From b15cf60f80c535128600e251c152eddba4cd453b Mon Sep 17 00:00:00 2001 From: Nefi Munoz Date: Wed, 25 Oct 2023 15:46:04 -0600 Subject: [PATCH] Removing Ambassador Edge and Komodor Agent per Issues 919, 924 --- assets/ambassador/ambassador-6.7.1100.tgz | Bin 53609 -> 0 bytes assets/komodor/k8s-watcher-0.10.1101.tgz | Bin 9615 -> 0 bytes charts/ambassador/ambassador/CHANGELOG.md | 528 ------------------ charts/ambassador/ambassador/CONTRIBUTING.md | 23 - charts/ambassador/ambassador/Chart.yaml | 28 - charts/ambassador/ambassador/Makefile | 37 -- charts/ambassador/ambassador/README.md | 478 ---------------- charts/ambassador/ambassador/RELEASE.tpl | 8 - .../ambassador/ambassador/RELEASE_TITLE.tpl | 1 - charts/ambassador/ambassador/app-readme.md | 13 - .../ambassador/ci/01-psp-values.yaml | 40 -- .../ambassador/ci/02-oss-values.yaml | 8 - .../ci/05-auth-disabled-values.yaml | 8 - .../ambassador/ci/06-hpa-values.yaml | 8 - .../ci/08-single-namespace-values.yaml | 8 - .../ambassador/ci/09-redis-false-values.yaml | 9 - .../ambassador/ci/12-daemonset-values.yaml | 7 - .../ambassador/ci/13-rl-disabled-values.yaml | 8 - .../ambassador/ci/14-deployment-labels.yaml | 3 - .../ambassador/ci/15-test-resolvers.yaml | 11 - .../ambassador/ci/16-test-module.yaml | 9 - .../ambassador/ci/17-svc-preview.yaml | 5 - .../ambassador/ci/check_updated_changelog.sh | 21 - .../ci/tests/manifests/backend.yaml | 47 -- .../ci/tests/manifests/ci-default-values.yaml | 9 - .../ci/tests/manifests/helm-init.yaml | 18 - .../ci/tests/manifests/helm2-values.yaml | 6 - .../ambassador/ci/tests/manifests/tls.yaml | 18 - .../ambassador/ci/update_chart_changelog.sh | 53 -- charts/ambassador/ambassador/crds/filter.yaml | 27 - .../ambassador/crds/filterpolicy.yaml | 27 - .../crds/getambassador.io_authservices.yaml | 115 ---- .../getambassador.io_consulresolvers.yaml | 58 -- .../crds/getambassador.io_devportals.yaml | 109 ---- .../crds/getambassador.io_hosts.yaml | 246 -------- ...ssador.io_kubernetesendpointresolvers.yaml | 54 -- ...assador.io_kubernetesserviceresolvers.yaml | 54 -- .../crds/getambassador.io_logservices.yaml | 83 --- .../crds/getambassador.io_mappings.yaml | 431 -------------- .../crds/getambassador.io_modules.yaml | 56 -- .../getambassador.io_ratelimitservices.yaml | 72 --- .../crds/getambassador.io_tcpmappings.yaml | 102 ---- .../crds/getambassador.io_tlscontexts.yaml | 100 ---- .../getambassador.io_tracingservices.yaml | 101 ---- .../ambassador/ambassador/crds/project.yaml | 34 -- .../ambassador/crds/projectcontroller.yaml | 24 - .../ambassador/crds/projectrevision.yaml | 40 -- .../ambassador/ambassador/crds/ratelimit.yaml | 27 - charts/ambassador/ambassador/ct.yaml | 37 -- charts/ambassador/ambassador/questions.yml | 84 --- .../ambassador/ambassador/templates/NOTES.txt | 60 -- .../ambassador/templates/_helpers.tpl | 117 ---- .../ambassador/templates/admin-service.yaml | 64 --- .../ambassador/templates/aes-authservice.yaml | 33 -- .../ambassador/templates/aes-injector.yaml | 161 ------ .../ambassador/templates/aes-internal.yaml | 129 ----- .../ambassador/templates/aes-ratelimit.yaml | 29 - .../ambassador/templates/aes-redis.yaml | 106 ---- .../ambassador/templates/aes-secret.yaml | 21 - .../templates/ambassador-agent.yaml | 371 ------------ .../ambassador/templates/config.yaml | 20 - .../ambassador/templates/crd-delete.yaml | 123 ---- .../ambassador/ambassador/templates/crds.yaml | 6 - .../ambassador/templates/deployment.yaml | 282 ---------- .../ambassador/templates/exporter-config.yaml | 23 - .../ambassador/ambassador/templates/hpa.yaml | 26 - .../ambassador/templates/module.yaml | 29 - .../ambassador/templates/namespace.yaml | 8 - .../templates/oss-migration-test-service.yaml | 33 -- .../ambassador/ambassador/templates/pdb.yaml | 23 - .../templates/podsecuritypolicy.yaml | 25 - .../ambassador/templates/projects-rbac.yaml | 75 --- .../ambassador/templates/projects.yaml | 412 -------------- .../ambassador/ambassador/templates/rbac.yaml | 200 ------- .../ambassador/templates/resolvers.yaml | 45 -- .../ambassador/templates/service.yaml | 81 --- .../ambassador/templates/serviceaccount.yaml | 24 - .../ambassador/templates/servicemonitor.yaml | 28 - .../templates/tests/test-ready.yaml | 24 - .../templates/traffic-agent-rbac.yaml | 135 ----- .../ambassador/templates/traffic-manager.yaml | 190 ------- charts/ambassador/ambassador/values.yaml | 521 ----------------- charts/komodor/k8s-watcher/Chart.yaml | 11 - charts/komodor/k8s-watcher/README.md | 196 ------- charts/komodor/k8s-watcher/app-readme.md | 136 ----- charts/komodor/k8s-watcher/questions.yaml | 9 - .../komodor/k8s-watcher/templates/NOTES.txt | 9 - .../k8s-watcher/templates/_helpers.tpl | 63 --- .../k8s-watcher/templates/_proxy_conf.tpl | 15 - .../k8s-watcher/templates/clusterrole.yaml | 328 ----------- .../k8s-watcher/templates/configmap.yaml | 10 - .../k8s-watcher/templates/deployment.yaml | 95 ---- .../k8s-watcher/templates/namespace.yaml | 8 - .../k8s-watcher/templates/resourcequota.yaml | 18 - .../templates/secret-credentials.yaml | 12 - .../k8s-watcher/templates/serviceaccount.yaml | 15 - charts/komodor/k8s-watcher/values.yaml | 103 ---- index.yaml | 49 -- .../generated-changes/overlay/app-readme.md | 13 - .../generated-changes/overlay/questions.yml | 84 --- .../generated-changes/patch/Chart.yaml.patch | 10 - packages/ambassador/package.yaml | 2 - .../generated-changes/overlay/app-readme.md | 136 ----- .../generated-changes/overlay/questions.yaml | 9 - .../generated-changes/patch/Chart.yaml.patch | 15 - packages/komodor/package.yaml | 2 - 106 files changed, 8065 deletions(-) delete mode 100644 assets/ambassador/ambassador-6.7.1100.tgz delete mode 100644 assets/komodor/k8s-watcher-0.10.1101.tgz delete mode 100644 charts/ambassador/ambassador/CHANGELOG.md delete mode 100644 charts/ambassador/ambassador/CONTRIBUTING.md delete mode 100644 charts/ambassador/ambassador/Chart.yaml delete mode 100644 charts/ambassador/ambassador/Makefile delete mode 100644 charts/ambassador/ambassador/README.md delete mode 100644 charts/ambassador/ambassador/RELEASE.tpl delete mode 100644 charts/ambassador/ambassador/RELEASE_TITLE.tpl delete mode 100644 charts/ambassador/ambassador/app-readme.md delete mode 100644 charts/ambassador/ambassador/ci/01-psp-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/02-oss-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/05-auth-disabled-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/06-hpa-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/08-single-namespace-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/09-redis-false-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/12-daemonset-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/13-rl-disabled-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/14-deployment-labels.yaml delete mode 100644 charts/ambassador/ambassador/ci/15-test-resolvers.yaml delete mode 100644 charts/ambassador/ambassador/ci/16-test-module.yaml delete mode 100644 charts/ambassador/ambassador/ci/17-svc-preview.yaml delete mode 100644 charts/ambassador/ambassador/ci/check_updated_changelog.sh delete mode 100644 charts/ambassador/ambassador/ci/tests/manifests/backend.yaml delete mode 100644 charts/ambassador/ambassador/ci/tests/manifests/ci-default-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/tests/manifests/helm-init.yaml delete mode 100644 charts/ambassador/ambassador/ci/tests/manifests/helm2-values.yaml delete mode 100644 charts/ambassador/ambassador/ci/tests/manifests/tls.yaml delete mode 100644 charts/ambassador/ambassador/ci/update_chart_changelog.sh delete mode 100644 charts/ambassador/ambassador/crds/filter.yaml delete mode 100644 charts/ambassador/ambassador/crds/filterpolicy.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_authservices.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_consulresolvers.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_devportals.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_hosts.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_kubernetesendpointresolvers.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_kubernetesserviceresolvers.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_logservices.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_mappings.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_modules.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_ratelimitservices.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_tcpmappings.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_tlscontexts.yaml delete mode 100644 charts/ambassador/ambassador/crds/getambassador.io_tracingservices.yaml delete mode 100644 charts/ambassador/ambassador/crds/project.yaml delete mode 100644 charts/ambassador/ambassador/crds/projectcontroller.yaml delete mode 100644 charts/ambassador/ambassador/crds/projectrevision.yaml delete mode 100644 charts/ambassador/ambassador/crds/ratelimit.yaml delete mode 100644 charts/ambassador/ambassador/ct.yaml delete mode 100644 charts/ambassador/ambassador/questions.yml delete mode 100644 charts/ambassador/ambassador/templates/NOTES.txt delete mode 100644 charts/ambassador/ambassador/templates/_helpers.tpl delete mode 100644 charts/ambassador/ambassador/templates/admin-service.yaml delete mode 100644 charts/ambassador/ambassador/templates/aes-authservice.yaml delete mode 100644 charts/ambassador/ambassador/templates/aes-injector.yaml delete mode 100644 charts/ambassador/ambassador/templates/aes-internal.yaml delete mode 100644 charts/ambassador/ambassador/templates/aes-ratelimit.yaml delete mode 100644 charts/ambassador/ambassador/templates/aes-redis.yaml delete mode 100644 charts/ambassador/ambassador/templates/aes-secret.yaml delete mode 100644 charts/ambassador/ambassador/templates/ambassador-agent.yaml delete mode 100644 charts/ambassador/ambassador/templates/config.yaml delete mode 100644 charts/ambassador/ambassador/templates/crd-delete.yaml delete mode 100644 charts/ambassador/ambassador/templates/crds.yaml delete mode 100644 charts/ambassador/ambassador/templates/deployment.yaml delete mode 100644 charts/ambassador/ambassador/templates/exporter-config.yaml delete mode 100644 charts/ambassador/ambassador/templates/hpa.yaml delete mode 100644 charts/ambassador/ambassador/templates/module.yaml delete mode 100644 charts/ambassador/ambassador/templates/namespace.yaml delete mode 100644 charts/ambassador/ambassador/templates/oss-migration-test-service.yaml delete mode 100644 charts/ambassador/ambassador/templates/pdb.yaml delete mode 100644 charts/ambassador/ambassador/templates/podsecuritypolicy.yaml delete mode 100644 charts/ambassador/ambassador/templates/projects-rbac.yaml delete mode 100644 charts/ambassador/ambassador/templates/projects.yaml delete mode 100644 charts/ambassador/ambassador/templates/rbac.yaml delete mode 100644 charts/ambassador/ambassador/templates/resolvers.yaml delete mode 100644 charts/ambassador/ambassador/templates/service.yaml delete mode 100644 charts/ambassador/ambassador/templates/serviceaccount.yaml delete mode 100644 charts/ambassador/ambassador/templates/servicemonitor.yaml delete mode 100644 charts/ambassador/ambassador/templates/tests/test-ready.yaml delete mode 100644 charts/ambassador/ambassador/templates/traffic-agent-rbac.yaml delete mode 100644 charts/ambassador/ambassador/templates/traffic-manager.yaml delete mode 100644 charts/ambassador/ambassador/values.yaml delete mode 100644 charts/komodor/k8s-watcher/Chart.yaml delete mode 100644 charts/komodor/k8s-watcher/README.md delete mode 100644 charts/komodor/k8s-watcher/app-readme.md delete mode 100644 charts/komodor/k8s-watcher/questions.yaml delete mode 100644 charts/komodor/k8s-watcher/templates/NOTES.txt delete mode 100644 charts/komodor/k8s-watcher/templates/_helpers.tpl delete mode 100644 charts/komodor/k8s-watcher/templates/_proxy_conf.tpl delete mode 100644 charts/komodor/k8s-watcher/templates/clusterrole.yaml delete mode 100644 charts/komodor/k8s-watcher/templates/configmap.yaml delete mode 100644 charts/komodor/k8s-watcher/templates/deployment.yaml delete mode 100644 charts/komodor/k8s-watcher/templates/namespace.yaml delete mode 100644 charts/komodor/k8s-watcher/templates/resourcequota.yaml delete mode 100644 charts/komodor/k8s-watcher/templates/secret-credentials.yaml delete mode 100644 charts/komodor/k8s-watcher/templates/serviceaccount.yaml delete mode 100644 charts/komodor/k8s-watcher/values.yaml delete mode 100644 packages/ambassador/generated-changes/overlay/app-readme.md delete mode 100644 packages/ambassador/generated-changes/overlay/questions.yml delete mode 100644 packages/ambassador/generated-changes/patch/Chart.yaml.patch delete mode 100644 packages/ambassador/package.yaml delete mode 100644 packages/komodor/generated-changes/overlay/app-readme.md delete mode 100644 packages/komodor/generated-changes/overlay/questions.yaml delete mode 100644 packages/komodor/generated-changes/patch/Chart.yaml.patch delete mode 100644 packages/komodor/package.yaml diff --git a/assets/ambassador/ambassador-6.7.1100.tgz b/assets/ambassador/ambassador-6.7.1100.tgz deleted file mode 100644 index 4a1ec9bacfb946c63b25f7c32f5a4a9a82a65198..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 53609 zcmV)pK%2iGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYacjCCVD1QIuQ|OU?tE&12!Vppw*6FieLLgIx1cOb&x#yQF zY=IqY%Vo(7sjlz-Tar9u2pK9p9K2R{1zWTBtgXGFHH3sf4ZC{{9lEr*fR_1RZ~K%= zrP9IvKL58=Dy9D|S3V#7S9!m5P}x7I?pLe-RVr7jmC}EK(i@K>^YI9U?thhD-B)^Y ze~|~;Hl~mo*e3NH04k)=#N(n0DK$~izkiwbaqS#n+I%b{dlscrow>O*3iep5hKG}G3hRT{-TgI^97?C{_ zk8#nl$GHhw%&@DGdaeMVV}LQFXa*PTSJZa_X#R+D1%T`+UgRuj*c2Kza(Pu`LBp&A z3%V1J{67nhVUeI50AguI=0Y>3$h8+y(UG~Z?f)0FTQqQ3dcr?NCGCj|J%TdJ+C%X% zDs6fbM078+wEr!)v|$8$u8R0fg4G)vRQHBO6=aV!2!@<^E{w`RhM1`agxHhsaN00PE?0^`Km7qd+tZ*S#5qP$V2uT(ID(2*vfPAz7`P|4e&FAz( z9H@$s@xKz)axQXALxm0O*|ZL-ISnEU+g(KKU<6Hqa>07f4ATV2X3NQ!gCar;E`r(u z++YoS+>FE)I6vGQns~TpK|+zc7w*9xYf}7QG|Vyo6Wh>pD*7i5oY??^p+^=&JP#HK zxopxZG|d=u{Xl@KBXx2w28nFV!G=v)$tg4q4N?RQ%HU{*-HBn3fr?!hsnlE)b8HYy z{16k?>VUc)V||>{)`R}p;xxsQK#yXgLX)-Q5%&Kx>>7`3eC7?-j{MKa&Fz5L8nb41 z6P5WqhX`l};a%rq9}^=I+XH}Q*pk>pQU?|G0?wlsHTD8g*HF1QRRDD1pgNF{;Ep)} z0C4>ub^a^htE%JqzbSObhz4JQ--JvJ(|F{PTKEM{kqgHt_NfjIO3&-pLKb!xZ`F0q z!P<#IT#t)o$DYQT1K)qJtqW0twZG$cuL(3_-;XrSV6~tb12kk$4Hw%MvS~j9h6N`!A@RRfU9fC2CqnE-L1bJ>>&rLu$?)%z=qX9tNR?O2E{BOnjx}gcs@d zj(Xjb`)2#-_-ped1k~`u*>$&92SRcw5W}AEj|4G7p(6%8hUHnn_N*at0UiN@RBUSm z3=y3nWP>IX4cT5%=u*OKA6*?Eb-PC=*V4Vz?DmeN-hJ==aa8+}mVFS#t-XBAH2q)6fdD|brX8p&sf#d*K9c*g;;22FY z5wwBl0BCCf%?-MCB;7N)cXHhi22(Ea0wx?HlO#K(I)FAfKVf}9)5J60y^8ITG4@=x zyhQI>F1G6YCt%y?B6^7y5*h{X0>a@U%^-zDefCVyBGGCv zgq!P=`}3RZZbk+&wL};E%?+fwz$K3q9ju+-XkeS7xqvmst-`h9Tgz6@!CH~m3Ha&68zR?6Oh#c^Emp~%i$=&rwu<(~$VM)t zNQ)IKK*!jdmW$;tdpi!+f|01A>%z2LP_fHMgoCwUVE(uSopn9?h{y!Fb@1iOmoKYl zz{VSc>S*JMgH&T=FowK%yUDDcN!WAdd^mpHxW?2l(HJ!uFZKCDz(RMx5g0;Zs7#az z+PJ}{p>iUCY~m&Kb|y5qo^1<$&2ZUqT0tdO4L70L_o>~MI+bVJ>*>iZO zdk)qLK|2Ni9c#lME0a(02)GCmEW{5j5dI7Tut!b9Mj99*6VHmFxNKtzR2Q)o2E#>A z1wg{YAfjW>)Bv{q9UG!}SqQKlNxA0h!6>v7taT3F7)mC4RWE&=AE!_ zc_9YogVs5vr8=^KiQtr%_G~s`M*B7Gb2i3DQIKJR69IS~a%j&tN%3}J1J;em=R#tuR&Rap3y`?~`j2eOX*22+MG&et5I z27fbJ_|>qzdGvyzuE~fiL*OHO5tZ~D$3%=?L-W+do!3TTf&(7{Dc+6g!JGzG%f-FQR;=`nPvdA=c6{JH!dQ`rlPWhnCwWg zyQl*Vs}sacg;{1V-t<$&5y@#b3A$?t8Kh;ngywWiXd6+cMul19^_I!Mfgy+Dv0< z#BeOEc_t!zJ5)!7n2svmbK>AqUu_aH18bP?A^TDXUrM=1NxAV~`7hZx92ZlpVzUl< zjhpbTjWr|+S4;8IY#DE&cH@1LSf~5@)#YA;mz(t(FCFz7yxn2-uAt)>_W1rrtf}8J zFITBlD&ed6C=wr@9tA7S6xumOt_{te3r8bE^&yOXA&7I&qtVE)xh%E(uE8Op9&hLT z#+SiBf`oFN4}hJwe0Y0txxnY5LllB2(tLA3LpotBmyO!Mc7lhBW_(5(8}lxwU?a@P z3~Rz5Old%KXfeG2kHWHo)-8`l;Dr!T#wH#LT_8doU_sj$Aws#x=})JN(548)#IG13 zVH{Gl@tpe96uN_jU8akS@Xy#KP8Pt@P{eA~!S6YrEEfue;LrGZPuwV74hl>RTdRZK z*RC&Z2Je>+BK-G4cZq)~s3=gW0pOU(KsWzu{@*Vj&s9LY){e!WcrN69P_qpCJ|JtQ za`Z(r;5hj3<@4v{2OD#vM697@o7qnM_5Ij&)O!XWZ{>Q_g4(TaHa=K)l6fGY(&VtgAlP!|PV zu>t;ZV`x0jUY`Tkw2CTw%rv6BV$o^uWY1m^Eg(pX8k^V?k`C-ut;DVvp0Y$;h;H#I~nRFup!a{(uG3DcDI(cAL zAi-&hXviQjEEX~t7pMHwv+(RMa3sj(G~}3g!PMj~W!1)uNPUqohXL8qSe2Y_01ky! zid@UEIRc)#P(?S$H8{9pTVn)=iG7XG*yq~_4GpQ#O}`Ep(M`ZUxX1|26J)|g&?2ZZ zBJCu40Ze=!LBsT1)YDx=bZlzuZ7$?VZ`fvTicQb*QPBT!#kR_S<6!M8H+&0vKl7c~>1AluB1d4utK+3Rlu)tGsN^aShDPohBrt&BccgA96Xy9=gaxD#fl?6N*jb z1}njK2L?Ko|JlJN9xu8MgOmog33Z_nZe=7s`sx<%Mdc1g%R)^GwI>KU{*T-axCyrt zTsv$?*bO-B6}AnUR_=2`AJMStar2chuVkDxGgShUn6pj+`|T$Vn@{2m?Lo&VTH20J zYb-HDT@r_f|u6IcWVH1`Y(VUH$0B=+V_bseVeB$dF(-3>Gn zy5EKmZ}5#rm=p9qdz1zNBNri#LmX{5`4(C%_9%eBG*o001SV)v%>+K8?g?vqkIQU(I~pYV5JQ(s7%mzc{5)+(9LoTP;~qnfWJfu%@kh;W1kOxk z5b)mhl{*d;Yz{HGAw0_Sc|KuGF1Y}?ox~E@k(>~*=bS&BOT_t-I4=tkE*OB1c0$?Y zG(j91M6{4g8B~yxBJ3&(>dqR`V63rdVBvnX(uyjX$7XBoT zn%%fS$k)ubSQtVkb3G(PKSp~kNX5BPz}8*t(b(x?*n2T23WP6wi&dcGXlUy2_iX-b zXg4kz8S^?HXN(4{2S$(W78FN|VoPmRfTjg)IA-&J9@UY}M$OvW&FugtI|$G+#Rg(`Q~BN-}!J z-ae4@G*YOnd=tnrmD&N9d-zF7O!kS@t7TLxSHAFSOTrES3E>8Sgz&@YSZ*hREa4||cf!Qh~35gku8Yl*^Cs+ZeY)oD88A3=D<9$L~%kB7%AZ(K<7Pev}kPpvnfswt1 z<5Nejn?_pAQM0=%z(e@62pD0qm!PxU#^KXiwr3teIdT5l^v&j=Wth}=q!SEKWn|39 zPt_w7TPa!>fGk^x4K2PS-bo>PvE#pCT2>)2;pbw@$;o$!EzLP~p^$W0nJi6`@no2A zeu>dqpI#K7W99Z|NtkY+7XrmJVX}6uz!^<+0L}a48CC35*|1g9)6o48Ym4YW(1P>( z;es-J-!B~=B+nS{9q2N3Eu1BnBDovNJ+|+W>*CniqKY-dS_w{beD&?#!Wz2g?ImT` zv=uEt#k2`cyth5;o_*uimr8I}t!ekBVNZ~&-Rp>HRU|Q1Dum#Bi))#sQYi}wB}ma% zMm7Sh2qcJA$afinw=a_m;0<_2*d8~895uVeoEyB#;1QWX#wu`9<|{7`NM)Lyix|&B z6oL_gly!zj33CjiAp)H>G({%UML4S@6pjOQ7aj8L5@=>)s&gR$bB+gX0Kq9&abjFc zP@Si4jc{3v3BCm(_;LqZx<|2NsAP}R4W=vc>Fni%2<$H6s}g$uN{C={%Er&8&Fzwj zW#+8eAS#|BcM;lch;KoOIAkXEeBC^JADlfm7~)BP)Hcsdf45{^W~ zGuIavWeS=qLy#}W!fgVzWbGQ#b^DDO8Z&H;+Ph*l(1wdk7|izZf~S^rWi zmBQK@q>#yn$gKl57=}MOH_kW)9ebT&) zV3L|pFi(ta6&U!XzE^4XiHG>2i#$gqkNM8h*ggEm||dIjV%oOIz&30 z8kqZmTfUWm&y@QT1}vNer$C#S8&_Wn+@mf+dt!fg1hf|XP7Bc13Q6-O>ru|$Fuqy9 z@U=dJ=<)pyCGtdb^_Yn}coq6KM6LwE8Uzbp5N=j=@PQvbhfL?!qUR9mB52*K;W_NR z#r^Qa{s@kk=hg20YWG={m;e|Z!?IuQy*OC;pc{nZu?wxJS>Z7sKhX`^_B;HgoKMp+ znV`&L#=tpaC;S>Z2k&G!JE!E*Koq@k(bPb*&6PuOVL%%rm6~xy(U*_>_KFGPxlrEX zdZO<6wP=aT(r(l9Do^&1t!P|SeB zPlLH@?$CtxB&3n7L@}a&d<5bpg=4>Fj68-He8%;-`NN-^kiPwq6ofG2Mq}ga@opna zpNEEu&AKtev7q9?x&PrI(|VFZq99%w+XQB4sAD|gY%vXkNuUUgrXf2MjTqP#90 z!Mu{^HQ~bXL)EZwQFZA}^GYmL@NR+@{GH1g>(tPYw#(0Z%~63EV;gC}znt%z4#aW3 zL5Rl>eSLM*x8ydkWno*K+<$DeKQZe3zyHWsjDHsY5lV0WWK!|}?t+FaW}3w;meam>eR2EQk6A z8-s$8;SvhQh^di|V;XD?xw|{-gNaH0O-s!X{DAiYDEEp37MyU8cz*cIVb-OBx2q=h zw1%LzJv>3SKP%T!j{-F#;A7BnGU5yb8qbkC#*Bt!8Bbq|Um-5V(JXdS+r!ulRz2eE z!VQ^q!=xmkwm7aa<;McP%9;~}xQHaizvQ?ewx@?kU|0w~{LxpPw@=0sb8U=n2Dh(! z&2Ev->D%=2MEsY7%6=tv|G!q+#(#OAr|`B28%|*1ho&ki;irI{KSOy`qndK$WiA*XPjB} zTo>8YT!c5&)*Q9lps5^vm5+Mo*KKfhebOxEa*|NX02IgYnWy0Z(vX{Uo04+gXx^XS z#7^4p(0jrh+|H-{MTJ$iJk@@nS-vpNOJzw>|m$n(*ty70lO@9q8KkE#AkxQ-E|CAK7fDRA|+2nKgf zfdv?^{dfD7Ndh}ebZTb5fvDefV^D+IL@g%_D!}nnK&Di=D4SURXp8V71@)^d7Xacmun;#pHo15#C`}WaQGqp(E z5$pvxY=S&=oZr@z7Av*u`y>9A!G7{9NkI@8i#HTQ{=8xkg9d9?u6!<*ilt(?{-yM# z6qpLcMP7#oCt^G%p93J6FKs)TH;#1JlDc5(2?ovf+_EwbJ{(bLPFg2_?_gP~K93z*%S!`KU9o50Fdz=L9{hDje9Y0t|;_48O zHd4&_%2T=eXxlTFhnY3w3A>9fy*$qh?p`DOC&sV z0$+LV(`^v&aVSndePcL3d~%TbiEAy1+h-xu62WT4?WyQG9(VbHgb7`qY5JpGx4IEO z4i+V*Bc`JlhGkY3*l5+c+T;KDh0mb=+vXb^8)vu}qLn0H49A*y`|JTau3^&=$p2qb z_`f8dYEAU}98g>J_p1Hjws{K2nfoIQ_iPi+*cg-yTh(}R3I@rgIZHh1aM zN>Gg!GY^(PHtOrQ)No_l^b#mu-Ebms&r^WCx|u|{pe$H_84gD)obK?Y_`JHs&2W2l z{ndCL{En!0ol)&*HKRtKCJVkm5OG?e*$pA12uukH;F+7TpO#{Ly)Of&mID4RaoW`- z65J}o1o?t_aznl!Fr7&goCNwJiYUdse%8;J7tF8Zqj5Gb{`MoLfZrLVG}+Me|D6Z< z`~1sgxwN>MeN%nyG?x8FGIuapEU>9ZAQ{RxAD^&_d|K6{EtLJ_o~Ihm`+qFiF)|x@ z3Lw&}$AdL&uw?EKs_}(-!Q6SEz=YVBInWc)IU8IUkSya6#$SX@_E{L6gJt27>oSc= zBn|{0(KjHLHqVBU|CFA1(*E>>O!7x-b(=q#`aeHS46fe1J|Vyp`v3mt{aQ-@|6D44 z-s=DF@uX;AJjza-0;aODh}c&_te(I`Sr3zhY-Bku@Xq`?z6;T2$BenS&uSt!JG~uBhWcmlp77 zb(Pf4rj}%7yTbWXD-0K+>9y6r>%CGUv zU_%D+`;egnrsv1;)e$tQF0@QiOpI-XkNtD*9mShdbx7-32LE`Wp*JR(?)(`mvd7(4 zNxVAo9O28mcCc`WJzDTcP<$`Bwmh_zErM6&+t}uA@eI7U^L8fLi-ABK9x1+qmI;dB zcVHW=Q403O_ZYMWA%lgpeGGpRJwzu`VaQVe3cly^s!Dh z^_~K%_@VOojSpDKm#gev7?q6mQBBU=h9>XVqitdj8p(f|GQlE1Q&vD}V|EeG2oO3+h#Q}6?# zEH#@@C<1xVj~G059W}SKYRH}@I8Vyt&pzi9nTLGHipF(sXo-bH_OzI&@dUdIf3Qj2 zhYC~7t4M@GNLveHn7ASmOVmf2-EB}eVs@2f_7?p0M^n(h_Op`zhu08apAU3B|1a+! z9Hjk!4i5IW_P=*|e2k6@01=l@X(Fjx)T=(nFAWz%FbXPVNDk0($X;kwJPDb=i-m>o z`t|GC{xf;^>Va$-`A=iynH<**b8?oKRB|4F;cIM{-*lf}vH=0@^~V>3djOIE`R0Rt z5n#R?IA02&8w2SZ0BRPnz6xM7fOZLRK@i<4xGf(AD)-+6DT@4P1*?{2EjeD{9|OYB z4j{kmd%tN@8E*S)s!}+P>1tUHEBUp%;g5F(-1**5#V58P%qJP9qx+s3N)$3EUeCYz zR0sb8`M9{02mcPsAbT3&Y_NGpr_FZn{_3cGblQ}-&wcmisL>3|g_$|?oAImsQV%`p zsMR`e+>4&huZ~VvwEm)9UbSQI1PIxa6#xHv-t9Hp;sVr*C+wTq^Dn`!ROpg8ykw6% zxbbq-Xk5$f9tVe)4}ICsWf_N31SmRw5Q7Yf&QhW?5E{Ls3~3;i$S2Ho5In5dX*`)U z?~tc--4h2@kI7HbSx@3UQFX++J?r&uy5W~Z287rIEcQkuj@_F=chB|gJrQG@>`{{} zO(yxyMNqr8%|$HeOwiR56^_^Rb4|rsiUkCJCR;ABhSMVQo1M9DMdSY<(fH4Mn7uy8 zQa2G=3A@{)>=j4Z$>ZjD_N%1A^HWjvDGXXl>-mCSSLfms41>|jfIu?BnZ$47ju%2hE6Or0J zeM%pIKc})-%L!Vn9qJ`oylSK(gxm{9>Q~ORNosyFc|YCZp^D;+G| z|35gWZtwrU%d_nNvm(#eYA2w0j^fw1A4kaf=^*~(J(^{zsIIxdx~tH z0t^`R0|AD`^N)!eVI~io3Q55TGrMj|@xnxATc4pV_kL@ip*V1Dc8vMwbro{_1b>OW z@TXUdG60IgE}FRpMN9_ZCYgLLb}u8J^fSso!?iGre!K|V3y=^*-$KXVBK;QWvync6 zvA+xMr;>Yq6chZN(1nS}r@fEGUq5{;s)T$B>)g9&jOO9_3jcKX{fuv zf^(*{{8l|Em3Dz)SsrClP;j^=Qs@VP&R<8qR){|{9a29pr^WAYlOpIEWBtYQO@TGE zrFUC;_w(qT4`F{NYDf0oS(^EiXhQ|)7+YeoB^EzXIN|{Ix1kl-K{j-ZB)M2mDE^2$ z4J++`VJ!Hc9{;0Ks-^9JpG)P+*8cY%&$9h*DXYLMZ~vw95xm6}z-Ww5TmTHAczX+Q z%fEgG|B6y({PlU)s(XLiyLNxyXEpyvnnB*+@b78<|GE4*9slc~T&->S|9dL`$V?&A2 z`XlT<86YaV_|ha^9VO}+MDAJfqJH{4@GU>t@{?zVntUo8WJV;DWf~LBAdZbOBJ#}3 z>CYh(FCi2M@yh9owr>T&FTM7i*r4a#lYid2y=3LSB&%<7W&EY9_quEIF%aMEl6kW0 zjJx4tX`Z_6pdsg$<=R6cLxKfcS85&tQc>RVWW#FffyThIzS5Wj;NXU{Jdp_e4E zK&%ajdcpC@_5>kkMJ(5hsVzl$&fp#^ia#BLHM`3wCO~u;mEd}7$|hxt=g1I|zMmfH z^VOovtC0Sv3lqe7_^R0l3Het{SbY8+`1gExxp2xLpU;YIyJaD-ezNI*EL1qZ4)r=N zu%7-`E0xbn=l}bk%Uk;Y9#1-=C*ST^tUmVr7igMzCPFjRe*=Ef`yW4YK0(?0Rrsjc zXimY) zUeREs4q`d>jFE7GvoQq_5M)h}Ti_naVLmL|vxdmsW!xm)V5n;m;#mmH5YV~v9B}Xq zxxgdH<;;?Lu1JQ@R}5gg=vT}fVKqI%$Pm2C`mhnw0HlEFZxob^3zkMz~}$J|M?&7zyIfd zim`uwS#e7~N}gE+K`Md7-UB$qQ&f-d&ohUY9sBa5jlf3%Js>Z3BoBTMUu`hhVgp+a zbkQeJC})hk8jL)4C?NXz?`JP?a;Vi;4Rv{>`@u*Vh>7+$AEKW)+y}OJ!3|Cl{ZLjf z&oIO~`b!yrGX}pk{{A7x-}Jn&IzevHBj`M^Tlsp?j~_WB`6_vzKh;92Y&(_CF9R!h zCOzm;9lOTknm`m1Hqo(RYp=Nw$AK;i1hGY&E#f>Eaa?R735^&41R)RBz;F(L2zp-w zti&5WAXVUACKGut*6|wj-Qw*QZ~rj76;VtI8G%aT;YdJUK$!&{BBI?+kvkM$#)#&3 zLEbb7|98g3eOBhBDB-(VycuKLLirZTU&ftckoY3N`^$5u_yTNkaEpVl!9h44yJ*aT zP4Z0c%%Mi$6&#@ZK6M%XFdSx=90nO?7sdjiS8Pg@);tCVg71NUy$PFor2yw(jieCd zZ6~`$x&KU*+gP~sgU!8@RQF1BiPm?EHCwECFRX!%Ll`2UIYl;)-I#$#G0=QRE$Nl` zglx^h#ul5l*z||;pb!lII+zpLM7F52MV-HzZ7$ObL^%H)xnnFHA2rg>e(#TBE;dc< zZF$oc!QM~ObH~_m@dMl9Wn2pY@~^|Cpu_JSaW~d28g0?&Pk}~ppxhLdlGjO+Q08+l z6MI?%+cr{Z4^NN{^7*wcMF(|za%Kao1`749_x`-WrNcQds zTwVe&@0q$gKGN6S2Yw-dzYxe@4(OQxvoQv|0TyIo!mF?$10ynC#V=_u=kGFx!6kP8y*?R)O>f3rS~FDaDcH9M_SQs{GgF1nmC&x_y6iaw0Xm-OT=yGJxx-N1Em$LgH&3PNmts@3xO_ zx@XtDds+Ir++f}h{Bwq&( zCN%0I_1*vA#~I1j0e?w6RYgccT1JH#GR8X1*FnCV-*TxxJC_1!6T`cn)1{8jwy?g1 z_4kDJSnBHdksZiG$B6tJeRvP-Gbxu7k5Fs{?=-{%(nW`P(Q#h(Y2Gf#3!uyYG55r_ z2)ISSKN10d`hB$303KaRiwuOX63$+RF(CU!T$&gR8M%l~D=+Zy#mAIv(5i``?KyuA zEFYo~c2R+U<9>Grws)U_`qeG!|LIXbj3B@E!0_c@3|@cSm;!?rg2Kze;iVw4F<86- zXk>xMt3V`!L&Q)2QuE@h!OzYTHt>uS!c7Tz#v$eM31Y-H*vwUG#*UMMkkLaAFQ82g zyyut6#|lArOyXyA1&|nmc%`};NxUeSD**eqXrg|FRA}dGy9Eu?bJ5nED4tdJzc)(# z#Gfb5e@c~dI{t61{JFZd|GmePqAq;rBkIDwy3igY@QVYfz6*XCE+`_P{u?N^3=@&! zsfmXm&#LYH%0VXYyPW+J6hKr|4xBHyC%J#7Clmi8#`g~P|H^))Qcm0d_p96U-*MY1rf7B=J+SL`YQp$heWiZz2l}f7xJ~N=jaMe%2%sIGb&dFlnjm&&idv zq;9`KhNN}G8vxJIAVpp3LW;(V`V!G3=`TsBTM0Npi>Z89uT0pqddr@(qrRxSP98jQ|x}4y4A=Fb%qhf~RK^y<~IAf{8R;>7p@vVB*88lY^lkQzkG{i1p)b6`T&$gHr`^Bb62SD=_{V7@#iBqT|&mp&y%zFaYp?>}=EQ*3$`%CO@` z!!I~kD;V|&$4svpp4kkZk8aMBH!2K@ERw!tQCNBX0<5@#A>@Ij!VWK$`na@w*g{lC z9%;@U>{8^$)0m{ENhqYGfc%mL3p$QrkE8g>!J`Il&dC`(=a44sWU2AYWh(%lM=7W! zd|^G2aW9v(EXlERO8*R&p5^ep1}1*S0>%8mH(Z?bpflHHY1Er8&5LuPrPuAb`MLa@ zdvW*|Z<34fed7dU>2{V#$3}It1hb4bpPPy-)xp}^a2YJer(ml@k(Xw^G;D)5!gH>u zVDkN|cvsdj+N+3JR5~O!8Ru{bjT!~KW(k2mJI8DFfDQfHty1#@Ud}b6BDRjpuxU89~5)d-S#T2Va4c{NQ z|3!4Xx?IK%C%e!wSuu#RTer;yPC5VshuG!saR2e<2YC1Imd)1(` z03j?asQ;4DAnIcsCcTOpt%<#mT%p4HjpJzAw5QAan-(_0lB)!ZHT#n46lL`n`pZnv zV)qx3)VTiJx;im7%qoH3f#*2L4fbQrM*b4yOwKC!A_5f~rUYkMg%ZkAcCnR8(X$qM z>Gf)(W5|71njXPA^W!r{oH;Plm?9eya^vD5N;a!g>YS$a_rO3AOS8N;E$wj=|2<@_ zrHgZ+Vp;CUkfjr2Su+tPwi|CYXx7@|<%3QRX3eOd)^gUHFF{JTp_a4vbd8lN&NEDD zE5`Vw_7z+0rE1G>(pn*Vh&R01#2&T=>)yg92Hw^#mR_gg(vm!96Q8CvamdS}RxhO; zn`_BWsl?0V(a?|z-7I6)+nCC1tcAIHqGIv4uP~D>^#(`$USUiN4&H3u%Ts+&Y$7*( z#2I_}mOVMx#N$QRVSw4dHlZ#w62P^x$csl2GdF~JYS%zqx^VWsX*S8QU4(C=f=noH zBRa$GBvCZ>9&8?LC6oT^4t&GwUr*Bi zgU@ODUn^BUZ|VPgJQ@03hV%A1-|fT=lBnw5v@%2#R(vjThF#;4sUqeL){gvQ$bIPz z{w;_2J93D?3zWk~kDoGzHsq{}N+1j!5xaB*p67m)1HdwDDeL+{91&t={7P{Cbfu__ zUrBf|M7M-eDp#ViDEpJcAZF5k3u~VFHnIQyYXkcKxl~z-|61MO(*O5(Qlvuce44B; zr3IP>Wc`Yl&!FN7L)`X0-ImHHO;OA3sMvC_jqKHH7C)AU6q$x)(5$u-ms@9Fpt2-2kQL#ELuERi7nahjdFV)i7}jZ^>s5Z(LF z@MPjYCZu2)V_`BWP()}U@FaW*L3m33tCg!s{I8VvYg_y8yF5#Lk?H$AL}-kEuZ!}W zA^LH6iLm}Pf?p;prwa$w!B-5mV`wrF$>l~xktw9-!qLc3gCnW0ScPUT;VrwNm+Wfq zSSR5OoAl`nmNUymHhQ<-l{WL_l{IQ(4JC^PZ=wd5%dBi}+4c4**W8R#&A?AKc^iM} zN@Mmt?w4J>e_AGeoru4g6KB$YM;pGU{dfQK=Vklvmj1uXlRkC9+KEA2&taVZ z*we-$a73H~h?u3R0L(Yb^|q$ntFeg{4is{9>je*DR% z|5yvWWd*jsjvG8F|5sA_f2CBaZuS3nd6Jjqvf?;Ieq5Vyfn=>M57_d6wBhr~z##&3 zitx!`W-Htu_m_;U&*_#isyM@1(McuA2g3WHe>6Tn_sORJF6Maw3Ov~Kt2Kcq=>LB0 zpqlpoE0wqM|GPXH{vYuOmMm?Vz z1$m{`5~W0;H=|9P-%@^w(40W0KLr`w3g3SO<$P`)s?DJ?#?sSs%SvYTJspbs*(mb{ zd96Y>!Z%80^=Gvit(E`Z=n!DN{J&q>FQ@arACybm{J-z=ECo_X%K1Njo2Fil{=2?A(}+y%cu2u7Z*@|zrx00=a!PLP}1 z0pY;GIsHI@jVUlR1WiCOpsWczMJ}K^0{LkrA9S$`h8|^aU6k7a&_w_O+p~tq1$YG1 z*tJZmLn_8X*$`PnjN(!-!!Dr!b8B&K2cWrQVi#$EU@(Gi5%hFKP@*a5qI!-kNCET_ zuo2P#495>>93=_KGBPx!IKy?k3nzQE{Bj}kF7&e$xNjSt$K!;NVG-EVEE?XzR9B*cbbT~Dz zOT?nOi0~Dl7=+Pgg8efP;aeU7CP-&gIvoX#F(O8U{C?<3;>3h>OeISba@O5 zXluNc-q$XloId&QN5oC@E#2DL1^EW6MqJWT*VIwhE zv1AzoweXZ7qG5BW7f@ojK_5QuuwgK{8}K#u7xv>2vR~K+F0@r0xgQ8a_6fkFV9&+1 zbPYfXrsZO_SpCGhWb@((2^NSlYzEji7eI_VT9)BLj7DrzF~X-AwE5OphHY5JBZo!c zqHmtz^11P0gpez?o$3MupsFH5_B>ldE|UY9EYAx0#4v!~lXf==vtnfgTFwkpQ=zK? z>@t8y4s=;v%_dx&;Ju3>355R?jQtLK9D5U36cB=tJOo3Az;V&YnD6qgdC&h~fcVe7 zfB3^JhywrIn^yLU#o{i|@r= zG0_U~?F|N71m`2LV3dR3E$7<}EgwApF~aztd;b_h_n*5l>LU=t#CXD&PLvW;Vgi+e z8BG;ycxp_M4WKEA7Y~b^AiOigNxX?hRA92mw8{2ZKzG1+SVycGwxEO$niGA4@R{JD zi7X#R13L6cyysD>Q?IO`VXc7V9v zMGzHCZ)n&WNfJBOwBzD=5+ykw=zZ-L!Eu25GuFU4nAmv680zU|lhLB{#2{4_TNc(B{&1>@*+w8sP#y;pVhqg%rx=)RN5pX0?y{ML_ z**=isnGHtJRu^GE!Qv7X+GG!U8Uq=z7P|mZRq(D6Ry_gz5^VrJOffP*EQ~oAhy@bM zgXdg;aSg;IAKrc-Q4&T^3KSQZp5_xtE?F|(!B$~`JvL^x#F`*uY|u<+8e!Kef);jx zgXIC}y&)O+7y5Ap(#=7{kbr3qT=OiY1RW0ovLgLwV1&0UnJK zn~!Z&Tr!HSxx^!A&Wp1tha2|Syy+7k|JL~QhZvuN!&V_C)B$7g+z32#4T{3wtCZEi zSiGDP&NuJWc~CP_-`h(B4}G$FaxJnNdmefu)_@uo!XCZ1NF7wU(O?N@*Lqt&e>Ik} z={K>f#dvI8X~G|aNABD!YbL6~^`%v(RWlgi3U-Vbu%u>WF;IX0zfF zSJtpf_M+H#d)y*R_u|c|I;5hN`re-Zu4@Ka75o=NZ%m@D)=zoQAjI=Cf%(;m=ZJd_ zYX=L5*rNrH1jYA~i{~I)L$+!lQV01qwoyKHiNiPi^GMWdZxDp*>eJvL!W>zBm0(qs zm5B{sex+bF;d}M{g2dI8f`9j9f4`b>r=-R>2)Ciebd*>sUtyODe+M(+N-bkJgtE6H z(jn6Xc-BQGSQCo5{2R#L(3egN7Ib38RF6<>8IM9?Kry3iQvKTHIw17(hlmD{CKOnc zEDNqdw1=fg4_juqJ*53l@7I&dhQt2 zLFom_RG*~BFQmwCnO$`qReqCHtLt-{W~PB0VO$6KS`Y^QiTtM;-t{&NnL~uLc#wbJ;zYO$W5m~SPCh%J_{StL&i8Lo249ec5Jrqy<=>|n9) zAiPIt^m-XS)z)8Gl;7I5{&1N-K!PCFwq@4+z_!x>eM&_U>(IpGfC}*>Ixz+v+NKj5 z$~1Q-`UD~qRP|W0kD-Z&frSgZbzs;QvT!Iva6Zfr8lx&M##DHKa7$XYu){4=ffTH1 zZXMKPa+Hn$Z9tO0pq9ved0XHqS!`P9EgV$1c7)6f{$*og8>7*`16xO2QdW^mjgg^3 zemvkyFYLdf>P9jH&la2bIzj#z5j3eDwCAsr<{DEJ%Ua+^KTYL~;3mH*H0z*Til`;k zT|{(jYIRTzXyuYwnOgLju1E zYy-YkrYXFRAb7yTHHa_LZM-|C3(@Zl5Ixq=7SFeM{t7%7heXL<7<2__;j{ZdUi#WC z(XZWdLz1rUd~rM|nMzj~ zxP9~Dv^!BQc!NrVUiZukP_aeLCdN2dWx-;B&jbuUx#Jq0-g;XdXttU$+OFj z**exL8tmWdCuq{T>{!~hGPyYJE7CD_Dcl?KOsS?bG5>q2Ta=RMQB>)Fmg zDb=QfmVP}vmCj|`Y0HyxRZ?05>BwPa&!uK-rktKHuKM!_(V*$f?k3v)uvzX(w^~yx zn@z=RN!^lk44cZJ-@3qqlM8|rN0t<&-I%c`O0|Ax(rWkQ_IcNu!z*ikFlg$RZMocSpK0eE#k}lR4q>;iSMEx+ zW4TWolBL#Q*|`%9PMVkfiFSI`GVcaw#}7kADc>pTzE;xlU8&ZFlUB8-NNufD{wCdO zZKb8ul#2e)oA|$*lX9=`w6s!L7MpTw-oi<{F+6ozy(6dH=~I777q}<4`^u!eFImp9 zB45}&bI|DYwYJof=kWCEv1jRnD{DNzd%Wmhol57t!QQRjLX%cE*sZ%#`DECvRT|dC ztzw&#VSoO3H_?>Tl1zJYyCqxtL@M1q-YNPe+XLR9e5OH)BDZ+*sMOATx8@bB%;#Sp<%M>tS-s|krI>QL_jp`^&6=TDwW-=vx>8^3DWmBHYyub1x3<9*d2LU%%A$3xx2Z=DIflq(mrtE$wOt6Htw)X81- z;-Y<~UCR}z+^NiKa?3HVTT-c0(N8<_Tvz3q+n2AVs@XohEX{-_)9tIXfpu4Imo%?o zIxWQ_i^0jo11ufh4kyk5oJhAH3lR3?hmtSV)xac7$nZ%~`er`OHNqTlaSyJh|0u6q2SHch8n(Iu&=-E=z6+3-}s zuyUbvO0B9Sw~p`Rn%t8IEv=+WoI*Vu-*hGy1Kyw{4^De0O08|T&xfT$s+3w%Ur|n> zjrWzacC&ZdvgMxE?mXycjY)H^^rZ`}+#2-c3%!%7D{y&L13jJN^q{F!CHZ`+m0PDh zxz+AWTGsWMdMUM9gYJY*`x6suR{Of6v|0j}n-@|?mh3@EX>{b)Ksz(-_DTDs*SsJ@ z#hl)i+LP{s;&jbcsoj%G&~BZ|75)6`QEO>ceZSvv${nRSm(HZVU~{ETwPTMTWmy^w z%IX}+<<8w>t0$f4cgSwZYJdLFk8i*Gg(%?DXoj{)uh!Ov|2Sq z_Nh(799$2YgGcqusa>5)_RuuHUEkhS)QPzdC)zc9RL%ys=T%j9_It7fW%;h8HNI5Z zXM?YI{r2MeY;fJFYIfH;ulW>v0Izz-4{ft~sVVJlTTzsD*}3ZVFK$p@+lM9nrqiWY zSGP{JTXDMZb|4QcgR5b4ese8Lowj^2yP6#8*QaA)M(Rk za%|Zi=-0iLC!Gyuy$7=f&yJ0D>q2Q)TDador2W&@zS67>l;*`;X_mb~Ul-|$VPC)L zJZQ(=%AlkuO;>xk=npE2c~x%B;pxSG<3W|^uJ zG|yrA*p|zt$R#?I%h&Sa5caAU-M-bD!v{sW>0r*_zskzB)L6m%$G`pNiw)c|kSR8F z*ot|6**-A`?TP-NR$3=RQ@On>N#x3E-?p31 zzMx%`veT9wT{GxJHO+H$tKD5GgB#^cx@xzi+bacEy5)3oF z612_ZcI$4@sq8PL%AuiD@%~-+u-ve&%GYOif*5M$wxje*mBESDS8m&Fcs4Hgo3z#| zm77YxW(=yw5AfmQPMgS8xqsM|<*S9-cc4^iRoV~7cwkN3PRYFPo?Hna9NdmC)su^^ zWIESFOY*uCiKu7hL;FmfYfZEN^>N^~?Y8o@s>~JpxTTekPvyRL+NqRj-(*auRlA!w z70q;njYd0>j-~Q=UsKG6G;?nIT{3N-nbXUPybn+D44obKWw{Ky6SaC}Dm`hUTLXjM zDW+Dw>eH(7sJp$hNkwk9uYDlYP1K+5UzO-xx7@yf{X?a5tAA@)T0?E=)BZ%AGufjv zX&p;)n~|jBzC1UsPNlhas@$rkgnPDgpp=}64>q03Woh!*zr_o!Qr_=aQWcikSE@W1 zbRTql-6xmGcG{}hGSr?qhvvoppxUbR`U)O2HKLxFRdgo7t5fq)tf723V>>h`>6hB% zVy;Z~E7D{x$+vo^-91#~GlvnviDYW!UI#x)a&2FIP>$PGNxv-7Gs#j;yJuIG!Neb7 zuZe4Yt98(8>JzCyw}yRraoua34$cOT{no{mHc^zeOs!7;uyj=!7>eEQ_a9pGhAnxj za{hQ%(we<0V>YF!7~$i^<-k&o?t2*B`jBc~#L&<#JdW&)R3L>#ikD`VY#Lpsq*wvHu`l%2s(_ zvQ2p)mtFa^G=~+mfY)}evNLG$-tnOs?z$}u{23KogZ|&hqqUc z1JNL~%8t}Lyy~7Pa>H)vgI>#qkL@d^V)pK;`fTth>F}|+K(_w1Yfjw0d||Y0bzeTM zH5JR8-c{%gESaR+lyskm&L2A!#gQf#xcbWcpV-&Zd?)}e7%y-)^9TORhcYbdwB zbxr5IujuEpc~|Z=+m+#Ivm{S+UA=8z^-q1TGGscm*Q}i?{lh!S)M0Oe7oA7*o7{A2 zy)IpJI?lK2{>9h6*_w8GtxCIb`0ZNOu6noaDr#N~kX3fH5^W61EkXagmOgKv=JnU$52bKWkMYRGOKcl#Gz*e_iU zPg-r&BCb4f+@Y+TBH2IgQsu*1@AUAYZH`My*|}+#k7wv%aMPJ+{a$l^dfhUQrP86S zni`ZI2Q#@#PmpraZ&&p*xqEoiKf?PRvt5%FMQn;z9aOue3tQ^9Zu_UTnr3z8cZ%r@ zD|9YD4oujRysMJFe_8snkWQrssWN!DvK0I7w%wBYwR!)v-GFD4MW`ihg>1S`u=I(wEL)b1>)tA9~8-(C|^Ov{1|Dpi`O5hmUvVyRzbTD%zkUOZ#2&pxl~v zZrdk!GiTa;RHxdbc5*i<>(>mc9tJ}D9-K%<*F1N-kJ6*uq#ZQTDpysl32kjIF{yLX zK9J>dODdJE>pnf`^;>tt(&4T4*oN&&yV01K=Y!tGiG1tJ!|h6Yp!LgN?;ctcCc7cI z{OwB7I!fcP(QjT{4jzxIP;Or-CFuc9w2oAoxBI<|1v(|utN!fqYi0g$xj5`A6ICcF z?FVTvkoEGNX`0u~!*gUgHMu!B?b;Uu?Xh&&FoeJ)$+hNr>$uxh2FFTM9(PO1KnPl; z%iP<=6!2pQfQGoWZX%ao?Q39*ySNJbt4Dz`3LQ!S#XvKNxM-y#U>T~5LF0U{aS~ny zgC@@_z4;X?e;l!4Y+}B3(zPO^-fH{pno2J>-ujKI(fI!k7Tl~^ZB4oFXv!5)WR|ZD zEM-yJGzHU!375Wq4<_heT@T}PE*qKutdV)%=gEx!^EP2W!)JZ`pYndKmX7~fD<5p* z|GdkSW=*l!pM@VkUJzMtIilAKBjEiB7|51g{81-=a6ER=m;;#PncQbdjX)~&gBJnb zGOjCdI9=j9E;dnNEJE9D27@A=DEOC%F}VX8(g_dX6pRM&uy(0(1{=g~ZinCd=b?9_8-)e|u4mhR$Q=<&FOs}~g*Eg?VPipcwJk>e2V>;hV-?5U zc;r`*hmL{f6xoDFX%Vn2V!oy$!ivj=!8;9&4BOy-gF*2iNNjf0*(j{-`$Ug@1rvO} z=CwX<_Dcx>U%1>hTI`k@ybm=HaiEtx_zDq15dTFGz&rfOLwozb!Wdy2P=$ZzGHB8= z*k;kAUpJ;Z9>0c}h_D?6-S&wRc*RKk2x4T9P)NOHdg%9`*@KPf47(G<9v6ea2E~a8 zX;#$GbOk9E#Ko}3E+Pc+nCj7wjh5x9!ORQmc)^Bi|8_GDXBVvT?(!D;NKDL)m2V-?K809yPoCuF=!PARfejQ`C#_Z1pZ=_r!yAy`&>&)e`4b zj9tyJ;{rxz*PK+Z?D`c`3JBwCmM?ijEZkJ=CM^o-G&=?&8|Iu^n#>20dFsRRls=@> zmKlhANKWm8M^LIJ7ud36j;tDa;x>5t?)9ols}h+e`R&HJxCC?CG?`XL8Ych88yI+k zqz79&&sL6nt{nO7tOHpI1D*qHf5OxN3YN>XR&i_&Qyv_gmF3*x{O0e^RdJxM5vbj6VWk_C{ zelwEaa5e{8)4iQ=iP>g^{adjSf7~0nenhu^m%K+daS6$y%Fzgx0Z_#@@yr)Ne}h+j zF2wsCZsGlJ4Da!z!W+Z=iy=Nk>tBi#mx4Z?{WzB882ruB-EW`NlPUlCg7RCrfIT7q z)jluDf3?q*{jL1>9?wgo%?BW2KOK2ubO&8i@1b&&I#V+_|$|`{RZ%5%z=G~8pxQ4iJ^83O$MUw`HfG)6YuIEpV9DAy?mBjoY7&Ba;fLS(a2EaM{k** zvb$f^%BG_rh%n}SG~y0!e*dYLnG2d(@dZ7Kh@F}Jicb*-O(_@a8(hl5@O?$ng9u>L z4f8_LVQ3_H*oi380(ChWQNSxDPjJ~9M0pgVZ}Hp;|37>0zm_<%EexN3Pp+c2J@1}& zjz9phTlbmyUPVxBK@Go@e&=b5q<~10%A^8_qXzqC6o<1b+Ccrp9a4~9nOEVv^&?sKGq}A$s`o}h0l8a{bHFY zmhzEm8_~*%#NpBQU%JN2Q@O7e@js?9J+Yn!{eua;$2diu`37i|?8rQ?k>Adf{|eGx z!EP#-B+g_imkY*tr14{;FVO!VIsZX^pYg-Tz!m4eY(Y)d|NfNQE4-ioHt{T`MsbrR zM*=-|Pz)}<*1lbS)1n>urqg3dWcTGxBTq$+?1`$f-0=(1|x*AWpJqvDFOD3%u5g7+N|c#Ps1MkOgVaqvJ)C2%R#}6(^W=h9J5J zUDV)pQKROupC278T;}?GJuAu4_Yv3Gc|uuP8Y@h_KZo_d!Ohu1{_i8=^Z%wi1dZ7b zN`RI8Kf9ac|GS^^@BDugkHr5!2D_6ke8AGT!AA%Ck$MEFR!~R&c9PdebqlbufR%5p zXY!0_ZtGdS8QwMR)tdI)1;l!OIvk?>nlvp& zVZ37Q0}v@%z*cWeW<7kj6)|@m+cu;`_4Q}k-_JoQ5a{ti6;v1c*==f>(393aO}{ctvz75QIs>fWa$ z|KI!ce*eFbXMz47MdBr_LYE$zm}n|%`-{y-!H0s54k;Neie^|_V9EF176Q&2X9fF9~&4<+Wb1A1dWP#sgk(wg$|2swb? z6|%x1&;jVqB&?W7{V=_dEpNFVN{I?1Pmr2Fg1>ib*Na)ZV&*NDbmjvn@4FIy3CBLP>`%dYblBHyxd)J(LbBrgO{BoKw@X0HtG=H<5Qvo9+P92lklwpof5g zeB{}tL#a|{jDsqOaO~rhsCbr3LYQo0YX@uvnKt;ppAdZi`{ojBd{083H3KEzH{JWD``%6W+5wS2 zMkLQ29VyWL;RC4j!4!oB@&b$s@Pedysi|q89j=zx2s(te(V_FRFVqzTevZlJpOd40 z_y8cGYK(yqVHyk5tAXhNdW@e%Gh}7`n6g8GLeKyM4>~?@(3C9)VKvAjSj7kge3XIR zo-gqCY}xwW+0Z*1dYAprEBn{YXYwON{=Sd?efH6_<}LaD6<;LmMa}NG6CaTTG6PrO zW;N^!9lBrJZ2A5?)AOkPpKp{Ob^uyo|KHvHGygB3ei|1|r^U++&5_sAtVakn9X3?>5&ZG5*sVII*T&SQ0M&4(k*r#u%B)5UCOCm?{FCD1EFL zINt%#_pN(?E&%4eG$U)#BZIEx+!b&G=FORo5?w@2oS_5gg82CLJ3Dw{V;>GA-_oFE z^p1z%M-!E)7sQ-a7wt>-c1w;!SP=FgI=LKMR^T%#O@f2shA-uIk>4xWN*H4TlQ?~l zGdWngTFd28oB*WsVf9Mw_riTLx%@}PxHsuA~F6u7}^!}fvnBLIC9S%#4NbH87*c$r{3M`I`E5rhFI<|Ze> zXPG<_u~h8Grgpvvds^wZQvcS}&X=QXQS(I@Tm0Q3l9yYro1WxgFaK$O0X`nz7gBl$ zdDess4XLk?Y4MZ^pVeG0d^^F`*hW=m+Lk-A=`VcUGQRCf9^EMy8!6N2V`&6FY~n@2 z&HK=r!dVb3#a-W+CV1jO9bF>NWa;^_V~_)&Dl&8uuQl-0nL^JvysXHSX8On`@(-ye z5hNEZu@8BOSK`IOY0j%}Kdk$$vIf3uZ~v3Dx3`-xE9qs@kmv$jQo49gS(Qv#wN=9o z+DasH5(n4HWmKQDa(Mvgr*oS54{yp`WBqU1kJ#@_#pMTE& z-Q#_dk3>Xi%GAt(gFW=TW2}h(R15iJ{+E0qmwUhe+r;w$TteSRp2OVQ`09h{5ILYX zHZ8++2Ec{-2o4ZQD<42(Xp$fiAOU2EEDH=Q+zUeuc7TU0Rz8iXBGT{BF_aI$5mkM` zN7qAr^9~t2Sm7VrX>j3KGk_h|l7a+W>=d?C}P{j4rmqYz%V_c zqz9&-VgKdeE9u_7mtp@6ei#li^gqF$Wa4C^j(SiZja|?;Eku-G(q!r?zodI`r2LZh zZCCl_|0*9q3wkCV6HqxW5hX1u+be0)Krq9<^YE>bo)8@yD5G4oYbCAzcVH0G{x6;$ z)=o<27bj`kc-Ao<-~YSW>|FkjeD=Nm!)Bfjpg3g7_0I7?QP}pT8vz6=4`HsZRFUgh z2*l$87wFg=_b zV<_licreMPv-$Mr1MoE@eGX4T<3hGc2=rztQQt89A=9&PFJnWh_r$i(_Ck;(4fItY zIvNl9=G_7Ckc}q@7-MEe^$|Ziff1UqO65`(3l>Zkof#yot3QbKPj3$EF9T7CvHise zTLKb;Xm2G%i_QX%z!C!U`RTwEUJRH|ibR`>!V;llEI1_q2Tw!qe;s=s(*4lh%jXcC zBBRmvo<8;6XP$aW@Z1A1b}U2)m@{`{PyE&&TNX=Y7A8(N2|#yrs1XC3oV+%#&J>~T8W7pJ4#v40S=*eJh z106bylzWtloxV93d&pokFN`jrH)A3;0yO^}Sj)W>)^hUpJ;u(@zL3<6gfwg+cD&|? z3V{JCXOdSFHa3t%8B4_aqjSu@)Et*cyCkDfpPf;J)F{hXCY344zzH-hrkM2;vNs$X zy6zm6#yd8QFta=D<*SPg;A7Xq79Pw1aXkbLN}0s>py~J|npfOB!$@Dpj*eWPWTw~~ zSr{55<6{1wl#gB3XNvcklKRYSgNX?l!E}Sq>g=mx^ih{tUHKgaMZF)l??q}#8hrGJ z&>4{(@b!ONaB7*z|Gd9&J;Jx!{}38dnUXO@3YG1YRJ*b2J6(pPsBVtL%q3VPhYkXu zhxlp@1|B{AA_I&a19@x$T=nX%s-@rMnzhsgeFuh+uwDq=U~HF(A6ySj*n!mx_uof? zfrD8-e~LXGF|)wYifo6waF4UZRfL~=b_p4dzl75z$A2M_u*aF(>hWKQx$bc;ST^s% zJ0E@zMEPe>Wo&{iSS?<}Hsmya+*P6|QmIu;%qfFF3G!Gm4Lb82v1D)4?c z9l)@emU=ui3<4lviK8gsbQ{vP$r1V6VHR33^ABJ(Hat^%kwD)qIF zEd2a(8)J!4C^7uY?FuU07{M`|m+Fl0Sh@q5>?k~2E{h8QB`VKIdXi-sozsBdq2n>3 zT-fJrkpZ^2uhSOGa^_$^XfILgYOa)}XY!Xq{c4s(hktIxGR07SG$yknd?${vlD(!k zqkAYwf!d`y09}!g?Ne4Coox;+=zzLuP2fVvE^IV_trmhVcIfdYocaro6SiZnU5a_DTp&sSU}+Y zwU8#VyWd3<+1>3m(6IM{3gSA;u=jFgpsqK5j12yIJ^*%wbWU&$;v(Jb&nQQb3)BTX z!!mW`5R@9BS&9d|EhY+e?}*m{mu}EnLZa$- zLX%auxq;vS7?=rK<^ao$LVRqKC0G(~r_k|P9?3^AlmA}K=8` z5uu@hNqlb>N*W>jBkAXQtm7mmwNy(XXlU$g7s=;YjE(S{f-(tJbgHterw#D`VawevS9mbm{&@-v#Lek(E zxgOG4cHC$fi8A)qTaf3!kUKOC6p0yvd}gu;%Bq3NC0StO2v;gn$<83b4yfCvKU@gc zEqzaRbCN!`8(e~|n)M4AId^0CUZ8KmfmlM=vnUp@2MlH@3+V7`_mVq6b%7^{_J^*; z7=>qqQx(b3^$3WAK@u*b@v)%Y!gL9U<_Q9|olkpXFXp z>M!$w4IyE9Ev>5XQtHHRV9H)K{tKxSyIh?K7!*APbuSaVe%1wKh{qPsDBMFLleQsS zg9%GuZ2FWt!dQC1FdQEEL+A%RVaJ-uU13K@X+^2@!3>YVlzn5FBW6JhoC$)l767;d zY&b%I(49hCIE<|l@liS{z335+;)65P?97~#eR*?{F^&_lkDyolMdd*D>mnHVgvaXJP|Iju7m zkldJ{s2#IQI4Ym88`$)grjrbceiQI95m&bpPwu?Eywe3PDmwsL*clK?hKVtQexMQ7 zJE(AdVX>S7}TMd!m1x|CByXG!VyHHI^~I6el)%n{^t z+>1V6OWf_o#oaTWEAm|4RZRzbpf?_XzIlg8^p^2yx?#}(T!gz%4|3qgmw_t?x(C^@Yhprh>0ulBLo_Df!bKkR zu@`imTbK4;>P(vxx|Vqd{27CoU@opsk!9yua$4prXy*VW!Up5ThU+-j(xOP zyX<@Xt)yP&)>Az4=^W)$O@c!AG8W?#=)Lp^#|0&G{oe@zmtS?6gGM?HQYp%AVs*N| zs=u>;{Q6n#hIgq{LmMD=5DCv8hPIFeJcOz9}kJ023dp@*)hsS=zw6g2bb&jra*d%6UWO$I;(T`Qyn*JjzwaP!WS1bZZkXs=wE=Lyu@XIeX?4w_P0hPY!lUpC7(mags+nFFZLM zgbZZtgnn7VXMy8@@}J<|n4NoUY?ytM-4~~LbVWX90_P2=hGrPZNP{{vo^f9Y?zvmk zjzgzks?d3~(+T(da9w;Raiz)(n;eu}2#P;MGj>E6 zSh&|iMo5(&VmDb*Mp4==OC#D%gHt?36RL2>swU<6toVt;k35!lA~!iMiySmf91(_a zfeXDh;^;wX2)E^>f4 za7L816TjQ`kht-a8G*3tF$*2*9 z5_EP~eaFR$kcB~Bdprg9*z!%+3UA=Zl4GBAW@c~Z*`3(boYyYL`a*Al@H}tPBPn0} z9`=VI!4N10P5);iZuo;R;WbB*&ShQcJlqu$n1GK2A@Ef`D#yaXR~U{w)JGn2bQDwu zA{jXLhbi$_W;?hOmJ?NYI7L5707U1R_{xJmV%P!QX6VSDBZc35>WE4hIb-) z{84BHQuw~jKfZ4plA$K*d`>EGF&G$X8QTg(DwXHP%z?IWBJ(l$tbSGj_Q2=e-8=)6 zt}O$NEixrZ7wNt^LDr0l$8MnF(%0Rc_}`?X;I-C`smxtA z1al1z_ngsPFh#1hcNZr72`&4}HezBgG2FPOKBD?JClo1>Pvw}oBv8be5(%*zgs)#e zWD9Dp@cY7(2^Ek$Sq2I3i|E(P%+mey&)}+`&hxLoc===!n<^(nA20iw-Ab@%V{mg= zJr6aMPzKQh0o4X$)|O}l?hkE5Oi&0~#^E?77GhZJnKbw+-BM*fWDB467NcT${)P-~ zw7nQk=0MI3Iux*wLr3dJ0(Q)fGoVhjRe5t$QivEj+qK*;jdO(r_C#Uy9Qe2k6$kH{ef#ttuP`cvq&mg9Hg3;SHscrP2cvE}%M_ELak^$L!COmt}R z$W{8^)62shK;=MJde;^1DCuB?-R}TTjT$cnkC9_Q4lE>Lh>2fA{uFy7;VEi3Bsi0Z z4)aT)VP49o7xl)s%H_gKm8gqHP!{*DGaXa1FA{;bF8#R}{@M-gjzXX7y4c{!`a-ao zjpj*6ROz8KXuP}T8q0i7y8vJ5;!-utUTj&B`Il_vAuKLh-V0jk@VHt^+s22utlo}b z%s+X8xu|jO$&Is7<7E_4Ht!-oK&cDXUX9u>BZuXKhmEt3(Gpc@m&mU^cM=V0KR$*x zcA{9aNHYxvRiBEkLOw#5`qb@Q$VJl)b(bom=-Y_A>0%@PE9{La zbyrnW*h{GeRo(tOq(b>0`N;WSE@};}a@1^8YR{VjW<~y|Y_5FtCG|?Ew(vLXQfWo(CO$2ynj-x}32w39IPA zY=a{=1easWVx`;>38Wj-T}88WWB}%IX#Au|0$g!mJYEW(-L{L+T4qoU@0&~qC|#Z; zhucBfR2zsHkSS^r=;~%hvb_fCGyy!Tp*XY!<_oI&Ug|A8{Qq<#SGT!0oarPfur+FZttd#q(ypQQ}Fy z!LN)zr=k`q;i0D#PY<=mx8sTi4t@nceRQEu#y#SL|CQPKUpqg2G)xct^bz(5OB(po zM+*{viai7T^s##QrBtq*m%g1>>Wyvsh|az=k4nXhTDfvU`()XkN8=vihsDe&Z}5L9 z#m2YNb*Tt`6A-Sr;o|bwhuBM#(svmSZ8=2@|VXIZTmnd&LEX?xETfv zG4a7q9~1c82D;DC#2`5M6-49wx?pH9${UKp5yvwNTc#ua4O|cPEpssRCHw-Rc{3A# zi0uFT>7$tRb|{!rDKV8m=hwL)0{{Fc_&>^j{wGKDw&>767LqzlU!GpnZVo^MnW99H z9Y~->D-eT%e!LWfu=}V>MOif4WdnT>5%*@FA~1G|t^DWzHv8ZoK}LPLko1$>Zy;l! zNyeeF|6g28Q7pKg>G*x{GyTTFe$>wnaIJe_aHp4_|3yD$S-GJ_5c{idhSOLCx;&u> z^aJHT?GdH@lnc6s=`q)Z1$5C>{?o@}eYoh|f?*}xD2oVW`GPH{0r2p^EZy|0fS|Vn z2i(9xg};(n!Zt{yMtQ>SyO5WH-T-W+QVve>tDj$e52C&~+6rf}kf4=C5FIQAg@3dN zl*AYb8h>q0{5sDf%jI*A@u>XI7V@gPmyrLty+Za~{%_*>Af49uDP-~Kjk((sWc7oa z>mBB#=%FEUh&e(0(w7BC@MDTeBv*!%!&3rN4%{1?7K@1cT5=|M#`CSmZ_yEb!IJz@ zMMUHyYMlS;So@cvbh}+0I|N%u`H3F~J>+7R2OzLafn{fjpvAl^_afsN9f}Pd_z`e3 zCp!gmk=(=BC%y+=da9AL#Xas7uq|JFV@HADYlN#XC2B0hE8=faJlI!y6puy{H3_zZ zgv}r*-^=E3=^=JTC8p2qkdmWGHl5A>7yIhaFn}MP@}-P~KBh-oVGhtOlVt;ymg1=k z5uui?L@=em&=46EC%vy2?w4~!u-0>!KM2dyQ z!7|ozT_OTevUexQ$ ziIw7j_`*(?w2;O-NynJoMZLZwXV2`i+#p?fOVfdQ#t`l?n03Mw~=Vzyw_q4BniQ%$M4=OJW!Ncl*ioj!-V3{LyW0K;car9U3x(%M^UCPK9xSU zEIefx4cQtyQXEUHaC=c9aA;?bMU2~BygSgxv9z#WUZA7kxNA8ug9GT+%OV9A72jHVn zJTk9Zq1J_w0xN*4^g)-o!|p`!nt|_i-0SXV0@whcS=q>x=0N3ezVIk>cyzFVxCi*7 zz*YKD6lP5{;l6ncXHte3aqn!r>_i>`^>y&*&)jwP^#Xbea7TL(9$idBf8FN+bi-PD zFNe%|JW631%ZGiCvRv^fA(p>6UIZwP-Pd{^K=;qTUYHse;nBj-ID!^*^hZ|k0aPvl zGz^cWb;k5OV-6hf(d>)l(5{CkrV#}f6JYw=FFlzhpmw*mUKx*dc1G3M8Lb-!?h+Dl zs!kw|wg)}Y0icK#!A~DidT;;^+jUSnKiV8lA6PBS7axV;G2Dy%bh?iI$iHO9JHj)^ zi5MH%qh0p%T(jqAe>O;u@tB$QfRpqd-japdNye-od05O4`qI-`2QDDcRfmo8bU zAuvIn*`FnCp@Awn#omZWS^7V+GO1a+^*BubMV zqVf$r51`u{lUWbny(B6b9%HePYXT?Hvu?zlQxwRvPw2_jR&J>v!Sttv;0hFRbqRtQeK> z=)?8R2n+D&!@+X`_H54s=<*WY8xYtG6PIJlsR!jBE!(yqsQ24y`T$X{_4N6Bwaq7>GSBA$W2^<~; zZV?{qmDc$kG$TMwSbgqlXg(ZkK`)m-8QI4Lqo5^^TQa8RWQe@8t9V#MvTo;{d;PDNRq5yRx zqp*uEQSEVk>VE)-L50XSN`~RH!F~Nmq4lM}HAEZ08v&_RGOZRxZ5q_M!!36t&!)5c z8@lz{r2dEvR2K;{*ENXOq&9DwCO0W(JQK5u7ZxO>wvHo7;!cR1vdSnS*K%>Emh&0)Pq4NRM#&!>Ri7azr2D~@)Jb-Tg z=b7SVGh-tgd$TB}PlV@@jL1*^CLSuU!4`*T>)_8V-5qZoY-LqdwYPS* z_!PDdw)RxDYHt0tvlUDt`ZkyNG|xYcDFNKxldMp+25@y&7A9VEiiv6WZQWlBJbGj2 zkTePMwhqA7=g*%%Z-Hl3hGKY>WzFL_jqGL%ahY(WcvaNC1|GvS#H+CRG(1Mt(_Z1> zcw`yCFFkW&T4;buM2Fm!a7#pf{wP+L(&OV-hYyi=)LfxB*~dOWs*8=+aDD`vJ`?!Uov;imK+A9=RvFgic+ppGt)XEG|oj4kF~z!#$K1WOa-zI9s;2A3%kF1q}Kb_(--FSRH>RAm|#nwC|Um&B7Ui zZeD#2Ji05nBMYEmc;Vl^Wi)Q`To}h=ADY(KLye(_$Pil#U7a65nSTZR;Ip@i$c>(_ zp(TqksI9C2|TW`vDe+#uaCx8q{lTj_S*aU^%1#2Jd&rx3=81a2poRx zkl_H-jor@#ctm$R&sT%joqyz<$j&p|6dp7Rs?`Thxxqo^wXyjMcwGN#LBgYamGIg) zTlB;NdecE}nCC`p43E6#;CjHFn}p?<<5B9edoE9Wg&flvfH#nBik@fw+@iSKIsjWk z-*>lmwkXtF2jH{1vlUe{Vn2LV|JsRvPNMI3ck{^xySw?ne(%QdxK=Iz0o;2+fcPlO z@VGP=fB^12AwYZ-8IJ@JVq)iTwcC`$A4MY&I9t8TnIs+`$+GYm9z_cL|G{`%D|e3o zuKp&o^(=TEK=)kYS1%cel++(9m#g*gQlK_gE}5k9@YoLvv-(= z>v&8pPH^U+X^1z-J9}yPS3eu{lS<%m4Lvp5*8#rX?ADIy;V*_whQ|rE#x|-_e5~o3 z@&H<_4Nu*((BJXZH*^T<#`ZPG<5MCR13bQI4Dx4#cns4@KgCZF?MMres-?~l1-xP z?(5JakELE2v+w|FF|#9W#B%lf*o(QEiLSv2&4Bq@iQ-;?9@o5Dn7>!>eW(wE^Ni>) zHA1r#NAhcVn^92z{A&ZF@Ov)9Bu(x7DRFU4?VOUM7b}3mD&GZmvfeCKbLX|5O~%hq zWR#wg#peNh{NKhho~rkZUi)$<0Byb`TJO4ZqGV?fn?Prs6Ca5jAwhkGm$FMfx+oQ$}>yHDI_}*-NRXmQz zOAp^7-S2|1qn8ExNzVrJa>22Wi4HB(8LXNAn%x)DWe#o&2{^@`d5;|*S}bMrq3H8< zf(m1xz6u^~)6qmU`lI&8N*_qgM3Dt!hu13Zo5*6NFbS|t$F#?G5aJFtejED$y15Pc z)^|c>C=8mud3Dh!g@{K<1exAehf~ZX3QO6D$TdVa*i5`or z$=jkq`FRz36nI?eDV3zhI5JYOo=zG|Xs>#3LWR`%s!MugoM*a|uN$JkTo{zj$ z$HNC8T^54NusuMc13*jzrF7^8n&nGRWa+cXyw~%1Tv4?mj>pPdu2iwXLKO?}xT0#s zYI=M#)hopOGQ@{IF;W45&y3GycwAAn;_rpWiJJbLemPkU9;L@eFJa?&eABu2HYu;U zH6bl-@T=INJNhwM6YAmhSQFug3qCHc@g9|i^s%r~zkGb$2Ib5WJTljt3A7gG1E`3X z0Qz7$H1%O<+ljD6bPu|(9l*fyQ#^0go<*ZPf=7;qhG`=_PRO|jAbtk0Pq`t-B=d!2 zjeto2a*Wr;A$S{jT<%=)09XY95c8;z#Ep+Z-*k+`wtp2a$?_IP65s%g#yymZet4cd zka8T-rH3Xanyzz2Bi+vg?%zRRlIR8K*mkjl9G@HnDHl@w*yDkJhQGi8awtEQLM9x9 z4DOq15&YxKbc6gcfk!dNDxY+EQ5m$DpM4{Nr8lGUu;&5Pp^X3wAOMhjPg%EhMp+k+ zafNaXJie8}XG`$-l(KH?jItV!@#sVDg8wjwykJ`&zO{Hm<_8di^(A)rBX~TdtZU(} zUP6zY*S)P>{RZ~6jK}0ISc%8Cva8>~z7}|NZkc8im*NZLbv#%z6|{RsSif_I8;`$! z9FMx^UzV!f0Jz3^9q7pO&AzGA0|2o=PQPN{a8|^&jh!$|>Ax4C_P6wZhp}A0rO8Bp z*%>kynbZI|$b&vIb|`6@JRMtpuK)}>BQ$%*;|e^w*jr%x zd`K|GD1#LJ9yq*+1uHPlv4;#E3$pp0{{XuC`|3+)fLw{kMOx3_?OYf;JiQD;SL1PE zwbEFg4OmgEIH;T{hArZ*7JN^g-2=Qa#TjuxONtyRYr-xu9Tu7#Od=) zcGDs9C2^ojhM1?XX9*aBLr)R<(87b? zKeBvw2bm0X-ShzYQi4GfXBZS2oqwCz{uf<4WV`-s2k<3gVe$_4#hB87%Rt?jt2oD_ z=jw+%nciBd0Yu(C5sfX8Qvz?mb9ELrhrCzue0~7kM;GpSP%Po`DMzQEqQ|E60AdOo`Izx6$AcN2llX+`<) z;R7pl$stUJuP90*?tddiwum&CRJYKv?Rsd49AZw;4j{FJiv4misH!g z5$Ig>3WXaONJozEu>v5m2x1!>$YN7tA6bx2V1g7EdeATjc3M%6W8IGBRq3=mPMZaj8$ z?gnQ1GlBP_c1$RSO#+6d*;*_pt&1 zbY=nDbO2#V^&xXG;4>1dAC$6E6lrcg93c`_3}ae3L7s`n#G0i+nE_$422fbrjD3N}zGXTHK+v75FxF*h7*BhA_bVqp}rNh%LmX0AvmgtivxvlMjA z%p{x6e$ISwu@OKb3IL@h*%aj-l-lQN0a9oI2rKCwfX|;le_lR=rN!%ri*#o8v#i)0SYB!3G5b`a16>!!yxDln#yUvrH`8o7Do1y%|w(ZY15CKYaM5c+P5 zbJDG#ceWRO%B3v?C+urhB8{c^vMhl8A@WFCDr2{-hB6yMw4w|lITA_7HvxzF0Q~tE zBbyHt)rJ8MUH8zlF=r!nq*E;iNU2i7kAHA|KS0-obRf~8G{k}UiSDc5-vAJFZaU+; z=m)@}nhtCg2J>lm z20TQ7GTQ;|Ivx8q1#Htf0NL1&0NC*E0PGbC`9k=jPZ(rx53o>R7!kwZZ&ouF{$0dS z=O!1yOST*G0SK1l^@A5h@Rqhtt{Flu{9s z$N=3z+qDq0q0FD3);>K^L6M1GZi_>Nu!eqZoY#fOcv_FXMYfY!qWF1%)!v)ATn2`$ zRPe+3(llvB5vyW4KH`Pk>542w;|}nUjo5_+E0)L(3Y;0vo7_YS`KUd+M50<% zZrSwEXF7fC+2Szhh@HrmJ`)BO2T^;xm2e`}v1Rey7aTm8k~X95TWlXHiueg2s1E@> zRNIKIwKPa7MMd!l&3TMdIOdzmieKvqpZMSmmgWgUfyA9vW^{sEu{Pe z{%)}TKyl!H2J_WXJUWmqF-y+K$qC_#b*Ze;na-nbX{Ckl?5%Y#;PgX|h{`Fkfj%nLje~R3Au(tmSh{ zrBaIW0W{r#2dUtr>kAqf?4{MTswfr5_pmXhN3O*toF1YeN7NoEhk{g&JOoGdo4}GG z3#3aA2eo6Ot>YmZPdLM4P^5v_Fki0rVIKH`{+08`3|4aOkr(y3`DuwDQk*)B6yfhnQ~O@>w{ zhM~oUVj%=@M;P6D$l}||LDLwb2^dms-$6Pe1bQYjxzLp}g2mnCi%XRY_D{k2L%jh8 zm-x6JEP6m>Q#b<&iVYI$(WPSxB<&J*4o4niw2qE|KX!z46aFl8kBm)j3&AdOfKaxg zG2&VjJ*B3YS`^E=OPDNVnRyLi8i4}+a$tCn#W&iPN{XILkO8`B&brgChtqS(f+JD7 z;=90>$80acqu9bzV2?%8<I)bk%DpK>92z1SRbie|0=x#u`K9oD~W+loPlG17}&xy z+uMQ~Bs0G2;S~KS0T5GD<6n8uM+`es`l;CWl&AuQ6B5B@=z%(<0@?0*z`WhMN(z+C zJ7fUcBy?d7K<0BPhN&o-$m~PY;w+vrQOdk^Nazyq%tQ8D8~AW=03?u7YI=|Iwf|;J?Z1AY z`~M2NSJR);D%TCF$RA>EwqBTZLP`R08B9@gBxdV9ys+LYX|ja--6R*SSN++yuDol`GT6%z?J4QyqDT zsTio?Dfc3wj2QO;LB1cTb4*zBZYl9{l4f@U^etrwjGh^1*kQ(h)v!A z#9^9wqyftuA#Ph^<~Wwtp6)pVdWO7eOnbGVWA+iDT3XljP>SKFE7_nKjwm5fpg2Lr z5l(-hP#%EKs=~=9xWDA33PoG;c;nsO{CsQrBU`-ga=6%f(SM|vG&x{{tp%0bfUFHl zL)-{D1H=e}**3(51gHIOIuZ_z;^ieTSQ)=jqrx|kAC2OrpgOV80p|^cAtVb3B%oC3 z3@+zWmT#8%g)XOYX3>@TRktcKEJ)}3*b$uT_JNC6OtTNxV~Ne+06b7Ur&0<4&^24g zBh0oHeVdtN6#z!2V;l&3i~_{6NJkVPu*XSAo|ITjx-x8Gs4h%(NhScW(;pLli{%f4 zyCV69o6l?rJtL)KBe>dQBuZa2&g;NOo^3h;D~^P>bnFBZvWQq&QMP+2fNZ0mHX4^~ zStv1uztm+zIx(qeoNzpWuA1JXWDh=aJvI0}m(HctZL#Ls(P5E0pRqgOL(rAH(8MLa z^vjXy&_hcXa0%W0^UvU@NPqb2uaxc?U490UDG`Gyb3#~fXY+`;P+S}&d-Ko$dWI#r zHAUi?=-5T`4v!o$;lV)OA;HZ*Z>cEUnjdPGMtAN=$q&@g7Yv6x>`G+u_(H)E9uc(r zxaLDgjbB6yX90uztutLGw3jmC#hyd!Oi z$Z9r)AUyWwBDp9nZRJ=|-)@zPNY&$-%MjWc8G~AdJo_-w0H^sAW-5371-2?@VrXJAF$vTC0<(DG`iqn z4qp#!`Kso?<60Rz_jMO2cU^JPO)wHQy-QEQ*aK?1pr+MrMd4|1sQ&MbsT7Hb0g~uW zyeGNH5X?y1HU~qWnKu}bxdtU@X7QBz;GRZ7bx|J+*Cu~xh8{$wZ8`(0kMVy5b~JXh zUrBj_I3$Gg-A3u{|NDOzEzqJRiurfVt<9qKnp--bL7(;z@ga*Ph%cU2sy7a`#~Aqv9!JYE z%sh^o5Ia$oCC+H)0I$?e&P(5Fht*R3@~{}et|2bACV{nC=l1U{{)!9(ocE!{= z@u{#BO+%K$cdszYNrr0)A2l>x^dfp0NO8`g7b9q0B3eXsv9hX6(wzFf+l_#T`xz#J z(&nF7hqTFMJnkjgVJs|WtqudzdUtV$j{JIMhmk%`So7|DhqCV^eMxn%?$Qn;9EPsg z4@qxK8HsC6nZ%Je*P)EW^*W3rajrudiBHBM>CSg3Baz~8cQ>EFA=`^3ISZH$Jw>_n zV!CUA>8=v@r^-3!#{}!p7xv0O#wIgf2K_L1nLF;g&(bFa_fKh1S=?`QRAK&$QRfCm z#Q9lBrDy=?%-GpI8p!m?++g+C-`oSxBs|ZV?E4bA?FCuTdb3a<$qG=n-Z*U3kH3{_ zhezk77WeVU&(_u1r8xZ6~gZh|)Ets6p*hNk$VmhPl4pok1KN{BBWdDQ?^K%KC z$0AV7(5etHN(txy(9?^0qZ{5TN4l$&7bChp6`CjglKDF^RWHIhztYy(T?xN4z;ZtX ziQDJ-G)&##221&m_ve4;BN+^|(s}8yUP}9}^}J)Ks;cho?y~<^RWV>hprJ_!(0@@;}rc9xFMyzsd9A132)Z0S{t^2gY}PDxOkJ zx>eHZm5ZAAOi`NRj#&CW1=c+Cg;%>DhRCwhL*KTP7E80kc%_90QeTos$by4crf1=v zaAD6dMoHwi#nZ#uN$LFJByAhw68@dbEqLbl|F=e^asI4aVAcLtch$uH-_7Q-@B4of z&x&3DzGwc;A8G$X*G+i{8a7JX#&eFbV*lrJpFSn!|EGNZegALb`LM+8j2^y9wn+%| zW}xB>Sg17P5Q_5kd;G#&=J?^0OjPebvn^ajNX${ESSyx!!5QSalqG!)07(fz)*TAE zW@-R^G=(!dmKTd_`U}z48DcPean5`($Yax#S1Bn}JcHwnm`WG$%Q|yiU>}_kY?ub!^_HZ%+sV~kg}ocn$Cb^ghyi{NkA+N zF7Blmk2{rUAQnX`dERhOMoJX}#7s3_nDAzKPKU>Lf-qI2!t@S7BoFv{9MWx3)TF+& zptH(*Kcx1Q*d{5Lw#sa$0jQg{Yt29qGA81yixwUmfF-wBXHj@M3b7tZ@c$T_`Y6RP zllhRPAUH_(Q*@w|xHO^^A~|QV?nGpPVel{~HveR@had_9GK&V^{JV=J!LC zCM!-KD@w~GCXadgdPRYwOYE%*SXf4VV;_4av`A*ahfWC^$ZP|batX=docP|D0ZeuP z_IM;Li_Ks-e~M#V0vNiGWfoX911#5eIEIhGEe?Xmux*bW)1U2t3Bv#zwr<7b0sPDc zAoN$h1O(2&(ENv@{1T5o77+;~?gbTCK5-vp)7d==17+ICdpBJD@FVGex|vb4DVMk@ z$%*Va##p8QW%JpD{#VErKE3OIn|R)1q2FVn-(#Wwma)(xUiArK(9aqKJr@Ga{D7Zd6TJ8|06T|W4y!3G2>mcy! zeS7~qJ&FClmm0co!iD#{CtUS&oFg+}o4htfSMk;onr&j2%*`X&8-UU;KVeE(;2DFY%K zI|TX9cM4c3|8sNuKc9cU|J}&*z49NkRC-MojI1b}XzIv+m->IRC$azYDbIRl>)$%( z|785nUST))zW+DzJSP8x1ZMBnzklB+vHy2d(aNTHM#vvm09NgPwNRMb|LWfR{@=tC zEjKG2$@G1;?gyZcaqvg(0Q8{uzM=p9p2YqyqS z-_1PXO7nw0&rQyqdt#X$=?^@6T<}qf^9SzLNXFKqjrb>`N!+&!@;ZzM;HN)NFY1kN zmCL`x8w2`KM~;uY17PUc*GAR9<&)U|dwl=%Y*Np40k~@a=d(%uzmU(r@BfWFe5IMx zAH#1%_e|F(JiBC24i6w_f@j~b^UXuV#STFqgMWM*LdUSswn&E?`|)6ipn*K{ar*!o z#>cJmF-+BY|EUtUC~ob5txFHF=5B-fQFX@AxG4|ECn0=qXo}%HGia&o0{k@AkiqJn`b_^Edc%wRHM6 zD6_vP=kROK<^6g36W{+VeDE7jF=>1Yld`1A@JGg2vH!E#x%2<0Z1!FLZ{+##k4(>W zGCfF!ib9YNQbcugRP(bJUXnOeyd+JwPNY3`uks7 zV0#PvmNC#IOg)u_D)|2R_tGxBdkHx-)%{{TKL4X9nGJ0Az?P ziwDB;;P78{Y}?pLlc6F~3`F2$!gpJW!a(}zPtoyT3JVANCc;mD{psTX`QKu{Ngr=3 zirEMM00R%XVC%yNF!|}v*tdUeNngkE6M^4A0(;uUusW$jPEW{5fso7k+-h93?}HhBtpV*Xf9s~n}=M>)FI&!dGYaBa_-3Bo&W&= zB3-I2zH$d)`7Y6;1Py(xSm%lE;|91WwmbMGz-F+dK_@&8D5`bG`a4k5yJ;Id1J|JgupnL$}ktFfrcpv|$cJb{?^QhE5Y!pwa{{C$= z?jcsnWNpvkrLG6BjgV(F((-XVY#|Nx4|wq_ zo?K!17-1PKX^61LAX^wKUaXLD?-uESO1Tgj(Vb?9gr#VB?ZsW=S-t;rKkNp$YX7Ty zxrF>z^Xhy2??#?S{Qq>%APZdoUK`@~=Q*Fp_rL!f?tiQH|EGET&)(j<|KDbw1tyq4 zFNBuuKMToY*A|(XASe{SZkd%>&?#Dm0E6U?49ZtN7=J_vv#kQYR6YC*SS(_ zns(Z{uiut$YNf(%?e?s6)hrY{IsXox_^x(u<*TK$qvmz(D~`KVU1ip7zZzvADXU$yto=)0@?vs>LJ*^9x#Fc%Ikn-to;B-PWe9 zX4z_wMqahiI@WTn)1LWR?U?>lv&z>O$Hugi>r8sbL+dqcfv5%4^p~t2c0GjeO?}-s*R-*=fV<)h--qH=Xvr)@~bLpmmk4wuifQ zlgyCSI`8CLe&_gT?_4c3>!qo8<%@dzjNG(c_2RfzsH)|Pp4+e2X1?1xsi;@i80v1m)+mn}&edH*z4_8 zbm%s&a>lr2RkO9x@Q+S2Td3Zj9o3x5o!%TCooCDBW;F8P$yvE~T2rg7+VsXL*Dp@? z3r1-lH}5-ctz2vO+ILWI-yLbAyF$CHX~o;lUd=8{^<2Sf*v57BdN?wUYq{pgwa|5| z+%A65wx!ja)^)?d)7DA#3u?8n zanfntw98uS_AqPYvR^u-vwX)sbByb<+Pp2_^{$Ost?1wDw})!AG{je`TW{Hx)@&N5 zFxP6=Tg^h}w0wD^c1E31q1?E_g_^D3H`VM-`$Y5f*6`@&zFh9*h8?5i53B9zq}Djx zFPfa!Y0W~ZQmU1kmUgC%tmCVeR^~iX{UZ402+ijBX1%GF2F>!>S!+c3=Fz#<8nOP) zuiRR_X_fU-nevRIx>`GGHd{x=N#VTK+_yV+tBRVf-J4tOkE&WLc24&18z*OG?__^+ z(Q4hpvUY5=tZB1R*=-%)6nfW&UCR!#MZ0xZ&6V3%&7t4S9;uyH8Tahr^nB)5&hzDZ ztJ%pl?mM0Oapy~CG|XL`7>!2mX4X8}pTS(mxw2csX6fp#m#cMdTD5Agxxd?J-h8Rw zcJ_3~I{R{Obzr#zwfg>j z`_7Ge_T}bw*wHLJYuz5^tBqExI&gh-t6jHpT25DuYNvHnxVayB7bnI={k~&0udQ3d zI%+geu-CKw<95ltg(Wg;TSvQB*GGAD+xesA7`a}Fx@u|-?Y?#0yEp8{?NBw; zO1`ePtn=KyS2g{kdcO2UvsJI|Sa-eB-LzTv9j#PoUzvW%Xx`P)^`L;P)@?QC+SStj z4Q$_?Us>fdtyI>onrBBn)hb>!TNhWe{XgJwE8oeLcCW0%oPOp0VT{Tpqt(i_u3g;9 z*HmP?clv#8rZs)oxi@m~TAS3H`{yv*%Ic*uyg1pvGpw`SW}~F`a(73)Y)iekKGK@j z(Qc!8SGl>Z<%(9VQX6$@=-TzFZGX3SJ@gw^b8>ZmRk+HZ{b7v!z0P&VM5SG?nLoO( z-QE;x<-_c`s##i*sM?7;yJ}T-JEygweo~n>ZKHUVJ^a#X7Kq_!mew}vy_SLNjiW-x zF)pjuM!kAc-8I@Z4VDTg`faUds8;nVTQ1erjtg_O#gBl&C%|lt?r_Br_;7H4C(l#!ns~2cNZtd2p0Ww)aYEEXEmqM z>g0^<(RpiB@jA^RzOv6cH#u#ub#il8wC_xqcU!1g9(HUk-?EMx4QJT8Xb;oy)f&Ou&a8e~yKY!VZQagRdf66fI<;Hf!8v$5yzE$4YOlH9ZkV6HX!g+8 zOG7HZoOZKyRI^&8TFYuzn`d6TG}x`@vTf~lXtqx1|E$JMwldL9D!YxArQPIf=e7GQ zuT~lqV5w~PZneCT@3hgCYZ~VM=sZ^=7wyjJje2)oQ>WRhb~W2>Yj-uP*6y5?PqkLZ zZQZvn8ne%LEp+OHLxc5u>k`>#X4A52?RFunx3$xvT`r)LA#RR{s^tpf z-hJn~+OVqaww^Vz<$R-gHfi41>b-L7uGy~To6T&gZj$?IOW#HI)PwhidvQEcjaKWp zleNlM*H)=|UHQ^EZB^?hT2(*UZ?;QDu5;U|v_|`|dz5WE+VxGg zJh~a_h3avq);`syhGn#k<60JtK6|Z}k!zovRobUV_3D*-+iADF=BYN;8+JSQt#xW8w_b17{%D_;?oere ztmm>$arAj+G&<&u)w*hz_9y7NY_}|{{Y9NlzvK${`f2U_qFE~%Y6n(t&;F=hx6XsL z?cM9MPUGnQDp!V$vVNzRwRR(4^HIC<2~W!tcPW?r<)lN-BJtv5S& z7stll&FJj*%e^*2&Fth$-klalexWhC(>m8jnw~T6>&M2;mwagon?}`W5523L(Yb0` zH&<;#>)89Z)uw;aXw`;w$1<;OYr|%_If2>go!-8?ub;HY#mVr#etr0*meo29t9;RO zjB%$#Jk2hj-?TOICEKahuWN;leO9eDuL@Ob*t#g6-Siq~C-AzIt+(%P_43(Jw~Q~1 z#?_=&I{Sj!*&I5t_G$ySRJ}E1uGVSW1z)pjdyQP@rhQ#IyRkoeozmG^!z#^c&XIaiHlTh|of(cxYNMKW zb=}H0+S4yr&HY==vb^5y(RJNvooUzFxaSNn8+mQ2J43Z~qE*@_mB~fB)4oyn)u!X- z8m2#K-PUp!ty&3Mo!fRpE7jX>zItuB)sdfVP2Ih!-OARoR z(@F5Jp*2|d&>|}^K~_J->!PG|AjQ-D`WBfp2QPOrXq?wYO6*0}UyFpd>qAU@ zasa+={j&8tyI!X-E&%D>T=n>~rq9<8jj_W1lh5XJN&C;IcmJQwJn#OWlK!v;@RM*KVzT&MUlX+)u%(#LZDKv{|Y<=4UqDHWjYA_3m7=^-b^vf z(-(hjE&dh!_S@Vb>`Su`zJ8Uy`}O}a|I`|~^MefYTj2NKWuMc?X>@tF(KjFI>amvu z%#gpmPMdYUS?ol+tXtl9zk)3f^+{%kpg}T0rGrJ-ti_N9EUZIIo)YgE^pFn61OP^7p0<12S5;X2j~=8@pB}*VY}Q7Thy3<0o<&TgonJb!;6>mP`spn zwT$i9R6cx=u=w8`%(PEp`YlSDK#m;*4Pxv6~jD>Q(4V}_(; z+UuS9#}@HwG=N5TqaSG|mt>p~F4%%;+E_;Iz; z|NrODhxmW{`KqSQ3_dAHFcVN=pfdwSb1R)pDjr{03*9#`X9-h`ClzU}kr@V)eaq$1 zlJlDr5{PhYlMXzn8Ywf?u&ojcvEdYIs5@$XqzIc`h4y?Q)56Va$XY<<@$~ zhA*HB7F;m*_n4G(2#U~T(lNOB0Y@|tMVX*c4umnWUUH${7hR8asVQN}B8#YS^|kzp zQB+ADJvDqloRd$*zTK?GQ_~HI+uZjOe^6YYfwqg&n78U{Ft~62R=;-oZxTN3$^ZNK z$@7N)_p8DFdq3YdM*mZrQ*H0pfXRx}av3;?e0M_HdL^W;yWwIOzR&s9>3{uPOlhW; z)<|?$Tfjd1zZWlF)%|~-J{#w{OS~XYbyg5D1x)B&H#d*_teA z5|S0e%#@1EfTRKpxtO%LN`9vMqsYWRUO<9Z#4KY`28T-3$ zUKeSZ9vII^seY`Nykk;TE~7HAwHv2YFe|>ftEFsQ)PD3zC zD_o2cFoc;D_ojB9k+%#Id3}DCC#d8p2*se{y_)Z`lB;KByaNr83yYxlmCdVfcL#(- zn&J7}DA)v~CV5?+rJp8*qyNVQojyQFmu)uS$t?(l8Oj$4`z7xU6_I)vle(R-M1e?X zM9^pA5JM%zbWH^4eo2;;da!O4CW|~v=KLg2(7IsCou53z`VpQ2Hp>(j(&XPil58=i zB3Lp7fyx9N(Ugr5*aVNyBn}_u?z9Ib)R~uBsRTFwZUppRTc==$YIGGgsC|fJjPyJltB~EB4UszBC}bnX_Ej4fN zZNV%=?#t!_fhmYvmY@S6ricnb*R8`kpg;eB`4u;1VZF!79vT(tMb6%k5Q2ybkYu%F z!LpL=+@>4J>2^xjgeql@t0C1$`3-TJ5b_gU6JTlyLQ{~OwBat)7pp!(<~KPZ*4UxCz2nnlnTXY)GY2Al9+_p)7e_J^<3L^S4)sU zsDR`^5xk7_Ev3nQ{_Llgu+}y3O45Y4NwXY0y7|JYi;K^-Yc67CnvK$Y7MoJDl&a;_ zhGf}vbyL9=uh)hoi<{8a!h4t>7a|R|8Y|$Ddt%&dSgXIN{Pb+oA@v=Z$th2!AOshk z6zFfuHDOY31f(GU%%sxnB1_cw-*2&Z10FUG7wOp|-X&Em2A-*DlW6$6Q&FSxXS%I- zr%lb1+jdIE6^hl(P}P3Q1;!*pfv{DdwvlG6tbf}`_4cL3{l?d;|1puf?-UTeNB{Hu z`O}8}XR!a<(>LgUcGmyYPsaXKK&LqJg&n!31*#S{6hSqpYr3Fn={>50s!(|}LbXbR zPH4~x4LTwBW2a82c5)O%kt|EbiW4obm}>ejd&Ehuz}6UY>K(U%%VPH-VTvRGp+v-q z*c=f$Xg5%{-BhsWwQkw`1G&g>*fDL zxJ|iG^bV0=y7~X(r_by8-=98t`D)1jxR-C>|99s9ODAK0tp6LhJ;y<7Tz~$1gW)g0 ztnvDJ!9BA1qZ|$oi=UU{ldrz$iWWInio6b+ud&7TYDv{KvJ=-!zPd)Ink8Q)#@ixq zj<@FTU3E-8UM@!U)eMTgq_?$N8g!Fu7oYk1uuyhs{!v1Rup6^1eYaoRK-ltn;u?oM zkk_~vc=^xCBga-9l1xO8HCPUGTBwpakvs-+twGWp@HKfv2|BK6o=OWJXKw{U1 zSY%lq4iCOYwl0qeH9ks!etM1@mlN{3JW|2uBdpXcCXH~%ACl{0Z(kpp0m^s|crs^; zOgPEGaYZHA9vS+hp}9WNs6V>al*-n8JQ)o_;~+E+LL+{iLSuer`^^Zd*N*>ukwGr| z%H%S8xpc0>si|YHU4}~l0?d(dW$wzY+~OqAH<&(bTfBl9H$ne9n8%JIWDU`>w@oHG zo`^fF6h@{QdqaVC+HXz^0x()x5VS-;a7hl+GQVC&ni8vq_iM_Z|40k$wl z+wj@dww|q7rPn!_x^pBIwE?m?zx;}kPVm$M4fRpWG}lQexwKrCWvMXCbFBwmQsSPZ zrtO+_v4^r4*d62lw6*{1#KieDA^XTL>jIX31iT98v>!wS%Ysn1Lk7ta1`EnMQO?Ms5R)8nkPYAJ;s5 z_eB41Bg=!%CZ>2|%q=!HM*z(s^vu#-*jN|OBHD?_oNulAqn1NVfC6jKq5c@nKhCes-u^X!*j)^27vOD&bslp%wh z(ghG~CCP|J(b!&IBXjzjjcF7$JFtyv090xBgsiC0hv9@c;#Lf2dC?$4Zi9*i2%D6K z%sE%7V2NrHkoKKswo?H}YjJ7pd%EnZ>54onmQ!;kO9I@Ib3}-i!z;4-uG_99SyK7i z%qF!55skV1R18{Ti%>wb_l{8`8Et{P@2yy(XX~^Ch!jJ;OQm>`6qLxjYOUnbq9j+= z^qaE%RIP6=a5s^p_#G$XZc1yQ7j6cxhn3g>?>_49#lb#b4!*R0_H%!|`hN_xb~jJp zZvFqWCoi7X{eNG*d@<<%_wo(;|DE;!=45zP|K)oLwRxvJ%3?=@{`>O7`*W(6CuE`< zOmt^CCu#csOZlf74Xt*7hOGEcx&3AS_XdsAC6#c><1_*%U6@|ZbpffCY}(&Bm_$DH z-paps_2o9j1cN0po?NjQq@rhkrXJV~1z@!sEE^kUSWT=Y+k*B0CqwTG6aY1{V3 zBC}a7-J!wX3HjH*cYK1;V0j*25V*mtYS54m8uHCFC zmowFH$mxX91KR==2|(yAXcaAZgx`TWkmPL=h;^#|NZ6c=5}v?_JPN1;eNSr+La|$T zd`Lo$e1{TiRO)auf}v+jBIf? zb~bs6qsU>F&5lBDU~Q-;m>E-(eU3Z=i3C6|_o36$mpjlKLNiGq^Z_L)m2$;JSa!PR zV-tHYtaSZ&LdgH{%#mS@^@NKU_f-NA;xJ(RU&iCI8asbCnNbNL;R&H6;PH$lIk_+9 z;Wn5Ri3Kc}R3OZ2eEt%ROXLg!36+uu3?a_7v=(Z7?|#pfby0Czc1rZvw=gcSK9*`7 z0SUN($?fsv9S>;q0ZG9H;EQ$uCQc_!N>5L=)%CwHrs3pYxvc!}Yv=bu$e*k?*a{8= z5T3F`vwaFew3*Cv^vf(wIo@n$Jf{-J&A<{u6OIp7`55Gp^D~R}oo=R7-bjVPM97na zVg!wg$A@H=DSf!=(Na*GK+{ zV=7xq>bJCJL0Ehi<$?GV|ELz1!Z`!+peFRkm*KAA%+N_=Stny&1T z%!!F6B9&|Fo>Z2bKRcgd$Y~?O_XPgrKV3I3(>a{qKKrx(+I3#d9^KJnsrziO0VhdjF>=K=(oZnAjQq+ z=EUa~(g`7#9H%JFbPmdWA5?9lRxE1x@_yNMcM5{eHFqilO(%^NMb(VonY9VP2*vdo zc6jH4CQ?5)9}w$y1f@qP$8wyT#`u~z2dcSyy(;dZ(-v2m#I$H*E>HXRv<)-c@my7b z`b>Jkv|ZF)e98U1c>N7GvVHX`53e~GbFA7%_CFJyQ?uHX4$vB~*UFkPffkziE%>(DBk$yMX=Ae5z)Q)ifR+n<5>lxnW6qcxm!7(6iw3z zrC;6-64~U8kbK@70+*wyP=Ogl9!P^Uy*HLDHNu8wM)^F~5B`-#EX=zw``|1&)Dout z=dETDr15OyAm4L^zuakhX6OwkXDZ|7Nequr7&7LQI5Q$ijtC~n8HQ@Gvp`j?>Bw~9 zUaz&(2XU&_t$o6aY+#Q3XddfRKd7#v4_fRKbD;BnGhnlInBpM`_3D z+Zg9vZ_eiP#bq(ySnnrKi9=b(OSng@>W1ozSV5EqH54nRsort_(u4^Y{of>|OrQ^d zWXU3eN}1)R%iZW6m?Rp%w=~kEP#?sEKx7CbpEoG^Az3ZCG<44B7MLWX8(5DH8@qIL zmW&FIhRVLo=_^m7H5p;qXj|gH%Wc~ibmi*ZW&Ii@XUYi8%De%ga>hEv%(z;TYZXbG zDb4!Es7PLKrR$B-Wa`51wC8GiRq%SN}Z|^Zn?$q8Y#HTl~-fgXgW0GK~LZhge>`FZbW%{5@ z-&mR6b+`DG=--F}eaAE3{&46&@}ONmj!q;O*#BrywPGgNVY$x7(Z`V)Cg-%=&$iPQxcA$TBa>5o zw;ia>Ky3zU^Es$ZyP=CQEPLR=51P7Qm5Q+opIL9~ZLM7}rskh$aKq<~ClK$9u+arj z+2j-}z?SMAnm=;OK>NN_8XW~X!v~=&9?s;u@80Sv8^3^52dM*R;vpI9!?9uwMW_E^ zrDAs3Ip=CsW-m2%NJ?{+7r_pcj2IsNVrEQ%UlXk)x_ewHB4b8DGXV{78A zd68Ryv{pGSF16DojUq@E+acE?U_kA?q82CIt<+conKL1seNd!937tmhZIZ<#rs4)2 zv;!Vnax?k`1Rs@6I?LDALQfbi#w_kfByeR7i=;oAOH>_5au#EtlSCC->heJ7B0h`2 zy?Ud=5|u`QdBkI;lyd;JZiNQ46+Wa!(OUC2E8YFIzB>XHq3s)5+g=++ZCwJ{qF{7+ z_4?|qoxHtaq zlUn}&r_Z0gd^Y(1?Bg5!e|Gl&={gzv3kX)oly5B*p18pNiVY{0j+q&9m%Fz3Yu;l} zF+b!UKNmk#gY(Pa{4zMd6gq(}=a-IS=Zh~~QgFF8WmQ*u++js%pfcp6msFC(yj57O ziCWU65sP@EXu?Ajs>=5ztyhOozhCXQ1^;i4?DnZZ`uP86uj=uCpFe%_YT*C(@eTa{ zJ@EgHlkp|ke``mRuOf$RV3zh3@7;*0#$?idBEhyQ=^vL65I>G6~2L;SD3d;|Z#Gyh*c8T(`S z-|jhJH5wpe?!e7PM1JK5Zn4C^*bdS zFVU$z_|5$>IFB;9oZ`)P zOQY#*tzatIFAX65ep9s`6l>1V-*_R?puKh*Iz1T{z5;WwuUahj-{XHSRspS^s8{I|3Gm!FJ#3;~U!+3?MVkIvmKI)g6j_N8Q8N`-Wx}MSL~Q(uJU5w};f|HK|9u&NUr+vn4zk|K;lHoa8}TY{*i+ zA|FR)1ePp5j`YuXsM3m92tBfk3xwZ-5G-s?sv7Hc zj#`&P+lfAk$(mgI`nom&0_(OYB<5ijLA&#K8_1f@Pjf22`BVcYf{dx@OaQ%UxgI?` zuUoGg(@%Q8*sGy4WRySZsO}^+UZsvRxkFF)(Ss5_A@BShq=I>~UUWr}9Xs0LDP6Kf zTRh$#Wo|Fm(URoZr1GD#Fap%F@=Q&eJHw9$*Fkk}Od~c2-Q7-oDcX2Z@Xp(gxf|@f zc`&+8Kp-GAIW#(=-uak9_>^)9UKXA-g6QI0KM3>hJ7#h-{WFuwCdgDo(zSFnMzO>M ze@XJdILu~bq|r)OjH!@I8WAd+HysgdvD9r>_nV>7!(aDu*j?8a$saxjB;E;$`pDA7 z_JQ$YP)i;T$iEZvxnK*nL2&8;iQ7LvZj|i)ESYo1&r2eC3 z=MNb0a(9_)MxEaD5vIJDt!pXaA8&D|*tj6xH{4GAutmam3PhUHCg0pUnkNhVE}XxK zD>r57?eoof+M?0RZ5rM3b# z2X_iS|4+#iJCJ{#n}-(Pc-+Rr621c#_`&=<7M){zb);#;0;K0h8f+7|+Xna!XyU?q z+gNOfLlUtYz<5gqLMOhASiKfBSf%J_!;SIU0c15)mB$=vz^v?x2|2YBzta22X6(^> z$?g?>#LGK0kJ<=P`;EWxvNZSIj*~QvLl-%6&LU``J9foDOvukRI3gD$qGAEnv%*|z z`ciVj84#OEfF%)2aG9$?)V-kh69D~bpu0`78fZWoWW!8)XPxq}mhXdB_NbR7 ziN#rbLSFpg5A79LVk$g;@?-}EkUtXqxcwFx*Ko6q3MXdC8Q!SmcthpRc6M-gdPu7* z=bt!_oWx>YrOm~LdzU6;$)k`^tOhhOs(0V!{TwfJUL-Gh(^S+uj#XTnAn{wE*)&_g zr>)y`=*U~(+gYV|1CY|FMcv$)hs%xT7ZH4?$XR)A-!c_^)=rDN+Ig2hYE6=|!vT1m zTmI-C|15Zx%GWNDO*sKiv)Y85k(-3C4lxO11fQBm!YhYw&TrM3s4^S{q^0oONm=eK zz&)wV#%8UuxgUk}a7>+vcslUt(jp7;XwDKEMeG0fI5)DOE{hBTfjpi7jK3OZkz#2C zXhI`%I1h>BdF=3*3vdWGKEx|H2rU<=OnA=;xdgC5pkpd-q}2{M)1`z2XrqYx3kAUI z37W9*WU}Cm3@hgAQW1486XM_6{Fs@S65&wa20X#kRRKrSr!-FlZF7NPZ_6yE$yfjl zQD{ZB#3+(b`JLybMjN`;CGKPo{4=gC{Tm)rmi%P0{$NDuTM$}Wbuuj49opnTx>xiK zk7+7Nh)pGVq?a65TrXrEF5Jk&PKjeq{bMwd&`=dy#7wb~7tK#UI1Q&W8qp+ZTK0E7 zEO36qc1mH`#b@^NdOj`CMvawfCDbyP``1ZFwX;)>&4r&8V!9$u7+|Njm@@5SzG(; z$?+C@rrpo;*^|1qK>zl%<+o=ozrAYt?LRg?x4291W}y46Y$1(^;ZW5v;v=@-AST-H zj|F`GTciW~tqP@Y5cwU5i1{t_c}RSX1{q)0bU4Rbw-d&IxF+IEK)j7PF#$?n8m*FQ zXKJ%7?lNud(W`=(>S3++cx%Dh0NtLn)h}AV`1Gmu_XSn3qU$lVWS22DtP$vVPFa+R zHub?6VPaZT8$b7qBVe9M2*<`%qo)(|h%?sAo!kyR9mHrm1^;$|3kZ=*8uHcVQiK2P zpuz0gs;E~hJOK5X%_P(;Pd?;UDc8>6*U{f%M4!dUPld$^Qv@)xeEYT6wzvE8Y2V*H zwmZ#eTZv4ApCo#|&x?IF2aXs8utk2PF3qXDg%e7Pxk5?>&nn4~h zOs3|=_}qe`8JT=}b0hqT+YS?xgxn-wHF=e(0P=BEAnD^sb8sI=Dv}>Z=v(gG%2%sZ zV{uGAX9yR_`v*5iCaTDh;wcN{kuaCS> zN^-Dun|i3I7ShQx>JkG|w_Mr~!VRY5+Qw5QwH{nYXuq1|ZZlSW=cu=PcS>M7UEsU$7!S zXCJV131TWUrZ$cn)a$z0#2^IWavEgf_Hz!R<=oHMeM~=TmVL{|=;KK}ZYuuRj5%_9 zJZX8jKAvp+bRDzgtA;NX?3OB+-oSdht)0i02_m4vL{b*KF&V#HzvbaI)u%2R9!oq* zoz`6G3EOa-Z%f!6zQ)%t{|nq)yIcSE%l|K49oOamSI2|>?_Rz^{@-2xubqrN>Hy5h z?Y6(w!lo{u3Uyr{P$|7noj?UDpI)E}+n^g5bOVEKU_;$N<$P_RA83*g|4Ac*u>Z9Q z`>pPET~GQn2tdlI;y2JPwD&--$BZHf6c5NkKm#eGu>3?5- zct8DXU5cz#@Ry!ne7O3s`vjI;s-5!1+52&~WOH&!1%y+X(!^zr_V?jSJf|;en6hws z{PaI&Z0ioZ#tWffEic>cN`Z(imP#r}8zsN6^rjKldrUNu4f%$FbqJ9(PNNpFx-$Yi z-bsFR_^eB8O#JN|3YvsXB|~33FaEbS6`%`W(7^jrX|=!8n~hTW>05uP|2$t^{!ax* zX7>)^ei~no{D1uP)r+e9fBgLAi&umEzmIP(^7}rdal3Il#PD)NTolPpd6dQOuD&FHhqE2X1Tn1Vre0U_ap!M_nnCDmp(k-z~`a=g~sh3 zZh}7g|K!Qb8vTFy>cz8x{_o@a*64q+ardc^wWRViAH0odmOyJKpFz3#KuCvg51)tr z3%F%^FWrkA&`1AYJUy<{|L4!14D^2=-?v8p-NwB~Ilu_Sc|toU4HV3AuQ(uJUXcUl zn>M?xG`sC@hS$L)T~b*F*2KyF70MnLb~W3s(|o1dFH=!89j;RUSEv7Z*rj{a0QK_! zPwV{ui{n>A{O7%V-wgdP;)Q*QFl-e9Re)mX!;%a2z8GLkL{y_$c?+M#MH@M?3$ux` z`5Px?L8=P9B*b#~~B#1p-oTOZ5G{VgkO)w?qA+ ze4uy57(OXM$5brj2^o)F(x{hDo=Dsx?&7N4+YgC=2&jZHUic^O&mHjt!Hq;ay22Jw z?tn1c8pbhYiJ~k4A>Eysml-@6(>{AY=4E={+21T!V|!PRSrQ1$%luW}sU`Z4_H)Sk zt?&01=%N45pFOYh|Id$K4F2DH`SL|S(Z`3JUc4bc(S$B==RO#dTWT`pA=@q|CbUQB z`1TWWDu61`?KHDnwFA5~W_=}-zqjE6$fcse4GBy`V+*SX#CYzf7jF*a_oD|*`=Q(p zBxh-@Y2FDL>GL%z`1?_H7Nh1gZUD`O>>PdsNOzdQjcs-yO}1AwO4YQ2FiEn+iZ~G7 z`*cvGSWVgdgpA6o@||gj3;71ph_5j%yk|W_3NcSEK^2HFjR=+G4Hil)tfIu$X-5f0 z?9bbNPaa)Bz~dN_FrVq;yJDj>vrCinPF7b~KpL@tp7Jay&F#YcO5D%YS^b5t^fp|( z#<@*u`#eRK)F=0>G%&mS)DQ+bQ|WBDjM9Fde)PrTG{lCjxCu4LRBte(KKx+sP4SJ4N#lY3?iO|r+GxTD}Dn> zc^m6uQj`;{(6`)JNzX9Ut1V!`^dTeEoqChsyahjZ*%K}6Qf!IJnttc-^rgA1;Tyi; W8@{ja`@aAH0RR7a8tbS4NCf~rgYPl` diff --git a/assets/komodor/k8s-watcher-0.10.1101.tgz b/assets/komodor/k8s-watcher-0.10.1101.tgz deleted file mode 100644 index 90d2d5f0e9030dbf5e623cb68bee457d977d5864..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9615 zcmWmKWl$W=76xFPV2iuEdmsxe?h+h=y99zma0$M+yL)hVx8M?7g1ftZz}~&{bLy$L z&Qy2xbe(R>s84t>|9>FNFs!C>>Rje>U-^~11o+H&wYe-b_-ynv1o&07wfVn(v$HjI zu<+7Ua}<`dw6ljf_d9c62R2;39cnBvHO?qE&??-rZ>%x?$JV;%_D`NH?tpG1=e~go zClMv@Qx?XFjMvuZygi`%d4R1C&ebG+9xTu{RTqxn4x6_p<`f0wIno5j zKM9e~*R{~%|5`^!RHwAy!#>ivj+JFh_E2KK;7ZqNh%VL^?rfdElpytfl&RflRw`0o zY?$W7I9}^EYPI&e$X!legt+cYr!PCg)XYMvt1pbyARgXvr0>0G9mpfVdvNgMcf3#A z8YEsER9A3Qz-X@fe2gouHas{MDvQrUlUcBF1Mxhtz63zJbQnT8lQz-8U05ensXoLT zkdx{VH<%eI*4Hi>6CovA01z^#>m8dRn@~A#>K>b6U$0dCI@<`2W6;rK3X>d<$hS*P z$B+=xHH7~}J0ny`;cVpxB%)Mz9;#!TR?i%h+%M)IaUqg{qb%h_h^n*PfG5jO2sbu` z(BDL?WSJdBpIME`wBOUTiA{!X6v4031PZG(Qx$UvHXKp&GlBgVEDk0YAa+_s7$d?;cl+fw;Q1+r>-$*8+()Hx zSfhm-&oI@0aL2%tM>bqTQT-BOqRRS_dJ2xrv_y`mYg(~P>>aLtSSy80?6lj2=n|qu zpTKujW!T6P{@LnO%g|{5%&|WBB-+!SV%*#l z&`4BU-#Hfn4N*0peWuxdL^+94g%u3o0dx*N3i;8^m#rDY6B!OtK?VBv%Clb1Xvr-l4EQJv=&re5LGWLS>99bI9OJW61X+qK2P#E&q`quK&J8xn zspLf_>R4wHYS#u=C)hX3VAN!e~%!X!LARk|sn9dM*K=YIP{6m6+cN;m8dpTrCTzG zN5)LWzW|BT#X}|bu@da3+DZ01C8(@38)0mapZ2hM(a7HQZBP>?3*<88L@z3tr^*O1mup{y840HGU?bU*RrcLekCUkC8g8 z7}NrigK3;Cmh!bz=mc$IAmv!Yd~x^j=Qm;lkW2z&zNLRtpMPaqn!Moi?Qp{;jxxe5 z7?u$Z9>D5Z$2X^*~D(r-erV2-E(#&?`6A3H{>VIGTx7iCV)TBmJcN0-7_f9*_m z@ijnjIM)r^4tuE%-zoIN(ZQoN@)hFgQ}h?onLm>!gt=qz>hI#m$3Q{Qh$VVcqLa;h zIXF0-#+j;Qc@cnm@T!QH>R>xR*`n0Zvfztj^4(GvU@FnczTIK@f-XXaE44UWA%`t9~mB8GQe%B)@mEBUY;ALqqLO zv9i=pG-*|4MPmq%f~!HaCaARv6diC`J%ii*br1Meb0M+wNAaI#pGEd4uYbnq0$s*` z{=^wRpq)EHEyzdGfe>G{IStCxkjRo*BqN#O%)dc=Rze;eFn7~Oa4RIZ6}8K)U;?xL zG_O4{?L@7d*=qjVW9g|Duap}LW=x%j^h`yvO)EiGQcBZ@y?gPFI=jIE+4^fOL6fq6 zWhKsoAIY)a?QrvgjT>Lt%ALK)#qUg3*Z1~zcuxFTBX=(^JPYb^?1i!R+L&kF#wKq%YAv)?QZZ(qy9_5 zP^r#)H=*dITAz#dOTQ}SFjH-SHTD7YqDB}KA1HZ7)_QcZ~H7^*YqbNj=_D!QPp+39#K&N0YPCw|MxwW_GOq;JazpF1uI1I zDz;=!mY;Pl^}ZP{d%=NT(v&?$<^R|^6&jO1I^-eW&U#lT%@+pw$dEagAe)be(^k-* zpF7EWFRpFt`Vuk9Kauki(zbR|BD)YWq1I*lJinri%G?97l)f-H-V+Z_Jy)2wy-bq7yz2ScF4QbE|4B1W zDI0W(O?&gHq=%)V5Lmi7+FC%G0Zsb zta%AzRWzjVwT`P7@2U8wfu=s6O$DzgYqk5|OX6+?M&F(gv()KV9+FHKk`oVBh3d$Y zn6`t}1v=+8^vz7$iL8mz$qKVr7e6%*Ymy4 zJf?FzgaA)p6pQF%X`;PAkhg zc4rN{Z^q6Rx9t!R)HbqEybleWE|?i&xrwfMK-H%s<|d=p7wQXn8a$ z@||KqyA@fvd(SQm=j5V`BaS!lBtrn%hkS8r`IrYYOs3tS*BkR@dKoFR-8B0l9zcXF zEw@K9Eq?)Z5#`a+JlA%psL&iISV3ikPK@H^YpmR$sMw|wJBwKw|51xpuTjavL@bkQ zy<-j4o zxpADMub<`=o@>spud`@@JFG$K(W-S&G4aRs2M2D}aA}N$naGXq0%}IEkj8n@P*>JO zKZVH1COL7}Ir(vWOp@#DKnoE^eUz7e3j4pwTz%slhnkryoN1Z|(*q_K#*>!dY@>SI zF%CIx&eo;mbLs1sGg#}$jnS-L-$~4D(s4?3-3xc0m%W6!vB=fcioJg!YM7LJ_4`;8 zR^s+-zizo_nkV>^Dg+GwMkBWmDVQvaVC%gqeIL^(_}4zWEaIZin(6vMO4+z@%YB{l z1fdk=$b~qZ+wmRsdWeTQUc|(JF*mjAG)@qkS}25DJ?comF~yR^SBH_+`n5HQ1R#kA zNc4Qmw%*2(+ujxHTf(SSexv@a2boWb5Jd08f9;*$sAz*U&mTh!Rka~%M7Ik+yfUK$ z@vFoR`46i%FJN5jTk-_av=(m?I|tLSEEYDoI;qSu@w8u>o0auHB^L6I9F}A@mosA4 zn->!NcI`5_Yv2aBDL2c8F!J7U(`e8LE$a93yR9dV156w)p7N@vt$` znf#wCdMl22IqJ6fI~(l7vBk;uGtez(UNVjNhqg@UD6g`l?I(F4C?<(;Vk3LMw5@=Z zvhE~#@IAgKX+~(D11EMzXxe?=s?C^XGrm*M``i4E^L>#N9BY2q^CDce|BA9bA% zC#zl1$^Z@OXt%RR7@)!!A13X!W0JFF17lU4sSSu7Ev7B!;ydVw=2=lAHMFYCVV#_e zHj)Wzjl2DCF5RAvx9^Aj4}LCMN58%gL;*$m&_EiMb7p%kf0-kv=8|JOPL?7tL^dRb}rd0YG8ou#ZTJnolcv^89tiLFPCQp&N zYfulg0NQT!3veQ=DAn$mm7Pb1r7r4tVTJ7Q7a6r?9Xqz%?^13?1pr(}veB_lJ?afS zTjpwH#03=bi_Pd-2Z#KU0fC}@01Si8@EnKBYQaLuO^x#c-Ne$?97SH4p(rAe44%od z1=s&(CwO-f1W862Mpv=-6FYx6T1K@HM(kHCIdH7%xcb$D&?X!0Y_8)BP%3M2c&iCl zj-;Jinpvjw&r>v2q5>Rl@nbH1gGrHptqBVrbIzk0)~3e2Yy1?g*Q)RW;R@5PxK1q@ zCE!$xbh$)wG+boCNVh~tYAK&2x(+a(NnYXCpT6|u7d(`nJ_IyecO<>{##EcV#pT3Y zI5d9rqUqWC8P#Qkg1z#41gckLl+-mHsWfYDSw(-^wwyc0R6K}!$iDyK-)4E=;uwbb zcK!YF2)PPj!G8k&cOaqc)tE)agg(!dS#LDr|EiF_2=->h?;IV9b4E-J0N$fxybt#}v z>$SI0D--hN3n>Jme0;|fsIzuwFLpUSBN%|;kH#2=Xj}s^Kmr0<+V z%#WaSPq$*jA2>=Bff8#}M>_VNR=Gue&6nc87!_!@{YS6UeFtim%0)%%c7AS8{X$|X ztHKFM50r(o(|?@rKM_+6tM)OGNb24o{iR6MdX9ok{!m-fV;SdfPX6HdW+Hep8n7$+ z;x#Kz924(K5X$mM-Ab|cM$<&GM(buJ+!V?gpdrJsGzj^z5!?#KCUFLOcFeE~S=`gQ zhgjkg7R4%0AInaN907hhk2K&Z$*ue1{i`=B;AM+aGo4#A$7`~ovlDrbe9v2i?7eT4 z)jry9RkueEL)XmpRhCo8pS>6v=)AZb#&)xpU_aXw270}0sl-9n8^Q*6KHZd)RG_-S z$DfsgNm1NmNyd?YM{JfUR#6KN`0rGxjOgt|YxT+&;w}|Cp!^N(QOt4nfZO@AFC#Z& z_a}GndwzFd}cHx&8gQVNy?KVf6oY&B#5SrG5p3`M^ z$65_JhOKmwVS(VvKCg7{ak07#k#=VUDT7cwnQUD06wGN9IGj(DWT)^r%p7XmaJN5@ z*ic_n7aPU>+!RLyk_(FGi&vdPkaLw59MGh?7`q)9w#AeOW&w$QWLgjm(%gwlo-Mq? zks$wc)^C<;O*=$c4(t{YL2aFj-hUQdFCCy9P|v_AG^8y#iktE60uU1+?+T(+rJ@deYqD0;RgXw z#_V(-e7I)ssNG??trZa5rG~g#tN6Ph_fgsXg(~FxokIFAjFVfd>M^2bI_!J`*n;|{ zIndV9ov~A%H;0w8lv>Tw8Juh22C}xk$C8Zoyc|!&4trLiGP2hBc^l>&QL*h|O28r9 z0)Y3O_nffvR*$4=8T(>Es8+iCVOtf|p$;;VwZ704f*BSrz0M4f;_-!2wqlW`M zTfkax_&}x*0a5P^hWmNSx4|%5&P)D7pDQ>;*G<;W+lYrQ_VaUK{oHSu=By}llgoh(X1R(C+|p8TgVvk_fj<8 zyT7#HojzZ@c<$6l9C(wlnkFIL0I%fdGM&Hcp#T;T>u_cJX!<;+T(JV zLwomi`bsLUrhD&w)xSG(T`hIfobaq! zwti;Frd@wVOfwK!U#8Qw+_<;I(NDYhG26`JXV?*PFt1SGr>dW_qfltfwYsS?jXBx| zQejpS3NAYmY4g9TRY>D9=m}L|8_wj^`17$i@9mrRwX`C2H!2ZpkD|iZvoebQ-Dy>N zI?+t+gNz)0Flkg0-N~ECo^kX!U#y=(TAJq%6RJzOD{Dr$5v zuqpN_@A5L|T=XK~c`Nv+lczU{`E(G{L=buK&N+d~z?d4n>@WSHDAz}=O7~qT!j0;O zZO=FDw1_5NQz@<@Y{yA^cqpU1<2UcZ)qithfD%h&|J>_>|TOfe?mX<-vX^2 z|H_9?dZTxG9^b!4YEdYR*pChA)+eh`9yukHO6RR7mkjLmOuj5;8q0tCp(>B{4NP^Y zk0WKKn<6z?$cv;a-p|%dW-uCRO;gLitul%!{4Z^)v$k*cCGKxa5>`&0!L*4fNtqgWcML=?zn&0^(!uO^ zuuP{J7#gGxqJ~ywm3Gv&{3l5A+;G|d6Gd{&U!Z?~Xh7cSk3B9tOYE@m*b&a-qCVi$ z=E=PnEw+rJSF~~HDURaMVOEi%r|X+~EekxM65uDGrNs?puwu%zai`Qg(PJSXXNRU< ziQ9#H&sAo^^<7&*0{L;C>l-lTZ{}ZmbkTtJRD0$j592;st->LtT6C`j$v3fIACwg zbaeTe`jDi=&d~ZxMbkpt(gjU-=_^+&H38y!)5;5Hq_m|j?dpP=OYO>H4Nv>Y(uJP7 zaEs+ly>5xU8d#5yzu2fFq+ku*P=Vvlsu1WudRs&vq1axUSZ>}#G@GH74GAWCD4lLu zkb7Xm*LY54kx5Y;{yZT#UYhz&fN@_x{(aRF7j*=Qs(AWwLFy-X_*ZxpP3kwKI19sa zKz*@JgyPk7x6%&&a-!{;4p>r!qmw~!oJzWecCj%nD*{ffzublM3z}EEzh<}&fjKM& zt9_LC1GjZ;yJEb-hDk^(%5RmQh0TPD#5OKEOhw~4tU($z_=`MxEaFLF89d{-Zv2X` zITP&sZhX*zas8DTWYe@PjCrpmTfvKbR?{8Qu#i&H9N3XH3W%_4(!%YFE-d@NS_)i zM*v*6d(LE=fe_;JMta!^X95m;jPl$PGk|6FP^C-x@31k!Onhm+JQk9W#>yOsdaAzd z7GHVkM!T&S-T&(_JTU#uQD5cxnR8fOpVT4n6ibog&%O(<8i(S0bqDvNnZ8-}1O9Xb z5;9VzpKv)tJsC&Gt~xtGC~t2KbOJ;&JrDX4Ynd@y>9Rt$V$td#Dh9oSkZIFO z>xz(fl0Ornb?0DYtx_7-`5NguEBgIF#8!#~bA+^YW%);|6!bN_u*p#j0Y+$p365V0 z&RZKqDe(!kD2UZa7)Nq8kn^l8oK zWIfw}A8sg;X@b@|0TMd+-K;*<-1t#qi>zy>JWVx?MN7~LtH`$%jR;^q(GiXk*=^6|` zRgpk!{_nF!kUX4z4Q;iEUXxC##AGLnzM2e6DlI)hY-nVl6Xa!V?C;6nn={G)y-qG- zRvAtCVID}KaeZ{C8F5vCK@Dr_uiOes#jhrJ!!FO>7?v*V^~L>CyNa^>gV5ux7NmtL zy*J8A1SDtN%On_I94WXv*<0irTFMs6U-|h0Ho!Mp5rdrsUc{mP zBHZmD)BUX-lo1w&FN`UXz`v3{%GmXq4K$`i?O5vHkj=E!)EgyUI+_|ZQQHC(EtGQF zfwvU^Nar87m=l3;-ri(Qcf+(`T<3y;!_qox29bISQI~&BrlKg5#lbX3ijDeA=%Pc; zCL$|<2O%bOeHA@!tgPMUD)}}aJ!+RI9Cuq$N9n_i;~mSt-%{T@uV8hW2{jkAKNlXg z=U0iKYIRYiQ*TX-%q(#i(Z(7Qoe)je`!!buMw~|{@P1vjl&B|N&D&YU#jn18FWNui zloYeWdHJ()n!X}`ZQ?1TOSW{b#;!KWOFf}ql73K)Uk{%eNIP4fJC8NFd5%5#z1Yk# z986fa&!R>P00J4KkrddDz}S8@NeRDEL)aaMg!$JDZ+2mA%u;g6~)k8aOQ zx=uU_pdS}(f!W&!4{*JH^_pcUFD=Hq1Ow3CP-=mHXm6Wpq>)bV}PHId&+)7V4gT@SOJ*Bg?@ z5*syomgId6H(YdyRRX)5`e|h4hy~puGa3dEj6pn}uJ!m3%5= zZbP!&zTrU0g&>W9yx+t4G#qmZ>++UBnVxWgCo5D{tATqN+ieLtu&n=}0h&^^6j_{% z13F^=Gwo=IrPab-oXJ&w;}f0)j#(T+1x|;CCh2bl8m|%jggKOhAbw&7b$@$L+ufJa zyYS%RhlwcVI9jZsZzU)G%iZ}5bhL!m2SZ=s$RUKG@=AOfDcq7B$TVU0l^6jrVAsPb zF{-0UwwX^y*#5<6L*SXUpq8I_-X<#}9Dm=yCkh7#y7tdT01>SUvO@IWzENZZ!tbR^ z0~vvsbYLHqQF$RGrSw8qcA>t1;uJVYmOBbC=`^E?|8|gx_pw4#xu}w0XbvK~zeK2$ zk>W+z5UBpf{RzxKP+L)Zm;Hm#2q|iz$yG826_EyCbzE)s;M8uuQDyf@J9db65uHPt zpY|NXx7xcYdno-NgC5UA?M}k2XP2O;mBaN<@6U}#2;uX8jpE|?|2f^CnG$vjy}WF% z?#zF&-d&B`P#GEdn8}(xT=y9HFI>di`#ERN?`d77=XvM)W#;X91Cx3Kh#nvU%8KrR z?ELd`uk(5afu3K=d3~M^*MkS&ttkyfeZL6eZX_k;J(109cs2bj>J>sO9Af}SBZDxNC>oN zKo&~XKlZ*XjE0 z3(tOR8QM4?|5j5%oPQB)$96^QOwUf)pDp17xbQMzA#?`JDt1!$kp@&9Z90C{8-~z| zuzNwR5a%#*wg(vcYufDRAxR}iWNeCM&Ap(L&tGa!!fH-hFnm5Q`~XAm3*cLdZfJ4i z^CZ|?e|}xw`tXn4W9ckE84{D~5)U1S{~M1@#}y4d4vg_9;yDes6)CzYJRm}>5dAvL z_2Zh=HeaisRU77~Tt9hD!U^k~!o$0Vc+Gbc){4`06K&1WV%RFC#a8i3rsb!l0v3M{ z9sK3xoDwxwl9fn>jJF;WR+7m`9=>1rmbSAj;|pS1$>sg!Od9a&YNbd8g-RG8=?oG( zDConpv{hw>0(B@Tf&v*Rh=2lgC_sk-7$}%!gaQ>P$bkYuC~$^?e^MDFRS`UVVz|%* zhViBrEL>x3)588VsNsMbU8t#o8YQUtg#!(tgNDdMLlU5X1`5QXz!wV6!O$|Wp&_(T zAOi(aP(T0$%ut{tm0`gP!BD07_)0}X;tQqQSeCZ&)Z+_%5>OffrJtY_14{9rS!7T^ z1qE1CP#_8g{=bvu;onp%u6}y>f3($MR!;24VZJ&cgE4!BM#C42lB)od*FM1(I%*6* z2j~nU66;{-sKXQDL*?p3buygZ-USn|DK-UpBsTIt2?jw1S*fu 3 - -## v1.1.0 - -### Minor Changes - -- Allow RBAC to be namespaced (`rbac.namespaced`) - -## v1.0.0 - -### Major Changes - -- First release of Ambassador Helm Chart in helm/charts -- For migration see [Migrating from datawire/ambassador chart](https://github.com/helm/charts/tree/master/stable/ambassador#migrating-from-datawireambassador-chart-chart-version-0400-or-0500) diff --git a/charts/ambassador/ambassador/CONTRIBUTING.md b/charts/ambassador/ambassador/CONTRIBUTING.md deleted file mode 100644 index 443250b7a..000000000 --- a/charts/ambassador/ambassador/CONTRIBUTING.md +++ /dev/null @@ -1,23 +0,0 @@ -# Contributing to the Ambassador Helm Chart - -This Helm chart is used to install The Ambassador Edge Stack (AES) and is -maintained by Datawire. - -## Developing - -All work on the helm chart should be done in a separate branch off `master` and -contributed with a Pull Request targeting `master`. - -**Note**: All updates to the chart require you update the `version` in -`Chart.yaml`. - -## Testing - -The `ci/` directory contains scripts that will be run on PRs to `master`. - -- `ci/run_tests.sh` will run the tests of the chart. - -## Releasing - -Releasing a new chart is done by pushing a tag to `master`. Travis will then -run the tests and push the chart to `https://getambassador.io/helm`. diff --git a/charts/ambassador/ambassador/Chart.yaml b/charts/ambassador/ambassador/Chart.yaml deleted file mode 100644 index a1cc4f3db..000000000 --- a/charts/ambassador/ambassador/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Ambassador Edge Stack - catalog.cattle.io/release-name: ambassador -apiVersion: v1 -appVersion: 1.13.8 -description: A Helm chart for Datawire Ambassador -home: https://www.getambassador.io/ -icon: https://www.getambassador.io/images/logo.png -keywords: -- api gateway -- ambassador -- datawire -- envoy -maintainers: -- email: markus@maga.se - name: flydiverny -- email: flynn@datawire.io - name: kflynn -- email: nkrause@datawire.io - name: nbkrause -- email: lukeshu@datawire.io - name: lukeshu -name: ambassador -sources: -- https://github.com/datawire/ambassador -- https://github.com/prometheus/statsd_exporter -version: 6.7.1100 diff --git a/charts/ambassador/ambassador/Makefile b/charts/ambassador/ambassador/Makefile deleted file mode 100644 index 3271ecc11..000000000 --- a/charts/ambassador/ambassador/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -HELM_TEST_IMAGE = quay.io/helmpack/chart-testing:v3.0.0-rc.1 -K3D_CLUSTER_NAME = helm-chart-test-cluster -CHART_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))) -CHART_KUBECONFIG := /tmp/kubeconfig/k3dconfig -CT_EXEC = docker run --rm -v $(CHART_KUBECONFIG):/root/.kube/config -v $(CHART_DIR):/charts --network host $(HELM_TEST_IMAGE) ct -K3D_EXEC := KUBECONFIG=$(CHART_KUBECONFIG) k3d - -test-chart: lint-chart preflight-chart-test chart-create-cluster - $(CT_EXEC) install --config /charts/ct.yaml && \ - $(MAKE) chart-delete-cluster -.PHONY: test-chart - -lint-chart: preflight-kubeconfig - $(CT_EXEC) lint --config /charts/ct.yaml -.PHONY: lint-chart - -preflight-chart-test: preflight-kubeconfig - # check if k3d is installed - @if ! command -v k3d 2> /dev/null ; then \ - printf 'k3d not installed, plz do that'; \ - false; \ - fi -.PHONY: preflight-chart-test - -preflight-kubeconfig: - mkdir -p `dirname $(CHART_KUBECONFIG)` - touch $(CHART_KUBECONFIG) -.PHONY: preflight-kubeconfig - -chart-create-cluster: preflight-kubeconfig - $(MAKE) chart-delete-cluster || true - $(K3D_EXEC) cluster create $(K3D_CLUSTER_NAME) --k3s-server-arg "--no-deploy=traefik" -.PHONY: chart-create-cluster - -chart-delete-cluster: - $(K3D_EXEC) cluster delete $(K3D_CLUSTER_NAME) -.PHONY: chart-delete-cluster diff --git a/charts/ambassador/ambassador/README.md b/charts/ambassador/ambassador/README.md deleted file mode 100644 index 01ea965bc..000000000 --- a/charts/ambassador/ambassador/README.md +++ /dev/null @@ -1,478 +0,0 @@ -# Ambassador - -The Ambassador Edge Stack is a self-service, comprehensive edge stack that is Kubernetes-native and built on [Envoy Proxy](https://www.envoyproxy.io/). - -## TL;DR; - -```console -$ helm repo add datawire https://getambassador.io -$ helm install ambassador datawire/ambassador -``` - -## Introduction - -This chart bootstraps an [Ambassador](https://www.getambassador.io) deployment on -a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.11+ - -## Add this Helm repository to your Helm client - -```console -helm repo add datawire https://getambassador.io -``` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ kubectl create namespace ambassador -$ helm install my-release datawire/ambassador -n ambassador -``` - -The command deploys Ambassador Edge Stack in the ambassador namespace on the Kubernetes cluster in the default configuration. - -It is recommended to use the ambassador namespace for easy upgrades. - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -### Ambassador Edge Stack Installation - -This chart defaults to installing The Ambassador Edge Stack with all of its configuration objects. - -- A Redis instance -- `AuthService` resource for enabling authentication -- `RateLimitService` resource for enabling rate limiting -- `Mapping`s for internal request routing - -If installing alongside another deployment of Ambassador, some of these resources can cause configuration errors since only one `AuthService` or `RateLimitService` can be configured at a time. - -If you already have one of these resources configured in your cluster, please see the [configuration](#configuration) section below for information on how to disable them in the chart. - -### Ambassador OSS Installation - -This chart can still be used to install Ambassador OSS. - -To install OSS, change the `image` to use the OSS image and set `enableAES: false` to skip the install of any AES resources. - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Changelog - -Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md) - -## Configuration - -The following tables lists the configurable parameters of the Ambassador chart and their default values. - -| Parameter | Description | Default | -|----------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| `nameOverride` | Override the generated chart name. Defaults to .Chart.Name. | | -| `fullnameOverride` | Override the generated release name. Defaults to .Release.Name. | | -| `namespaceOverride` | Override the generated release namespace. Defaults to .Release.Namespace. | | -| `adminService.create` | If `true`, create a service for Ambassador's admin UI | `true` | -| `adminService.nodePort` | If explicit NodePort for admin service is required | `true` | -| `adminService.type` | Ambassador's admin service type to be used | `ClusterIP` | -| `adminService.annotations` | Annotations to apply to Ambassador admin service | `{}` | -| `adminService.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` | -| `adminService.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None | -| `ambassadorConfig` | Config thats mounted to `/ambassador/ambassador-config` | `""` | -| `crds.enabled` | If `true`, enables CRD resources for the installation. | `true` | -| `crds.create` | If `true`, Creates CRD resources | `true` | -| `crds.keep` | If `true`, if the ambassador CRDs should be kept when the chart is deleted | `true` | -| `daemonSet` | If `true`, Create a DaemonSet. By default Deployment controller will be created | `false` | -| `test.enabled` | If `true`, Create test Pod to verify the Ambassador service works correctly (Only created on `helm test`) | `true` | -| `test.image` | Image to use for the test Pod | `busybox` | -| `hostNetwork` | If `true`, uses the host network, useful for on-premise setups | `false` | -| `dnsPolicy` | Dns policy, when hostNetwork set to ClusterFirstWithHostNet | `ClusterFirst` | -| `env` | Any additional environment variables for ambassador pods | `{}` | -| `envRaw` | Additional environment variables in raw YAML format | `{}` | -| `image.pullPolicy` | Ambassador image pull policy | `IfNotPresent` | -| `image.repository` | Ambassador image | `docker.io/datawire/aes` | -| `image.tag` | Ambassador image tag | `1.13.8` | -| `imagePullSecrets` | Image pull secrets | `[]` | -| `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` | -| `scope.singleNamespace` | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false` | -| `podAnnotations` | Additional annotations for ambassador pods | `{}` | -| `deploymentAnnotations` | Additional annotations for ambassador DaemonSet/Deployment | `{}` | -| `podLabels` | Additional labels for ambassador pods | | -| `deploymentLabels` | Additional labels for ambassador DaemonSet/Deployment | | -| `affinity` | Affinity for ambassador pods | `{}` | -| `topologySpreadConstraints` | Topology Spread Constraints for Ambassador pods. Stable since 1.19. | `[]` | -| `nodeSelector` | NodeSelector for ambassador pods | `{}` | -| `priorityClassName` | The name of the priorityClass for the ambassador DaemonSet/Deployment | `""` | -| `rbac.create` | If `true`, create and use RBAC resources | `true` | -| `rbac.podSecurityPolicies` | pod security polices to bind to | | -| `rbac.nameOverride` | Overrides the default name of the RBAC resources | `` | -| `replicaCount` | Number of Ambassador replicas | `3` | -| `resources` | CPU/memory resource requests/limits | `{ "limits":{"cpu":"1000m","memory":"600Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` | -| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` | -| `security.podSecurityContext` | Set the security context for the Ambassador pod | `{ "runAsUser": "8888" }` | -| `security.containerSecurityContext` | Set the security context for the Ambassador container | `{ "allowPrivilegeEscalation": false }` | -| `security.podSecurityPolicy` | Create a PodSecurityPolicy to be used for the pod. | `{}` | -| `restartPolicy` | Set the `restartPolicy` for pods | `` | -| `terminationGracePeriodSeconds` | Set the `terminationGracePeriodSeconds` for the pod. Defaults to 30 if unset. | `` | -| `initContainers` | Containers used to initialize context for pods | `[]` | -| `sidecarContainers` | Containers that share the pod context | `[]` | -| `livenessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's liveness probe | `30` | -| `livenessProbe.periodSeconds` | Probe period (s) for Ambassador pod's liveness probe | `3` | -| `livenessProbe.failureThreshold` | Failure threshold for Ambassador pod's liveness probe | `3` | -| `readinessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's readiness probe | `30` | -| `readinessProbe.periodSeconds` | Probe period (s) for Ambassador pod's readiness probe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for Ambassador pod's readiness probe | `3` | -| `service.annotations` | Annotations to apply to Ambassador service | `""` | -| `service.externalTrafficPolicy` | Sets the external traffic policy for the service | `""` | -| `service.nameOverride` | Sets the name of the service | `ambassador.fullname` | -| `service.ports` | List of ports Ambassador is listening on | `[{"name": "http","port": 80,"targetPort": 8080},{"name": "https","port": 443,"targetPort": 8443}]` | -| `service.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` | -| `service.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None | -| `service.sessionAffinity` | Sets the session affinity policy for the service | `""` | -| `service.sessionAffinityConfig` | Sets the session affinity config for the service | `""` | -| `service.type` | Service type to be used | `LoadBalancer` | -| `service.externalIPs` | External IPs to route to the ambassador service | `[]` | -| `serviceAccount.create` | If `true`, create a new service account | `true` | -| `serviceAccount.name` | Service account to be used | `ambassador` | -| `volumeMounts` | Volume mounts for the ambassador service | `[]` | -| `volumes` | Volumes for the ambassador service | `[]` | -| `enableAES` | Create the [AES configuration objects](#ambassador-edge-stack-installation) | `true` | -| `createDevPortalMappings` | Expose the dev portal on `/docs/` and `/documentation/` | `true` | -| `licenseKey.value` | Ambassador Edge Stack license. Empty will install in evaluation mode. | `` | -| `licenseKey.createSecret` | Set to `false` if installing mutltiple Ambassdor Edge Stacks in a namespace. | `true` | -| `licenseKey.secretName` | Name of the secret to store Ambassador license key in. | `` | -| `licenseKey.annotations` | Annotations to attach to the license-key-secret. | {} | -| `redisURL` | URL of redis instance not created by the release | `""` | -| `redisEnv` | (**DEPRECATED:** Use `envRaw`) Set env vars that control how Ambassador interacts with redis. | `""` | -| `redis.create` | Create a basic redis instance with default configurations | `true` | -| `redis.annotations` | Annotations for the redis service and deployment | `""` | -| `redis.resources` | Resource requests for the redis instance | `""` | -| `redis.nodeSelector` | NodeSelector for redis pods | `{}` | -| `redis.affinity` | Affinity for redis pods | `{}` | -| `redis.tolerations` | Tolerations for redis pods | `{}` | -| `authService.create` | Create the `AuthService` CRD for Ambassador Edge Stack | `true` | -| `authService.optional_configurations` | Config options for the `AuthService` CRD | `""` | -| `rateLimit.create` | Create the `RateLimit` CRD for Ambassador Edge Stack | `true` | -| `registry.create` | Create the `Project` registry. | `false` | -| `autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | `false` | -| `autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2` | -| `autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `5` | -| `autoscaling.metrics` | If autoscaling enabled, configure hpa metrics | | -| `podDisruptionBudget` | Pod disruption budget rules | `{}` | -| `resolvers.endpoint.create` | Create a KubernetesEndpointResolver | `false` | -| `resolvers.endpoint.name` | If creating a KubernetesEndpointResolver, the resolver name | `endpoint` | -| `resolvers.consul.create` | Create a ConsulResolver | `false` | -| `resolvers.consul.name` | If creating a ConsulResolver, the resolver name | `consul-dc1` | -| `resolvers.consul.spec` | If creating a ConsulResolver, additional configuration | `{}` | -| `module` | Configure and manage the Ambassador Module from the Chart | `{}` | -| `prometheusExporter.enabled` | DEPRECATED: Prometheus exporter side-car enabled | `false` | -| `prometheusExporter.pullPolicy` | DEPRECATED: Image pull policy | `IfNotPresent` | -| `prometheusExporter.repository` | DEPRECATED: Prometheus exporter image | `prom/statsd-exporter` | -| `prometheusExporter.tag` | DEPRECATED: Prometheus exporter image | `v0.8.1` | -| `prometheusExporter.resources` | DEPRECATED: CPU/memory resource requests/limits | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object (`adminService.create` should be to `true`) | `false` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | -| `metrics.serviceMonitor.selector` | Label Selector for Prometheus to find ServiceMonitors | `{ prometheus: kube-prometheus }` | -| `servicePreview.enabled` | If true, install Service Preview components: traffic-manager & traffic-agent (`enableAES` needs to also be to `true`) | `false` | -| `servicePreview.trafficManager.image.repository` | Ambassador Traffic-manager image | Same value as `image.repository` | -| `servicePreview.trafficManager.image.tag` | Ambassador Traffic-manager image tag | Same value as `image.tag` | -| `servicePreview.trafficManager.serviceAccountName` | Traffic-manager Service Account to be used | `traffic-manager` | -| `servicePreview.trafficAgent.image.repository` | Ambassador Traffic-agent image | Same value as `image.repository` | -| `servicePreview.trafficAgent.image.tag` | Ambassador Traffic-agent image tag | Same value as `image.tag` | -| `servicePreview.trafficAgent.injector.enabled` | If true, install the ambassador-injector | `true` | -| `servicePreview.trafficAgent.injector.crtPEM` | TLS certificate for the Common Name of ..svc | Auto-generated, valid for 365 days | -| `servicePreview.trafficAgent.injector.keyPEM` | TLS private key for the Common Name of ..svc | Auto-generated, valid for 365 days | -| `servicePreview.trafficAgent.port` | Traffic-agent listening port number when injected with ambassador-injector | `9900` | -| `servicePreview.trafficAgent.serviceAccountName` | Label Selector for Prometheus to find ServiceMonitors | `traffic-agent` | -| `servicePreview.trafficAgent.singleNamespace` | If `true`, installs the traffic-agent ServiceAccount and Role in the current installation namespace; Otherwise uses a global ClusterRole applied to every ServiceAccount | `true` | -| `agent.enabled` | If `true`, installs the ambassador-agent Deployment, ServiceAccount and ClusterRole in the ambassador namespace | `true` | -| `agent.cloudConnectionToken` | API token for reporting snapshots to the [Service Catalog](https://app.getambassador.io/cloud/catalog/); If empty, agent will not report snapshots | `""` | -| `agent.rpcAddress` | Address of the ambassador Service Catalog rpc server. | `https://app.getambassador.io/` | -| `agent.image.repository` | Image repository for the ambassador-agent deployment. Defaults to value of `image.repository` | Same value as `image.repository` | -| `agent.image.tag` | Image tag for the ambassador-agent deployment. Defaults to value of `image.tag` | Same value as `image.tag` | - -**NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations. - -### The Ambasssador Edge Stack - -The Ambassador Edge Stack provides a comprehensive, self-service edge stack in -the Kubernetes cluster with a decentralized deployment model and a declarative -paradigm. - -By default, this chart will install the latest image of The Ambassador Edge -Stack which will replace your existing deployment of Ambassador with no changes -to functionality. - -### CRDs - -This helm chart includes the creation of the core CRDs Ambassador uses for -configuration. - -The `crds` flags (Helm 2 only) let you configure how a release manages crds. -- `crds.create` Can only be set on your first/master Ambassador release. -- `crds.enabled` Should be set on all releases using Ambassador CRDs -- `crds.keep` Configures if the CRDs are deleted when the master release is - purged. This value is only checked for the master release and can be set to - any value on secondary releases. - -### Security - -Ambassador takes security very seriously. For this reason, the YAML installation will default with a couple of basic security policies in place. - -The `security` field of the `values.yaml` file configures these default policies and replaces the `securityContext` field used earlier. - -The defaults will configure the pod to run as a non-root user and prohibit privilege escalation and outline a `PodSecurityPolicy` to ensure these conditions are met. - - - -```yaml -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: {} - # # Add AppArmor and Seccomp annotations - # # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - # annotations: - # spec: - # seLinux: - # rule: RunAsAny - # supplementalGroups: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # fsGroup: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # privileged: false - # allowPrivilegeEscalation: false - # runAsUser: - # rule: MustRunAsNonRoot -``` - -### Annotations - -Ambassador is configured using Kubernetes Custom Resource Definitions (CRDs). If you are unable to use CRDs, Ambassador can also be configured using annotations on services. The `service.annotations` section of the values file contains commented out examples of [Ambassador Module](https://www.getambassador.io/reference/core/ambassador) and a global [TLSContext](https://www.getambassador.io/reference/core/tls) configurations which are typically created in the Ambassador service. - -If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above. - -### Prometheus Metrics - -Using the Prometheus Exporter has been deprecated and is no longer recommended. You can now use `metrics.serviceMonitor.enabled` to create a `ServiceMonitor` from the chart if the [Prometheus Operator](https://github.com/coreos/prometheus-operator) has been installed on your cluster. - -Please see Ambassador's [monitoring with Prometheus](https://www.getambassador.io/user-guide/monitoring/) docs for more information on using the `/metrics` endpoint for metrics collection. - -### Specifying Values - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install --wait my-release \ - --set adminService.type=NodePort \ - datawire/ambassador -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install --wait my-release -f values.yaml datawire/ambassador -``` - ---- - -# Upgrading - -## To 6.0.0 - -Introduces Ambassador Edge Stack being installed by default. - -### Breaking changes - -Ambassador Pro support has been removed in 6.0.0. Please [upgrade to the Ambassador Edge Stack](https://www.getambassador.io/user-guide/helm). - -## To 5.0.0 - -### Breaking changes - -**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified. - -- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed - -## To 4.0.0 - -The 4.0.0 chart contains a number of changes to the way Ambassador Pro is installed. - -- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core -- The license key is now stored and read from a Kubernetes secret by default -- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. -- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance -- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) -- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` -- Fixed misnamed selector for redis instance that failed in an edge case -- Exposes annotations for redis deployment and service - -### Breaking changes - -The value of `.Values.pro.image.tag` has been shortened to assume `amb-sidecar` (and `amb-core` for Ambassador core) -`values.yaml` -```diff -<3.0.0> - image: - repository: quay.io/datawire/ambassador_pro -- tag: amb-sidecar-0.6.0 - -<4.0.0+> - image: - repository: quay.io/datawire/ambassador_pro -+ tag: 0.7.0 -``` - -Method for creating a Kubernetes secret to hold the license key has been changed - -`values.yaml` -```diff -<3.0.0> -- secret: false -<4.0.0> -+ secret: -+ enabled: true -+ create: true -``` - -## To 3.0.0 - -### Service Ports - -The way ports are assigned has been changed for a more dynamic method. - -Now, instead of setting the port assignments for only the http and https, any port can be open on the load balancer using a list like you would in a standard Kubernetes YAML manifest. - -`pre-3.0.0` -```yaml -service: - http: - enabled: true - port: 80 - targetPort: 8080 - https: - enabled: true - port: 443 - targetPort: 8443 -``` - -`3.0.0` -```yaml -service: - ports: - - name: http - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 -``` - -This change has also replaced the `.additionalTCPPorts` configuration. Additional TCP ports can be created the same as the http and https ports above. - -### Annotations and `service_port` - -The below Ambassador `Module` annotation is no longer being applied by default. - -```yaml -getambassador.io/config: | - --- - apiVersion: ambassador/v1 - kind: Module - name: ambassador - config: - service_port: 8080 -``` -This was causing confusion with the `service_port` being hard-coded when enabling TLS termination in Ambassador. - -Ambassador has been listening on port 8080 for HTTP and 8443 for HTTPS by default since version `0.60.0` (chart version 2.2.0). - -### RBAC and CRDs - -A `ClusterRole` and `ClusterRoleBinding` named `{{release name}}-crd` will be created to watch for the Ambassador Custom Resource Definitions. This will be created regardless of the value of `scope.singleNamespace` since CRDs are created the cluster scope. - -`rbac.namespaced` has been removed. For namespaced RBAC, set `scope.singleNamespace: true` and `rbac.enabled: true`. - -`crds.enabled` will indicate that you are using CRDs and will create the rbac resources regardless of the value of `crds.create`. This allows for multiple deployments to use the CRDs. - -## To 2.0.0 - -### Ambassador ID - -ambassador.id has been removed in favor of setting it via an environment variable in `env`. `AMBASSADOR_ID` defaults to `default` if not set in the environment. This is mainly used for [running multiple Ambassadors](https://www.getambassador.io/reference/running#ambassador_id) in the same cluster. - -| Parameter | Env variables | -| --------------- | --------------- | -| `ambassador.id` | `AMBASSADOR_ID` | - -## Migrating from `datawire/ambassador` chart (chart version 0.40.0 or 0.50.0) - -Chart now runs ambassador as non-root by default, so you might need to update your ambassador module config to match this. - -### Timings - -Timings values have been removed in favor of setting the env variables using `env´ - -| Parameter | Env variables | -| ----------------- | -------------------------- | -| `timing.restart` | `AMBASSADOR_RESTART_TIME` | -| `timing.drain` | `AMBASSADOR_DRAIN_TIME` | -| `timing.shutdown` | `AMBASSADOR_SHUTDOWN_TIME` | - -### Single namespace - -| Parameter | Env variables | -| ------------------ | ----------------------------- | -| `namespace.single` | `AMBASSADOR_SINGLE_NAMESPACE` | - -### Renamed values - -Service ports values have changed names and target ports have new defaults. - -| Previous parameter | New parameter | New default value | -| --------------------------- | -------------------------- | ----------------- | -| `service.enableHttp` | `service.http.enabled` | | -| `service.httpPort` | `service.http.port` | | -| `service.httpNodePort` | `service.http.nodePort` | | -| `service.targetPorts.http` | `service.http.targetPort` | `8080` | -| `service.enableHttps` | `service.https.enabled` | | -| `service.httpsPort` | `service.https.port` | | -| `service.httpsNodePort` | `service.https.nodePort` | | -| `service.targetPorts.https` | `service.https.targetPort` | `8443` | - -### Exporter sidecar - -Pre version `0.50.0` ambassador was using socat and required a sidecar to export statsd metrics. In `0.50.0` ambassador no longer uses socat and doesn't need a sidecar anymore to export its statsd metrics. Statsd metrics are disabled by default and can be enabled by setting environment `STATSD_ENABLED`, this will (in 0.50) send metrics to a service named `statsd-sink`, if you want to send it to another service or namespace it can be changed by setting `STATSD_HOST` - -If you are using prometheus the chart allows you to enable a sidecar which can export to prometheus see the `prometheusExporter` values. diff --git a/charts/ambassador/ambassador/RELEASE.tpl b/charts/ambassador/ambassador/RELEASE.tpl deleted file mode 100644 index d00d6b2f2..000000000 --- a/charts/ambassador/ambassador/RELEASE.tpl +++ /dev/null @@ -1,8 +0,0 @@ -## :tada: Ambassador Chart $CHART_VERSION :tada: - -Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html -View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md - ---- - - diff --git a/charts/ambassador/ambassador/RELEASE_TITLE.tpl b/charts/ambassador/ambassador/RELEASE_TITLE.tpl deleted file mode 100644 index 7aab5973c..000000000 --- a/charts/ambassador/ambassador/RELEASE_TITLE.tpl +++ /dev/null @@ -1 +0,0 @@ -Ambassador Chart $CHART_VERSION diff --git a/charts/ambassador/ambassador/app-readme.md b/charts/ambassador/ambassador/app-readme.md deleted file mode 100644 index d2ef7356e..000000000 --- a/charts/ambassador/ambassador/app-readme.md +++ /dev/null @@ -1,13 +0,0 @@ -# Ambassador Edge Stack and Emissary Ingress Chart - -[Ambassador Edge Stack](https://www.getambassador.io/products/edge-stack/) and its open source CNCF counterpart [Emissary-Ingress](https://www.getambassador.io/products/api-gateway/) are Kubernetes native, high-performance Ingress controllers designed with GitOps workflows and developer experience in mind. The Edge Stack allows users to manage [Authentication](https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/), [Rate Limits](https://www.getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/), [TLS](https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/) and more with easy-to-use resources for [managing your APIs](https://www.getambassador.io/docs/edge-stack/latest/topics/using/intro-mappings/). - -## Service Catalog - -The default installation of Ambassador Edge Stack includes the deployment needed to get started with [Service Catalog](https://www.getambassador.io/products/service-catalog/) and the [Developer Control Plane](https://www.getambassador.io/developer-control-plane/). Simply generate your [Cloud Token](https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/#1-connect-your-cluster-to-ambassador-cloud) and add it in the Service Catalog section as you're setting up the chart. - -## More Info - -Visit the [Quick Start](https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/) page for more instructions, or check out our [documentation](https://www.getambassador.io/docs/edge-stack). For any questions, or to join the community, visit our [Slack](https://a8r.io/slack) and say hi! - -* Ambassador recommends a Kubernetes version of 1.16 or higher. diff --git a/charts/ambassador/ambassador/ci/01-psp-values.yaml b/charts/ambassador/ambassador/ci/01-psp-values.yaml deleted file mode 100644 index 27152824e..000000000 --- a/charts/ambassador/ambassador/ci/01-psp-values.yaml +++ /dev/null @@ -1,40 +0,0 @@ -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: - # Add AppArmor and Seccomp annotations - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - annotations: - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - spec: - seLinux: - rule: RunAsAny - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - privileged: false - allowPrivilegeEscalation: false - runAsUser: - rule: MustRunAsNonRoot diff --git a/charts/ambassador/ambassador/ci/02-oss-values.yaml b/charts/ambassador/ambassador/ci/02-oss-values.yaml deleted file mode 100644 index 4fb9ff60c..000000000 --- a/charts/ambassador/ambassador/ci/02-oss-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# install the Ambassador API Gateway -image: - pullPolicy: IfNotPresent - -enableAES: false - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/ci/05-auth-disabled-values.yaml b/charts/ambassador/ambassador/ci/05-auth-disabled-values.yaml deleted file mode 100644 index 769f8eb55..000000000 --- a/charts/ambassador/ambassador/ci/05-auth-disabled-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: NodePort - -authService: - create: false - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/ci/06-hpa-values.yaml b/charts/ambassador/ambassador/ci/06-hpa-values.yaml deleted file mode 100644 index 56509eb8b..000000000 --- a/charts/ambassador/ambassador/ci/06-hpa-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -deploymentStrategy: - type: Recreate - -service: - type: NodePort - -autoscaling: - enabled: true diff --git a/charts/ambassador/ambassador/ci/08-single-namespace-values.yaml b/charts/ambassador/ambassador/ci/08-single-namespace-values.yaml deleted file mode 100644 index 591785bde..000000000 --- a/charts/ambassador/ambassador/ci/08-single-namespace-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: NodePort - -deploymentStrategy: - type: Recreate - -scope: - singleNamespace: true diff --git a/charts/ambassador/ambassador/ci/09-redis-false-values.yaml b/charts/ambassador/ambassador/ci/09-redis-false-values.yaml deleted file mode 100644 index e545210d5..000000000 --- a/charts/ambassador/ambassador/ci/09-redis-false-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -service: - type: NodePort - -redis: - enabled: false - # Annotations for Ambassador Pro's redis instance. - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/ci/12-daemonset-values.yaml b/charts/ambassador/ambassador/ci/12-daemonset-values.yaml deleted file mode 100644 index 9a581d94b..000000000 --- a/charts/ambassador/ambassador/ci/12-daemonset-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -service: - type: NodePort - -deploymentStrategy: - type: RollingUpdate - -daemonSet: true diff --git a/charts/ambassador/ambassador/ci/13-rl-disabled-values.yaml b/charts/ambassador/ambassador/ci/13-rl-disabled-values.yaml deleted file mode 100644 index a1dfe0434..000000000 --- a/charts/ambassador/ambassador/ci/13-rl-disabled-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: NodePort - -rateLimit: - create: false - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/ci/14-deployment-labels.yaml b/charts/ambassador/ambassador/ci/14-deployment-labels.yaml deleted file mode 100644 index 33ebe5b74..000000000 --- a/charts/ambassador/ambassador/ci/14-deployment-labels.yaml +++ /dev/null @@ -1,3 +0,0 @@ -deploymentLabels: - label: foo - label2: bar diff --git a/charts/ambassador/ambassador/ci/15-test-resolvers.yaml b/charts/ambassador/ambassador/ci/15-test-resolvers.yaml deleted file mode 100644 index 0601ce9c4..000000000 --- a/charts/ambassador/ambassador/ci/15-test-resolvers.yaml +++ /dev/null @@ -1,11 +0,0 @@ -resolvers: - endpoint: - create: true - name: endpoint-foo - - consul: - create: true - name: consul-foo - spec: - address: ${HOST_IP} - datacenter: dc1 \ No newline at end of file diff --git a/charts/ambassador/ambassador/ci/16-test-module.yaml b/charts/ambassador/ambassador/ci/16-test-module.yaml deleted file mode 100644 index d80bf9508..000000000 --- a/charts/ambassador/ambassador/ci/16-test-module.yaml +++ /dev/null @@ -1,9 +0,0 @@ -module: - lua_scripts: | - function envoy_on_response(response_handle) - response_handle:headers():add("Lua-Scripts-Enabled", "Processed") - end - - ip_allow: - - peer: 127.0.0.1 - - remote: 99.99.0.0/16 \ No newline at end of file diff --git a/charts/ambassador/ambassador/ci/17-svc-preview.yaml b/charts/ambassador/ambassador/ci/17-svc-preview.yaml deleted file mode 100644 index a141bcdda..000000000 --- a/charts/ambassador/ambassador/ci/17-svc-preview.yaml +++ /dev/null @@ -1,5 +0,0 @@ -servicePreview: - enabled: true -trafficAgent: - injector: - enabled: true diff --git a/charts/ambassador/ambassador/ci/check_updated_changelog.sh b/charts/ambassador/ambassador/ci/check_updated_changelog.sh deleted file mode 100644 index 1840c1799..000000000 --- a/charts/ambassador/ambassador/ci/check_updated_changelog.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -e - -CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; } -TOP_DIR=$CURR_DIR/.. - -# shellcheck source=common.sh -source "$CURR_DIR/common.sh" - -echo ${TOP_DIR} -chart_version=$(get_chart_version ${TOP_DIR}) - -if ! grep "## v${chart_version}" ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then - echo "Current chart version does not appear in the changelog." - echo "Please run ambassador.git/charts/ambassador/ci/update_chart_changelog.sh and commit." - exit 1 -fi - -echo "Changelog looks good!" diff --git a/charts/ambassador/ambassador/ci/tests/manifests/backend.yaml b/charts/ambassador/ambassador/ci/tests/manifests/backend.yaml deleted file mode 100644 index b2d9205df..000000000 --- a/charts/ambassador/ambassador/ci/tests/manifests/backend.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -apiVersion: getambassador.io/v1 -kind: Mapping -metadata: - name: quote-backend -spec: - prefix: /backend/ - service: quote ---- -apiVersion: v1 -kind: Service -metadata: - name: quote -spec: - ports: - - name: http - port: 80 - targetPort: 8080 - selector: - app: quote ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: quote -spec: - replicas: 1 - selector: - matchLabels: - app: quote - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: quote - spec: - containers: - - name: backend - image: datawire/quote:0.4.0 - ports: - - name: http - containerPort: 8080 - resources: - limits: - cpu: "0.1" - memory: 100Mi diff --git a/charts/ambassador/ambassador/ci/tests/manifests/ci-default-values.yaml b/charts/ambassador/ambassador/ci/tests/manifests/ci-default-values.yaml deleted file mode 100644 index 0a1ec852e..000000000 --- a/charts/ambassador/ambassador/ci/tests/manifests/ci-default-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -#env: -# AMBASSADOR_SINGLE_NAMESPACE: true -# AMBASSADOR_NO_KUBEWATCH: no_kubewatch - -deploymentStrategy: - type: Recreate - -service: - type: NodePort diff --git a/charts/ambassador/ambassador/ci/tests/manifests/helm-init.yaml b/charts/ambassador/ambassador/ci/tests/manifests/helm-init.yaml deleted file mode 100644 index 1fcf47dca..000000000 --- a/charts/ambassador/ambassador/ci/tests/manifests/helm-init.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tiller - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tiller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: tiller - namespace: kube-system diff --git a/charts/ambassador/ambassador/ci/tests/manifests/helm2-values.yaml b/charts/ambassador/ambassador/ci/tests/manifests/helm2-values.yaml deleted file mode 100644 index d9c0c83c3..000000000 --- a/charts/ambassador/ambassador/ci/tests/manifests/helm2-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -service: - type: NodePort - -crds: - create: false - diff --git a/charts/ambassador/ambassador/ci/tests/manifests/tls.yaml b/charts/ambassador/ambassador/ci/tests/manifests/tls.yaml deleted file mode 100644 index bc25cf664..000000000 --- a/charts/ambassador/ambassador/ci/tests/manifests/tls.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: v1 -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzRENDQVpnQ0NRRHVzSjFYNE54NjJEQU5CZ2txaGtpRzl3MEJBUXNGQURBYU1SZ3dGZ1lEVlFRRERBOWgKYldKaGMzTmhaRzl5TFdObGNuUXdIaGNOTVRreE1qRXpNakV3TXpBNVdoY05NakF4TWpFeU1qRXdNekE1V2pBYQpNUmd3RmdZRFZRUUREQTloYldKaGMzTmhaRzl5TFdObGNuUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJjcms1OTk0dklURnZpUGNJRjJpd3R0dVdpajFTeUZNSzVpbERieFByMmJCL3RmbDYKcmRwVUFlWkkrMTVDR2VHbi80ZitwRlFXODdwZ2ZvbDhlL3lCSTUvWStpdVIrQUY1bzhQV2h4aHBJdVk3RXdVbgpyT3ZJajcxaUZWa1Q4akRYZW9RWWdKalQ1MWh4SisyelVLZ3VtZDB6L05USEwrQndFbHZ4Z1ZuWlhUdlhsVGFiClBoWloyK3dZdDQvSnozN3lBMHJwNURKeTg5SStQNmVRSmNseUVyWmsvRUNuRFBxTlhDK1VyclVySXBsNkRScHUKdGZWOE9KM3BJZWc2YjBWQi9TQnRPNzFhMThkaXFPclFVREU5MEFOSWJsYWp0ODN5M0FIc29SNytpVGI0QXFvVwpiNG5LcVV1bEQ2QU0xVUg0TzR0SExIM05SemVOL1E1ZUtVb0ZBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBQ045b050OVJXT2JOTTBmajg1cm9GUG1zRE1UWElFOU5SNmpDMjV1SGtpY0lnamtGd043NTFkTnQxT0YKZWZLSkFzTDlSWmZUNmVmMUMxOFlnWE1xbTF5Yis0Q1VWWU9RZW96MlgweEdyT1lLZUhPM0hqamNqcXZ1cUxTeApTQ2duVlM1NkhqZU15MzJBNnIxcUhBL1FsYkkraGJFbHN0MVNwYnFSOG95dE9oUzZpNFNWbWxacWxBRkx5WFRRCjZ6Nm5wc25lTmdXMXhkdDN2UkpleXVFWEFZL0Z0eUxmZnkxdk5uODhhTkg2Y2Z2eWJjaHNkaWlRNnVXTnowVGMKeVVodGZUYWFRVjA1d21KZEJ3ZmJndXF0UjFxbXdyNCtzcjA0MEhoQ0pSVmlRUUdHa2VWSVU5ZHFPY0ZkZk5FTQo5NmczU01YWGRrcVhBYzFFb2hZdEthMWwvNTA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdG5LNU9mZmVMeUV4YjRqM0NCZG9zTGJibG9vOVVzaFRDdVlwUTI4VDY5bXdmN1g1CmVxM2FWQUhtU1B0ZVFobmhwLytIL3FSVUZ2TzZZSDZKZkh2OGdTT2YyUG9ya2ZnQmVhUEQxb2NZYVNMbU94TUYKSjZ6cnlJKzlZaFZaRS9JdzEzcUVHSUNZMCtkWWNTZnRzMUNvTHBuZE0velV4eS9nY0JKYjhZRloyVjA3MTVVMgptejRXV2R2c0dMZVB5YzkrOGdOSzZlUXljdlBTUGorbmtDWEpjaEsyWlB4QXB3ejZqVnd2bEs2MUt5S1plZzBhCmJyWDFmRGlkNlNIb09tOUZRZjBnYlR1OVd0ZkhZcWpxMEZBeFBkQURTRzVXbzdmTjh0d0I3S0VlL29rMitBS3EKRm0rSnlxbExwUStnRE5WQitEdUxSeXg5elVjM2pmME9YaWxLQlFJREFRQUJBb0lCQUVOQy9qaDV3Z2E4QlA2cQpqdkFEdVV2VXpoV3N0empxczNyRUtaZzd2aXRvSU9La1V1cEFaOG9xdlJ4UTE0b2xBb1V0OXBRUlB4TUxIYjN2ClNINkZNeXprMWt4bXhtTlUvQzQ5Q3Jqdkt6ZXZieE4rU3BzNjY5NFA1L0RlRCs0RGpyQVI4ZHNhcGIwUmdCQ1AKZU5sdnRlRWdSbVdoSTB5ZndPMXdSMGM4dWNRaE5GcjNNd0lMQ1FES0Zpa2NDSi9GV0FmNXc4ZGFnYnBYTXAxawo3ci9ya1BFcVh6NnRxam04eWZZWlRoaGIwUE5LcSsxOGdkaCtLeTZPL1RnTVZ2d1BLVkIrZUhoQmJZY2R6VGYxCmxia3pVeUFhZmR3VlBTTnhVOWhzSzBqNExWZG83YlVkajZySHNXTlBWcm1Ib1VsUnNjcno2aDhPZlQ0bU9WTi8KRmhtcEhvRUNnWUVBNlVENVlWMUJrWEg4S21WRjhiVGVGVGlTY1IvRGI4TVlRY3NLNzQrNEg5aEFmbjR3d3ZWeQpidi9kL2NsOWZHY0xXN0w1QWM1WWRxNlNWZGFHRVZpVzVOTy8xV0wwN3JjaG8xZTRaSzlPemJiUllNWW51cWRHCmF5eGhoUks0R25ubzZXMTlMWWc1d1F3TUJvUzNSbFVxUWN3UU1ESiszMVc4emwrazdpODk0dVVDZ1lFQXlEMXIKZHVMSGRMcG9UWEd2ZjZIVk9HQ1pWczQvSXg1M1B1WnRXY1FkYkc5MDZNWHRwdldWdDN1ek8rVVd2WGJIWHBSMQpjZWVrUHRucTI4a1BFT2oyd3NoVFRQQ05OT0dUWE01SzREbTVjNjVaeWY0WVJjQ0NZNEpSSUNqWHExeE9uc21nCk8ydTZiYlVQWE9veXFmVllWK0wwK25zcHNLOUNCd0ZaMjJqMXVLRUNnWUVBbzcyZTBzQ2FaTFcxcFRWT3NteWIKY2g0eWZ3TWpPUE9sdFpvSlpUNW9yTUlzRkNBVnJ1YUtuRzAxc3hDYzdKV1JuWiszdVpMVyt3bDFaSmlocU0rZApyYWtRQTRYaUZ5bXJqWFRvMXBWU0pvcnQxSmVHRUR1WTdXZE1WaFJiOVFvYmZMSUZxODd6YkJjKzRkeU1vK3pwCkt5TkxRZXBRc2dzSDdYK3EwaUdMdWhrQ2dZQUlYQWdRZm9jMUtGTVNhSnliQjNhUFUva1MxcWxzSGVsOGhzSXAKN1RZTlFObnduZEsrRmFLYWRsK1ZNSXN5ZmJMMUQ5MlhVOFJYbTJGaXE1SWxjcFJhcldKTTQvNEJKeW12eGl6NgpEMjdlbFhqS0pnRjlaL3dKaTNjM2tIendlbm9OeHYwWmZmWGFmcVNWakhGeEJ2MFpMakJzQkpoSStBZ1pvc1ROCmxDUXVBUUtCZ1FESHVxNUVseU1RS2NZWm5tRlN6T2ZYWXNJYm8rZEJJTlEyNnB0OFdacGMydnpsNkNrQXV3TWwKQU9jRllrbjBXSnVJRXRubnhPT3Rwcnh0VGRIWGIvOWZWY090Unp2TitvVjN2OVNEalZjWTRESWp3MXlpMkt1Vwp6MmV1N1lCNExlbG13TFlHMEJUMWp0ejJJREUxYW85MzgybEpWV2J4Y1dsdHArWTFCRWhkdmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - name: self-signed-cert -type: kubernetes.io/tls ---- -apiVersion: getambassador.io/v1 -kind: TLSContext -metadata: - name: tls -spec: - hosts: ["*"] - secret: self-signed-cert - diff --git a/charts/ambassador/ambassador/ci/update_chart_changelog.sh b/charts/ambassador/ambassador/ci/update_chart_changelog.sh deleted file mode 100644 index ee7bfeaa8..000000000 --- a/charts/ambassador/ambassador/ci/update_chart_changelog.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -set -e - -CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; } -TOP_DIR=$CURR_DIR/.. - -# shellcheck source=common.sh -source "$CURR_DIR/common.sh" - -chart_version=$(get_chart_version ${TOP_DIR}) - -new_changelog=${TOP_DIR}/CHANGELOG.new.md -rm ${new_changelog} || true -while IFS= read -r line ; do - echo -e "${line}" - echo -e "${line}" >> ${new_changelog} - if [[ "${line}" =~ "## Next Release" ]] ; then - echo "" >> ${new_changelog} - echo "(no changes yet)" >> ${new_changelog} - echo "" >> ${new_changelog} - echo "## v${chart_version}" >> ${new_changelog} - fi - -done < ${TOP_DIR}/CHANGELOG.md - -mv ${new_changelog} ${TOP_DIR}/CHANGELOG.md -if [[ -n "${DONT_COMMIT_DIFF}" ]] ; then - echo "DONT_COMMIT_DIFF is set, not committing" - exit 0 -fi - -if git diff --exit-code -- ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then - echo "No changes to changelog, exiting" - exit 0 -fi - -branch_name="$(git symbolic-ref HEAD 2>/dev/null)" || -branch_name="detached" - -if [[ "${branch_name}" == "refs/heads/master" ]] ; then - echo "Not committing local changes to branch because branch is master" - exit 1 -elif [[ "${branch_name}" == "detached" ]] ; then - echo "Not committing local changes because you're in a detached head state" - echo "please create a branch then rerun this script" - exit 1 -fi -branch_name=${branch_name##refs/heads/} -git add ${TOP_DIR}/CHANGELOG.md -git commit -m "Committing changelog for chart v${chart_version}" -git push -u origin ${branch_name} diff --git a/charts/ambassador/ambassador/crds/filter.yaml b/charts/ambassador/ambassador/crds/filter.yaml deleted file mode 100644 index bf0403820..000000000 --- a/charts/ambassador/ambassador/crds/filter.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: filters.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Filter - plural: filters - shortNames: - - fil - singular: filter - scope: Namespaced - versions: - - name: v1beta2 - served: true - storage: false - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/crds/filterpolicy.yaml b/charts/ambassador/ambassador/crds/filterpolicy.yaml deleted file mode 100644 index 88e3781da..000000000 --- a/charts/ambassador/ambassador/crds/filterpolicy.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: filterpolicies.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: FilterPolicy - plural: filterpolicies - shortNames: - - fp - singular: filterpolicy - scope: Namespaced - versions: - - name: v1beta2 - served: true - storage: false - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/crds/getambassador.io_authservices.yaml b/charts/ambassador/ambassador/crds/getambassador.io_authservices.yaml deleted file mode 100644 index 1c97d063f..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_authservices.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: authservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: AuthService - listKind: AuthServiceList - plural: authservices - singular: authservice - scope: Namespaced - validation: - openAPIV3Schema: - description: AuthService is the Schema for the authservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AuthServiceSpec defines the desired state of AuthService - properties: - add_auth_headers: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - add_linkerd_headers: - type: boolean - allow_request_body: - type: boolean - allowed_authorization_headers: - items: - type: string - type: array - allowed_request_headers: - items: - type: string - type: array - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - auth_service: - type: string - failure_mode_allow: - type: boolean - include_body: - properties: - allow_partial: - type: boolean - max_bytes: - description: These aren't pointer types because they are required. - type: integer - required: - - allow_partial - - max_bytes - type: object - path_prefix: - type: string - proto: - enum: - - http - - grpc - type: string - protocol_version: - enum: - - v2 - - v3 - type: string - status_on_error: - description: Why isn't this just an int?? - properties: - code: - type: integer - type: object - timeout_ms: - type: integer - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - required: - - auth_service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_consulresolvers.yaml b/charts/ambassador/ambassador/crds/getambassador.io_consulresolvers.yaml deleted file mode 100644 index 0f659d5d3..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_consulresolvers.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: consulresolvers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ConsulResolver - listKind: ConsulResolverList - plural: consulresolvers - singular: consulresolver - scope: Namespaced - validation: - openAPIV3Schema: - description: ConsulResolver is the Schema for the ConsulResolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use. - properties: - address: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - datacenter: - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_devportals.yaml b/charts/ambassador/ambassador/crds/getambassador.io_devportals.yaml deleted file mode 100644 index 291d2a66e..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_devportals.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: devportals.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: DevPortal - listKind: DevPortalList - plural: devportals - singular: devportal - scope: Namespaced - validation: - openAPIV3Schema: - description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DevPortalSpec defines the desired state of DevPortal - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - content: - description: Content specifies where the content shown in the DevPortal come from - properties: - branch: - type: string - dir: - type: string - url: - type: string - type: object - default: - description: Default must be true when this is the default DevPortal - type: boolean - docs: - description: Docs is a static docs definition - items: - description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of : tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.' - properties: - service: - description: Service is the service being documented - type: string - url: - description: URL is the URL used for obtaining docs - type: string - type: object - type: array - naming_scheme: - description: Describes how to display "services" in the DevPortal. Default namespace.name - enum: - - namespace.name - - name.prefix - type: string - search: - description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal - properties: - enabled: - type: boolean - type: - description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint' - enum: - - title-only - - all-content - type: string - type: object - selector: - description: Selector is used for choosing what is shown in the DevPortal - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal. - type: object - matchNamespaces: - description: MatchNamespaces is a list of namespaces that will be included in this DevPortal. - items: - type: string - type: array - type: object - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/crds/getambassador.io_hosts.yaml b/charts/ambassador/ambassador/crds/getambassador.io_hosts.yaml deleted file mode 100644 index ccc7abd92..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_hosts.yaml +++ /dev/null @@ -1,246 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: hosts.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hostname - name: Hostname - type: string - - JSONPath: .status.state - name: State - type: string - - JSONPath: .status.phaseCompleted - name: Phase Completed - type: string - - JSONPath: .status.phasePending - name: Phase Pending - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Host - listKind: HostList - plural: hosts - singular: host - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Host is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostSpec defines the desired state of Host - properties: - acmeProvider: - description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret. - properties: - authority: - description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host. - type: string - email: - type: string - privateKeySecret: - description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - registration: - description: This is normally set automatically - type: string - type: object - ambassador_id: - description: Common to all Ambassador objects (and optional). - items: - type: string - oneOf: - - type: string - - type: array - ambassadorId: - description: A compatibility alias for "ambassador_id"; because Host used to be specified with protobuf, and jsonpb allowed either "ambassador_id" or "ambassadorId", and even though we didn't tell people about "ambassadorId" it's what the web policy console generated because of jsonpb. So Hosts with 'ambassadorId' exist in the wild. - items: - type: string - oneOf: - - type: string - - type: array - hostname: - description: Hostname by which the Ambassador can be reached. - type: string - previewUrl: - description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled. - properties: - enabled: - description: Is the Preview URL feature enabled? - type: boolean - type: - description: What type of Preview URL is allowed? - enum: - - Path - type: string - type: object - requestPolicy: - description: Request policy definition. - properties: - insecure: - properties: - action: - enum: - - Redirect - - Reject - - Route - type: string - additionalPort: - type: integer - type: object - type: object - selector: - description: Selector by which we can find further configuration. Defaults to hostname=$hostname - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - tls: - description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`. - properties: - alpn_protocols: - type: string - ca_secret: - type: string - cacert_chain_file: - type: string - cert_chain_file: - type: string - cert_required: - type: boolean - cipher_suites: - items: - type: string - type: array - ecdh_curves: - items: - type: string - type: array - max_tls_version: - type: string - min_tls_version: - type: string - private_key_file: - type: string - redirect_cleartext_from: - type: integer - sni: - type: string - type: object - tlsContext: - description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - tlsSecret: - description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - type: object - status: - description: HostStatus defines the observed state of Host - properties: - errorBackoff: - type: string - errorReason: - description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error. - type: string - errorTimestamp: - format: date-time - type: string - phaseCompleted: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. - enum: - - NA - - DefaultsFilled - - ACMEUserPrivateKeyCreated - - ACMEUserRegistered - - ACMECertificateChallenge - type: string - phasePending: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. - enum: - - NA - - DefaultsFilled - - ACMEUserPrivateKeyCreated - - ACMEUserRegistered - - ACMECertificateChallenge - type: string - state: - description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty. - enum: - - Initial - - Pending - - Ready - - Error - type: string - tlsCertificateSource: - enum: - - Unknown - - None - - Other - - ACME - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/crds/getambassador.io_kubernetesendpointresolvers.yaml b/charts/ambassador/ambassador/crds/getambassador.io_kubernetesendpointresolvers.yaml deleted file mode 100644 index 88b73d2d8..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_kubernetesendpointresolvers.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: kubernetesendpointresolvers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: KubernetesEndpointResolver - listKind: KubernetesEndpointResolverList - plural: kubernetesendpointresolvers - singular: kubernetesendpointresolver - scope: Namespaced - validation: - openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID. - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_kubernetesserviceresolvers.yaml b/charts/ambassador/ambassador/crds/getambassador.io_kubernetesserviceresolvers.yaml deleted file mode 100644 index 98b5d302e..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_kubernetesserviceresolvers.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: kubernetesserviceresolvers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: KubernetesServiceResolver - listKind: KubernetesServiceResolverList - plural: kubernetesserviceresolvers - singular: kubernetesserviceresolver - scope: Namespaced - validation: - openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID. - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_logservices.yaml b/charts/ambassador/ambassador/crds/getambassador.io_logservices.yaml deleted file mode 100644 index a726defe5..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_logservices.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: logservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: LogService - listKind: LogServiceList - plural: logservices - singular: logservice - scope: Namespaced - validation: - openAPIV3Schema: - description: LogService is the Schema for the logservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: LogServiceSpec defines the desired state of LogService - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - driver: - enum: - - tcp - - http - type: string - driver_config: - properties: - additional_log_headers: - items: - properties: - during_request: - type: boolean - during_response: - type: boolean - during_trailer: - type: boolean - header_name: - type: string - type: object - type: array - type: object - flush_interval_byte_size: - type: integer - flush_interval_time: - type: integer - grpc: - type: boolean - service: - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_mappings.yaml b/charts/ambassador/ambassador/crds/getambassador.io_mappings.yaml deleted file mode 100644 index c61eefb5f..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_mappings.yaml +++ /dev/null @@ -1,431 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: mappings.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - name: Source Host - type: string - - JSONPath: .spec.prefix - name: Source Prefix - type: string - - JSONPath: .spec.service - name: Dest Service - type: string - - JSONPath: .status.state - name: State - type: string - - JSONPath: .status.reason - name: Reason - type: string - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Mapping - listKind: MappingList - plural: mappings - singular: mapping - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Mapping is the Schema for the mappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MappingSpec defines the desired state of Mapping - properties: - add_linkerd_headers: - type: boolean - add_request_headers: - additionalProperties: - oneOf: - - type: string - - type: boolean - - type: object - type: object - add_response_headers: - additionalProperties: - oneOf: - - type: string - - type: boolean - - type: object - type: object - allow_upgrade: - description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1" - items: - type: string - type: array - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - auth_context_extensions: - additionalProperties: - type: string - type: object - auto_host_rewrite: - type: boolean - bypass_auth: - type: boolean - bypass_error_response_overrides: - description: If true, bypasses any `error_response_overrides` set on the Ambassador module. - type: boolean - case_sensitive: - type: boolean - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_idle_timeout_ms: - type: integer - cluster_max_connection_lifetime_ms: - type: integer - cluster_tag: - type: string - connect_timeout_ms: - type: integer - cors: - properties: - credentials: - type: boolean - exposed_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - max_age: - type: string - methods: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - origins: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - type: object - docs: - description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal) - properties: - display_name: - type: string - ignored: - type: boolean - path: - type: string - url: - type: string - type: object - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - envoy_override: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. - type: object - error_response_overrides: - description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any. - items: - description: A response rewrite for an HTTP error response - properties: - body: - description: The new response body - properties: - content_type: - description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'. - type: string - json_format: - additionalProperties: - type: string - description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.' - type: object - text_format: - description: A format string representing a text response body. Content-Type can be set using the `content_type` field below. - type: string - text_format_source: - description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration. - properties: - filename: - description: The name of a file on the Ambassador pod that contains a format text string. - type: string - type: object - type: object - on_status_code: - description: The status code to match on -- not a pointer because it's required. - maximum: 599 - minimum: 400 - type: integer - required: - - body - - on_status_code - type: object - minItems: 1 - type: array - grpc: - type: boolean - headers: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - host: - type: string - host_redirect: - type: boolean - host_regex: - type: boolean - host_rewrite: - type: string - idle_timeout_ms: - type: integer - keepalive: - properties: - idle_time: - type: integer - interval: - type: integer - probes: - type: integer - type: object - labels: - additionalProperties: - description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex. - items: - additionalProperties: - description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.' - items: - description: A MappingLabelSpecifier (finally!) defines a single label. There are multiple kinds of label, so this is more complex than we'd like it to be. See the remarks about schema on custom types in `./common.go`. - type: array - description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.' - type: object - type: array - description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups. - type: object - load_balancer: - properties: - cookie: - properties: - name: - type: string - path: - type: string - ttl: - type: string - required: - - name - type: object - header: - type: string - policy: - enum: - - round_robin - - ring_hash - - maglev - - least_request - type: string - source_ip: - type: boolean - required: - - policy - type: object - method: - type: string - method_regex: - type: boolean - modules: - items: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. - type: object - type: array - outlier_detection: - type: string - path_redirect: - description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`. - type: string - precedence: - type: integer - prefix: - type: string - prefix_exact: - type: boolean - prefix_redirect: - description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`. - type: string - prefix_regex: - type: boolean - priority: - type: string - query_parameters: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - redirect_response_code: - description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`. - enum: - - 301 - - 302 - - 303 - - 307 - - 308 - type: integer - regex_headers: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - regex_query_parameters: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - regex_redirect: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`. - type: object - regex_rewrite: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - remove_request_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - remove_response_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - resolver: - type: string - retry_policy: - properties: - num_retries: - type: integer - per_try_timeout: - type: string - retry_on: - enum: - - 5xx - - gateway-error - - connect-failure - - retriable-4xx - - refused-stream - - retriable-status-codes - type: string - type: object - rewrite: - type: string - service: - type: string - shadow: - type: boolean - timeout_ms: - description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. - type: integer - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - use_websocket: - description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`' - type: boolean - weight: - type: integer - required: - - prefix - - service - type: object - status: - description: MappingStatus defines the observed state of Mapping - properties: - reason: - type: string - state: - enum: - - "" - - Inactive - - Running - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_modules.yaml b/charts/ambassador/ambassador/crds/getambassador.io_modules.yaml deleted file mode 100644 index f60fa89c6..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_modules.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: modules.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Module - listKind: ModuleList - plural: modules - singular: module - scope: Namespaced - validation: - openAPIV3Schema: - description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - config: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. - type: object - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_ratelimitservices.yaml b/charts/ambassador/ambassador/crds/getambassador.io_ratelimitservices.yaml deleted file mode 100644 index 97562444f..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_ratelimitservices.yaml +++ /dev/null @@ -1,72 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: ratelimitservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: RateLimitService - listKind: RateLimitServiceList - plural: ratelimitservices - singular: ratelimitservice - scope: Namespaced - validation: - openAPIV3Schema: - description: RateLimitService is the Schema for the ratelimitservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RateLimitServiceSpec defines the desired state of RateLimitService - properties: - ambassador_id: - description: Common to all Ambassador objects. - items: - type: string - oneOf: - - type: string - - type: array - domain: - type: string - protocol_version: - enum: - - v2 - - v3 - type: string - service: - type: string - timeout_ms: - type: integer - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - required: - - service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_tcpmappings.yaml b/charts/ambassador/ambassador/crds/getambassador.io_tcpmappings.yaml deleted file mode 100644 index f4c295245..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_tcpmappings.yaml +++ /dev/null @@ -1,102 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: tcpmappings.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TCPMapping - listKind: TCPMappingList - plural: tcpmappings - singular: tcpmapping - scope: Namespaced - validation: - openAPIV3Schema: - description: TCPMapping is the Schema for the tcpmappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPMappingSpec defines the desired state of TCPMapping - properties: - address: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_tag: - type: string - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - host: - type: string - idle_timeout_ms: - description: 'FIXME(lukeshu): Surely this should be an ''int''?' - type: string - port: - description: Port isn't a pointer because it's required. - type: integer - resolver: - type: string - service: - type: string - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - weight: - type: integer - required: - - port - - service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_tlscontexts.yaml b/charts/ambassador/ambassador/crds/getambassador.io_tlscontexts.yaml deleted file mode 100644 index c7ff23605..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_tlscontexts.yaml +++ /dev/null @@ -1,100 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: tlscontexts.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TLSContext - listKind: TLSContextList - plural: tlscontexts - singular: tlscontext - scope: Namespaced - validation: - openAPIV3Schema: - description: TLSContext is the Schema for the tlscontexts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSContextSpec defines the desired state of TLSContext - properties: - alpn_protocols: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - ca_secret: - type: string - cacert_chain_file: - type: string - cert_chain_file: - type: string - cert_required: - type: boolean - cipher_suites: - items: - type: string - type: array - ecdh_curves: - items: - type: string - type: array - hosts: - items: - type: string - type: array - max_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - min_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - private_key_file: - type: string - redirect_cleartext_from: - type: integer - secret: - type: string - secret_namespacing: - type: boolean - sni: - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/getambassador.io_tracingservices.yaml b/charts/ambassador/ambassador/crds/getambassador.io_tracingservices.yaml deleted file mode 100644 index a106a22a5..000000000 --- a/charts/ambassador/ambassador/crds/getambassador.io_tracingservices.yaml +++ /dev/null @@ -1,101 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: tracingservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TracingService - listKind: TracingServiceList - plural: tracingservices - singular: tracingservice - scope: Namespaced - validation: - openAPIV3Schema: - description: TracingService is the Schema for the tracingservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TracingServiceSpec defines the desired state of TracingService - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - config: - properties: - access_token_file: - type: string - collector_cluster: - type: string - collector_endpoint: - type: string - collector_endpoint_version: - enum: - - HTTP_JSON_V1 - - HTTP_JSON - - HTTP_PROTO - type: string - collector_hostname: - type: string - service_name: - type: string - shared_span_context: - type: boolean - trace_id_128bit: - type: boolean - type: object - driver: - enum: - - lightstep - - zipkin - - datadog - type: string - sampling: - properties: - client: - type: integer - overall: - type: integer - random: - type: integer - type: object - service: - type: string - tag_headers: - items: - type: string - type: array - required: - - driver - - service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/crds/project.yaml b/charts/ambassador/ambassador/crds/project.yaml deleted file mode 100644 index ac3a22e27..000000000 --- a/charts/ambassador/ambassador/crds/project.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: projects.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.prefix - name: Prefix - type: string - - JSONPath: .spec.githubRepo - name: Repo - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Project - plural: projects - singular: project - scope: Namespaced - subresources: - status: {} - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/crds/projectcontroller.yaml b/charts/ambassador/ambassador/crds/projectcontroller.yaml deleted file mode 100644 index 93bf4ea65..000000000 --- a/charts/ambassador/ambassador/crds/projectcontroller.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: projectcontrollers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ProjectController - plural: projectcontrollers - singular: projectcontroller - scope: Namespaced - subresources: - status: {} - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/crds/projectrevision.yaml b/charts/ambassador/ambassador/crds/projectrevision.yaml deleted file mode 100644 index 6457bef4a..000000000 --- a/charts/ambassador/ambassador/crds/projectrevision.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: projectrevisions.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.project.name - name: Project - type: string - - JSONPath: .spec.ref - name: Ref - type: string - - JSONPath: .spec.rev - name: Rev - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ProjectRevision - plural: projectrevisions - singular: projectrevision - scope: Namespaced - subresources: - status: {} - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/crds/ratelimit.yaml b/charts/ambassador/ambassador/crds/ratelimit.yaml deleted file mode 100644 index 30b85101c..000000000 --- a/charts/ambassador/ambassador/crds/ratelimit.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: ratelimits.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: RateLimit - plural: ratelimits - shortNames: - - rl - singular: ratelimit - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: false - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/ct.yaml b/charts/ambassador/ambassador/ct.yaml deleted file mode 100644 index ee4f605c8..000000000 --- a/charts/ambassador/ambassador/ct.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# See https://github.com/helm/chart-testing - -# note: all the values files in ci/*-values.yaml will -# be tested automatically. For each configuration, -# all the tests in templates/tests/*.yaml -# will be checked. - -################################################ -# github -################################################ - -remote: origin - -################################################ -# chart -################################################ - -charts: - - /charts/ -chart-dirs: - - /charts/ -chart-repos: - - datawire=https://getambassador.io - -helm-extra-args: --timeout 600s - -# namespace: ambassador -# release-label: release - -################################################ -# checks and validations -################################################ - -validate-maintainers: false -validate-chart-schema: true -validate-yaml: true -# check-version-increment: true diff --git a/charts/ambassador/ambassador/questions.yml b/charts/ambassador/ambassador/questions.yml deleted file mode 100644 index bf13b9471..000000000 --- a/charts/ambassador/ambassador/questions.yml +++ /dev/null @@ -1,84 +0,0 @@ -questions: -### CRD Management -- variable: crds.enabled - label: Create CRDs - description: "Should Ambassador Edge Stack create and manage its CRD's?" - type: boolean - required: false - default: "true" - group: "CRD Management" -- variable: crds.keep - label: Keep CRDs - description: "Should Ambassador Edge Stack keep CRD's when the chart is uninstalled?" - type: boolean - required: false - default: "true" - group: "CRD Management" - show_if: "crds.enabled=true" - -### Deployment Management -- variable: daemonSet - label: Deploy as Daemonset - description: "Deploy Ambassador Edge Stack as a Daemonset? (Recommended: false)" - type: boolean - required: false - default: "true" - group: "Deployment Settings" -- variable: replicaCount - label: Replica Count - description: "How many replicas should Ambassador Edge Stack run? (Recommended: 3)" - type: int - required: false - default: "3" - group: "Deployment Settings" - min: 1 - max: 999 - show_if: "daemonSet=false" - -### Service Settings -- variable: service.type - label: Service Type - description: "Set the type of service, LoadBalancer (recommended), NodePort, or ClusterIP" - type: enum - required: false - default: "LoadBalancer" - group: "Service Settings" - options: - - "LoadBalancer" - - "ClusterIP" - - "NodePort" - -### Licensing -- variable: licenseKey.createSecret - label: "Create License Key Secret" - description: "Creates the license key secret using the License Key Data." - type: boolean - required: false - default: "true" - group: "License Settings" -- variable: licenseKey.value - label: "License Key Data" - description: "Specifies the license key to apply." - type: secret - required: false - default: "" - group: "License Settings" - show_if: "licenseKey.createSecret=true" - -### Service Catalog -- variable: agent.enabled - label: "Enable Service Catalog" - description: "Enables the Service Catalog agent for use at https://app.getambassador.io." - type: boolean - required: false - default: "true" - group: "Service Catalog" -- variable: agent.cloudConnectionToken - label: "Cloud Connection Token" - description: "Specifies the Token used to register a Cluster with the Service Catalog." - type: secret - required: false - default: "" - group: "Service Catalog" - show_if: "agent.enabled=true" - \ No newline at end of file diff --git a/charts/ambassador/ambassador/templates/NOTES.txt b/charts/ambassador/ambassador/templates/NOTES.txt deleted file mode 100644 index 359073a3f..000000000 --- a/charts/ambassador/ambassador/templates/NOTES.txt +++ /dev/null @@ -1,60 +0,0 @@ -------------------------------------------------------------------------------- -{{- if .Values.enableAES }} -Congratulations! You have successfully installed The Ambassador Edge Stack! - -{{- if empty .Values.licenseKey.value }} -------------------------------------------------------------------------------- -NOTE: You are currently running The Ambassador Edge Stack in EVALUATION MODE. - -Request a free community license key at https://SERVICE_IP/edge_stack_admin/#dashboard -to unlock all the features of The Ambassador Edge Stack and update the value of -licenseKey.value in your values.yaml file. -{{- end }} - -{{- if or .Values.authService.create .Values.rateLimit.create }} -------------------------------------------------------------------------------- -WARNING: - -With your installation of the Ambassador Edge Stack, you have created a: -{{ if .Values.authService.create }} -- AuthService named {{include "ambassador.fullname" .}}-auth -{{ end }} {{ if .Values.rateLimit.create }} -- RateLimitService named {{include "ambassador.fullname" .}}-ratelimit -{{ end }} -in the {{ include "ambassador.namespace" . }} namespace. - -Please ensure there is not another of these resources configured in your cluster. -If there is, please either remove the old resource or run - -helm upgrade {{ .Release.Name }} -n {{ .Release.Namespace }} --set authService.create=false --set RateLimit.create=false - -{{- end }} -{{- else }} - Congratulations! You've successfully installed Ambassador! - -------------------------------------------------------------------------------- -To get the IP address of Ambassador, run the following commands: - -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} -NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }}' - - On GKE/Azure: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - - On AWS: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') - - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "ambassador.namespace" .}} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} -{{- end }} - -For help, visit our Slack at http://a8r.io/Slack or view the documentation online at https://www.getambassador.io. diff --git a/charts/ambassador/ambassador/templates/_helpers.tpl b/charts/ambassador/ambassador/templates/_helpers.tpl deleted file mode 100644 index 58a1eb455..000000000 --- a/charts/ambassador/ambassador/templates/_helpers.tpl +++ /dev/null @@ -1,117 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "ambassador.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ambassador.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "ambassador.imagetag" -}} -{{- if .Values.image.fullImageOverride }} - {{- .Values.image.fullImageOverride }} -{{- else }} - {{- if hasKey .Values.image "tag" -}} - {{- .Values.image.tag }} - {{- else if .Values.enableAES }} - {{- .Values.image.aesTag }} - {{- else }} - {{- .Values.image.ossTag }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Set the image that should be used for ambassador. -Use fullImageOverride if present, -Then if the image repository is explicitly set, use "repository:image" -Otherwise, check if AES is enabled -Use AES image if AES is enabled, ambassador image if not -*/}} -{{- define "ambassador.image" -}} -{{- if .Values.image.fullImageOverride }} - {{- .Values.image.fullImageOverride }} -{{- else }} - {{- $repoName := "" }} - {{- $imageTag := "" }} - {{- if hasKey .Values.image "repository" -}} - {{- $repoName = .Values.image.repository }} - {{- else if .Values.enableAES }} - {{- $repoName = .Values.image.aesRepository }} - {{- else }} - {{- $repoName = .Values.image.ossRepository }} - {{- end -}} - {{- if hasKey .Values.image "tag" -}} - {{- $imageTag = .Values.image.tag }} - {{- else if .Values.enableAES }} - {{- $imageTag = .Values.image.aesTag }} - {{- else }} - {{- $imageTag = .Values.image.ossTag }} - {{- end -}} - {{- printf "%s:%s" $repoName $imageTag -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart namespace based on override value. -*/}} -{{- define "ambassador.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ambassador.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "ambassador.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the RBAC to use -*/}} -{{- define "ambassador.rbacName" -}} -{{ default (include "ambassador.fullname" .) .Values.rbac.nameOverride }} -{{- end -}} - -{{/* -Define the http port of the Ambassador service -*/}} -{{- define "ambassador.servicePort" -}} -{{- range .Values.service.ports -}} -{{- if (eq .name "http") -}} -{{ default .port }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/ambassador/ambassador/templates/admin-service.yaml b/charts/ambassador/ambassador/templates/admin-service.yaml deleted file mode 100644 index 34db11f29..000000000 --- a/charts/ambassador/ambassador/templates/admin-service.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- if .Values.adminService.create -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-admin - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - # Hard-coded label for Prometheus Operator ServiceMonitor - service: ambassador-admin - product: aes - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack admin service for internal use and health checks." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" - {{- with .Values.adminService.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.adminService.type }} - ports: - - port: {{ .Values.adminService.port }} - targetPort: admin - protocol: TCP - name: ambassador-admin - {{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }} - nodePort: {{ int .Values.adminService.nodePort }} - {{- end }} - - port: {{ .Values.adminService.snapshotPort }} - targetPort: {{ .Values.adminService.snapshotPort }} - protocol: TCP - name: ambassador-snapshot - selector: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- if eq .Values.adminService.type "LoadBalancer" }} - {{- if not (empty .Values.adminService.loadBalancerIP) }} - loadBalancerIP: {{ .Values.adminService.loadBalancerIP | quote }} - {{- end }} - {{- if not (empty .Values.adminService.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- toYaml .Values.adminService.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/ambassador/ambassador/templates/aes-authservice.yaml b/charts/ambassador/ambassador/templates/aes-authservice.yaml deleted file mode 100644 index b4c61bb0e..000000000 --- a/charts/ambassador/ambassador/templates/aes-authservice.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ if and .Values.authService.create .Values.enableAES }} ---- -apiVersion: getambassador.io/v2 -kind: AuthService -metadata: - name: {{ include "ambassador.fullname" . }}-{{ .Values.authService.deploymentExtraName | default "auth" }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-auth - {{- end }} - product: aes -spec: - proto: grpc - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - auth_service: 127.0.0.1:8500 - {{- if .Values.authService.optional_configurations }} - {{- toYaml .Values.authService.optional_configurations | nindent 2}} - {{- end }} -{{ end }} diff --git a/charts/ambassador/ambassador/templates/aes-injector.yaml b/charts/ambassador/ambassador/templates/aes-injector.yaml deleted file mode 100644 index 03bd3bd95..000000000 --- a/charts/ambassador/ambassador/templates/aes-injector.yaml +++ /dev/null @@ -1,161 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled .Values.servicePreview.trafficAgent.injector.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - spec: - containers: - - name: webhook - {{- if .Values.servicePreview.trafficAgent.image.repository }} - image: "{{ .Values.servicePreview.trafficAgent.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" - {{- else }} - image: {{ include "ambassador.image" . }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "aes-injector" ] - env: - - name: AGENT_MANAGER_NAMESPACE - value: "{{ include "ambassador.namespace" . }}" - - name: TRAFFIC_AGENT_IMAGE - value: "{{ .Values.servicePreview.trafficAgent.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" - - name: TRAFFIC_AGENT_AGENT_LISTEN_PORT - value: "{{ .Values.servicePreview.trafficAgent.port }}" - {{- if .Values.servicePreview.trafficAgent.singleNamespace }} - - name: TRAFFIC_AGENT_SERVICE_ACCOUNT_NAME - value: "{{ .Values.servicePreview.trafficAgent.serviceAccountName }}" - {{- end }} - ports: - - containerPort: 8443 - name: https - livenessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - volumeMounts: - - mountPath: /var/run/secrets/tls - name: tls - readOnly: true - volumes: - - name: tls - secret: - secretName: {{ include "ambassador.fullname" . }}-injector-tls ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack Service Preview Traffic Agent Sidecar injector." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - name: {{ include "ambassador.fullname" . }}-injector - port: 443 - targetPort: https ---- -kind: Secret -apiVersion: v1 -metadata: - name: {{ include "ambassador.fullname" . }}-injector-tls - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-tls - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -type: Opaque -data: - {{ $ca := genCA (printf "%s-injector.%s.svc" (include "ambassador.fullname" .) (include "ambassador.namespace" .)) 365 -}} - crt.pem: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} - key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.servicePreview.trafficAgent.injector.keyPEM)) (empty .Values.servicePreview.trafficAgent.injector.keyPEM) }} ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ include "ambassador.fullname" . }}-injector-webhook-config - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-webhook-config - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -webhooks: -- name: {{ include "ambassador.fullname" . }}-injector.getambassador.io - clientConfig: - service: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - path: "/traffic-agent" - caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} - failurePolicy: Ignore - rules: - - operations: ["CREATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- end }} diff --git a/charts/ambassador/ambassador/templates/aes-internal.yaml b/charts/ambassador/ambassador/templates/aes-internal.yaml deleted file mode 100644 index b210d0b20..000000000 --- a/charts/ambassador/ambassador/templates/aes-internal.yaml +++ /dev/null @@ -1,129 +0,0 @@ -{{ if and .Values.createDevPortalMappings .Values.enableAES }} ---- -# Configure DevPortal -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is referenced by convention, it's important to leave as-is. - name: {{ include "ambassador.fullname" . }}-devportal - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: {{ .Values.devportal.docsPrefix }} - rewrite: "/docs/" - service: "127.0.0.1:8500" ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - name: {{ include "ambassador.fullname" . }}-devportal-assets - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-assets - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /documentation/(assets|styles)/(.*)(.css) - prefix_regex: true - regex_rewrite: - pattern: /documentation/(.*) - substitution: /docs/\1 - service: "127.0.0.1:8500" - add_response_headers: - cache-control: - value: "public, max-age=3600, immutable" - append: false ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is what the demo uses. Sigh. - name: {{ include "ambassador.fullname" . }}-devportal-demo - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-demo - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /docs/ - rewrite: "/docs/" - service: "127.0.0.1:8500" ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is referenced by convention, it's important to leave as-is. - name: {{ include "ambassador.fullname" . }}-devportal-api - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-api - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /openapi/ - rewrite: "" - service: "127.0.0.1:8500" -{{ end }} diff --git a/charts/ambassador/ambassador/templates/aes-ratelimit.yaml b/charts/ambassador/ambassador/templates/aes-ratelimit.yaml deleted file mode 100644 index fdb2ddbcd..000000000 --- a/charts/ambassador/ambassador/templates/aes-ratelimit.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ if and .Values.rateLimit.create .Values.enableAES }} ---- -apiVersion: getambassador.io/v2 -kind: RateLimitService -metadata: - name: {{ include "ambassador.fullname" . }}-{{ .Values.rateLimit.deploymentExtraName | default "ratelimit" }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - service: 127.0.0.1:8500 -{{ end }} diff --git a/charts/ambassador/ambassador/templates/aes-redis.yaml b/charts/ambassador/ambassador/templates/aes-redis.yaml deleted file mode 100644 index e0bbe1931..000000000 --- a/charts/ambassador/ambassador/templates/aes-redis.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{ if and .Values.redis.create .Values.enableAES }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-redis - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- else }} - product: aes - {{- end }} - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack Redis store for auth and rate limiting, among other things." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" - {{- with .Values.redis.annotations.service }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: 6379 - targetPort: 6379 - selector: - {{- if .Values.redis.serviceSelector }} - {{ toYaml .Values.redis.serviceSelector | nindent 4 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-redis - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - annotations: - {{- toYaml .Values.redis.annotations.deployment | nindent 4}} -spec: - replicas: 1 - selector: - matchLabels: - {{- if .Values.redis.serviceSelector }} - {{ toYaml .Values.redis.serviceSelector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - template: - metadata: - labels: - {{- if .Values.redis.serviceSelector }} - {{ toYaml .Values.redis.serviceSelector | nindent 8 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - spec: - containers: - - name: redis - image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}" - imagePullPolicy: {{ .Values.redis.image.pullPolicy }} - resources: - {{- toYaml .Values.redis.resources | nindent 10 }} - restartPolicy: Always - {{- with .Values.redis.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{ end }} diff --git a/charts/ambassador/ambassador/templates/aes-secret.yaml b/charts/ambassador/ambassador/templates/aes-secret.yaml deleted file mode 100644 index 9829d93fe..000000000 --- a/charts/ambassador/ambassador/templates/aes-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.licenseKey.createSecret .Values.enableAES }} -apiVersion: v1 -kind: Secret -metadata: - {{- if ne .Values.deploymentTool "getambassador.io" }} - annotations: - helm.sh/resource-policy: keep - {{- end }} - {{- if .Values.licenseKey.annotations }} - {{- toYaml .Values.licenseKey.annotations | nindent 4 }} - {{- end }} - {{- if .Values.licenseKey.secretName }} - name: {{ .Values.licenseKey.secretName }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-edge-stack - {{- end }} - namespace: {{ include "ambassador.namespace" . }} -type: Opaque -data: - license-key: {{- if .Values.licenseKey.value }} {{ .Values.licenseKey.value | b64enc }} {{- else }} "" {{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/ambassador-agent.yaml b/charts/ambassador/ambassador/templates/ambassador-agent.yaml deleted file mode 100644 index 0d70f4c8b..000000000 --- a/charts/ambassador/ambassador/templates/ambassador-agent.yaml +++ /dev/null @@ -1,371 +0,0 @@ -{{- if .Values.agent.enabled }} -{{- $allowAgent := false -}} - - {{- /* This next bit is ugly. */ -}} - {{- /* Case 1: "fullImageOverride" means don't bother checking the tag. */ -}} - {{- /* Case 2: Otherwise, if it's not a semver-style version number, */ -}} - {{- /* assume we have a power user and turn the agent on. */ -}} - {{- /* Case 3: Otherwise, if Edge Stack, we need at least 1.12.0. */ -}} - {{- /* Case 4: Otherwise, it's OSS and we need at 1.13.0. */ -}} - -{{- if .Values.image.fullImageOverride }} - {{- /* Case 1 */ -}} - {{- $allowAgent = true }} -{{- else if not (regexMatch "^\\d+\\.\\d+\\.\\d+$" (include "ambassador.imagetag" . )) }} - {{- /* Case 2 above: power user */ -}} - {{- $allowAgent = true }} -{{- else if and .Values.enableAES (ne (semver "1.12.0" | (semver (include "ambassador.imagetag" . )).Compare) -1) }} - {{- /* Case 3 above: Edge Stack 1.12.0+ */ -}} - {{- $allowAgent = true }} -{{- else if ne (semver "1.13.0" | (semver (include "ambassador.imagetag" . )).Compare) -1 }} - {{- /* Case 4 above: OSS 1.13.0+ */ -}} - {{- $allowAgent = true }} -{{- end }} - -{{- if $allowAgent }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -{{- if .Values.docker.useImagePullSecret }} -imagePullSecrets: -- name: {{ .Values.docker.imagePullSecretName }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "ambassador.fullname" . }}-agent-config - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.fullname" . }}-agent-config -subjects: -- kind: ServiceAccount - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ include "ambassador.fullname" . }}-agent-config - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "configmaps" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.fullname" . }}-agent - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.fullname" . }}-agent -subjects: -- kind: ServiceAccount - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-pods - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "pods"] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-deployments - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: ["apps", "extensions"] - resources: [ "deployments" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-endpoints - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "endpoints" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-configmaps - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "configmaps" ] - verbs: [ "get", "list", "watch" ] ---- -{{- if .Values.agent.createArgoRBAC }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-rollouts - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: ["argoproj.io"] - resources: [ "rollouts" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-applications - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: ["argoproj.io"] - resources: [ "applications" ] - verbs: [ "get", "list", "watch" ] -{{- end }} -{{ if ne .Values.agent.cloudConnectToken "" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "ambassador.fullname" . }}-agent-cloud-token - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent-cloud-token - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -data: - CLOUD_CONNECT_TOKEN: {{ .Values.agent.cloudConnectToken }} -{{ end }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - {{- end }} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - product: aes - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - spec: - serviceAccountName: {{ include "ambassador.fullname" . }}-agent - containers: - - name: agent - image: {{ include "ambassador.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "agent" ] - env: - - name: AGENT_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AGENT_CONFIG_RESOURCE_NAME - value: {{ include "ambassador.fullname" . }}-agent-cloud-token - - name: RPC_CONNECTION_ADDRESS - value: {{ .Values.agent.rpcAddress }} - - name: AES_SNAPSHOT_URL - value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.snapshotPort }}/snapshot-external" -{{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/config.yaml b/charts/ambassador/ambassador/templates/config.yaml deleted file mode 100644 index b2c2d64bc..000000000 --- a/charts/ambassador/ambassador/templates/config.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.ambassadorConfig }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: '{{ include "ambassador.fullname" . }}-file-config' - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -data: - ambassadorConfig: |- - {{- .Values.ambassadorConfig | nindent 4 }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/crd-delete.yaml b/charts/ambassador/ambassador/templates/crd-delete.yaml deleted file mode 100644 index 0099dedf8..000000000 --- a/charts/ambassador/ambassador/templates/crd-delete.yaml +++ /dev/null @@ -1,123 +0,0 @@ -{{- if and .Values.crds.enabled (not .Values.crds.keep)}} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.serviceAccountName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [ "apiextensions.k8s.io" ] - resources: [ "customresourcedefinitions" ] - verbs: ["get", "list", "watch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.rbacName" . }}-crd-delete -subjects: - - name: {{ include "ambassador.serviceAccountName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "ambassador.fullname" . }}-crd-cleanup - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "3" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - template: - metadata: - name: {{ include "ambassador.fullname" . }}-crd-cleanup - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - spec: - {{- if .Values.rbac.create }} - serviceAccountName: {{ include "ambassador.serviceAccountName" . }}-crd-delete - {{- end }} - containers: - - name: kubectl - image: "buoyantio/kubectl" - args: - - delete - - crds - - -l app.kubernetes.io/name=ambassador - restartPolicy: OnFailure -{{- end }} diff --git a/charts/ambassador/ambassador/templates/crds.yaml b/charts/ambassador/ambassador/templates/crds.yaml deleted file mode 100644 index 3b3bf16d5..000000000 --- a/charts/ambassador/ambassador/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.crds.create }} -{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/deployment.yaml b/charts/ambassador/ambassador/templates/deployment.yaml deleted file mode 100644 index 762cf2d9c..000000000 --- a/charts/ambassador/ambassador/templates/deployment.yaml +++ /dev/null @@ -1,282 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.daemonSet }} -kind: DaemonSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - {{- if .Values.deploymentNameOverride }} - name: {{ .Values.deploymentNameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }} - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - {{- if .Values.deploymentLabels }} - {{- toYaml .Values.deploymentLabels | nindent 4 }} - {{- end }} - {{- if .Values.deploymentAnnotations }} - annotations: - {{- toYaml .Values.deploymentAnnotations | nindent 4 }} - {{- end }} -spec: -{{- if and (not .Values.autoscaling.enabled) (not .Values.daemonSet) }} - replicas: {{ .Values.replicaCount }} -{{- end }} - selector: - matchLabels: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- if .Values.daemonSet }} - updateStrategy: - {{- else }} - strategy: - {{- end }} - {{- toYaml .Values.deploymentStrategy | nindent 4}} - template: - metadata: - labels: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 8 }} - {{- end }} - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - product: aes - {{- end }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} - annotations: - {{- if ne .Values.deploymentTool "getambassador.io" }} - checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - spec: - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- /* Check if .Values.securityContext is set for backwards compatibility */ -}} - {{- if .Values.securityContext -}} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- else -}} - {{- with .Values.security.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end -}} - {{- if .Values.restartPolicy }} - restartPolicy: {{ .Values.restartPolicy }} - {{- end }} - serviceAccountName: {{ include "ambassador.serviceAccountName" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - volumes: - - name: ambassador-pod-info - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - {{- if .Values.prometheusExporter.enabled }} - - name: stats-exporter-mapping-config - configMap: - name: {{ include "ambassador.fullname" . }}-exporter-config - items: - - key: exporterConfiguration - path: mapping-config.yaml - {{- end }} - {{- if .Values.ambassadorConfig }} - - name: ambassador-config - configMap: - name: {{ include "ambassador.fullname" . }}-file-config - items: - - key: ambassadorConfig - path: ambassador-config.yaml - {{- end }} - {{- if and .Values.licenseKey.createSecret .Values.enableAES }} - - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets - secret: - {{- if .Values.licenseKey.secretName }} - secretName: {{ .Values.licenseKey.secretName }} - {{- else }} - secretName: {{ include "ambassador.fullname" . }}-edge-stack - {{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - {{- if .Values.prometheusExporter.enabled }} - - name: prometheus-exporter - image: "{{ .Values.prometheusExporter.repository }}:{{ .Values.prometheusExporter.tag }}" - imagePullPolicy: {{ .Values.prometheusExporter.pullPolicy }} - ports: - - name: metrics - containerPort: 9102 - - name: listener - containerPort: 8125 - args: - - --statsd.listen-udp=:8125 - - --web.listen-address=:9102 - - --statsd.mapping-config=/statsd-exporter/mapping-config.yaml - volumeMounts: - - name: stats-exporter-mapping-config - mountPath: /statsd-exporter/ - readOnly: true - resources: - {{- toYaml .Values.prometheusExporter.resources | nindent 12 }} - {{- end }} - - name: {{ if .Values.containerNameOverride }}{{ .Values.containerNameOverride }}{{ else }}{{ .Chart.Name }}{{ end }} - image: {{ include "ambassador.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - containerPort: {{ int .targetPort }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- if .hostPort }} - hostPort: {{ .hostPort }} - {{- end }} - {{- end}} - - name: admin - containerPort: {{ .Values.adminService.port }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if and (or .Values.redis.create .Values.redisURL) (.Values.enableAES) }} - - name: REDIS_URL - {{- if .Values.redisURL }} - value: {{ .Values.redisURL }} - {{- else }} - value: {{ include "ambassador.fullname" . }}-redis:6379 - {{- end }} - {{- end }} - {{- if and .Values.licenseKey.secretName .Values.enableAES}} - - name: AMBASSADOR_AES_SECRET_NAME - value: {{ .Values.licenseKey.secretName }} - {{- end }} - {{- if .Values.prometheusExporter.enabled }} - - name: STATSD_ENABLED - value: "true" - - name: STATSD_HOST - value: "localhost" - {{- end }} - {{- if .Values.scope.singleNamespace }} - - name: AMBASSADOR_SINGLE_NAMESPACE - value: "YES" - {{- end }} - - name: AMBASSADOR_NAMESPACE - {{- if .Values.namespace }} - value: {{ .Values.namespace.name | quote }} - {{ else }} - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end -}} - {{- if .Values.redisEnv }} - {{ toYaml .Values.redisEnv | nindent 12 }} - {{- end }} - {{- if .Values.env }} - {{- range $key,$value := .Values.env }} - - name: {{ $key | upper | quote}} - value: {{ $value | quote}} - {{- end }} - {{- end }} - {{- if .Values.envRaw }} - {{- with .Values.envRaw }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- end }} - {{- with .Values.security.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - livenessProbe: - httpGet: - path: /ambassador/v0/check_alive - port: admin - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - httpGet: - path: /ambassador/v0/check_ready - port: admin - {{- toYaml .Values.readinessProbe | nindent 12 }} - volumeMounts: - - name: ambassador-pod-info - mountPath: /tmp/ambassador-pod-info - readOnly: true - {{- if .Values.ambassadorConfig }} - - name: ambassador-config - mountPath: /ambassador/ambassador-config/ambassador-config.yaml - subPath: ambassador-config.yaml - {{- end }} - {{- if and .Values.licenseKey.createSecret .Values.enableAES }} - - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets - mountPath: /.config/ambassador - readOnly: true - {{- end }} - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.sidecarContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - imagePullSecrets: - {{- toYaml .Values.imagePullSecrets | nindent 8 }} - dnsPolicy: {{ .Values.dnsPolicy }} - hostNetwork: {{ .Values.hostNetwork }} diff --git a/charts/ambassador/ambassador/templates/exporter-config.yaml b/charts/ambassador/ambassador/templates/exporter-config.yaml deleted file mode 100644 index 69b817f9d..000000000 --- a/charts/ambassador/ambassador/templates/exporter-config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.prometheusExporter.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: '{{ include "ambassador.fullname" . }}-exporter-config' - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -data: - exporterConfiguration: -{{- if .Values.prometheusExporter.configuration }} | - {{- .Values.prometheusExporter.configuration | nindent 4 }} -{{- else }} '' -{{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/hpa.yaml b/charts/ambassador/ambassador/templates/hpa.yaml deleted file mode 100644 index 18cbbdbf6..000000000 --- a/charts/ambassador/ambassador/templates/hpa.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.autoscaling.enabled (not .Values.daemonSet) }} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "ambassador.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- toYaml .Values.autoscaling.metrics | nindent 4 }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/module.yaml b/charts/ambassador/ambassador/templates/module.yaml deleted file mode 100644 index 6d481fef0..000000000 --- a/charts/ambassador/ambassador/templates/module.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.module }} -apiVersion: getambassador.io/v2 -kind: Module -metadata: - name: ambassador - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - config: - {{- toYaml .Values.module | nindent 4 }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/namespace.yaml b/charts/ambassador/ambassador/templates/namespace.yaml deleted file mode 100644 index 4535c74f2..000000000 --- a/charts/ambassador/ambassador/templates/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.createNamespace }} -apiVersion: v1 -kind: Namespace -metadata: - labels: - product: aes - name: {{ include "ambassador.namespace" . }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/oss-migration-test-service.yaml b/charts/ambassador/ambassador/templates/oss-migration-test-service.yaml deleted file mode 100644 index 17f3c288d..000000000 --- a/charts/ambassador/ambassador/templates/oss-migration-test-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.enableTestService }} -apiVersion: v1 -kind: Service -metadata: - name: test-aes - namespace: {{ include "ambassador.namespace" . }} - labels: - product: aes -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - port: {{ int .port }} - {{- if .targetPort }} - targetPort: {{ int .targetPort }} - {{- end }} - {{- if .nodePort }} - nodePort: {{ int .nodePort }} - {{- end }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- end}} - selector: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/pdb.yaml b/charts/ambassador/ambassador/templates/pdb.yaml deleted file mode 100644 index 4044fda60..000000000 --- a/charts/ambassador/ambassador/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/podsecuritypolicy.yaml b/charts/ambassador/ambassador/templates/podsecuritypolicy.yaml deleted file mode 100644 index 3da289039..000000000 --- a/charts/ambassador/ambassador/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.security.podSecurityPolicy }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- with .Values.security.podSecurityPolicy.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.security.podSecurityPolicy.spec }} -spec: - {{- toYaml . | nindent 2}} -{{- end }} -{{ end }} \ No newline at end of file diff --git a/charts/ambassador/ambassador/templates/projects-rbac.yaml b/charts/ambassador/ambassador/templates/projects-rbac.yaml deleted file mode 100644 index ed1087f4b..000000000 --- a/charts/ambassador/ambassador/templates/projects-rbac.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{- if and .Values.rbac.create .Values.registry.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }}-projects - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "secrets", "services" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: ["apps"] - resources: [ "deployments" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: ["batch"] - resources: [ "jobs" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: [""] - resources: [ "pods" ] - verbs: [ "get", "list", "watch" ] -- apiGroups: [""] - resources: [ "pods/log" ] - verbs: [ "get" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: RoleBinding -{{- else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }}-projects - {{- if .Values.scope.singleNamespace }} - namespace: {{ include "ambassador.namespace" . }} - {{- end }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.scope.singleNamespace }} - kind: Role - {{- else }} - kind: ClusterRole - {{- end }} - name: {{ include "ambassador.rbacName" . }}-projects -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- end }} diff --git a/charts/ambassador/ambassador/templates/projects.yaml b/charts/ambassador/ambassador/templates/projects.yaml deleted file mode 100644 index 21b021a9a..000000000 --- a/charts/ambassador/ambassador/templates/projects.yaml +++ /dev/null @@ -1,412 +0,0 @@ -{{- if .Values.registry.create }} -###################################################################### -# In-cluster Registry for Projects - -# This mapping will make every host function as a docker -# registry. It's not ideal to take over the "v2" mapping, but there -# are a number of constraints that make this the least worst option -# explored so far. These constraints are: -# -# - We need a registry where docker push/pull and similar (e.g. crictl -# push/pull) can work with no special client configuration since we -# don't control the clients and we can't expect our users to -# reconfigure their clusters to use a special push/pull -# configuration. -# -# - GKE's push/pull implementation (I think it's docker) and crictl -# push/pull (used by default in k3s clusters) have different default -# behaviors with respect to localhost registries. The docker -# implementation is very permissive, it will try both cleartext and -# TLS and it does not verify the TLS connection, so self-signed -# registries work fine. The crictl implementation is moving in this -# direction, but the version used in k3s (based on rancher's fork of -# containerd at v1.3.3) is not there yet. It only tries cleartext by -# default. -# -# - We want to minimize the requirements for users to have the -# access/understanding to create special DNS configurations -# (e.g. wildcard or a separate dns name for the registry). -# -# - You can configure the docker registry to have a prefix, -# e.g. //v2/..., however without special -# configuration to override the defaults, clients can't push/pull -# from a registry served at a prefix. If your image is named -# /, the client will look for /v2/... endpoints. -# -# Given all the prior constraints we are left with creating this -# mapping for all hosts. If this is a problem there are a few -# alternatives we could consider. We can provide a way to limit this -# mapping to only one host so they can have distinct hosts for their -# site and their registry. We could also look into creating a -# daemonset that binds to localhost and proxies cleartext to -# TLS. Based on what I know of GKE and k3s its a good guess that this -# would accommodate both of them, but possibly not other clusters with -# different configurations. -# -# Another reason to lean towards an externally accessible registry is -# that there are likely some people that would want this as a feature -# so they can docker push/pull images from other systems into/out of -# the builtin registry. While it's true that security minded people -# might not like having this registry externally accessible, it's also -# quite likely those people would want to run their own fancy registry -# that scans/audits images, etc. The focus for RtC is really a smooth -# out of the box experience that functions end-to-end without -# requiring you to build your own platform. For more security minded -# people we should expect to eventually be able to configure an -# external registry and/or turn off the builtin one. ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - name: {{ include "ambassador.fullname" . }}-registry - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -spec: - prefix: /v2/ - rewrite: /v2/ - {{- if .Values.registry.resourceNameOverride }} - service: https://{{ .Values.registry.resourceNameOverride }} - {{- else }} - service: https://{{ include "ambassador.fullname" . }}-registry - {{- end }} - timeout_ms: 300000 ---- -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge internal image registry." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" -spec: - type: ClusterIP - selector: - {{- if .Values.registry.serviceSelectors }} - {{ toYaml .Values.registry.serviceSelector | nindent 4 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - ports: - - port: 443 - targetPort: 5000 - -# The registry deployment. The deployment includes a persistent volume -# mount for storing images, a config-map mount for customizing the -# registry configuration, and a secret mounted for tls. ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - app: registry -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 0 - selector: - matchLabels: - {{- if .Values.registry.serviceSelectors }} - {{ toYaml .Values.registry.serviceSelector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - template: - metadata: - annotations: - foo: "5" - labels: - {{- if .Values.registry.serviceSelectors }} - {{ toYaml .Values.registry.serviceSelector | nindent 8 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - spec: - containers: - - name: registry - image: registry:2 - ports: - - containerPort: 5000 - volumeMounts: - - mountPath: /var/lib/registry - name: registry-data - - name: registry-config - mountPath: /etc/docker/registry - - name: registry-tls - mountPath: /etc/tls - volumes: - - name: registry-config - configMap: - # Provide the name of the ConfigMap containing the files you want - # to add to the container - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-config - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-config - {{- end }} - - name: registry-data - persistentVolumeClaim: - {{- if .Values.registry.resourceNameOverride }} - claimName: {{ .Values.registry.resourceNameOverride }}-data - {{- else }} - claimName: {{ include "ambassador.fullname" . }}-registry-data - {{- end }} - - name: registry-tls - secret: - {{- if .Values.registry.resourceNameOverride }} - secretName: {{ .Values.registry.resourceNameOverride }}-tls - {{- else }} - secretName: {{ include "ambassador.fullname" . }}-registry-tls - {{- end }} - -# The configuration file for our registry. ---- -apiVersion: v1 -kind: ConfigMap -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-config - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-config - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -data: - config.yml: | - version: 0.1 - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - filesystem: - rootdirectory: /var/lib/registry - http: - addr: :5000 - headers: - X-Content-Type-Options: [nosniff] - tls: - certificate: /etc/tls/tls.crt - key: /etc/tls/tls.key - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - -# The persistent volume for our registry. ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-data - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-data - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - -# The self-signed tls secret for our registry. We should look into -# generating this on install with a job. ---- -apiVersion: v1 -kind: Secret -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-tls - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-tls - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -type: kubernetes.io/tls -data: - tls.crt: | - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVEekNDQXZlZ0F3SUJBZ0lVSVZrWlJGSkVJ - VCtOTlJiMFJ0TkxwZFp5TTVnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daWXhDekFKQmdOVkJBWVRB - bFZUTVJZd0ZBWURWUVFJREExTllYTnpZV05vZFhObGRIUnpNUk13RVFZRApWUVFIREFwVGIyMWxj - blpwYkd4bE1SRXdEd1lEVlFRS0RBaEVZWFJoZDJseVpURVVNQklHQTFVRUN3d0xSVzVuCmFXNWxa - WEpwYm1jeEVUQVBCZ05WQkFNTUNISmxaMmx6ZEhKNU1SNHdIQVlKS29aSWh2Y05BUWtCRmc5a1pY - WkEKWkdGMFlYZHBjbVV1YVc4d0hoY05NakF3TVRNd01qRXdNVFV5V2hjTk1qRXdNVEk1TWpFd01U - VXlXakNCbGpFTApNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdNRFUxaGMzTmhZMmgxYzJWMGRI - TXhFekFSQmdOVkJBY01DbE52CmJXVnlkbWxzYkdVeEVUQVBCZ05WQkFvTUNFUmhkR0YzYVhKbE1S - UXdFZ1lEVlFRTERBdEZibWRwYm1WbGNtbHUKWnpFUk1BOEdBMVVFQXd3SWNtVm5hWE4wY25reEhq - QWNCZ2txaGtpRzl3MEJDUUVXRDJSbGRrQmtZWFJoZDJseQpaUzVwYnpDQ0FTSXdEUVlKS29aSWh2 - Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFRtZ21wb2szVVdCVkhqCjFqb2R5eG9LZFJad09Y - WnhiZ25ITXlMa2xxLzUydGdmTEJmVlU1TzB2aE5iVm5vcEVSRWdWV0pTd3dlN0dOS0EKSjlaWWxC - Qlc1Q1U5Q3FNalU2TTVOdTdiVWRQblNyNGRFSFlWcmhEakJYcVpDUElEaFhZS2ZZYWh0YlB4cis1 - egpueS9qQktKU2JwM3RWU3d5SEhsY3JJNHdOU2R1Q2x5UFplOFR0Q2hGQUxhcU5rWUMvclNGK0w0 - SWcwZmY1N0duClpFVmsyZDJja09Xbkp6akRXMGhYL3FUcXhUKzZwV2tUQThWQ0FVS2FabEY5VkRK - c20rOW1XM2dBWmZ5NWdFWloKajcvaktqNTd5R1BUR2xWQXhra2J2WlJJVWQ5LzVkVmE3V1RCYnlR - dkxvOEkyWWQ3S1h6Y3BjcElpS2hRREdPQQpHbGVoa2JVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZ - RUZGTDV5NnNIb09tV0FRWVVGano4VHNETGFnUTdNQjhHCkExVWRJd1FZTUJhQUZGTDV5NnNIb09t - V0FRWVVGano4VHNETGFnUTdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFF - TEJRQURnZ0VCQUFZdHlnNDNDTEJsbVlvY0NkSjVpSlF0NTR0anFGU2hIMzdFd3h4WQp1QVExRHRW - a0Q3QngzUURZZ1cxeU1QYzFTRDhYenFUcWxjQUlOQTZwdVB0SlNPcC8wUUVqVFJSMkFSZFF5VURI - ClZOZEZzcHp5MGRnbllqOXY2ckl4akdOazVHZXI3cUp4TURaUUY0dC82NHZLYWNyOHZOQ3dnSmI5 - WEZaMTBjNlEKdVNSNVVVN1pMTWJPeWd4a0hPQStMMXp3S2pSaXZUb2ZMbExPOURQNUJwMk9hOGgr - TmZhVkJ4ZHFUS2l0UzFaOApnUnZhOTFuRHZwTjl5aHBiNFJVN2FoWW9tWGF4VE5ZVEJxVE1uZWhE - aWhPQjdBS2Z0VVErdjJWZ2VlM1FxaGJ4CjRUSlJpTTUxR2VIWEtoVWw5ZXBxRnBlYllIa1BnU1ln - bU1OUy9aT3JSWmFxajVRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: | - LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB - QVNDQktZd2dnU2lBZ0VBQW9JQkFRQzA1b0pxYUpOMUZnVlIKNDlZNkhjc2FDblVXY0RsMmNXNEp4 - ek1pNUphditkcllIeXdYMVZPVHRMNFRXMVo2S1JFUklGVmlVc01IdXhqUwpnQ2ZXV0pRUVZ1UWxQ - UXFqSTFPak9UYnUyMUhUNTBxK0hSQjJGYTRRNHdWNm1RanlBNFYyQ24yR29iV3o4YS91CmM1OHY0 - d1NpVW02ZDdWVXNNaHg1WEt5T01EVW5iZ3BjajJYdkU3UW9SUUMycWpaR0F2NjBoZmkrQ0lOSDMr - ZXgKcDJSRlpObmRuSkRscHljNHcxdElWLzZrNnNVL3VxVnBFd1BGUWdGQ21tWlJmVlF5Ykp2dlps - dDRBR1g4dVlCRwpXWSsvNHlvK2U4aGoweHBWUU1aSkc3MlVTRkhmZitYVld1MWt3VzhrTHk2UENO - bUhleWw4M0tYS1NJaW9VQXhqCmdCcFhvWkcxQWdNQkFBRUNnZ0VBWUxiMGRxdGVXclRoTnp6V0pk - QVQ2K0kzWXoyd214QmR3a0NMcUZZSjhoOWsKenpNclFicTlxalJ4Z3F2TWVoZEdscDl3eHRaMGlz - ZU9wOHY0Z0hKdkJxVk42RkxRUXhQNS9VUHppSlFkRld1TQozRU54cjVBN3RhK0tHRmVGSHM2Zkpk - TEo5WmF6TEhkRWxmbWUyOTFGZHZzWFJMdkVVNUtmQW90M2ZiVnNWWjFxCnRucVIzY0dET3JVQ00v - ZzJKZmVBYk5wSUJjTnlCV0diOGRQbm5SaHZRNW5YN1ozUnJiNTlhQnhOcldCSkFkbnEKOUtkS3BR - UmU4cjBiRGJ0WVZQamxXRldpOVluWVQ0WHpQOG9TU0t5a3R4TWZraEM2dlVKb0gwNHFOSmRkWjVM - WAozWjRKUm14RnlUZU1rUG0xa2dnSVVRZGJhRWp1WG0rOThOeXVkZitKcVFLQmdRRGx6SS9XMzZM - am1pRE9MSDVUCnFhZTFnazNMV2lTY3hwZzRhazEyenhLSlkrWUJiNnc4UG5EVmlvY2tPa0lsSERh - V0xzQ2VpRkJsM2lPSDlUWWcKQm9iY3JVZVNUbWdOaUNqSlpIWVhIUlY1TEN2bGE0UkhhcXNMWG43 - elptTE5GVW9YRlhaTkoyQzlqUEp5TStyQQpqOWJLWlFvQTF2NC9qOUdMTXN3eEJZem1pd0tCZ1FE - SmhxNDhrYmV0MlRTRFhyMUxuY3FMVU9wak1hQmNyOEJKCnpDNlBwK3F0ck01QVE1RnkwaHRoV2Zn - bDkzZU5vMWRQT2pCRDZ6amIyd2dNSHhBR2w1V0pIN005enFBSWJSaW0KbDFNcmsrUkprbUVGeUls - cU95TG9jNlg0V1pPN1BwejZPQkdWTExGOFlBR09UcldaRzZwUStDeVJWN3hHUS9PWAo4QlN5UVVh - d3Z3S0JnRWFXWG55dmQxYVlpb2txUzZlaFRuM0h4K08yRGRjR2ZjMmVnYXNFRW5xWGNCaHkyQ0l0 - ClAvV29OcmpmR0dCVDJVU3FtY3BZcnZHTG1iaHlqeXlwTkpYbXVEeHR6ektRNTQ1dFNJVHpEeHlJ - Zi9kWjNta2QKaityUEhRbmhJbXBDcHQ2T1hpZDIrQlZoalR1ZFRQZlhkeS8yZDJzb256S2hGOG05 - VWRHaEZkWGZBb0dBRkZ0QwpabVBoeGZIVzJCNU55TUdib0E4QVhoeTVNaU9lck5XdkxsdXIzUGRE - cmtJbEF4QXVLOXRHc2E4WnFIa0RiTUZYCjlzUmY3ZlZtRHJOa2p3WG8yUDBXd2Z1Sk50Q3VXTVdZ - WlNKL1FOOUVaYTBvRkU3ODY3WWk0YjlLcVBOZUwvaFIKN2x1aFlncmduVnRlQktWQ3d3TU9uVy9i - V00yc1lZQ2kxbzY1Y1VrQ2dZQUR4SUJmOGZUOURDS0NaZ1FvQXNDYwpvSzcvdzdDYk1hOEp5TjZa - ZDRiSlIrSzRzUEtQekd2M3dEandxRzFTRkN6UU1FR01mOWt6TWFYb09XdzNaN2NCCklIZTJDUXFF - N2NZdW1LYjFkOTFueU1qMVdQVC9CWEJKZzB3aUNMV0RjakdQR0xNWTJyeGsvMWwzL2xjKy9WVkcK - NjRZZUh1YlllOE9Iemp5UEZGSnJZdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - -###################################################################### -# Project Controller -# -# Comment this out if you want to disable the micro CI/CD functionality: ---- -apiVersion: getambassador.io/v2 -kind: ProjectController -metadata: - {{- if .Values.registry.projectControllerName }} - name: {{ .Values.registry.projectControllerName }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-projectcontroller - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-projectcontroller - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - projects.getambassador.io/ambassador_id: {{ if hasKey .Values.env "AMBASSADOR_ID" }}{{ .Values.env.AMBASSADOR_ID | quote }}{{ else }}default{{ end }} - product: aes -{{- end }} diff --git a/charts/ambassador/ambassador/templates/rbac.yaml b/charts/ambassador/ambassador/templates/rbac.yaml deleted file mode 100644 index 1077c248d..000000000 --- a/charts/ambassador/ambassador/templates/rbac.yaml +++ /dev/null @@ -1,200 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} -rules: [] ---- -# CRDs are cluster scoped resources, so they need to be in a cluster role, -# even if ambassador is running in single namespace mode -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-crd - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} -rules: - - apiGroups: [ "apiextensions.k8s.io" ] - resources: [ "customresourcedefinitions" ] - verbs: ["get", "list", "watch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: Role -metadata: - name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} -{{- else }} -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-watch -{{- end }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} -rules: - - apiGroups: [""] - resources: - - namespaces - - services - - secrets - - endpoints - verbs: ["get", "list", "watch"] - - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update", "patch", "create", "delete" ] - - - apiGroups: [ "getambassador.io" ] - resources: [ "mappings/status" ] - verbs: ["update"] - - - apiGroups: [ "networking.internal.knative.dev" ] - resources: [ "clusteringresses", "ingresses" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "networking.internal.knative.dev" ] - resources: [ "ingresses/status", "clusteringresses/status" ] - verbs: ["update"] - - - apiGroups: [ "extensions", "networking.k8s.io" ] - resources: [ "ingresses", "ingressclasses" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "extensions", "networking.k8s.io" ] - resources: [ "ingresses/status" ] - verbs: ["update"] - - {{- if .Values.enableAES }} - - - apiGroups: [""] - resources: [ "secrets" ] - verbs: ["get", "list", "watch", "create", "update"] - - - apiGroups: [""] - resources: [ "events" ] - verbs: ["get", "list", "watch", "create", "patch"] - - - apiGroups: ["coordination.k8s.io"] - resources: [ "leases" ] - verbs: ["get", "create", "update"] - - - apiGroups: [""] - resources: [ "endpoints" ] - verbs: ["get", "list", "watch", "create", "update"] - {{- end }} - - {{- if or .Values.rbac.podSecurityPolicies .Values.security.podSecurityPolicy }} - - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - {{- if .Values.rbac.podSecurityPolicies }} - {{- toYaml .Values.rbac.podSecurityPolicies | nindent 6 }} - {{- end }} - {{- if .Values.security.podSecurityPolicy }} - - {{ include "ambassador.fullname" . }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount ---- -{{- if .Values.scope.singleNamespace }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- end }} -{{- end -}} diff --git a/charts/ambassador/ambassador/templates/resolvers.yaml b/charts/ambassador/ambassador/templates/resolvers.yaml deleted file mode 100644 index 43aa5ace2..000000000 --- a/charts/ambassador/ambassador/templates/resolvers.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.resolvers.endpoint.create }} ---- -apiVersion: getambassador.io/v2 -kind: KubernetesEndpointResolver -metadata: - name: {{ .Values.resolvers.endpoint.name }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -{{- if hasKey .Values.env "AMBASSADOR_ID" }} -spec: - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} -{{- end }} -{{- end }} -{{- if .Values.resolvers.consul.create }} ---- -apiVersion: getambassador.io/v2 -kind: ConsulResolver -metadata: - name: {{ .Values.resolvers.consul.name }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- toYaml .Values.resolvers.consul.spec | nindent 2 }} -{{- end }} diff --git a/charts/ambassador/ambassador/templates/service.yaml b/charts/ambassador/ambassador/templates/service.yaml deleted file mode 100644 index a541c2234..000000000 --- a/charts/ambassador/ambassador/templates/service.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.service.nameOverride }} - name: {{ .Values.service.nameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }} - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - app.kubernetes.io/component: ambassador-service - product: aes - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack goes beyond traditional API Gateways and Ingress Controllers with the advanced edge features needed to support developer self-service and full-cycle development." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ include "ambassador.namespace" . }} -{{- if .Values.service.annotations }} - {{- range $key, $value := .Values.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -spec: - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" - {{- end }} - {{- if .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ .Values.service.externalTrafficPolicy }}" - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: - {{- toYaml .Values.service.sessionAffinityConfig | nindent 4 }} - {{- end }} - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - port: {{ int .port }} - {{- if .targetPort }} - targetPort: {{ int .targetPort }} - {{- end }} - {{- if .nodePort }} - nodePort: {{ int .nodePort }} - {{- end }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- end}} - selector: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: - {{- toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} diff --git a/charts/ambassador/ambassador/templates/serviceaccount.yaml b/charts/ambassador/ambassador/templates/serviceaccount.yaml deleted file mode 100644 index 90c8ef085..000000000 --- a/charts/ambassador/ambassador/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -{{- if .Values.docker.useImagePullSecret }} -imagePullSecrets: -- name: {{ .Values.docker.imagePullSecretName }} -{{- end }} -{{- end -}} diff --git a/charts/ambassador/ambassador/templates/servicemonitor.yaml b/charts/ambassador/ambassador/templates/servicemonitor.yaml deleted file mode 100644 index b2c8122a1..000000000 --- a/charts/ambassador/ambassador/templates/servicemonitor.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.adminService.create .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app: {{ include "ambassador.name" . }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- toYaml .Values.metrics.serviceMonitor.selector | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: ambassador-admin - path: /metrics - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "ambassador.namespace" . }} - selector: - matchLabels: - service: ambassador-admin -{{- end }} diff --git a/charts/ambassador/ambassador/templates/tests/test-ready.yaml b/charts/ambassador/ambassador/templates/tests/test-ready.yaml deleted file mode 100644 index ec96235f7..000000000 --- a/charts/ambassador/ambassador/templates/tests/test-ready.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (.Values.test.enabled) (not .Values.daemonSet) }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "ambassador.fullname" . }}-test-ready" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: {{ .Values.test.image | default "busybox" }} - command: ['wget'] - args: ['{{ include "ambassador.fullname" . }}:{{ include "ambassador.servicePort" . }}/ambassador/v0/check_ready'] - restartPolicy: Never -{{- end }} diff --git a/charts/ambassador/ambassador/templates/traffic-agent-rbac.yaml b/charts/ambassador/ambassador/templates/traffic-agent-rbac.yaml deleted file mode 100644 index 783c0aed6..000000000 --- a/charts/ambassador/ambassador/templates/traffic-agent-rbac.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled }} -{{- if .Values.servicePreview.trafficAgent.singleNamespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - annotations: - # Required because Helm creates secrets before ServiceAccount, but service-account-token depends on an existing SA. - "helm.sh/hook": "pre-install" - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -## Create a service-account-token for traffic-agent with a matching name. -## Since the ambassador-injector will use this token name, it must be deterministic and not auto-generated. -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - annotations: - kubernetes.io/service-account.name: traffic-agent -type: kubernetes.io/service-account-token ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: [ "namespaces", "services", "secrets" ] - verbs: ["get", "list", "watch"] - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- else }} -## If we install Service Preview cluster-wide, this means we can't use the 'traffic-agent' ServiceAccount -## as it does not exist in every namespace. We must instead grant new Roles to all ServiceAccounts (cluster-wide). ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: [ "namespaces", "services", "secrets" ] - verbs: ["get", "list", "watch"] - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} -subjects: - - name: system:serviceaccounts - kind: Group - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/ambassador/ambassador/templates/traffic-manager.yaml b/charts/ambassador/ambassador/templates/traffic-manager.yaml deleted file mode 100644 index 922bc5df4..000000000 --- a/charts/ambassador/ambassador/templates/traffic-manager.yaml +++ /dev/null @@ -1,190 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: ["namespaces", "services", "pods", "secrets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: RoleBinding -{{- else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.scope.singleNamespace }} - kind: Role - {{- else }} - kind: ClusterRole - {{- end }} - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} -subjects: - - kind: ServiceAccount - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: telepresence-proxy - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - containers: - - name: telepresence-proxy - {{- if .Values.servicePreview.trafficManager.image.repository }} - image: "{{ .Values.servicePreview.trafficManager.image.repository }}:{{ .Values.servicePreview.trafficManager.image.tag | default .Values.image.tag }}" - {{- else }} - image: {{ include "ambassador.image" . }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "traffic-manager" ] - env: - {{- if .Values.scope.singleNamespace }} - - name: AMBASSADOR_SINGLE_NAMESPACE - value: "true" - {{- end }} - - name: AMBASSADOR_NAMESPACE - {{- if .Values.namespace }} - value: {{ .Values.namespace.name | quote }} - {{ else }} - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end -}} - {{- if or .Values.redis.create .Values.redisURL }} - - name: REDIS_URL - {{- if .Values.redisURL }} - value: {{ .Values.redisURL }} - {{- else }} - value: {{ include "ambassador.fullname" . }}-redis:6379 - {{- end }} - {{- end }} - ports: - - name: sshd - containerPort: 8022 - volumeMounts: - - mountPath: /tmp/ambassador-pod-info - name: pod-info - restartPolicy: Always - terminationGracePeriodSeconds: 0 - volumes: - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - name: pod-info - serviceAccountName: {{ .Values.servicePreview.trafficManager.serviceAccountName }} ---- -apiVersion: v1 -kind: Service -metadata: - name: telepresence-proxy - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack Service Preview Telepresence Proxy." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" -spec: - type: ClusterIP - clusterIP: None - selector: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - name: sshd - protocol: TCP - port: 8022 - - name: api - protocol: TCP - port: 8081 -{{- end }} diff --git a/charts/ambassador/ambassador/values.yaml b/charts/ambassador/ambassador/values.yaml deleted file mode 100644 index 17ebb9ab0..000000000 --- a/charts/ambassador/ambassador/values.yaml +++ /dev/null @@ -1,521 +0,0 @@ -# Default values for ambassador. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Manually set metadata for the Release. -# -# Defaults to .Chart.Name -nameOverride: '' -# Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador" -fullnameOverride: '' -# Defaults to .Release.Namespace -namespaceOverride: '' - -replicaCount: 3 -daemonSet: false - -# This will enable the test-ready Pod (https://github.com/datawire/ambassador-chart/blob/master/templates/tests/test-ready.yaml). -# It will spawn a busybox container to call Ambassador's check_ready endpoint to validate it is working correctly. -test: - enabled: true - image: busybox - -# Enable autoscaling using HorizontalPodAutoscaler -# daemonSet: true, autoscaling will be disabled -autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 60 - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 60 - -podDisruptionBudget: {} - -# namespace: - # name: default - -# Additional container environment variable -# Uncomment or add additional environment variables for the container here. -env: {} - # Exposing statistics via StatsD - # STATSD_ENABLED: true - # STATSD_HOST: statsd-sink - # sets the minimum number of seconds between Envoy restarts - # AMBASSADOR_RESTART_TIME: 15 - # sets the number of seconds that the Envoy will wait for open connections to drain on a restart - # AMBASSADOR_DRAIN_TIME: 5 - # sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart - # AMBASSADOR_SHUTDOWN_TIME: 10 - # labels Ambassador with an ID to allow for configuring multiple Ambassadors in a cluster - # AMBASSADOR_ID: default - -# Additional container environment variable in raw YAML format -# Uncomment or add additional environment variables for the container here. -envRaw: {} -# - name: REDIS_PASSWORD -# value: password -# valueFrom: -# secretKeyRef: -# name: redis-password -# key: password -# - name: POD_IP -# valueFrom: -# fieldRef: -# fieldPath: status.podIP - -imagePullSecrets: [] - -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: {} - # # Add AppArmor and Seccomp annotations - # # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - # annotations: - # spec: - # seLinux: - # rule: RunAsAny - # supplementalGroups: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # fsGroup: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # privileged: false - # allowPrivilegeEscalation: false - # runAsUser: - # rule: MustRunAsNonRoot - -image: - ossTag: 1.13.8 - aesTag: 1.13.8 - pullPolicy: IfNotPresent - ossRepository: docker.io/datawire/ambassador - aesRepository: docker.io/datawire/aes -dnsPolicy: ClusterFirst -hostNetwork: false - -service: - type: LoadBalancer - - # Note that target http ports need to match your ambassador configurations service_port - # https://www.getambassador.io/reference/modules/#the-ambassador-module - ports: - - name: http - port: 80 - targetPort: 8080 - # protocol: TCP - # nodePort: 30080 - # hostPort: 80 - - name: https - port: 443 - targetPort: 8443 - # protocol: TCP - # nodePort: 30443 - # hostPort: 443 - # TCPMapping_Port - # port: 2222 - # targetPort: 2222 - # protocol: TCP - # nodePort: 30222 - - externalTrafficPolicy: - - sessionAffinity: - - sessionAffinityConfig: - - externalIPs: [] - - annotations: {} - - ############################################################################# - ## Ambassador should be configured using CRD definition. If you want - ## to use annotations, the following is an example of annotating the - ## Ambassador service with global configuration manifest. - ## - ## See https://www.getambassador.io/reference/core/ambassador and - ## https://www.getambassador.io/reference/core/tls for more info - ############################################################################# - # - # getambassador.io/config: | - # --- - # apiVersion: ambassador/v1 - # kind: TLSContext - # name: ambassador - # secret: ambassador-certs - # hosts: ["*"] - # --- - # apiVersion: ambassador/v1 - # kind: Module - # name: ambassador - # config: - # admin_port: 8001 - # diag_port: 8877 - # diagnostics: - # enabled: true - # enable_grpc_http11_bridge: false - # enable_grpc_web: false - # enable_http10: false - # enable_ipv4: true - # enable_ipv6: false - # liveness_probe: - # enabled: true - # lua_scripts: - # readiness_probe: - # enabled: true - # server_name: envoy - # service_port: 8080 - # use_proxy_proto: false - # use_remote_address: true - # xff_num_trusted_hops: 0 - # x_forwarded_proto_redirect: false - # load_balancer: - # policy: round_robin - # circuit_breakers: - # max_connections: 2048 - # retry_policy: - # retry_on: "5xx" - # cors: - - # Manually set the name of the generated Service - nameOverride: - -adminService: - create: true - type: ClusterIP - port: 8877 - snapshotPort: 8005 - # NodePort used if type is NodePort - # nodePort: 38877 - annotations: {} - -rbac: - # Specifies whether RBAC resources should be created - create: true - # List of Pod Security Policies to use on the container. - # If security.podSecurityPolicy is set, it will be appended to the list - podSecurityPolicies: [] - # Name of the RBAC resources defaults to the name of the release. - # Set nameOverride when installing Ambassador with cluster-wide scope in - # different namespaces with the same release name to avoid conflicts. - nameOverride: - -scope: - # tells Ambassador to only use resources in the namespace or namespace set by namespace.name - singleNamespace: false - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -deploymentStrategy: - type: RollingUpdate - -restartPolicy: - -terminationGracePeriodSeconds: - -initContainers: [] - -sidecarContainers: [] - -livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 3 - failureThreshold: 3 - -readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 3 - failureThreshold: 3 - - -volumes: [] - -volumeMounts: [] - -podLabels: {} - -podAnnotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "9102" - -deploymentLabels: {} - -deploymentAnnotations: {} - # configmap.reloader.stakater.com/auto: "true" - -resources: - # Recommended resource requests and limits for Ambassador - limits: - cpu: 1000m - memory: 600Mi - requests: - cpu: 200m - memory: 300Mi - -priorityClassName: '' - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -topologySpreadConstraints: [] - -ambassadorConfig: '' - -crds: - enabled: true - create: true - keep: true - -# Prometheus Operator ServiceMonitor configuration -# See documentation: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor -metrics: - serviceMonitor: - enabled: false - # interval: 30s - # scrapeTimeout: 30s - # selector: {} - -################################################################################ -## Ambassador Edge Stack Configuration ## -################################################################################ - -# The Ambassador Edge Stack is free for limited use without a license key. -# Go to https://{ambassador-host}/edge_stack/admin/#dashboard to register -# for a community license key. - -enableAES: true - -# Set createSecret: false is installing multiple releases of The Ambassador -# Edge Stack in the same namespace. -licenseKey: - value: - createSecret: true - secretName: - # Annotations to attach to the license-key-secret. - annotations: {} - -# The DevPortal is exposed at /docs/ endpoint in the AES container. -# Setting this to true will automatically create routes for the DevPortal. -createDevPortalMappings: true -devportal: - docsPrefix: /documentation/ - -# The Ambassador Edge Stack uses a redis instance for managing authentication, -# rate limiting, and sharing minor configuration details between pods for -# centralized management. These values configure the redis instance that ships -# by default with The Ambassador Edge Stack. -# -# URL of your redis instance. Defaults to redis instance created below. -redisURL: - -# Ambassador ships with a basic redis instance. Configure the deployment with the options below. -redis: - create: true - image: - repository: redis - tag: 5.0.1 - pullPolicy: IfNotPresent - # Annotations for Ambassador Pro's redis instance. - annotations: - deployment: {} - service: {} - resources: {} - # If you want to specify resources, uncomment the following - # lines and remove the curly braces after 'resources:'. - # These are placeholder values and must be tuned. - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - nodeSelector: {} - affinity: {} - tolerations: {} - - -# Configures the AuthService that ships with the Ambassador Edge Stack. -# Setting authService.create: false will not install the AES AuthService and -# allow you to define your own. -# -# Typically when using the AES, you will want to keep this set to true and use -# the External Filter to communicate with a custom authentication service. -# https://www.getambassador.io/reference/filter-reference/#filter-type-external -authService: - deploymentExtraName: auth - create: true - # Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information - optional_configurations: {} - # include_body: - # max_bytes: 4096 - # allow_partial: true - # status_on_error: - # code: 403 - # failure_mode_allow: false - # retry_policy: - # retry_on: "5xx" - # num_retries: 2 - # add_linkerd_headers: true - # timeout_ms: 30000 - - -# Configures the RateLimitService in the Ambassador Edge Stack. -# Keep this enabled to configure RateLimits in AES. -rateLimit: - create: true - deploymentExtraName: ratelimit - -# Projects are a beta feature of Ambassador that allow developers to stage and -# deploy code with nothing more than a Github repository. -# See: https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/ -registry: - create: false - -# Resolvers are used to configure the discovery service strategy for Ambasador Edge Stack. -# See: https://www.getambassador.io/docs/edge-stack/latest/topics/running/resolvers/ -resolvers: - endpoint: - create: false - name: endpoint - consul: - create: false - name: consul-dc1 - spec: {} - # Configuration for a Consul Resolver - # address: consul-server.default.svc.cluster.local:8500 - # datacenter: dc1 - -# Create and manage an Ambassador Module from the Helm Chart. See: -# https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador -# for more info on the available options. -# -# Note: The Module can only be named ambassador. There can only be one Module -# installed per-namespace. -module: {} - -################################################################################ -## DEPRECATED configuration objects ## -################################################################################ - -# DEPRECATED: Ambassador now exposes the /metrics endpoint in Envoy. -# DEPRECATED: See https://www.getambassador.io/user-guide/monitoring#deployment for more information on how to use the /metrics endpoint -# -# DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it -prometheusExporter: - enabled: false - repository: prom/statsd-exporter - tag: v0.8.1 - pullPolicy: IfNotPresent - resources: {} - # If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - # You can configure the statsd exporter to modify the behavior of mappings and other features. - # See documentation: https://github.com/prometheus/statsd_exporter/tree/v0.8.1#metric-mapping-and-configuration - # Uncomment the following line if you wish to specify a custom configuration: - # configuration: | - # --- - # mappings: - # - match: 'envoy.cluster.*.upstream_cx_connect_ms' - # name: "envoy_cluster_upstream_cx_connect_time" - # timer_type: 'histogram' - # labels: - # cluster_name: "$1" - -# DEPRECATED: Use security.podSecurityContext -# securityContext: -# runAsUser: 8888 - - -# Configures Service Preview that ships with the Ambassador Edge Stack and edgectl. -# Setting servicePreview.enabled: true will install the Traffic Agent Service Account, Traffic Manager with RBAC, and ambassador-injector -servicePreview: - enabled: false - trafficManager: - image: - # Leave blank to use image.repository and image.tag - repository: - tag: - serviceAccountName: traffic-manager - trafficAgent: - image: - # Leave blank to use image.repository and image.tag - repository: - tag: - singleNamespace: true - serviceAccountName: traffic-agent - port: 9900 - - # Configure the ambassador-injector webhook for Service Preview Traffic Agent automatic sidecar injection. - injector: - enabled: true - - # If no injector.crtPEM and injector.keyPEM are provided, a self-signed certificate will be issued - # for the Common Name (CN) of `..svc`, which is the cluster-internal DNS name - # for the service. - crtPEM: '' - keyPEM: '' - -# Configure the ambassador agent -agent: - enabled: true - # this will be empty when it first gets applied, then the user will edit the agent to - # make it start reporting - cloudConnectToken: '' - rpcAddress: https://app.getambassador.io/ - createArgoRBAC: true - image: - # Leave blank to use image.repository and image.tag - tag: - repository: - -deploymentTool: '' - -# configure docker to pull from private registry -docker: {} -createNamespace: false -enableTestService: false diff --git a/charts/komodor/k8s-watcher/Chart.yaml b/charts/komodor/k8s-watcher/Chart.yaml deleted file mode 100644 index e07a92c0d..000000000 --- a/charts/komodor/k8s-watcher/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Komodor Agent - catalog.cattle.io/release-name: komodor-agent -apiVersion: v1 -appVersion: 0.1.99 -description: Watches and send kubernetes resource-related events -icon: https://partner-charts.rancher.io/assets/logos/komodor.png -kubeVersion: 1.16-0 - 1.21-0 -name: k8s-watcher -version: 0.10.1101 diff --git a/charts/komodor/k8s-watcher/README.md b/charts/komodor/k8s-watcher/README.md deleted file mode 100644 index 81a9d892a..000000000 --- a/charts/komodor/k8s-watcher/README.md +++ /dev/null @@ -1,196 +0,0 @@ -# Komodor.io - -## TL;DR; - -```bash -helm repo add komodorio https://helm-charts.komodor.io -helm repo update -helm upgrade --install k8s-watcher komodorio/k8s-watcher --set apiKey=YOUR_API_KEY_HERE --set watcher.clusterName=CLUSTER_NAME --set watcher.allowReadingPodLogs=true --set watcher.enableAgentTaskExecution=true --wait --timeout=90s -``` - -In case of error try contact us for assistance via intercom at: https://app.komodor.com -Or run: - -1. Logs of k8s-watcher - -```bash -kubectl logs --tail=10 deployment/k8s-watcher -n komodor -``` - -2. Helm status - -```bash -helm status k8s-watcher -``` - -3. Reinstall - -```bash -helm uninstall helm-k8s-watcher -``` - -## Introduction - -This chart bootstraps a Kubernetes Resources/Event Watcher deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -### Supported architectures - -- [x] linux/amd64 -- [x] linux/arm64 - -## Prerequisites - -- Kubernetes 1.16+ (older versions not tested) -- Helm 2/3 - -## Installing the Chart - -To install the chart with the release name `k8s-watcher`: - -```bash -helm upgrade --install k8s-watcher komodorio/k8s-watcher --create-namespace --set apiKey=YOUR_API_KEY_HERE --set watcher.clusterName=CLUSTER_NAME -``` - -The command deploys the Komodor K8S-Watcher on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Api Key - -The Komodor kubernetes api key can be provided in the helm upgrade command, in the `values.yaml` file or can be taken from an existing kubernetes secret resource. -When using an existing kubernetes secret resource, specify the secret name in `existingSecret` and store the api key under the name 'apiKey'. - -## Uninstalling the Chart - -To uninstall/delete the `k8s-watcher` deployment: - -Helm 3: - -```bash -helm uninstall k8s-watcher -``` - -Helm 2: - -```bash -helm delete --purge k8s-watcher -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Alternative: Install without Helm - -To install the chart directly with kubectl, use the manifests located in `./kube-install`. - -1. Make sure to set the apiKey (as base 64) secret value in `./kube-install/k8s-watcher/templates/secret-credentials.yaml` - - `KOMOKW_APIKEY=YOUR_APIKEY sed -i "s/YOUR_APIKEY_AS_BASE_64/$(echo $KOMOKW_APIKEY | base64)/g" kube-install/k8s-watcher/templates/secret-credentials.yaml` -2. Then just apply everything in order: - - `kubectl apply -f ./kube-install/k8s-watcher/templates/namespace.yaml` - - `kubectl apply -f ./kube-install/k8s-watcher/templates` - -## Configuration - -The following table lists the configurable parameters of the chart and their default values. - -| Parameter | Description | Default | -|----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------------------------------------ | -| `apiKey` | Komodor kubernetes api key (required if `existingSecret` not specified) | `` | -| `existingSecret` | Existing kubernetes secret resource containing Komodor kubernetes apiKey (required if `apiKey` not specified) | `` | -| `watcher.redact` | List of regular expressions. Config values for keys that matches one of these expressions will show up at Komodor as "REDACTED:\" | `[]` | -| `watcher.clusterName` | Override auto-discovery of Cluster Name with one of your choosing | `` | -| `watcher.watchNamespace` | Watch a specific namespace, or all namespaces ("", "all") | `all` | -| `watcher.namespacesDenylist` | Exclude specific namespaces (list) | `[]` | -| `watcher.nameDenylist` | Exclude specific resource names that contains any of these strings (list) - example: `` watcher.nameDenylist=["dont-watch"] --> `pod/backend-dont-watch` wont be collected `` | `[]` | -| `watcher.collectHistory` | On startup collect existing cluster resources in addition to watching new resources (true / false) | `true` | -| `watcher.sinks.webhook.enabled` | Enables a Webhook output | `true` | -| `watcher.sinks.webhook.url` | URL to send webhooks to | `https://app.komodor.io/k8s-events/event/` | -| `watcher.sinks.webhook.headers` | Headers to attach to the webhooks | `{}` | -| `watcher.resources.event` | Enables watching Event | `true` | -| `watcher.resources.deployment` | Enables watching Deployments | `true` | -| `watcher.resources.replicationController` | Enables watching ReplicationControllers | `true` | -| `watcher.resources.replicaSet` | Enables watching ReplicaSets | `true` | -| `watcher.resources.daemonSet` | Enables watching DaemonSets | `true` | -| `watcher.resources.statefulSet` | Enables watching StatefulSets | `true` | -| `watcher.resources.service` | Enables watching Services | `true` | -| `watcher.resources.pod` | Enables watching Pods | `true` | -| `watcher.resources.job` | Enables watching Jobs | `true` | -| `watcher.resources.node` | Enables watching Nodes | `true` | -| `watcher.resources.clusterRole` | Enables watching ClusterRoles | `true` | -| `watcher.resources.serviceAccount` | Enables watching ServiceAccounts | `true` | -| `watcher.resources.persistentVolume` | Enables watching PersistentVolumes | `true` | -| `watcher.resources.persistentVolumeClaim` | Enables watching PersistentVolumeClaims | `true` | -| `watcher.resources.namespace` | Enables watching Namespaces | `true` | -| `watcher.resources.secret` | Enables watching Secrets | `false` | -| `watcher.resources.configMap` | Enables watching ConfigMaps | `true` | -| `watcher.resources.ingress` | Enables watching Ingresses | `true` | -| `watcher.resources.storageClass` | Enables watching StorageClasses | `true` | -| `watcher.resources.rollout` | Enables watching Argo Rollouts | `true` | -| `watcher.resources.metrics` | Enables watching Metrics | `true` | -| `watcher.resources.limitRange` | Enables watching LimitRange | `true` | -| `watcher.resources.podTemplate` | Enables watching PodTemplate | `true` | -| `watcher.resources.resourceQuota` | Enables watching ResourceQuota | `true` | -| `watcher.resources.admissionRegistrationResources` | Enables watching MutatingWebhookConfigurations and ValidatingWebhookConfigurations | `true` | -| `watcher.resources.controllerRevision` | Enables watching ControllerRevision | `true` | -| `watcher.resources.authorizationResources` | Enables watching Authorization Resources | `true` | -| `watcher.resources.horizontalPodAutoscaler` | Enables watching HorizontalPodAutoscaler | `true` | -| `watcher.resources.certificateSigningRequest` | Enables watching CertificateSigningRequest | `true` | -| `watcher.resources.lease` | Enables watching Lease | `true` | -| `watcher.resources.endpointSlice` | Enables watching EndpointSlice | `true` | -| `watcher.resources.flowControlResources` | Enables watching FlowControl Resources | `true` | -| `watcher.resources.ingressClass` | Enables watching IngressClass | `true` | -| `watcher.resources.networkPolicy` | Enables watching NetworkPolicy | `true` | -| `watcher.resources.runtimeClass` | Enables watching RuntimeClass | `true` | -| `watcher.resources.policyResources` | Enables watching Policy Resources | `true` | -| `watcher.resources.clusterRoleBinding` | Enables watching ClusterRoleBinding | `true` | -| `watcher.resources.roleBinding` | Enables watching RoleBinding | `true` | -| `watcher.resources.role` | Enables watching Role | `true` | -| `watcher.resources.PriorityClass` | Enables watching PriorityClass | `true` | -| `watcher.resources.csiDriver` | Enables watching CSIDriver | `true` | -| `watcher.resources.csiNode` | Enables watching CSINode | `true` | -| `watcher.resources.csiStorageCapacity ` | Enables watching CSIStorageCapacity | `true` | -| `watcher.resources.volumeAttachment` | Enables watching VolumeAttachment | `true` | -| `watcher.servers.healthCheck.port` | Port of the health check - server | `8090` | -| `resources.requests.cpu` | CPU resource requests | `0.25` | -| `resources.limits.cpu` | CPU resource limits | `1` | -| `resources.requests.memory` | Memory resource requests | `256Mi` | -| `resources.limits.memory` | Memory resource limits | `4096Mi` | -| `image.repository` | Image registry/name | `docker.io/komodorio/k8s-watcher` | -| `image.tag` | Image tag | `0.1.10` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `serviceAccount.create` | Creates a service account | `true` | -| `serviceAccount.name` | Optional name for the service account | `{RELEASE_FULLNAME}` | -| `proxy.enabled` | Configure proxy for watcher | `true` | -| `proxy.http` | Configure Proxy setting (HTTP_PROXY) | `` | -| `proxy.https` | Configure Proxy setting (HTTPS_PROXY) | `` | -| `proxy.no_proxy` | Configure Proxy setting (NO_PROXY) | `` | -| `watcher.controller.resync.period` | Resync period (in minutes, minimum 5) to resync the state of selected controllers (deployment, daemonset, statefulset) | `"0"` | -| `watcher.enableAgentTaskExecution` | Enable to the agent to execute tasks in the cluster such as log streaming | `true` | -| `watcher.allowReadingPodLogs`. | Enable the agent to read pod logs from the cluster | `true` | -| `createNamespace` | Creates the namespace | `true` | -| `podAnnotations` | Adds custom annotations on the agent pod - Example: `--set podAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` | -| `deploymentAnnotations` | Adds custom annotations on the agent deployment - Example: `--set deploymentAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` | - -The above parameters map to a yaml configuration file used by the watcher. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm upgrade --install k8s-watcher komodorio/k8s-watcher --set apiKey="YOUR_API_KEY_HERE" --set watcher.enableAgentTaskExecution=true --set watcher.allowReadingPodLogs=true -``` - -Alternativly, you can pass the configuration as environment variables using the `KOMOKW_` prefix and by replacing all the `.` to `_`, for the root items the camelcase transforms into underscores as well. For example, - -```bash -# apiKey -KOMOKW_API_KEY=1a2b3c4d5e6f7g7h -# watcher.resources.replicaSet -KOMOKW_RESOURCES_REPLICASET=false - -# watcher.watchNamespace -KOMOKW_WATCH_NAMESPACE=my-namespace -# watcher.collectHistory -KOMOKW_COLLECT_HISTORY=true -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/komodor/k8s-watcher/app-readme.md b/charts/komodor/k8s-watcher/app-readme.md deleted file mode 100644 index 2d07b55dc..000000000 --- a/charts/komodor/k8s-watcher/app-readme.md +++ /dev/null @@ -1,136 +0,0 @@ -# Komodor - -Komodor is a Kubernetes reliability platform, complete with automated troubleshooting playbooks for every K8s resource, and static-prevention monitors that enrich live & historical data with contextual insights to help enforce best practices and stop incidents in their tracks. - -For each K8s resource, Komodor automatically constructs a coherent view, including the relevant deploys, config changes, dependencies, metrics, and past incidents. Komodor seamlessly integrates and utilizes data from cloud providers, source controls, CI/CD pipelines, monitoring tools, and incident response platforms. - -- Discover the root cause automatically with a timeline that tracks all changes made in your application and infrastructure. -- Quickly tackle the issue, with easy-to-follow remediation instructions. -- Give your entire team a way to troubleshoot independently, without having to escalate. - -## Prerequisites - -- Kubernetes 1.16+ -- Helm 2/3 - -## Komodor Installation - -1. Sign up to [Komodor](https://auth.komodor.com/u/signup/identifier?state=hKFo2SB0WVMtMUJtcndaU0JKSEQ1XzNBd1JGbGJBeTcwdld0d6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFNDUktFX0xRRmZ3c3VWRENmaDNBclBzYmtJNHZsRWJpo2NpZNkgbGJvcFI3NHpIZDcyWU9INEFjdmpWbkt0TTZCcld6WjQ) and verify your email address. -2. Go to [app.komodor.com](https://app.komodor.com) and click on ‘Add a Kubernetes Cluster’ to Install the k8s-watcher Agent on any of your clusters -3. Enter your cluster’s name like so:\ - ![cluster-name](https://assets-komodor-public.s3.amazonaws.com/k8s_install_step_1.png) -4. After entering the cluster name you will receive a command similar to this:\ - ![helm-command](https://assets-komodor-public.s3.amazonaws.com/k8s_install_step_2.png) -5. Copy the API key from the command output you’ve received, and paste it in the appropriate field when prompted to by the Rancher installer - -The following table lists the configurable parameters of the chart and their default values. - -| Parameter | Description | Default | -| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | -| `apiKey` | Komodor kubernetes api key (required if `existingSecret` not specified) | `` | -| `existingSecret` | Existing kubernetes secret resource containing Komodor kubernetes apiKey (required if `apiKey` not specified) | `` | -| `watcher.redact` | List of regular expressions. Config values for keys that matches one of these expressions will show up at Komodor as "REDACTED:\" | `[]` | -| `watcher.clusterName` | Override auto-discovery of Cluster Name with one of your choosing | `` | -| `watcher.watchNamespace` | Watch a specific namespace, or all namespaces ("", "all") | `all` | -| `watcher.namespacesDenylist` | Exclude specific namespaces (list) | `[]` | -| `watcher.nameDenylist` | Exclude specific resource names that contains any of these strings (list) - example: `` watcher.nameDenylist=["dont-watch"] --> `pod/backend-dont-watch` wont be collected `` | `[]` | -| `watcher.collectHistory` | On startup collect existing cluster resources in addition to watching new resources (true / false) | `true` | -| `watcher.sinks.webhook.enabled` | Enables a Webhook output | `true` | -| `watcher.sinks.webhook.url` | URL to send webhooks to | `https://app.komodor.io/k8s-events/event/` | -| `watcher.sinks.webhook.headers` | Headers to attach to the webhooks | `{}` | -| `watcher.resources.event` | Enables watching Event | `true` | -| `watcher.resources.deployment` | Enables watching Deployments | `true` | -| `watcher.resources.replicationController` | Enables watching ReplicationControllers | `true` | -| `watcher.resources.replicaSet` | Enables watching ReplicaSets | `true` | -| `watcher.resources.daemonSet` | Enables watching DaemonSets | `true` | -| `watcher.resources.statefulSet` | Enables watching StatefulSets | `true` | -| `watcher.resources.service` | Enables watching Services | `true` | -| `watcher.resources.pod` | Enables watching Pods | `true` | -| `watcher.resources.job` | Enables watching Jobs | `true` | -| `watcher.resources.node` | Enables watching Nodes | `true` | -| `watcher.resources.clusterRole` | Enables watching ClusterRoles | `true` | -| `watcher.resources.serviceAccount` | Enables watching ServiceAccounts | `true` | -| `watcher.resources.persistentVolume` | Enables watching PersistentVolumes | `true` | -| `watcher.resources.persistentVolumeClaim` | Enables watching PersistentVolumeClaims | `true` | -| `watcher.resources.namespace` | Enables watching Namespaces | `true` | -| `watcher.resources.secret` | Enables watching Secrets | `false` | -| `watcher.resources.configMap` | Enables watching ConfigMaps | `true` | -| `watcher.resources.ingress` | Enables watching Ingresses | `true` | -| `watcher.resources.storageClass` | Enables watching StorageClasses | `true` | -| `watcher.resources.rollout` | Enables watching Argo Rollouts | `true` | -| `watcher.resources.metrics` | Enables watching Metrics | `true` | -| `watcher.resources.limitRange` | Enables watching LimitRange | `true` | -| `watcher.resources.podTemplate` | Enables watching PodTemplate | `true` | -| `watcher.resources.resourceQuota` | Enables watching ResourceQuota | `true` | -| `watcher.resources.admissionRegistrationResources` | Enables watching MutatingWebhookConfigurations and ValidatingWebhookConfigurations | `true` | -| `watcher.resources.controllerRevision` | Enables watching ControllerRevision | `true` | -| `watcher.resources.authorizationResources` | Enables watching Authorization Resources | `true` | -| `watcher.resources.horizontalPodAutoscaler` | Enables watching HorizontalPodAutoscaler | `true` | -| `watcher.resources.certificateSigningRequest` | Enables watching CertificateSigningRequest | `true` | -| `watcher.resources.lease` | Enables watching Lease | `true` | -| `watcher.resources.endpointSlice` | Enables watching EndpointSlice | `true` | -| `watcher.resources.flowControlResources` | Enables watching FlowControl Resources | `true` | -| `watcher.resources.ingressClass` | Enables watching IngressClass | `true` | -| `watcher.resources.networkPolicy` | Enables watching NetworkPolicy | `true` | -| `watcher.resources.runtimeClass` | Enables watching RuntimeClass | `true` | -| `watcher.resources.policyResources` | Enables watching Policy Resources | `true` | -| `watcher.resources.clusterRoleBinding` | Enables watching ClusterRoleBinding | `true` | -| `watcher.resources.roleBinding` | Enables watching RoleBinding | `true` | -| `watcher.resources.role` | Enables watching Role | `true` | -| `watcher.resources.PriorityClass` | Enables watching PriorityClass | `true` | -| `watcher.resources.csiDriver` | Enables watching CSIDriver | `true` | -| `watcher.resources.csiNode` | Enables watching CSINode | `true` | -| `watcher.resources.csiStorageCapacity ` | Enables watching CSIStorageCapacity | `true` | -| `watcher.resources.volumeAttachment` | Enables watching VolumeAttachment | `true` | -| `watcher.servers.healthCheck.port` | Port of the health check | -| server | `8090` | -| `resources.requests.cpu` | CPU resource requests | `0.25` | -| `resources.limits.cpu` | CPU resource limits | `1` | -| `resources.requests.memory` | Memory resource requests | `256Mi` | -| `resources.limits.memory` | Memory resource limits | `4096Mi` | -| `image.repository` | Image registry/name | `docker.io/komodorio/k8s-watcher` | -| `image.tag` | Image tag | `0.1.10` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `serviceAccount.create` | Creates a service account | `true` | -| `serviceAccount.name` | Optional name for the service account | `{RELEASE_FULLNAME}` | -| `proxy.enabled` | Configure proxy for watcher | `true` | -| `proxy.http` | Configure Proxy setting (HTTP_PROXY) | `` | -| `proxy.https` | Configure Proxy setting (HTTPS_PROXY) | `` | -| `proxy.no_proxy` | Configure Proxy setting (NO_PROXY) | `` | -| `watcher.controller.resync.period` | Resync period (in minutes, minimum 5) to resync the state of selected controllers (deployment, daemonset, statefulset) | `"0"` | -| `watcher.enableAgentTaskExecution` | Enable to the agent to execute tasks in the cluster such as log streaming | `true` | -| `watcher.allowReadingPodLogs`. | Enable the agent to read pod logs from the cluster | `true` | -| `createNamespace` | Creates the namespace | `true` | -| `podAnnotations` | Adds custom annotations on the agent pod - Example: `--set podAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` | -| `deploymentAnnotations` | Adds custom annotations on the agent deployment - Example: `--set deploymentAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` | - -The above parameters map to a yaml configuration file used by the watcher. -Specify each parameter using the --set key=value[,key=value] argument to helm install.\ -For example: -helm upgrade --install k8s-watcher komodorio/k8s-watcher --set apiKey="YOUR*API_KEY_HERE" --set watcher.enableAgentTaskExecution=true --set watcher.allowReadingPodLogs=true -Alternativly, you can pass the configuration as environment variables using the KOMOKW* prefix and by replacing all the ׳.׳ to ׳\_׳. For the root items the camelcase transforms into underscores as well.\ -For example: -\# apiKey -KOMOKW_API_KEY=1a2b3c4d5e6f7g7h -\# watcher.resources.replicaSet -KOMOKW_RESOURCES_REPLICASET=false -\# watcher.watchNamespace -KOMOKW_WATCH_NAMESPACE=my-namespace -\# watcher.collectHistory -KOMOKW_COLLECT_HISTORY=true - -Tip: You can use the default values.yaml - -## Updating the Agent using Helm - -helm repo update -helm upgrade --install k8s-watcher komodorio/k8s-watcher --reuse-values - -## Uninstalling Komodor - -helm uninstall k8s-watcher - -## External Links - -- [Documentation](https://docs.komodor.com/) -- [Sandbox](https://app.komodor.com/sandbox) diff --git a/charts/komodor/k8s-watcher/questions.yaml b/charts/komodor/k8s-watcher/questions.yaml deleted file mode 100644 index d4b238d80..000000000 --- a/charts/komodor/k8s-watcher/questions.yaml +++ /dev/null @@ -1,9 +0,0 @@ -questions: - - variable: apiKey - required: true - type: string - label: API Key - - variable: watcher.clusterName - type: string - required: true - label: Cluster name diff --git a/charts/komodor/k8s-watcher/templates/NOTES.txt b/charts/komodor/k8s-watcher/templates/NOTES.txt deleted file mode 100644 index 408107198..000000000 --- a/charts/komodor/k8s-watcher/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -The watcher was installed on namespace: {{ default "default" .Values.namespace }} - -Visit our site at: -https://app.komodor.com - -To learn more about Komodor please visit: -https://docs.komodor.com \ No newline at end of file diff --git a/charts/komodor/k8s-watcher/templates/_helpers.tpl b/charts/komodor/k8s-watcher/templates/_helpers.tpl deleted file mode 100644 index 657ae3937..000000000 --- a/charts/komodor/k8s-watcher/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "k8s-watcher.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "k8s-watcher.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "k8s-watcher.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "k8s-watcher.labels" -}} -helm.sh/chart: {{ include "k8s-watcher.chart" . }} -{{ include "k8s-watcher.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "k8s-watcher.selectorLabels" -}} -app.kubernetes.io/name: {{ include "k8s-watcher.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "k8s-watcher.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "k8s-watcher.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/komodor/k8s-watcher/templates/_proxy_conf.tpl b/charts/komodor/k8s-watcher/templates/_proxy_conf.tpl deleted file mode 100644 index aa2b090ef..000000000 --- a/charts/komodor/k8s-watcher/templates/_proxy_conf.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{- define "k8s-watcher.proxy-conf" -}} -{{- if .Values.proxy.enabled }} -{{- if .Values.proxy.http }} - - name: HTTP_PROXY - value: {{ .Values.proxy.http }} -{{- end }} -{{- if .Values.proxy.https }} - - name: HTTPS_PROXY - value: {{ .Values.proxy.https }} -{{- end }} -{{- if .Values.proxy.no_proxy }} - - name: NO_PROXY - value: {{ .Values.proxy.no_proxy }} -{{- end }} -{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/komodor/k8s-watcher/templates/clusterrole.yaml b/charts/komodor/k8s-watcher/templates/clusterrole.yaml deleted file mode 100644 index 54158ab07..000000000 --- a/charts/komodor/k8s-watcher/templates/clusterrole.yaml +++ /dev/null @@ -1,328 +0,0 @@ ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "k8s-watcher.serviceAccountName" . }} - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} -rules: - - apiGroups: - - "" - resources: -{{- if .Values.watcher.resources.event }} - - events -{{- end }} -{{- if .Values.watcher.resources.pod }} - - pods -{{- end }} -{{- if .Values.watcher.resources.replicationController }} - - replicationcontrollers -{{- end }} -{{- if .Values.watcher.resources.service }} - - services -{{- end }} -{{- if .Values.watcher.resources.namespace }} - - namespaces -{{- end }} -{{- if .Values.watcher.resources.configMap }} - - configmaps -{{- end }} -{{- if .Values.watcher.resources.node }} - - nodes -{{- end }} -{{- if .Values.watcher.resources.persistentVolume }} - - persistentvolumes -{{- end }} -{{- if .Values.watcher.resources.persistentVolumeClaim }} - - persistentvolumeclaims -{{- end }} -{{- if .Values.watcher.resources.serviceAccount }} - - serviceaccounts -{{- end }} -{{- if .Values.watcher.resources.secret }} - - secrets -{{- end }} -{{- if .Values.watcher.resources.endpoints }} - - endpoints -{{- end }} -{{- if .Values.watcher.resources.limitRange }} - - limitranges -{{- end }} -{{- if .Values.watcher.resources.podTemplate }} - - podtemplates -{{- end }} -{{- if .Values.watcher.resources.resourceQuota }} - - resourcequotas -{{- end }} - verbs: - - get - - watch - - list - - apiGroups: - - rbac - - rbac.authorization.k8s.io - resources: - - clusterroles -{{- if .Values.watcher.resources.clusterRoleBinding }} - - clusterrolebindings -{{- end }} -{{- if .Values.watcher.resources.roleBinding }} - - rolebindings -{{- end }} -{{- if .Values.watcher.resources.role }} - - roles -{{- end }} - verbs: - - get - - watch - - list - - apiGroups: # Required as minimum installation - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets -{{- if .Values.watcher.resources.controllerRevision }} - - controllerrevisions -{{- end }} - verbs: - - get - - watch - - list - - apiGroups: - - batch - resources: -{{- if .Values.watcher.resources.job }} - - jobs -{{- end }} -{{- if .Values.watcher.resources.cronjob }} - - cronjobs -{{- end }} - verbs: - - get - - watch - - list - - apiGroups: - - extensions - resources: -{{- if .Values.watcher.resources.ingress }} - - ingresses -{{- end }} -{{- if .Values.watcher.resources.networkPolicy }} - - networkpolicies -{{- end }} -{{- if .Values.watcher.resources.ingressClass }} - - ingressclasses -{{- end }} - verbs: - - get - - watch - - list - - apiGroups: - - networking.k8s.io - resources: -{{- if .Values.watcher.resources.ingress }} - - ingresses -{{- end }} -{{- if .Values.watcher.resources.ingressClass }} - - ingressclasses -{{- end }} -{{- if .Values.watcher.resources.networkPolicy }} - - networkpolicies -{{- end }} - verbs: - - get - - watch - - list -{{- if .Values.watcher.enableAgentTaskExecution }} - - apiGroups: - - "" - resources: - - pods -{{- if .Values.watcher.allowReadingPodLogs }} - - pods/log -{{- end }} - verbs: - - "get" - - "list" -{{- end }} - - apiGroups: - - storage.k8s.io - resources: -{{- if .Values.watcher.resources.storageClass }} - - storageclasses -{{- end }} -{{- if .Values.watcher.resources.csiDriver }} - - csidrivers -{{- end }} -{{- if .Values.watcher.resources.csiNode }} - - csinodes -{{- end }} -{{- if .Values.watcher.resources.csiStorageCapacity }} - - csistoragecapacities -{{- end }} -{{- if .Values.watcher.resources.volumeAttachment }} - - volumeattachments -{{- end }} - verbs: - - get - - watch - - list - # Required to validate if enabled CRDs are enabled on cluster - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - watch - - list -{{- if .Values.watcher.resources.rollout }} - - apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/status - - rollouts/finalizers - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.metrics }} - - apiGroups: - - metrics.k8s.io - resources: - - nodes - - pods - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.admissionRegistrationResources }} - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.authorizationResources }} - - apiGroups: - - authorization.k8s.io - resources: - - localsubjectaccessreviews - - selfsubjectaccessreviews - - selfsubjectrulesreviews - - subjectaccessreviews - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.horizontalPodAutoscaler }} - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.certificateSigningRequest }} - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.lease }} - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.endpointSlice }} - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.flowControlResources }} - - apiGroups: - - flowcontrol.apiserver.k8s.io - resources: - - flowschemas - - prioritylevelconfigurations - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.runtimeClass }} - - apiGroups: - - node.k8s.io - resources: - - runtimeclasses - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.policyResources }} - - apiGroups: - - policy - resources: - - poddisruptionbudgets - - podsecuritypolicies - verbs: - - get - - watch - - list -{{- end }} -{{- if .Values.watcher.resources.priorityClass }} - - apiGroups: - - scheduling.k8s.io - resources: - - priorityclasses - verbs: - - get - - watch - - list -{{- end }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "k8s-watcher.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "k8s-watcher.serviceAccountName" . }} -subjects: - - kind: ServiceAccount - name: {{ include "k8s-watcher.serviceAccountName" . }} - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} diff --git a/charts/komodor/k8s-watcher/templates/configmap.yaml b/charts/komodor/k8s-watcher/templates/configmap.yaml deleted file mode 100644 index 973d94458..000000000 --- a/charts/komodor/k8s-watcher/templates/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "k8s-watcher.name" . }}-config - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} -data: - komodor-k8s-watcher.yaml: | -{{ toYaml .Values.watcher | indent 4 }} \ No newline at end of file diff --git a/charts/komodor/k8s-watcher/templates/deployment.yaml b/charts/komodor/k8s-watcher/templates/deployment.yaml deleted file mode 100644 index 0b69ff2d0..000000000 --- a/charts/komodor/k8s-watcher/templates/deployment.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "k8s-watcher.fullname" . }} - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} - labels: - {{- include "k8s-watcher.labels" . | nindent 4 }} - {{- with .Values.deploymentAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - strategy: - rollingUpdate: - maxUnavailable: 0 - maxSurge: 1 - selector: - matchLabels: - {{- include "k8s-watcher.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "k8s-watcher.selectorLabels" . | nindent 8 }} - spec: - priorityClassName: system-cluster-critical - serviceAccountName: {{ include "k8s-watcher.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: configuration - mountPath: /etc/komodor -{{- if .Values.enableMemLimitChecks }} - - name: podinfo - mountPath: /etc/podinfo -{{- end }} - env: - - name: KOMOKW_API_KEY - valueFrom: - secretKeyRef: -{{- if .Values.existingSecret }} - name: {{ .Values.existingSecret | required "Existing secret name required!" }} - key: apiKey -{{- else }} - name: {{ include "k8s-watcher.name" . }}-secret - key: apiKey -{{- end }} -{{- include "k8s-watcher.proxy-conf" . }} - ports: - - name: http-healthz - containerPort: {{ .Values.watcher.servers.healthCheck.port | default 8090 }} - livenessProbe: - httpGet: - path: /healthz - port: http-healthz - periodSeconds: 60 - initialDelaySeconds: 15 - failureThreshold: 10 - successThreshold: 1 - readinessProbe: - httpGet: - path: /healthz - port: http-healthz - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - volumes: - - name: configuration - configMap: - name: {{ include "k8s-watcher.name" . }}-config - items: - - key: komodor-k8s-watcher.yaml - path: komodor-k8s-watcher.yaml -{{- if .Values.enableMemLimitChecks }} - - name: podinfo - downwardAPI: - items: - - path: "mem_limit" - resourceFieldRef: - containerName: {{ .Chart.Name }} - resource: limits.memory - divisor: 1Mi -{{- end }} \ No newline at end of file diff --git a/charts/komodor/k8s-watcher/templates/namespace.yaml b/charts/komodor/k8s-watcher/templates/namespace.yaml deleted file mode 100644 index 372e47d95..000000000 --- a/charts/komodor/k8s-watcher/templates/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if hasKey .Values "namespace" }} -{{- if .Values.createNamespace }} -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.namespace }} -{{- end }} -{{- end }} diff --git a/charts/komodor/k8s-watcher/templates/resourcequota.yaml b/charts/komodor/k8s-watcher/templates/resourcequota.yaml deleted file mode 100644 index 94a018448..000000000 --- a/charts/komodor/k8s-watcher/templates/resourcequota.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ResourceQuota -metadata: - labels: - app: komodor - name: komodor-critical-pods - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end}} -spec: - hard: - pods: 2 - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-cluster-critical diff --git a/charts/komodor/k8s-watcher/templates/secret-credentials.yaml b/charts/komodor/k8s-watcher/templates/secret-credentials.yaml deleted file mode 100644 index 9ceb34e6c..000000000 --- a/charts/komodor/k8s-watcher/templates/secret-credentials.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "k8s-watcher.name" . }}-secret - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} -type: Opaque -data: - apiKey: {{ .Values.apiKey | required "apiKey is a required value!" | b64enc }} -{{- end }} diff --git a/charts/komodor/k8s-watcher/templates/serviceaccount.yaml b/charts/komodor/k8s-watcher/templates/serviceaccount.yaml deleted file mode 100644 index 8559f4c83..000000000 --- a/charts/komodor/k8s-watcher/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "k8s-watcher.serviceAccountName" . }} - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} - labels: - {{- include "k8s-watcher.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/komodor/k8s-watcher/values.yaml b/charts/komodor/k8s-watcher/values.yaml deleted file mode 100644 index 858dfb798..000000000 --- a/charts/komodor/k8s-watcher/values.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# ReplicaCount should always be 1 - We do not properly support syncing state (yet) so it will cause the same events to be sent and overload the server. -replicaCount: 1 -image: - repository: komodorio/k8s-watcher - pullPolicy: IfNotPresent - -namespace: komodor -createNamespace: true - -# enableMemLimitChecks will use downward API to tell the pod what is the allocated memory -# when the allocated memory is almost full the agent will stop receiving new events -# the process resumes once there is free memory to use -enableMemLimitChecks: true - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # name: "" - -proxy: - enabled: false - http: "" - https: "" - no_proxy: "" - -resources: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 0.25 - memory: 256Mi - -deploymentAnnotations: {} -podAnnotations: {} - -existingSecret: "" - -apiKey: "" - -watcher: - enableAgentTaskExecution: true - allowReadingPodLogs: true - # clusterName: "" - servers: - healthCheck: {} - collectHistory: true - watchNamespace: all - namespacesDenylist: [] - nameDenylist: [] - redact: [] - resources: - event: true - deployment: true - replicationController: true - replicaSet: true - daemonSet: true - statefulSet: true - service: true - pod: true - job: true - cronjob: true - node: true - clusterRole: true - serviceAccount: true - persistentVolume: true - persistentVolumeClaim: true - namespace: true - secret: false - configMap: true - ingress: true - endpoints: true - storageClass: true - rollout: true - metrics: true - limitRange: true - podTemplate: true - resourceQuota: true - admissionRegistrationResources: true - controllerRevision: true - authorizationResources: true - horizontalPodAutoscaler: true - certificateSigningRequest: true - lease: true - endpointSlice: true - flowControlResources: true - ingressClass: true - networkPolicy: true - runtimeClass: true - policyResources: true - clusterRoleBinding: true - roleBinding: true - role: true - priorityClass: true - csiDriver: true - csiNode: true - csiStorageCapacity: true - volumeAttachment: true - controller: - resync: - period: "0" diff --git a/index.yaml b/index.yaml index 5fac78626..ad9a99250 100644 --- a/index.yaml +++ b/index.yaml @@ -2052,39 +2052,6 @@ entries: urls: - assets/bitnami/airflow-13.1.7.tgz version: 13.1.7 - ambassador: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Ambassador Edge Stack - catalog.cattle.io/release-name: ambassador - apiVersion: v1 - appVersion: 1.13.8 - created: "2021-06-23T17:44:55.380609-07:00" - description: A Helm chart for Datawire Ambassador - digest: f56e602f017a6e48d2838033b31ce356a47db561fcd9c02e008d06b67be95b90 - home: https://www.getambassador.io/ - icon: https://www.getambassador.io/images/logo.png - keywords: - - api gateway - - ambassador - - datawire - - envoy - maintainers: - - email: markus@maga.se - name: flydiverny - - email: flynn@datawire.io - name: kflynn - - email: nkrause@datawire.io - name: nbkrause - - email: lukeshu@datawire.io - name: lukeshu - name: ambassador - sources: - - https://github.com/datawire/ambassador - - https://github.com/prometheus/statsd_exporter - urls: - - assets/ambassador/ambassador-6.7.1100.tgz - version: 6.7.1100 amd-gpu: - annotations: catalog.cattle.io/certified: partner @@ -29728,22 +29695,6 @@ entries: urls: - assets/trilio/k8s-triliovault-operator-v2.0.200.tgz version: v2.0.200 - k8s-watcher: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Komodor Agent - catalog.cattle.io/release-name: komodor-agent - apiVersion: v1 - appVersion: 0.1.99 - created: "2022-07-17T15:14:44.435499+03:00" - description: Watches and send kubernetes resource-related events - digest: 51cc5197ba9243cbd05253e5a3612293cc4ed7e832c164f77d525e1dc4bc7bfa - icon: https://partner-charts.rancher.io/assets/logos/komodor.png - kubeVersion: 1.16-0 - 1.21-0 - name: k8s-watcher - urls: - - assets/komodor/k8s-watcher-0.10.1101.tgz - version: 0.10.1101 k10: - annotations: catalog.cattle.io/certified: partner diff --git a/packages/ambassador/generated-changes/overlay/app-readme.md b/packages/ambassador/generated-changes/overlay/app-readme.md deleted file mode 100644 index d2ef7356e..000000000 --- a/packages/ambassador/generated-changes/overlay/app-readme.md +++ /dev/null @@ -1,13 +0,0 @@ -# Ambassador Edge Stack and Emissary Ingress Chart - -[Ambassador Edge Stack](https://www.getambassador.io/products/edge-stack/) and its open source CNCF counterpart [Emissary-Ingress](https://www.getambassador.io/products/api-gateway/) are Kubernetes native, high-performance Ingress controllers designed with GitOps workflows and developer experience in mind. The Edge Stack allows users to manage [Authentication](https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/), [Rate Limits](https://www.getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/), [TLS](https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/) and more with easy-to-use resources for [managing your APIs](https://www.getambassador.io/docs/edge-stack/latest/topics/using/intro-mappings/). - -## Service Catalog - -The default installation of Ambassador Edge Stack includes the deployment needed to get started with [Service Catalog](https://www.getambassador.io/products/service-catalog/) and the [Developer Control Plane](https://www.getambassador.io/developer-control-plane/). Simply generate your [Cloud Token](https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/#1-connect-your-cluster-to-ambassador-cloud) and add it in the Service Catalog section as you're setting up the chart. - -## More Info - -Visit the [Quick Start](https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/) page for more instructions, or check out our [documentation](https://www.getambassador.io/docs/edge-stack). For any questions, or to join the community, visit our [Slack](https://a8r.io/slack) and say hi! - -* Ambassador recommends a Kubernetes version of 1.16 or higher. diff --git a/packages/ambassador/generated-changes/overlay/questions.yml b/packages/ambassador/generated-changes/overlay/questions.yml deleted file mode 100644 index bf13b9471..000000000 --- a/packages/ambassador/generated-changes/overlay/questions.yml +++ /dev/null @@ -1,84 +0,0 @@ -questions: -### CRD Management -- variable: crds.enabled - label: Create CRDs - description: "Should Ambassador Edge Stack create and manage its CRD's?" - type: boolean - required: false - default: "true" - group: "CRD Management" -- variable: crds.keep - label: Keep CRDs - description: "Should Ambassador Edge Stack keep CRD's when the chart is uninstalled?" - type: boolean - required: false - default: "true" - group: "CRD Management" - show_if: "crds.enabled=true" - -### Deployment Management -- variable: daemonSet - label: Deploy as Daemonset - description: "Deploy Ambassador Edge Stack as a Daemonset? (Recommended: false)" - type: boolean - required: false - default: "true" - group: "Deployment Settings" -- variable: replicaCount - label: Replica Count - description: "How many replicas should Ambassador Edge Stack run? (Recommended: 3)" - type: int - required: false - default: "3" - group: "Deployment Settings" - min: 1 - max: 999 - show_if: "daemonSet=false" - -### Service Settings -- variable: service.type - label: Service Type - description: "Set the type of service, LoadBalancer (recommended), NodePort, or ClusterIP" - type: enum - required: false - default: "LoadBalancer" - group: "Service Settings" - options: - - "LoadBalancer" - - "ClusterIP" - - "NodePort" - -### Licensing -- variable: licenseKey.createSecret - label: "Create License Key Secret" - description: "Creates the license key secret using the License Key Data." - type: boolean - required: false - default: "true" - group: "License Settings" -- variable: licenseKey.value - label: "License Key Data" - description: "Specifies the license key to apply." - type: secret - required: false - default: "" - group: "License Settings" - show_if: "licenseKey.createSecret=true" - -### Service Catalog -- variable: agent.enabled - label: "Enable Service Catalog" - description: "Enables the Service Catalog agent for use at https://app.getambassador.io." - type: boolean - required: false - default: "true" - group: "Service Catalog" -- variable: agent.cloudConnectionToken - label: "Cloud Connection Token" - description: "Specifies the Token used to register a Cluster with the Service Catalog." - type: secret - required: false - default: "" - group: "Service Catalog" - show_if: "agent.enabled=true" - \ No newline at end of file diff --git a/packages/ambassador/generated-changes/patch/Chart.yaml.patch b/packages/ambassador/generated-changes/patch/Chart.yaml.patch deleted file mode 100644 index 280e0a054..000000000 --- a/packages/ambassador/generated-changes/patch/Chart.yaml.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- charts-original/Chart.yaml -+++ charts/Chart.yaml -@@ -1,3 +1,7 @@ -+annotations: -+ catalog.cattle.io/certified: partner -+ catalog.cattle.io/release-name: ambassador -+ catalog.cattle.io/display-name: Ambassador Edge Stack - apiVersion: v1 - appVersion: 1.13.8 - description: A Helm chart for Datawire Ambassador diff --git a/packages/ambassador/package.yaml b/packages/ambassador/package.yaml deleted file mode 100644 index b13d65e00..000000000 --- a/packages/ambassador/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: https://datawire-static-files.s3.amazonaws.com/charts/ambassador-6.7.11.tgz -packageVersion: 00 \ No newline at end of file diff --git a/packages/komodor/generated-changes/overlay/app-readme.md b/packages/komodor/generated-changes/overlay/app-readme.md deleted file mode 100644 index 2d07b55dc..000000000 --- a/packages/komodor/generated-changes/overlay/app-readme.md +++ /dev/null @@ -1,136 +0,0 @@ -# Komodor - -Komodor is a Kubernetes reliability platform, complete with automated troubleshooting playbooks for every K8s resource, and static-prevention monitors that enrich live & historical data with contextual insights to help enforce best practices and stop incidents in their tracks. - -For each K8s resource, Komodor automatically constructs a coherent view, including the relevant deploys, config changes, dependencies, metrics, and past incidents. Komodor seamlessly integrates and utilizes data from cloud providers, source controls, CI/CD pipelines, monitoring tools, and incident response platforms. - -- Discover the root cause automatically with a timeline that tracks all changes made in your application and infrastructure. -- Quickly tackle the issue, with easy-to-follow remediation instructions. -- Give your entire team a way to troubleshoot independently, without having to escalate. - -## Prerequisites - -- Kubernetes 1.16+ -- Helm 2/3 - -## Komodor Installation - -1. Sign up to [Komodor](https://auth.komodor.com/u/signup/identifier?state=hKFo2SB0WVMtMUJtcndaU0JKSEQ1XzNBd1JGbGJBeTcwdld0d6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFNDUktFX0xRRmZ3c3VWRENmaDNBclBzYmtJNHZsRWJpo2NpZNkgbGJvcFI3NHpIZDcyWU9INEFjdmpWbkt0TTZCcld6WjQ) and verify your email address. -2. Go to [app.komodor.com](https://app.komodor.com) and click on ‘Add a Kubernetes Cluster’ to Install the k8s-watcher Agent on any of your clusters -3. Enter your cluster’s name like so:\ - ![cluster-name](https://assets-komodor-public.s3.amazonaws.com/k8s_install_step_1.png) -4. After entering the cluster name you will receive a command similar to this:\ - ![helm-command](https://assets-komodor-public.s3.amazonaws.com/k8s_install_step_2.png) -5. Copy the API key from the command output you’ve received, and paste it in the appropriate field when prompted to by the Rancher installer - -The following table lists the configurable parameters of the chart and their default values. - -| Parameter | Description | Default | -| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | -| `apiKey` | Komodor kubernetes api key (required if `existingSecret` not specified) | `` | -| `existingSecret` | Existing kubernetes secret resource containing Komodor kubernetes apiKey (required if `apiKey` not specified) | `` | -| `watcher.redact` | List of regular expressions. Config values for keys that matches one of these expressions will show up at Komodor as "REDACTED:\" | `[]` | -| `watcher.clusterName` | Override auto-discovery of Cluster Name with one of your choosing | `` | -| `watcher.watchNamespace` | Watch a specific namespace, or all namespaces ("", "all") | `all` | -| `watcher.namespacesDenylist` | Exclude specific namespaces (list) | `[]` | -| `watcher.nameDenylist` | Exclude specific resource names that contains any of these strings (list) - example: `` watcher.nameDenylist=["dont-watch"] --> `pod/backend-dont-watch` wont be collected `` | `[]` | -| `watcher.collectHistory` | On startup collect existing cluster resources in addition to watching new resources (true / false) | `true` | -| `watcher.sinks.webhook.enabled` | Enables a Webhook output | `true` | -| `watcher.sinks.webhook.url` | URL to send webhooks to | `https://app.komodor.io/k8s-events/event/` | -| `watcher.sinks.webhook.headers` | Headers to attach to the webhooks | `{}` | -| `watcher.resources.event` | Enables watching Event | `true` | -| `watcher.resources.deployment` | Enables watching Deployments | `true` | -| `watcher.resources.replicationController` | Enables watching ReplicationControllers | `true` | -| `watcher.resources.replicaSet` | Enables watching ReplicaSets | `true` | -| `watcher.resources.daemonSet` | Enables watching DaemonSets | `true` | -| `watcher.resources.statefulSet` | Enables watching StatefulSets | `true` | -| `watcher.resources.service` | Enables watching Services | `true` | -| `watcher.resources.pod` | Enables watching Pods | `true` | -| `watcher.resources.job` | Enables watching Jobs | `true` | -| `watcher.resources.node` | Enables watching Nodes | `true` | -| `watcher.resources.clusterRole` | Enables watching ClusterRoles | `true` | -| `watcher.resources.serviceAccount` | Enables watching ServiceAccounts | `true` | -| `watcher.resources.persistentVolume` | Enables watching PersistentVolumes | `true` | -| `watcher.resources.persistentVolumeClaim` | Enables watching PersistentVolumeClaims | `true` | -| `watcher.resources.namespace` | Enables watching Namespaces | `true` | -| `watcher.resources.secret` | Enables watching Secrets | `false` | -| `watcher.resources.configMap` | Enables watching ConfigMaps | `true` | -| `watcher.resources.ingress` | Enables watching Ingresses | `true` | -| `watcher.resources.storageClass` | Enables watching StorageClasses | `true` | -| `watcher.resources.rollout` | Enables watching Argo Rollouts | `true` | -| `watcher.resources.metrics` | Enables watching Metrics | `true` | -| `watcher.resources.limitRange` | Enables watching LimitRange | `true` | -| `watcher.resources.podTemplate` | Enables watching PodTemplate | `true` | -| `watcher.resources.resourceQuota` | Enables watching ResourceQuota | `true` | -| `watcher.resources.admissionRegistrationResources` | Enables watching MutatingWebhookConfigurations and ValidatingWebhookConfigurations | `true` | -| `watcher.resources.controllerRevision` | Enables watching ControllerRevision | `true` | -| `watcher.resources.authorizationResources` | Enables watching Authorization Resources | `true` | -| `watcher.resources.horizontalPodAutoscaler` | Enables watching HorizontalPodAutoscaler | `true` | -| `watcher.resources.certificateSigningRequest` | Enables watching CertificateSigningRequest | `true` | -| `watcher.resources.lease` | Enables watching Lease | `true` | -| `watcher.resources.endpointSlice` | Enables watching EndpointSlice | `true` | -| `watcher.resources.flowControlResources` | Enables watching FlowControl Resources | `true` | -| `watcher.resources.ingressClass` | Enables watching IngressClass | `true` | -| `watcher.resources.networkPolicy` | Enables watching NetworkPolicy | `true` | -| `watcher.resources.runtimeClass` | Enables watching RuntimeClass | `true` | -| `watcher.resources.policyResources` | Enables watching Policy Resources | `true` | -| `watcher.resources.clusterRoleBinding` | Enables watching ClusterRoleBinding | `true` | -| `watcher.resources.roleBinding` | Enables watching RoleBinding | `true` | -| `watcher.resources.role` | Enables watching Role | `true` | -| `watcher.resources.PriorityClass` | Enables watching PriorityClass | `true` | -| `watcher.resources.csiDriver` | Enables watching CSIDriver | `true` | -| `watcher.resources.csiNode` | Enables watching CSINode | `true` | -| `watcher.resources.csiStorageCapacity ` | Enables watching CSIStorageCapacity | `true` | -| `watcher.resources.volumeAttachment` | Enables watching VolumeAttachment | `true` | -| `watcher.servers.healthCheck.port` | Port of the health check | -| server | `8090` | -| `resources.requests.cpu` | CPU resource requests | `0.25` | -| `resources.limits.cpu` | CPU resource limits | `1` | -| `resources.requests.memory` | Memory resource requests | `256Mi` | -| `resources.limits.memory` | Memory resource limits | `4096Mi` | -| `image.repository` | Image registry/name | `docker.io/komodorio/k8s-watcher` | -| `image.tag` | Image tag | `0.1.10` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `serviceAccount.create` | Creates a service account | `true` | -| `serviceAccount.name` | Optional name for the service account | `{RELEASE_FULLNAME}` | -| `proxy.enabled` | Configure proxy for watcher | `true` | -| `proxy.http` | Configure Proxy setting (HTTP_PROXY) | `` | -| `proxy.https` | Configure Proxy setting (HTTPS_PROXY) | `` | -| `proxy.no_proxy` | Configure Proxy setting (NO_PROXY) | `` | -| `watcher.controller.resync.period` | Resync period (in minutes, minimum 5) to resync the state of selected controllers (deployment, daemonset, statefulset) | `"0"` | -| `watcher.enableAgentTaskExecution` | Enable to the agent to execute tasks in the cluster such as log streaming | `true` | -| `watcher.allowReadingPodLogs`. | Enable the agent to read pod logs from the cluster | `true` | -| `createNamespace` | Creates the namespace | `true` | -| `podAnnotations` | Adds custom annotations on the agent pod - Example: `--set podAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` | -| `deploymentAnnotations` | Adds custom annotations on the agent deployment - Example: `--set deploymentAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` | - -The above parameters map to a yaml configuration file used by the watcher. -Specify each parameter using the --set key=value[,key=value] argument to helm install.\ -For example: -helm upgrade --install k8s-watcher komodorio/k8s-watcher --set apiKey="YOUR*API_KEY_HERE" --set watcher.enableAgentTaskExecution=true --set watcher.allowReadingPodLogs=true -Alternativly, you can pass the configuration as environment variables using the KOMOKW* prefix and by replacing all the ׳.׳ to ׳\_׳. For the root items the camelcase transforms into underscores as well.\ -For example: -\# apiKey -KOMOKW_API_KEY=1a2b3c4d5e6f7g7h -\# watcher.resources.replicaSet -KOMOKW_RESOURCES_REPLICASET=false -\# watcher.watchNamespace -KOMOKW_WATCH_NAMESPACE=my-namespace -\# watcher.collectHistory -KOMOKW_COLLECT_HISTORY=true - -Tip: You can use the default values.yaml - -## Updating the Agent using Helm - -helm repo update -helm upgrade --install k8s-watcher komodorio/k8s-watcher --reuse-values - -## Uninstalling Komodor - -helm uninstall k8s-watcher - -## External Links - -- [Documentation](https://docs.komodor.com/) -- [Sandbox](https://app.komodor.com/sandbox) diff --git a/packages/komodor/generated-changes/overlay/questions.yaml b/packages/komodor/generated-changes/overlay/questions.yaml deleted file mode 100644 index d4b238d80..000000000 --- a/packages/komodor/generated-changes/overlay/questions.yaml +++ /dev/null @@ -1,9 +0,0 @@ -questions: - - variable: apiKey - required: true - type: string - label: API Key - - variable: watcher.clusterName - type: string - required: true - label: Cluster name diff --git a/packages/komodor/generated-changes/patch/Chart.yaml.patch b/packages/komodor/generated-changes/patch/Chart.yaml.patch deleted file mode 100644 index 88c3ef705..000000000 --- a/packages/komodor/generated-changes/patch/Chart.yaml.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- charts-original/Chart.yaml -+++ charts/Chart.yaml -@@ -1,6 +1,11 @@ - apiVersion: v1 - appVersion: 0.1.99 - description: Watches and send kubernetes resource-related events --icon: https://raw.githubusercontent.com/komodorio/helm-charts/master/placeholder-logo.png -+icon: https://partner-charts.rancher.io/assets/logos/komodor.png - name: k8s-watcher - version: 0.10.11 -+kubeVersion: '1.16-0 - 1.21-0' -+annotations: -+ catalog.cattle.io/certified: partner -+ catalog.cattle.io/release-name: komodor-agent -+ catalog.cattle.io/display-name: Komodor Agent diff --git a/packages/komodor/package.yaml b/packages/komodor/package.yaml deleted file mode 100644 index a93dffb7e..000000000 --- a/packages/komodor/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: https://github.com/komodorio/helm-charts/raw/gh-pages/k8s-watcher/k8s-watcher-0.10.11.tgz -packageVersion: 01