andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removing Ambassador Edge and Komodor Agent per Issues 919, 924

pull/926/head
Nefi Munoz 2023-10-25 15:46:04 -06:00
parent 760cf0a1c1
commit b15cf60f80
106 changed files with 0 additions and 8065 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/ambassador/ambassador-6.7.1100.tgz
View File

Binary file not shown.

BIN
assets/komodor/k8s-watcher-0.10.1101.tgz
View File

Binary file not shown.

528
charts/ambassador/ambassador/CHANGELOG.md
View File

@ -1,528 +0,0 @@
# Change Log
This file documents all notable changes to Ambassador Helm Chart. The release
numbering uses [semantic versioning](http://semver.org).
## Next Release
(no changes yet)
## v6.7.11
- Update Ambassador API Gateway chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
- Update Ambassador Edge Stack chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
- Bugfix: remove duplicate label key in ambassador-agent deployment
## v6.7.10
- Update Ambassador API Gateway chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
- Update Ambassador Edge Stack chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
## v6.7.9
- Update Ambassador chart image to version 1.13.6: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.8
- Update Ambassador chart image to version 1.13.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.7
- Bugfix: ambassador-injector and telepresence-proxy now use the correct default image repository
## v6.7.6
- Update Ambassador chart image to version 1.13.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Change: unless image.repository or image.fullImageOverride is explicitly set, the ambassador image used will be templated on .Values.enableAES. If AES is enabled, the chart will use docker.io/datawire/aes, otherwise will use docker.io/datawire/ambassador.
## v6.7.5
- Update Ambassador chart image to version v1.13.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.4
- Feature: The [Ambassador Module](https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/) can now be configured and managed by Helm
## v6.7.3
- Update Ambassador chart image to version v1.13.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.2
- Bugfix: Don't change the Role name when running in singleNamespace mode.
## v6.7.1
- Update Ambassador chart image to version v1.13.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.0
- Update Ambassador to version 1.13.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Ambassador Agent now available for API Gateway (https://app.getambassador.io)
- Feature: Add support for [pod toplology spread constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) via the `topologySpreadConstraints` helm value to the Ambassador deployment. (thanks, [@lawliet89](https://github.com/lawliet89)!)
- BugFix: Add missing `ambassador_id` for resolvers.
- Change: Ambassador ClusterRoles are now aggregated under the label `rbac.getambassador.io/role-group`. The aggregated role has the same name as the previous role name (so no need to update ClusterRoleBindings).
## v6.6.4
- Update Ambassador to version 1.12.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.6.3
- Update Ambassador to version 1.12.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.6.2
- Update Ambassador to version 1.12.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.6.1
- Fix metadata field in ConsulRevoler
- Make resolvers available to OSS
## v6.6.0
- Update Ambassador to version 1.12.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Apply Ambassador Agent deployment by default to enable Service Catalog reporting (https://app.getambassador.io)
## v6.5.22
- Bugfix: Disable the cloud agent by default. The agent will be enabled in 6.6.0.
- Bugfix: Adds a check to prevent the cloud agent from being installed if AES version is less than 1.12.0
## v6.5.21
- Update Ambassador to version 1.12.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Add support for the ambassador-agent, reporting to Service Catalog (https://app.getambassador.io)
- Feature: All services are automatically instrumented with discovery annotations.
## v6.5.20
- Update Ambassador to version v1.11.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.19
- Make all `livenessProbe` and `readinessProbe` configurations available to the values file
## v6.5.18
- Update Ambassador to version v1.11.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.17
- Update Ambassador to version v1.11.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Bugfix: Fix Mapping definition to correctly support labels in use.
## v6.5.16
- Bugfix: Ambassador CRD cleanup will now execute as expected.
## v6.5.15
- Bugfix: Ambassador RBAC now includes permissions for IngressClasses.
## v6.5.14
- Update for Ambassador v1.10.0
## v6.5.13
- Update for Ambassador v1.9.1
## v6.5.12
- Feature: Add ability to configure `terminationGracePeriodSeconds` for the Ambassador container
- Update for Ambassador v1.9.0
## v6.5.11
- Feature: add affinity and tolerations support for redis pods
## v6.5.10
- Update Ambassador to version 1.8.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.9
- Update Ambassador to version 1.8.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Bugfix: The RBAC for AES now grants permission to "patch" Events.v1.core. Previously it granted "create" but not "patch".
## v6.5.8
- Update Ambassador to version 1.7.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.7
- Update Ambassador to version 1.7.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- The BusyBox image image used by `test-ready` is now configurable (thanks, [Alan Silva](https://github.com/OmegaVVeapon)!)
## v6.5.6
- Update Ambassador to version 1.7.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Allow overriding the namespace for the release using the values file: [ambassador-chart/#122](https://github.com/datawire/ambassador-chart/pull/122)
## v6.5.5
- Allow hyphens in service annotations: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.4
- Upgrade Ambassador to version 1.7.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.3
- Upgrade Ambassador to version 1.7.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.2
- Feature: Add support for DaemonSet/Deployment labels: [ambassador-chart/#114](https://github.com/datawire/ambassador-chart/pull/114)
- Upgrade Ambassador to version 1.6.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.1
- Upgrade Ambassador to version 1.6.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.0
- Upgrade Ambassador to version 1.6.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.10
- Feature: Allow specifying annotations for the license-key-secret: [ambassador-chart/#106](https://github.com/datawire/ambassador-chart/issues/106)
- Feature: Annotation for keeping the AES secret on removal: [ambassador-chart/#110](https://github.com/datawire/ambassador-chart/issues/110)
- Fix: do not mount the secret if we do not want a secret: [ambassador-chart/#103](https://github.com/datawire/ambassador-chart/issues/103)
- Internal CI refactorings.
## v6.4.9
- BugFix: Cannot specify podSecurityPolicies: [ambassador-chart/#97](https://github.com/datawire/ambassador-chart/issues/97)
## v6.4.8
- Upgrade Ambassador to version 1.5.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.7
- BugFix: Registry service is now using the proper `app.kubernetes.io/name`
- BugFix: Restore ability to set `REDIS` env vars in `env` instead of `redisEnv`
- Feature: Add `envRaw` to support supplying raw yaml for environment variables. Deprecates `redisEnv`.
## v6.4.6
- Upgrade Ambassador to version 1.5.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Added support setting external IPs for the ambassador service (thanks, [Jason Smith](https://github.com/jasons42)!)
## v6.4.5
- Upgrade Ambassador to version 1.5.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.4
- Feature flag for enabling or disabling the [`Project` registry](https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/)
- redisEnv for setting environment variables to control how Ambassador interacts with redis. See [redis environment](https://www.getambassador.io/docs/edge-stack/latest/topics/running/environment/#redis)
## v6.4.3
- Upgrade Ambassador to version 1.5.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.2
- Upgrade Ambassador to version 1.5.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.1
- BugFix: The `PodSecurityPolicy` should not be created by default since it is a cluster-wide resource that should only be created once.
If you would like to use the default `PodSecurityPolicy`, make sure to unset `security.podSecurityPolicy` it in all other releases.
## v6.4.0
- Upgrade Ambassador to version 1.5.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- AuthService and RateLimitService are now installed in the same namespace as Ambassador.
- Changes RBAC permissions to better support single-namespace installations and detecting getambassador.io CRDs.
- Add option to install Service Preview components (traffic-manager, traffic-agent).
- Add option to install ambassador-injector, alongside Service Preview.
- Add additional security policy configurations.
`securityContext` has been deprecated in favor of `security` which allows you to set container and pod security contexts as well as a default `PodSecurityPolicy`.
## v6.3.6
- Switch from Quay.io to DockerHub
## v6.3.5
- Upgrade Ambassador to version 1.4.3: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.4
- Minor bug fixes
## v6.3.3
- Add extra labels to ServiceMonitor: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.2
- Upgrade Ambassador to version 1.4.2: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.1
- Upgrade Ambassador to version 1.4.1: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.0
- Adds: Option to create a ServiceMonitor for scraping via Prometheus Operator
## v6.2.5
- Upgrade Ambassador to version 1.4.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.2.4
- Fix typing so that Helm3 doesn't complain (thanks, [Fabrice Rabaute](https://github.com/jfrabaute)!)
## v6.2.3
- Upgrade Ambassador to version 1.3.2.
- Use explicit types for things like ports, so that things like `helm .. --set service.ports[0].port=80` will be integers instead of ending up as strings
## v6.2.2
- Upgrade Ambassador to version 1.3.1.
- Remove unnecessary `version` field from CRDs.
- Add static label to AES resources, to better support `edgectl install`
## v6.2.1
- Upgrade Ambassador to version 1.3.0.
## v6.2.0
- Add option to not create DevPortal routes
## v6.1.5
- Upgrade Ambassador to version 1.2.2.
## v6.1.4
- Upgrade from Ambassador 1.2.0 to 1.2.1.
## v6.1.3
- Upgrade from Ambassador 1.1.1 to 1.2.0.
## v6.1.2
- Upgrade from Ambassador 1.1.0 to 1.1.1.
## v6.1.1
Minor Improvements:
- Adds: Option to override the name of the RBAC resources
## v6.1.0
Minor improvements including:
- Adds: Option to set `restartPolicy`
- Adds: Option to give the AES license key secret a custom name
- Fixes: Assumption that the AES will be installed only from the `datawire/aes` repository. The `enableAES` flag now configures whether the AES is installed.
- Clarification on how to install OSS
## v6.0.0
Introduces Ambassador Edge Stack being installed by default.
### Breaking changes
Ambassador Pro support has been removed in 6.0.0. Please upgrade to the Ambassador Edge Stack.
## v5.0.0
### Breaking changes
**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified.
- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed
## v4.0.0
### Breaking Changes
- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core
- The license key is now stored and read from a Kubernetes secret by default
- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret.
### Minor Changes
- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance
- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/))
- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true`
- Fixed misnamed selector for redis instance that failed in an edge case
- Exposes annotations for redis deployment and service
## v3.0.0
### Breaking Changes
- The default annotation has been removed. The service port will be set dynamically to 8080 or 8443 for http and https respectively.
- `service.http`, `service.https`, and `additionalTCPPort` has been replaced with `service.ports`.
- `rbac.namespaced` has been removed. Use `scope.singleNamespace` instead.
### Minor Changes
- Ambassador Pro will pick up when `AMBASSADOR_ID` is set in `.Values.env` [[#15025]](https://github.com/helm/charts/issues/15025).
- `{{release name}}-admins` has been renamed to `{{release name}}-admin` to match YAML install templates
- RBAC configuration has been updated to allow for CRD use when `scope.singleNamespace: true`. [[ambassador/#1576]](https://github.com/datawire/ambassador/issues/1576)
- RBAC configuration now allows for multiple Ambassadors to use CRDs. Set `crds.enabled` in releases that expect CRDs [[ambassador/#1679]](https://github.com/datawire/ambassador/issues/1679)
## v2.6.0
### Minor Changes
- Add ambassador CRDs!
- Update ambassador to 0.70.0
## v2.5.1
### Minor Changes
- Update ambassador to 0.61.1
## v2.5.0
### Minor Changes
- Add support for autoscaling using HPA, see `autoscaling` values.
## v2.4.1
### Minor Changes
- Update ambassador to 0.61.0
## v2.4.0
### Minor Changes
- Allow configuring `hostNetwork` and `dnsPolicy`
## v2.3.1
### Minor Changes
- Adds HOST_IP environment variable
## v2.3.0
### Minor Changes
- Adds support for init containers using `initContainers` and pod labels `podLabels`
## v2.2.5
### Minor Changes
- Update ambassador to 0.60.3
## v2.2.4
### Minor Changes
- Add support for Ambassador PRO [see readme](https://github.com/helm/charts/blob/master/stable/ambassador/README.md#ambassador-pro)
## v2.2.3
### Minor Changes
- Update ambassador to 0.60.2
## v2.2.2
### Minor Changes
- Update ambassador to 0.60.1
## v2.2.1
### Minor Changes
- Fix RBAC for ambassador 0.60.0
## v2.2.0
### Minor Changes
- Update ambassador to 0.60.0
## v2.1.0
### Minor Changes
- Added `scope.singleNamespace` for configuring ambassador to run in single namespace
## v2.0.2
### Minor Changes
- Update ambassador to 0.53.1
## v2.0.1
### Minor Changes
- Update ambassador to 0.52.0
## v2.0.0
### Major Changes
- Removed `ambassador.id` and `namespace.single` in favor of setting environment variables.
## v1.1.5
### Minor Changes
- Update ambassador to 0.50.3
## v1.1.4
### Minor Changes
- support targetPort specification
## v1.1.3
### Minor Changes
- Update ambassador to 0.50.2
## v1.1.2
### Minor Changes
- Add additional chart maintainer
## v1.1.1
### Minor Changes
- Default replicas -> 3
## v1.1.0
### Minor Changes
- Allow RBAC to be namespaced (`rbac.namespaced`)
## v1.0.0
### Major Changes
- First release of Ambassador Helm Chart in helm/charts
- For migration see [Migrating from datawire/ambassador chart](https://github.com/helm/charts/tree/master/stable/ambassador#migrating-from-datawireambassador-chart-chart-version-0400-or-0500)

23
charts/ambassador/ambassador/CONTRIBUTING.md
View File

@ -1,23 +0,0 @@
# Contributing to the Ambassador Helm Chart
This Helm chart is used to install The Ambassador Edge Stack (AES) and is
maintained by Datawire.
## Developing
All work on the helm chart should be done in a separate branch off `master` and
contributed with a Pull Request targeting `master`.
**Note**: All updates to the chart require you update the `version` in
`Chart.yaml`.
## Testing
The `ci/` directory contains scripts that will be run on PRs to `master`.
- `ci/run_tests.sh` will run the tests of the chart.
## Releasing
Releasing a new chart is done by pushing a tag to `master`. Travis will then
run the tests and push the chart to `https://getambassador.io/helm`.

28
charts/ambassador/ambassador/Chart.yaml
View File

@ -1,28 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Ambassador Edge Stack
catalog.cattle.io/release-name: ambassador
apiVersion: v1
appVersion: 1.13.8
description: A Helm chart for Datawire Ambassador
home: https://www.getambassador.io/
icon: https://www.getambassador.io/images/logo.png
keywords:
- api gateway
- ambassador
- datawire
- envoy
maintainers:
- email: markus@maga.se
name: flydiverny
- email: flynn@datawire.io
name: kflynn
- email: nkrause@datawire.io
name: nbkrause
- email: lukeshu@datawire.io
name: lukeshu
name: ambassador
sources:
- https://github.com/datawire/ambassador
- https://github.com/prometheus/statsd_exporter
version: 6.7.1100

37
charts/ambassador/ambassador/Makefile
View File

@ -1,37 +0,0 @@
HELM_TEST_IMAGE = quay.io/helmpack/chart-testing:v3.0.0-rc.1
K3D_CLUSTER_NAME = helm-chart-test-cluster
CHART_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST)))))
CHART_KUBECONFIG := /tmp/kubeconfig/k3dconfig
CT_EXEC = docker run --rm -v $(CHART_KUBECONFIG):/root/.kube/config -v $(CHART_DIR):/charts --network host $(HELM_TEST_IMAGE) ct
K3D_EXEC := KUBECONFIG=$(CHART_KUBECONFIG) k3d
test-chart: lint-chart preflight-chart-test chart-create-cluster
$(CT_EXEC) install --config /charts/ct.yaml && \
$(MAKE) chart-delete-cluster
.PHONY: test-chart
lint-chart: preflight-kubeconfig
$(CT_EXEC) lint --config /charts/ct.yaml
.PHONY: lint-chart
preflight-chart-test: preflight-kubeconfig
# check if k3d is installed
@if ! command -v k3d 2> /dev/null ; then \
printf 'k3d not installed, plz do that'; \
false; \
fi
.PHONY: preflight-chart-test
preflight-kubeconfig:
mkdir -p `dirname $(CHART_KUBECONFIG)`
touch $(CHART_KUBECONFIG)
.PHONY: preflight-kubeconfig
chart-create-cluster: preflight-kubeconfig
$(MAKE) chart-delete-cluster || true
$(K3D_EXEC) cluster create $(K3D_CLUSTER_NAME) --k3s-server-arg "--no-deploy=traefik"
.PHONY: chart-create-cluster
chart-delete-cluster:
$(K3D_EXEC) cluster delete $(K3D_CLUSTER_NAME)
.PHONY: chart-delete-cluster

478
charts/ambassador/ambassador/README.md
View File

@ -1,478 +0,0 @@
# Ambassador
The Ambassador Edge Stack is a self-service, comprehensive edge stack that is Kubernetes-native and built on [Envoy Proxy](https://www.envoyproxy.io/).
## TL;DR;
```console
$ helm repo add datawire https://getambassador.io
$ helm install ambassador datawire/ambassador
```
## Introduction
This chart bootstraps an [Ambassador](https://www.getambassador.io) deployment on
a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.11+
## Add this Helm repository to your Helm client
```console
helm repo add datawire https://getambassador.io
```
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ kubectl create namespace ambassador
$ helm install my-release datawire/ambassador -n ambassador
```
The command deploys Ambassador Edge Stack in the ambassador namespace on the Kubernetes cluster in the default configuration.
It is recommended to use the ambassador namespace for easy upgrades.
The [configuration](#configuration) section lists the parameters that can be configured during installation.
### Ambassador Edge Stack Installation
This chart defaults to installing The Ambassador Edge Stack with all of its configuration objects.
- A Redis instance
- `AuthService` resource for enabling authentication
- `RateLimitService` resource for enabling rate limiting
- `Mapping`s for internal request routing
If installing alongside another deployment of Ambassador, some of these resources can cause configuration errors since only one `AuthService` or `RateLimitService` can be configured at a time.
If you already have one of these resources configured in your cluster, please see the [configuration](#configuration) section below for information on how to disable them in the chart.
### Ambassador OSS Installation
This chart can still be used to install Ambassador OSS.
To install OSS, change the `image` to use the OSS image and set `enableAES: false` to skip the install of any AES resources.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm uninstall my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Changelog
Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md)
## Configuration
The following tables lists the configurable parameters of the Ambassador chart and their default values.
| Parameter | Description | Default |
|----------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
| `nameOverride` | Override the generated chart name. Defaults to .Chart.Name. | |
| `fullnameOverride` | Override the generated release name. Defaults to .Release.Name. | |
| `namespaceOverride` | Override the generated release namespace. Defaults to .Release.Namespace. | |
| `adminService.create` | If `true`, create a service for Ambassador's admin UI | `true` |
| `adminService.nodePort` | If explicit NodePort for admin service is required | `true` |
| `adminService.type` | Ambassador's admin service type to be used | `ClusterIP` |
| `adminService.annotations` | Annotations to apply to Ambassador admin service | `{}` |
| `adminService.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` |
| `adminService.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None |
| `ambassadorConfig` | Config thats mounted to `/ambassador/ambassador-config` | `""` |
| `crds.enabled` | If `true`, enables CRD resources for the installation. | `true` |
| `crds.create` | If `true`, Creates CRD resources | `true` |
| `crds.keep` | If `true`, if the ambassador CRDs should be kept when the chart is deleted | `true` |
| `daemonSet` | If `true`, Create a DaemonSet. By default Deployment controller will be created | `false` |
| `test.enabled` | If `true`, Create test Pod to verify the Ambassador service works correctly (Only created on `helm test`) | `true` |
| `test.image` | Image to use for the test Pod | `busybox` |
| `hostNetwork` | If `true`, uses the host network, useful for on-premise setups | `false` |
| `dnsPolicy` | Dns policy, when hostNetwork set to ClusterFirstWithHostNet | `ClusterFirst` |
| `env` | Any additional environment variables for ambassador pods | `{}` |
| `envRaw` | Additional environment variables in raw YAML format | `{}` |
| `image.pullPolicy` | Ambassador image pull policy | `IfNotPresent` |
| `image.repository` | Ambassador image | `docker.io/datawire/aes` |
| `image.tag` | Ambassador image tag | `1.13.8` |
| `imagePullSecrets` | Image pull secrets | `[]` |
| `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` |
| `scope.singleNamespace` | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false` |
| `podAnnotations` | Additional annotations for ambassador pods | `{}` |
| `deploymentAnnotations` | Additional annotations for ambassador DaemonSet/Deployment | `{}` |
| `podLabels` | Additional labels for ambassador pods | |
| `deploymentLabels` | Additional labels for ambassador DaemonSet/Deployment | |
| `affinity` | Affinity for ambassador pods | `{}` |
| `topologySpreadConstraints` | Topology Spread Constraints for Ambassador pods. Stable since 1.19. | `[]` |
| `nodeSelector` | NodeSelector for ambassador pods | `{}` |
| `priorityClassName` | The name of the priorityClass for the ambassador DaemonSet/Deployment | `""` |
| `rbac.create` | If `true`, create and use RBAC resources | `true` |
| `rbac.podSecurityPolicies` | pod security polices to bind to | |
| `rbac.nameOverride` | Overrides the default name of the RBAC resources | `` |
| `replicaCount` | Number of Ambassador replicas | `3` |
| `resources` | CPU/memory resource requests/limits | `{ "limits":{"cpu":"1000m","memory":"600Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` |
| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` |
| `security.podSecurityContext` | Set the security context for the Ambassador pod | `{ "runAsUser": "8888" }` |
| `security.containerSecurityContext` | Set the security context for the Ambassador container | `{ "allowPrivilegeEscalation": false }` |
| `security.podSecurityPolicy` | Create a PodSecurityPolicy to be used for the pod. | `{}` |
| `restartPolicy` | Set the `restartPolicy` for pods | `` |
| `terminationGracePeriodSeconds` | Set the `terminationGracePeriodSeconds` for the pod. Defaults to 30 if unset. | `` |
| `initContainers` | Containers used to initialize context for pods | `[]` |
| `sidecarContainers` | Containers that share the pod context | `[]` |
| `livenessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's liveness probe | `30` |
| `livenessProbe.periodSeconds` | Probe period (s) for Ambassador pod's liveness probe | `3` |
| `livenessProbe.failureThreshold` | Failure threshold for Ambassador pod's liveness probe | `3` |
| `readinessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's readiness probe | `30` |
| `readinessProbe.periodSeconds` | Probe period (s) for Ambassador pod's readiness probe | `3` |
| `readinessProbe.failureThreshold` | Failure threshold for Ambassador pod's readiness probe | `3` |
| `service.annotations` | Annotations to apply to Ambassador service | `""` |
| `service.externalTrafficPolicy` | Sets the external traffic policy for the service | `""` |
| `service.nameOverride` | Sets the name of the service | `ambassador.fullname` |
| `service.ports` | List of ports Ambassador is listening on | `[{"name": "http","port": 80,"targetPort": 8080},{"name": "https","port": 443,"targetPort": 8443}]` |
| `service.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` |
| `service.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None |
| `service.sessionAffinity` | Sets the session affinity policy for the service | `""` |
| `service.sessionAffinityConfig` | Sets the session affinity config for the service | `""` |
| `service.type` | Service type to be used | `LoadBalancer` |
| `service.externalIPs` | External IPs to route to the ambassador service | `[]` |
| `serviceAccount.create` | If `true`, create a new service account | `true` |
| `serviceAccount.name` | Service account to be used | `ambassador` |
| `volumeMounts` | Volume mounts for the ambassador service | `[]` |
| `volumes` | Volumes for the ambassador service | `[]` |
| `enableAES` | Create the [AES configuration objects](#ambassador-edge-stack-installation) | `true` |
| `createDevPortalMappings` | Expose the dev portal on `/docs/` and `/documentation/` | `true` |
| `licenseKey.value` | Ambassador Edge Stack license. Empty will install in evaluation mode. | `` |
| `licenseKey.createSecret` | Set to `false` if installing mutltiple Ambassdor Edge Stacks in a namespace. | `true` |
| `licenseKey.secretName` | Name of the secret to store Ambassador license key in. | `` |
| `licenseKey.annotations` | Annotations to attach to the license-key-secret. | {} |
| `redisURL` | URL of redis instance not created by the release | `""` |
| `redisEnv` | (**DEPRECATED:** Use `envRaw`) Set env vars that control how Ambassador interacts with redis. | `""` |
| `redis.create` | Create a basic redis instance with default configurations | `true` |
| `redis.annotations` | Annotations for the redis service and deployment | `""` |
| `redis.resources` | Resource requests for the redis instance | `""` |
| `redis.nodeSelector` | NodeSelector for redis pods | `{}` |
| `redis.affinity` | Affinity for redis pods | `{}` |
| `redis.tolerations` | Tolerations for redis pods | `{}` |
| `authService.create` | Create the `AuthService` CRD for Ambassador Edge Stack | `true` |
| `authService.optional_configurations` | Config options for the `AuthService` CRD | `""` |
| `rateLimit.create` | Create the `RateLimit` CRD for Ambassador Edge Stack | `true` |
| `registry.create` | Create the `Project` registry. | `false` |
| `autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | `false` |
| `autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2` |
| `autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `5` |
| `autoscaling.metrics` | If autoscaling enabled, configure hpa metrics | |
| `podDisruptionBudget` | Pod disruption budget rules | `{}` |
| `resolvers.endpoint.create` | Create a KubernetesEndpointResolver | `false` |
| `resolvers.endpoint.name` | If creating a KubernetesEndpointResolver, the resolver name | `endpoint` |
| `resolvers.consul.create` | Create a ConsulResolver | `false` |
| `resolvers.consul.name` | If creating a ConsulResolver, the resolver name | `consul-dc1` |
| `resolvers.consul.spec` | If creating a ConsulResolver, additional configuration | `{}` |
| `module` | Configure and manage the Ambassador Module from the Chart | `{}` |
| `prometheusExporter.enabled` | DEPRECATED: Prometheus exporter side-car enabled | `false` |
| `prometheusExporter.pullPolicy` | DEPRECATED: Image pull policy | `IfNotPresent` |
| `prometheusExporter.repository` | DEPRECATED: Prometheus exporter image | `prom/statsd-exporter` |
| `prometheusExporter.tag` | DEPRECATED: Prometheus exporter image | `v0.8.1` |
| `prometheusExporter.resources` | DEPRECATED: CPU/memory resource requests/limits | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object (`adminService.create` should be to `true`) | `false` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
| `metrics.serviceMonitor.selector` | Label Selector for Prometheus to find ServiceMonitors | `{ prometheus: kube-prometheus }` |
| `servicePreview.enabled` | If true, install Service Preview components: traffic-manager & traffic-agent (`enableAES` needs to also be to `true`) | `false` |
| `servicePreview.trafficManager.image.repository` | Ambassador Traffic-manager image | Same value as `image.repository` |
| `servicePreview.trafficManager.image.tag` | Ambassador Traffic-manager image tag | Same value as `image.tag` |
| `servicePreview.trafficManager.serviceAccountName` | Traffic-manager Service Account to be used | `traffic-manager` |
| `servicePreview.trafficAgent.image.repository` | Ambassador Traffic-agent image | Same value as `image.repository` |
| `servicePreview.trafficAgent.image.tag` | Ambassador Traffic-agent image tag | Same value as `image.tag` |
| `servicePreview.trafficAgent.injector.enabled` | If true, install the ambassador-injector | `true` |
| `servicePreview.trafficAgent.injector.crtPEM` | TLS certificate for the Common Name of <ambassador-injector>.<namespace>.svc | Auto-generated, valid for 365 days |
| `servicePreview.trafficAgent.injector.keyPEM` | TLS private key for the Common Name of <ambassador-injector>.<namespace>.svc | Auto-generated, valid for 365 days |
| `servicePreview.trafficAgent.port` | Traffic-agent listening port number when injected with ambassador-injector | `9900` |
| `servicePreview.trafficAgent.serviceAccountName` | Label Selector for Prometheus to find ServiceMonitors | `traffic-agent` |
| `servicePreview.trafficAgent.singleNamespace` | If `true`, installs the traffic-agent ServiceAccount and Role in the current installation namespace; Otherwise uses a global ClusterRole applied to every ServiceAccount | `true` |
| `agent.enabled` | If `true`, installs the ambassador-agent Deployment, ServiceAccount and ClusterRole in the ambassador namespace | `true` |
| `agent.cloudConnectionToken` | API token for reporting snapshots to the [Service Catalog](https://app.getambassador.io/cloud/catalog/); If empty, agent will not report snapshots | `""` |
| `agent.rpcAddress` | Address of the ambassador Service Catalog rpc server. | `https://app.getambassador.io/` |
| `agent.image.repository` | Image repository for the ambassador-agent deployment. Defaults to value of `image.repository` | Same value as `image.repository` |
| `agent.image.tag` | Image tag for the ambassador-agent deployment. Defaults to value of `image.tag` | Same value as `image.tag` |
**NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations.
### The Ambasssador Edge Stack
The Ambassador Edge Stack provides a comprehensive, self-service edge stack in
the Kubernetes cluster with a decentralized deployment model and a declarative
paradigm.
By default, this chart will install the latest image of The Ambassador Edge
Stack which will replace your existing deployment of Ambassador with no changes
to functionality.
### CRDs
This helm chart includes the creation of the core CRDs Ambassador uses for
configuration.
The `crds` flags (Helm 2 only) let you configure how a release manages crds.
- `crds.create` Can only be set on your first/master Ambassador release.
- `crds.enabled` Should be set on all releases using Ambassador CRDs
- `crds.keep` Configures if the CRDs are deleted when the master release is
purged. This value is only checked for the master release and can be set to
any value on secondary releases.
### Security
Ambassador takes security very seriously. For this reason, the YAML installation will default with a couple of basic security policies in place.
The `security` field of the `values.yaml` file configures these default policies and replaces the `securityContext` field used earlier.
The defaults will configure the pod to run as a non-root user and prohibit privilege escalation and outline a `PodSecurityPolicy` to ensure these conditions are met.
```yaml
security:
# Security Context for all containers in the pod.
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core
podSecurityContext:
runAsUser: 8888
# Security Context for the Ambassador container specifically
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
# A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
#
# A set of reasonable defaults is outlined below. This is not created by default as it should only
# be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in
# the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies`
# in all non-"master" Releases.
podSecurityPolicy: {}
# # Add AppArmor and Seccomp annotations
# # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
# annotations:
# spec:
# seLinux:
# rule: RunAsAny
# supplementalGroups:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# fsGroup:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# privileged: false
# allowPrivilegeEscalation: false
# runAsUser:
# rule: MustRunAsNonRoot
```
### Annotations
Ambassador is configured using Kubernetes Custom Resource Definitions (CRDs). If you are unable to use CRDs, Ambassador can also be configured using annotations on services. The `service.annotations` section of the values file contains commented out examples of [Ambassador Module](https://www.getambassador.io/reference/core/ambassador) and a global [TLSContext](https://www.getambassador.io/reference/core/tls) configurations which are typically created in the Ambassador service.
If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above.
### Prometheus Metrics
Using the Prometheus Exporter has been deprecated and is no longer recommended. You can now use `metrics.serviceMonitor.enabled` to create a `ServiceMonitor` from the chart if the [Prometheus Operator](https://github.com/coreos/prometheus-operator) has been installed on your cluster.
Please see Ambassador's [monitoring with Prometheus](https://www.getambassador.io/user-guide/monitoring/) docs for more information on using the `/metrics` endpoint for metrics collection.
### Specifying Values
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install --wait my-release \
--set adminService.type=NodePort \
datawire/ambassador
```
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
$ helm install --wait my-release -f values.yaml datawire/ambassador
```
---
# Upgrading
## To 6.0.0
Introduces Ambassador Edge Stack being installed by default.
### Breaking changes
Ambassador Pro support has been removed in 6.0.0. Please [upgrade to the Ambassador Edge Stack](https://www.getambassador.io/user-guide/helm).
## To 5.0.0
### Breaking changes
**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified.
- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed
## To 4.0.0
The 4.0.0 chart contains a number of changes to the way Ambassador Pro is installed.
- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core
- The license key is now stored and read from a Kubernetes secret by default
- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret.
- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance
- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/))
- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true`
- Fixed misnamed selector for redis instance that failed in an edge case
- Exposes annotations for redis deployment and service
### Breaking changes
The value of `.Values.pro.image.tag` has been shortened to assume `amb-sidecar` (and `amb-core` for Ambassador core)
`values.yaml`
```diff
<3.0.0>
image:
repository: quay.io/datawire/ambassador_pro
- tag: amb-sidecar-0.6.0
<4.0.0+>
image:
repository: quay.io/datawire/ambassador_pro
+ tag: 0.7.0
```
Method for creating a Kubernetes secret to hold the license key has been changed
`values.yaml`
```diff
<3.0.0>
- secret: false
<4.0.0>
+ secret:
+ enabled: true
+ create: true
```
## To 3.0.0
### Service Ports
The way ports are assigned has been changed for a more dynamic method.
Now, instead of setting the port assignments for only the http and https, any port can be open on the load balancer using a list like you would in a standard Kubernetes YAML manifest.
`pre-3.0.0`
```yaml
service:
http:
enabled: true
port: 80
targetPort: 8080
https:
enabled: true
port: 443
targetPort: 8443
```
`3.0.0`
```yaml
service:
ports:
- name: http
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
```
This change has also replaced the `.additionalTCPPorts` configuration. Additional TCP ports can be created the same as the http and https ports above.
### Annotations and `service_port`
The below Ambassador `Module` annotation is no longer being applied by default.
```yaml
getambassador.io/config: |
---
apiVersion: ambassador/v1
kind: Module
name: ambassador
config:
service_port: 8080
```
This was causing confusion with the `service_port` being hard-coded when enabling TLS termination in Ambassador.
Ambassador has been listening on port 8080 for HTTP and 8443 for HTTPS by default since version `0.60.0` (chart version 2.2.0).
### RBAC and CRDs
A `ClusterRole` and `ClusterRoleBinding` named `{{release name}}-crd` will be created to watch for the Ambassador Custom Resource Definitions. This will be created regardless of the value of `scope.singleNamespace` since CRDs are created the cluster scope.
`rbac.namespaced` has been removed. For namespaced RBAC, set `scope.singleNamespace: true` and `rbac.enabled: true`.
`crds.enabled` will indicate that you are using CRDs and will create the rbac resources regardless of the value of `crds.create`. This allows for multiple deployments to use the CRDs.
## To 2.0.0
### Ambassador ID
ambassador.id has been removed in favor of setting it via an environment variable in `env`. `AMBASSADOR_ID` defaults to `default` if not set in the environment. This is mainly used for [running multiple Ambassadors](https://www.getambassador.io/reference/running#ambassador_id) in the same cluster.
| Parameter | Env variables |
| --------------- | --------------- |
| `ambassador.id` | `AMBASSADOR_ID` |
## Migrating from `datawire/ambassador` chart (chart version 0.40.0 or 0.50.0)
Chart now runs ambassador as non-root by default, so you might need to update your ambassador module config to match this.
### Timings
Timings values have been removed in favor of setting the env variables using `env´
| Parameter | Env variables |
| ----------------- | -------------------------- |
| `timing.restart` | `AMBASSADOR_RESTART_TIME` |
| `timing.drain` | `AMBASSADOR_DRAIN_TIME` |
| `timing.shutdown` | `AMBASSADOR_SHUTDOWN_TIME` |
### Single namespace
| Parameter | Env variables |
| ------------------ | ----------------------------- |
| `namespace.single` | `AMBASSADOR_SINGLE_NAMESPACE` |
### Renamed values
Service ports values have changed names and target ports have new defaults.
| Previous parameter | New parameter | New default value |
| --------------------------- | -------------------------- | ----------------- |
| `service.enableHttp` | `service.http.enabled` | |
| `service.httpPort` | `service.http.port` | |
| `service.httpNodePort` | `service.http.nodePort` | |
| `service.targetPorts.http` | `service.http.targetPort` | `8080` |
| `service.enableHttps` | `service.https.enabled` | |
| `service.httpsPort` | `service.https.port` | |
| `service.httpsNodePort` | `service.https.nodePort` | |
| `service.targetPorts.https` | `service.https.targetPort` | `8443` |
### Exporter sidecar
Pre version `0.50.0` ambassador was using socat and required a sidecar to export statsd metrics. In `0.50.0` ambassador no longer uses socat and doesn't need a sidecar anymore to export its statsd metrics. Statsd metrics are disabled by default and can be enabled by setting environment `STATSD_ENABLED`, this will (in 0.50) send metrics to a service named `statsd-sink`, if you want to send it to another service or namespace it can be changed by setting `STATSD_HOST`
If you are using prometheus the chart allows you to enable a sidecar which can export to prometheus see the `prometheusExporter` values.

8
charts/ambassador/ambassador/RELEASE.tpl
View File

@ -1,8 +0,0 @@
## :tada: Ambassador Chart $CHART_VERSION :tada:
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md
---

1
charts/ambassador/ambassador/RELEASE_TITLE.tpl
View File

@ -1 +0,0 @@
Ambassador Chart $CHART_VERSION

13
charts/ambassador/ambassador/app-readme.md
View File

@ -1,13 +0,0 @@
# Ambassador Edge Stack and Emissary Ingress Chart
[Ambassador Edge Stack](https://www.getambassador.io/products/edge-stack/) and its open source CNCF counterpart [Emissary-Ingress](https://www.getambassador.io/products/api-gateway/) are Kubernetes native, high-performance Ingress controllers designed with GitOps workflows and developer experience in mind. The Edge Stack allows users to manage [Authentication](https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/), [Rate Limits](https://www.getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/), [TLS](https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/) and more with easy-to-use resources for [managing your APIs](https://www.getambassador.io/docs/edge-stack/latest/topics/using/intro-mappings/).
## Service Catalog
The default installation of Ambassador Edge Stack includes the deployment needed to get started with [Service Catalog](https://www.getambassador.io/products/service-catalog/) and the [Developer Control Plane](https://www.getambassador.io/developer-control-plane/). Simply generate your [Cloud Token](https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/#1-connect-your-cluster-to-ambassador-cloud) and add it in the Service Catalog section as you're setting up the chart.
## More Info
Visit the [Quick Start](https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/) page for more instructions, or check out our [documentation](https://www.getambassador.io/docs/edge-stack). For any questions, or to join the community, visit our [Slack](https://a8r.io/slack) and say hi!
* Ambassador recommends a Kubernetes version of 1.16 or higher.

40
charts/ambassador/ambassador/ci/01-psp-values.yaml
View File

@ -1,40 +0,0 @@
security:
# Security Context for all containers in the pod.
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core
podSecurityContext:
runAsUser: 8888
# Security Context for the Ambassador container specifically
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
# A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
#
# A set of reasonable defaults is outlined below. This is not created by default as it should only
# be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in
# the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies`
# in all non-"master" Releases.
podSecurityPolicy:
# Add AppArmor and Seccomp annotations
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
annotations:
seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: MustRunAsNonRoot

8
charts/ambassador/ambassador/ci/02-oss-values.yaml
View File

@ -1,8 +0,0 @@
# install the Ambassador API Gateway
image:
pullPolicy: IfNotPresent
enableAES: false
deploymentStrategy:
type: Recreate

8
charts/ambassador/ambassador/ci/05-auth-disabled-values.yaml
View File

@ -1,8 +0,0 @@
service:
type: NodePort
authService:
create: false
deploymentStrategy:
type: Recreate

8
charts/ambassador/ambassador/ci/06-hpa-values.yaml
View File

@ -1,8 +0,0 @@
deploymentStrategy:
type: Recreate
service:
type: NodePort
autoscaling:
enabled: true

8
charts/ambassador/ambassador/ci/08-single-namespace-values.yaml
View File

@ -1,8 +0,0 @@
service:
type: NodePort
deploymentStrategy:
type: Recreate
scope:
singleNamespace: true

9
charts/ambassador/ambassador/ci/09-redis-false-values.yaml
View File

@ -1,9 +0,0 @@
service:
type: NodePort
redis:
enabled: false
# Annotations for Ambassador Pro's redis instance.
deploymentStrategy:
type: Recreate

7
charts/ambassador/ambassador/ci/12-daemonset-values.yaml
View File

@ -1,7 +0,0 @@
service:
type: NodePort
deploymentStrategy:
type: RollingUpdate
daemonSet: true

8
charts/ambassador/ambassador/ci/13-rl-disabled-values.yaml
View File

@ -1,8 +0,0 @@
service:
type: NodePort
rateLimit:
create: false
deploymentStrategy:
type: Recreate

3
charts/ambassador/ambassador/ci/14-deployment-labels.yaml
View File

@ -1,3 +0,0 @@
deploymentLabels:
label: foo
label2: bar

11
charts/ambassador/ambassador/ci/15-test-resolvers.yaml
View File

@ -1,11 +0,0 @@
resolvers:
endpoint:
create: true
name: endpoint-foo
consul:
create: true
name: consul-foo
spec:
address: ${HOST_IP}
datacenter: dc1

9
charts/ambassador/ambassador/ci/16-test-module.yaml
View File

@ -1,9 +0,0 @@
module:
lua_scripts: |
function envoy_on_response(response_handle)
response_handle:headers():add("Lua-Scripts-Enabled", "Processed")
end
ip_allow:
- peer: 127.0.0.1
- remote: 99.99.0.0/16

5
charts/ambassador/ambassador/ci/17-svc-preview.yaml
View File

@ -1,5 +0,0 @@
servicePreview:
enabled: true
trafficAgent:
injector:
enabled: true

21
charts/ambassador/ambassador/ci/check_updated_changelog.sh
View File

@ -1,21 +0,0 @@
#!/bin/bash
set -e
CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; }
TOP_DIR=$CURR_DIR/..
# shellcheck source=common.sh
source "$CURR_DIR/common.sh"
echo ${TOP_DIR}
chart_version=$(get_chart_version ${TOP_DIR})
if ! grep "## v${chart_version}" ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then
echo "Current chart version does not appear in the changelog."
echo "Please run ambassador.git/charts/ambassador/ci/update_chart_changelog.sh and commit."
exit 1
fi
echo "Changelog looks good!"

47
charts/ambassador/ambassador/ci/tests/manifests/backend.yaml
View File

@ -1,47 +0,0 @@
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: quote-backend
spec:
prefix: /backend/
service: quote
---
apiVersion: v1
kind: Service
metadata:
name: quote
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: quote
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: quote
spec:
replicas: 1
selector:
matchLabels:
app: quote
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: quote
spec:
containers:
- name: backend
image: datawire/quote:0.4.0
ports:
- name: http
containerPort: 8080
resources:
limits:
cpu: "0.1"
memory: 100Mi

9
charts/ambassador/ambassador/ci/tests/manifests/ci-default-values.yaml
View File

@ -1,9 +0,0 @@
#env:
# AMBASSADOR_SINGLE_NAMESPACE: true
# AMBASSADOR_NO_KUBEWATCH: no_kubewatch
deploymentStrategy:
type: Recreate
service:
type: NodePort

18
charts/ambassador/ambassador/ci/tests/manifests/helm-init.yaml
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system

6
charts/ambassador/ambassador/ci/tests/manifests/helm2-values.yaml
View File

@ -1,6 +0,0 @@
service:
type: NodePort
crds:
create: false

18
charts/ambassador/ambassador/ci/tests/manifests/tls.yaml
View File

@ -1,18 +0,0 @@
---
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzRENDQVpnQ0NRRHVzSjFYNE54NjJEQU5CZ2txaGtpRzl3MEJBUXNGQURBYU1SZ3dGZ1lEVlFRRERBOWgKYldKaGMzTmhaRzl5TFdObGNuUXdIaGNOTVRreE1qRXpNakV3TXpBNVdoY05NakF4TWpFeU1qRXdNekE1V2pBYQpNUmd3RmdZRFZRUUREQTloYldKaGMzTmhaRzl5TFdObGNuUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJjcms1OTk0dklURnZpUGNJRjJpd3R0dVdpajFTeUZNSzVpbERieFByMmJCL3RmbDYKcmRwVUFlWkkrMTVDR2VHbi80ZitwRlFXODdwZ2ZvbDhlL3lCSTUvWStpdVIrQUY1bzhQV2h4aHBJdVk3RXdVbgpyT3ZJajcxaUZWa1Q4akRYZW9RWWdKalQ1MWh4SisyelVLZ3VtZDB6L05USEwrQndFbHZ4Z1ZuWlhUdlhsVGFiClBoWloyK3dZdDQvSnozN3lBMHJwNURKeTg5SStQNmVRSmNseUVyWmsvRUNuRFBxTlhDK1VyclVySXBsNkRScHUKdGZWOE9KM3BJZWc2YjBWQi9TQnRPNzFhMThkaXFPclFVREU5MEFOSWJsYWp0ODN5M0FIc29SNytpVGI0QXFvVwpiNG5LcVV1bEQ2QU0xVUg0TzR0SExIM05SemVOL1E1ZUtVb0ZBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBQ045b050OVJXT2JOTTBmajg1cm9GUG1zRE1UWElFOU5SNmpDMjV1SGtpY0lnamtGd043NTFkTnQxT0YKZWZLSkFzTDlSWmZUNmVmMUMxOFlnWE1xbTF5Yis0Q1VWWU9RZW96MlgweEdyT1lLZUhPM0hqamNqcXZ1cUxTeApTQ2duVlM1NkhqZU15MzJBNnIxcUhBL1FsYkkraGJFbHN0MVNwYnFSOG95dE9oUzZpNFNWbWxacWxBRkx5WFRRCjZ6Nm5wc25lTmdXMXhkdDN2UkpleXVFWEFZL0Z0eUxmZnkxdk5uODhhTkg2Y2Z2eWJjaHNkaWlRNnVXTnowVGMKeVVodGZUYWFRVjA1d21KZEJ3ZmJndXF0UjFxbXdyNCtzcjA0MEhoQ0pSVmlRUUdHa2VWSVU5ZHFPY0ZkZk5FTQo5NmczU01YWGRrcVhBYzFFb2hZdEthMWwvNTA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdG5LNU9mZmVMeUV4YjRqM0NCZG9zTGJibG9vOVVzaFRDdVlwUTI4VDY5bXdmN1g1CmVxM2FWQUhtU1B0ZVFobmhwLytIL3FSVUZ2TzZZSDZKZkh2OGdTT2YyUG9ya2ZnQmVhUEQxb2NZYVNMbU94TUYKSjZ6cnlJKzlZaFZaRS9JdzEzcUVHSUNZMCtkWWNTZnRzMUNvTHBuZE0velV4eS9nY0JKYjhZRloyVjA3MTVVMgptejRXV2R2c0dMZVB5YzkrOGdOSzZlUXljdlBTUGorbmtDWEpjaEsyWlB4QXB3ejZqVnd2bEs2MUt5S1plZzBhCmJyWDFmRGlkNlNIb09tOUZRZjBnYlR1OVd0ZkhZcWpxMEZBeFBkQURTRzVXbzdmTjh0d0I3S0VlL29rMitBS3EKRm0rSnlxbExwUStnRE5WQitEdUxSeXg5elVjM2pmME9YaWxLQlFJREFRQUJBb0lCQUVOQy9qaDV3Z2E4QlA2cQpqdkFEdVV2VXpoV3N0empxczNyRUtaZzd2aXRvSU9La1V1cEFaOG9xdlJ4UTE0b2xBb1V0OXBRUlB4TUxIYjN2ClNINkZNeXprMWt4bXhtTlUvQzQ5Q3Jqdkt6ZXZieE4rU3BzNjY5NFA1L0RlRCs0RGpyQVI4ZHNhcGIwUmdCQ1AKZU5sdnRlRWdSbVdoSTB5ZndPMXdSMGM4dWNRaE5GcjNNd0lMQ1FES0Zpa2NDSi9GV0FmNXc4ZGFnYnBYTXAxawo3ci9ya1BFcVh6NnRxam04eWZZWlRoaGIwUE5LcSsxOGdkaCtLeTZPL1RnTVZ2d1BLVkIrZUhoQmJZY2R6VGYxCmxia3pVeUFhZmR3VlBTTnhVOWhzSzBqNExWZG83YlVkajZySHNXTlBWcm1Ib1VsUnNjcno2aDhPZlQ0bU9WTi8KRmhtcEhvRUNnWUVBNlVENVlWMUJrWEg4S21WRjhiVGVGVGlTY1IvRGI4TVlRY3NLNzQrNEg5aEFmbjR3d3ZWeQpidi9kL2NsOWZHY0xXN0w1QWM1WWRxNlNWZGFHRVZpVzVOTy8xV0wwN3JjaG8xZTRaSzlPemJiUllNWW51cWRHCmF5eGhoUks0R25ubzZXMTlMWWc1d1F3TUJvUzNSbFVxUWN3UU1ESiszMVc4emwrazdpODk0dVVDZ1lFQXlEMXIKZHVMSGRMcG9UWEd2ZjZIVk9HQ1pWczQvSXg1M1B1WnRXY1FkYkc5MDZNWHRwdldWdDN1ek8rVVd2WGJIWHBSMQpjZWVrUHRucTI4a1BFT2oyd3NoVFRQQ05OT0dUWE01SzREbTVjNjVaeWY0WVJjQ0NZNEpSSUNqWHExeE9uc21nCk8ydTZiYlVQWE9veXFmVllWK0wwK25zcHNLOUNCd0ZaMjJqMXVLRUNnWUVBbzcyZTBzQ2FaTFcxcFRWT3NteWIKY2g0eWZ3TWpPUE9sdFpvSlpUNW9yTUlzRkNBVnJ1YUtuRzAxc3hDYzdKV1JuWiszdVpMVyt3bDFaSmlocU0rZApyYWtRQTRYaUZ5bXJqWFRvMXBWU0pvcnQxSmVHRUR1WTdXZE1WaFJiOVFvYmZMSUZxODd6YkJjKzRkeU1vK3pwCkt5TkxRZXBRc2dzSDdYK3EwaUdMdWhrQ2dZQUlYQWdRZm9jMUtGTVNhSnliQjNhUFUva1MxcWxzSGVsOGhzSXAKN1RZTlFObnduZEsrRmFLYWRsK1ZNSXN5ZmJMMUQ5MlhVOFJYbTJGaXE1SWxjcFJhcldKTTQvNEJKeW12eGl6NgpEMjdlbFhqS0pnRjlaL3dKaTNjM2tIendlbm9OeHYwWmZmWGFmcVNWakhGeEJ2MFpMakJzQkpoSStBZ1pvc1ROCmxDUXVBUUtCZ1FESHVxNUVseU1RS2NZWm5tRlN6T2ZYWXNJYm8rZEJJTlEyNnB0OFdacGMydnpsNkNrQXV3TWwKQU9jRllrbjBXSnVJRXRubnhPT3Rwcnh0VGRIWGIvOWZWY090Unp2TitvVjN2OVNEalZjWTRESWp3MXlpMkt1Vwp6MmV1N1lCNExlbG13TFlHMEJUMWp0ejJJREUxYW85MzgybEpWV2J4Y1dsdHArWTFCRWhkdmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
name: self-signed-cert
type: kubernetes.io/tls
---
apiVersion: getambassador.io/v1
kind: TLSContext
metadata:
name: tls
spec:
hosts: ["*"]
secret: self-signed-cert

53
charts/ambassador/ambassador/ci/update_chart_changelog.sh
View File

@ -1,53 +0,0 @@
#!/bin/bash
set -e
CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; }
TOP_DIR=$CURR_DIR/..
# shellcheck source=common.sh
source "$CURR_DIR/common.sh"
chart_version=$(get_chart_version ${TOP_DIR})
new_changelog=${TOP_DIR}/CHANGELOG.new.md
rm ${new_changelog} || true
while IFS= read -r line ; do
echo -e "${line}"
echo -e "${line}" >> ${new_changelog}
if [[ "${line}" =~ "## Next Release" ]] ; then
echo "" >> ${new_changelog}
echo "(no changes yet)" >> ${new_changelog}
echo "" >> ${new_changelog}
echo "## v${chart_version}" >> ${new_changelog}
fi
done < ${TOP_DIR}/CHANGELOG.md
mv ${new_changelog} ${TOP_DIR}/CHANGELOG.md
if [[ -n "${DONT_COMMIT_DIFF}" ]] ; then
echo "DONT_COMMIT_DIFF is set, not committing"
exit 0
fi
if git diff --exit-code -- ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then
echo "No changes to changelog, exiting"
exit 0
fi
branch_name="$(git symbolic-ref HEAD 2>/dev/null)" ||
branch_name="detached"
if [[ "${branch_name}" == "refs/heads/master" ]] ; then
echo "Not committing local changes to branch because branch is master"
exit 1
elif [[ "${branch_name}" == "detached" ]] ; then
echo "Not committing local changes because you're in a detached head state"
echo "please create a branch then rerun this script"
exit 1
fi
branch_name=${branch_name##refs/heads/}
git add ${TOP_DIR}/CHANGELOG.md
git commit -m "Committing changelog for chart v${chart_version}"
git push -u origin ${branch_name}

27
charts/ambassador/ambassador/crds/filter.yaml
View File

@ -1,27 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: filters.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Filter
plural: filters
shortNames:
- fil
singular: filter
scope: Namespaced
versions:
- name: v1beta2
served: true
storage: false
- name: v2
served: true
storage: true

27
charts/ambassador/ambassador/crds/filterpolicy.yaml
View File

@ -1,27 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: filterpolicies.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: FilterPolicy
plural: filterpolicies
shortNames:
- fp
singular: filterpolicy
scope: Namespaced
versions:
- name: v1beta2
served: true
storage: false
- name: v2
served: true
storage: true

115
charts/ambassador/ambassador/crds/getambassador.io_authservices.yaml
View File

@ -1,115 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: authservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: AuthService
listKind: AuthServiceList
plural: authservices
singular: authservice
scope: Namespaced
validation:
openAPIV3Schema:
description: AuthService is the Schema for the authservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AuthServiceSpec defines the desired state of AuthService
properties:
add_auth_headers:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
add_linkerd_headers:
type: boolean
allow_request_body:
type: boolean
allowed_authorization_headers:
items:
type: string
type: array
allowed_request_headers:
items:
type: string
type: array
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
auth_service:
type: string
failure_mode_allow:
type: boolean
include_body:
properties:
allow_partial:
type: boolean
max_bytes:
description: These aren't pointer types because they are required.
type: integer
required:
- allow_partial
- max_bytes
type: object
path_prefix:
type: string
proto:
enum:
- http
- grpc
type: string
protocol_version:
enum:
- v2
- v3
type: string
status_on_error:
description: Why isn't this just an int??
properties:
code:
type: integer
type: object
timeout_ms:
type: integer
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
required:
- auth_service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

58
charts/ambassador/ambassador/crds/getambassador.io_consulresolvers.yaml
View File

@ -1,58 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: consulresolvers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: ConsulResolver
listKind: ConsulResolverList
plural: consulresolvers
singular: consulresolver
scope: Namespaced
validation:
openAPIV3Schema:
description: ConsulResolver is the Schema for the ConsulResolver API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use.
properties:
address:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
datacenter:
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

109
charts/ambassador/ambassador/crds/getambassador.io_devportals.yaml
View File

@ -1,109 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: devportals.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: DevPortal
listKind: DevPortalList
plural: devportals
singular: devportal
scope: Namespaced
validation:
openAPIV3Schema:
description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DevPortalSpec defines the desired state of DevPortal
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
content:
description: Content specifies where the content shown in the DevPortal come from
properties:
branch:
type: string
dir:
type: string
url:
type: string
type: object
default:
description: Default must be true when this is the default DevPortal
type: boolean
docs:
description: Docs is a static docs definition
items:
description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of <service>:<URL> tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.'
properties:
service:
description: Service is the service being documented
type: string
url:
description: URL is the URL used for obtaining docs
type: string
type: object
type: array
naming_scheme:
description: Describes how to display "services" in the DevPortal. Default namespace.name
enum:
- namespace.name
- name.prefix
type: string
search:
description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal
properties:
enabled:
type: boolean
type:
description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint'
enum:
- title-only
- all-content
type: string
type: object
selector:
description: Selector is used for choosing what is shown in the DevPortal
properties:
matchLabels:
additionalProperties:
type: string
description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal.
type: object
matchNamespaces:
description: MatchNamespaces is a list of namespaces that will be included in this DevPortal.
items:
type: string
type: array
type: object
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true

246
charts/ambassador/ambassador/crds/getambassador.io_hosts.yaml
View File

@ -1,246 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: hosts.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.hostname
name: Hostname
type: string
- JSONPath: .status.state
name: State
type: string
- JSONPath: .status.phaseCompleted
name: Phase Completed
type: string
- JSONPath: .status.phasePending
name: Phase Pending
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Host
listKind: HostList
plural: hosts
singular: host
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Host is the Schema for the hosts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HostSpec defines the desired state of Host
properties:
acmeProvider:
description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret.
properties:
authority:
description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host.
type: string
email:
type: string
privateKeySecret:
description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
registration:
description: This is normally set automatically
type: string
type: object
ambassador_id:
description: Common to all Ambassador objects (and optional).
items:
type: string
oneOf:
- type: string
- type: array
ambassadorId:
description: A compatibility alias for "ambassador_id"; because Host used to be specified with protobuf, and jsonpb allowed either "ambassador_id" or "ambassadorId", and even though we didn't tell people about "ambassadorId" it's what the web policy console generated because of jsonpb. So Hosts with 'ambassadorId' exist in the wild.
items:
type: string
oneOf:
- type: string
- type: array
hostname:
description: Hostname by which the Ambassador can be reached.
type: string
previewUrl:
description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled.
properties:
enabled:
description: Is the Preview URL feature enabled?
type: boolean
type:
description: What type of Preview URL is allowed?
enum:
- Path
type: string
type: object
requestPolicy:
description: Request policy definition.
properties:
insecure:
properties:
action:
enum:
- Redirect
- Reject
- Route
type: string
additionalPort:
type: integer
type: object
type: object
selector:
description: Selector by which we can find further configuration. Defaults to hostname=$hostname
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
tls:
description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`.
properties:
alpn_protocols:
type: string
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
ecdh_curves:
items:
type: string
type: array
max_tls_version:
type: string
min_tls_version:
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
sni:
type: string
type: object
tlsContext:
description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
tlsSecret:
description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: object
status:
description: HostStatus defines the observed state of Host
properties:
errorBackoff:
type: string
errorReason:
description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error.
type: string
errorTimestamp:
format: date-time
type: string
phaseCompleted:
description: phaseCompleted and phasePending are valid when state==Pending or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
phasePending:
description: phaseCompleted and phasePending are valid when state==Pending or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
state:
description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty.
enum:
- Initial
- Pending
- Ready
- Error
type: string
tlsCertificateSource:
enum:
- Unknown
- None
- Other
- ACME
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true

54
charts/ambassador/ambassador/crds/getambassador.io_kubernetesendpointresolvers.yaml
View File

@ -1,54 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: kubernetesendpointresolvers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: KubernetesEndpointResolver
listKind: KubernetesEndpointResolverList
plural: kubernetesendpointresolvers
singular: kubernetesendpointresolver
scope: Namespaced
validation:
openAPIV3Schema:
description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID.
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

54
charts/ambassador/ambassador/crds/getambassador.io_kubernetesserviceresolvers.yaml
View File

@ -1,54 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: kubernetesserviceresolvers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: KubernetesServiceResolver
listKind: KubernetesServiceResolverList
plural: kubernetesserviceresolvers
singular: kubernetesserviceresolver
scope: Namespaced
validation:
openAPIV3Schema:
description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID.
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

83
charts/ambassador/ambassador/crds/getambassador.io_logservices.yaml
View File

@ -1,83 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: logservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: LogService
listKind: LogServiceList
plural: logservices
singular: logservice
scope: Namespaced
validation:
openAPIV3Schema:
description: LogService is the Schema for the logservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: LogServiceSpec defines the desired state of LogService
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
driver:
enum:
- tcp
- http
type: string
driver_config:
properties:
additional_log_headers:
items:
properties:
during_request:
type: boolean
during_response:
type: boolean
during_trailer:
type: boolean
header_name:
type: string
type: object
type: array
type: object
flush_interval_byte_size:
type: integer
flush_interval_time:
type: integer
grpc:
type: boolean
service:
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

431
charts/ambassador/ambassador/crds/getambassador.io_mappings.yaml
View File

@ -1,431 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: mappings.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.host
name: Source Host
type: string
- JSONPath: .spec.prefix
name: Source Prefix
type: string
- JSONPath: .spec.service
name: Dest Service
type: string
- JSONPath: .status.state
name: State
type: string
- JSONPath: .status.reason
name: Reason
type: string
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Mapping
listKind: MappingList
plural: mappings
singular: mapping
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Mapping is the Schema for the mappings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MappingSpec defines the desired state of Mapping
properties:
add_linkerd_headers:
type: boolean
add_request_headers:
additionalProperties:
oneOf:
- type: string
- type: boolean
- type: object
type: object
add_response_headers:
additionalProperties:
oneOf:
- type: string
- type: boolean
- type: object
type: object
allow_upgrade:
description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1"
items:
type: string
type: array
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
auth_context_extensions:
additionalProperties:
type: string
type: object
auto_host_rewrite:
type: boolean
bypass_auth:
type: boolean
bypass_error_response_overrides:
description: If true, bypasses any `error_response_overrides` set on the Ambassador module.
type: boolean
case_sensitive:
type: boolean
circuit_breakers:
items:
properties:
max_connections:
type: integer
max_pending_requests:
type: integer
max_requests:
type: integer
max_retries:
type: integer
priority:
enum:
- default
- high
type: string
type: object
type: array
cluster_idle_timeout_ms:
type: integer
cluster_max_connection_lifetime_ms:
type: integer
cluster_tag:
type: string
connect_timeout_ms:
type: integer
cors:
properties:
credentials:
type: boolean
exposed_headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
max_age:
type: string
methods:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
origins:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
type: object
docs:
description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal)
properties:
display_name:
type: string
ignored:
type: boolean
path:
type: string
url:
type: string
type: object
enable_ipv4:
type: boolean
enable_ipv6:
type: boolean
envoy_override:
description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
type: object
error_response_overrides:
description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any.
items:
description: A response rewrite for an HTTP error response
properties:
body:
description: The new response body
properties:
content_type:
description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'.
type: string
json_format:
additionalProperties:
type: string
description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.'
type: object
text_format:
description: A format string representing a text response body. Content-Type can be set using the `content_type` field below.
type: string
text_format_source:
description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration.
properties:
filename:
description: The name of a file on the Ambassador pod that contains a format text string.
type: string
type: object
type: object
on_status_code:
description: The status code to match on -- not a pointer because it's required.
maximum: 599
minimum: 400
type: integer
required:
- body
- on_status_code
type: object
minItems: 1
type: array
grpc:
type: boolean
headers:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
host:
type: string
host_redirect:
type: boolean
host_regex:
type: boolean
host_rewrite:
type: string
idle_timeout_ms:
type: integer
keepalive:
properties:
idle_time:
type: integer
interval:
type: integer
probes:
type: integer
type: object
labels:
additionalProperties:
description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex.
items:
additionalProperties:
description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.'
items:
description: A MappingLabelSpecifier (finally!) defines a single label. There are multiple kinds of label, so this is more complex than we'd like it to be. See the remarks about schema on custom types in `./common.go`.
type: array
description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.'
type: object
type: array
description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups.
type: object
load_balancer:
properties:
cookie:
properties:
name:
type: string
path:
type: string
ttl:
type: string
required:
- name
type: object
header:
type: string
policy:
enum:
- round_robin
- ring_hash
- maglev
- least_request
type: string
source_ip:
type: boolean
required:
- policy
type: object
method:
type: string
method_regex:
type: boolean
modules:
items:
description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
type: object
type: array
outlier_detection:
type: string
path_redirect:
description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`.
type: string
precedence:
type: integer
prefix:
type: string
prefix_exact:
type: boolean
prefix_redirect:
description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`.
type: string
prefix_regex:
type: boolean
priority:
type: string
query_parameters:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
redirect_response_code:
description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`.
enum:
- 301
- 302
- 303
- 307
- 308
type: integer
regex_headers:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
regex_query_parameters:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
regex_redirect:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`.
type: object
regex_rewrite:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
remove_request_headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
remove_response_headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
resolver:
type: string
retry_policy:
properties:
num_retries:
type: integer
per_try_timeout:
type: string
retry_on:
enum:
- 5xx
- gateway-error
- connect-failure
- retriable-4xx
- refused-stream
- retriable-status-codes
type: string
type: object
rewrite:
type: string
service:
type: string
shadow:
type: boolean
timeout_ms:
description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists.
type: integer
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
use_websocket:
description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`'
type: boolean
weight:
type: integer
required:
- prefix
- service
type: object
status:
description: MappingStatus defines the observed state of Mapping
properties:
reason:
type: string
state:
enum:
- ""
- Inactive
- Running
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

56
charts/ambassador/ambassador/crds/getambassador.io_modules.yaml
View File

@ -1,56 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: modules.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Module
listKind: ModuleList
plural: modules
singular: module
scope: Namespaced
validation:
openAPIV3Schema:
description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
config:
description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
type: object
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

72
charts/ambassador/ambassador/crds/getambassador.io_ratelimitservices.yaml
View File

@ -1,72 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: ratelimitservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: RateLimitService
listKind: RateLimitServiceList
plural: ratelimitservices
singular: ratelimitservice
scope: Namespaced
validation:
openAPIV3Schema:
description: RateLimitService is the Schema for the ratelimitservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: RateLimitServiceSpec defines the desired state of RateLimitService
properties:
ambassador_id:
description: Common to all Ambassador objects.
items:
type: string
oneOf:
- type: string
- type: array
domain:
type: string
protocol_version:
enum:
- v2
- v3
type: string
service:
type: string
timeout_ms:
type: integer
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
required:
- service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

102
charts/ambassador/ambassador/crds/getambassador.io_tcpmappings.yaml
View File

@ -1,102 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: tcpmappings.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TCPMapping
listKind: TCPMappingList
plural: tcpmappings
singular: tcpmapping
scope: Namespaced
validation:
openAPIV3Schema:
description: TCPMapping is the Schema for the tcpmappings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TCPMappingSpec defines the desired state of TCPMapping
properties:
address:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
circuit_breakers:
items:
properties:
max_connections:
type: integer
max_pending_requests:
type: integer
max_requests:
type: integer
max_retries:
type: integer
priority:
enum:
- default
- high
type: string
type: object
type: array
cluster_tag:
type: string
enable_ipv4:
type: boolean
enable_ipv6:
type: boolean
host:
type: string
idle_timeout_ms:
description: 'FIXME(lukeshu): Surely this should be an ''int''?'
type: string
port:
description: Port isn't a pointer because it's required.
type: integer
resolver:
type: string
service:
type: string
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
weight:
type: integer
required:
- port
- service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

100
charts/ambassador/ambassador/crds/getambassador.io_tlscontexts.yaml
View File

@ -1,100 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: tlscontexts.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TLSContext
listKind: TLSContextList
plural: tlscontexts
singular: tlscontext
scope: Namespaced
validation:
openAPIV3Schema:
description: TLSContext is the Schema for the tlscontexts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSContextSpec defines the desired state of TLSContext
properties:
alpn_protocols:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
ecdh_curves:
items:
type: string
type: array
hosts:
items:
type: string
type: array
max_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
min_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
secret:
type: string
secret_namespacing:
type: boolean
sni:
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

101
charts/ambassador/ambassador/crds/getambassador.io_tracingservices.yaml
View File

@ -1,101 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: tracingservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TracingService
listKind: TracingServiceList
plural: tracingservices
singular: tracingservice
scope: Namespaced
validation:
openAPIV3Schema:
description: TracingService is the Schema for the tracingservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TracingServiceSpec defines the desired state of TracingService
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
config:
properties:
access_token_file:
type: string
collector_cluster:
type: string
collector_endpoint:
type: string
collector_endpoint_version:
enum:
- HTTP_JSON_V1
- HTTP_JSON
- HTTP_PROTO
type: string
collector_hostname:
type: string
service_name:
type: string
shared_span_context:
type: boolean
trace_id_128bit:
type: boolean
type: object
driver:
enum:
- lightstep
- zipkin
- datadog
type: string
sampling:
properties:
client:
type: integer
overall:
type: integer
random:
type: integer
type: object
service:
type: string
tag_headers:
items:
type: string
type: array
required:
- driver
- service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

34
charts/ambassador/ambassador/crds/project.yaml
View File

@ -1,34 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: projects.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.prefix
name: Prefix
type: string
- JSONPath: .spec.githubRepo
name: Repo
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Project
plural: projects
singular: project
scope: Namespaced
subresources:
status: {}
versions:
- name: v2
served: true
storage: true

24
charts/ambassador/ambassador/crds/projectcontroller.yaml
View File

@ -1,24 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: projectcontrollers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: ProjectController
plural: projectcontrollers
singular: projectcontroller
scope: Namespaced
subresources:
status: {}
versions:
- name: v2
served: true
storage: true

40
charts/ambassador/ambassador/crds/projectrevision.yaml
View File

@ -1,40 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: projectrevisions.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.project.name
name: Project
type: string
- JSONPath: .spec.ref
name: Ref
type: string
- JSONPath: .spec.rev
name: Rev
type: string
- JSONPath: .status.phase
name: Status
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: getambassador.io
names:
categories:
- ambassador-crds
kind: ProjectRevision
plural: projectrevisions
singular: projectrevision
scope: Namespaced
subresources:
status: {}
versions:
- name: v2
served: true
storage: true

27
charts/ambassador/ambassador/crds/ratelimit.yaml
View File

@ -1,27 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: ratelimits.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: RateLimit
plural: ratelimits
shortNames:
- rl
singular: ratelimit
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: false
- name: v2
served: true
storage: true

37
charts/ambassador/ambassador/ct.yaml
View File

@ -1,37 +0,0 @@
# See https://github.com/helm/chart-testing
# note: all the values files in ci/*-values.yaml will
# be tested automatically. For each configuration,
# all the tests in templates/tests/*.yaml
# will be checked.
################################################
# github
################################################
remote: origin
################################################
# chart
################################################
charts:
- /charts/
chart-dirs:
- /charts/
chart-repos:
- datawire=https://getambassador.io
helm-extra-args: --timeout 600s
# namespace: ambassador
# release-label: release
################################################
# checks and validations
################################################
validate-maintainers: false
validate-chart-schema: true
validate-yaml: true
# check-version-increment: true

84
charts/ambassador/ambassador/questions.yml
View File

@ -1,84 +0,0 @@
questions:
### CRD Management
- variable: crds.enabled
label: Create CRDs
description: "Should Ambassador Edge Stack create and manage its CRD's?"
type: boolean
required: false
default: "true"
group: "CRD Management"
- variable: crds.keep
label: Keep CRDs
description: "Should Ambassador Edge Stack keep CRD's when the chart is uninstalled?"
type: boolean
required: false
default: "true"
group: "CRD Management"
show_if: "crds.enabled=true"
### Deployment Management
- variable: daemonSet
label: Deploy as Daemonset
description: "Deploy Ambassador Edge Stack as a Daemonset? (Recommended: false)"
type: boolean
required: false
default: "true"
group: "Deployment Settings"
- variable: replicaCount
label: Replica Count
description: "How many replicas should Ambassador Edge Stack run? (Recommended: 3)"
type: int
required: false
default: "3"
group: "Deployment Settings"
min: 1
max: 999
show_if: "daemonSet=false"
### Service Settings
- variable: service.type
label: Service Type
description: "Set the type of service, LoadBalancer (recommended), NodePort, or ClusterIP"
type: enum
required: false
default: "LoadBalancer"
group: "Service Settings"
options:
- "LoadBalancer"
- "ClusterIP"
- "NodePort"
### Licensing
- variable: licenseKey.createSecret
label: "Create License Key Secret"
description: "Creates the license key secret using the License Key Data."
type: boolean
required: false
default: "true"
group: "License Settings"
- variable: licenseKey.value
label: "License Key Data"
description: "Specifies the license key to apply."
type: secret
required: false
default: ""
group: "License Settings"
show_if: "licenseKey.createSecret=true"
### Service Catalog
- variable: agent.enabled
label: "Enable Service Catalog"
description: "Enables the Service Catalog agent for use at https://app.getambassador.io."
type: boolean
required: false
default: "true"
group: "Service Catalog"
- variable: agent.cloudConnectionToken
label: "Cloud Connection Token"
description: "Specifies the Token used to register a Cluster with the Service Catalog."
type: secret
required: false
default: ""
group: "Service Catalog"
show_if: "agent.enabled=true"

60
charts/ambassador/ambassador/templates/NOTES.txt
View File

@ -1,60 +0,0 @@
-------------------------------------------------------------------------------
{{- if .Values.enableAES }}
Congratulations! You have successfully installed The Ambassador Edge Stack!
{{- if empty .Values.licenseKey.value }}
-------------------------------------------------------------------------------
NOTE: You are currently running The Ambassador Edge Stack in EVALUATION MODE.
Request a free community license key at https://SERVICE_IP/edge_stack_admin/#dashboard
to unlock all the features of The Ambassador Edge Stack and update the value of
licenseKey.value in your values.yaml file.
{{- end }}
{{- if or .Values.authService.create .Values.rateLimit.create }}
-------------------------------------------------------------------------------
WARNING:
With your installation of the Ambassador Edge Stack, you have created a:
{{ if .Values.authService.create }}
- AuthService named {{include "ambassador.fullname" .}}-auth
{{ end }} {{ if .Values.rateLimit.create }}
- RateLimitService named {{include "ambassador.fullname" .}}-ratelimit
{{ end }}
in the {{ include "ambassador.namespace" . }} namespace.
Please ensure there is not another of these resources configured in your cluster.
If there is, please either remove the old resource or run
helm upgrade {{ .Release.Name }} -n {{ .Release.Namespace }} --set authService.create=false --set RateLimit.create=false
{{- end }}
{{- else }}
Congratulations! You've successfully installed Ambassador!
-------------------------------------------------------------------------------
To get the IP address of Ambassador, run the following commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }}'
On GKE/Azure:
export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
On AWS:
export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ include "ambassador.namespace" .}} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
{{- end }}
{{- end }}
For help, visit our Slack at http://a8r.io/Slack or view the documentation online at https://www.getambassador.io.

117
charts/ambassador/ambassador/templates/_helpers.tpl
View File

@ -1,117 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ambassador.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ambassador.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "ambassador.imagetag" -}}
{{- if .Values.image.fullImageOverride }}
{{- .Values.image.fullImageOverride }}
{{- else }}
{{- if hasKey .Values.image "tag" -}}
{{- .Values.image.tag }}
{{- else if .Values.enableAES }}
{{- .Values.image.aesTag }}
{{- else }}
{{- .Values.image.ossTag }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Set the image that should be used for ambassador.
Use fullImageOverride if present,
Then if the image repository is explicitly set, use "repository:image"
Otherwise, check if AES is enabled
Use AES image if AES is enabled, ambassador image if not
*/}}
{{- define "ambassador.image" -}}
{{- if .Values.image.fullImageOverride }}
{{- .Values.image.fullImageOverride }}
{{- else }}
{{- $repoName := "" }}
{{- $imageTag := "" }}
{{- if hasKey .Values.image "repository" -}}
{{- $repoName = .Values.image.repository }}
{{- else if .Values.enableAES }}
{{- $repoName = .Values.image.aesRepository }}
{{- else }}
{{- $repoName = .Values.image.ossRepository }}
{{- end -}}
{{- if hasKey .Values.image "tag" -}}
{{- $imageTag = .Values.image.tag }}
{{- else if .Values.enableAES }}
{{- $imageTag = .Values.image.aesTag }}
{{- else }}
{{- $imageTag = .Values.image.ossTag }}
{{- end -}}
{{- printf "%s:%s" $repoName $imageTag -}}
{{- end -}}
{{- end -}}
{{/*
Create chart namespace based on override value.
*/}}
{{- define "ambassador.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ambassador.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "ambassador.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the RBAC to use
*/}}
{{- define "ambassador.rbacName" -}}
{{ default (include "ambassador.fullname" .) .Values.rbac.nameOverride }}
{{- end -}}
{{/*
Define the http port of the Ambassador service
*/}}
{{- define "ambassador.servicePort" -}}
{{- range .Values.service.ports -}}
{{- if (eq .name "http") -}}
{{ default .port }}
{{- end -}}
{{- end -}}
{{- end -}}

64
charts/ambassador/ambassador/templates/admin-service.yaml
View File

@ -1,64 +0,0 @@
{{- if .Values.adminService.create -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "ambassador.fullname" . }}-admin
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
# Hard-coded label for Prometheus Operator ServiceMonitor
service: ambassador-admin
product: aes
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack admin service for internal use and health checks."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
{{- with .Values.adminService.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.adminService.type }}
ports:
- port: {{ .Values.adminService.port }}
targetPort: admin
protocol: TCP
name: ambassador-admin
{{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }}
nodePort: {{ int .Values.adminService.nodePort }}
{{- end }}
- port: {{ .Values.adminService.snapshotPort }}
targetPort: {{ .Values.adminService.snapshotPort }}
protocol: TCP
name: ambassador-snapshot
selector:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- if eq .Values.adminService.type "LoadBalancer" }}
{{- if not (empty .Values.adminService.loadBalancerIP) }}
loadBalancerIP: {{ .Values.adminService.loadBalancerIP | quote }}
{{- end }}
{{- if not (empty .Values.adminService.loadBalancerSourceRanges) }}
loadBalancerSourceRanges:
{{- toYaml .Values.adminService.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}

33
charts/ambassador/ambassador/templates/aes-authservice.yaml
View File

@ -1,33 +0,0 @@
{{ if and .Values.authService.create .Values.enableAES }}
---
apiVersion: getambassador.io/v2
kind: AuthService
metadata:
name: {{ include "ambassador.fullname" . }}-{{ .Values.authService.deploymentExtraName | default "auth" }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-auth
{{- end }}
product: aes
spec:
proto: grpc
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
auth_service: 127.0.0.1:8500
{{- if .Values.authService.optional_configurations }}
{{- toYaml .Values.authService.optional_configurations | nindent 2}}
{{- end }}
{{ end }}

161
charts/ambassador/ambassador/templates/aes-injector.yaml
View File

@ -1,161 +0,0 @@
{{- if and .Values.enableAES .Values.servicePreview.enabled .Values.servicePreview.trafficAgent.injector.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ambassador.fullname" . }}-injector
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
spec:
containers:
- name: webhook
{{- if .Values.servicePreview.trafficAgent.image.repository }}
image: "{{ .Values.servicePreview.trafficAgent.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}"
{{- else }}
image: {{ include "ambassador.image" . }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "aes-injector" ]
env:
- name: AGENT_MANAGER_NAMESPACE
value: "{{ include "ambassador.namespace" . }}"
- name: TRAFFIC_AGENT_IMAGE
value: "{{ .Values.servicePreview.trafficAgent.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}"
- name: TRAFFIC_AGENT_AGENT_LISTEN_PORT
value: "{{ .Values.servicePreview.trafficAgent.port }}"
{{- if .Values.servicePreview.trafficAgent.singleNamespace }}
- name: TRAFFIC_AGENT_SERVICE_ACCOUNT_NAME
value: "{{ .Values.servicePreview.trafficAgent.serviceAccountName }}"
{{- end }}
ports:
- containerPort: 8443
name: https
livenessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
volumeMounts:
- mountPath: /var/run/secrets/tls
name: tls
readOnly: true
volumes:
- name: tls
secret:
secretName: {{ include "ambassador.fullname" . }}-injector-tls
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ambassador.fullname" . }}-injector
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack Service Preview Traffic Agent Sidecar injector."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/instance: {{ .Release.Name }}
ports:
- name: {{ include "ambassador.fullname" . }}-injector
port: 443
targetPort: https
---
kind: Secret
apiVersion: v1
metadata:
name: {{ include "ambassador.fullname" . }}-injector-tls
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-tls
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
type: Opaque
data:
{{ $ca := genCA (printf "%s-injector.%s.svc" (include "ambassador.fullname" .) (include "ambassador.namespace" .)) 365 -}}
crt.pem: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }}
key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.servicePreview.trafficAgent.injector.keyPEM)) (empty .Values.servicePreview.trafficAgent.injector.keyPEM) }}
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: {{ include "ambassador.fullname" . }}-injector-webhook-config
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-webhook-config
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
webhooks:
- name: {{ include "ambassador.fullname" . }}-injector.getambassador.io
clientConfig:
service:
name: {{ include "ambassador.fullname" . }}-injector
namespace: {{ include "ambassador.namespace" . }}
path: "/traffic-agent"
caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }}
failurePolicy: Ignore
rules:
- operations: ["CREATE"]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
{{- end }}

129
charts/ambassador/ambassador/templates/aes-internal.yaml
View File

@ -1,129 +0,0 @@
{{ if and .Values.createDevPortalMappings .Values.enableAES }}
---
# Configure DevPortal
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
# This Mapping name is referenced by convention, it's important to leave as-is.
name: {{ include "ambassador.fullname" . }}-devportal
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: {{ .Values.devportal.docsPrefix }}
rewrite: "/docs/"
service: "127.0.0.1:8500"
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: {{ include "ambassador.fullname" . }}-devportal-assets
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-assets
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: /documentation/(assets|styles)/(.*)(.css)
prefix_regex: true
regex_rewrite:
pattern: /documentation/(.*)
substitution: /docs/\1
service: "127.0.0.1:8500"
add_response_headers:
cache-control:
value: "public, max-age=3600, immutable"
append: false
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
# This Mapping name is what the demo uses. Sigh.
name: {{ include "ambassador.fullname" . }}-devportal-demo
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-demo
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: /docs/
rewrite: "/docs/"
service: "127.0.0.1:8500"
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
# This Mapping name is referenced by convention, it's important to leave as-is.
name: {{ include "ambassador.fullname" . }}-devportal-api
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-api
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: /openapi/
rewrite: ""
service: "127.0.0.1:8500"
{{ end }}

29
charts/ambassador/ambassador/templates/aes-ratelimit.yaml
View File

@ -1,29 +0,0 @@
{{ if and .Values.rateLimit.create .Values.enableAES }}
---
apiVersion: getambassador.io/v2
kind: RateLimitService
metadata:
name: {{ include "ambassador.fullname" . }}-{{ .Values.rateLimit.deploymentExtraName | default "ratelimit" }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
service: 127.0.0.1:8500
{{ end }}

106
charts/ambassador/ambassador/templates/aes-redis.yaml
View File

@ -1,106 +0,0 @@
{{ if and .Values.redis.create .Values.enableAES }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ambassador.fullname" . }}-redis
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- else }}
product: aes
{{- end }}
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack Redis store for auth and rate limiting, among other things."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
{{- with .Values.redis.annotations.service }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- port: 6379
targetPort: 6379
selector:
{{- if .Values.redis.serviceSelector }}
{{ toYaml .Values.redis.serviceSelector | nindent 4 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ambassador.fullname" . }}-redis
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
annotations:
{{- toYaml .Values.redis.annotations.deployment | nindent 4}}
spec:
replicas: 1
selector:
matchLabels:
{{- if .Values.redis.serviceSelector }}
{{ toYaml .Values.redis.serviceSelector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
template:
metadata:
labels:
{{- if .Values.redis.serviceSelector }}
{{ toYaml .Values.redis.serviceSelector | nindent 8 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
spec:
containers:
- name: redis
image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}"
imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
resources:
{{- toYaml .Values.redis.resources | nindent 10 }}
restartPolicy: Always
{{- with .Values.redis.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ end }}

21
charts/ambassador/ambassador/templates/aes-secret.yaml
View File

@ -1,21 +0,0 @@
{{- if and .Values.licenseKey.createSecret .Values.enableAES }}
apiVersion: v1
kind: Secret
metadata:
{{- if ne .Values.deploymentTool "getambassador.io" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
{{- if .Values.licenseKey.annotations }}
{{- toYaml .Values.licenseKey.annotations | nindent 4 }}
{{- end }}
{{- if .Values.licenseKey.secretName }}
name: {{ .Values.licenseKey.secretName }}
{{- else }}
name: {{ include "ambassador.fullname" . }}-edge-stack
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
type: Opaque
data:
license-key: {{- if .Values.licenseKey.value }} {{ .Values.licenseKey.value | b64enc }} {{- else }} "" {{- end }}
{{- end }}

371
charts/ambassador/ambassador/templates/ambassador-agent.yaml
View File

@ -1,371 +0,0 @@
{{- if .Values.agent.enabled }}
{{- $allowAgent := false -}}
{{- /* This next bit is ugly. */ -}}
{{- /* Case 1: "fullImageOverride" means don't bother checking the tag. */ -}}
{{- /* Case 2: Otherwise, if it's not a semver-style version number, */ -}}
{{- /* assume we have a power user and turn the agent on. */ -}}
{{- /* Case 3: Otherwise, if Edge Stack, we need at least 1.12.0. */ -}}
{{- /* Case 4: Otherwise, it's OSS and we need at 1.13.0. */ -}}
{{- if .Values.image.fullImageOverride }}
{{- /* Case 1 */ -}}
{{- $allowAgent = true }}
{{- else if not (regexMatch "^\\d+\\.\\d+\\.\\d+$" (include "ambassador.imagetag" . )) }}
{{- /* Case 2 above: power user */ -}}
{{- $allowAgent = true }}
{{- else if and .Values.enableAES (ne (semver "1.12.0" | (semver (include "ambassador.imagetag" . )).Compare) -1) }}
{{- /* Case 3 above: Edge Stack 1.12.0+ */ -}}
{{- $allowAgent = true }}
{{- else if ne (semver "1.13.0" | (semver (include "ambassador.imagetag" . )).Compare) -1 }}
{{- /* Case 4 above: OSS 1.13.0+ */ -}}
{{- $allowAgent = true }}
{{- end }}
{{- if $allowAgent }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
{{- if .Values.docker.useImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.docker.imagePullSecretName }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ include "ambassador.fullname" . }}-agent-config
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ambassador.fullname" . }}-agent-config
subjects:
- kind: ServiceAccount
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ include "ambassador.fullname" . }}-agent-config
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "configmaps" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "ambassador.fullname" . }}-agent
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ambassador.fullname" . }}-agent
subjects:
- kind: ServiceAccount
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-pods
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "pods"]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-deployments
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: ["apps", "extensions"]
resources: [ "deployments" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-endpoints
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "endpoints" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-configmaps
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "configmaps" ]
verbs: [ "get", "list", "watch" ]
---
{{- if .Values.agent.createArgoRBAC }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-rollouts
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: ["argoproj.io"]
resources: [ "rollouts" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-applications
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: ["argoproj.io"]
resources: [ "applications" ]
verbs: [ "get", "list", "watch" ]
{{- end }}
{{ if ne .Values.agent.cloudConnectToken "" }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "ambassador.fullname" . }}-agent-cloud-token
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent-cloud-token
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
data:
CLOUD_CONNECT_TOKEN: {{ .Values.agent.cloudConnectToken }}
{{ end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
{{- end }}
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
product: aes
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
spec:
serviceAccountName: {{ include "ambassador.fullname" . }}-agent
containers:
- name: agent
image: {{ include "ambassador.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "agent" ]
env:
- name: AGENT_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: AGENT_CONFIG_RESOURCE_NAME
value: {{ include "ambassador.fullname" . }}-agent-cloud-token
- name: RPC_CONNECTION_ADDRESS
value: {{ .Values.agent.rpcAddress }}
- name: AES_SNAPSHOT_URL
value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.snapshotPort }}/snapshot-external"
{{- end }}
{{- end }}

20
charts/ambassador/ambassador/templates/config.yaml
View File

@ -1,20 +0,0 @@
{{- if .Values.ambassadorConfig }}
apiVersion: v1
kind: ConfigMap
metadata:
name: '{{ include "ambassador.fullname" . }}-file-config'
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
data:
ambassadorConfig: |-
{{- .Values.ambassadorConfig | nindent 4 }}
{{- end }}

123
charts/ambassador/ambassador/templates/crd-delete.yaml
View File

@ -1,123 +0,0 @@
{{- if and .Values.crds.enabled (not .Values.crds.keep)}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ambassador.serviceAccountName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: ["get", "list", "watch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "ambassador.rbacName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ambassador.rbacName" . }}-crd-delete
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "ambassador.fullname" . }}-crd-cleanup
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "3"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
template:
metadata:
name: {{ include "ambassador.fullname" . }}-crd-cleanup
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
{{- if .Values.rbac.create }}
serviceAccountName: {{ include "ambassador.serviceAccountName" . }}-crd-delete
{{- end }}
containers:
- name: kubectl
image: "buoyantio/kubectl"
args:
- delete
- crds
- -l app.kubernetes.io/name=ambassador
restartPolicy: OnFailure
{{- end }}

6
charts/ambassador/ambassador/templates/crds.yaml
View File

@ -1,6 +0,0 @@
{{- if .Values.crds.create }}
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

282
charts/ambassador/ambassador/templates/deployment.yaml
View File

@ -1,282 +0,0 @@
apiVersion: apps/v1
{{- if .Values.daemonSet }}
kind: DaemonSet
{{- else }}
kind: Deployment
{{- end }}
metadata:
{{- if .Values.deploymentNameOverride }}
name: {{ .Values.deploymentNameOverride }}
{{- else }}
name: {{ include "ambassador.fullname" . }}
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
{{- if .Values.deploymentLabels }}
{{- toYaml .Values.deploymentLabels | nindent 4 }}
{{- end }}
{{- if .Values.deploymentAnnotations }}
annotations:
{{- toYaml .Values.deploymentAnnotations | nindent 4 }}
{{- end }}
spec:
{{- if and (not .Values.autoscaling.enabled) (not .Values.daemonSet) }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- if .Values.daemonSet }}
updateStrategy:
{{- else }}
strategy:
{{- end }}
{{- toYaml .Values.deploymentStrategy | nindent 4}}
template:
metadata:
labels:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 8 }}
{{- end }}
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
product: aes
{{- end }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
annotations:
{{- if ne .Values.deploymentTool "getambassador.io" }}
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- /* Check if .Values.securityContext is set for backwards compatibility */ -}}
{{- if .Values.securityContext -}}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else -}}
{{- with .Values.security.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}
{{- if .Values.restartPolicy }}
restartPolicy: {{ .Values.restartPolicy }}
{{- end }}
serviceAccountName: {{ include "ambassador.serviceAccountName" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
volumes:
- name: ambassador-pod-info
downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: labels
{{- if .Values.prometheusExporter.enabled }}
- name: stats-exporter-mapping-config
configMap:
name: {{ include "ambassador.fullname" . }}-exporter-config
items:
- key: exporterConfiguration
path: mapping-config.yaml
{{- end }}
{{- if .Values.ambassadorConfig }}
- name: ambassador-config
configMap:
name: {{ include "ambassador.fullname" . }}-file-config
items:
- key: ambassadorConfig
path: ambassador-config.yaml
{{- end }}
{{- if and .Values.licenseKey.createSecret .Values.enableAES }}
- name: {{ include "ambassador.fullname" . }}-edge-stack-secrets
secret:
{{- if .Values.licenseKey.secretName }}
secretName: {{ .Values.licenseKey.secretName }}
{{- else }}
secretName: {{ include "ambassador.fullname" . }}-edge-stack
{{- end }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
{{- if .Values.prometheusExporter.enabled }}
- name: prometheus-exporter
image: "{{ .Values.prometheusExporter.repository }}:{{ .Values.prometheusExporter.tag }}"
imagePullPolicy: {{ .Values.prometheusExporter.pullPolicy }}
ports:
- name: metrics
containerPort: 9102
- name: listener
containerPort: 8125
args:
- --statsd.listen-udp=:8125
- --web.listen-address=:9102
- --statsd.mapping-config=/statsd-exporter/mapping-config.yaml
volumeMounts:
- name: stats-exporter-mapping-config
mountPath: /statsd-exporter/
readOnly: true
resources:
{{- toYaml .Values.prometheusExporter.resources | nindent 12 }}
{{- end }}
- name: {{ if .Values.containerNameOverride }}{{ .Values.containerNameOverride }}{{ else }}{{ .Chart.Name }}{{ end }}
image: {{ include "ambassador.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
{{- range .Values.service.ports }}
- name: {{ .name }}
containerPort: {{ int .targetPort }}
{{- if .protocol }}
protocol: {{ .protocol }}
{{- end }}
{{- if .hostPort }}
hostPort: {{ .hostPort }}
{{- end }}
{{- end}}
- name: admin
containerPort: {{ .Values.adminService.port }}
env:
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- if and (or .Values.redis.create .Values.redisURL) (.Values.enableAES) }}
- name: REDIS_URL
{{- if .Values.redisURL }}
value: {{ .Values.redisURL }}
{{- else }}
value: {{ include "ambassador.fullname" . }}-redis:6379
{{- end }}
{{- end }}
{{- if and .Values.licenseKey.secretName .Values.enableAES}}
- name: AMBASSADOR_AES_SECRET_NAME
value: {{ .Values.licenseKey.secretName }}
{{- end }}
{{- if .Values.prometheusExporter.enabled }}
- name: STATSD_ENABLED
value: "true"
- name: STATSD_HOST
value: "localhost"
{{- end }}
{{- if .Values.scope.singleNamespace }}
- name: AMBASSADOR_SINGLE_NAMESPACE
value: "YES"
{{- end }}
- name: AMBASSADOR_NAMESPACE
{{- if .Values.namespace }}
value: {{ .Values.namespace.name | quote }}
{{ else }}
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- end -}}
{{- if .Values.redisEnv }}
{{ toYaml .Values.redisEnv | nindent 12 }}
{{- end }}
{{- if .Values.env }}
{{- range $key,$value := .Values.env }}
- name: {{ $key | upper | quote}}
value: {{ $value | quote}}
{{- end }}
{{- end }}
{{- if .Values.envRaw }}
{{- with .Values.envRaw }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.security.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
livenessProbe:
httpGet:
path: /ambassador/v0/check_alive
port: admin
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
httpGet:
path: /ambassador/v0/check_ready
port: admin
{{- toYaml .Values.readinessProbe | nindent 12 }}
volumeMounts:
- name: ambassador-pod-info
mountPath: /tmp/ambassador-pod-info
readOnly: true
{{- if .Values.ambassadorConfig }}
- name: ambassador-config
mountPath: /ambassador/ambassador-config/ambassador-config.yaml
subPath: ambassador-config.yaml
{{- end }}
{{- if and .Values.licenseKey.createSecret .Values.enableAES }}
- name: {{ include "ambassador.fullname" . }}-edge-stack-secrets
mountPath: /.config/ambassador
readOnly: true
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.sidecarContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
imagePullSecrets:
{{- toYaml .Values.imagePullSecrets | nindent 8 }}
dnsPolicy: {{ .Values.dnsPolicy }}
hostNetwork: {{ .Values.hostNetwork }}

23
charts/ambassador/ambassador/templates/exporter-config.yaml
View File

@ -1,23 +0,0 @@
{{- if .Values.prometheusExporter.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: '{{ include "ambassador.fullname" . }}-exporter-config'
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
data:
exporterConfiguration:
{{- if .Values.prometheusExporter.configuration }} |
{{- .Values.prometheusExporter.configuration | nindent 4 }}
{{- else }} ''
{{- end }}
{{- end }}

26
charts/ambassador/ambassador/templates/hpa.yaml
View File

@ -1,26 +0,0 @@
{{- if and .Values.autoscaling.enabled (not .Values.daemonSet) }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "ambassador.fullname" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "ambassador.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- toYaml .Values.autoscaling.metrics | nindent 4 }}
{{- end }}

29
charts/ambassador/ambassador/templates/module.yaml
View File

@ -1,29 +0,0 @@
{{- if .Values.module }}
apiVersion: getambassador.io/v2
kind: Module
metadata:
name: ambassador
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
config:
{{- toYaml .Values.module | nindent 4 }}
{{- end }}

8
charts/ambassador/ambassador/templates/namespace.yaml
View File

@ -1,8 +0,0 @@
{{- if .Values.createNamespace }}
apiVersion: v1
kind: Namespace
metadata:
labels:
product: aes
name: {{ include "ambassador.namespace" . }}
{{- end }}

33
charts/ambassador/ambassador/templates/oss-migration-test-service.yaml
View File

@ -1,33 +0,0 @@
{{- if .Values.enableTestService }}
apiVersion: v1
kind: Service
metadata:
name: test-aes
namespace: {{ include "ambassador.namespace" . }}
labels:
product: aes
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
{{- range .Values.service.ports }}
- name: {{ .name }}
port: {{ int .port }}
{{- if .targetPort }}
targetPort: {{ int .targetPort }}
{{- end }}
{{- if .nodePort }}
nodePort: {{ int .nodePort }}
{{- end }}
{{- if .protocol }}
protocol: {{ .protocol }}
{{- end }}
{{- end}}
selector:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- end }}

23
charts/ambassador/ambassador/templates/pdb.yaml
View File

@ -1,23 +0,0 @@
{{- if .Values.podDisruptionBudget }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ include "ambassador.fullname" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
{{- end }}

25
charts/ambassador/ambassador/templates/podsecuritypolicy.yaml
View File

@ -1,25 +0,0 @@
{{ if .Values.security.podSecurityPolicy }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "ambassador.fullname" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- with .Values.security.podSecurityPolicy.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.security.podSecurityPolicy.spec }}
spec:
{{- toYaml . | nindent 2}}
{{- end }}
{{ end }}

75
charts/ambassador/ambassador/templates/projects-rbac.yaml
View File

@ -1,75 +0,0 @@
{{- if and .Values.rbac.create .Values.registry.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ include "ambassador.rbacName" . }}-projects
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "secrets", "services" ]
verbs: [ "get", "list", "create", "patch", "delete", "watch" ]
- apiGroups: ["apps"]
resources: [ "deployments" ]
verbs: [ "get", "list", "create", "patch", "delete", "watch" ]
- apiGroups: ["batch"]
resources: [ "jobs" ]
verbs: [ "get", "list", "create", "patch", "delete", "watch" ]
- apiGroups: [""]
resources: [ "pods" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [""]
resources: [ "pods/log" ]
verbs: [ "get" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: RoleBinding
{{- else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ include "ambassador.rbacName" . }}-projects
{{- if .Values.scope.singleNamespace }}
namespace: {{ include "ambassador.namespace" . }}
{{- end }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.scope.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
name: {{ include "ambassador.rbacName" . }}-projects
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
{{- end }}

412
charts/ambassador/ambassador/templates/projects.yaml
View File

@ -1,412 +0,0 @@
{{- if .Values.registry.create }}
######################################################################
# In-cluster Registry for Projects
# This mapping will make every host function as a docker
# registry. It's not ideal to take over the "v2" mapping, but there
# are a number of constraints that make this the least worst option
# explored so far. These constraints are:
#
# - We need a registry where docker push/pull and similar (e.g. crictl
# push/pull) can work with no special client configuration since we
# don't control the clients and we can't expect our users to
# reconfigure their clusters to use a special push/pull
# configuration.
#
# - GKE's push/pull implementation (I think it's docker) and crictl
# push/pull (used by default in k3s clusters) have different default
# behaviors with respect to localhost registries. The docker
# implementation is very permissive, it will try both cleartext and
# TLS and it does not verify the TLS connection, so self-signed
# registries work fine. The crictl implementation is moving in this
# direction, but the version used in k3s (based on rancher's fork of
# containerd at v1.3.3) is not there yet. It only tries cleartext by
# default.
#
# - We want to minimize the requirements for users to have the
# access/understanding to create special DNS configurations
# (e.g. wildcard or a separate dns name for the registry).
#
# - You can configure the docker registry to have a prefix,
# e.g. <host>/<special-prefix>/v2/..., however without special
# configuration to override the defaults, clients can't push/pull
# from a registry served at a prefix. If your image is named
# <foo>/<bar>, the client will look for <foo>/v2/... endpoints.
#
# Given all the prior constraints we are left with creating this
# mapping for all hosts. If this is a problem there are a few
# alternatives we could consider. We can provide a way to limit this
# mapping to only one host so they can have distinct hosts for their
# site and their registry. We could also look into creating a
# daemonset that binds to localhost and proxies cleartext to
# TLS. Based on what I know of GKE and k3s its a good guess that this
# would accommodate both of them, but possibly not other clusters with
# different configurations.
#
# Another reason to lean towards an externally accessible registry is
# that there are likely some people that would want this as a feature
# so they can docker push/pull images from other systems into/out of
# the builtin registry. While it's true that security minded people
# might not like having this registry externally accessible, it's also
# quite likely those people would want to run their own fancy registry
# that scans/audits images, etc. The focus for RtC is really a smooth
# out of the box experience that functions end-to-end without
# requiring you to build your own platform. For more security minded
# people we should expect to eventually be able to configure an
# external registry and/or turn off the builtin one.
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: {{ include "ambassador.fullname" . }}-registry
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
spec:
prefix: /v2/
rewrite: /v2/
{{- if .Values.registry.resourceNameOverride }}
service: https://{{ .Values.registry.resourceNameOverride }}
{{- else }}
service: https://{{ include "ambassador.fullname" . }}-registry
{{- end }}
timeout_ms: 300000
---
apiVersion: v1
kind: Service
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge internal image registry."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
spec:
type: ClusterIP
selector:
{{- if .Values.registry.serviceSelectors }}
{{ toYaml .Values.registry.serviceSelector | nindent 4 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
ports:
- port: 443
targetPort: 5000
# The registry deployment. The deployment includes a persistent volume
# mount for storing images, a config-map mount for customizing the
# registry configuration, and a secret mounted for tls.
---
apiVersion: apps/v1
kind: Deployment
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
app: registry
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 0
selector:
matchLabels:
{{- if .Values.registry.serviceSelectors }}
{{ toYaml .Values.registry.serviceSelector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
template:
metadata:
annotations:
foo: "5"
labels:
{{- if .Values.registry.serviceSelectors }}
{{ toYaml .Values.registry.serviceSelector | nindent 8 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
spec:
containers:
- name: registry
image: registry:2
ports:
- containerPort: 5000
volumeMounts:
- mountPath: /var/lib/registry
name: registry-data
- name: registry-config
mountPath: /etc/docker/registry
- name: registry-tls
mountPath: /etc/tls
volumes:
- name: registry-config
configMap:
# Provide the name of the ConfigMap containing the files you want
# to add to the container
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}-config
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry-config
{{- end }}
- name: registry-data
persistentVolumeClaim:
{{- if .Values.registry.resourceNameOverride }}
claimName: {{ .Values.registry.resourceNameOverride }}-data
{{- else }}
claimName: {{ include "ambassador.fullname" . }}-registry-data
{{- end }}
- name: registry-tls
secret:
{{- if .Values.registry.resourceNameOverride }}
secretName: {{ .Values.registry.resourceNameOverride }}-tls
{{- else }}
secretName: {{ include "ambassador.fullname" . }}-registry-tls
{{- end }}
# The configuration file for our registry.
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}-config
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry-config
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
data:
config.yml: |
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
tls:
certificate: /etc/tls/tls.crt
key: /etc/tls/tls.key
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
# The persistent volume for our registry.
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}-data
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry-data
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
# The self-signed tls secret for our registry. We should look into
# generating this on install with a job.
---
apiVersion: v1
kind: Secret
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}-tls
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry-tls
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
type: kubernetes.io/tls
data:
tls.crt: |
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVEekNDQXZlZ0F3SUJBZ0lVSVZrWlJGSkVJ
VCtOTlJiMFJ0TkxwZFp5TTVnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daWXhDekFKQmdOVkJBWVRB
bFZUTVJZd0ZBWURWUVFJREExTllYTnpZV05vZFhObGRIUnpNUk13RVFZRApWUVFIREFwVGIyMWxj
blpwYkd4bE1SRXdEd1lEVlFRS0RBaEVZWFJoZDJseVpURVVNQklHQTFVRUN3d0xSVzVuCmFXNWxa
WEpwYm1jeEVUQVBCZ05WQkFNTUNISmxaMmx6ZEhKNU1SNHdIQVlKS29aSWh2Y05BUWtCRmc5a1pY
WkEKWkdGMFlYZHBjbVV1YVc4d0hoY05NakF3TVRNd01qRXdNVFV5V2hjTk1qRXdNVEk1TWpFd01U
VXlXakNCbGpFTApNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdNRFUxaGMzTmhZMmgxYzJWMGRI
TXhFekFSQmdOVkJBY01DbE52CmJXVnlkbWxzYkdVeEVUQVBCZ05WQkFvTUNFUmhkR0YzYVhKbE1S
UXdFZ1lEVlFRTERBdEZibWRwYm1WbGNtbHUKWnpFUk1BOEdBMVVFQXd3SWNtVm5hWE4wY25reEhq
QWNCZ2txaGtpRzl3MEJDUUVXRDJSbGRrQmtZWFJoZDJseQpaUzVwYnpDQ0FTSXdEUVlKS29aSWh2
Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFRtZ21wb2szVVdCVkhqCjFqb2R5eG9LZFJad09Y
WnhiZ25ITXlMa2xxLzUydGdmTEJmVlU1TzB2aE5iVm5vcEVSRWdWV0pTd3dlN0dOS0EKSjlaWWxC
Qlc1Q1U5Q3FNalU2TTVOdTdiVWRQblNyNGRFSFlWcmhEakJYcVpDUElEaFhZS2ZZYWh0YlB4cis1
egpueS9qQktKU2JwM3RWU3d5SEhsY3JJNHdOU2R1Q2x5UFplOFR0Q2hGQUxhcU5rWUMvclNGK0w0
SWcwZmY1N0duClpFVmsyZDJja09Xbkp6akRXMGhYL3FUcXhUKzZwV2tUQThWQ0FVS2FabEY5VkRK
c20rOW1XM2dBWmZ5NWdFWloKajcvaktqNTd5R1BUR2xWQXhra2J2WlJJVWQ5LzVkVmE3V1RCYnlR
dkxvOEkyWWQ3S1h6Y3BjcElpS2hRREdPQQpHbGVoa2JVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZ
RUZGTDV5NnNIb09tV0FRWVVGano4VHNETGFnUTdNQjhHCkExVWRJd1FZTUJhQUZGTDV5NnNIb09t
V0FRWVVGano4VHNETGFnUTdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFF
TEJRQURnZ0VCQUFZdHlnNDNDTEJsbVlvY0NkSjVpSlF0NTR0anFGU2hIMzdFd3h4WQp1QVExRHRW
a0Q3QngzUURZZ1cxeU1QYzFTRDhYenFUcWxjQUlOQTZwdVB0SlNPcC8wUUVqVFJSMkFSZFF5VURI
ClZOZEZzcHp5MGRnbllqOXY2ckl4akdOazVHZXI3cUp4TURaUUY0dC82NHZLYWNyOHZOQ3dnSmI5
WEZaMTBjNlEKdVNSNVVVN1pMTWJPeWd4a0hPQStMMXp3S2pSaXZUb2ZMbExPOURQNUJwMk9hOGgr
TmZhVkJ4ZHFUS2l0UzFaOApnUnZhOTFuRHZwTjl5aHBiNFJVN2FoWW9tWGF4VE5ZVEJxVE1uZWhE
aWhPQjdBS2Z0VVErdjJWZ2VlM1FxaGJ4CjRUSlJpTTUxR2VIWEtoVWw5ZXBxRnBlYllIa1BnU1ln
bU1OUy9aT3JSWmFxajVRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: |
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB
QVNDQktZd2dnU2lBZ0VBQW9JQkFRQzA1b0pxYUpOMUZnVlIKNDlZNkhjc2FDblVXY0RsMmNXNEp4
ek1pNUphditkcllIeXdYMVZPVHRMNFRXMVo2S1JFUklGVmlVc01IdXhqUwpnQ2ZXV0pRUVZ1UWxQ
UXFqSTFPak9UYnUyMUhUNTBxK0hSQjJGYTRRNHdWNm1RanlBNFYyQ24yR29iV3o4YS91CmM1OHY0
d1NpVW02ZDdWVXNNaHg1WEt5T01EVW5iZ3BjajJYdkU3UW9SUUMycWpaR0F2NjBoZmkrQ0lOSDMr
ZXgKcDJSRlpObmRuSkRscHljNHcxdElWLzZrNnNVL3VxVnBFd1BGUWdGQ21tWlJmVlF5Ykp2dlps
dDRBR1g4dVlCRwpXWSsvNHlvK2U4aGoweHBWUU1aSkc3MlVTRkhmZitYVld1MWt3VzhrTHk2UENO
bUhleWw4M0tYS1NJaW9VQXhqCmdCcFhvWkcxQWdNQkFBRUNnZ0VBWUxiMGRxdGVXclRoTnp6V0pk
QVQ2K0kzWXoyd214QmR3a0NMcUZZSjhoOWsKenpNclFicTlxalJ4Z3F2TWVoZEdscDl3eHRaMGlz
ZU9wOHY0Z0hKdkJxVk42RkxRUXhQNS9VUHppSlFkRld1TQozRU54cjVBN3RhK0tHRmVGSHM2Zkpk
TEo5WmF6TEhkRWxmbWUyOTFGZHZzWFJMdkVVNUtmQW90M2ZiVnNWWjFxCnRucVIzY0dET3JVQ00v
ZzJKZmVBYk5wSUJjTnlCV0diOGRQbm5SaHZRNW5YN1ozUnJiNTlhQnhOcldCSkFkbnEKOUtkS3BR
UmU4cjBiRGJ0WVZQamxXRldpOVluWVQ0WHpQOG9TU0t5a3R4TWZraEM2dlVKb0gwNHFOSmRkWjVM
WAozWjRKUm14RnlUZU1rUG0xa2dnSVVRZGJhRWp1WG0rOThOeXVkZitKcVFLQmdRRGx6SS9XMzZM
am1pRE9MSDVUCnFhZTFnazNMV2lTY3hwZzRhazEyenhLSlkrWUJiNnc4UG5EVmlvY2tPa0lsSERh
V0xzQ2VpRkJsM2lPSDlUWWcKQm9iY3JVZVNUbWdOaUNqSlpIWVhIUlY1TEN2bGE0UkhhcXNMWG43
elptTE5GVW9YRlhaTkoyQzlqUEp5TStyQQpqOWJLWlFvQTF2NC9qOUdMTXN3eEJZem1pd0tCZ1FE
SmhxNDhrYmV0MlRTRFhyMUxuY3FMVU9wak1hQmNyOEJKCnpDNlBwK3F0ck01QVE1RnkwaHRoV2Zn
bDkzZU5vMWRQT2pCRDZ6amIyd2dNSHhBR2w1V0pIN005enFBSWJSaW0KbDFNcmsrUkprbUVGeUls
cU95TG9jNlg0V1pPN1BwejZPQkdWTExGOFlBR09UcldaRzZwUStDeVJWN3hHUS9PWAo4QlN5UVVh
d3Z3S0JnRWFXWG55dmQxYVlpb2txUzZlaFRuM0h4K08yRGRjR2ZjMmVnYXNFRW5xWGNCaHkyQ0l0
ClAvV29OcmpmR0dCVDJVU3FtY3BZcnZHTG1iaHlqeXlwTkpYbXVEeHR6ektRNTQ1dFNJVHpEeHlJ
Zi9kWjNta2QKaityUEhRbmhJbXBDcHQ2T1hpZDIrQlZoalR1ZFRQZlhkeS8yZDJzb256S2hGOG05
VWRHaEZkWGZBb0dBRkZ0QwpabVBoeGZIVzJCNU55TUdib0E4QVhoeTVNaU9lck5XdkxsdXIzUGRE
cmtJbEF4QXVLOXRHc2E4WnFIa0RiTUZYCjlzUmY3ZlZtRHJOa2p3WG8yUDBXd2Z1Sk50Q3VXTVdZ
WlNKL1FOOUVaYTBvRkU3ODY3WWk0YjlLcVBOZUwvaFIKN2x1aFlncmduVnRlQktWQ3d3TU9uVy9i
V00yc1lZQ2kxbzY1Y1VrQ2dZQUR4SUJmOGZUOURDS0NaZ1FvQXNDYwpvSzcvdzdDYk1hOEp5TjZa
ZDRiSlIrSzRzUEtQekd2M3dEandxRzFTRkN6UU1FR01mOWt6TWFYb09XdzNaN2NCCklIZTJDUXFF
N2NZdW1LYjFkOTFueU1qMVdQVC9CWEJKZzB3aUNMV0RjakdQR0xNWTJyeGsvMWwzL2xjKy9WVkcK
NjRZZUh1YlllOE9Iemp5UEZGSnJZdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
######################################################################
# Project Controller
#
# Comment this out if you want to disable the micro CI/CD functionality:
---
apiVersion: getambassador.io/v2
kind: ProjectController
metadata:
{{- if .Values.registry.projectControllerName }}
name: {{ .Values.registry.projectControllerName }}
{{- else }}
name: {{ include "ambassador.fullname" . }}-projectcontroller
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-projectcontroller
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
projects.getambassador.io/ambassador_id: {{ if hasKey .Values.env "AMBASSADOR_ID" }}{{ .Values.env.AMBASSADOR_ID | quote }}{{ else }}default{{ end }}
product: aes
{{- end }}

200
charts/ambassador/ambassador/templates/rbac.yaml
View File

@ -1,200 +0,0 @@
{{- if .Values.rbac.create -}}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}
rules: []
---
# CRDs are cluster scoped resources, so they need to be in a cluster role,
# even if ambassador is running in single namespace mode
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}-crd
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}
rules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: ["get", "list", "watch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: Role
metadata:
name: {{ include "ambassador.rbacName" . }}
namespace: {{ include "ambassador.namespace" . }}
{{- else }}
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}-watch
{{- end }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}
rules:
- apiGroups: [""]
resources:
- namespaces
- services
- secrets
- endpoints
verbs: ["get", "list", "watch"]
- apiGroups: [ "getambassador.io" ]
resources: [ "*" ]
verbs: ["get", "list", "watch", "update", "patch", "create", "delete" ]
- apiGroups: [ "getambassador.io" ]
resources: [ "mappings/status" ]
verbs: ["update"]
- apiGroups: [ "networking.internal.knative.dev" ]
resources: [ "clusteringresses", "ingresses" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "networking.x-k8s.io" ]
resources: [ "*" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "networking.internal.knative.dev" ]
resources: [ "ingresses/status", "clusteringresses/status" ]
verbs: ["update"]
- apiGroups: [ "extensions", "networking.k8s.io" ]
resources: [ "ingresses", "ingressclasses" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "extensions", "networking.k8s.io" ]
resources: [ "ingresses/status" ]
verbs: ["update"]
{{- if .Values.enableAES }}
- apiGroups: [""]
resources: [ "secrets" ]
verbs: ["get", "list", "watch", "create", "update"]
- apiGroups: [""]
resources: [ "events" ]
verbs: ["get", "list", "watch", "create", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: [ "leases" ]
verbs: ["get", "create", "update"]
- apiGroups: [""]
resources: [ "endpoints" ]
verbs: ["get", "list", "watch", "create", "update"]
{{- end }}
{{- if or .Values.rbac.podSecurityPolicies .Values.security.podSecurityPolicy }}
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
{{- if .Values.rbac.podSecurityPolicies }}
{{- toYaml .Values.rbac.podSecurityPolicies | nindent 6 }}
{{- end }}
{{- if .Values.security.podSecurityPolicy }}
- {{ include "ambassador.fullname" . }}
{{- end }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "ambassador.rbacName" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ambassador.rbacName" . }}
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
---
{{- if .Values.scope.singleNamespace }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ include "ambassador.rbacName" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ambassador.rbacName" . }}
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
{{- end }}
{{- end -}}

45
charts/ambassador/ambassador/templates/resolvers.yaml
View File

@ -1,45 +0,0 @@
{{- if .Values.resolvers.endpoint.create }}
---
apiVersion: getambassador.io/v2
kind: KubernetesEndpointResolver
metadata:
name: {{ .Values.resolvers.endpoint.name }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
spec:
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
{{- if .Values.resolvers.consul.create }}
---
apiVersion: getambassador.io/v2
kind: ConsulResolver
metadata:
name: {{ .Values.resolvers.consul.name }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- toYaml .Values.resolvers.consul.spec | nindent 2 }}
{{- end }}

81
charts/ambassador/ambassador/templates/service.yaml
View File

@ -1,81 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.service.nameOverride }}
name: {{ .Values.service.nameOverride }}
{{- else }}
name: {{ include "ambassador.fullname" . }}
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
app.kubernetes.io/component: ambassador-service
product: aes
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack goes beyond traditional API Gateways and Ingress Controllers with the advanced edge features needed to support developer self-service and full-cycle development."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ include "ambassador.namespace" . }}
{{- if .Values.service.annotations }}
{{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: "{{ .Values.service.externalTrafficPolicy }}"
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml .Values.service.sessionAffinityConfig | nindent 4 }}
{{- end }}
ports:
{{- range .Values.service.ports }}
- name: {{ .name }}
port: {{ int .port }}
{{- if .targetPort }}
targetPort: {{ int .targetPort }}
{{- end }}
{{- if .nodePort }}
nodePort: {{ int .nodePort }}
{{- end }}
{{- if .protocol }}
protocol: {{ .protocol }}
{{- end }}
{{- end}}
selector:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{- toYaml .Values.service.externalIPs | nindent 4 }}
{{- end }}

24
charts/ambassador/ambassador/templates/serviceaccount.yaml
View File

@ -1,24 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ambassador.serviceAccountName" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
{{- if .Values.docker.useImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.docker.imagePullSecretName }}
{{- end }}
{{- end -}}

28
charts/ambassador/ambassador/templates/servicemonitor.yaml
View File

@ -1,28 +0,0 @@
{{- if and .Values.adminService.create .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "ambassador.fullname" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app: {{ include "ambassador.name" . }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- toYaml .Values.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: ambassador-admin
path: /metrics
{{- with .Values.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "ambassador.namespace" . }}
selector:
matchLabels:
service: ambassador-admin
{{- end }}

24
charts/ambassador/ambassador/templates/tests/test-ready.yaml
View File

@ -1,24 +0,0 @@
{{- if and (.Values.test.enabled) (not .Values.daemonSet) }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "ambassador.fullname" . }}-test-ready"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: {{ .Values.test.image | default "busybox" }}
command: ['wget']
args: ['{{ include "ambassador.fullname" . }}:{{ include "ambassador.servicePort" . }}/ambassador/v0/check_ready']
restartPolicy: Never
{{- end }}

135
charts/ambassador/ambassador/templates/traffic-agent-rbac.yaml
View File

@ -1,135 +0,0 @@
{{- if and .Values.enableAES .Values.servicePreview.enabled }}
{{- if .Values.servicePreview.trafficAgent.singleNamespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
annotations:
# Required because Helm creates secrets before ServiceAccount, but service-account-token depends on an existing SA.
"helm.sh/hook": "pre-install"
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
---
## Create a service-account-token for traffic-agent with a matching name.
## Since the ambassador-injector will use this token name, it must be deterministic and not auto-generated.
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
annotations:
kubernetes.io/service-account.name: traffic-agent
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "namespaces", "services", "secrets" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "getambassador.io" ]
resources: [ "*" ]
verbs: ["get", "list", "watch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ambassador.rbacName" . }}
subjects:
- name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
{{- else }}
## If we install Service Preview cluster-wide, this means we can't use the 'traffic-agent' ServiceAccount
## as it does not exist in every namespace. We must instead grant new Roles to all ServiceAccounts (cluster-wide).
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "namespaces", "services", "secrets" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "getambassador.io" ]
resources: [ "*" ]
verbs: ["get", "list", "watch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
subjects:
- name: system:serviceaccounts
kind: Group
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}

190
charts/ambassador/ambassador/templates/traffic-manager.yaml
View File

@ -1,190 +0,0 @@
{{- if and .Values.enableAES .Values.servicePreview.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
---
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: ["namespaces", "services", "pods", "secrets"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: RoleBinding
{{- else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.scope.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: telepresence-proxy
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
containers:
- name: telepresence-proxy
{{- if .Values.servicePreview.trafficManager.image.repository }}
image: "{{ .Values.servicePreview.trafficManager.image.repository }}:{{ .Values.servicePreview.trafficManager.image.tag | default .Values.image.tag }}"
{{- else }}
image: {{ include "ambassador.image" . }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "traffic-manager" ]
env:
{{- if .Values.scope.singleNamespace }}
- name: AMBASSADOR_SINGLE_NAMESPACE
value: "true"
{{- end }}
- name: AMBASSADOR_NAMESPACE
{{- if .Values.namespace }}
value: {{ .Values.namespace.name | quote }}
{{ else }}
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- end -}}
{{- if or .Values.redis.create .Values.redisURL }}
- name: REDIS_URL
{{- if .Values.redisURL }}
value: {{ .Values.redisURL }}
{{- else }}
value: {{ include "ambassador.fullname" . }}-redis:6379
{{- end }}
{{- end }}
ports:
- name: sshd
containerPort: 8022
volumeMounts:
- mountPath: /tmp/ambassador-pod-info
name: pod-info
restartPolicy: Always
terminationGracePeriodSeconds: 0
volumes:
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: labels
name: pod-info
serviceAccountName: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
---
apiVersion: v1
kind: Service
metadata:
name: telepresence-proxy
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack Service Preview Telepresence Proxy."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
spec:
type: ClusterIP
clusterIP: None
selector:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/instance: {{ .Release.Name }}
ports:
- name: sshd
protocol: TCP
port: 8022
- name: api
protocol: TCP
port: 8081
{{- end }}

521
charts/ambassador/ambassador/values.yaml
View File

@ -1,521 +0,0 @@
# Default values for ambassador.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Manually set metadata for the Release.
#
# Defaults to .Chart.Name
nameOverride: ''
# Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador"
fullnameOverride: ''
# Defaults to .Release.Namespace
namespaceOverride: ''
replicaCount: 3
daemonSet: false
# This will enable the test-ready Pod (https://github.com/datawire/ambassador-chart/blob/master/templates/tests/test-ready.yaml).
# It will spawn a busybox container to call Ambassador's check_ready endpoint to validate it is working correctly.
test:
enabled: true
image: busybox
# Enable autoscaling using HorizontalPodAutoscaler
# daemonSet: true, autoscaling will be disabled
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
podDisruptionBudget: {}
# namespace:
# name: default
# Additional container environment variable
# Uncomment or add additional environment variables for the container here.
env: {}
# Exposing statistics via StatsD
# STATSD_ENABLED: true
# STATSD_HOST: statsd-sink
# sets the minimum number of seconds between Envoy restarts
# AMBASSADOR_RESTART_TIME: 15
# sets the number of seconds that the Envoy will wait for open connections to drain on a restart
# AMBASSADOR_DRAIN_TIME: 5
# sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart
# AMBASSADOR_SHUTDOWN_TIME: 10
# labels Ambassador with an ID to allow for configuring multiple Ambassadors in a cluster
# AMBASSADOR_ID: default
# Additional container environment variable in raw YAML format
# Uncomment or add additional environment variables for the container here.
envRaw: {}
# - name: REDIS_PASSWORD
# value: password
# valueFrom:
# secretKeyRef:
# name: redis-password
# key: password
# - name: POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
imagePullSecrets: []
security:
# Security Context for all containers in the pod.
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core
podSecurityContext:
runAsUser: 8888
# Security Context for the Ambassador container specifically
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
# A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
#
# A set of reasonable defaults is outlined below. This is not created by default as it should only
# be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in
# the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies`
# in all non-"master" Releases.
podSecurityPolicy: {}
# # Add AppArmor and Seccomp annotations
# # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
# annotations:
# spec:
# seLinux:
# rule: RunAsAny
# supplementalGroups:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# fsGroup:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# privileged: false
# allowPrivilegeEscalation: false
# runAsUser:
# rule: MustRunAsNonRoot
image:
ossTag: 1.13.8
aesTag: 1.13.8
pullPolicy: IfNotPresent
ossRepository: docker.io/datawire/ambassador
aesRepository: docker.io/datawire/aes
dnsPolicy: ClusterFirst
hostNetwork: false
service:
type: LoadBalancer
# Note that target http ports need to match your ambassador configurations service_port
# https://www.getambassador.io/reference/modules/#the-ambassador-module
ports:
- name: http
port: 80
targetPort: 8080
# protocol: TCP
# nodePort: 30080
# hostPort: 80
- name: https
port: 443
targetPort: 8443
# protocol: TCP
# nodePort: 30443
# hostPort: 443
# TCPMapping_Port
# port: 2222
# targetPort: 2222
# protocol: TCP
# nodePort: 30222
externalTrafficPolicy:
sessionAffinity:
sessionAffinityConfig:
externalIPs: []
annotations: {}
#############################################################################
## Ambassador should be configured using CRD definition. If you want
## to use annotations, the following is an example of annotating the
## Ambassador service with global configuration manifest.
##
## See https://www.getambassador.io/reference/core/ambassador and
## https://www.getambassador.io/reference/core/tls for more info
#############################################################################
#
# getambassador.io/config: |
# ---
# apiVersion: ambassador/v1
# kind: TLSContext
# name: ambassador
# secret: ambassador-certs
# hosts: ["*"]
# ---
# apiVersion: ambassador/v1
# kind: Module
# name: ambassador
# config:
# admin_port: 8001
# diag_port: 8877
# diagnostics:
# enabled: true
# enable_grpc_http11_bridge: false
# enable_grpc_web: false
# enable_http10: false
# enable_ipv4: true
# enable_ipv6: false
# liveness_probe:
# enabled: true
# lua_scripts:
# readiness_probe:
# enabled: true
# server_name: envoy
# service_port: 8080
# use_proxy_proto: false
# use_remote_address: true
# xff_num_trusted_hops: 0
# x_forwarded_proto_redirect: false
# load_balancer:
# policy: round_robin
# circuit_breakers:
# max_connections: 2048
# retry_policy:
# retry_on: "5xx"
# cors:
# Manually set the name of the generated Service
nameOverride:
adminService:
create: true
type: ClusterIP
port: 8877
snapshotPort: 8005
# NodePort used if type is NodePort
# nodePort: 38877
annotations: {}
rbac:
# Specifies whether RBAC resources should be created
create: true
# List of Pod Security Policies to use on the container.
# If security.podSecurityPolicy is set, it will be appended to the list
podSecurityPolicies: []
# Name of the RBAC resources defaults to the name of the release.
# Set nameOverride when installing Ambassador with cluster-wide scope in
# different namespaces with the same release name to avoid conflicts.
nameOverride:
scope:
# tells Ambassador to only use resources in the namespace or namespace set by namespace.name
singleNamespace: false
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
deploymentStrategy:
type: RollingUpdate
restartPolicy:
terminationGracePeriodSeconds:
initContainers: []
sidecarContainers: []
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 3
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 3
failureThreshold: 3
volumes: []
volumeMounts: []
podLabels: {}
podAnnotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: "9102"
deploymentLabels: {}
deploymentAnnotations: {}
# configmap.reloader.stakater.com/auto: "true"
resources:
# Recommended resource requests and limits for Ambassador
limits:
cpu: 1000m
memory: 600Mi
requests:
cpu: 200m
memory: 300Mi
priorityClassName: ''
nodeSelector: {}
tolerations: []
affinity: {}
topologySpreadConstraints: []
ambassadorConfig: ''
crds:
enabled: true
create: true
keep: true
# Prometheus Operator ServiceMonitor configuration
# See documentation: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor
metrics:
serviceMonitor:
enabled: false
# interval: 30s
# scrapeTimeout: 30s
# selector: {}
################################################################################
## Ambassador Edge Stack Configuration ##
################################################################################
# The Ambassador Edge Stack is free for limited use without a license key.
# Go to https://{ambassador-host}/edge_stack/admin/#dashboard to register
# for a community license key.
enableAES: true
# Set createSecret: false is installing multiple releases of The Ambassador
# Edge Stack in the same namespace.
licenseKey:
value:
createSecret: true
secretName:
# Annotations to attach to the license-key-secret.
annotations: {}
# The DevPortal is exposed at /docs/ endpoint in the AES container.
# Setting this to true will automatically create routes for the DevPortal.
createDevPortalMappings: true
devportal:
docsPrefix: /documentation/
# The Ambassador Edge Stack uses a redis instance for managing authentication,
# rate limiting, and sharing minor configuration details between pods for
# centralized management. These values configure the redis instance that ships
# by default with The Ambassador Edge Stack.
#
# URL of your redis instance. Defaults to redis instance created below.
redisURL:
# Ambassador ships with a basic redis instance. Configure the deployment with the options below.
redis:
create: true
image:
repository: redis
tag: 5.0.1
pullPolicy: IfNotPresent
# Annotations for Ambassador Pro's redis instance.
annotations:
deployment: {}
service: {}
resources: {}
# If you want to specify resources, uncomment the following
# lines and remove the curly braces after 'resources:'.
# These are placeholder values and must be tuned.
# limits:
# cpu: 100m
# memory: 256Mi
# requests:
# cpu: 50m
# memory: 128Mi
nodeSelector: {}
affinity: {}
tolerations: {}
# Configures the AuthService that ships with the Ambassador Edge Stack.
# Setting authService.create: false will not install the AES AuthService and
# allow you to define your own.
#
# Typically when using the AES, you will want to keep this set to true and use
# the External Filter to communicate with a custom authentication service.
# https://www.getambassador.io/reference/filter-reference/#filter-type-external
authService:
deploymentExtraName: auth
create: true
# Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information
optional_configurations: {}
# include_body:
# max_bytes: 4096
# allow_partial: true
# status_on_error:
# code: 403
# failure_mode_allow: false
# retry_policy:
# retry_on: "5xx"
# num_retries: 2
# add_linkerd_headers: true
# timeout_ms: 30000
# Configures the RateLimitService in the Ambassador Edge Stack.
# Keep this enabled to configure RateLimits in AES.
rateLimit:
create: true
deploymentExtraName: ratelimit
# Projects are a beta feature of Ambassador that allow developers to stage and
# deploy code with nothing more than a Github repository.
# See: https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/
registry:
create: false
# Resolvers are used to configure the discovery service strategy for Ambasador Edge Stack.
# See: https://www.getambassador.io/docs/edge-stack/latest/topics/running/resolvers/
resolvers:
endpoint:
create: false
name: endpoint
consul:
create: false
name: consul-dc1
spec: {}
# Configuration for a Consul Resolver
# address: consul-server.default.svc.cluster.local:8500
# datacenter: dc1
# Create and manage an Ambassador Module from the Helm Chart. See:
# https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador
# for more info on the available options.
#
# Note: The Module can only be named ambassador. There can only be one Module
# installed per-namespace.
module: {}
################################################################################
## DEPRECATED configuration objects ##
################################################################################
# DEPRECATED: Ambassador now exposes the /metrics endpoint in Envoy.
# DEPRECATED: See https://www.getambassador.io/user-guide/monitoring#deployment for more information on how to use the /metrics endpoint
#
# DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it
prometheusExporter:
enabled: false
repository: prom/statsd-exporter
tag: v0.8.1
pullPolicy: IfNotPresent
resources: {}
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 256Mi
# requests:
# cpu: 50m
# memory: 128Mi
# You can configure the statsd exporter to modify the behavior of mappings and other features.
# See documentation: https://github.com/prometheus/statsd_exporter/tree/v0.8.1#metric-mapping-and-configuration
# Uncomment the following line if you wish to specify a custom configuration:
# configuration: |
# ---
# mappings:
# - match: 'envoy.cluster.*.upstream_cx_connect_ms'
# name: "envoy_cluster_upstream_cx_connect_time"
# timer_type: 'histogram'
# labels:
# cluster_name: "$1"
# DEPRECATED: Use security.podSecurityContext
# securityContext:
# runAsUser: 8888
# Configures Service Preview that ships with the Ambassador Edge Stack and edgectl.
# Setting servicePreview.enabled: true will install the Traffic Agent Service Account, Traffic Manager with RBAC, and ambassador-injector
servicePreview:
enabled: false
trafficManager:
image:
# Leave blank to use image.repository and image.tag
repository:
tag:
serviceAccountName: traffic-manager
trafficAgent:
image:
# Leave blank to use image.repository and image.tag
repository:
tag:
singleNamespace: true
serviceAccountName: traffic-agent
port: 9900
# Configure the ambassador-injector webhook for Service Preview Traffic Agent automatic sidecar injection.
injector:
enabled: true
# If no injector.crtPEM and injector.keyPEM are provided, a self-signed certificate will be issued
# for the Common Name (CN) of `<ambassador-injector>.<namespace>.svc`, which is the cluster-internal DNS name
# for the service.
crtPEM: ''
keyPEM: ''
# Configure the ambassador agent
agent:
enabled: true
# this will be empty when it first gets applied, then the user will edit the agent to
# make it start reporting
cloudConnectToken: ''
rpcAddress: https://app.getambassador.io/
createArgoRBAC: true
image:
# Leave blank to use image.repository and image.tag
tag:
repository:
deploymentTool: ''
# configure docker to pull from private registry
docker: {}
createNamespace: false
enableTestService: false

11
charts/komodor/k8s-watcher/Chart.yaml
View File

@ -1,11 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Komodor Agent
catalog.cattle.io/release-name: komodor-agent
apiVersion: v1
appVersion: 0.1.99
description: Watches and send kubernetes resource-related events
icon: https://partner-charts.rancher.io/assets/logos/komodor.png
kubeVersion: 1.16-0 - 1.21-0
name: k8s-watcher
version: 0.10.1101

196
charts/komodor/k8s-watcher/README.md
View File

@ -1,196 +0,0 @@
# Komodor.io
## TL;DR;
```bash
helm repo add komodorio https://helm-charts.komodor.io
helm repo update
helm upgrade --install k8s-watcher komodorio/k8s-watcher --set apiKey=YOUR_API_KEY_HERE --set watcher.clusterName=CLUSTER_NAME --set watcher.allowReadingPodLogs=true --set watcher.enableAgentTaskExecution=true --wait --timeout=90s
```
In case of error try contact us for assistance via intercom at: https://app.komodor.com
Or run:
1. Logs of k8s-watcher
```bash
kubectl logs --tail=10 deployment/k8s-watcher -n komodor
```
2. Helm status
```bash
helm status k8s-watcher
```
3. Reinstall
```bash
helm uninstall helm-k8s-watcher
```
## Introduction
This chart bootstraps a Kubernetes Resources/Event Watcher deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
### Supported architectures
- [x] linux/amd64
- [x] linux/arm64
## Prerequisites
- Kubernetes 1.16+ (older versions not tested)
- Helm 2/3
## Installing the Chart
To install the chart with the release name `k8s-watcher`:
```bash
helm upgrade --install k8s-watcher komodorio/k8s-watcher --create-namespace --set apiKey=YOUR_API_KEY_HERE --set watcher.clusterName=CLUSTER_NAME
```
The command deploys the Komodor K8S-Watcher on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Api Key
The Komodor kubernetes api key can be provided in the helm upgrade command, in the `values.yaml` file or can be taken from an existing kubernetes secret resource.
When using an existing kubernetes secret resource, specify the secret name in `existingSecret` and store the api key under the name 'apiKey'.
## Uninstalling the Chart
To uninstall/delete the `k8s-watcher` deployment:
Helm 3:
```bash
helm uninstall k8s-watcher
```
Helm 2:
```bash
helm delete --purge k8s-watcher
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Alternative: Install without Helm
To install the chart directly with kubectl, use the manifests located in `./kube-install`.
1. Make sure to set the apiKey (as base 64) secret value in `./kube-install/k8s-watcher/templates/secret-credentials.yaml`
- `KOMOKW_APIKEY=YOUR_APIKEY sed -i "s/YOUR_APIKEY_AS_BASE_64/$(echo $KOMOKW_APIKEY | base64)/g" kube-install/k8s-watcher/templates/secret-credentials.yaml`
2. Then just apply everything in order:
- `kubectl apply -f ./kube-install/k8s-watcher/templates/namespace.yaml`
- `kubectl apply -f ./kube-install/k8s-watcher/templates`
## Configuration
The following table lists the configurable parameters of the chart and their default values.
| Parameter | Description | Default |
|----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------------------------------------ |
| `apiKey` | Komodor kubernetes api key (required if `existingSecret` not specified) | `` |
| `existingSecret` | Existing kubernetes secret resource containing Komodor kubernetes apiKey (required if `apiKey` not specified) | `` |
| `watcher.redact` | List of regular expressions. Config values for keys that matches one of these expressions will show up at Komodor as "REDACTED:\<SHA of config value\>" | `[]` |
| `watcher.clusterName` | Override auto-discovery of Cluster Name with one of your choosing | `` |
| `watcher.watchNamespace` | Watch a specific namespace, or all namespaces ("", "all") | `all` |
| `watcher.namespacesDenylist` | Exclude specific namespaces (list) | `[]` |
| `watcher.nameDenylist` | Exclude specific resource names that contains any of these strings (list) - example: `` watcher.nameDenylist=["dont-watch"] --> `pod/backend-dont-watch` wont be collected `` | `[]` |
| `watcher.collectHistory` | On startup collect existing cluster resources in addition to watching new resources (true / false) | `true` |
| `watcher.sinks.webhook.enabled` | Enables a Webhook output | `true` |
| `watcher.sinks.webhook.url` | URL to send webhooks to | `https://app.komodor.io/k8s-events/event/` |
| `watcher.sinks.webhook.headers` | Headers to attach to the webhooks | `{}` |
| `watcher.resources.event` | Enables watching Event | `true` |
| `watcher.resources.deployment` | Enables watching Deployments | `true` |
| `watcher.resources.replicationController` | Enables watching ReplicationControllers | `true` |
| `watcher.resources.replicaSet` | Enables watching ReplicaSets | `true` |
| `watcher.resources.daemonSet` | Enables watching DaemonSets | `true` |
| `watcher.resources.statefulSet` | Enables watching StatefulSets | `true` |
| `watcher.resources.service` | Enables watching Services | `true` |
| `watcher.resources.pod` | Enables watching Pods | `true` |
| `watcher.resources.job` | Enables watching Jobs | `true` |
| `watcher.resources.node` | Enables watching Nodes | `true` |
| `watcher.resources.clusterRole` | Enables watching ClusterRoles | `true` |
| `watcher.resources.serviceAccount` | Enables watching ServiceAccounts | `true` |
| `watcher.resources.persistentVolume` | Enables watching PersistentVolumes | `true` |
| `watcher.resources.persistentVolumeClaim` | Enables watching PersistentVolumeClaims | `true` |
| `watcher.resources.namespace` | Enables watching Namespaces | `true` |
| `watcher.resources.secret` | Enables watching Secrets | `false` |
| `watcher.resources.configMap` | Enables watching ConfigMaps | `true` |
| `watcher.resources.ingress` | Enables watching Ingresses | `true` |
| `watcher.resources.storageClass` | Enables watching StorageClasses | `true` |
| `watcher.resources.rollout` | Enables watching Argo Rollouts | `true` |
| `watcher.resources.metrics` | Enables watching Metrics | `true` |
| `watcher.resources.limitRange` | Enables watching LimitRange | `true` |
| `watcher.resources.podTemplate` | Enables watching PodTemplate | `true` |
| `watcher.resources.resourceQuota` | Enables watching ResourceQuota | `true` |
| `watcher.resources.admissionRegistrationResources` | Enables watching MutatingWebhookConfigurations and ValidatingWebhookConfigurations | `true` |
| `watcher.resources.controllerRevision` | Enables watching ControllerRevision | `true` |
| `watcher.resources.authorizationResources` | Enables watching Authorization Resources | `true` |
| `watcher.resources.horizontalPodAutoscaler` | Enables watching HorizontalPodAutoscaler | `true` |
| `watcher.resources.certificateSigningRequest` | Enables watching CertificateSigningRequest | `true` |
| `watcher.resources.lease` | Enables watching Lease | `true` |
| `watcher.resources.endpointSlice` | Enables watching EndpointSlice | `true` |
| `watcher.resources.flowControlResources` | Enables watching FlowControl Resources | `true` |
| `watcher.resources.ingressClass` | Enables watching IngressClass | `true` |
| `watcher.resources.networkPolicy` | Enables watching NetworkPolicy | `true` |
| `watcher.resources.runtimeClass` | Enables watching RuntimeClass | `true` |
| `watcher.resources.policyResources` | Enables watching Policy Resources | `true` |
| `watcher.resources.clusterRoleBinding` | Enables watching ClusterRoleBinding | `true` |
| `watcher.resources.roleBinding` | Enables watching RoleBinding | `true` |
| `watcher.resources.role` | Enables watching Role | `true` |
| `watcher.resources.PriorityClass` | Enables watching PriorityClass | `true` |
| `watcher.resources.csiDriver` | Enables watching CSIDriver | `true` |
| `watcher.resources.csiNode` | Enables watching CSINode | `true` |
| `watcher.resources.csiStorageCapacity ` | Enables watching CSIStorageCapacity | `true` |
| `watcher.resources.volumeAttachment` | Enables watching VolumeAttachment | `true` |
| `watcher.servers.healthCheck.port` | Port of the health check
server | `8090` |
| `resources.requests.cpu` | CPU resource requests | `0.25` |
| `resources.limits.cpu` | CPU resource limits | `1` |
| `resources.requests.memory` | Memory resource requests | `256Mi` |
| `resources.limits.memory` | Memory resource limits | `4096Mi` |
| `image.repository` | Image registry/name | `docker.io/komodorio/k8s-watcher` |
| `image.tag` | Image tag | `0.1.10` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `serviceAccount.create` | Creates a service account | `true` |
| `serviceAccount.name` | Optional name for the service account | `{RELEASE_FULLNAME}` |
| `proxy.enabled` | Configure proxy for watcher | `true` |
| `proxy.http` | Configure Proxy setting (HTTP_PROXY) | `` |
| `proxy.https` | Configure Proxy setting (HTTPS_PROXY) | `` |
| `proxy.no_proxy` | Configure Proxy setting (NO_PROXY) | `` |
| `watcher.controller.resync.period` | Resync period (in minutes, minimum 5) to resync the state of selected controllers (deployment, daemonset, statefulset) | `"0"` |
| `watcher.enableAgentTaskExecution` | Enable to the agent to execute tasks in the cluster such as log streaming | `true` |
| `watcher.allowReadingPodLogs`. | Enable the agent to read pod logs from the cluster | `true` |
| `createNamespace` | Creates the namespace | `true` |
| `podAnnotations` | Adds custom annotations on the agent pod - Example: `--set podAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` |
| `deploymentAnnotations` | Adds custom annotations on the agent deployment - Example: `--set deploymentAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` |
The above parameters map to a yaml configuration file used by the watcher.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
helm upgrade --install k8s-watcher komodorio/k8s-watcher --set apiKey="YOUR_API_KEY_HERE" --set watcher.enableAgentTaskExecution=true --set watcher.allowReadingPodLogs=true
```
Alternativly, you can pass the configuration as environment variables using the `KOMOKW_` prefix and by replacing all the `.` to `_`, for the root items the camelcase transforms into underscores as well. For example,
```bash
# apiKey
KOMOKW_API_KEY=1a2b3c4d5e6f7g7h
# watcher.resources.replicaSet
KOMOKW_RESOURCES_REPLICASET=false
# watcher.watchNamespace
KOMOKW_WATCH_NAMESPACE=my-namespace
# watcher.collectHistory
KOMOKW_COLLECT_HISTORY=true
```
> **Tip**: You can use the default [values.yaml](values.yaml)

136
charts/komodor/k8s-watcher/app-readme.md
View File

@ -1,136 +0,0 @@
# Komodor
Komodor is a Kubernetes reliability platform, complete with automated troubleshooting playbooks for every K8s resource, and static-prevention monitors that enrich live & historical data with contextual insights to help enforce best practices and stop incidents in their tracks.
For each K8s resource, Komodor automatically constructs a coherent view, including the relevant deploys, config changes, dependencies, metrics, and past incidents. Komodor seamlessly integrates and utilizes data from cloud providers, source controls, CI/CD pipelines, monitoring tools, and incident response platforms.
- Discover the root cause automatically with a timeline that tracks all changes made in your application and infrastructure.
- Quickly tackle the issue, with easy-to-follow remediation instructions.
- Give your entire team a way to troubleshoot independently, without having to escalate.
## Prerequisites
- Kubernetes 1.16+
- Helm 2/3
## Komodor Installation
1. Sign up to [Komodor](https://auth.komodor.com/u/signup/identifier?state=hKFo2SB0WVMtMUJtcndaU0JKSEQ1XzNBd1JGbGJBeTcwdld0d6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFNDUktFX0xRRmZ3c3VWRENmaDNBclBzYmtJNHZsRWJpo2NpZNkgbGJvcFI3NHpIZDcyWU9INEFjdmpWbkt0TTZCcld6WjQ) and verify your email address.
2. Go to [app.komodor.com](https://app.komodor.com) and click on Add a Kubernetes Cluster to Install the k8s-watcher Agent on any of your clusters
3. Enter your clusters name like so:\
![cluster-name](https://assets-komodor-public.s3.amazonaws.com/k8s_install_step_1.png)
4. After entering the cluster name you will receive a command similar to this:\
![helm-command](https://assets-komodor-public.s3.amazonaws.com/k8s_install_step_2.png)
5. Copy the API key from the command output youve received, and paste it in the appropriate field when prompted to by the Rancher installer
The following table lists the configurable parameters of the chart and their default values.
| Parameter | Description | Default |
| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ |
| `apiKey` | Komodor kubernetes api key (required if `existingSecret` not specified) | `` |
| `existingSecret` | Existing kubernetes secret resource containing Komodor kubernetes apiKey (required if `apiKey` not specified) | `` |
| `watcher.redact` | List of regular expressions. Config values for keys that matches one of these expressions will show up at Komodor as "REDACTED:\<SHA of config value\>" | `[]` |
| `watcher.clusterName` | Override auto-discovery of Cluster Name with one of your choosing | `` |
| `watcher.watchNamespace` | Watch a specific namespace, or all namespaces ("", "all") | `all` |
| `watcher.namespacesDenylist` | Exclude specific namespaces (list) | `[]` |
| `watcher.nameDenylist` | Exclude specific resource names that contains any of these strings (list) - example: `` watcher.nameDenylist=["dont-watch"] --> `pod/backend-dont-watch` wont be collected `` | `[]` |
| `watcher.collectHistory` | On startup collect existing cluster resources in addition to watching new resources (true / false) | `true` |
| `watcher.sinks.webhook.enabled` | Enables a Webhook output | `true` |
| `watcher.sinks.webhook.url` | URL to send webhooks to | `https://app.komodor.io/k8s-events/event/` |
| `watcher.sinks.webhook.headers` | Headers to attach to the webhooks | `{}` |
| `watcher.resources.event` | Enables watching Event | `true` |
| `watcher.resources.deployment` | Enables watching Deployments | `true` |
| `watcher.resources.replicationController` | Enables watching ReplicationControllers | `true` |
| `watcher.resources.replicaSet` | Enables watching ReplicaSets | `true` |
| `watcher.resources.daemonSet` | Enables watching DaemonSets | `true` |
| `watcher.resources.statefulSet` | Enables watching StatefulSets | `true` |
| `watcher.resources.service` | Enables watching Services | `true` |
| `watcher.resources.pod` | Enables watching Pods | `true` |
| `watcher.resources.job` | Enables watching Jobs | `true` |
| `watcher.resources.node` | Enables watching Nodes | `true` |
| `watcher.resources.clusterRole` | Enables watching ClusterRoles | `true` |
| `watcher.resources.serviceAccount` | Enables watching ServiceAccounts | `true` |
| `watcher.resources.persistentVolume` | Enables watching PersistentVolumes | `true` |
| `watcher.resources.persistentVolumeClaim` | Enables watching PersistentVolumeClaims | `true` |
| `watcher.resources.namespace` | Enables watching Namespaces | `true` |
| `watcher.resources.secret` | Enables watching Secrets | `false` |
| `watcher.resources.configMap` | Enables watching ConfigMaps | `true` |
| `watcher.resources.ingress` | Enables watching Ingresses | `true` |
| `watcher.resources.storageClass` | Enables watching StorageClasses | `true` |
| `watcher.resources.rollout` | Enables watching Argo Rollouts | `true` |
| `watcher.resources.metrics` | Enables watching Metrics | `true` |
| `watcher.resources.limitRange` | Enables watching LimitRange | `true` |
| `watcher.resources.podTemplate` | Enables watching PodTemplate | `true` |
| `watcher.resources.resourceQuota` | Enables watching ResourceQuota | `true` |
| `watcher.resources.admissionRegistrationResources` | Enables watching MutatingWebhookConfigurations and ValidatingWebhookConfigurations | `true` |
| `watcher.resources.controllerRevision` | Enables watching ControllerRevision | `true` |
| `watcher.resources.authorizationResources` | Enables watching Authorization Resources | `true` |
| `watcher.resources.horizontalPodAutoscaler` | Enables watching HorizontalPodAutoscaler | `true` |
| `watcher.resources.certificateSigningRequest` | Enables watching CertificateSigningRequest | `true` |
| `watcher.resources.lease` | Enables watching Lease | `true` |
| `watcher.resources.endpointSlice` | Enables watching EndpointSlice | `true` |
| `watcher.resources.flowControlResources` | Enables watching FlowControl Resources | `true` |
| `watcher.resources.ingressClass` | Enables watching IngressClass | `true` |
| `watcher.resources.networkPolicy` | Enables watching NetworkPolicy | `true` |
| `watcher.resources.runtimeClass` | Enables watching RuntimeClass | `true` |
| `watcher.resources.policyResources` | Enables watching Policy Resources | `true` |
| `watcher.resources.clusterRoleBinding` | Enables watching ClusterRoleBinding | `true` |
| `watcher.resources.roleBinding` | Enables watching RoleBinding | `true` |
| `watcher.resources.role` | Enables watching Role | `true` |
| `watcher.resources.PriorityClass` | Enables watching PriorityClass | `true` |
| `watcher.resources.csiDriver` | Enables watching CSIDriver | `true` |
| `watcher.resources.csiNode` | Enables watching CSINode | `true` |
| `watcher.resources.csiStorageCapacity ` | Enables watching CSIStorageCapacity | `true` |
| `watcher.resources.volumeAttachment` | Enables watching VolumeAttachment | `true` |
| `watcher.servers.healthCheck.port` | Port of the health check |
| server | `8090` |
| `resources.requests.cpu` | CPU resource requests | `0.25` |
| `resources.limits.cpu` | CPU resource limits | `1` |
| `resources.requests.memory` | Memory resource requests | `256Mi` |
| `resources.limits.memory` | Memory resource limits | `4096Mi` |
| `image.repository` | Image registry/name | `docker.io/komodorio/k8s-watcher` |
| `image.tag` | Image tag | `0.1.10` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `serviceAccount.create` | Creates a service account | `true` |
| `serviceAccount.name` | Optional name for the service account | `{RELEASE_FULLNAME}` |
| `proxy.enabled` | Configure proxy for watcher | `true` |
| `proxy.http` | Configure Proxy setting (HTTP_PROXY) | `` |
| `proxy.https` | Configure Proxy setting (HTTPS_PROXY) | `` |
| `proxy.no_proxy` | Configure Proxy setting (NO_PROXY) | `` |
| `watcher.controller.resync.period` | Resync period (in minutes, minimum 5) to resync the state of selected controllers (deployment, daemonset, statefulset) | `"0"` |
| `watcher.enableAgentTaskExecution` | Enable to the agent to execute tasks in the cluster such as log streaming | `true` |
| `watcher.allowReadingPodLogs`. | Enable the agent to read pod logs from the cluster | `true` |
| `createNamespace` | Creates the namespace | `true` |
| `podAnnotations` | Adds custom annotations on the agent pod - Example: `--set podAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` |
| `deploymentAnnotations` | Adds custom annotations on the agent deployment - Example: `--set deploymentAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` |
The above parameters map to a yaml configuration file used by the watcher.
Specify each parameter using the --set key=value[,key=value] argument to helm install.\
For example:
helm upgrade --install k8s-watcher komodorio/k8s-watcher --set apiKey="YOUR*API_KEY_HERE" --set watcher.enableAgentTaskExecution=true --set watcher.allowReadingPodLogs=true
Alternativly, you can pass the configuration as environment variables using the KOMOKW* prefix and by replacing all the ׳.׳ to ׳\_׳. For the root items the camelcase transforms into underscores as well.\
For example:
\# apiKey
KOMOKW_API_KEY=1a2b3c4d5e6f7g7h
\# watcher.resources.replicaSet
KOMOKW_RESOURCES_REPLICASET=false
\# watcher.watchNamespace
KOMOKW_WATCH_NAMESPACE=my-namespace
\# watcher.collectHistory
KOMOKW_COLLECT_HISTORY=true
Tip: You can use the default values.yaml
## Updating the Agent using Helm
helm repo update
helm upgrade --install k8s-watcher komodorio/k8s-watcher --reuse-values
## Uninstalling Komodor
helm uninstall k8s-watcher
## External Links
- [Documentation](https://docs.komodor.com/)
- [Sandbox](https://app.komodor.com/sandbox)

9
charts/komodor/k8s-watcher/questions.yaml
View File

@ -1,9 +0,0 @@
questions:
- variable: apiKey
required: true
type: string
label: API Key
- variable: watcher.clusterName
type: string
required: true
label: Cluster name

9
charts/komodor/k8s-watcher/templates/NOTES.txt
View File

@ -1,9 +0,0 @@
Thank you for installing {{ .Chart.Name }}.
The watcher was installed on namespace: {{ default "default" .Values.namespace }}
Visit our site at:
https://app.komodor.com
To learn more about Komodor please visit:
https://docs.komodor.com

63
charts/komodor/k8s-watcher/templates/_helpers.tpl
View File

@ -1,63 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "k8s-watcher.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "k8s-watcher.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "k8s-watcher.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "k8s-watcher.labels" -}}
helm.sh/chart: {{ include "k8s-watcher.chart" . }}
{{ include "k8s-watcher.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "k8s-watcher.selectorLabels" -}}
app.kubernetes.io/name: {{ include "k8s-watcher.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "k8s-watcher.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "k8s-watcher.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

15
charts/komodor/k8s-watcher/templates/_proxy_conf.tpl
View File

@ -1,15 +0,0 @@
{{- define "k8s-watcher.proxy-conf" -}}
{{- if .Values.proxy.enabled }}
{{- if .Values.proxy.http }}
- name: HTTP_PROXY
value: {{ .Values.proxy.http }}
{{- end }}
{{- if .Values.proxy.https }}
- name: HTTPS_PROXY
value: {{ .Values.proxy.https }}
{{- end }}
{{- if .Values.proxy.no_proxy }}
- name: NO_PROXY
value: {{ .Values.proxy.no_proxy }}
{{- end }}
{{- end }}{{- end }}

328
charts/komodor/k8s-watcher/templates/clusterrole.yaml
View File

@ -1,328 +0,0 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "k8s-watcher.serviceAccountName" . }}
{{- if hasKey .Values "namespace" }}
namespace: {{ .Values.namespace }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
{{- if .Values.watcher.resources.event }}
- events
{{- end }}
{{- if .Values.watcher.resources.pod }}
- pods
{{- end }}
{{- if .Values.watcher.resources.replicationController }}
- replicationcontrollers
{{- end }}
{{- if .Values.watcher.resources.service }}
- services
{{- end }}
{{- if .Values.watcher.resources.namespace }}
- namespaces
{{- end }}
{{- if .Values.watcher.resources.configMap }}
- configmaps
{{- end }}
{{- if .Values.watcher.resources.node }}
- nodes
{{- end }}
{{- if .Values.watcher.resources.persistentVolume }}
- persistentvolumes
{{- end }}
{{- if .Values.watcher.resources.persistentVolumeClaim }}
- persistentvolumeclaims
{{- end }}
{{- if .Values.watcher.resources.serviceAccount }}
- serviceaccounts
{{- end }}
{{- if .Values.watcher.resources.secret }}
- secrets
{{- end }}
{{- if .Values.watcher.resources.endpoints }}
- endpoints
{{- end }}
{{- if .Values.watcher.resources.limitRange }}
- limitranges
{{- end }}
{{- if .Values.watcher.resources.podTemplate }}
- podtemplates
{{- end }}
{{- if .Values.watcher.resources.resourceQuota }}
- resourcequotas
{{- end }}
verbs:
- get
- watch
- list
- apiGroups:
- rbac
- rbac.authorization.k8s.io
resources:
- clusterroles
{{- if .Values.watcher.resources.clusterRoleBinding }}
- clusterrolebindings
{{- end }}
{{- if .Values.watcher.resources.roleBinding }}
- rolebindings
{{- end }}
{{- if .Values.watcher.resources.role }}
- roles
{{- end }}
verbs:
- get
- watch
- list
- apiGroups: # Required as minimum installation
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
{{- if .Values.watcher.resources.controllerRevision }}
- controllerrevisions
{{- end }}
verbs:
- get
- watch
- list
- apiGroups:
- batch
resources:
{{- if .Values.watcher.resources.job }}
- jobs
{{- end }}
{{- if .Values.watcher.resources.cronjob }}
- cronjobs
{{- end }}
verbs:
- get
- watch
- list
- apiGroups:
- extensions
resources:
{{- if .Values.watcher.resources.ingress }}
- ingresses
{{- end }}
{{- if .Values.watcher.resources.networkPolicy }}
- networkpolicies
{{- end }}
{{- if .Values.watcher.resources.ingressClass }}
- ingressclasses
{{- end }}
verbs:
- get
- watch
- list
- apiGroups:
- networking.k8s.io
resources:
{{- if .Values.watcher.resources.ingress }}
- ingresses
{{- end }}
{{- if .Values.watcher.resources.ingressClass }}
- ingressclasses
{{- end }}
{{- if .Values.watcher.resources.networkPolicy }}
- networkpolicies
{{- end }}
verbs:
- get
- watch
- list
{{- if .Values.watcher.enableAgentTaskExecution }}
- apiGroups:
- ""
resources:
- pods
{{- if .Values.watcher.allowReadingPodLogs }}
- pods/log
{{- end }}
verbs:
- "get"
- "list"
{{- end }}
- apiGroups:
- storage.k8s.io
resources:
{{- if .Values.watcher.resources.storageClass }}
- storageclasses
{{- end }}
{{- if .Values.watcher.resources.csiDriver }}
- csidrivers
{{- end }}
{{- if .Values.watcher.resources.csiNode }}
- csinodes
{{- end }}
{{- if .Values.watcher.resources.csiStorageCapacity }}
- csistoragecapacities
{{- end }}
{{- if .Values.watcher.resources.volumeAttachment }}
- volumeattachments
{{- end }}
verbs:
- get
- watch
- list
# Required to validate if enabled CRDs are enabled on cluster
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- watch
- list
{{- if .Values.watcher.resources.rollout }}
- apiGroups:
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.metrics }}
- apiGroups:
- metrics.k8s.io
resources:
- nodes
- pods
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.admissionRegistrationResources }}
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.authorizationResources }}
- apiGroups:
- authorization.k8s.io
resources:
- localsubjectaccessreviews
- selfsubjectaccessreviews
- selfsubjectrulesreviews
- subjectaccessreviews
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.horizontalPodAutoscaler }}
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.certificateSigningRequest }}
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.lease }}
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.endpointSlice }}
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.flowControlResources }}
- apiGroups:
- flowcontrol.apiserver.k8s.io
resources:
- flowschemas
- prioritylevelconfigurations
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.runtimeClass }}
- apiGroups:
- node.k8s.io
resources:
- runtimeclasses
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.policyResources }}
- apiGroups:
- policy
resources:
- poddisruptionbudgets
- podsecuritypolicies
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.watcher.resources.priorityClass }}
- apiGroups:
- scheduling.k8s.io
resources:
- priorityclasses
verbs:
- get
- watch
- list
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "k8s-watcher.serviceAccountName" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "k8s-watcher.serviceAccountName" . }}
subjects:
- kind: ServiceAccount
name: {{ include "k8s-watcher.serviceAccountName" . }}
{{- if hasKey .Values "namespace" }}
namespace: {{ .Values.namespace }}
{{- end }}

10
charts/komodor/k8s-watcher/templates/configmap.yaml
View File

@ -1,10 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "k8s-watcher.name" . }}-config
{{- if hasKey .Values "namespace" }}
namespace: {{ .Values.namespace }}
{{- end }}
data:
komodor-k8s-watcher.yaml: |
{{ toYaml .Values.watcher | indent 4 }}

95
charts/komodor/k8s-watcher/templates/deployment.yaml
View File

@ -1,95 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "k8s-watcher.fullname" . }}
{{- if hasKey .Values "namespace" }}
namespace: {{ .Values.namespace }}
{{- end }}
labels:
{{- include "k8s-watcher.labels" . | nindent 4 }}
{{- with .Values.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
selector:
matchLabels:
{{- include "k8s-watcher.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "k8s-watcher.selectorLabels" . | nindent 8 }}
spec:
priorityClassName: system-cluster-critical
serviceAccountName: {{ include "k8s-watcher.serviceAccountName" . }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: configuration
mountPath: /etc/komodor
{{- if .Values.enableMemLimitChecks }}
- name: podinfo
mountPath: /etc/podinfo
{{- end }}
env:
- name: KOMOKW_API_KEY
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret | required "Existing secret name required!" }}
key: apiKey
{{- else }}
name: {{ include "k8s-watcher.name" . }}-secret
key: apiKey
{{- end }}
{{- include "k8s-watcher.proxy-conf" . }}
ports:
- name: http-healthz
containerPort: {{ .Values.watcher.servers.healthCheck.port | default 8090 }}
livenessProbe:
httpGet:
path: /healthz
port: http-healthz
periodSeconds: 60
initialDelaySeconds: 15
failureThreshold: 10
successThreshold: 1
readinessProbe:
httpGet:
path: /healthz
port: http-healthz
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
successThreshold: 1
volumes:
- name: configuration
configMap:
name: {{ include "k8s-watcher.name" . }}-config
items:
- key: komodor-k8s-watcher.yaml
path: komodor-k8s-watcher.yaml
{{- if .Values.enableMemLimitChecks }}
- name: podinfo
downwardAPI:
items:
- path: "mem_limit"
resourceFieldRef:
containerName: {{ .Chart.Name }}
resource: limits.memory
divisor: 1Mi
{{- end }}

8
charts/komodor/k8s-watcher/templates/namespace.yaml
View File

@ -1,8 +0,0 @@
{{- if hasKey .Values "namespace" }}
{{- if .Values.createNamespace }}
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.namespace }}
{{- end }}
{{- end }}

18
charts/komodor/k8s-watcher/templates/resourcequota.yaml
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: ResourceQuota
metadata:
labels:
app: komodor
name: komodor-critical-pods
{{- if hasKey .Values "namespace" }}
namespace: {{ .Values.namespace }}
{{- end}}
spec:
hard:
pods: 2
scopeSelector:
matchExpressions:
- operator: In
scopeName: PriorityClass
values:
- system-cluster-critical

12
charts/komodor/k8s-watcher/templates/secret-credentials.yaml
View File

@ -1,12 +0,0 @@
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "k8s-watcher.name" . }}-secret
{{- if hasKey .Values "namespace" }}
namespace: {{ .Values.namespace }}
{{- end }}
type: Opaque
data:
apiKey: {{ .Values.apiKey | required "apiKey is a required value!" | b64enc }}
{{- end }}

15
charts/komodor/k8s-watcher/templates/serviceaccount.yaml
View File

@ -1,15 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "k8s-watcher.serviceAccountName" . }}
{{- if hasKey .Values "namespace" }}
namespace: {{ .Values.namespace }}
{{- end }}
labels:
{{- include "k8s-watcher.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

103
charts/komodor/k8s-watcher/values.yaml
View File

@ -1,103 +0,0 @@
# ReplicaCount should always be 1 - We do not properly support syncing state (yet) so it will cause the same events to be sent and overload the server.
replicaCount: 1
image:
repository: komodorio/k8s-watcher
pullPolicy: IfNotPresent
namespace: komodor
createNamespace: true
# enableMemLimitChecks will use downward API to tell the pod what is the allocated memory
# when the allocated memory is almost full the agent will stop receiving new events
# the process resumes once there is free memory to use
enableMemLimitChecks: true
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
# name: ""
proxy:
enabled: false
http: ""
https: ""
no_proxy: ""
resources:
limits:
cpu: 1
memory: 4Gi
requests:
cpu: 0.25
memory: 256Mi
deploymentAnnotations: {}
podAnnotations: {}
existingSecret: ""
apiKey: ""
watcher:
enableAgentTaskExecution: true
allowReadingPodLogs: true
# clusterName: ""
servers:
healthCheck: {}
collectHistory: true
watchNamespace: all
namespacesDenylist: []
nameDenylist: []
redact: []
resources:
event: true
deployment: true
replicationController: true
replicaSet: true
daemonSet: true
statefulSet: true
service: true
pod: true
job: true
cronjob: true
node: true
clusterRole: true
serviceAccount: true
persistentVolume: true
persistentVolumeClaim: true
namespace: true
secret: false
configMap: true
ingress: true
endpoints: true
storageClass: true
rollout: true
metrics: true
limitRange: true
podTemplate: true
resourceQuota: true
admissionRegistrationResources: true
controllerRevision: true
authorizationResources: true
horizontalPodAutoscaler: true
certificateSigningRequest: true
lease: true
endpointSlice: true
flowControlResources: true
ingressClass: true
networkPolicy: true
runtimeClass: true
policyResources: true
clusterRoleBinding: true
roleBinding: true
role: true
priorityClass: true
csiDriver: true
csiNode: true
csiStorageCapacity: true
volumeAttachment: true
controller:
resync:
period: "0"

49
index.yaml
View File

@ -2052,39 +2052,6 @@ entries:
urls:
- assets/bitnami/airflow-13.1.7.tgz
version: 13.1.7
ambassador:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Ambassador Edge Stack
catalog.cattle.io/release-name: ambassador
apiVersion: v1
appVersion: 1.13.8
created: "2021-06-23T17:44:55.380609-07:00"
description: A Helm chart for Datawire Ambassador
digest: f56e602f017a6e48d2838033b31ce356a47db561fcd9c02e008d06b67be95b90
home: https://www.getambassador.io/
icon: https://www.getambassador.io/images/logo.png
keywords:
- api gateway
- ambassador
- datawire
- envoy
maintainers:
- email: markus@maga.se
name: flydiverny
- email: flynn@datawire.io
name: kflynn
- email: nkrause@datawire.io
name: nbkrause
- email: lukeshu@datawire.io
name: lukeshu
name: ambassador
sources:
- https://github.com/datawire/ambassador
- https://github.com/prometheus/statsd_exporter
urls:
- assets/ambassador/ambassador-6.7.1100.tgz
version: 6.7.1100
amd-gpu:
- annotations:
catalog.cattle.io/certified: partner
@ -29728,22 +29695,6 @@ entries:
urls:
- assets/trilio/k8s-triliovault-operator-v2.0.200.tgz
version: v2.0.200
k8s-watcher:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Komodor Agent
catalog.cattle.io/release-name: komodor-agent
apiVersion: v1
appVersion: 0.1.99
created: "2022-07-17T15:14:44.435499+03:00"
description: Watches and send kubernetes resource-related events
digest: 51cc5197ba9243cbd05253e5a3612293cc4ed7e832c164f77d525e1dc4bc7bfa
icon: https://partner-charts.rancher.io/assets/logos/komodor.png
kubeVersion: 1.16-0 - 1.21-0
name: k8s-watcher
urls:
- assets/komodor/k8s-watcher-0.10.1101.tgz
version: 0.10.1101
k10:
- annotations:
catalog.cattle.io/certified: partner

13
packages/ambassador/generated-changes/overlay/app-readme.md
View File

@ -1,13 +0,0 @@
# Ambassador Edge Stack and Emissary Ingress Chart
[Ambassador Edge Stack](https://www.getambassador.io/products/edge-stack/) and its open source CNCF counterpart [Emissary-Ingress](https://www.getambassador.io/products/api-gateway/) are Kubernetes native, high-performance Ingress controllers designed with GitOps workflows and developer experience in mind. The Edge Stack allows users to manage [Authentication](https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/), [Rate Limits](https://www.getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/), [TLS](https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/) and more with easy-to-use resources for [managing your APIs](https://www.getambassador.io/docs/edge-stack/latest/topics/using/intro-mappings/).
## Service Catalog
The default installation of Ambassador Edge Stack includes the deployment needed to get started with [Service Catalog](https://www.getambassador.io/products/service-catalog/) and the [Developer Control Plane](https://www.getambassador.io/developer-control-plane/). Simply generate your [Cloud Token](https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/#1-connect-your-cluster-to-ambassador-cloud) and add it in the Service Catalog section as you're setting up the chart.
## More Info
Visit the [Quick Start](https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/) page for more instructions, or check out our [documentation](https://www.getambassador.io/docs/edge-stack). For any questions, or to join the community, visit our [Slack](https://a8r.io/slack) and say hi!
* Ambassador recommends a Kubernetes version of 1.16 or higher.

84
packages/ambassador/generated-changes/overlay/questions.yml
View File

@ -1,84 +0,0 @@
questions:
### CRD Management
- variable: crds.enabled
label: Create CRDs
description: "Should Ambassador Edge Stack create and manage its CRD's?"
type: boolean
required: false
default: "true"
group: "CRD Management"
- variable: crds.keep
label: Keep CRDs
description: "Should Ambassador Edge Stack keep CRD's when the chart is uninstalled?"
type: boolean
required: false
default: "true"
group: "CRD Management"
show_if: "crds.enabled=true"
### Deployment Management
- variable: daemonSet
label: Deploy as Daemonset
description: "Deploy Ambassador Edge Stack as a Daemonset? (Recommended: false)"
type: boolean
required: false
default: "true"
group: "Deployment Settings"
- variable: replicaCount
label: Replica Count
description: "How many replicas should Ambassador Edge Stack run? (Recommended: 3)"
type: int
required: false
default: "3"
group: "Deployment Settings"
min: 1
max: 999
show_if: "daemonSet=false"
### Service Settings
- variable: service.type
label: Service Type
description: "Set the type of service, LoadBalancer (recommended), NodePort, or ClusterIP"
type: enum
required: false
default: "LoadBalancer"
group: "Service Settings"
options:
- "LoadBalancer"
- "ClusterIP"
- "NodePort"
### Licensing
- variable: licenseKey.createSecret
label: "Create License Key Secret"
description: "Creates the license key secret using the License Key Data."
type: boolean
required: false
default: "true"
group: "License Settings"
- variable: licenseKey.value
label: "License Key Data"
description: "Specifies the license key to apply."
type: secret
required: false
default: ""
group: "License Settings"
show_if: "licenseKey.createSecret=true"
### Service Catalog
- variable: agent.enabled
label: "Enable Service Catalog"
description: "Enables the Service Catalog agent for use at https://app.getambassador.io."
type: boolean
required: false
default: "true"
group: "Service Catalog"
- variable: agent.cloudConnectionToken
label: "Cloud Connection Token"
description: "Specifies the Token used to register a Cluster with the Service Catalog."
type: secret
required: false
default: ""
group: "Service Catalog"
show_if: "agent.enabled=true"

Some files were not shown because too many files have changed in this diff Show More