhvRUNnWUVBNlVENVlWMUJrWEg4S21WRjhiVGVGVGlTY1IvRGI4TVlRY3NLNzQrNEg5aEFmbjR3d3ZWeQpidi9kL2NsOWZHY0xXN0w1QWM1WWRxNlNWZGFHRVZpVzVOTy8xV0wwN3JjaG8xZTRaSzlPemJiUllNWW51cWRHCmF5eGhoUks0R25ubzZXMTlMWWc1d1F3TUJvUzNSbFVxUWN3UU1ESiszMVc4emwrazdpODk0dVVDZ1lFQXlEMXIKZHVMSGRMcG9UWEd2ZjZIVk9HQ1pWczQvSXg1M1B1WnRXY1FkYkc5MDZNWHRwdldWdDN1ek8rVVd2WGJIWHBSMQpjZWVrUHRucTI4a1BFT2oyd3NoVFRQQ05OT0dUWE01SzREbTVjNjVaeWY0WVJjQ0NZNEpSSUNqWHExeE9uc21nCk8ydTZiYlVQWE9veXFmVllWK0wwK25zcHNLOUNCd0ZaMjJqMXVLRUNnWUVBbzcyZTBzQ2FaTFcxcFRWT3NteWIKY2g0eWZ3TWpPUE9sdFpvSlpUNW9yTUlzRkNBVnJ1YUtuRzAxc3hDYzdKV1JuWiszdVpMVyt3bDFaSmlocU0rZApyYWtRQTRYaUZ5bXJqWFRvMXBWU0pvcnQxSmVHRUR1WTdXZE1WaFJiOVFvYmZMSUZxODd6YkJjKzRkeU1vK3pwCkt5TkxRZXBRc2dzSDdYK3EwaUdMdWhrQ2dZQUlYQWdRZm9jMUtGTVNhSnliQjNhUFUva1MxcWxzSGVsOGhzSXAKN1RZTlFObnduZEsrRmFLYWRsK1ZNSXN5ZmJMMUQ5MlhVOFJYbTJGaXE1SWxjcFJhcldKTTQvNEJKeW12eGl6NgpEMjdlbFhqS0pnRjlaL3dKaTNjM2tIendlbm9OeHYwWmZmWGFmcVNWakhGeEJ2MFpMakJzQkpoSStBZ1pvc1ROCmxDUXVBUUtCZ1FESHVxNUVseU1RS2NZWm5tRlN6T2ZYWXNJYm8rZEJJTlEyNnB0OFdacGMydnpsNkNrQXV3TWwKQU9jRllrbjBXSnVJRXRubnhPT3Rwcnh0VGRIWGIvOWZWY090Unp2TitvVjN2OVNEalZjWTRESWp3MXlpMkt1Vwp6MmV1N1lCNExlbG13TFlHMEJUMWp0ejJJREUxYW85MzgybEpWV2J4Y1dsdHArWTFCRWhkdmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
name: self-signed-cert
type: kubernetes.io/tls
---
apiVersion: getambassador.io/v1
kind: TLSContext
metadata:
name: tls
spec:
hosts: ["*"]
secret: self-signed-cert

53
charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh Normal file
View File

@ -0,0 +1,53 @@
#!/bin/bash
set -e
CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; }
TOP_DIR=$CURR_DIR/..
# shellcheck source=common.sh
source "$CURR_DIR/common.sh"
chart_version=$(get_chart_version ${TOP_DIR})
new_changelog=${TOP_DIR}/CHANGELOG.new.md
rm ${new_changelog} || true
while IFS= read -r line ; do
echo -e "${line}"
echo -e "${line}" >> ${new_changelog}
if [[ "${line}" =~ "## Next Release" ]] ; then
echo "" >> ${new_changelog}
echo "(no changes yet)" >> ${new_changelog}
echo "" >> ${new_changelog}
echo "## v${chart_version}" >> ${new_changelog}
fi
done < ${TOP_DIR}/CHANGELOG.md
mv ${new_changelog} ${TOP_DIR}/CHANGELOG.md
if [[ -n "${DONT_COMMIT_DIFF}" ]] ; then
echo "DONT_COMMIT_DIFF is set, not committing"
exit 0
fi
if git diff --exit-code -- ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then
echo "No changes to changelog, exiting"
exit 0
fi
branch_name="$(git symbolic-ref HEAD 2>/dev/null)" ||
branch_name="detached"
if [[ "${branch_name}" == "refs/heads/master" ]] ; then
echo "Not committing local changes to branch because branch is master"
exit 1
elif [[ "${branch_name}" == "detached" ]] ; then
echo "Not committing local changes because you're in a detached head state"
echo "please create a branch then rerun this script"
exit 1
fi
branch_name=${branch_name##refs/heads/}
git add ${TOP_DIR}/CHANGELOG.md
git commit -m "Committing changelog for chart v${chart_version}"
git push -u origin ${branch_name}

27
charts/ambassador/ambassador/6.7.1100/crds/filter.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: filters.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Filter
plural: filters
shortNames:
- fil
singular: filter
scope: Namespaced
versions:
- name: v1beta2
served: true
storage: false
- name: v2
served: true
storage: true

27
charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: filterpolicies.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: FilterPolicy
plural: filterpolicies
shortNames:
- fp
singular: filterpolicy
scope: Namespaced
versions:
- name: v1beta2
served: true
storage: false
- name: v2
served: true
storage: true

115
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml Normal file
View File

@ -0,0 +1,115 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: authservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: AuthService
listKind: AuthServiceList
plural: authservices
singular: authservice
scope: Namespaced
validation:
openAPIV3Schema:
description: AuthService is the Schema for the authservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AuthServiceSpec defines the desired state of AuthService
properties:
add_auth_headers:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
add_linkerd_headers:
type: boolean
allow_request_body:
type: boolean
allowed_authorization_headers:
items:
type: string
type: array
allowed_request_headers:
items:
type: string
type: array
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
auth_service:
type: string
failure_mode_allow:
type: boolean
include_body:
properties:
allow_partial:
type: boolean
max_bytes:
description: These aren't pointer types because they are required.
type: integer
required:
- allow_partial
- max_bytes
type: object
path_prefix:
type: string
proto:
enum:
- http
- grpc
type: string
protocol_version:
enum:
- v2
- v3
type: string
status_on_error:
description: Why isn't this just an int??
properties:
code:
type: integer
type: object
timeout_ms:
type: integer
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
required:
- auth_service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

58
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml Normal file
View File

@ -0,0 +1,58 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: consulresolvers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: ConsulResolver
listKind: ConsulResolverList
plural: consulresolvers
singular: consulresolver
scope: Namespaced
validation:
openAPIV3Schema:
description: ConsulResolver is the Schema for the ConsulResolver API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use.
properties:
address:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
datacenter:
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

109
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml Normal file
View File

@ -0,0 +1,109 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: devportals.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: DevPortal
listKind: DevPortalList
plural: devportals
singular: devportal
scope: Namespaced
validation:
openAPIV3Schema:
description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DevPortalSpec defines the desired state of DevPortal
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
content:
description: Content specifies where the content shown in the DevPortal come from
properties:
branch:
type: string
dir:
type: string
url:
type: string
type: object
default:
description: Default must be true when this is the default DevPortal
type: boolean
docs:
description: Docs is a static docs definition
items:
description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of <service>:<URL> tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.'
properties:
service:
description: Service is the service being documented
type: string
url:
description: URL is the URL used for obtaining docs
type: string
type: object
type: array
naming_scheme:
description: Describes how to display "services" in the DevPortal. Default namespace.name
enum:
- namespace.name
- name.prefix
type: string
search:
description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal
properties:
enabled:
type: boolean
type:
description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint'
enum:
- title-only
- all-content
type: string
type: object
selector:
description: Selector is used for choosing what is shown in the DevPortal
properties:
matchLabels:
additionalProperties:
type: string
description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal.
type: object
matchNamespaces:
description: MatchNamespaces is a list of namespaces that will be included in this DevPortal.
items:
type: string
type: array
type: object
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true

246
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml Normal file
View File

@ -0,0 +1,246 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: hosts.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.hostname
name: Hostname
type: string
- JSONPath: .status.state
name: State
type: string
- JSONPath: .status.phaseCompleted
name: Phase Completed
type: string
- JSONPath: .status.phasePending
name: Phase Pending
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Host
listKind: HostList
plural: hosts
singular: host
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Host is the Schema for the hosts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HostSpec defines the desired state of Host
properties:
acmeProvider:
description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret.
properties:
authority:
description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host.
type: string
email:
type: string
privateKeySecret:
description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
registration:
description: This is normally set automatically
type: string
type: object
ambassador_id:
description: Common to all Ambassador objects (and optional).
items:
type: string
oneOf:
- type: string
- type: array
ambassadorId:
description: A compatibility alias for "ambassador_id"; because Host used to be specified with protobuf, and jsonpb allowed either "ambassador_id" or "ambassadorId", and even though we didn't tell people about "ambassadorId" it's what the web policy console generated because of jsonpb. So Hosts with 'ambassadorId' exist in the wild.
items:
type: string
oneOf:
- type: string
- type: array
hostname:
description: Hostname by which the Ambassador can be reached.
type: string
previewUrl:
description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled.
properties:
enabled:
description: Is the Preview URL feature enabled?
type: boolean
type:
description: What type of Preview URL is allowed?
enum:
- Path
type: string
type: object
requestPolicy:
description: Request policy definition.
properties:
insecure:
properties:
action:
enum:
- Redirect
- Reject
- Route
type: string
additionalPort:
type: integer
type: object
type: object
selector:
description: Selector by which we can find further configuration. Defaults to hostname=$hostname
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
tls:
description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`.
properties:
alpn_protocols:
type: string
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
ecdh_curves:
items:
type: string
type: array
max_tls_version:
type: string
min_tls_version:
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
sni:
type: string
type: object
tlsContext:
description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
tlsSecret:
description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: object
status:
description: HostStatus defines the observed state of Host
properties:
errorBackoff:
type: string
errorReason:
description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error.
type: string
errorTimestamp:
format: date-time
type: string
phaseCompleted:
description: phaseCompleted and phasePending are valid when state==Pending or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
phasePending:
description: phaseCompleted and phasePending are valid when state==Pending or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
state:
description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty.
enum:
- Initial
- Pending
- Ready
- Error
type: string
tlsCertificateSource:
enum:
- Unknown
- None
- Other
- ACME
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true

54
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml Normal file
View File

@ -0,0 +1,54 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: kubernetesendpointresolvers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: KubernetesEndpointResolver
listKind: KubernetesEndpointResolverList
plural: kubernetesendpointresolvers
singular: kubernetesendpointresolver
scope: Namespaced
validation:
openAPIV3Schema:
description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID.
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

54
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml Normal file
View File

@ -0,0 +1,54 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: kubernetesserviceresolvers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: KubernetesServiceResolver
listKind: KubernetesServiceResolverList
plural: kubernetesserviceresolvers
singular: kubernetesserviceresolver
scope: Namespaced
validation:
openAPIV3Schema:
description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID.
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

83
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml Normal file
View File

@ -0,0 +1,83 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: logservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: LogService
listKind: LogServiceList
plural: logservices
singular: logservice
scope: Namespaced
validation:
openAPIV3Schema:
description: LogService is the Schema for the logservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: LogServiceSpec defines the desired state of LogService
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
driver:
enum:
- tcp
- http
type: string
driver_config:
properties:
additional_log_headers:
items:
properties:
during_request:
type: boolean
during_response:
type: boolean
during_trailer:
type: boolean
header_name:
type: string
type: object
type: array
type: object
flush_interval_byte_size:
type: integer
flush_interval_time:
type: integer
grpc:
type: boolean
service:
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

431
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml Normal file
View File

@ -0,0 +1,431 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: mappings.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.host
name: Source Host
type: string
- JSONPath: .spec.prefix
name: Source Prefix
type: string
- JSONPath: .spec.service
name: Dest Service
type: string
- JSONPath: .status.state
name: State
type: string
- JSONPath: .status.reason
name: Reason
type: string
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Mapping
listKind: MappingList
plural: mappings
singular: mapping
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Mapping is the Schema for the mappings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MappingSpec defines the desired state of Mapping
properties:
add_linkerd_headers:
type: boolean
add_request_headers:
additionalProperties:
oneOf:
- type: string
- type: boolean
- type: object
type: object
add_response_headers:
additionalProperties:
oneOf:
- type: string
- type: boolean
- type: object
type: object
allow_upgrade:
description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1"
items:
type: string
type: array
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
auth_context_extensions:
additionalProperties:
type: string
type: object
auto_host_rewrite:
type: boolean
bypass_auth:
type: boolean
bypass_error_response_overrides:
description: If true, bypasses any `error_response_overrides` set on the Ambassador module.
type: boolean
case_sensitive:
type: boolean
circuit_breakers:
items:
properties:
max_connections:
type: integer
max_pending_requests:
type: integer
max_requests:
type: integer
max_retries:
type: integer
priority:
enum:
- default
- high
type: string
type: object
type: array
cluster_idle_timeout_ms:
type: integer
cluster_max_connection_lifetime_ms:
type: integer
cluster_tag:
type: string
connect_timeout_ms:
type: integer
cors:
properties:
credentials:
type: boolean
exposed_headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
max_age:
type: string
methods:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
origins:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
type: object
docs:
description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal)
properties:
display_name:
type: string
ignored:
type: boolean
path:
type: string
url:
type: string
type: object
enable_ipv4:
type: boolean
enable_ipv6:
type: boolean
envoy_override:
description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
type: object
error_response_overrides:
description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any.
items:
description: A response rewrite for an HTTP error response
properties:
body:
description: The new response body
properties:
content_type:
description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'.
type: string
json_format:
additionalProperties:
type: string
description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.'
type: object
text_format:
description: A format string representing a text response body. Content-Type can be set using the `content_type` field below.
type: string
text_format_source:
description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration.
properties:
filename:
description: The name of a file on the Ambassador pod that contains a format text string.
type: string
type: object
type: object
on_status_code:
description: The status code to match on -- not a pointer because it's required.
maximum: 599
minimum: 400
type: integer
required:
- body
- on_status_code
type: object
minItems: 1
type: array
grpc:
type: boolean
headers:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
host:
type: string
host_redirect:
type: boolean
host_regex:
type: boolean
host_rewrite:
type: string
idle_timeout_ms:
type: integer
keepalive:
properties:
idle_time:
type: integer
interval:
type: integer
probes:
type: integer
type: object
labels:
additionalProperties:
description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex.
items:
additionalProperties:
description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.'
items:
description: A MappingLabelSpecifier (finally!) defines a single label. There are multiple kinds of label, so this is more complex than we'd like it to be. See the remarks about schema on custom types in `./common.go`.
type: array
description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.'
type: object
type: array
description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups.
type: object
load_balancer:
properties:
cookie:
properties:
name:
type: string
path:
type: string
ttl:
type: string
required:
- name
type: object
header:
type: string
policy:
enum:
- round_robin
- ring_hash
- maglev
- least_request
type: string
source_ip:
type: boolean
required:
- policy
type: object
method:
type: string
method_regex:
type: boolean
modules:
items:
description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
type: object
type: array
outlier_detection:
type: string
path_redirect:
description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`.
type: string
precedence:
type: integer
prefix:
type: string
prefix_exact:
type: boolean
prefix_redirect:
description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`.
type: string
prefix_regex:
type: boolean
priority:
type: string
query_parameters:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
redirect_response_code:
description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`.
enum:
- 301
- 302
- 303
- 307
- 308
type: integer
regex_headers:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
regex_query_parameters:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
regex_redirect:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`.
type: object
regex_rewrite:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
remove_request_headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
remove_response_headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
resolver:
type: string
retry_policy:
properties:
num_retries:
type: integer
per_try_timeout:
type: string
retry_on:
enum:
- 5xx
- gateway-error
- connect-failure
- retriable-4xx
- refused-stream
- retriable-status-codes
type: string
type: object
rewrite:
type: string
service:
type: string
shadow:
type: boolean
timeout_ms:
description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists.
type: integer
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
use_websocket:
description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`'
type: boolean
weight:
type: integer
required:
- prefix
- service
type: object
status:
description: MappingStatus defines the observed state of Mapping
properties:
reason:
type: string
state:
enum:
- ""
- Inactive
- Running
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

56
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml Normal file
View File

@ -0,0 +1,56 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: modules.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Module
listKind: ModuleList
plural: modules
singular: module
scope: Namespaced
validation:
openAPIV3Schema:
description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
config:
description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
type: object
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

72
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml Normal file
View File

@ -0,0 +1,72 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: ratelimitservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: RateLimitService
listKind: RateLimitServiceList
plural: ratelimitservices
singular: ratelimitservice
scope: Namespaced
validation:
openAPIV3Schema:
description: RateLimitService is the Schema for the ratelimitservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: RateLimitServiceSpec defines the desired state of RateLimitService
properties:
ambassador_id:
description: Common to all Ambassador objects.
items:
type: string
oneOf:
- type: string
- type: array
domain:
type: string
protocol_version:
enum:
- v2
- v3
type: string
service:
type: string
timeout_ms:
type: integer
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
required:
- service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

102
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml Normal file
View File

@ -0,0 +1,102 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: tcpmappings.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TCPMapping
listKind: TCPMappingList
plural: tcpmappings
singular: tcpmapping
scope: Namespaced
validation:
openAPIV3Schema:
description: TCPMapping is the Schema for the tcpmappings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TCPMappingSpec defines the desired state of TCPMapping
properties:
address:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
circuit_breakers:
items:
properties:
max_connections:
type: integer
max_pending_requests:
type: integer
max_requests:
type: integer
max_retries:
type: integer
priority:
enum:
- default
- high
type: string
type: object
type: array
cluster_tag:
type: string
enable_ipv4:
type: boolean
enable_ipv6:
type: boolean
host:
type: string
idle_timeout_ms:
description: 'FIXME(lukeshu): Surely this should be an ''int''?'
type: string
port:
description: Port isn't a pointer because it's required.
type: integer
resolver:
type: string
service:
type: string
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
weight:
type: integer
required:
- port
- service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

100
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml Normal file
View File

@ -0,0 +1,100 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: tlscontexts.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TLSContext
listKind: TLSContextList
plural: tlscontexts
singular: tlscontext
scope: Namespaced
validation:
openAPIV3Schema:
description: TLSContext is the Schema for the tlscontexts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSContextSpec defines the desired state of TLSContext
properties:
alpn_protocols:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
ecdh_curves:
items:
type: string
type: array
hosts:
items:
type: string
type: array
max_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
min_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
secret:
type: string
secret_namespacing:
type: boolean
sni:
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

101
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml Normal file
View File

@ -0,0 +1,101 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: tracingservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TracingService
listKind: TracingServiceList
plural: tracingservices
singular: tracingservice
scope: Namespaced
validation:
openAPIV3Schema:
description: TracingService is the Schema for the tracingservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TracingServiceSpec defines the desired state of TracingService
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
config:
properties:
access_token_file:
type: string
collector_cluster:
type: string
collector_endpoint:
type: string
collector_endpoint_version:
enum:
- HTTP_JSON_V1
- HTTP_JSON
- HTTP_PROTO
type: string
collector_hostname:
type: string
service_name:
type: string
shared_span_context:
type: boolean
trace_id_128bit:
type: boolean
type: object
driver:
enum:
- lightstep
- zipkin
- datadog
type: string
sampling:
properties:
client:
type: integer
overall:
type: integer
random:
type: integer
type: object
service:
type: string
tag_headers:
items:
type: string
type: array
required:
- driver
- service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

34
charts/ambassador/ambassador/6.7.1100/crds/project.yaml Normal file
View File

@ -0,0 +1,34 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: projects.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.prefix
name: Prefix
type: string
- JSONPath: .spec.githubRepo
name: Repo
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Project
plural: projects
singular: project
scope: Namespaced
subresources:
status: {}
versions:
- name: v2
served: true
storage: true

24
charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: projectcontrollers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: ProjectController
plural: projectcontrollers
singular: projectcontroller
scope: Namespaced
subresources:
status: {}
versions:
- name: v2
served: true
storage: true

40
charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml Normal file
View File

@ -0,0 +1,40 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: projectrevisions.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.project.name
name: Project
type: string
- JSONPath: .spec.ref
name: Ref
type: string
- JSONPath: .spec.rev
name: Rev
type: string
- JSONPath: .status.phase
name: Status
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: getambassador.io
names:
categories:
- ambassador-crds
kind: ProjectRevision
plural: projectrevisions
singular: projectrevision
scope: Namespaced
subresources:
status: {}
versions:
- name: v2
served: true
storage: true

27
charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: ratelimits.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: RateLimit
plural: ratelimits
shortNames:
- rl
singular: ratelimit
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: false
- name: v2
served: true
storage: true

37
charts/ambassador/ambassador/6.7.1100/ct.yaml Normal file
View File

@ -0,0 +1,37 @@
# See https://github.com/helm/chart-testing
# note: all the values files in ci/*-values.yaml will
# be tested automatically. For each configuration,
# all the tests in templates/tests/*.yaml
# will be checked.
################################################
# github
################################################
remote: origin
################################################
# chart
################################################
charts:
- /charts/
chart-dirs:
- /charts/
chart-repos:
- datawire=https://getambassador.io
helm-extra-args: --timeout 600s
# namespace: ambassador
# release-label: release
################################################
# checks and validations
################################################
validate-maintainers: false
validate-chart-schema: true
validate-yaml: true
# check-version-increment: true

84
charts/ambassador/ambassador/6.7.1100/questions.yml Normal file
View File

@ -0,0 +1,84 @@
questions:
### CRD Management
- variable: crds.enabled
label: Create CRDs
description: "Should Ambassador Edge Stack create and manage its CRD's?"
type: boolean
required: false
default: "true"
group: "CRD Management"
- variable: crds.keep
label: Keep CRDs
description: "Should Ambassador Edge Stack keep CRD's when the chart is uninstalled?"
type: boolean
required: false
default: "true"
group: "CRD Management"
show_if: "crds.enabled=true"
### Deployment Management
- variable: daemonSet
label: Deploy as Daemonset
description: "Deploy Ambassador Edge Stack as a Daemonset? (Recommended: false)"
type: boolean
required: false
default: "true"
group: "Deployment Settings"
- variable: replicaCount
label: Replica Count
description: "How many replicas should Ambassador Edge Stack run? (Recommended: 3)"
type: int
required: false
default: "3"
group: "Deployment Settings"
min: 1
max: 999
show_if: "daemonSet=false"
### Service Settings
- variable: service.type
label: Service Type
description: "Set the type of service, LoadBalancer (recommended), NodePort, or ClusterIP"
type: enum
required: false
default: "LoadBalancer"
group: "Service Settings"
options:
- "LoadBalancer"
- "ClusterIP"
- "NodePort"
### Licensing
- variable: licenseKey.createSecret
label: "Create License Key Secret"
description: "Creates the license key secret using the License Key Data."
type: boolean
required: false
default: "true"
group: "License Settings"
- variable: licenseKey.value
label: "License Key Data"
description: "Specifies the license key to apply."
type: secret
required: false
default: ""
group: "License Settings"
show_if: "licenseKey.createSecret=true"
### Service Catalog
- variable: agent.enabled
label: "Enable Service Catalog"
description: "Enables the Service Catalog agent for use at https://app.getambassador.io."
type: boolean
required: false
default: "true"
group: "Service Catalog"
- variable: agent.cloudConnectionToken
label: "Cloud Connection Token"
description: "Specifies the Token used to register a Cluster with the Service Catalog."
type: secret
required: false
default: ""
group: "Service Catalog"
show_if: "agent.enabled=true"

60
charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt Normal file
View File

@ -0,0 +1,60 @@
-------------------------------------------------------------------------------
{{- if .Values.enableAES }}
Congratulations! You have successfully installed The Ambassador Edge Stack!
{{- if empty .Values.licenseKey.value }}
-------------------------------------------------------------------------------
NOTE: You are currently running The Ambassador Edge Stack in EVALUATION MODE.
Request a free community license key at https://SERVICE_IP/edge_stack_admin/#dashboard
to unlock all the features of The Ambassador Edge Stack and update the value of
licenseKey.value in your values.yaml file.
{{- end }}
{{- if or .Values.authService.create .Values.rateLimit.create }}
-------------------------------------------------------------------------------
WARNING:
With your installation of the Ambassador Edge Stack, you have created a:
{{ if .Values.authService.create }}
- AuthService named {{include "ambassador.fullname" .}}-auth
{{ end }} {{ if .Values.rateLimit.create }}
- RateLimitService named {{include "ambassador.fullname" .}}-ratelimit
{{ end }}
in the {{ include "ambassador.namespace" . }} namespace.
Please ensure there is not another of these resources configured in your cluster.
If there is, please either remove the old resource or run
helm upgrade {{ .Release.Name }} -n {{ .Release.Namespace }} --set authService.create=false --set RateLimit.create=false
{{- end }}
{{- else }}
Congratulations! You've successfully installed Ambassador!
-------------------------------------------------------------------------------
To get the IP address of Ambassador, run the following commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }}'
On GKE/Azure:
export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
On AWS:
export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ include "ambassador.namespace" .}} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
{{- end }}
{{- end }}
For help, visit our Slack at http://a8r.io/Slack or view the documentation online at https://www.getambassador.io.

117
charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,117 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ambassador.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ambassador.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "ambassador.imagetag" -}}
{{- if .Values.image.fullImageOverride }}
{{- .Values.image.fullImageOverride }}
{{- else }}
{{- if hasKey .Values.image "tag" -}}
{{- .Values.image.tag }}
{{- else if .Values.enableAES }}
{{- .Values.image.aesTag }}
{{- else }}
{{- .Values.image.ossTag }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Set the image that should be used for ambassador.
Use fullImageOverride if present,
Then if the image repository is explicitly set, use "repository:image"
Otherwise, check if AES is enabled
Use AES image if AES is enabled, ambassador image if not
*/}}
{{- define "ambassador.image" -}}
{{- if .Values.image.fullImageOverride }}
{{- .Values.image.fullImageOverride }}
{{- else }}
{{- $repoName := "" }}
{{- $imageTag := "" }}
{{- if hasKey .Values.image "repository" -}}
{{- $repoName = .Values.image.repository }}
{{- else if .Values.enableAES }}
{{- $repoName = .Values.image.aesRepository }}
{{- else }}
{{- $repoName = .Values.image.ossRepository }}
{{- end -}}
{{- if hasKey .Values.image "tag" -}}
{{- $imageTag = .Values.image.tag }}
{{- else if .Values.enableAES }}
{{- $imageTag = .Values.image.aesTag }}
{{- else }}
{{- $imageTag = .Values.image.ossTag }}
{{- end -}}
{{- printf "%s:%s" $repoName $imageTag -}}
{{- end -}}
{{- end -}}
{{/*
Create chart namespace based on override value.
*/}}
{{- define "ambassador.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ambassador.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "ambassador.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the RBAC to use
*/}}
{{- define "ambassador.rbacName" -}}
{{ default (include "ambassador.fullname" .) .Values.rbac.nameOverride }}
{{- end -}}
{{/*
Define the http port of the Ambassador service
*/}}
{{- define "ambassador.servicePort" -}}
{{- range .Values.service.ports -}}
{{- if (eq .name "http") -}}
{{ default .port }}
{{- end -}}
{{- end -}}
{{- end -}}

64
charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml Normal file
View File

@ -0,0 +1,64 @@
{{- if .Values.adminService.create -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "ambassador.fullname" . }}-admin
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
# Hard-coded label for Prometheus Operator ServiceMonitor
service: ambassador-admin
product: aes
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack admin service for internal use and health checks."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
{{- with .Values.adminService.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.adminService.type }}
ports:
- port: {{ .Values.adminService.port }}
targetPort: admin
protocol: TCP
name: ambassador-admin
{{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }}
nodePort: {{ int .Values.adminService.nodePort }}
{{- end }}
- port: {{ .Values.adminService.snapshotPort }}
targetPort: {{ .Values.adminService.snapshotPort }}
protocol: TCP
name: ambassador-snapshot
selector:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- if eq .Values.adminService.type "LoadBalancer" }}
{{- if not (empty .Values.adminService.loadBalancerIP) }}
loadBalancerIP: {{ .Values.adminService.loadBalancerIP | quote }}
{{- end }}
{{- if not (empty .Values.adminService.loadBalancerSourceRanges) }}
loadBalancerSourceRanges:
{{- toYaml .Values.adminService.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}

33
charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml Normal file
View File

@ -0,0 +1,33 @@
{{ if and .Values.authService.create .Values.enableAES }}
---
apiVersion: getambassador.io/v2
kind: AuthService
metadata:
name: {{ include "ambassador.fullname" . }}-{{ .Values.authService.deploymentExtraName | default "auth" }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-auth
{{- end }}
product: aes
spec:
proto: grpc
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
auth_service: 127.0.0.1:8500
{{- if .Values.authService.optional_configurations }}
{{- toYaml .Values.authService.optional_configurations | nindent 2}}
{{- end }}
{{ end }}

161
charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml Normal file
View File

@ -0,0 +1,161 @@
{{- if and .Values.enableAES .Values.servicePreview.enabled .Values.servicePreview.trafficAgent.injector.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ambassador.fullname" . }}-injector
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
spec:
containers:
- name: webhook
{{- if .Values.servicePreview.trafficAgent.image.repository }}
image: "{{ .Values.servicePreview.trafficAgent.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}"
{{- else }}
image: {{ include "ambassador.image" . }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "aes-injector" ]
env:
- name: AGENT_MANAGER_NAMESPACE
value: "{{ include "ambassador.namespace" . }}"
- name: TRAFFIC_AGENT_IMAGE
value: "{{ .Values.servicePreview.trafficAgent.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}"
- name: TRAFFIC_AGENT_AGENT_LISTEN_PORT
value: "{{ .Values.servicePreview.trafficAgent.port }}"
{{- if .Values.servicePreview.trafficAgent.singleNamespace }}
- name: TRAFFIC_AGENT_SERVICE_ACCOUNT_NAME
value: "{{ .Values.servicePreview.trafficAgent.serviceAccountName }}"
{{- end }}
ports:
- containerPort: 8443
name: https
livenessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
volumeMounts:
- mountPath: /var/run/secrets/tls
name: tls
readOnly: true
volumes:
- name: tls
secret:
secretName: {{ include "ambassador.fullname" . }}-injector-tls
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ambassador.fullname" . }}-injector
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack Service Preview Traffic Agent Sidecar injector."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/instance: {{ .Release.Name }}
ports:
- name: {{ include "ambassador.fullname" . }}-injector
port: 443
targetPort: https
---
kind: Secret
apiVersion: v1
metadata:
name: {{ include "ambassador.fullname" . }}-injector-tls
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-tls
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
type: Opaque
data:
{{ $ca := genCA (printf "%s-injector.%s.svc" (include "ambassador.fullname" .) (include "ambassador.namespace" .)) 365 -}}
crt.pem: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }}
key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.servicePreview.trafficAgent.injector.keyPEM)) (empty .Values.servicePreview.trafficAgent.injector.keyPEM) }}
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: {{ include "ambassador.fullname" . }}-injector-webhook-config
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-webhook-config
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
webhooks:
- name: {{ include "ambassador.fullname" . }}-injector.getambassador.io
clientConfig:
service:
name: {{ include "ambassador.fullname" . }}-injector
namespace: {{ include "ambassador.namespace" . }}
path: "/traffic-agent"
caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }}
failurePolicy: Ignore
rules:
- operations: ["CREATE"]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
{{- end }}

129
charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml Normal file
View File

@ -0,0 +1,129 @@
{{ if and .Values.createDevPortalMappings .Values.enableAES }}
---
# Configure DevPortal
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
# This Mapping name is referenced by convention, it's important to leave as-is.
name: {{ include "ambassador.fullname" . }}-devportal
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: {{ .Values.devportal.docsPrefix }}
rewrite: "/docs/"
service: "127.0.0.1:8500"
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: {{ include "ambassador.fullname" . }}-devportal-assets
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-assets
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: /documentation/(assets|styles)/(.*)(.css)
prefix_regex: true
regex_rewrite:
pattern: /documentation/(.*)
substitution: /docs/\1
service: "127.0.0.1:8500"
add_response_headers:
cache-control:
value: "public, max-age=3600, immutable"
append: false
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
# This Mapping name is what the demo uses. Sigh.
name: {{ include "ambassador.fullname" . }}-devportal-demo
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-demo
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: /docs/
rewrite: "/docs/"
service: "127.0.0.1:8500"
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
# This Mapping name is referenced by convention, it's important to leave as-is.
name: {{ include "ambassador.fullname" . }}-devportal-api
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-api
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: /openapi/
rewrite: ""
service: "127.0.0.1:8500"
{{ end }}

29
charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml Normal file
View File

@ -0,0 +1,29 @@
{{ if and .Values.rateLimit.create .Values.enableAES }}
---
apiVersion: getambassador.io/v2
kind: RateLimitService
metadata:
name: {{ include "ambassador.fullname" . }}-{{ .Values.rateLimit.deploymentExtraName | default "ratelimit" }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
service: 127.0.0.1:8500
{{ end }}

106
charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml Normal file
View File

@ -0,0 +1,106 @@
{{ if and .Values.redis.create .Values.enableAES }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ambassador.fullname" . }}-redis
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- else }}
product: aes
{{- end }}
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack Redis store for auth and rate limiting, among other things."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
{{- with .Values.redis.annotations.service }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- port: 6379
targetPort: 6379
selector:
{{- if .Values.redis.serviceSelector }}
{{ toYaml .Values.redis.serviceSelector | nindent 4 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ambassador.fullname" . }}-redis
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
annotations:
{{- toYaml .Values.redis.annotations.deployment | nindent 4}}
spec:
replicas: 1
selector:
matchLabels:
{{- if .Values.redis.serviceSelector }}
{{ toYaml .Values.redis.serviceSelector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
template:
metadata:
labels:
{{- if .Values.redis.serviceSelector }}
{{ toYaml .Values.redis.serviceSelector | nindent 8 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
spec:
containers:
- name: redis
image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}"
imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
resources:
{{- toYaml .Values.redis.resources | nindent 10 }}
restartPolicy: Always
{{- with .Values.redis.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ end }}

21
charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if and .Values.licenseKey.createSecret .Values.enableAES }}
apiVersion: v1
kind: Secret
metadata:
{{- if ne .Values.deploymentTool "getambassador.io" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
{{- if .Values.licenseKey.annotations }}
{{- toYaml .Values.licenseKey.annotations | nindent 4 }}
{{- end }}
{{- if .Values.licenseKey.secretName }}
name: {{ .Values.licenseKey.secretName }}
{{- else }}
name: {{ include "ambassador.fullname" . }}-edge-stack
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
type: Opaque
data:
license-key: {{- if .Values.licenseKey.value }} {{ .Values.licenseKey.value | b64enc }} {{- else }} "" {{- end }}
{{- end }}

371
charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml Normal file
View File

@ -0,0 +1,371 @@
{{- if .Values.agent.enabled }}
{{- $allowAgent := false -}}
{{- /* This next bit is ugly. */ -}}
{{- /* Case 1: "fullImageOverride" means don't bother checking the tag. */ -}}
{{- /* Case 2: Otherwise, if it's not a semver-style version number, */ -}}
{{- /* assume we have a power user and turn the agent on. */ -}}
{{- /* Case 3: Otherwise, if Edge Stack, we need at least 1.12.0. */ -}}
{{- /* Case 4: Otherwise, it's OSS and we need at 1.13.0. */ -}}
{{- if .Values.image.fullImageOverride }}
{{- /* Case 1 */ -}}
{{- $allowAgent = true }}
{{- else if not (regexMatch "^\\d+\\.\\d+\\.\\d+$" (include "ambassador.imagetag" . )) }}
{{- /* Case 2 above: power user */ -}}
{{- $allowAgent = true }}
{{- else if and .Values.enableAES (ne (semver "1.12.0" | (semver (include "ambassador.imagetag" . )).Compare) -1) }}
{{- /* Case 3 above: Edge Stack 1.12.0+ */ -}}
{{- $allowAgent = true }}
{{- else if ne (semver "1.13.0" | (semver (include "ambassador.imagetag" . )).Compare) -1 }}
{{- /* Case 4 above: OSS 1.13.0+ */ -}}
{{- $allowAgent = true }}
{{- end }}
{{- if $allowAgent }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
{{- if .Values.docker.useImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.docker.imagePullSecretName }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ include "ambassador.fullname" . }}-agent-config
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ambassador.fullname" . }}-agent-config
subjects:
- kind: ServiceAccount
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ include "ambassador.fullname" . }}-agent-config
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "configmaps" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "ambassador.fullname" . }}-agent
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ambassador.fullname" . }}-agent
subjects:
- kind: ServiceAccount
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-pods
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "pods"]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-deployments
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: ["apps", "extensions"]
resources: [ "deployments" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-endpoints
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "endpoints" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-configmaps
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "configmaps" ]
verbs: [ "get", "list", "watch" ]
---
{{- if .Values.agent.createArgoRBAC }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-rollouts
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: ["argoproj.io"]
resources: [ "rollouts" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-applications
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: ["argoproj.io"]
resources: [ "applications" ]
verbs: [ "get", "list", "watch" ]
{{- end }}
{{ if ne .Values.agent.cloudConnectToken "" }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "ambassador.fullname" . }}-agent-cloud-token
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent-cloud-token
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
data:
CLOUD_CONNECT_TOKEN: {{ .Values.agent.cloudConnectToken }}
{{ end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
{{- end }}
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
product: aes
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
spec:
serviceAccountName: {{ include "ambassador.fullname" . }}-agent
containers:
- name: agent
image: {{ include "ambassador.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "agent" ]
env:
- name: AGENT_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: AGENT_CONFIG_RESOURCE_NAME
value: {{ include "ambassador.fullname" . }}-agent-cloud-token
- name: RPC_CONNECTION_ADDRESS
value: {{ .Values.agent.rpcAddress }}
- name: AES_SNAPSHOT_URL
value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.snapshotPort }}/snapshot-external"
{{- end }}
{{- end }}

20
charts/ambassador/ambassador/6.7.1100/templates/config.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if .Values.ambassadorConfig }}
apiVersion: v1
kind: ConfigMap
metadata:
name: '{{ include "ambassador.fullname" . }}-file-config'
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
data:
ambassadorConfig: |-
{{- .Values.ambassadorConfig | nindent 4 }}
{{- end }}

123
charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml Normal file
View File

@ -0,0 +1,123 @@
{{- if and .Values.crds.enabled (not .Values.crds.keep)}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ambassador.serviceAccountName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: ["get", "list", "watch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "ambassador.rbacName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ambassador.rbacName" . }}-crd-delete
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "ambassador.fullname" . }}-crd-cleanup
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "3"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
template:
metadata:
name: {{ include "ambassador.fullname" . }}-crd-cleanup
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
{{- if .Values.rbac.create }}
serviceAccountName: {{ include "ambassador.serviceAccountName" . }}-crd-delete
{{- end }}
containers:
- name: kubectl
image: "buoyantio/kubectl"
args:
- delete
- crds
- -l app.kubernetes.io/name=ambassador
restartPolicy: OnFailure
{{- end }}

6
charts/ambassador/ambassador/6.7.1100/templates/crds.yaml Normal file
View File

@ -0,0 +1,6 @@
{{- if .Values.crds.create }}
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

282
charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml Normal file
View File

@ -0,0 +1,282 @@
apiVersion: apps/v1
{{- if .Values.daemonSet }}
kind: DaemonSet
{{- else }}
kind: Deployment
{{- end }}
metadata:
{{- if .Values.deploymentNameOverride }}
name: {{ .Values.deploymentNameOverride }}
{{- else }}
name: {{ include "ambassador.fullname" . }}
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
{{- if .Values.deploymentLabels }}
{{- toYaml .Values.deploymentLabels | nindent 4 }}
{{- end }}
{{- if .Values.deploymentAnnotations }}
annotations:
{{- toYaml .Values.deploymentAnnotations | nindent 4 }}
{{- end }}
spec:
{{- if and (not .Values.autoscaling.enabled) (not .Values.daemonSet) }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- if .Values.daemonSet }}
updateStrategy:
{{- else }}
strategy:
{{- end }}
{{- toYaml .Values.deploymentStrategy | nindent 4}}
template:
metadata:
labels:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 8 }}
{{- end }}
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
product: aes
{{- end }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
annotations:
{{- if ne .Values.deploymentTool "getambassador.io" }}
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- /* Check if .Values.securityContext is set for backwards compatibility */ -}}
{{- if .Values.securityContext -}}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else -}}
{{- with .Values.security.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}
{{- if .Values.restartPolicy }}
restartPolicy: {{ .Values.restartPolicy }}
{{- end }}
serviceAccountName: {{ include "ambassador.serviceAccountName" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
volumes:
- name: ambassador-pod-info
downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: labels
{{- if .Values.prometheusExporter.enabled }}
- name: stats-exporter-mapping-config
configMap:
name: {{ include "ambassador.fullname" . }}-exporter-config
items:
- key: exporterConfiguration
path: mapping-config.yaml
{{- end }}
{{- if .Values.ambassadorConfig }}
- name: ambassador-config
configMap:
name: {{ include "ambassador.fullname" . }}-file-config
items:
- key: ambassadorConfig
path: ambassador-config.yaml
{{- end }}
{{- if and .Values.licenseKey.createSecret .Values.enableAES }}
- name: {{ include "ambassador.fullname" . }}-edge-stack-secrets
secret:
{{- if .Values.licenseKey.secretName }}
secretName: {{ .Values.licenseKey.secretName }}
{{- else }}
secretName: {{ include "ambassador.fullname" . }}-edge-stack
{{- end }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
{{- if .Values.prometheusExporter.enabled }}
- name: prometheus-exporter
image: "{{ .Values.prometheusExporter.repository }}:{{ .Values.prometheusExporter.tag }}"
imagePullPolicy: {{ .Values.prometheusExporter.pullPolicy }}
ports:
- name: metrics
containerPort: 9102
- name: listener
containerPort: 8125
args:
- --statsd.listen-udp=:8125
- --web.listen-address=:9102
- --statsd.mapping-config=/statsd-exporter/mapping-config.yaml
volumeMounts:
- name: stats-exporter-mapping-config
mountPath: /statsd-exporter/
readOnly: true
resources:
{{- toYaml .Values.prometheusExporter.resources | nindent 12 }}
{{- end }}
- name: {{ if .Values.containerNameOverride }}{{ .Values.containerNameOverride }}{{ else }}{{ .Chart.Name }}{{ end }}
image: {{ include "ambassador.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
{{- range .Values.service.ports }}
- name: {{ .name }}
containerPort: {{ int .targetPort }}
{{- if .protocol }}
protocol: {{ .protocol }}
{{- end }}
{{- if .hostPort }}
hostPort: {{ .hostPort }}
{{- end }}
{{- end}}
- name: admin
containerPort: {{ .Values.adminService.port }}
env:
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- if and (or .Values.redis.create .Values.redisURL) (.Values.enableAES) }}
- name: REDIS_URL
{{- if .Values.redisURL }}
value: {{ .Values.redisURL }}
{{- else }}
value: {{ include "ambassador.fullname" . }}-redis:6379
{{- end }}
{{- end }}
{{- if and .Values.licenseKey.secretName .Values.enableAES}}
- name: AMBASSADOR_AES_SECRET_NAME
value: {{ .Values.licenseKey.secretName }}
{{- end }}
{{- if .Values.prometheusExporter.enabled }}
- name: STATSD_ENABLED
value: "true"
- name: STATSD_HOST
value: "localhost"
{{- end }}
{{- if .Values.scope.singleNamespace }}
- name: AMBASSADOR_SINGLE_NAMESPACE
value: "YES"
{{- end }}
- name: AMBASSADOR_NAMESPACE
{{- if .Values.namespace }}
value: {{ .Values.namespace.name | quote }}
{{ else }}
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- end -}}
{{- if .Values.redisEnv }}
{{ toYaml .Values.redisEnv | nindent 12 }}
{{- end }}
{{- if .Values.env }}
{{- range $key,$value := .Values.env }}
- name: {{ $key | upper | quote}}
value: {{ $value | quote}}
{{- end }}
{{- end }}
{{- if .Values.envRaw }}
{{- with .Values.envRaw }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.security.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
livenessProbe:
httpGet:
path: /ambassador/v0/check_alive
port: admin
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
httpGet:
path: /ambassador/v0/check_ready
port: admin
{{- toYaml .Values.readinessProbe | nindent 12 }}
volumeMounts:
- name: ambassador-pod-info
mountPath: /tmp/ambassador-pod-info
readOnly: true
{{- if .Values.ambassadorConfig }}
- name: ambassador-config
mountPath: /ambassador/ambassador-config/ambassador-config.yaml
subPath: ambassador-config.yaml
{{- end }}
{{- if and .Values.licenseKey.createSecret .Values.enableAES }}
- name: {{ include "ambassador.fullname" . }}-edge-stack-secrets
mountPath: /.config/ambassador
readOnly: true
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.sidecarContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
imagePullSecrets:
{{- toYaml .Values.imagePullSecrets | nindent 8 }}
dnsPolicy: {{ .Values.dnsPolicy }}
hostNetwork: {{ .Values.hostNetwork }}

23
charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.prometheusExporter.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: '{{ include "ambassador.fullname" . }}-exporter-config'
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
data:
exporterConfiguration:
{{- if .Values.prometheusExporter.configuration }} |
{{- .Values.prometheusExporter.configuration | nindent 4 }}
{{- else }} ''
{{- end }}
{{- end }}

26
charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if and .Values.autoscaling.enabled (not .Values.daemonSet) }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "ambassador.fullname" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "ambassador.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- toYaml .Values.autoscaling.metrics | nindent 4 }}
{{- end }}

29
charts/ambassador/ambassador/6.7.1100/templates/module.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.module }}
apiVersion: getambassador.io/v2
kind: Module
metadata:
name: ambassador
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
config:
{{- toYaml .Values.module | nindent 4 }}
{{- end }}

8
charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml Normal file
View File

@ -0,0 +1,8 @@
{{- if .Values.createNamespace }}
apiVersion: v1
kind: Namespace
metadata:
labels:
product: aes
name: {{ include "ambassador.namespace" . }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More