andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #553 from samuelattwood/main 

Release Partner Charts
pull/556/head
Samuel Attwood 2022-10-27 18:50:24 -04:00 committed by GitHub
parent 9d0ab3421a 0f070c289b
commit c0b8791c39
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17861 changed files with 206 additions and 2352719 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/argo/argo-cd-5.8.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-12.0.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-15.2.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/hashicorp/vault-0.22.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-2.2.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugabyte-2.14.3.tgz Normal file
View File

Binary file not shown.

3
charts/README.md
View File

@ -1,3 +0,0 @@
## Charts
This folder contains unarchived Helm charts that are served from partner-charts.rancher.io.

23
charts/ambassador/ambassador/6.7.1100/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
OWNERS

528
charts/ambassador/ambassador/6.7.1100/CHANGELOG.md
View File

@ -1,528 +0,0 @@
# Change Log
This file documents all notable changes to Ambassador Helm Chart. The release
numbering uses [semantic versioning](http://semver.org).
## Next Release
(no changes yet)
## v6.7.11
- Update Ambassador API Gateway chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
- Update Ambassador Edge Stack chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
- Bugfix: remove duplicate label key in ambassador-agent deployment
## v6.7.10
- Update Ambassador API Gateway chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
- Update Ambassador Edge Stack chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
## v6.7.9
- Update Ambassador chart image to version 1.13.6: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.8
- Update Ambassador chart image to version 1.13.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.7
- Bugfix: ambassador-injector and telepresence-proxy now use the correct default image repository
## v6.7.6
- Update Ambassador chart image to version 1.13.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Change: unless image.repository or image.fullImageOverride is explicitly set, the ambassador image used will be templated on .Values.enableAES. If AES is enabled, the chart will use docker.io/datawire/aes, otherwise will use docker.io/datawire/ambassador.
## v6.7.5
- Update Ambassador chart image to version v1.13.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.4
- Feature: The [Ambassador Module](https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/) can now be configured and managed by Helm
## v6.7.3
- Update Ambassador chart image to version v1.13.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.2
- Bugfix: Don't change the Role name when running in singleNamespace mode.
## v6.7.1
- Update Ambassador chart image to version v1.13.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.7.0
- Update Ambassador to version 1.13.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Ambassador Agent now available for API Gateway (https://app.getambassador.io)
- Feature: Add support for [pod toplology spread constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) via the `topologySpreadConstraints` helm value to the Ambassador deployment. (thanks, [@lawliet89](https://github.com/lawliet89)!)
- BugFix: Add missing `ambassador_id` for resolvers.
- Change: Ambassador ClusterRoles are now aggregated under the label `rbac.getambassador.io/role-group`. The aggregated role has the same name as the previous role name (so no need to update ClusterRoleBindings).
## v6.6.4
- Update Ambassador to version 1.12.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.6.3
- Update Ambassador to version 1.12.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.6.2
- Update Ambassador to version 1.12.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.6.1
- Fix metadata field in ConsulRevoler
- Make resolvers available to OSS
## v6.6.0
- Update Ambassador to version 1.12.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Apply Ambassador Agent deployment by default to enable Service Catalog reporting (https://app.getambassador.io)
## v6.5.22
- Bugfix: Disable the cloud agent by default. The agent will be enabled in 6.6.0.
- Bugfix: Adds a check to prevent the cloud agent from being installed if AES version is less than 1.12.0
## v6.5.21
- Update Ambassador to version 1.12.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Add support for the ambassador-agent, reporting to Service Catalog (https://app.getambassador.io)
- Feature: All services are automatically instrumented with discovery annotations.
## v6.5.20
- Update Ambassador to version v1.11.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.19
- Make all `livenessProbe` and `readinessProbe` configurations available to the values file
## v6.5.18
- Update Ambassador to version v1.11.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.17
- Update Ambassador to version v1.11.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Bugfix: Fix Mapping definition to correctly support labels in use.
## v6.5.16
- Bugfix: Ambassador CRD cleanup will now execute as expected.
## v6.5.15
- Bugfix: Ambassador RBAC now includes permissions for IngressClasses.
## v6.5.14
- Update for Ambassador v1.10.0
## v6.5.13
- Update for Ambassador v1.9.1
## v6.5.12
- Feature: Add ability to configure `terminationGracePeriodSeconds` for the Ambassador container
- Update for Ambassador v1.9.0
## v6.5.11
- Feature: add affinity and tolerations support for redis pods
## v6.5.10
- Update Ambassador to version 1.8.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.9
- Update Ambassador to version 1.8.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Bugfix: The RBAC for AES now grants permission to "patch" Events.v1.core. Previously it granted "create" but not "patch".
## v6.5.8
- Update Ambassador to version 1.7.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.7
- Update Ambassador to version 1.7.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- The BusyBox image image used by `test-ready` is now configurable (thanks, [Alan Silva](https://github.com/OmegaVVeapon)!)
## v6.5.6
- Update Ambassador to version 1.7.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Feature: Allow overriding the namespace for the release using the values file: [ambassador-chart/#122](https://github.com/datawire/ambassador-chart/pull/122)
## v6.5.5
- Allow hyphens in service annotations: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.4
- Upgrade Ambassador to version 1.7.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.3
- Upgrade Ambassador to version 1.7.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.2
- Feature: Add support for DaemonSet/Deployment labels: [ambassador-chart/#114](https://github.com/datawire/ambassador-chart/pull/114)
- Upgrade Ambassador to version 1.6.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.1
- Upgrade Ambassador to version 1.6.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.5.0
- Upgrade Ambassador to version 1.6.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.10
- Feature: Allow specifying annotations for the license-key-secret: [ambassador-chart/#106](https://github.com/datawire/ambassador-chart/issues/106)
- Feature: Annotation for keeping the AES secret on removal: [ambassador-chart/#110](https://github.com/datawire/ambassador-chart/issues/110)
- Fix: do not mount the secret if we do not want a secret: [ambassador-chart/#103](https://github.com/datawire/ambassador-chart/issues/103)
- Internal CI refactorings.
## v6.4.9
- BugFix: Cannot specify podSecurityPolicies: [ambassador-chart/#97](https://github.com/datawire/ambassador-chart/issues/97)
## v6.4.8
- Upgrade Ambassador to version 1.5.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.7
- BugFix: Registry service is now using the proper `app.kubernetes.io/name`
- BugFix: Restore ability to set `REDIS` env vars in `env` instead of `redisEnv`
- Feature: Add `envRaw` to support supplying raw yaml for environment variables. Deprecates `redisEnv`.
## v6.4.6
- Upgrade Ambassador to version 1.5.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- Added support setting external IPs for the ambassador service (thanks, [Jason Smith](https://github.com/jasons42)!)
## v6.4.5
- Upgrade Ambassador to version 1.5.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.4
- Feature flag for enabling or disabling the [`Project` registry](https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/)
- redisEnv for setting environment variables to control how Ambassador interacts with redis. See [redis environment](https://www.getambassador.io/docs/edge-stack/latest/topics/running/environment/#redis)
## v6.4.3
- Upgrade Ambassador to version 1.5.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.2
- Upgrade Ambassador to version 1.5.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.4.1
- BugFix: The `PodSecurityPolicy` should not be created by default since it is a cluster-wide resource that should only be created once.
If you would like to use the default `PodSecurityPolicy`, make sure to unset `security.podSecurityPolicy` it in all other releases.
## v6.4.0
- Upgrade Ambassador to version 1.5.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
- AuthService and RateLimitService are now installed in the same namespace as Ambassador.
- Changes RBAC permissions to better support single-namespace installations and detecting getambassador.io CRDs.
- Add option to install Service Preview components (traffic-manager, traffic-agent).
- Add option to install ambassador-injector, alongside Service Preview.
- Add additional security policy configurations.
`securityContext` has been deprecated in favor of `security` which allows you to set container and pod security contexts as well as a default `PodSecurityPolicy`.
## v6.3.6
- Switch from Quay.io to DockerHub
## v6.3.5
- Upgrade Ambassador to version 1.4.3: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.4
- Minor bug fixes
## v6.3.3
- Add extra labels to ServiceMonitor: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.2
- Upgrade Ambassador to version 1.4.2: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.1
- Upgrade Ambassador to version 1.4.1: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.3.0
- Adds: Option to create a ServiceMonitor for scraping via Prometheus Operator
## v6.2.5
- Upgrade Ambassador to version 1.4.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md)
## v6.2.4
- Fix typing so that Helm3 doesn't complain (thanks, [Fabrice Rabaute](https://github.com/jfrabaute)!)
## v6.2.3
- Upgrade Ambassador to version 1.3.2.
- Use explicit types for things like ports, so that things like `helm .. --set service.ports[0].port=80` will be integers instead of ending up as strings
## v6.2.2
- Upgrade Ambassador to version 1.3.1.
- Remove unnecessary `version` field from CRDs.
- Add static label to AES resources, to better support `edgectl install`
## v6.2.1
- Upgrade Ambassador to version 1.3.0.
## v6.2.0
- Add option to not create DevPortal routes
## v6.1.5
- Upgrade Ambassador to version 1.2.2.
## v6.1.4
- Upgrade from Ambassador 1.2.0 to 1.2.1.
## v6.1.3
- Upgrade from Ambassador 1.1.1 to 1.2.0.
## v6.1.2
- Upgrade from Ambassador 1.1.0 to 1.1.1.
## v6.1.1
Minor Improvements:
- Adds: Option to override the name of the RBAC resources
## v6.1.0
Minor improvements including:
- Adds: Option to set `restartPolicy`
- Adds: Option to give the AES license key secret a custom name
- Fixes: Assumption that the AES will be installed only from the `datawire/aes` repository. The `enableAES` flag now configures whether the AES is installed.
- Clarification on how to install OSS
## v6.0.0
Introduces Ambassador Edge Stack being installed by default.
### Breaking changes
Ambassador Pro support has been removed in 6.0.0. Please upgrade to the Ambassador Edge Stack.
## v5.0.0
### Breaking changes
**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified.
- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed
## v4.0.0
### Breaking Changes
- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core
- The license key is now stored and read from a Kubernetes secret by default
- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret.
### Minor Changes
- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance
- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/))
- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true`
- Fixed misnamed selector for redis instance that failed in an edge case
- Exposes annotations for redis deployment and service
## v3.0.0
### Breaking Changes
- The default annotation has been removed. The service port will be set dynamically to 8080 or 8443 for http and https respectively.
- `service.http`, `service.https`, and `additionalTCPPort` has been replaced with `service.ports`.
- `rbac.namespaced` has been removed. Use `scope.singleNamespace` instead.
### Minor Changes
- Ambassador Pro will pick up when `AMBASSADOR_ID` is set in `.Values.env` [[#15025]](https://github.com/helm/charts/issues/15025).
- `{{release name}}-admins` has been renamed to `{{release name}}-admin` to match YAML install templates
- RBAC configuration has been updated to allow for CRD use when `scope.singleNamespace: true`. [[ambassador/#1576]](https://github.com/datawire/ambassador/issues/1576)
- RBAC configuration now allows for multiple Ambassadors to use CRDs. Set `crds.enabled` in releases that expect CRDs [[ambassador/#1679]](https://github.com/datawire/ambassador/issues/1679)
## v2.6.0
### Minor Changes
- Add ambassador CRDs!
- Update ambassador to 0.70.0
## v2.5.1
### Minor Changes
- Update ambassador to 0.61.1
## v2.5.0
### Minor Changes
- Add support for autoscaling using HPA, see `autoscaling` values.
## v2.4.1
### Minor Changes
- Update ambassador to 0.61.0
## v2.4.0
### Minor Changes
- Allow configuring `hostNetwork` and `dnsPolicy`
## v2.3.1
### Minor Changes
- Adds HOST_IP environment variable
## v2.3.0
### Minor Changes
- Adds support for init containers using `initContainers` and pod labels `podLabels`
## v2.2.5
### Minor Changes
- Update ambassador to 0.60.3
## v2.2.4
### Minor Changes
- Add support for Ambassador PRO [see readme](https://github.com/helm/charts/blob/master/stable/ambassador/README.md#ambassador-pro)
## v2.2.3
### Minor Changes
- Update ambassador to 0.60.2
## v2.2.2
### Minor Changes
- Update ambassador to 0.60.1
## v2.2.1
### Minor Changes
- Fix RBAC for ambassador 0.60.0
## v2.2.0
### Minor Changes
- Update ambassador to 0.60.0
## v2.1.0
### Minor Changes
- Added `scope.singleNamespace` for configuring ambassador to run in single namespace
## v2.0.2
### Minor Changes
- Update ambassador to 0.53.1
## v2.0.1
### Minor Changes
- Update ambassador to 0.52.0
## v2.0.0
### Major Changes
- Removed `ambassador.id` and `namespace.single` in favor of setting environment variables.
## v1.1.5
### Minor Changes
- Update ambassador to 0.50.3
## v1.1.4
### Minor Changes
- support targetPort specification
## v1.1.3
### Minor Changes
- Update ambassador to 0.50.2
## v1.1.2
### Minor Changes
- Add additional chart maintainer
## v1.1.1
### Minor Changes
- Default replicas -> 3
## v1.1.0
### Minor Changes
- Allow RBAC to be namespaced (`rbac.namespaced`)
## v1.0.0
### Major Changes
- First release of Ambassador Helm Chart in helm/charts
- For migration see [Migrating from datawire/ambassador chart](https://github.com/helm/charts/tree/master/stable/ambassador#migrating-from-datawireambassador-chart-chart-version-0400-or-0500)

23
charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md
View File

@ -1,23 +0,0 @@
# Contributing to the Ambassador Helm Chart
This Helm chart is used to install The Ambassador Edge Stack (AES) and is
maintained by Datawire.
## Developing
All work on the helm chart should be done in a separate branch off `master` and
contributed with a Pull Request targeting `master`.
**Note**: All updates to the chart require you update the `version` in
`Chart.yaml`.
## Testing
The `ci/` directory contains scripts that will be run on PRs to `master`.
- `ci/run_tests.sh` will run the tests of the chart.
## Releasing
Releasing a new chart is done by pushing a tag to `master`. Travis will then
run the tests and push the chart to `https://getambassador.io/helm`.

28
charts/ambassador/ambassador/6.7.1100/Chart.yaml
View File

@ -1,28 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Ambassador Edge Stack
catalog.cattle.io/release-name: ambassador
apiVersion: v1
appVersion: 1.13.8
description: A Helm chart for Datawire Ambassador
home: https://www.getambassador.io/
icon: https://www.getambassador.io/images/logo.png
keywords:
- api gateway
- ambassador
- datawire
- envoy
maintainers:
- email: markus@maga.se
name: flydiverny
- email: flynn@datawire.io
name: kflynn
- email: nkrause@datawire.io
name: nbkrause
- email: lukeshu@datawire.io
name: lukeshu
name: ambassador
sources:
- https://github.com/datawire/ambassador
- https://github.com/prometheus/statsd_exporter
version: 6.7.1100

37
charts/ambassador/ambassador/6.7.1100/Makefile
View File

@ -1,37 +0,0 @@
HELM_TEST_IMAGE = quay.io/helmpack/chart-testing:v3.0.0-rc.1
K3D_CLUSTER_NAME = helm-chart-test-cluster
CHART_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST)))))
CHART_KUBECONFIG := /tmp/kubeconfig/k3dconfig
CT_EXEC = docker run --rm -v $(CHART_KUBECONFIG):/root/.kube/config -v $(CHART_DIR):/charts --network host $(HELM_TEST_IMAGE) ct
K3D_EXEC := KUBECONFIG=$(CHART_KUBECONFIG) k3d
test-chart: lint-chart preflight-chart-test chart-create-cluster
$(CT_EXEC) install --config /charts/ct.yaml && \
$(MAKE) chart-delete-cluster
.PHONY: test-chart
lint-chart: preflight-kubeconfig
$(CT_EXEC) lint --config /charts/ct.yaml
.PHONY: lint-chart
preflight-chart-test: preflight-kubeconfig
# check if k3d is installed
@if ! command -v k3d 2> /dev/null ; then \
printf 'k3d not installed, plz do that'; \
false; \
fi
.PHONY: preflight-chart-test
preflight-kubeconfig:
mkdir -p `dirname $(CHART_KUBECONFIG)`
touch $(CHART_KUBECONFIG)
.PHONY: preflight-kubeconfig
chart-create-cluster: preflight-kubeconfig
$(MAKE) chart-delete-cluster || true
$(K3D_EXEC) cluster create $(K3D_CLUSTER_NAME) --k3s-server-arg "--no-deploy=traefik"
.PHONY: chart-create-cluster
chart-delete-cluster:
$(K3D_EXEC) cluster delete $(K3D_CLUSTER_NAME)
.PHONY: chart-delete-cluster

478
charts/ambassador/ambassador/6.7.1100/README.md
View File

@ -1,478 +0,0 @@
# Ambassador
The Ambassador Edge Stack is a self-service, comprehensive edge stack that is Kubernetes-native and built on [Envoy Proxy](https://www.envoyproxy.io/).
## TL;DR;
```console
$ helm repo add datawire https://getambassador.io
$ helm install ambassador datawire/ambassador
```
## Introduction
This chart bootstraps an [Ambassador](https://www.getambassador.io) deployment on
a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.11+
## Add this Helm repository to your Helm client
```console
helm repo add datawire https://getambassador.io
```
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ kubectl create namespace ambassador
$ helm install my-release datawire/ambassador -n ambassador
```
The command deploys Ambassador Edge Stack in the ambassador namespace on the Kubernetes cluster in the default configuration.
It is recommended to use the ambassador namespace for easy upgrades.
The [configuration](#configuration) section lists the parameters that can be configured during installation.
### Ambassador Edge Stack Installation
This chart defaults to installing The Ambassador Edge Stack with all of its configuration objects.
- A Redis instance
- `AuthService` resource for enabling authentication
- `RateLimitService` resource for enabling rate limiting
- `Mapping`s for internal request routing
If installing alongside another deployment of Ambassador, some of these resources can cause configuration errors since only one `AuthService` or `RateLimitService` can be configured at a time.
If you already have one of these resources configured in your cluster, please see the [configuration](#configuration) section below for information on how to disable them in the chart.
### Ambassador OSS Installation
This chart can still be used to install Ambassador OSS.
To install OSS, change the `image` to use the OSS image and set `enableAES: false` to skip the install of any AES resources.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm uninstall my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Changelog
Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md)
## Configuration
The following tables lists the configurable parameters of the Ambassador chart and their default values.
| Parameter | Description | Default |
|----------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
| `nameOverride` | Override the generated chart name. Defaults to .Chart.Name. | |
| `fullnameOverride` | Override the generated release name. Defaults to .Release.Name. | |
| `namespaceOverride` | Override the generated release namespace. Defaults to .Release.Namespace. | |
| `adminService.create` | If `true`, create a service for Ambassador's admin UI | `true` |
| `adminService.nodePort` | If explicit NodePort for admin service is required | `true` |
| `adminService.type` | Ambassador's admin service type to be used | `ClusterIP` |
| `adminService.annotations` | Annotations to apply to Ambassador admin service | `{}` |
| `adminService.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` |
| `adminService.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None |
| `ambassadorConfig` | Config thats mounted to `/ambassador/ambassador-config` | `""` |
| `crds.enabled` | If `true`, enables CRD resources for the installation. | `true` |
| `crds.create` | If `true`, Creates CRD resources | `true` |
| `crds.keep` | If `true`, if the ambassador CRDs should be kept when the chart is deleted | `true` |
| `daemonSet` | If `true`, Create a DaemonSet. By default Deployment controller will be created | `false` |
| `test.enabled` | If `true`, Create test Pod to verify the Ambassador service works correctly (Only created on `helm test`) | `true` |
| `test.image` | Image to use for the test Pod | `busybox` |
| `hostNetwork` | If `true`, uses the host network, useful for on-premise setups | `false` |
| `dnsPolicy` | Dns policy, when hostNetwork set to ClusterFirstWithHostNet | `ClusterFirst` |
| `env` | Any additional environment variables for ambassador pods | `{}` |
| `envRaw` | Additional environment variables in raw YAML format | `{}` |
| `image.pullPolicy` | Ambassador image pull policy | `IfNotPresent` |
| `image.repository` | Ambassador image | `docker.io/datawire/aes` |
| `image.tag` | Ambassador image tag | `1.13.8` |
| `imagePullSecrets` | Image pull secrets | `[]` |
| `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` |
| `scope.singleNamespace` | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false` |
| `podAnnotations` | Additional annotations for ambassador pods | `{}` |
| `deploymentAnnotations` | Additional annotations for ambassador DaemonSet/Deployment | `{}` |
| `podLabels` | Additional labels for ambassador pods | |
| `deploymentLabels` | Additional labels for ambassador DaemonSet/Deployment | |
| `affinity` | Affinity for ambassador pods | `{}` |
| `topologySpreadConstraints` | Topology Spread Constraints for Ambassador pods. Stable since 1.19. | `[]` |
| `nodeSelector` | NodeSelector for ambassador pods | `{}` |
| `priorityClassName` | The name of the priorityClass for the ambassador DaemonSet/Deployment | `""` |
| `rbac.create` | If `true`, create and use RBAC resources | `true` |
| `rbac.podSecurityPolicies` | pod security polices to bind to | |
| `rbac.nameOverride` | Overrides the default name of the RBAC resources | `` |
| `replicaCount` | Number of Ambassador replicas | `3` |
| `resources` | CPU/memory resource requests/limits | `{ "limits":{"cpu":"1000m","memory":"600Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` |
| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` |
| `security.podSecurityContext` | Set the security context for the Ambassador pod | `{ "runAsUser": "8888" }` |
| `security.containerSecurityContext` | Set the security context for the Ambassador container | `{ "allowPrivilegeEscalation": false }` |
| `security.podSecurityPolicy` | Create a PodSecurityPolicy to be used for the pod. | `{}` |
| `restartPolicy` | Set the `restartPolicy` for pods | `` |
| `terminationGracePeriodSeconds` | Set the `terminationGracePeriodSeconds` for the pod. Defaults to 30 if unset. | `` |
| `initContainers` | Containers used to initialize context for pods | `[]` |
| `sidecarContainers` | Containers that share the pod context | `[]` |
| `livenessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's liveness probe | `30` |
| `livenessProbe.periodSeconds` | Probe period (s) for Ambassador pod's liveness probe | `3` |
| `livenessProbe.failureThreshold` | Failure threshold for Ambassador pod's liveness probe | `3` |
| `readinessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's readiness probe | `30` |
| `readinessProbe.periodSeconds` | Probe period (s) for Ambassador pod's readiness probe | `3` |
| `readinessProbe.failureThreshold` | Failure threshold for Ambassador pod's readiness probe | `3` |
| `service.annotations` | Annotations to apply to Ambassador service | `""` |
| `service.externalTrafficPolicy` | Sets the external traffic policy for the service | `""` |
| `service.nameOverride` | Sets the name of the service | `ambassador.fullname` |
| `service.ports` | List of ports Ambassador is listening on | `[{"name": "http","port": 80,"targetPort": 8080},{"name": "https","port": 443,"targetPort": 8443}]` |
| `service.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` |
| `service.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None |
| `service.sessionAffinity` | Sets the session affinity policy for the service | `""` |
| `service.sessionAffinityConfig` | Sets the session affinity config for the service | `""` |
| `service.type` | Service type to be used | `LoadBalancer` |
| `service.externalIPs` | External IPs to route to the ambassador service | `[]` |
| `serviceAccount.create` | If `true`, create a new service account | `true` |
| `serviceAccount.name` | Service account to be used | `ambassador` |
| `volumeMounts` | Volume mounts for the ambassador service | `[]` |
| `volumes` | Volumes for the ambassador service | `[]` |
| `enableAES` | Create the [AES configuration objects](#ambassador-edge-stack-installation) | `true` |
| `createDevPortalMappings` | Expose the dev portal on `/docs/` and `/documentation/` | `true` |
| `licenseKey.value` | Ambassador Edge Stack license. Empty will install in evaluation mode. | `` |
| `licenseKey.createSecret` | Set to `false` if installing mutltiple Ambassdor Edge Stacks in a namespace. | `true` |
| `licenseKey.secretName` | Name of the secret to store Ambassador license key in. | `` |
| `licenseKey.annotations` | Annotations to attach to the license-key-secret. | {} |
| `redisURL` | URL of redis instance not created by the release | `""` |
| `redisEnv` | (**DEPRECATED:** Use `envRaw`) Set env vars that control how Ambassador interacts with redis. | `""` |
| `redis.create` | Create a basic redis instance with default configurations | `true` |
| `redis.annotations` | Annotations for the redis service and deployment | `""` |
| `redis.resources` | Resource requests for the redis instance | `""` |
| `redis.nodeSelector` | NodeSelector for redis pods | `{}` |
| `redis.affinity` | Affinity for redis pods | `{}` |
| `redis.tolerations` | Tolerations for redis pods | `{}` |
| `authService.create` | Create the `AuthService` CRD for Ambassador Edge Stack | `true` |
| `authService.optional_configurations` | Config options for the `AuthService` CRD | `""` |
| `rateLimit.create` | Create the `RateLimit` CRD for Ambassador Edge Stack | `true` |
| `registry.create` | Create the `Project` registry. | `false` |
| `autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | `false` |
| `autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2` |
| `autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `5` |
| `autoscaling.metrics` | If autoscaling enabled, configure hpa metrics | |
| `podDisruptionBudget` | Pod disruption budget rules | `{}` |
| `resolvers.endpoint.create` | Create a KubernetesEndpointResolver | `false` |
| `resolvers.endpoint.name` | If creating a KubernetesEndpointResolver, the resolver name | `endpoint` |
| `resolvers.consul.create` | Create a ConsulResolver | `false` |
| `resolvers.consul.name` | If creating a ConsulResolver, the resolver name | `consul-dc1` |
| `resolvers.consul.spec` | If creating a ConsulResolver, additional configuration | `{}` |
| `module` | Configure and manage the Ambassador Module from the Chart | `{}` |
| `prometheusExporter.enabled` | DEPRECATED: Prometheus exporter side-car enabled | `false` |
| `prometheusExporter.pullPolicy` | DEPRECATED: Image pull policy | `IfNotPresent` |
| `prometheusExporter.repository` | DEPRECATED: Prometheus exporter image | `prom/statsd-exporter` |
| `prometheusExporter.tag` | DEPRECATED: Prometheus exporter image | `v0.8.1` |
| `prometheusExporter.resources` | DEPRECATED: CPU/memory resource requests/limits | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object (`adminService.create` should be to `true`) | `false` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
| `metrics.serviceMonitor.selector` | Label Selector for Prometheus to find ServiceMonitors | `{ prometheus: kube-prometheus }` |
| `servicePreview.enabled` | If true, install Service Preview components: traffic-manager & traffic-agent (`enableAES` needs to also be to `true`) | `false` |
| `servicePreview.trafficManager.image.repository` | Ambassador Traffic-manager image | Same value as `image.repository` |
| `servicePreview.trafficManager.image.tag` | Ambassador Traffic-manager image tag | Same value as `image.tag` |
| `servicePreview.trafficManager.serviceAccountName` | Traffic-manager Service Account to be used | `traffic-manager` |
| `servicePreview.trafficAgent.image.repository` | Ambassador Traffic-agent image | Same value as `image.repository` |
| `servicePreview.trafficAgent.image.tag` | Ambassador Traffic-agent image tag | Same value as `image.tag` |
| `servicePreview.trafficAgent.injector.enabled` | If true, install the ambassador-injector | `true` |
| `servicePreview.trafficAgent.injector.crtPEM` | TLS certificate for the Common Name of <ambassador-injector>.<namespace>.svc | Auto-generated, valid for 365 days |
| `servicePreview.trafficAgent.injector.keyPEM` | TLS private key for the Common Name of <ambassador-injector>.<namespace>.svc | Auto-generated, valid for 365 days |
| `servicePreview.trafficAgent.port` | Traffic-agent listening port number when injected with ambassador-injector | `9900` |
| `servicePreview.trafficAgent.serviceAccountName` | Label Selector for Prometheus to find ServiceMonitors | `traffic-agent` |
| `servicePreview.trafficAgent.singleNamespace` | If `true`, installs the traffic-agent ServiceAccount and Role in the current installation namespace; Otherwise uses a global ClusterRole applied to every ServiceAccount | `true` |
| `agent.enabled` | If `true`, installs the ambassador-agent Deployment, ServiceAccount and ClusterRole in the ambassador namespace | `true` |
| `agent.cloudConnectionToken` | API token for reporting snapshots to the [Service Catalog](https://app.getambassador.io/cloud/catalog/); If empty, agent will not report snapshots | `""` |
| `agent.rpcAddress` | Address of the ambassador Service Catalog rpc server. | `https://app.getambassador.io/` |
| `agent.image.repository` | Image repository for the ambassador-agent deployment. Defaults to value of `image.repository` | Same value as `image.repository` |
| `agent.image.tag` | Image tag for the ambassador-agent deployment. Defaults to value of `image.tag` | Same value as `image.tag` |
**NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations.
### The Ambasssador Edge Stack
The Ambassador Edge Stack provides a comprehensive, self-service edge stack in
the Kubernetes cluster with a decentralized deployment model and a declarative
paradigm.
By default, this chart will install the latest image of The Ambassador Edge
Stack which will replace your existing deployment of Ambassador with no changes
to functionality.
### CRDs
This helm chart includes the creation of the core CRDs Ambassador uses for
configuration.
The `crds` flags (Helm 2 only) let you configure how a release manages crds.
- `crds.create` Can only be set on your first/master Ambassador release.
- `crds.enabled` Should be set on all releases using Ambassador CRDs
- `crds.keep` Configures if the CRDs are deleted when the master release is
purged. This value is only checked for the master release and can be set to
any value on secondary releases.
### Security
Ambassador takes security very seriously. For this reason, the YAML installation will default with a couple of basic security policies in place.
The `security` field of the `values.yaml` file configures these default policies and replaces the `securityContext` field used earlier.
The defaults will configure the pod to run as a non-root user and prohibit privilege escalation and outline a `PodSecurityPolicy` to ensure these conditions are met.
```yaml
security:
# Security Context for all containers in the pod.
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core
podSecurityContext:
runAsUser: 8888
# Security Context for the Ambassador container specifically
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
# A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
#
# A set of reasonable defaults is outlined below. This is not created by default as it should only
# be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in
# the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies`
# in all non-"master" Releases.
podSecurityPolicy: {}
# # Add AppArmor and Seccomp annotations
# # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
# annotations:
# spec:
# seLinux:
# rule: RunAsAny
# supplementalGroups:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# fsGroup:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# privileged: false
# allowPrivilegeEscalation: false
# runAsUser:
# rule: MustRunAsNonRoot
```
### Annotations
Ambassador is configured using Kubernetes Custom Resource Definitions (CRDs). If you are unable to use CRDs, Ambassador can also be configured using annotations on services. The `service.annotations` section of the values file contains commented out examples of [Ambassador Module](https://www.getambassador.io/reference/core/ambassador) and a global [TLSContext](https://www.getambassador.io/reference/core/tls) configurations which are typically created in the Ambassador service.
If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above.
### Prometheus Metrics
Using the Prometheus Exporter has been deprecated and is no longer recommended. You can now use `metrics.serviceMonitor.enabled` to create a `ServiceMonitor` from the chart if the [Prometheus Operator](https://github.com/coreos/prometheus-operator) has been installed on your cluster.
Please see Ambassador's [monitoring with Prometheus](https://www.getambassador.io/user-guide/monitoring/) docs for more information on using the `/metrics` endpoint for metrics collection.
### Specifying Values
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install --wait my-release \
--set adminService.type=NodePort \
datawire/ambassador
```
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
$ helm install --wait my-release -f values.yaml datawire/ambassador
```
---
# Upgrading
## To 6.0.0
Introduces Ambassador Edge Stack being installed by default.
### Breaking changes
Ambassador Pro support has been removed in 6.0.0. Please [upgrade to the Ambassador Edge Stack](https://www.getambassador.io/user-guide/helm).
## To 5.0.0
### Breaking changes
**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified.
- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed
## To 4.0.0
The 4.0.0 chart contains a number of changes to the way Ambassador Pro is installed.
- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core
- The license key is now stored and read from a Kubernetes secret by default
- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret.
- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance
- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/))
- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true`
- Fixed misnamed selector for redis instance that failed in an edge case
- Exposes annotations for redis deployment and service
### Breaking changes
The value of `.Values.pro.image.tag` has been shortened to assume `amb-sidecar` (and `amb-core` for Ambassador core)
`values.yaml`
```diff
<3.0.0>
image:
repository: quay.io/datawire/ambassador_pro
- tag: amb-sidecar-0.6.0
<4.0.0+>
image:
repository: quay.io/datawire/ambassador_pro
+ tag: 0.7.0
```
Method for creating a Kubernetes secret to hold the license key has been changed
`values.yaml`
```diff
<3.0.0>
- secret: false
<4.0.0>
+ secret:
+ enabled: true
+ create: true
```
## To 3.0.0
### Service Ports
The way ports are assigned has been changed for a more dynamic method.
Now, instead of setting the port assignments for only the http and https, any port can be open on the load balancer using a list like you would in a standard Kubernetes YAML manifest.
`pre-3.0.0`
```yaml
service:
http:
enabled: true
port: 80
targetPort: 8080
https:
enabled: true
port: 443
targetPort: 8443
```
`3.0.0`
```yaml
service:
ports:
- name: http
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
```
This change has also replaced the `.additionalTCPPorts` configuration. Additional TCP ports can be created the same as the http and https ports above.
### Annotations and `service_port`
The below Ambassador `Module` annotation is no longer being applied by default.
```yaml
getambassador.io/config: |
---
apiVersion: ambassador/v1
kind: Module
name: ambassador
config:
service_port: 8080
```
This was causing confusion with the `service_port` being hard-coded when enabling TLS termination in Ambassador.
Ambassador has been listening on port 8080 for HTTP and 8443 for HTTPS by default since version `0.60.0` (chart version 2.2.0).
### RBAC and CRDs
A `ClusterRole` and `ClusterRoleBinding` named `{{release name}}-crd` will be created to watch for the Ambassador Custom Resource Definitions. This will be created regardless of the value of `scope.singleNamespace` since CRDs are created the cluster scope.
`rbac.namespaced` has been removed. For namespaced RBAC, set `scope.singleNamespace: true` and `rbac.enabled: true`.
`crds.enabled` will indicate that you are using CRDs and will create the rbac resources regardless of the value of `crds.create`. This allows for multiple deployments to use the CRDs.
## To 2.0.0
### Ambassador ID
ambassador.id has been removed in favor of setting it via an environment variable in `env`. `AMBASSADOR_ID` defaults to `default` if not set in the environment. This is mainly used for [running multiple Ambassadors](https://www.getambassador.io/reference/running#ambassador_id) in the same cluster.
| Parameter | Env variables |
| --------------- | --------------- |
| `ambassador.id` | `AMBASSADOR_ID` |
## Migrating from `datawire/ambassador` chart (chart version 0.40.0 or 0.50.0)
Chart now runs ambassador as non-root by default, so you might need to update your ambassador module config to match this.
### Timings
Timings values have been removed in favor of setting the env variables using `env´
| Parameter | Env variables |
| ----------------- | -------------------------- |
| `timing.restart` | `AMBASSADOR_RESTART_TIME` |
| `timing.drain` | `AMBASSADOR_DRAIN_TIME` |
| `timing.shutdown` | `AMBASSADOR_SHUTDOWN_TIME` |
### Single namespace
| Parameter | Env variables |
| ------------------ | ----------------------------- |
| `namespace.single` | `AMBASSADOR_SINGLE_NAMESPACE` |
### Renamed values
Service ports values have changed names and target ports have new defaults.
| Previous parameter | New parameter | New default value |
| --------------------------- | -------------------------- | ----------------- |
| `service.enableHttp` | `service.http.enabled` | |
| `service.httpPort` | `service.http.port` | |
| `service.httpNodePort` | `service.http.nodePort` | |
| `service.targetPorts.http` | `service.http.targetPort` | `8080` |
| `service.enableHttps` | `service.https.enabled` | |
| `service.httpsPort` | `service.https.port` | |
| `service.httpsNodePort` | `service.https.nodePort` | |
| `service.targetPorts.https` | `service.https.targetPort` | `8443` |
### Exporter sidecar
Pre version `0.50.0` ambassador was using socat and required a sidecar to export statsd metrics. In `0.50.0` ambassador no longer uses socat and doesn't need a sidecar anymore to export its statsd metrics. Statsd metrics are disabled by default and can be enabled by setting environment `STATSD_ENABLED`, this will (in 0.50) send metrics to a service named `statsd-sink`, if you want to send it to another service or namespace it can be changed by setting `STATSD_HOST`
If you are using prometheus the chart allows you to enable a sidecar which can export to prometheus see the `prometheusExporter` values.

8
charts/ambassador/ambassador/6.7.1100/RELEASE.tpl
View File

@ -1,8 +0,0 @@
## :tada: Ambassador Chart $CHART_VERSION :tada:
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md
---

1
charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl
View File

@ -1 +0,0 @@
Ambassador Chart $CHART_VERSION

13
charts/ambassador/ambassador/6.7.1100/app-readme.md
View File

@ -1,13 +0,0 @@
# Ambassador Edge Stack and Emissary Ingress Chart
[Ambassador Edge Stack](https://www.getambassador.io/products/edge-stack/) and its open source CNCF counterpart [Emissary-Ingress](https://www.getambassador.io/products/api-gateway/) are Kubernetes native, high-performance Ingress controllers designed with GitOps workflows and developer experience in mind. The Edge Stack allows users to manage [Authentication](https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/), [Rate Limits](https://www.getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/), [TLS](https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/) and more with easy-to-use resources for [managing your APIs](https://www.getambassador.io/docs/edge-stack/latest/topics/using/intro-mappings/).
## Service Catalog
The default installation of Ambassador Edge Stack includes the deployment needed to get started with [Service Catalog](https://www.getambassador.io/products/service-catalog/) and the [Developer Control Plane](https://www.getambassador.io/developer-control-plane/). Simply generate your [Cloud Token](https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/#1-connect-your-cluster-to-ambassador-cloud) and add it in the Service Catalog section as you're setting up the chart.
## More Info
Visit the [Quick Start](https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/) page for more instructions, or check out our [documentation](https://www.getambassador.io/docs/edge-stack). For any questions, or to join the community, visit our [Slack](https://a8r.io/slack) and say hi!
* Ambassador recommends a Kubernetes version of 1.16 or higher.

40
charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml
View File

@ -1,40 +0,0 @@
security:
# Security Context for all containers in the pod.
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core
podSecurityContext:
runAsUser: 8888
# Security Context for the Ambassador container specifically
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
# A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
#
# A set of reasonable defaults is outlined below. This is not created by default as it should only
# be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in
# the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies`
# in all non-"master" Releases.
podSecurityPolicy:
# Add AppArmor and Seccomp annotations
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
annotations:
seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: MustRunAsNonRoot

8
charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml
View File

@ -1,8 +0,0 @@
# install the Ambassador API Gateway
image:
pullPolicy: IfNotPresent
enableAES: false
deploymentStrategy:
type: Recreate

8
charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml
View File

@ -1,8 +0,0 @@
service:
type: NodePort
authService:
create: false
deploymentStrategy:
type: Recreate

8
charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml
View File

@ -1,8 +0,0 @@
deploymentStrategy:
type: Recreate
service:
type: NodePort
autoscaling:
enabled: true

8
charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml
View File

@ -1,8 +0,0 @@
service:
type: NodePort
deploymentStrategy:
type: Recreate
scope:
singleNamespace: true

9
charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml
View File

@ -1,9 +0,0 @@
service:
type: NodePort
redis:
enabled: false
# Annotations for Ambassador Pro's redis instance.
deploymentStrategy:
type: Recreate

7
charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml
View File

@ -1,7 +0,0 @@
service:
type: NodePort
deploymentStrategy:
type: RollingUpdate
daemonSet: true

8
charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml
View File

@ -1,8 +0,0 @@
service:
type: NodePort
rateLimit:
create: false
deploymentStrategy:
type: Recreate

3
charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml
View File

@ -1,3 +0,0 @@
deploymentLabels:
label: foo
label2: bar

11
charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml
View File

@ -1,11 +0,0 @@
resolvers:
endpoint:
create: true
name: endpoint-foo
consul:
create: true
name: consul-foo
spec:
address: ${HOST_IP}
datacenter: dc1

9
charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml
View File

@ -1,9 +0,0 @@
module:
lua_scripts: |
function envoy_on_response(response_handle)
response_handle:headers():add("Lua-Scripts-Enabled", "Processed")
end
ip_allow:
- peer: 127.0.0.1
- remote: 99.99.0.0/16

5
charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml
View File

@ -1,5 +0,0 @@
servicePreview:
enabled: true
trafficAgent:
injector:
enabled: true

21
charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh
View File

@ -1,21 +0,0 @@
#!/bin/bash
set -e
CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; }
TOP_DIR=$CURR_DIR/..
# shellcheck source=common.sh
source "$CURR_DIR/common.sh"
echo ${TOP_DIR}
chart_version=$(get_chart_version ${TOP_DIR})
if ! grep "## v${chart_version}" ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then
echo "Current chart version does not appear in the changelog."
echo "Please run ambassador.git/charts/ambassador/ci/update_chart_changelog.sh and commit."
exit 1
fi
echo "Changelog looks good!"

47
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml
View File

@ -1,47 +0,0 @@
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: quote-backend
spec:
prefix: /backend/
service: quote
---
apiVersion: v1
kind: Service
metadata:
name: quote
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: quote
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: quote
spec:
replicas: 1
selector:
matchLabels:
app: quote
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: quote
spec:
containers:
- name: backend
image: datawire/quote:0.4.0
ports:
- name: http
containerPort: 8080
resources:
limits:
cpu: "0.1"
memory: 100Mi

9
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml
View File

@ -1,9 +0,0 @@
#env:
# AMBASSADOR_SINGLE_NAMESPACE: true
# AMBASSADOR_NO_KUBEWATCH: no_kubewatch
deploymentStrategy:
type: Recreate
service:
type: NodePort

18
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system

6
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml
View File

@ -1,6 +0,0 @@
service:
type: NodePort
crds:
create: false

18
charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml
View File

@ -1,18 +0,0 @@
---
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzRENDQVpnQ0NRRHVzSjFYNE54NjJEQU5CZ2txaGtpRzl3MEJBUXNGQURBYU1SZ3dGZ1lEVlFRRERBOWgKYldKaGMzTmhaRzl5TFdObGNuUXdIaGNOTVRreE1qRXpNakV3TXpBNVdoY05NakF4TWpFeU1qRXdNekE1V2pBYQpNUmd3RmdZRFZRUUREQTloYldKaGMzTmhaRzl5TFdObGNuUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJjcms1OTk0dklURnZpUGNJRjJpd3R0dVdpajFTeUZNSzVpbERieFByMmJCL3RmbDYKcmRwVUFlWkkrMTVDR2VHbi80ZitwRlFXODdwZ2ZvbDhlL3lCSTUvWStpdVIrQUY1bzhQV2h4aHBJdVk3RXdVbgpyT3ZJajcxaUZWa1Q4akRYZW9RWWdKalQ1MWh4SisyelVLZ3VtZDB6L05USEwrQndFbHZ4Z1ZuWlhUdlhsVGFiClBoWloyK3dZdDQvSnozN3lBMHJwNURKeTg5SStQNmVRSmNseUVyWmsvRUNuRFBxTlhDK1VyclVySXBsNkRScHUKdGZWOE9KM3BJZWc2YjBWQi9TQnRPNzFhMThkaXFPclFVREU5MEFOSWJsYWp0ODN5M0FIc29SNytpVGI0QXFvVwpiNG5LcVV1bEQ2QU0xVUg0TzR0SExIM05SemVOL1E1ZUtVb0ZBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBQ045b050OVJXT2JOTTBmajg1cm9GUG1zRE1UWElFOU5SNmpDMjV1SGtpY0lnamtGd043NTFkTnQxT0YKZWZLSkFzTDlSWmZUNmVmMUMxOFlnWE1xbTF5Yis0Q1VWWU9RZW96MlgweEdyT1lLZUhPM0hqamNqcXZ1cUxTeApTQ2duVlM1NkhqZU15MzJBNnIxcUhBL1FsYkkraGJFbHN0MVNwYnFSOG95dE9oUzZpNFNWbWxacWxBRkx5WFRRCjZ6Nm5wc25lTmdXMXhkdDN2UkpleXVFWEFZL0Z0eUxmZnkxdk5uODhhTkg2Y2Z2eWJjaHNkaWlRNnVXTnowVGMKeVVodGZUYWFRVjA1d21KZEJ3ZmJndXF0UjFxbXdyNCtzcjA0MEhoQ0pSVmlRUUdHa2VWSVU5ZHFPY0ZkZk5FTQo5NmczU01YWGRrcVhBYzFFb2hZdEthMWwvNTA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdG5LNU9mZmVMeUV4YjRqM0NCZG9zTGJibG9vOVVzaFRDdVlwUTI4VDY5bXdmN1g1CmVxM2FWQUhtU1B0ZVFobmhwLytIL3FSVUZ2TzZZSDZKZkh2OGdTT2YyUG9ya2ZnQmVhUEQxb2NZYVNMbU94TUYKSjZ6cnlJKzlZaFZaRS9JdzEzcUVHSUNZMCtkWWNTZnRzMUNvTHBuZE0velV4eS9nY0JKYjhZRloyVjA3MTVVMgptejRXV2R2c0dMZVB5YzkrOGdOSzZlUXljdlBTUGorbmtDWEpjaEsyWlB4QXB3ejZqVnd2bEs2MUt5S1plZzBhCmJyWDFmRGlkNlNIb09tOUZRZjBnYlR1OVd0ZkhZcWpxMEZBeFBkQURTRzVXbzdmTjh0d0I3S0VlL29rMitBS3EKRm0rSnlxbExwUStnRE5WQitEdUxSeXg5elVjM2pmME9YaWxLQlFJREFRQUJBb0lCQUVOQy9qaDV3Z2E4QlA2cQpqdkFEdVV2VXpoV3N0empxczNyRUtaZzd2aXRvSU9La1V1cEFaOG9xdlJ4UTE0b2xBb1V0OXBRUlB4TUxIYjN2ClNINkZNeXprMWt4bXhtTlUvQzQ5Q3Jqdkt6ZXZieE4rU3BzNjY5NFA1L0RlRCs0RGpyQVI4ZHNhcGIwUmdCQ1AKZU5sdnRlRWdSbVdoSTB5ZndPMXdSMGM4dWNRaE5GcjNNd0lMQ1FES0Zpa2NDSi9GV0FmNXc4ZGFnYnBYTXAxawo3ci9ya1BFcVh6NnRxam04eWZZWlRoaGIwUE5LcSsxOGdkaCtLeTZPL1RnTVZ2d1BLVkIrZUhoQmJZY2R6VGYxCmxia3pVeUFhZmR3VlBTTnhVOWhzSzBqNExWZG83YlVkajZySHNXTlBWcm1Ib1VsUnNjcno2aDhPZlQ0bU9WTi8KRmhtcEhvRUNnWUVBNlVENVlWMUJrWEg4S21WRjhiVGVGVGlTY1IvRGI4TVlRY3NLNzQrNEg5aEFmbjR3d3ZWeQpidi9kL2NsOWZHY0xXN0w1QWM1WWRxNlNWZGFHRVZpVzVOTy8xV0wwN3JjaG8xZTRaSzlPemJiUllNWW51cWRHCmF5eGhoUks0R25ubzZXMTlMWWc1d1F3TUJvUzNSbFVxUWN3UU1ESiszMVc4emwrazdpODk0dVVDZ1lFQXlEMXIKZHVMSGRMcG9UWEd2ZjZIVk9HQ1pWczQvSXg1M1B1WnRXY1FkYkc5MDZNWHRwdldWdDN1ek8rVVd2WGJIWHBSMQpjZWVrUHRucTI4a1BFT2oyd3NoVFRQQ05OT0dUWE01SzREbTVjNjVaeWY0WVJjQ0NZNEpSSUNqWHExeE9uc21nCk8ydTZiYlVQWE9veXFmVllWK0wwK25zcHNLOUNCd0ZaMjJqMXVLRUNnWUVBbzcyZTBzQ2FaTFcxcFRWT3NteWIKY2g0eWZ3TWpPUE9sdFpvSlpUNW9yTUlzRkNBVnJ1YUtuRzAxc3hDYzdKV1JuWiszdVpMVyt3bDFaSmlocU0rZApyYWtRQTRYaUZ5bXJqWFRvMXBWU0pvcnQxSmVHRUR1WTdXZE1WaFJiOVFvYmZMSUZxODd6YkJjKzRkeU1vK3pwCkt5TkxRZXBRc2dzSDdYK3EwaUdMdWhrQ2dZQUlYQWdRZm9jMUtGTVNhSnliQjNhUFUva1MxcWxzSGVsOGhzSXAKN1RZTlFObnduZEsrRmFLYWRsK1ZNSXN5ZmJMMUQ5MlhVOFJYbTJGaXE1SWxjcFJhcldKTTQvNEJKeW12eGl6NgpEMjdlbFhqS0pnRjlaL3dKaTNjM2tIendlbm9OeHYwWmZmWGFmcVNWakhGeEJ2MFpMakJzQkpoSStBZ1pvc1ROCmxDUXVBUUtCZ1FESHVxNUVseU1RS2NZWm5tRlN6T2ZYWXNJYm8rZEJJTlEyNnB0OFdacGMydnpsNkNrQXV3TWwKQU9jRllrbjBXSnVJRXRubnhPT3Rwcnh0VGRIWGIvOWZWY090Unp2TitvVjN2OVNEalZjWTRESWp3MXlpMkt1Vwp6MmV1N1lCNExlbG13TFlHMEJUMWp0ejJJREUxYW85MzgybEpWV2J4Y1dsdHArWTFCRWhkdmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
name: self-signed-cert
type: kubernetes.io/tls
---
apiVersion: getambassador.io/v1
kind: TLSContext
metadata:
name: tls
spec:
hosts: ["*"]
secret: self-signed-cert

53
charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh
View File

@ -1,53 +0,0 @@
#!/bin/bash
set -e
CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; }
TOP_DIR=$CURR_DIR/..
# shellcheck source=common.sh
source "$CURR_DIR/common.sh"
chart_version=$(get_chart_version ${TOP_DIR})
new_changelog=${TOP_DIR}/CHANGELOG.new.md
rm ${new_changelog} || true
while IFS= read -r line ; do
echo -e "${line}"
echo -e "${line}" >> ${new_changelog}
if [[ "${line}" =~ "## Next Release" ]] ; then
echo "" >> ${new_changelog}
echo "(no changes yet)" >> ${new_changelog}
echo "" >> ${new_changelog}
echo "## v${chart_version}" >> ${new_changelog}
fi
done < ${TOP_DIR}/CHANGELOG.md
mv ${new_changelog} ${TOP_DIR}/CHANGELOG.md
if [[ -n "${DONT_COMMIT_DIFF}" ]] ; then
echo "DONT_COMMIT_DIFF is set, not committing"
exit 0
fi
if git diff --exit-code -- ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then
echo "No changes to changelog, exiting"
exit 0
fi
branch_name="$(git symbolic-ref HEAD 2>/dev/null)" ||
branch_name="detached"
if [[ "${branch_name}" == "refs/heads/master" ]] ; then
echo "Not committing local changes to branch because branch is master"
exit 1
elif [[ "${branch_name}" == "detached" ]] ; then
echo "Not committing local changes because you're in a detached head state"
echo "please create a branch then rerun this script"
exit 1
fi
branch_name=${branch_name##refs/heads/}
git add ${TOP_DIR}/CHANGELOG.md
git commit -m "Committing changelog for chart v${chart_version}"
git push -u origin ${branch_name}

27
charts/ambassador/ambassador/6.7.1100/crds/filter.yaml
View File

@ -1,27 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: filters.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Filter
plural: filters
shortNames:
- fil
singular: filter
scope: Namespaced
versions:
- name: v1beta2
served: true
storage: false
- name: v2
served: true
storage: true

27
charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml
View File

@ -1,27 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: filterpolicies.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: FilterPolicy
plural: filterpolicies
shortNames:
- fp
singular: filterpolicy
scope: Namespaced
versions:
- name: v1beta2
served: true
storage: false
- name: v2
served: true
storage: true

115
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml
View File

@ -1,115 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: authservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: AuthService
listKind: AuthServiceList
plural: authservices
singular: authservice
scope: Namespaced
validation:
openAPIV3Schema:
description: AuthService is the Schema for the authservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AuthServiceSpec defines the desired state of AuthService
properties:
add_auth_headers:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
add_linkerd_headers:
type: boolean
allow_request_body:
type: boolean
allowed_authorization_headers:
items:
type: string
type: array
allowed_request_headers:
items:
type: string
type: array
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
auth_service:
type: string
failure_mode_allow:
type: boolean
include_body:
properties:
allow_partial:
type: boolean
max_bytes:
description: These aren't pointer types because they are required.
type: integer
required:
- allow_partial
- max_bytes
type: object
path_prefix:
type: string
proto:
enum:
- http
- grpc
type: string
protocol_version:
enum:
- v2
- v3
type: string
status_on_error:
description: Why isn't this just an int??
properties:
code:
type: integer
type: object
timeout_ms:
type: integer
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
required:
- auth_service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

58
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml
View File

@ -1,58 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: consulresolvers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: ConsulResolver
listKind: ConsulResolverList
plural: consulresolvers
singular: consulresolver
scope: Namespaced
validation:
openAPIV3Schema:
description: ConsulResolver is the Schema for the ConsulResolver API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use.
properties:
address:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
datacenter:
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

109
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml
View File

@ -1,109 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: devportals.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: DevPortal
listKind: DevPortalList
plural: devportals
singular: devportal
scope: Namespaced
validation:
openAPIV3Schema:
description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DevPortalSpec defines the desired state of DevPortal
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
content:
description: Content specifies where the content shown in the DevPortal come from
properties:
branch:
type: string
dir:
type: string
url:
type: string
type: object
default:
description: Default must be true when this is the default DevPortal
type: boolean
docs:
description: Docs is a static docs definition
items:
description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of <service>:<URL> tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.'
properties:
service:
description: Service is the service being documented
type: string
url:
description: URL is the URL used for obtaining docs
type: string
type: object
type: array
naming_scheme:
description: Describes how to display "services" in the DevPortal. Default namespace.name
enum:
- namespace.name
- name.prefix
type: string
search:
description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal
properties:
enabled:
type: boolean
type:
description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint'
enum:
- title-only
- all-content
type: string
type: object
selector:
description: Selector is used for choosing what is shown in the DevPortal
properties:
matchLabels:
additionalProperties:
type: string
description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal.
type: object
matchNamespaces:
description: MatchNamespaces is a list of namespaces that will be included in this DevPortal.
items:
type: string
type: array
type: object
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true

246
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml
View File

@ -1,246 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: hosts.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.hostname
name: Hostname
type: string
- JSONPath: .status.state
name: State
type: string
- JSONPath: .status.phaseCompleted
name: Phase Completed
type: string
- JSONPath: .status.phasePending
name: Phase Pending
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Host
listKind: HostList
plural: hosts
singular: host
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Host is the Schema for the hosts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HostSpec defines the desired state of Host
properties:
acmeProvider:
description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret.
properties:
authority:
description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host.
type: string
email:
type: string
privateKeySecret:
description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
registration:
description: This is normally set automatically
type: string
type: object
ambassador_id:
description: Common to all Ambassador objects (and optional).
items:
type: string
oneOf:
- type: string
- type: array
ambassadorId:
description: A compatibility alias for "ambassador_id"; because Host used to be specified with protobuf, and jsonpb allowed either "ambassador_id" or "ambassadorId", and even though we didn't tell people about "ambassadorId" it's what the web policy console generated because of jsonpb. So Hosts with 'ambassadorId' exist in the wild.
items:
type: string
oneOf:
- type: string
- type: array
hostname:
description: Hostname by which the Ambassador can be reached.
type: string
previewUrl:
description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled.
properties:
enabled:
description: Is the Preview URL feature enabled?
type: boolean
type:
description: What type of Preview URL is allowed?
enum:
- Path
type: string
type: object
requestPolicy:
description: Request policy definition.
properties:
insecure:
properties:
action:
enum:
- Redirect
- Reject
- Route
type: string
additionalPort:
type: integer
type: object
type: object
selector:
description: Selector by which we can find further configuration. Defaults to hostname=$hostname
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
tls:
description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`.
properties:
alpn_protocols:
type: string
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
ecdh_curves:
items:
type: string
type: array
max_tls_version:
type: string
min_tls_version:
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
sni:
type: string
type: object
tlsContext:
description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
tlsSecret:
description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: object
status:
description: HostStatus defines the observed state of Host
properties:
errorBackoff:
type: string
errorReason:
description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error.
type: string
errorTimestamp:
format: date-time
type: string
phaseCompleted:
description: phaseCompleted and phasePending are valid when state==Pending or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
phasePending:
description: phaseCompleted and phasePending are valid when state==Pending or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
state:
description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty.
enum:
- Initial
- Pending
- Ready
- Error
type: string
tlsCertificateSource:
enum:
- Unknown
- None
- Other
- ACME
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true

54
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml
View File

@ -1,54 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: kubernetesendpointresolvers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: KubernetesEndpointResolver
listKind: KubernetesEndpointResolverList
plural: kubernetesendpointresolvers
singular: kubernetesendpointresolver
scope: Namespaced
validation:
openAPIV3Schema:
description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID.
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

54
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml
View File

@ -1,54 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: kubernetesserviceresolvers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: KubernetesServiceResolver
listKind: KubernetesServiceResolverList
plural: kubernetesserviceresolvers
singular: kubernetesserviceresolver
scope: Namespaced
validation:
openAPIV3Schema:
description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID.
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

83
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml
View File

@ -1,83 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: logservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: LogService
listKind: LogServiceList
plural: logservices
singular: logservice
scope: Namespaced
validation:
openAPIV3Schema:
description: LogService is the Schema for the logservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: LogServiceSpec defines the desired state of LogService
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
driver:
enum:
- tcp
- http
type: string
driver_config:
properties:
additional_log_headers:
items:
properties:
during_request:
type: boolean
during_response:
type: boolean
during_trailer:
type: boolean
header_name:
type: string
type: object
type: array
type: object
flush_interval_byte_size:
type: integer
flush_interval_time:
type: integer
grpc:
type: boolean
service:
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

431
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml
View File

@ -1,431 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: mappings.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.host
name: Source Host
type: string
- JSONPath: .spec.prefix
name: Source Prefix
type: string
- JSONPath: .spec.service
name: Dest Service
type: string
- JSONPath: .status.state
name: State
type: string
- JSONPath: .status.reason
name: Reason
type: string
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Mapping
listKind: MappingList
plural: mappings
singular: mapping
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Mapping is the Schema for the mappings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MappingSpec defines the desired state of Mapping
properties:
add_linkerd_headers:
type: boolean
add_request_headers:
additionalProperties:
oneOf:
- type: string
- type: boolean
- type: object
type: object
add_response_headers:
additionalProperties:
oneOf:
- type: string
- type: boolean
- type: object
type: object
allow_upgrade:
description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1"
items:
type: string
type: array
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
auth_context_extensions:
additionalProperties:
type: string
type: object
auto_host_rewrite:
type: boolean
bypass_auth:
type: boolean
bypass_error_response_overrides:
description: If true, bypasses any `error_response_overrides` set on the Ambassador module.
type: boolean
case_sensitive:
type: boolean
circuit_breakers:
items:
properties:
max_connections:
type: integer
max_pending_requests:
type: integer
max_requests:
type: integer
max_retries:
type: integer
priority:
enum:
- default
- high
type: string
type: object
type: array
cluster_idle_timeout_ms:
type: integer
cluster_max_connection_lifetime_ms:
type: integer
cluster_tag:
type: string
connect_timeout_ms:
type: integer
cors:
properties:
credentials:
type: boolean
exposed_headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
max_age:
type: string
methods:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
origins:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
type: object
docs:
description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal)
properties:
display_name:
type: string
ignored:
type: boolean
path:
type: string
url:
type: string
type: object
enable_ipv4:
type: boolean
enable_ipv6:
type: boolean
envoy_override:
description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
type: object
error_response_overrides:
description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any.
items:
description: A response rewrite for an HTTP error response
properties:
body:
description: The new response body
properties:
content_type:
description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'.
type: string
json_format:
additionalProperties:
type: string
description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.'
type: object
text_format:
description: A format string representing a text response body. Content-Type can be set using the `content_type` field below.
type: string
text_format_source:
description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration.
properties:
filename:
description: The name of a file on the Ambassador pod that contains a format text string.
type: string
type: object
type: object
on_status_code:
description: The status code to match on -- not a pointer because it's required.
maximum: 599
minimum: 400
type: integer
required:
- body
- on_status_code
type: object
minItems: 1
type: array
grpc:
type: boolean
headers:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
host:
type: string
host_redirect:
type: boolean
host_regex:
type: boolean
host_rewrite:
type: string
idle_timeout_ms:
type: integer
keepalive:
properties:
idle_time:
type: integer
interval:
type: integer
probes:
type: integer
type: object
labels:
additionalProperties:
description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex.
items:
additionalProperties:
description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.'
items:
description: A MappingLabelSpecifier (finally!) defines a single label. There are multiple kinds of label, so this is more complex than we'd like it to be. See the remarks about schema on custom types in `./common.go`.
type: array
description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.'
type: object
type: array
description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups.
type: object
load_balancer:
properties:
cookie:
properties:
name:
type: string
path:
type: string
ttl:
type: string
required:
- name
type: object
header:
type: string
policy:
enum:
- round_robin
- ring_hash
- maglev
- least_request
type: string
source_ip:
type: boolean
required:
- policy
type: object
method:
type: string
method_regex:
type: boolean
modules:
items:
description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
type: object
type: array
outlier_detection:
type: string
path_redirect:
description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`.
type: string
precedence:
type: integer
prefix:
type: string
prefix_exact:
type: boolean
prefix_redirect:
description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`.
type: string
prefix_regex:
type: boolean
priority:
type: string
query_parameters:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
redirect_response_code:
description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`.
enum:
- 301
- 302
- 303
- 307
- 308
type: integer
regex_headers:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
regex_query_parameters:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
regex_redirect:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`.
type: object
regex_rewrite:
additionalProperties:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
type: object
remove_request_headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
remove_response_headers:
description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now.
items:
type: string
oneOf:
- type: string
- type: array
resolver:
type: string
retry_policy:
properties:
num_retries:
type: integer
per_try_timeout:
type: string
retry_on:
enum:
- 5xx
- gateway-error
- connect-failure
- retriable-4xx
- refused-stream
- retriable-status-codes
type: string
type: object
rewrite:
type: string
service:
type: string
shadow:
type: boolean
timeout_ms:
description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists.
type: integer
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
use_websocket:
description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`'
type: boolean
weight:
type: integer
required:
- prefix
- service
type: object
status:
description: MappingStatus defines the observed state of Mapping
properties:
reason:
type: string
state:
enum:
- ""
- Inactive
- Running
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

56
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml
View File

@ -1,56 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: modules.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Module
listKind: ModuleList
plural: modules
singular: module
scope: Namespaced
validation:
openAPIV3Schema:
description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
config:
description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
type: object
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

72
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml
View File

@ -1,72 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: ratelimitservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: RateLimitService
listKind: RateLimitServiceList
plural: ratelimitservices
singular: ratelimitservice
scope: Namespaced
validation:
openAPIV3Schema:
description: RateLimitService is the Schema for the ratelimitservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: RateLimitServiceSpec defines the desired state of RateLimitService
properties:
ambassador_id:
description: Common to all Ambassador objects.
items:
type: string
oneOf:
- type: string
- type: array
domain:
type: string
protocol_version:
enum:
- v2
- v3
type: string
service:
type: string
timeout_ms:
type: integer
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
required:
- service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

102
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml
View File

@ -1,102 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: tcpmappings.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TCPMapping
listKind: TCPMappingList
plural: tcpmappings
singular: tcpmapping
scope: Namespaced
validation:
openAPIV3Schema:
description: TCPMapping is the Schema for the tcpmappings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TCPMappingSpec defines the desired state of TCPMapping
properties:
address:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
circuit_breakers:
items:
properties:
max_connections:
type: integer
max_pending_requests:
type: integer
max_requests:
type: integer
max_retries:
type: integer
priority:
enum:
- default
- high
type: string
type: object
type: array
cluster_tag:
type: string
enable_ipv4:
type: boolean
enable_ipv6:
type: boolean
host:
type: string
idle_timeout_ms:
description: 'FIXME(lukeshu): Surely this should be an ''int''?'
type: string
port:
description: Port isn't a pointer because it's required.
type: integer
resolver:
type: string
service:
type: string
tls:
description: BoolOrString is a type that can hold a Boolean or a string.
oneOf:
- type: string
- type: boolean
weight:
type: integer
required:
- port
- service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

100
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml
View File

@ -1,100 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: tlscontexts.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TLSContext
listKind: TLSContextList
plural: tlscontexts
singular: tlscontext
scope: Namespaced
validation:
openAPIV3Schema:
description: TLSContext is the Schema for the tlscontexts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSContextSpec defines the desired state of TLSContext
properties:
alpn_protocols:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
ecdh_curves:
items:
type: string
type: array
hosts:
items:
type: string
type: array
max_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
min_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
secret:
type: string
secret_namespacing:
type: boolean
sni:
type: string
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

101
charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml
View File

@ -1,101 +0,0 @@
# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: tracingservices.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TracingService
listKind: TracingServiceList
plural: tracingservices
singular: tracingservice
scope: Namespaced
validation:
openAPIV3Schema:
description: TracingService is the Schema for the tracingservices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TracingServiceSpec defines the desired state of TracingService
properties:
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\""
items:
type: string
oneOf:
- type: string
- type: array
config:
properties:
access_token_file:
type: string
collector_cluster:
type: string
collector_endpoint:
type: string
collector_endpoint_version:
enum:
- HTTP_JSON_V1
- HTTP_JSON
- HTTP_PROTO
type: string
collector_hostname:
type: string
service_name:
type: string
shared_span_context:
type: boolean
trace_id_128bit:
type: boolean
type: object
driver:
enum:
- lightstep
- zipkin
- datadog
type: string
sampling:
properties:
client:
type: integer
overall:
type: integer
random:
type: integer
type: object
service:
type: string
tag_headers:
items:
type: string
type: array
required:
- driver
- service
type: object
type: object
version: null
versions:
- name: v2
served: true
storage: true
- name: v1
served: true
storage: false

34
charts/ambassador/ambassador/6.7.1100/crds/project.yaml
View File

@ -1,34 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: projects.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.prefix
name: Prefix
type: string
- JSONPath: .spec.githubRepo
name: Repo
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Project
plural: projects
singular: project
scope: Namespaced
subresources:
status: {}
versions:
- name: v2
served: true
storage: true

24
charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml
View File

@ -1,24 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: projectcontrollers.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: ProjectController
plural: projectcontrollers
singular: projectcontroller
scope: Namespaced
subresources:
status: {}
versions:
- name: v2
served: true
storage: true

40
charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml
View File

@ -1,40 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: projectrevisions.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.project.name
name: Project
type: string
- JSONPath: .spec.ref
name: Ref
type: string
- JSONPath: .spec.rev
name: Rev
type: string
- JSONPath: .status.phase
name: Status
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: getambassador.io
names:
categories:
- ambassador-crds
kind: ProjectRevision
plural: projectrevisions
singular: projectrevision
scope: Namespaced
subresources:
status: {}
versions:
- name: v2
served: true
storage: true

27
charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml
View File

@ -1,27 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: crd-install
labels:
app.kubernetes.io/name: ambassador
product: aes
name: ratelimits.getambassador.io
spec:
group: getambassador.io
names:
categories:
- ambassador-crds
kind: RateLimit
plural: ratelimits
shortNames:
- rl
singular: ratelimit
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: false
- name: v2
served: true
storage: true

37
charts/ambassador/ambassador/6.7.1100/ct.yaml
View File

@ -1,37 +0,0 @@
# See https://github.com/helm/chart-testing
# note: all the values files in ci/*-values.yaml will
# be tested automatically. For each configuration,
# all the tests in templates/tests/*.yaml
# will be checked.
################################################
# github
################################################
remote: origin
################################################
# chart
################################################
charts:
- /charts/
chart-dirs:
- /charts/
chart-repos:
- datawire=https://getambassador.io
helm-extra-args: --timeout 600s
# namespace: ambassador
# release-label: release
################################################
# checks and validations
################################################
validate-maintainers: false
validate-chart-schema: true
validate-yaml: true
# check-version-increment: true

84
charts/ambassador/ambassador/6.7.1100/questions.yml
View File

@ -1,84 +0,0 @@
questions:
### CRD Management
- variable: crds.enabled
label: Create CRDs
description: "Should Ambassador Edge Stack create and manage its CRD's?"
type: boolean
required: false
default: "true"
group: "CRD Management"
- variable: crds.keep
label: Keep CRDs
description: "Should Ambassador Edge Stack keep CRD's when the chart is uninstalled?"
type: boolean
required: false
default: "true"
group: "CRD Management"
show_if: "crds.enabled=true"
### Deployment Management
- variable: daemonSet
label: Deploy as Daemonset
description: "Deploy Ambassador Edge Stack as a Daemonset? (Recommended: false)"
type: boolean
required: false
default: "true"
group: "Deployment Settings"
- variable: replicaCount
label: Replica Count
description: "How many replicas should Ambassador Edge Stack run? (Recommended: 3)"
type: int
required: false
default: "3"
group: "Deployment Settings"
min: 1
max: 999
show_if: "daemonSet=false"
### Service Settings
- variable: service.type
label: Service Type
description: "Set the type of service, LoadBalancer (recommended), NodePort, or ClusterIP"
type: enum
required: false
default: "LoadBalancer"
group: "Service Settings"
options:
- "LoadBalancer"
- "ClusterIP"
- "NodePort"
### Licensing
- variable: licenseKey.createSecret
label: "Create License Key Secret"
description: "Creates the license key secret using the License Key Data."
type: boolean
required: false
default: "true"
group: "License Settings"
- variable: licenseKey.value
label: "License Key Data"
description: "Specifies the license key to apply."
type: secret
required: false
default: ""
group: "License Settings"
show_if: "licenseKey.createSecret=true"
### Service Catalog
- variable: agent.enabled
label: "Enable Service Catalog"
description: "Enables the Service Catalog agent for use at https://app.getambassador.io."
type: boolean
required: false
default: "true"
group: "Service Catalog"
- variable: agent.cloudConnectionToken
label: "Cloud Connection Token"
description: "Specifies the Token used to register a Cluster with the Service Catalog."
type: secret
required: false
default: ""
group: "Service Catalog"
show_if: "agent.enabled=true"

60
charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt
View File

@ -1,60 +0,0 @@
-------------------------------------------------------------------------------
{{- if .Values.enableAES }}
Congratulations! You have successfully installed The Ambassador Edge Stack!
{{- if empty .Values.licenseKey.value }}
-------------------------------------------------------------------------------
NOTE: You are currently running The Ambassador Edge Stack in EVALUATION MODE.
Request a free community license key at https://SERVICE_IP/edge_stack_admin/#dashboard
to unlock all the features of The Ambassador Edge Stack and update the value of
licenseKey.value in your values.yaml file.
{{- end }}
{{- if or .Values.authService.create .Values.rateLimit.create }}
-------------------------------------------------------------------------------
WARNING:
With your installation of the Ambassador Edge Stack, you have created a:
{{ if .Values.authService.create }}
- AuthService named {{include "ambassador.fullname" .}}-auth
{{ end }} {{ if .Values.rateLimit.create }}
- RateLimitService named {{include "ambassador.fullname" .}}-ratelimit
{{ end }}
in the {{ include "ambassador.namespace" . }} namespace.
Please ensure there is not another of these resources configured in your cluster.
If there is, please either remove the old resource or run
helm upgrade {{ .Release.Name }} -n {{ .Release.Namespace }} --set authService.create=false --set RateLimit.create=false
{{- end }}
{{- else }}
Congratulations! You've successfully installed Ambassador!
-------------------------------------------------------------------------------
To get the IP address of Ambassador, run the following commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }}'
On GKE/Azure:
export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
On AWS:
export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ include "ambassador.namespace" .}} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
{{- end }}
{{- end }}
For help, visit our Slack at http://a8r.io/Slack or view the documentation online at https://www.getambassador.io.

117
charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl
View File

@ -1,117 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ambassador.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ambassador.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "ambassador.imagetag" -}}
{{- if .Values.image.fullImageOverride }}
{{- .Values.image.fullImageOverride }}
{{- else }}
{{- if hasKey .Values.image "tag" -}}
{{- .Values.image.tag }}
{{- else if .Values.enableAES }}
{{- .Values.image.aesTag }}
{{- else }}
{{- .Values.image.ossTag }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Set the image that should be used for ambassador.
Use fullImageOverride if present,
Then if the image repository is explicitly set, use "repository:image"
Otherwise, check if AES is enabled
Use AES image if AES is enabled, ambassador image if not
*/}}
{{- define "ambassador.image" -}}
{{- if .Values.image.fullImageOverride }}
{{- .Values.image.fullImageOverride }}
{{- else }}
{{- $repoName := "" }}
{{- $imageTag := "" }}
{{- if hasKey .Values.image "repository" -}}
{{- $repoName = .Values.image.repository }}
{{- else if .Values.enableAES }}
{{- $repoName = .Values.image.aesRepository }}
{{- else }}
{{- $repoName = .Values.image.ossRepository }}
{{- end -}}
{{- if hasKey .Values.image "tag" -}}
{{- $imageTag = .Values.image.tag }}
{{- else if .Values.enableAES }}
{{- $imageTag = .Values.image.aesTag }}
{{- else }}
{{- $imageTag = .Values.image.ossTag }}
{{- end -}}
{{- printf "%s:%s" $repoName $imageTag -}}
{{- end -}}
{{- end -}}
{{/*
Create chart namespace based on override value.
*/}}
{{- define "ambassador.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ambassador.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "ambassador.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the RBAC to use
*/}}
{{- define "ambassador.rbacName" -}}
{{ default (include "ambassador.fullname" .) .Values.rbac.nameOverride }}
{{- end -}}
{{/*
Define the http port of the Ambassador service
*/}}
{{- define "ambassador.servicePort" -}}
{{- range .Values.service.ports -}}
{{- if (eq .name "http") -}}
{{ default .port }}
{{- end -}}
{{- end -}}
{{- end -}}

64
charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml
View File

@ -1,64 +0,0 @@
{{- if .Values.adminService.create -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "ambassador.fullname" . }}-admin
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
# Hard-coded label for Prometheus Operator ServiceMonitor
service: ambassador-admin
product: aes
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack admin service for internal use and health checks."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
{{- with .Values.adminService.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.adminService.type }}
ports:
- port: {{ .Values.adminService.port }}
targetPort: admin
protocol: TCP
name: ambassador-admin
{{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }}
nodePort: {{ int .Values.adminService.nodePort }}
{{- end }}
- port: {{ .Values.adminService.snapshotPort }}
targetPort: {{ .Values.adminService.snapshotPort }}
protocol: TCP
name: ambassador-snapshot
selector:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- if eq .Values.adminService.type "LoadBalancer" }}
{{- if not (empty .Values.adminService.loadBalancerIP) }}
loadBalancerIP: {{ .Values.adminService.loadBalancerIP | quote }}
{{- end }}
{{- if not (empty .Values.adminService.loadBalancerSourceRanges) }}
loadBalancerSourceRanges:
{{- toYaml .Values.adminService.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}

33
charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml
View File

@ -1,33 +0,0 @@
{{ if and .Values.authService.create .Values.enableAES }}
---
apiVersion: getambassador.io/v2
kind: AuthService
metadata:
name: {{ include "ambassador.fullname" . }}-{{ .Values.authService.deploymentExtraName | default "auth" }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-auth
{{- end }}
product: aes
spec:
proto: grpc
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
auth_service: 127.0.0.1:8500
{{- if .Values.authService.optional_configurations }}
{{- toYaml .Values.authService.optional_configurations | nindent 2}}
{{- end }}
{{ end }}

161
charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml
View File

@ -1,161 +0,0 @@
{{- if and .Values.enableAES .Values.servicePreview.enabled .Values.servicePreview.trafficAgent.injector.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ambassador.fullname" . }}-injector
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
spec:
containers:
- name: webhook
{{- if .Values.servicePreview.trafficAgent.image.repository }}
image: "{{ .Values.servicePreview.trafficAgent.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}"
{{- else }}
image: {{ include "ambassador.image" . }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "aes-injector" ]
env:
- name: AGENT_MANAGER_NAMESPACE
value: "{{ include "ambassador.namespace" . }}"
- name: TRAFFIC_AGENT_IMAGE
value: "{{ .Values.servicePreview.trafficAgent.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}"
- name: TRAFFIC_AGENT_AGENT_LISTEN_PORT
value: "{{ .Values.servicePreview.trafficAgent.port }}"
{{- if .Values.servicePreview.trafficAgent.singleNamespace }}
- name: TRAFFIC_AGENT_SERVICE_ACCOUNT_NAME
value: "{{ .Values.servicePreview.trafficAgent.serviceAccountName }}"
{{- end }}
ports:
- containerPort: 8443
name: https
livenessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
volumeMounts:
- mountPath: /var/run/secrets/tls
name: tls
readOnly: true
volumes:
- name: tls
secret:
secretName: {{ include "ambassador.fullname" . }}-injector-tls
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ambassador.fullname" . }}-injector
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack Service Preview Traffic Agent Sidecar injector."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector
app.kubernetes.io/instance: {{ .Release.Name }}
ports:
- name: {{ include "ambassador.fullname" . }}-injector
port: 443
targetPort: https
---
kind: Secret
apiVersion: v1
metadata:
name: {{ include "ambassador.fullname" . }}-injector-tls
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-tls
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
type: Opaque
data:
{{ $ca := genCA (printf "%s-injector.%s.svc" (include "ambassador.fullname" .) (include "ambassador.namespace" .)) 365 -}}
crt.pem: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }}
key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.servicePreview.trafficAgent.injector.keyPEM)) (empty .Values.servicePreview.trafficAgent.injector.keyPEM) }}
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: {{ include "ambassador.fullname" . }}-injector-webhook-config
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-webhook-config
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
webhooks:
- name: {{ include "ambassador.fullname" . }}-injector.getambassador.io
clientConfig:
service:
name: {{ include "ambassador.fullname" . }}-injector
namespace: {{ include "ambassador.namespace" . }}
path: "/traffic-agent"
caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }}
failurePolicy: Ignore
rules:
- operations: ["CREATE"]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
{{- end }}

129
charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml
View File

@ -1,129 +0,0 @@
{{ if and .Values.createDevPortalMappings .Values.enableAES }}
---
# Configure DevPortal
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
# This Mapping name is referenced by convention, it's important to leave as-is.
name: {{ include "ambassador.fullname" . }}-devportal
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: {{ .Values.devportal.docsPrefix }}
rewrite: "/docs/"
service: "127.0.0.1:8500"
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: {{ include "ambassador.fullname" . }}-devportal-assets
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-assets
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: /documentation/(assets|styles)/(.*)(.css)
prefix_regex: true
regex_rewrite:
pattern: /documentation/(.*)
substitution: /docs/\1
service: "127.0.0.1:8500"
add_response_headers:
cache-control:
value: "public, max-age=3600, immutable"
append: false
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
# This Mapping name is what the demo uses. Sigh.
name: {{ include "ambassador.fullname" . }}-devportal-demo
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-demo
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: /docs/
rewrite: "/docs/"
service: "127.0.0.1:8500"
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
# This Mapping name is referenced by convention, it's important to leave as-is.
name: {{ include "ambassador.fullname" . }}-devportal-api
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-api
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
prefix: /openapi/
rewrite: ""
service: "127.0.0.1:8500"
{{ end }}

29
charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml
View File

@ -1,29 +0,0 @@
{{ if and .Values.rateLimit.create .Values.enableAES }}
---
apiVersion: getambassador.io/v2
kind: RateLimitService
metadata:
name: {{ include "ambassador.fullname" . }}-{{ .Values.rateLimit.deploymentExtraName | default "ratelimit" }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
service: 127.0.0.1:8500
{{ end }}

106
charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml
View File

@ -1,106 +0,0 @@
{{ if and .Values.redis.create .Values.enableAES }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "ambassador.fullname" . }}-redis
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- else }}
product: aes
{{- end }}
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack Redis store for auth and rate limiting, among other things."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
{{- with .Values.redis.annotations.service }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- port: 6379
targetPort: 6379
selector:
{{- if .Values.redis.serviceSelector }}
{{ toYaml .Values.redis.serviceSelector | nindent 4 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ambassador.fullname" . }}-redis
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
annotations:
{{- toYaml .Values.redis.annotations.deployment | nindent 4}}
spec:
replicas: 1
selector:
matchLabels:
{{- if .Values.redis.serviceSelector }}
{{ toYaml .Values.redis.serviceSelector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
template:
metadata:
labels:
{{- if .Values.redis.serviceSelector }}
{{ toYaml .Values.redis.serviceSelector | nindent 8 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
spec:
containers:
- name: redis
image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}"
imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
resources:
{{- toYaml .Values.redis.resources | nindent 10 }}
restartPolicy: Always
{{- with .Values.redis.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ end }}

21
charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml
View File

@ -1,21 +0,0 @@
{{- if and .Values.licenseKey.createSecret .Values.enableAES }}
apiVersion: v1
kind: Secret
metadata:
{{- if ne .Values.deploymentTool "getambassador.io" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
{{- if .Values.licenseKey.annotations }}
{{- toYaml .Values.licenseKey.annotations | nindent 4 }}
{{- end }}
{{- if .Values.licenseKey.secretName }}
name: {{ .Values.licenseKey.secretName }}
{{- else }}
name: {{ include "ambassador.fullname" . }}-edge-stack
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
type: Opaque
data:
license-key: {{- if .Values.licenseKey.value }} {{ .Values.licenseKey.value | b64enc }} {{- else }} "" {{- end }}
{{- end }}

371
charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml
View File

@ -1,371 +0,0 @@
{{- if .Values.agent.enabled }}
{{- $allowAgent := false -}}
{{- /* This next bit is ugly. */ -}}
{{- /* Case 1: "fullImageOverride" means don't bother checking the tag. */ -}}
{{- /* Case 2: Otherwise, if it's not a semver-style version number, */ -}}
{{- /* assume we have a power user and turn the agent on. */ -}}
{{- /* Case 3: Otherwise, if Edge Stack, we need at least 1.12.0. */ -}}
{{- /* Case 4: Otherwise, it's OSS and we need at 1.13.0. */ -}}
{{- if .Values.image.fullImageOverride }}
{{- /* Case 1 */ -}}
{{- $allowAgent = true }}
{{- else if not (regexMatch "^\\d+\\.\\d+\\.\\d+$" (include "ambassador.imagetag" . )) }}
{{- /* Case 2 above: power user */ -}}
{{- $allowAgent = true }}
{{- else if and .Values.enableAES (ne (semver "1.12.0" | (semver (include "ambassador.imagetag" . )).Compare) -1) }}
{{- /* Case 3 above: Edge Stack 1.12.0+ */ -}}
{{- $allowAgent = true }}
{{- else if ne (semver "1.13.0" | (semver (include "ambassador.imagetag" . )).Compare) -1 }}
{{- /* Case 4 above: OSS 1.13.0+ */ -}}
{{- $allowAgent = true }}
{{- end }}
{{- if $allowAgent }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
{{- if .Values.docker.useImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.docker.imagePullSecretName }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ include "ambassador.fullname" . }}-agent-config
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ambassador.fullname" . }}-agent-config
subjects:
- kind: ServiceAccount
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ include "ambassador.fullname" . }}-agent-config
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "configmaps" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "ambassador.fullname" . }}-agent
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ambassador.fullname" . }}-agent
subjects:
- kind: ServiceAccount
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-pods
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "pods"]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-deployments
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: ["apps", "extensions"]
resources: [ "deployments" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-endpoints
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "endpoints" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-configmaps
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "configmaps" ]
verbs: [ "get", "list", "watch" ]
---
{{- if .Values.agent.createArgoRBAC }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-rollouts
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: ["argoproj.io"]
resources: [ "rollouts" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.fullname" . }}-agent-applications
labels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: ["argoproj.io"]
resources: [ "applications" ]
verbs: [ "get", "list", "watch" ]
{{- end }}
{{ if ne .Values.agent.cloudConnectToken "" }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "ambassador.fullname" . }}-agent-cloud-token
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent-cloud-token
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
data:
CLOUD_CONNECT_TOKEN: {{ .Values.agent.cloudConnectToken }}
{{ end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ambassador.fullname" . }}-agent
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
{{- end }}
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
product: aes
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
spec:
serviceAccountName: {{ include "ambassador.fullname" . }}-agent
containers:
- name: agent
image: {{ include "ambassador.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "agent" ]
env:
- name: AGENT_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: AGENT_CONFIG_RESOURCE_NAME
value: {{ include "ambassador.fullname" . }}-agent-cloud-token
- name: RPC_CONNECTION_ADDRESS
value: {{ .Values.agent.rpcAddress }}
- name: AES_SNAPSHOT_URL
value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.snapshotPort }}/snapshot-external"
{{- end }}
{{- end }}

20
charts/ambassador/ambassador/6.7.1100/templates/config.yaml
View File

@ -1,20 +0,0 @@
{{- if .Values.ambassadorConfig }}
apiVersion: v1
kind: ConfigMap
metadata:
name: '{{ include "ambassador.fullname" . }}-file-config'
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
data:
ambassadorConfig: |-
{{- .Values.ambassadorConfig | nindent 4 }}
{{- end }}

123
charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml
View File

@ -1,123 +0,0 @@
{{- if and .Values.crds.enabled (not .Values.crds.keep)}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ambassador.serviceAccountName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: ["get", "list", "watch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "ambassador.rbacName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ambassador.rbacName" . }}-crd-delete
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "ambassador.fullname" . }}-crd-cleanup
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "3"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
template:
metadata:
name: {{ include "ambassador.fullname" . }}-crd-cleanup
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
{{- if .Values.rbac.create }}
serviceAccountName: {{ include "ambassador.serviceAccountName" . }}-crd-delete
{{- end }}
containers:
- name: kubectl
image: "buoyantio/kubectl"
args:
- delete
- crds
- -l app.kubernetes.io/name=ambassador
restartPolicy: OnFailure
{{- end }}

6
charts/ambassador/ambassador/6.7.1100/templates/crds.yaml
View File

@ -1,6 +0,0 @@
{{- if .Values.crds.create }}
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

282
charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml
View File

@ -1,282 +0,0 @@
apiVersion: apps/v1
{{- if .Values.daemonSet }}
kind: DaemonSet
{{- else }}
kind: Deployment
{{- end }}
metadata:
{{- if .Values.deploymentNameOverride }}
name: {{ .Values.deploymentNameOverride }}
{{- else }}
name: {{ include "ambassador.fullname" . }}
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
{{- if .Values.deploymentLabels }}
{{- toYaml .Values.deploymentLabels | nindent 4 }}
{{- end }}
{{- if .Values.deploymentAnnotations }}
annotations:
{{- toYaml .Values.deploymentAnnotations | nindent 4 }}
{{- end }}
spec:
{{- if and (not .Values.autoscaling.enabled) (not .Values.daemonSet) }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- if .Values.daemonSet }}
updateStrategy:
{{- else }}
strategy:
{{- end }}
{{- toYaml .Values.deploymentStrategy | nindent 4}}
template:
metadata:
labels:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 8 }}
{{- end }}
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
product: aes
{{- end }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
annotations:
{{- if ne .Values.deploymentTool "getambassador.io" }}
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- /* Check if .Values.securityContext is set for backwards compatibility */ -}}
{{- if .Values.securityContext -}}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else -}}
{{- with .Values.security.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}
{{- if .Values.restartPolicy }}
restartPolicy: {{ .Values.restartPolicy }}
{{- end }}
serviceAccountName: {{ include "ambassador.serviceAccountName" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
volumes:
- name: ambassador-pod-info
downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: labels
{{- if .Values.prometheusExporter.enabled }}
- name: stats-exporter-mapping-config
configMap:
name: {{ include "ambassador.fullname" . }}-exporter-config
items:
- key: exporterConfiguration
path: mapping-config.yaml
{{- end }}
{{- if .Values.ambassadorConfig }}
- name: ambassador-config
configMap:
name: {{ include "ambassador.fullname" . }}-file-config
items:
- key: ambassadorConfig
path: ambassador-config.yaml
{{- end }}
{{- if and .Values.licenseKey.createSecret .Values.enableAES }}
- name: {{ include "ambassador.fullname" . }}-edge-stack-secrets
secret:
{{- if .Values.licenseKey.secretName }}
secretName: {{ .Values.licenseKey.secretName }}
{{- else }}
secretName: {{ include "ambassador.fullname" . }}-edge-stack
{{- end }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
{{- if .Values.prometheusExporter.enabled }}
- name: prometheus-exporter
image: "{{ .Values.prometheusExporter.repository }}:{{ .Values.prometheusExporter.tag }}"
imagePullPolicy: {{ .Values.prometheusExporter.pullPolicy }}
ports:
- name: metrics
containerPort: 9102
- name: listener
containerPort: 8125
args:
- --statsd.listen-udp=:8125
- --web.listen-address=:9102
- --statsd.mapping-config=/statsd-exporter/mapping-config.yaml
volumeMounts:
- name: stats-exporter-mapping-config
mountPath: /statsd-exporter/
readOnly: true
resources:
{{- toYaml .Values.prometheusExporter.resources | nindent 12 }}
{{- end }}
- name: {{ if .Values.containerNameOverride }}{{ .Values.containerNameOverride }}{{ else }}{{ .Chart.Name }}{{ end }}
image: {{ include "ambassador.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
{{- range .Values.service.ports }}
- name: {{ .name }}
containerPort: {{ int .targetPort }}
{{- if .protocol }}
protocol: {{ .protocol }}
{{- end }}
{{- if .hostPort }}
hostPort: {{ .hostPort }}
{{- end }}
{{- end}}
- name: admin
containerPort: {{ .Values.adminService.port }}
env:
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- if and (or .Values.redis.create .Values.redisURL) (.Values.enableAES) }}
- name: REDIS_URL
{{- if .Values.redisURL }}
value: {{ .Values.redisURL }}
{{- else }}
value: {{ include "ambassador.fullname" . }}-redis:6379
{{- end }}
{{- end }}
{{- if and .Values.licenseKey.secretName .Values.enableAES}}
- name: AMBASSADOR_AES_SECRET_NAME
value: {{ .Values.licenseKey.secretName }}
{{- end }}
{{- if .Values.prometheusExporter.enabled }}
- name: STATSD_ENABLED
value: "true"
- name: STATSD_HOST
value: "localhost"
{{- end }}
{{- if .Values.scope.singleNamespace }}
- name: AMBASSADOR_SINGLE_NAMESPACE
value: "YES"
{{- end }}
- name: AMBASSADOR_NAMESPACE
{{- if .Values.namespace }}
value: {{ .Values.namespace.name | quote }}
{{ else }}
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- end -}}
{{- if .Values.redisEnv }}
{{ toYaml .Values.redisEnv | nindent 12 }}
{{- end }}
{{- if .Values.env }}
{{- range $key,$value := .Values.env }}
- name: {{ $key | upper | quote}}
value: {{ $value | quote}}
{{- end }}
{{- end }}
{{- if .Values.envRaw }}
{{- with .Values.envRaw }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.security.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
livenessProbe:
httpGet:
path: /ambassador/v0/check_alive
port: admin
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
httpGet:
path: /ambassador/v0/check_ready
port: admin
{{- toYaml .Values.readinessProbe | nindent 12 }}
volumeMounts:
- name: ambassador-pod-info
mountPath: /tmp/ambassador-pod-info
readOnly: true
{{- if .Values.ambassadorConfig }}
- name: ambassador-config
mountPath: /ambassador/ambassador-config/ambassador-config.yaml
subPath: ambassador-config.yaml
{{- end }}
{{- if and .Values.licenseKey.createSecret .Values.enableAES }}
- name: {{ include "ambassador.fullname" . }}-edge-stack-secrets
mountPath: /.config/ambassador
readOnly: true
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.sidecarContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
imagePullSecrets:
{{- toYaml .Values.imagePullSecrets | nindent 8 }}
dnsPolicy: {{ .Values.dnsPolicy }}
hostNetwork: {{ .Values.hostNetwork }}

23
charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml
View File

@ -1,23 +0,0 @@
{{- if .Values.prometheusExporter.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: '{{ include "ambassador.fullname" . }}-exporter-config'
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
data:
exporterConfiguration:
{{- if .Values.prometheusExporter.configuration }} |
{{- .Values.prometheusExporter.configuration | nindent 4 }}
{{- else }} ''
{{- end }}
{{- end }}

26
charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml
View File

@ -1,26 +0,0 @@
{{- if and .Values.autoscaling.enabled (not .Values.daemonSet) }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "ambassador.fullname" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "ambassador.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- toYaml .Values.autoscaling.metrics | nindent 4 }}
{{- end }}

29
charts/ambassador/ambassador/6.7.1100/templates/module.yaml
View File

@ -1,29 +0,0 @@
{{- if .Values.module }}
apiVersion: getambassador.io/v2
kind: Module
metadata:
name: ambassador
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit
{{- end }}
product: aes
spec:
{{- if .Values.env }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
config:
{{- toYaml .Values.module | nindent 4 }}
{{- end }}

8
charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml
View File

@ -1,8 +0,0 @@
{{- if .Values.createNamespace }}
apiVersion: v1
kind: Namespace
metadata:
labels:
product: aes
name: {{ include "ambassador.namespace" . }}
{{- end }}

33
charts/ambassador/ambassador/6.7.1100/templates/oss-migration-test-service.yaml
View File

@ -1,33 +0,0 @@
{{- if .Values.enableTestService }}
apiVersion: v1
kind: Service
metadata:
name: test-aes
namespace: {{ include "ambassador.namespace" . }}
labels:
product: aes
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
{{- range .Values.service.ports }}
- name: {{ .name }}
port: {{ int .port }}
{{- if .targetPort }}
targetPort: {{ int .targetPort }}
{{- end }}
{{- if .nodePort }}
nodePort: {{ int .nodePort }}
{{- end }}
{{- if .protocol }}
protocol: {{ .protocol }}
{{- end }}
{{- end}}
selector:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- end }}

23
charts/ambassador/ambassador/6.7.1100/templates/pdb.yaml
View File

@ -1,23 +0,0 @@
{{- if .Values.podDisruptionBudget }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ include "ambassador.fullname" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
{{- end }}

25
charts/ambassador/ambassador/6.7.1100/templates/podsecuritypolicy.yaml
View File

@ -1,25 +0,0 @@
{{ if .Values.security.podSecurityPolicy }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "ambassador.fullname" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- with .Values.security.podSecurityPolicy.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.security.podSecurityPolicy.spec }}
spec:
{{- toYaml . | nindent 2}}
{{- end }}
{{ end }}

75
charts/ambassador/ambassador/6.7.1100/templates/projects-rbac.yaml
View File

@ -1,75 +0,0 @@
{{- if and .Values.rbac.create .Values.registry.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ include "ambassador.rbacName" . }}-projects
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "secrets", "services" ]
verbs: [ "get", "list", "create", "patch", "delete", "watch" ]
- apiGroups: ["apps"]
resources: [ "deployments" ]
verbs: [ "get", "list", "create", "patch", "delete", "watch" ]
- apiGroups: ["batch"]
resources: [ "jobs" ]
verbs: [ "get", "list", "create", "patch", "delete", "watch" ]
- apiGroups: [""]
resources: [ "pods" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [""]
resources: [ "pods/log" ]
verbs: [ "get" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: RoleBinding
{{- else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ include "ambassador.rbacName" . }}-projects
{{- if .Values.scope.singleNamespace }}
namespace: {{ include "ambassador.namespace" . }}
{{- end }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.scope.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
name: {{ include "ambassador.rbacName" . }}-projects
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
{{- end }}

412
charts/ambassador/ambassador/6.7.1100/templates/projects.yaml
View File

@ -1,412 +0,0 @@
{{- if .Values.registry.create }}
######################################################################
# In-cluster Registry for Projects
# This mapping will make every host function as a docker
# registry. It's not ideal to take over the "v2" mapping, but there
# are a number of constraints that make this the least worst option
# explored so far. These constraints are:
#
# - We need a registry where docker push/pull and similar (e.g. crictl
# push/pull) can work with no special client configuration since we
# don't control the clients and we can't expect our users to
# reconfigure their clusters to use a special push/pull
# configuration.
#
# - GKE's push/pull implementation (I think it's docker) and crictl
# push/pull (used by default in k3s clusters) have different default
# behaviors with respect to localhost registries. The docker
# implementation is very permissive, it will try both cleartext and
# TLS and it does not verify the TLS connection, so self-signed
# registries work fine. The crictl implementation is moving in this
# direction, but the version used in k3s (based on rancher's fork of
# containerd at v1.3.3) is not there yet. It only tries cleartext by
# default.
#
# - We want to minimize the requirements for users to have the
# access/understanding to create special DNS configurations
# (e.g. wildcard or a separate dns name for the registry).
#
# - You can configure the docker registry to have a prefix,
# e.g. <host>/<special-prefix>/v2/..., however without special
# configuration to override the defaults, clients can't push/pull
# from a registry served at a prefix. If your image is named
# <foo>/<bar>, the client will look for <foo>/v2/... endpoints.
#
# Given all the prior constraints we are left with creating this
# mapping for all hosts. If this is a problem there are a few
# alternatives we could consider. We can provide a way to limit this
# mapping to only one host so they can have distinct hosts for their
# site and their registry. We could also look into creating a
# daemonset that binds to localhost and proxies cleartext to
# TLS. Based on what I know of GKE and k3s its a good guess that this
# would accommodate both of them, but possibly not other clusters with
# different configurations.
#
# Another reason to lean towards an externally accessible registry is
# that there are likely some people that would want this as a feature
# so they can docker push/pull images from other systems into/out of
# the builtin registry. While it's true that security minded people
# might not like having this registry externally accessible, it's also
# quite likely those people would want to run their own fancy registry
# that scans/audits images, etc. The focus for RtC is really a smooth
# out of the box experience that functions end-to-end without
# requiring you to build your own platform. For more security minded
# people we should expect to eventually be able to configure an
# external registry and/or turn off the builtin one.
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: {{ include "ambassador.fullname" . }}-registry
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
spec:
prefix: /v2/
rewrite: /v2/
{{- if .Values.registry.resourceNameOverride }}
service: https://{{ .Values.registry.resourceNameOverride }}
{{- else }}
service: https://{{ include "ambassador.fullname" . }}-registry
{{- end }}
timeout_ms: 300000
---
apiVersion: v1
kind: Service
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge internal image registry."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
spec:
type: ClusterIP
selector:
{{- if .Values.registry.serviceSelectors }}
{{ toYaml .Values.registry.serviceSelector | nindent 4 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
ports:
- port: 443
targetPort: 5000
# The registry deployment. The deployment includes a persistent volume
# mount for storing images, a config-map mount for customizing the
# registry configuration, and a secret mounted for tls.
---
apiVersion: apps/v1
kind: Deployment
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
app: registry
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 0
selector:
matchLabels:
{{- if .Values.registry.serviceSelectors }}
{{ toYaml .Values.registry.serviceSelector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
template:
metadata:
annotations:
foo: "5"
labels:
{{- if .Values.registry.serviceSelectors }}
{{ toYaml .Values.registry.serviceSelector | nindent 8 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
spec:
containers:
- name: registry
image: registry:2
ports:
- containerPort: 5000
volumeMounts:
- mountPath: /var/lib/registry
name: registry-data
- name: registry-config
mountPath: /etc/docker/registry
- name: registry-tls
mountPath: /etc/tls
volumes:
- name: registry-config
configMap:
# Provide the name of the ConfigMap containing the files you want
# to add to the container
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}-config
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry-config
{{- end }}
- name: registry-data
persistentVolumeClaim:
{{- if .Values.registry.resourceNameOverride }}
claimName: {{ .Values.registry.resourceNameOverride }}-data
{{- else }}
claimName: {{ include "ambassador.fullname" . }}-registry-data
{{- end }}
- name: registry-tls
secret:
{{- if .Values.registry.resourceNameOverride }}
secretName: {{ .Values.registry.resourceNameOverride }}-tls
{{- else }}
secretName: {{ include "ambassador.fullname" . }}-registry-tls
{{- end }}
# The configuration file for our registry.
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}-config
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry-config
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
data:
config.yml: |
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
tls:
certificate: /etc/tls/tls.crt
key: /etc/tls/tls.key
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
# The persistent volume for our registry.
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}-data
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry-data
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
# The self-signed tls secret for our registry. We should look into
# generating this on install with a job.
---
apiVersion: v1
kind: Secret
metadata:
{{- if .Values.registry.resourceNameOverride }}
name: {{ .Values.registry.resourceNameOverride }}-tls
{{- else }}
name: {{ include "ambassador.fullname" . }}-registry-tls
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
type: kubernetes.io/tls
data:
tls.crt: |
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVEekNDQXZlZ0F3SUJBZ0lVSVZrWlJGSkVJ
VCtOTlJiMFJ0TkxwZFp5TTVnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daWXhDekFKQmdOVkJBWVRB
bFZUTVJZd0ZBWURWUVFJREExTllYTnpZV05vZFhObGRIUnpNUk13RVFZRApWUVFIREFwVGIyMWxj
blpwYkd4bE1SRXdEd1lEVlFRS0RBaEVZWFJoZDJseVpURVVNQklHQTFVRUN3d0xSVzVuCmFXNWxa
WEpwYm1jeEVUQVBCZ05WQkFNTUNISmxaMmx6ZEhKNU1SNHdIQVlKS29aSWh2Y05BUWtCRmc5a1pY
WkEKWkdGMFlYZHBjbVV1YVc4d0hoY05NakF3TVRNd01qRXdNVFV5V2hjTk1qRXdNVEk1TWpFd01U
VXlXakNCbGpFTApNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdNRFUxaGMzTmhZMmgxYzJWMGRI
TXhFekFSQmdOVkJBY01DbE52CmJXVnlkbWxzYkdVeEVUQVBCZ05WQkFvTUNFUmhkR0YzYVhKbE1S
UXdFZ1lEVlFRTERBdEZibWRwYm1WbGNtbHUKWnpFUk1BOEdBMVVFQXd3SWNtVm5hWE4wY25reEhq
QWNCZ2txaGtpRzl3MEJDUUVXRDJSbGRrQmtZWFJoZDJseQpaUzVwYnpDQ0FTSXdEUVlKS29aSWh2
Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFRtZ21wb2szVVdCVkhqCjFqb2R5eG9LZFJad09Y
WnhiZ25ITXlMa2xxLzUydGdmTEJmVlU1TzB2aE5iVm5vcEVSRWdWV0pTd3dlN0dOS0EKSjlaWWxC
Qlc1Q1U5Q3FNalU2TTVOdTdiVWRQblNyNGRFSFlWcmhEakJYcVpDUElEaFhZS2ZZYWh0YlB4cis1
egpueS9qQktKU2JwM3RWU3d5SEhsY3JJNHdOU2R1Q2x5UFplOFR0Q2hGQUxhcU5rWUMvclNGK0w0
SWcwZmY1N0duClpFVmsyZDJja09Xbkp6akRXMGhYL3FUcXhUKzZwV2tUQThWQ0FVS2FabEY5VkRK
c20rOW1XM2dBWmZ5NWdFWloKajcvaktqNTd5R1BUR2xWQXhra2J2WlJJVWQ5LzVkVmE3V1RCYnlR
dkxvOEkyWWQ3S1h6Y3BjcElpS2hRREdPQQpHbGVoa2JVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZ
RUZGTDV5NnNIb09tV0FRWVVGano4VHNETGFnUTdNQjhHCkExVWRJd1FZTUJhQUZGTDV5NnNIb09t
V0FRWVVGano4VHNETGFnUTdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFF
TEJRQURnZ0VCQUFZdHlnNDNDTEJsbVlvY0NkSjVpSlF0NTR0anFGU2hIMzdFd3h4WQp1QVExRHRW
a0Q3QngzUURZZ1cxeU1QYzFTRDhYenFUcWxjQUlOQTZwdVB0SlNPcC8wUUVqVFJSMkFSZFF5VURI
ClZOZEZzcHp5MGRnbllqOXY2ckl4akdOazVHZXI3cUp4TURaUUY0dC82NHZLYWNyOHZOQ3dnSmI5
WEZaMTBjNlEKdVNSNVVVN1pMTWJPeWd4a0hPQStMMXp3S2pSaXZUb2ZMbExPOURQNUJwMk9hOGgr
TmZhVkJ4ZHFUS2l0UzFaOApnUnZhOTFuRHZwTjl5aHBiNFJVN2FoWW9tWGF4VE5ZVEJxVE1uZWhE
aWhPQjdBS2Z0VVErdjJWZ2VlM1FxaGJ4CjRUSlJpTTUxR2VIWEtoVWw5ZXBxRnBlYllIa1BnU1ln
bU1OUy9aT3JSWmFxajVRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: |
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB
QVNDQktZd2dnU2lBZ0VBQW9JQkFRQzA1b0pxYUpOMUZnVlIKNDlZNkhjc2FDblVXY0RsMmNXNEp4
ek1pNUphditkcllIeXdYMVZPVHRMNFRXMVo2S1JFUklGVmlVc01IdXhqUwpnQ2ZXV0pRUVZ1UWxQ
UXFqSTFPak9UYnUyMUhUNTBxK0hSQjJGYTRRNHdWNm1RanlBNFYyQ24yR29iV3o4YS91CmM1OHY0
d1NpVW02ZDdWVXNNaHg1WEt5T01EVW5iZ3BjajJYdkU3UW9SUUMycWpaR0F2NjBoZmkrQ0lOSDMr
ZXgKcDJSRlpObmRuSkRscHljNHcxdElWLzZrNnNVL3VxVnBFd1BGUWdGQ21tWlJmVlF5Ykp2dlps
dDRBR1g4dVlCRwpXWSsvNHlvK2U4aGoweHBWUU1aSkc3MlVTRkhmZitYVld1MWt3VzhrTHk2UENO
bUhleWw4M0tYS1NJaW9VQXhqCmdCcFhvWkcxQWdNQkFBRUNnZ0VBWUxiMGRxdGVXclRoTnp6V0pk
QVQ2K0kzWXoyd214QmR3a0NMcUZZSjhoOWsKenpNclFicTlxalJ4Z3F2TWVoZEdscDl3eHRaMGlz
ZU9wOHY0Z0hKdkJxVk42RkxRUXhQNS9VUHppSlFkRld1TQozRU54cjVBN3RhK0tHRmVGSHM2Zkpk
TEo5WmF6TEhkRWxmbWUyOTFGZHZzWFJMdkVVNUtmQW90M2ZiVnNWWjFxCnRucVIzY0dET3JVQ00v
ZzJKZmVBYk5wSUJjTnlCV0diOGRQbm5SaHZRNW5YN1ozUnJiNTlhQnhOcldCSkFkbnEKOUtkS3BR
UmU4cjBiRGJ0WVZQamxXRldpOVluWVQ0WHpQOG9TU0t5a3R4TWZraEM2dlVKb0gwNHFOSmRkWjVM
WAozWjRKUm14RnlUZU1rUG0xa2dnSVVRZGJhRWp1WG0rOThOeXVkZitKcVFLQmdRRGx6SS9XMzZM
am1pRE9MSDVUCnFhZTFnazNMV2lTY3hwZzRhazEyenhLSlkrWUJiNnc4UG5EVmlvY2tPa0lsSERh
V0xzQ2VpRkJsM2lPSDlUWWcKQm9iY3JVZVNUbWdOaUNqSlpIWVhIUlY1TEN2bGE0UkhhcXNMWG43
elptTE5GVW9YRlhaTkoyQzlqUEp5TStyQQpqOWJLWlFvQTF2NC9qOUdMTXN3eEJZem1pd0tCZ1FE
SmhxNDhrYmV0MlRTRFhyMUxuY3FMVU9wak1hQmNyOEJKCnpDNlBwK3F0ck01QVE1RnkwaHRoV2Zn
bDkzZU5vMWRQT2pCRDZ6amIyd2dNSHhBR2w1V0pIN005enFBSWJSaW0KbDFNcmsrUkprbUVGeUls
cU95TG9jNlg0V1pPN1BwejZPQkdWTExGOFlBR09UcldaRzZwUStDeVJWN3hHUS9PWAo4QlN5UVVh
d3Z3S0JnRWFXWG55dmQxYVlpb2txUzZlaFRuM0h4K08yRGRjR2ZjMmVnYXNFRW5xWGNCaHkyQ0l0
ClAvV29OcmpmR0dCVDJVU3FtY3BZcnZHTG1iaHlqeXlwTkpYbXVEeHR6ektRNTQ1dFNJVHpEeHlJ
Zi9kWjNta2QKaityUEhRbmhJbXBDcHQ2T1hpZDIrQlZoalR1ZFRQZlhkeS8yZDJzb256S2hGOG05
VWRHaEZkWGZBb0dBRkZ0QwpabVBoeGZIVzJCNU55TUdib0E4QVhoeTVNaU9lck5XdkxsdXIzUGRE
cmtJbEF4QXVLOXRHc2E4WnFIa0RiTUZYCjlzUmY3ZlZtRHJOa2p3WG8yUDBXd2Z1Sk50Q3VXTVdZ
WlNKL1FOOUVaYTBvRkU3ODY3WWk0YjlLcVBOZUwvaFIKN2x1aFlncmduVnRlQktWQ3d3TU9uVy9i
V00yc1lZQ2kxbzY1Y1VrQ2dZQUR4SUJmOGZUOURDS0NaZ1FvQXNDYwpvSzcvdzdDYk1hOEp5TjZa
ZDRiSlIrSzRzUEtQekd2M3dEandxRzFTRkN6UU1FR01mOWt6TWFYb09XdzNaN2NCCklIZTJDUXFF
N2NZdW1LYjFkOTFueU1qMVdQVC9CWEJKZzB3aUNMV0RjakdQR0xNWTJyeGsvMWwzL2xjKy9WVkcK
NjRZZUh1YlllOE9Iemp5UEZGSnJZdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
######################################################################
# Project Controller
#
# Comment this out if you want to disable the micro CI/CD functionality:
---
apiVersion: getambassador.io/v2
kind: ProjectController
metadata:
{{- if .Values.registry.projectControllerName }}
name: {{ .Values.registry.projectControllerName }}
{{- else }}
name: {{ include "ambassador.fullname" . }}-projectcontroller
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}-projectcontroller
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
projects.getambassador.io/ambassador_id: {{ if hasKey .Values.env "AMBASSADOR_ID" }}{{ .Values.env.AMBASSADOR_ID | quote }}{{ else }}default{{ end }}
product: aes
{{- end }}

200
charts/ambassador/ambassador/6.7.1100/templates/rbac.yaml
View File

@ -1,200 +0,0 @@
{{- if .Values.rbac.create -}}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}
rules: []
---
# CRDs are cluster scoped resources, so they need to be in a cluster role,
# even if ambassador is running in single namespace mode
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}-crd
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}
rules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: ["get", "list", "watch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: Role
metadata:
name: {{ include "ambassador.rbacName" . }}
namespace: {{ include "ambassador.namespace" . }}
{{- else }}
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}-watch
{{- end }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}
rules:
- apiGroups: [""]
resources:
- namespaces
- services
- secrets
- endpoints
verbs: ["get", "list", "watch"]
- apiGroups: [ "getambassador.io" ]
resources: [ "*" ]
verbs: ["get", "list", "watch", "update", "patch", "create", "delete" ]
- apiGroups: [ "getambassador.io" ]
resources: [ "mappings/status" ]
verbs: ["update"]
- apiGroups: [ "networking.internal.knative.dev" ]
resources: [ "clusteringresses", "ingresses" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "networking.x-k8s.io" ]
resources: [ "*" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "networking.internal.knative.dev" ]
resources: [ "ingresses/status", "clusteringresses/status" ]
verbs: ["update"]
- apiGroups: [ "extensions", "networking.k8s.io" ]
resources: [ "ingresses", "ingressclasses" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "extensions", "networking.k8s.io" ]
resources: [ "ingresses/status" ]
verbs: ["update"]
{{- if .Values.enableAES }}
- apiGroups: [""]
resources: [ "secrets" ]
verbs: ["get", "list", "watch", "create", "update"]
- apiGroups: [""]
resources: [ "events" ]
verbs: ["get", "list", "watch", "create", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: [ "leases" ]
verbs: ["get", "create", "update"]
- apiGroups: [""]
resources: [ "endpoints" ]
verbs: ["get", "list", "watch", "create", "update"]
{{- end }}
{{- if or .Values.rbac.podSecurityPolicies .Values.security.podSecurityPolicy }}
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
{{- if .Values.rbac.podSecurityPolicies }}
{{- toYaml .Values.rbac.podSecurityPolicies | nindent 6 }}
{{- end }}
{{- if .Values.security.podSecurityPolicy }}
- {{ include "ambassador.fullname" . }}
{{- end }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "ambassador.rbacName" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ambassador.rbacName" . }}
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
---
{{- if .Values.scope.singleNamespace }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ include "ambassador.rbacName" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ambassador.rbacName" . }}
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
{{- end }}
{{- end -}}

45
charts/ambassador/ambassador/6.7.1100/templates/resolvers.yaml
View File

@ -1,45 +0,0 @@
{{- if .Values.resolvers.endpoint.create }}
---
apiVersion: getambassador.io/v2
kind: KubernetesEndpointResolver
metadata:
name: {{ .Values.resolvers.endpoint.name }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
spec:
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- end }}
{{- if .Values.resolvers.consul.create }}
---
apiVersion: getambassador.io/v2
kind: ConsulResolver
metadata:
name: {{ .Values.resolvers.consul.name }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
spec:
{{- if hasKey .Values.env "AMBASSADOR_ID" }}
ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }}
{{- end }}
{{- toYaml .Values.resolvers.consul.spec | nindent 2 }}
{{- end }}

81
charts/ambassador/ambassador/6.7.1100/templates/service.yaml
View File

@ -1,81 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.service.nameOverride }}
name: {{ .Values.service.nameOverride }}
{{- else }}
name: {{ include "ambassador.fullname" . }}
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
app.kubernetes.io/component: ambassador-service
product: aes
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack goes beyond traditional API Gateways and Ingress Controllers with the advanced edge features needed to support developer self-service and full-cycle development."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ include "ambassador.namespace" . }}
{{- if .Values.service.annotations }}
{{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: "{{ .Values.service.externalTrafficPolicy }}"
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml .Values.service.sessionAffinityConfig | nindent 4 }}
{{- end }}
ports:
{{- range .Values.service.ports }}
- name: {{ .name }}
port: {{ int .port }}
{{- if .targetPort }}
targetPort: {{ int .targetPort }}
{{- end }}
{{- if .nodePort }}
nodePort: {{ int .nodePort }}
{{- end }}
{{- if .protocol }}
protocol: {{ .protocol }}
{{- end }}
{{- end}}
selector:
{{- if .Values.service.selector }}
{{ toYaml .Values.service.selector | nindent 6 }}
{{- else }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{- toYaml .Values.service.externalIPs | nindent 4 }}
{{- end }}

24
charts/ambassador/ambassador/6.7.1100/templates/serviceaccount.yaml
View File

@ -1,24 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ambassador.serviceAccountName" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
{{- if ne .Values.deploymentTool "getambassador.io" }}
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}
product: aes
{{- if .Values.docker.useImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.docker.imagePullSecretName }}
{{- end }}
{{- end -}}

28
charts/ambassador/ambassador/6.7.1100/templates/servicemonitor.yaml
View File

@ -1,28 +0,0 @@
{{- if and .Values.adminService.create .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "ambassador.fullname" . }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app: {{ include "ambassador.name" . }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- toYaml .Values.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: ambassador-admin
path: /metrics
{{- with .Values.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "ambassador.namespace" . }}
selector:
matchLabels:
service: ambassador-admin
{{- end }}

24
charts/ambassador/ambassador/6.7.1100/templates/tests/test-ready.yaml
View File

@ -1,24 +0,0 @@
{{- if and (.Values.test.enabled) (not .Values.daemonSet) }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "ambassador.fullname" . }}-test-ready"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: {{ .Values.test.image | default "busybox" }}
command: ['wget']
args: ['{{ include "ambassador.fullname" . }}:{{ include "ambassador.servicePort" . }}/ambassador/v0/check_ready']
restartPolicy: Never
{{- end }}

135
charts/ambassador/ambassador/6.7.1100/templates/traffic-agent-rbac.yaml
View File

@ -1,135 +0,0 @@
{{- if and .Values.enableAES .Values.servicePreview.enabled }}
{{- if .Values.servicePreview.trafficAgent.singleNamespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
annotations:
# Required because Helm creates secrets before ServiceAccount, but service-account-token depends on an existing SA.
"helm.sh/hook": "pre-install"
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
---
## Create a service-account-token for traffic-agent with a matching name.
## Since the ambassador-injector will use this token name, it must be deterministic and not auto-generated.
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
annotations:
kubernetes.io/service-account.name: traffic-agent
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "namespaces", "services", "secrets" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "getambassador.io" ]
resources: [ "*" ]
verbs: ["get", "list", "watch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ambassador.rbacName" . }}
subjects:
- name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
{{- else }}
## If we install Service Preview cluster-wide, this means we can't use the 'traffic-agent' ServiceAccount
## as it does not exist in every namespace. We must instead grant new Roles to all ServiceAccounts (cluster-wide).
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: [ "namespaces", "services", "secrets" ]
verbs: ["get", "list", "watch"]
- apiGroups: [ "getambassador.io" ]
resources: [ "*" ]
verbs: ["get", "list", "watch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }}
subjects:
- name: system:serviceaccounts
kind: Group
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}

190
charts/ambassador/ambassador/6.7.1100/templates/traffic-manager.yaml
View File

@ -1,190 +0,0 @@
{{- if and .Values.enableAES .Values.servicePreview.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
---
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [""]
resources: ["namespaces", "services", "pods", "secrets"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- if .Values.scope.singleNamespace }}
kind: RoleBinding
{{- else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.scope.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
namespace: {{ include "ambassador.namespace" . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: telepresence-proxy
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
containers:
- name: telepresence-proxy
{{- if .Values.servicePreview.trafficManager.image.repository }}
image: "{{ .Values.servicePreview.trafficManager.image.repository }}:{{ .Values.servicePreview.trafficManager.image.tag | default .Values.image.tag }}"
{{- else }}
image: {{ include "ambassador.image" . }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "traffic-manager" ]
env:
{{- if .Values.scope.singleNamespace }}
- name: AMBASSADOR_SINGLE_NAMESPACE
value: "true"
{{- end }}
- name: AMBASSADOR_NAMESPACE
{{- if .Values.namespace }}
value: {{ .Values.namespace.name | quote }}
{{ else }}
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- end -}}
{{- if or .Values.redis.create .Values.redisURL }}
- name: REDIS_URL
{{- if .Values.redisURL }}
value: {{ .Values.redisURL }}
{{- else }}
value: {{ include "ambassador.fullname" . }}-redis:6379
{{- end }}
{{- end }}
ports:
- name: sshd
containerPort: 8022
volumeMounts:
- mountPath: /tmp/ambassador-pod-info
name: pod-info
restartPolicy: Always
terminationGracePeriodSeconds: 0
volumes:
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: labels
name: pod-info
serviceAccountName: {{ .Values.servicePreview.trafficManager.serviceAccountName }}
---
apiVersion: v1
kind: Service
metadata:
name: telepresence-proxy
namespace: {{ include "ambassador.namespace" . }}
labels:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
annotations:
a8r.io/owner: "Ambassador Labs"
a8r.io/repository: github.com/datawire/ambassador
a8r.io/description: "The Ambassador Edge Stack Service Preview Telepresence Proxy."
a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
a8r.io/chat: http://a8r.io/Slack
a8r.io/bugs: https://github.com/datawire/ambassador/issues
a8r.io/support: https://www.getambassador.io/about-us/support/
a8r.io/dependencies: "None"
spec:
type: ClusterIP
clusterIP: None
selector:
app.kubernetes.io/name: telepresence-proxy
app.kubernetes.io/instance: {{ .Release.Name }}
ports:
- name: sshd
protocol: TCP
port: 8022
- name: api
protocol: TCP
port: 8081
{{- end }}

521
charts/ambassador/ambassador/6.7.1100/values.yaml
View File

@ -1,521 +0,0 @@
# Default values for ambassador.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Manually set metadata for the Release.
#
# Defaults to .Chart.Name
nameOverride: ''
# Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador"
fullnameOverride: ''
# Defaults to .Release.Namespace
namespaceOverride: ''
replicaCount: 3
daemonSet: false
# This will enable the test-ready Pod (https://github.com/datawire/ambassador-chart/blob/master/templates/tests/test-ready.yaml).
# It will spawn a busybox container to call Ambassador's check_ready endpoint to validate it is working correctly.
test:
enabled: true
image: busybox
# Enable autoscaling using HorizontalPodAutoscaler
# daemonSet: true, autoscaling will be disabled
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
podDisruptionBudget: {}
# namespace:
# name: default
# Additional container environment variable
# Uncomment or add additional environment variables for the container here.
env: {}
# Exposing statistics via StatsD
# STATSD_ENABLED: true
# STATSD_HOST: statsd-sink
# sets the minimum number of seconds between Envoy restarts
# AMBASSADOR_RESTART_TIME: 15
# sets the number of seconds that the Envoy will wait for open connections to drain on a restart
# AMBASSADOR_DRAIN_TIME: 5
# sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart
# AMBASSADOR_SHUTDOWN_TIME: 10
# labels Ambassador with an ID to allow for configuring multiple Ambassadors in a cluster
# AMBASSADOR_ID: default
# Additional container environment variable in raw YAML format
# Uncomment or add additional environment variables for the container here.
envRaw: {}
# - name: REDIS_PASSWORD
# value: password
# valueFrom:
# secretKeyRef:
# name: redis-password
# key: password
# - name: POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
imagePullSecrets: []
security:
# Security Context for all containers in the pod.
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core
podSecurityContext:
runAsUser: 8888
# Security Context for the Ambassador container specifically
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
# A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
#
# A set of reasonable defaults is outlined below. This is not created by default as it should only
# be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in
# the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies`
# in all non-"master" Releases.
podSecurityPolicy: {}
# # Add AppArmor and Seccomp annotations
# # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
# annotations:
# spec:
# seLinux:
# rule: RunAsAny
# supplementalGroups:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# fsGroup:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# privileged: false
# allowPrivilegeEscalation: false
# runAsUser:
# rule: MustRunAsNonRoot
image:
ossTag: 1.13.8
aesTag: 1.13.8
pullPolicy: IfNotPresent
ossRepository: docker.io/datawire/ambassador
aesRepository: docker.io/datawire/aes
dnsPolicy: ClusterFirst
hostNetwork: false
service:
type: LoadBalancer
# Note that target http ports need to match your ambassador configurations service_port
# https://www.getambassador.io/reference/modules/#the-ambassador-module
ports:
- name: http
port: 80
targetPort: 8080
# protocol: TCP
# nodePort: 30080
# hostPort: 80
- name: https
port: 443
targetPort: 8443
# protocol: TCP
# nodePort: 30443
# hostPort: 443
# TCPMapping_Port
# port: 2222
# targetPort: 2222
# protocol: TCP
# nodePort: 30222
externalTrafficPolicy:
sessionAffinity:
sessionAffinityConfig:
externalIPs: []
annotations: {}
#############################################################################
## Ambassador should be configured using CRD definition. If you want
## to use annotations, the following is an example of annotating the
## Ambassador service with global configuration manifest.
##
## See https://www.getambassador.io/reference/core/ambassador and
## https://www.getambassador.io/reference/core/tls for more info
#############################################################################
#
# getambassador.io/config: |
# ---
# apiVersion: ambassador/v1
# kind: TLSContext
# name: ambassador
# secret: ambassador-certs
# hosts: ["*"]
# ---
# apiVersion: ambassador/v1
# kind: Module
# name: ambassador
# config:
# admin_port: 8001
# diag_port: 8877
# diagnostics:
# enabled: true
# enable_grpc_http11_bridge: false
# enable_grpc_web: false
# enable_http10: false
# enable_ipv4: true
# enable_ipv6: false
# liveness_probe:
# enabled: true
# lua_scripts:
# readiness_probe:
# enabled: true
# server_name: envoy
# service_port: 8080
# use_proxy_proto: false
# use_remote_address: true
# xff_num_trusted_hops: 0
# x_forwarded_proto_redirect: false
# load_balancer:
# policy: round_robin
# circuit_breakers:
# max_connections: 2048
# retry_policy:
# retry_on: "5xx"
# cors:
# Manually set the name of the generated Service
nameOverride:
adminService:
create: true
type: ClusterIP
port: 8877
snapshotPort: 8005
# NodePort used if type is NodePort
# nodePort: 38877
annotations: {}
rbac:
# Specifies whether RBAC resources should be created
create: true
# List of Pod Security Policies to use on the container.
# If security.podSecurityPolicy is set, it will be appended to the list
podSecurityPolicies: []
# Name of the RBAC resources defaults to the name of the release.
# Set nameOverride when installing Ambassador with cluster-wide scope in
# different namespaces with the same release name to avoid conflicts.
nameOverride:
scope:
# tells Ambassador to only use resources in the namespace or namespace set by namespace.name
singleNamespace: false
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
deploymentStrategy:
type: RollingUpdate
restartPolicy:
terminationGracePeriodSeconds:
initContainers: []
sidecarContainers: []
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 3
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 3
failureThreshold: 3
volumes: []
volumeMounts: []
podLabels: {}
podAnnotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: "9102"
deploymentLabels: {}
deploymentAnnotations: {}
# configmap.reloader.stakater.com/auto: "true"
resources:
# Recommended resource requests and limits for Ambassador
limits:
cpu: 1000m
memory: 600Mi
requests:
cpu: 200m
memory: 300Mi
priorityClassName: ''
nodeSelector: {}
tolerations: []
affinity: {}
topologySpreadConstraints: []
ambassadorConfig: ''
crds:
enabled: true
create: true
keep: true
# Prometheus Operator ServiceMonitor configuration
# See documentation: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor
metrics:
serviceMonitor:
enabled: false
# interval: 30s
# scrapeTimeout: 30s
# selector: {}
################################################################################
## Ambassador Edge Stack Configuration ##
################################################################################
# The Ambassador Edge Stack is free for limited use without a license key.
# Go to https://{ambassador-host}/edge_stack/admin/#dashboard to register
# for a community license key.
enableAES: true
# Set createSecret: false is installing multiple releases of The Ambassador
# Edge Stack in the same namespace.
licenseKey:
value:
createSecret: true
secretName:
# Annotations to attach to the license-key-secret.
annotations: {}
# The DevPortal is exposed at /docs/ endpoint in the AES container.
# Setting this to true will automatically create routes for the DevPortal.
createDevPortalMappings: true
devportal:
docsPrefix: /documentation/
# The Ambassador Edge Stack uses a redis instance for managing authentication,
# rate limiting, and sharing minor configuration details between pods for
# centralized management. These values configure the redis instance that ships
# by default with The Ambassador Edge Stack.
#
# URL of your redis instance. Defaults to redis instance created below.
redisURL:
# Ambassador ships with a basic redis instance. Configure the deployment with the options below.
redis:
create: true
image:
repository: redis
tag: 5.0.1
pullPolicy: IfNotPresent
# Annotations for Ambassador Pro's redis instance.
annotations:
deployment: {}
service: {}
resources: {}
# If you want to specify resources, uncomment the following
# lines and remove the curly braces after 'resources:'.
# These are placeholder values and must be tuned.
# limits:
# cpu: 100m
# memory: 256Mi
# requests:
# cpu: 50m
# memory: 128Mi
nodeSelector: {}
affinity: {}
tolerations: {}
# Configures the AuthService that ships with the Ambassador Edge Stack.
# Setting authService.create: false will not install the AES AuthService and
# allow you to define your own.
#
# Typically when using the AES, you will want to keep this set to true and use
# the External Filter to communicate with a custom authentication service.
# https://www.getambassador.io/reference/filter-reference/#filter-type-external
authService:
deploymentExtraName: auth
create: true
# Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information
optional_configurations: {}
# include_body:
# max_bytes: 4096
# allow_partial: true
# status_on_error:
# code: 403
# failure_mode_allow: false
# retry_policy:
# retry_on: "5xx"
# num_retries: 2
# add_linkerd_headers: true
# timeout_ms: 30000
# Configures the RateLimitService in the Ambassador Edge Stack.
# Keep this enabled to configure RateLimits in AES.
rateLimit:
create: true
deploymentExtraName: ratelimit
# Projects are a beta feature of Ambassador that allow developers to stage and
# deploy code with nothing more than a Github repository.
# See: https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/
registry:
create: false
# Resolvers are used to configure the discovery service strategy for Ambasador Edge Stack.
# See: https://www.getambassador.io/docs/edge-stack/latest/topics/running/resolvers/
resolvers:
endpoint:
create: false
name: endpoint
consul:
create: false
name: consul-dc1
spec: {}
# Configuration for a Consul Resolver
# address: consul-server.default.svc.cluster.local:8500
# datacenter: dc1
# Create and manage an Ambassador Module from the Helm Chart. See:
# https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador
# for more info on the available options.
#
# Note: The Module can only be named ambassador. There can only be one Module
# installed per-namespace.
module: {}
################################################################################
## DEPRECATED configuration objects ##
################################################################################
# DEPRECATED: Ambassador now exposes the /metrics endpoint in Envoy.
# DEPRECATED: See https://www.getambassador.io/user-guide/monitoring#deployment for more information on how to use the /metrics endpoint
#
# DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it
prometheusExporter:
enabled: false
repository: prom/statsd-exporter
tag: v0.8.1
pullPolicy: IfNotPresent
resources: {}
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 256Mi
# requests:
# cpu: 50m
# memory: 128Mi
# You can configure the statsd exporter to modify the behavior of mappings and other features.
# See documentation: https://github.com/prometheus/statsd_exporter/tree/v0.8.1#metric-mapping-and-configuration
# Uncomment the following line if you wish to specify a custom configuration:
# configuration: |
# ---
# mappings:
# - match: 'envoy.cluster.*.upstream_cx_connect_ms'
# name: "envoy_cluster_upstream_cx_connect_time"
# timer_type: 'histogram'
# labels:
# cluster_name: "$1"
# DEPRECATED: Use security.podSecurityContext
# securityContext:
# runAsUser: 8888
# Configures Service Preview that ships with the Ambassador Edge Stack and edgectl.
# Setting servicePreview.enabled: true will install the Traffic Agent Service Account, Traffic Manager with RBAC, and ambassador-injector
servicePreview:
enabled: false
trafficManager:
image:
# Leave blank to use image.repository and image.tag
repository:
tag:
serviceAccountName: traffic-manager
trafficAgent:
image:
# Leave blank to use image.repository and image.tag
repository:
tag:
singleNamespace: true
serviceAccountName: traffic-agent
port: 9900
# Configure the ambassador-injector webhook for Service Preview Traffic Agent automatic sidecar injection.
injector:
enabled: true
# If no injector.crtPEM and injector.keyPEM are provided, a self-signed certificate will be issued
# for the Common Name (CN) of `<ambassador-injector>.<namespace>.svc`, which is the cluster-internal DNS name
# for the service.
crtPEM: ''
keyPEM: ''
# Configure the ambassador agent
agent:
enabled: true
# this will be empty when it first gets applied, then the user will edit the agent to
# make it start reporting
cloudConnectToken: ''
rpcAddress: https://app.getambassador.io/
createArgoRBAC: true
image:
# Leave blank to use image.repository and image.tag
tag:
repository:
deploymentTool: ''
# configure docker to pull from private registry
docker: {}
createNamespace: false
enableTestService: false

4
charts/argo/argo-cd/5.8.0/.helmignore
View File

@ -1,4 +0,0 @@
/*.tgz
output
ci/
*.gotmpl

6
charts/argo/argo-cd/5.8.0/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.22.2
digest: sha256:b6dc7774d0cc20a7a889d10e61f3dd653bdacd7836558f4875688b5cb5051d80
generated: "2022-09-19T12:39:19.736045+02:00"

29
charts/argo/argo-cd/5.8.0/Chart.yaml
View File

@ -1,29 +0,0 @@
annotations:
artifacthub.io/changes: |
- "[Changed]: Upgraded Argo CD to 2.5.0"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Argo CD
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.5.0
dependencies:
- condition: redis-ha.enabled
name: redis-ha
repository: file://./charts/redis-ha
version: 4.22.2
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool
for Kubernetes.
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords:
- argoproj
- argocd
- gitops
maintainers:
- name: argoproj
url: https://argoproj.github.io/
name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.8.0

1080
charts/argo/argo-cd/5.8.0/README.md
View File

File diff suppressed because it is too large Load Diff

21
charts/argo/argo-cd/5.8.0/charts/redis-ha/Chart.yaml
View File

@ -1,21 +0,0 @@
apiVersion: v2
appVersion: 7.0.4
description: This Helm chart provides a highly available Redis implementation with
a master/slave configuration and uses Sentinel sidecars for failover management
home: http://redis.io/
icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png
keywords:
- redis
- keyvalue
- database
maintainers:
- email: salimsalaues@gmail.com
name: ssalaues
- email: aaron.layfield@gmail.com
name: dandydeveloper
name: redis-ha
sources:
- https://redis.io/download
- https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha
- https://github.com/oliver006/redis_exporter
version: 4.22.2

396
charts/argo/argo-cd/5.8.0/charts/redis-ha/README.md
View File

@ -1,396 +0,0 @@
# Redis
[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs.
## TL;DR
```bash
helm repo add dandydev https://dandydeveloper.github.io/charts
helm install dandydev/redis-ha
```
By default this chart install 3 pods total:
* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available)
* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available)
## Introduction
This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager.
## Prerequisites
* Kubernetes 1.8+ with Beta APIs enabled
* PV provisioner support in the underlying infrastructure
## Upgrading the Chart
Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually.
### Upgrading the chart from 3.x to 4.x
Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs.
## Installing the Chart
To install the chart
```bash
helm repo add dandydev https://dandydeveloper.github.io/charts
helm install dandydev/redis-ha
```
The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the deployment:
```bash
helm delete <chart-name>
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the Redis chart and their default values.
| Parameter | Description | Default |
|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------|
| `image.repository` | Redis image repository | `redis` |
| `image.tag` | Redis image tag | `6.2.5-alpine` |
| `image.pullPolicy` | Redis image pull policy | `IfNotPresent` |
| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] |
| `tag` | Redis tag | `6.2.5-alpine` |
| `replicas` | Number of redis master/slave pods | `3` |
| `podManagementPolicy` | The statefulset pod management policy | `OrderedReady` |
| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | ``|
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template |
| `serviceAccount.automountToken` | Opt in/out of automounting API credentials into container | `false` |
| `serviceAnnotations` | Annotations to set on Redis HA service | `null` |
| `serviceLabels` | Labels to set on Redis HA service | `{}` |
| `rbac.create` | Create and use RBAC resources | `true` |
| `redis.port` | Port to access the redis service | `6379` |
| `redis.tlsPort` | TLS Port to access the redis service |``|
| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf |``|
| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``|
| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` |
| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` |
| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` |
| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` |
| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` |
| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` |
| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` |
| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` |
| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` |
| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` |
| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` |
| `redis.disableCommands` | Array with commands to disable | `["FLUSHDB","FLUSHALL"]` |
| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml |
| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored |``|
| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` |
| `redis.lifecycle` | Container Lifecycle Hooks for redis container | see values.yaml |
| `redis.annotations` | Annotations for the redis statefulset | `{}` |
| `redis.updateStategy.type`| Update strategy for redis statefulSet | `RollingUpdate` |
| `redis.extraVolumeMounts` | Extra volume mounts for Redis container | `[]` |
| `sentinel.port` | Port to access the sentinel service | `26379` |
| `sentinel.bind` | Configure the 'bind' directive to bind to a list of network interfaces | `` |
| `sentinel.tlsPort` | TLS Port to access the sentinel service |``|
| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf |``|
| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``|
| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` |
| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` |
| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` |
| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` |
| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` |
| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` |
| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` |
| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` |
| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | `3` |
| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` |
| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | `false` |
| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) |``|
| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) |``|
| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | `sentinel-password` |
| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` |
| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml |
| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored |``|
| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` |
| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container | `{}` |
| `sentinel.extraVolumeMounts` | Extra volume mounts for Sentinel container | `[]` |
| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` |
| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` |
| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) |``|
| `authKey` | The key holding the redis password in an existing secret. | `auth` |
| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) |``|
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` |
| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` |
| `securityContext` | Security context to be added to the Redis StatefulSet. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
| `containerSecurityContext` | Security context to be added to the Redis containers. | `{ runAsNonRoot: true, allowPrivilegeEscalation: false, seccompProfile: { type: RuntimeDefault }, capabilities: { drop: [ "ALL" ] }` |
| `affinity` | Override all other affinity settings with a string. | `""` |
| `labels` | Labels for the Redis pod. | `{}` |
| `configmap.labels` | Labels for the Redis configmap. | `{}` |
| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | `koalaman/shellcheck` |
| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | `v0.5.0` |
| `configmapTest.resources` | Resources for the ConfigMap tests. | `{}` |
| `persistentVolume.size` | Size for the volume | 10Gi |
| `persistentVolume.annotations` | Annotations for the volume | `{}` |
| `persistentVolume.labels` | Labels for the volume | `{}` |
| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` |
| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` |
| `exporter.image` | Exporter image | `oliver006/redis_exporter` |
| `exporter.tag` | Exporter tag | `v1.27.0` |
| `exporter.port` | Exporter port | `9121` |
| `exporter.portName` | Exporter port name | `exporter-port` |
| `exporter.address` | Redis instance Hostname/Address Exists to circumvent some issues with issues in IPv6 hostname resolution | `localhost` |
| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` |
| `exporter.extraArgs` | Additional args for the exporter | `{}` |
| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | |
| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` |
| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` |
| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` |
| `haproxy.replicas` | Number of HAProxy instances | `3` |
| `haproxy.servicePort` | Modify HAProxy service port | `6379` |
| `haproxy.containerPort` | Modify HAProxy deployment container port | `6379`
| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` |
| `haproxy.image.tag` | HAProxy Image Tag | `2.4.2` |
| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` |
| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] |
| `haproxy.tls.enabled` | If "true" this will enable TLS termination on haproxy | `false`
| `haproxy.tls.secretName` | Secret containing the .pem file | `""`
| `haproxy.tls.certMountPath` | Path to mount the secret that contains the certificates. haproxy | `false`
| `haproxy.tls.secretName` | Secret containing the .pem file | `""`
| `haproxy.annotations` | HAProxy template annotations | `{}` |
| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten |``|
| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg |``|
| `haproxy.resources` | HAProxy resources | `{}` |
| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` |
| `haproxy.labels` | Labels for the HAProxy pod | `{}` |
| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` |
| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set |
| `haproxy.image.serviceAccountName`| HAProxy serviceAccountName | `default`
| `haproxy.service.externalTrafficPolicy`| HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | not set |
| `haproxy.service.annotations` | HAProxy service annotations | `{}` |
| `haproxy.service.labels` | HAProxy service labels | `{}` |
| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` |
| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` |
| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` |
| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` |
| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` |
| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `http-exporter-port` |
| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` |
| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` |
| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` |
| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` |
| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` |
| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
| `haproxy.init.resources` | Extra init resources | `{}` |
| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` |
| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` |
| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` |
| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` |
| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | `1s` |
| `haproxy.checkFall` | haproxy.cfg `check fall` setting | `1` |
| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set |
| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 99, fsGroup: 99, runAsNonRoot: true}` |
| `haproxy.containerSecurityContext` | Security context to be added to the HAProxy containers. | `{ runAsNonRoot: true, allowPrivilegeEscalation: false, seccompProfile: { type: RuntimeDefault }, capabilities: { drop: [ "ALL" ] }` |
| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` |
| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` |
| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` |
| `haproxy.tests.resources` | Pod resources for the tests against HAProxy. | `{}` |
| `haproxy.IPv6.enabled` | Disables certain binding options to support non-IPv6 environments. | `true` |
| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` |
| `nameOverride` | Override the chart name | `""` |
| `fullnameOverride` | Fully override the release name and chart name | `""` |
| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set |
| `hostPath.path` | Use this path on the host for data storage | not set |
| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` |
| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` |
| `sysctlImage.command` | sysctlImage command to execute | [] |
| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` |
| `sysctlImage.repository` | sysctlImage Init container name | `busybox` |
| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` |
| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` |
| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` |
| `sysctlImage.resources` | sysctlImage resources | `{}` |
| `schedulerName` | Alternate scheduler name | `nil` |
| `tls.secretName` | The name of secret if you want to use your own TLS certificates. The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file | ``|
| `tls.certFile` | Name of certificate file | `redis.crt` |
| `tls.keyFile` | Name of key file | `redis.key` |
| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file |`` |
| `tls.caCertFile` | Name of CA certificate file | `ca.crt` |
| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb | `false` |
| `restore.existingSecret` | Set to true to use existingSecret for the AWS S3 or SSH credentials | `false` |
| `topologySpreadConstraints.enabled` | Enable topology spread constraints |`false`|
| `topologySpreadConstraints.maxSkew` | Max skew of pods tolerated |`1`|
| `topologySpreadConstraints.topologyKey` | Topology key for spread |`topology.kubernetes.io/zone`|
| `topologySpreadConstraints.whenUnsatisfiable` | Enforcement policy, hard or soft |`ScheduleAnyway`|
| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source |``|
| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source |``|
| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source |``|
| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb | `false` |
| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. -----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY----- |`` |
| `extraContainers` | Extra containers to include in StatefulSet |`[]`|
| `extraInitContainers` | Extra init containers to include in StatefulSet |`[]`|
| `extraVolumes` | Extra volumes to include in StatefulSet |`[]`|
| `extraLabels` | Labels that should be applied to all created resources |`{}`|
| `networkPolicy.enabled` | Create NetworkPolicy for Redis StatefulSet pods |`false`|
| `networkPolicy.labels` | Labels for NetworkPolicy |`{}`|
| `networkPolicy.annotations` | Annotations for NetworkPolicy |`{}`|
| `networkPolicy.ingressRules[].selectors` | Label selector query to define resources for this ingress rule |`[]`|
| `networkPolicy.ingressRules[].ports` | The destination ports for the ingress rule |`[{port: redis.port, protocol: TCP}, {port: sentinel.port, protocol: TCP}]`|
| `networkPolicy.egressRules[].selectors` | Label selector query to define resources for this egress rule |`[]`|
| `networkPolicy.egressRules[].ports` | The destination ports for the egress rule |``|
| `splitBrainDetection.interval` | Interval between redis sentinel and server split brain checks (in seconds) |`60`|
| `splitBrainDetection.resources` | splitBrainDetection resources |`{}`|
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm repo add dandydev https://dandydeveloper.github.io/charts
$ helm install \
--set image=redis \
--set tag=5.0.5-alpine \
dandydev/redis-ha
```
The above command sets the Redis server within `default` namespace.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
helm install -f values.yaml dandydev/redis-ha
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Custom Redis and Sentinel config options
This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options.
[Example redis.conf](http://download.redis.io/redis-stable/redis.conf)
[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf)
For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as:
```yml
repl-timeout: "60"
```
Note:
1. Some config options should be renamed by redis versione.g.:
```yml
# In redis 5.xsee https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf
min-replicas-to-write: 1
min-replicas-max-lag: 5
# In redis 4.x and redis 3.xsee https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf
min-slaves-to-write 1
min-slaves-max-lag 5
```
Sentinel options supported must be in the the `sentinel <option> <master-group-name> <value>` format. For example, `sentinel down-after-milliseconds 30000` would be added to the `sentinel.config` section of the `values.yaml` as:
```yml
down-after-milliseconds: 30000
```
If more control is needed from either the redis or sentinel config then an entire config can be defined under `redis.customConfig` or `sentinel.customConfig`. Please note that these values will override any configuration options under their respective section. For example, if you define `sentinel.customConfig` then the `sentinel.config` is ignored.
## Host Kernel Settings
Redis may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages.
To do so, you can set up a privileged initContainer with the `sysctlImage` config values, for example:
```yml
sysctlImage:
enabled: true
mountHostSys: true
command:
- /bin/sh
- -xc
- |-
sysctl -w net.core.somaxconn=10000
echo never > /host-sys/kernel/mm/transparent_hugepage/enabled
```
## HAProxy startup
When HAProxy is enabled, it will attempt to connect to each announce-service of each redis replica instance in its init container before starting.
It will fail if announce-service IP is not available fast enough (10 seconds max by announce-service).
A such case could happen if the orchestator is pending the nomination of redis pods.
Risk is limited because announce-service is using `publishNotReadyAddresses: true`, although, in such case, HAProxy pod will be rescheduled afterward by the orchestrator.
PodDisruptionBudgets are not configured by default, you may need to set the `haproxy.podDisruptionBudget` parameter in values.yaml to enable it.
## Network policies
If `networkPolicy.enabled` is set to `true`, then a `NetworkPolicy` resource is created with default rules to allow inter-Redis and Sentinel connectivity.
This is a requirement for Redis Pods to come up successfully.
You will need to define `ingressRules` to permit your application connectivity to Redis.
The `selectors` block should be in the format of a [label selector](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors).
Templating is also supported in the selectors.
See such a configuration below.
```yaml
networkPolicy: true
ingressRules:
- selectors:
- namespaceSelector:
matchLabels:
name: my-redis-client-namespace
podSelector:
matchLabels:
# template example
app: |-
{{- .App.Name }}
## ports block is optional (defaults to below), define the block to override the defaults
# ports:
# - port: 6379
# protocol: TCP
# - port: 26379
# protocol: TCP
```
Should your Pod require additional egress rules, define them in a `egressRules` key which is structured identically to an `ingressRules` key.
## Sentinel and redis server split brain detection
Under not entirely known yet circumstances redis sentinel and its corresponding redis server reach a condition that this chart authors call "split brain" (for short). The observed behaviour is the following: the sentinel switches to the new re-elected master, but does not switch its redis server. Majority of original discussion on the problem has happened at the <https://github.com/DandyDeveloper/charts/issues/121>.
The proposed solution is currently implemented as a sidecar container that runs a bash script with the following logic:
1. Every `splitBrainDetection.interval` seconds a master (as known by sentinel) is determined
1. If it is the current node: ensure the redis server's role is master as well.
1. If it is not the current node: ensure the redis server also replicates from the same node.
If any of the checks above fails - the redis server reinitialisation happens (it regenerates configs the same way it's done during the pod init), and then the redis server is instructed to shutdown. Then kubernetes restarts the container immediately.
# Change Log
## 4.14.9 - ** POTENTIAL BREAKING CHANGE. **
Introduced the ability to change the Haproxy Deployment container pod
- Container port in redis-haproxy-deployment.yam has been changed. Was **redis.port** To **haproxy.containerPort**. Default value is 6379.
- Port in redis-haproxy-service.yaml has been changed. Was **redis.port** To **haproxy.servicePort**. Default value is 6379.
## 4.21.0 - BREAKING CHANGES (Kubernetes Deprecation)
This version introduced the deprecation of the PSP and subsequently added fields to the securityContexts that were introduced in Kubernetes v1.19:
https://kubernetes.io/docs/tutorials/security/seccomp/
As a result, from this version onwards Kubernetes versions older than 1.19 will fail to install without the removal of `.Values.containerSeucrityContext.seccompProfile` and `.Values.haproxy.containerSeucrityContext.seccompProfile` (If HAProxy is enabled)

25
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/NOTES.txt
View File

@ -1,25 +0,0 @@
Redis can be accessed via {{ if ne (int .Values.redis.port) 0 }}port {{ .Values.redis.port }}{{ end }} {{ if .Values.redis.tlsPort }} tls-port {{ .Values.redis.tlsPort }}{{ end }} and Sentinel can be accessed via {{ if ne (int .Values.sentinel.port) 0 }}port {{ .Values.sentinel.port }}{{ end }} {{ if .Values.sentinel.tlsPort }} tls-port {{ .Values.sentinel.tlsPort }}{{ end }} on the following DNS name from within your cluster:
{{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
To connect to your Redis server:
{{- if .Values.auth }}
1. To retrieve the redis password:
echo $(kubectl get secret {{ template "redis-ha.fullname" . }} -o "jsonpath={.data['auth']}" | base64 --decode)
2. Connect to the Redis master pod that you can use as a client. By default the {{ template "redis-ha.fullname" . }}-server-0 pod is configured as the master:
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
3. Connect using the Redis CLI (inside container):
redis-cli -a <REDIS-PASS-FROM-SECRET>
{{- else }}
1. Run a Redis pod that you can use as a client:
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
2. Connect using the Redis CLI:
redis-cli -h {{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{- end }}

693
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/_configs.tpl
View File

@ -1,693 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "config-redis.conf" }}
{{- if .Values.redis.customConfig }}
{{ tpl .Values.redis.customConfig . | indent 4 }}
{{- else }}
dir "/data"
port {{ .Values.redis.port }}
{{- if .Values.sentinel.tlsPort }}
tls-port {{ .Values.redis.tlsPort }}
tls-cert-file /tls-certs/{{ .Values.tls.certFile }}
tls-key-file /tls-certs/{{ .Values.tls.keyFile }}
{{- if .Values.tls.dhParamsFile }}
tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }}
{{- end }}
{{- if .Values.tls.caCertFile }}
tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }}
{{- end }}
{{- if eq (default "yes" .Values.redis.authClients) "no"}}
tls-auth-clients no
{{- end }}
tls-replication {{ if .Values.redis.tlsReplication }}yes{{ else }}no{{ end }}
{{- end }}
{{- if .Values.redis.disableCommands }}
{{- range .Values.redis.disableCommands }}
rename-command {{ . }} ""
{{- end }}
{{- end }}
{{- range $key, $value := .Values.redis.config }}
{{ $key }} {{ $value }}
{{- end }}
{{- if .Values.auth }}
requirepass replace-default-auth
masterauth replace-default-auth
{{- end }}
{{- end }}
{{- end }}
{{- define "config-sentinel.conf" }}
{{- if .Values.sentinel.customConfig }}
{{ tpl .Values.sentinel.customConfig . | indent 4 }}
{{- else }}
dir "/data"
port {{ .Values.sentinel.port }}
{{- if .Values.sentinel.bind }}
bind {{ .Values.sentinel.bind }}
{{- end }}
{{- if .Values.sentinel.tlsPort }}
tls-port {{ .Values.sentinel.tlsPort }}
tls-cert-file /tls-certs/{{ .Values.tls.certFile }}
tls-key-file /tls-certs/{{ .Values.tls.keyFile }}
{{- if .Values.tls.dhParamsFile }}
tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }}
{{- end }}
{{- if .Values.tls.caCertFile }}
tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }}
{{- end }}
{{- if eq (default "yes" .Values.sentinel.authClients) "no"}}
tls-auth-clients no
{{- end }}
tls-replication {{ if .Values.sentinel.tlsReplication }}yes{{ else }}no{{ end }}
{{- end }}
{{- range $key, $value := .Values.sentinel.config }}
{{- if eq "maxclients" $key }}
{{ $key }} {{ $value }}
{{- else }}
sentinel {{ $key }} {{ template "redis-ha.masterGroupName" $ }} {{ $value }}
{{- end }}
{{- end }}
{{- if .Values.auth }}
sentinel auth-pass {{ template "redis-ha.masterGroupName" . }} replace-default-auth
{{- end }}
{{- if .Values.sentinel.auth }}
requirepass replace-default-sentinel-auth
{{- end }}
{{- end }}
{{- end }}
{{- define "lib.sh" }}
sentinel_get_master() {
set +e
if [ "$SENTINEL_PORT" -eq 0 ]; then
redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
else
redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
fi
set -e
}
sentinel_get_master_retry() {
master=''
retry=${1}
sleep=3
for i in $(seq 1 "${retry}"); do
master=$(sentinel_get_master)
if [ -n "${master}" ]; then
break
fi
sleep $((sleep + i))
done
echo "${master}"
}
identify_master() {
echo "Identifying redis master (get-master-addr-by-name).."
echo " using sentinel ({{ template "redis-ha.fullname" . }}), sentinel group name ({{ template "redis-ha.masterGroupName" . }})"
MASTER="$(sentinel_get_master_retry 3)"
if [ -n "${MASTER}" ]; then
echo " $(date) Found redis master (${MASTER})"
else
echo " $(date) Did not find redis master (${MASTER})"
fi
}
sentinel_update() {
echo "Updating sentinel config.."
echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
echo " redis master (${1}:${REDIS_TLS_PORT})"
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
else
echo " redis master (${1}:${REDIS_PORT})"
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
fi
echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
else
echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
fi
}
redis_update() {
echo "Updating redis config.."
if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})"
echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
else
echo " we are slave of redis master (${1}:${REDIS_PORT})"
echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
fi
echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
}
copy_config() {
echo "Copying default redis config.."
echo " to '${REDIS_CONF}'"
cp /readonly-config/redis.conf "${REDIS_CONF}"
echo "Copying default sentinel config.."
echo " to '${SENTINEL_CONF}'"
cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
}
setup_defaults() {
echo "Setting up defaults.."
echo " using statefulset index (${INDEX})"
if [ "${INDEX}" = "0" ]; then
echo "Setting this pod as master for redis and sentinel.."
echo " using announce (${ANNOUNCE_IP})"
redis_update "${ANNOUNCE_IP}"
sentinel_update "${ANNOUNCE_IP}"
echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
else
echo "Getting redis master ip.."
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
if [ -z "${DEFAULT_MASTER}" ]; then
echo "Error: Unable to resolve redis master (getent hosts)."
exit 1
fi
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
echo "Setting default slave config for redis and sentinel.."
echo " using master ip (${DEFAULT_MASTER})"
redis_update "${DEFAULT_MASTER}"
sentinel_update "${DEFAULT_MASTER}"
fi
}
redis_ping() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} ping
else
redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" ping
fi
set -e
}
redis_ping_retry() {
ping=''
retry=${1}
sleep=3
for i in $(seq 1 "${retry}"); do
if [ "$(redis_ping)" = "PONG" ]; then
ping='PONG'
break
fi
sleep $((sleep + i))
MASTER=$(sentinel_get_master)
done
echo "${ping}"
}
find_master() {
echo "Verifying redis master.."
if [ "$REDIS_PORT" -eq 0 ]; then
echo " ping (${MASTER}:${REDIS_TLS_PORT})"
else
echo " ping (${MASTER}:${REDIS_PORT})"
fi
if [ "$(redis_ping_retry 3)" != "PONG" ]; then
echo " $(date) Can't ping redis master (${MASTER})"
echo "Attempting to force failover (sentinel failover).."
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
echo " $(date) Failover returned with 'NOGOODSLAVE'"
echo "Setting defaults for this pod.."
setup_defaults
return 0
fi
else
echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
echo " $(date) Failover returned with 'NOGOODSLAVE'"
echo "Setting defaults for this pod.."
setup_defaults
return 0
fi
fi
echo "Hold on for 10sec"
sleep 10
echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
else
echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
fi
MASTER="$(sentinel_get_master)"
if [ "${MASTER}" ]; then
echo " $(date) Found redis master (${MASTER})"
echo "Updating redis and sentinel config.."
sentinel_update "${MASTER}"
redis_update "${MASTER}"
else
echo "$(date) Error: Could not failover, exiting..."
exit 1
fi
else
echo " $(date) Found reachable redis master (${MASTER})"
echo "Updating redis and sentinel config.."
sentinel_update "${MASTER}"
redis_update "${MASTER}"
fi
}
redis_ro_update() {
echo "Updating read-only redis config.."
echo " redis.conf set 'replica-priority 0'"
echo "replica-priority 0" >> ${REDIS_CONF}
}
getent_hosts() {
index=${1:-${INDEX}}
service="${SERVICE}-announce-${index}"
host=$(getent hosts "${service}")
echo "${host}"
}
identify_announce_ip() {
echo "Identify announce ip for this pod.."
echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
echo " identified announce (${ANNOUNCE_IP})"
}
{{- end }}
{{- define "vars.sh" }}
HOSTNAME="$(hostname)"
{{- if .Values.ro_replicas }}
RO_REPLICAS="{{ .Values.ro_replicas }}"
{{- end }}
INDEX="${HOSTNAME##*-}"
SENTINEL_PORT={{ .Values.sentinel.port }}
ANNOUNCE_IP=''
MASTER=''
MASTER_GROUP="{{ template "redis-ha.masterGroupName" . }}"
QUORUM="{{ .Values.sentinel.quorum }}"
REDIS_CONF=/data/conf/redis.conf
REDIS_PORT={{ .Values.redis.port }}
REDIS_TLS_PORT={{ .Values.redis.tlsPort }}
SENTINEL_CONF=/data/conf/sentinel.conf
SENTINEL_TLS_PORT={{ .Values.sentinel.tlsPort }}
SERVICE={{ template "redis-ha.fullname" . }}
SENTINEL_TLS_REPLICATION_ENABLED={{ default false .Values.sentinel.tlsReplication }}
REDIS_TLS_REPLICATION_ENABLED={{ default false .Values.redis.tlsReplication }}
{{- end }}
{{- define "config-init.sh" }}
echo "$(date) Start..."
{{- include "vars.sh" . }}
set -eu
{{- include "lib.sh" . }}
mkdir -p /data/conf/
echo "Initializing config.."
copy_config
# where is redis master
identify_master
identify_announce_ip
if [ -z "${ANNOUNCE_IP}" ]; then
"Error: Could not resolve the announce ip for this pod."
exit 1
elif [ "${MASTER}" ]; then
find_master
else
setup_defaults
fi
{{- if .Values.ro_replicas }}
# works only if index is less than 10
echo "Verifying redis read-only replica.."
echo " we have RO_REPLICAS='${RO_REPLICAS}' with INDEX='${INDEX}'"
if echo "${RO_REPLICAS}" | grep -q "${INDEX}" ; then
redis_ro_update
fi
{{- end }}
if [ "${AUTH:-}" ]; then
echo "Setting redis auth values.."
ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
fi
if [ "${SENTINELAUTH:-}" ]; then
echo "Setting sentinel auth values"
ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g');
sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
fi
echo "$(date) Ready..."
{{- end }}
{{- define "trigger-failover-if-master.sh" }}
{{- if or (eq (int .Values.redis.port) 0) (eq (int .Values.sentinel.port) 0) }}
TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}"
{{- end }}
get_redis_role() {
is_master=$(
redis-cli \
{{- if .Values.auth }}
-a "${AUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if (int .Values.redis.port) }}
-p {{ .Values.redis.port }} \
{{- else }}
-p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
info | grep -c 'role:master' || true
)
}
get_redis_role
if [[ "$is_master" -eq 1 ]]; then
echo "This node is currently master, we trigger a failover."
{{- $masterGroupName := include "redis-ha.masterGroupName" . }}
response=$(
redis-cli \
{{- if .Values.sentinel.auth }}
-a "${SENTINELAUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if (int .Values.sentinel.port) }}
-p {{ .Values.sentinel.port }} \
{{- else }}
-p {{ .Values.sentinel.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
SENTINEL failover {{ $masterGroupName }}
)
if [[ "$response" != "OK" ]] ; then
echo "$response"
exit 1
fi
timeout=30
while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do
sleep 1
get_redis_role
timeout=$((timeout - 1))
done
echo "Failover successful"
fi
{{- end }}
{{- define "fix-split-brain.sh" }}
{{- include "vars.sh" . }}
ROLE=''
REDIS_MASTER=''
set -eu
{{- include "lib.sh" . }}
redis_role() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
ROLE=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} info | grep role | sed 's/role://' | sed 's/\r//')
else
ROLE=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//')
fi
set -e
}
identify_redis_master() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
REDIS_MASTER=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} info | grep master_host | sed 's/master_host://' | sed 's/\r//')
else
REDIS_MASTER=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//')
fi
set -e
}
reinit() {
set +e
sh /readonly-config/init.sh
if [ "$REDIS_PORT" -eq 0 ]; then
echo "shutdown" | redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }}
else
echo "shutdown" | redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}"
fi
set -e
}
identify_announce_ip
while [ -z "${ANNOUNCE_IP}" ]; do
echo "Error: Could not resolve the announce ip for this pod."
sleep 30
identify_announce_ip
done
while true; do
sleep {{ .Values.splitBrainDetection.interval }}
# where is redis master
identify_master
if [ "$MASTER" = "$ANNOUNCE_IP" ]; then
redis_role
if [ "$ROLE" != "master" ]; then
reinit
fi
elif [ "${MASTER}" ]; then
identify_redis_master
if [ "$REDIS_MASTER" != "$MASTER" ]; then
reinit
fi
fi
done
{{- end }}
{{- define "config-haproxy.cfg" }}
{{- if .Values.haproxy.customConfig }}
{{ tpl .Values.haproxy.customConfig . | indent 4 }}
{{- else }}
defaults REDIS
mode tcp
timeout connect {{ .Values.haproxy.timeout.connect }}
timeout server {{ .Values.haproxy.timeout.server }}
timeout client {{ .Values.haproxy.timeout.client }}
timeout check {{ .Values.haproxy.timeout.check }}
listen health_check_http_url
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:8888 {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
mode http
monitor-uri /healthz
option dontlognull
{{- $root := . }}
{{- $fullName := include "redis-ha.fullname" . }}
{{- $replicas := int (toString .Values.replicas) }}
{{- $masterGroupName := include "redis-ha.masterGroupName" . }}
{{- range $i := until $replicas }}
# Check Sentinel and whether they are nominated master
backend check_if_redis_is_master_{{ $i }}
mode tcp
option tcp-check
tcp-check connect
{{- if $root.Values.sentinel.auth }}
tcp-check send "AUTH ${SENTINELAUTH}"\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send SENTINEL\ get-master-addr-by-name\ {{ $masterGroupName }}\r\n
tcp-check expect string REPLACE_ANNOUNCE{{ $i }}
tcp-check send QUIT\r\n
{{- range $i := until $replicas }}
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:26379 check inter {{ $root.Values.haproxy.checkInterval }}
{{- end }}
{{- end }}
# decide redis backend to use
#master
frontend ft_redis_master
{{- if .Values.haproxy.tls.enabled }}
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.haproxy.containerPort }} ssl crt {{ .Values.haproxy.tls.certMountPath }}{{ .Values.haproxy.tls.keyName }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
{{ else }}
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.redis.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
{{- end }}
use_backend bk_redis_master
{{- if .Values.haproxy.readOnly.enabled }}
#slave
frontend ft_redis_slave
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ .Values.haproxy.readOnly.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
use_backend bk_redis_slave
{{- end }}
# Check all redis servers to see if they think they are master
backend bk_redis_master
{{- if .Values.haproxy.stickyBalancing }}
balance source
hash-type consistent
{{- end }}
mode tcp
option tcp-check
tcp-check connect
{{- if .Values.auth }}
tcp-check send "AUTH ${AUTH}"\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:master
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
use-server R{{ $i }} if { srv_is_up(R{{ $i }}) } { nbsrv(check_if_redis_is_master_{{ $i }}) ge 2 }
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter {{ $root.Values.haproxy.checkInterval }} fall {{ $root.Values.haproxy.checkFall }} rise 1
{{- end }}
{{- if .Values.haproxy.readOnly.enabled }}
backend bk_redis_slave
{{- if .Values.haproxy.stickyBalancing }}
balance source
hash-type consistent
{{- end }}
mode tcp
option tcp-check
tcp-check connect
{{- if .Values.auth }}
tcp-check send "AUTH ${AUTH}"\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:slave
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter {{ $root.Values.haproxy.checkInterval }} fall {{ $root.Values.haproxy.checkFall }} rise 1
{{- end }}
{{- end }}
{{- if .Values.haproxy.metrics.enabled }}
frontend stats
mode http
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ .Values.haproxy.metrics.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
http-request use-service prometheus-exporter if { path {{ .Values.haproxy.metrics.scrapePath }} }
stats enable
stats uri /stats
stats refresh 10s
{{- end }}
{{- if .Values.haproxy.extraConfig }}
# Additional configuration
{{ .Values.haproxy.extraConfig | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "config-haproxy_init.sh" }}
HAPROXY_CONF=/data/haproxy.cfg
cp /readonly/haproxy.cfg "$HAPROXY_CONF"
{{- $fullName := include "redis-ha.fullname" . }}
{{- $replicas := int (toString .Values.replicas) }}
{{- range $i := until $replicas }}
for loop in $(seq 1 10); do
getent hosts {{ $fullName }}-announce-{{ $i }} && break
echo "Waiting for service {{ $fullName }}-announce-{{ $i }} to be ready ($loop) ..." && sleep 1
done
ANNOUNCE_IP{{ $i }}=$(getent hosts "{{ $fullName }}-announce-{{ $i }}" | awk '{ print $1 }')
if [ -z "$ANNOUNCE_IP{{ $i }}" ]; then
echo "Could not resolve the announce ip for {{ $fullName }}-announce-{{ $i }}"
exit 1
fi
sed -i "s/REPLACE_ANNOUNCE{{ $i }}/$ANNOUNCE_IP{{ $i }}/" "$HAPROXY_CONF"
{{- end }}
{{- end }}
{{- define "redis_liveness.sh" }}
{{- if not (ne (int .Values.sentinel.port) 0) }}
TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}"
{{- end }}
response=$(
redis-cli \
{{- if .Values.auth }}
-a "${AUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if ne (int .Values.redis.port) 0 }}
-p {{ .Values.redis.port }} \
{{- else }}
-p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
ping
)
if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then
echo "$response"
exit 1
fi
echo "response=$response"
{{- end }}
{{- define "redis_readiness.sh" }}
{{- if not (ne (int .Values.sentinel.port) 0) }}
TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}"
{{- end }}
response=$(
redis-cli \
{{- if .Values.auth }}
-a "${AUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if ne (int .Values.redis.port) 0 }}
-p {{ .Values.redis.port }} \
{{- else }}
-p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
ping
)
if [ "$response" != "PONG" ] ; then
echo "$response"
exit 1
fi
echo "response=$response"
{{- end }}
{{- define "sentinel_liveness.sh" }}
{{- if not (ne (int .Values.sentinel.port) 0) }}
TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}"
{{- end }}
response=$(
redis-cli \
{{- if .Values.sentinel.auth }}
-a "${SENTINELAUTH}" --no-auth-warning \
{{- end }}
-h localhost \
{{- if ne (int .Values.sentinel.port) 0 }}
-p {{ .Values.sentinel.port }} \
{{- else }}
-p {{ .Values.sentinel.tlsPort }} ${TLS_CLIENT_OPTION} \
{{- end}}
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
echo "response=$response"
{{- end }}

94
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/_helpers.tpl
View File

@ -1,94 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redis-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redis-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return sysctl image
*/}}
{{- define "redis.sysctl.image" -}}
{{- $registryName := default "docker.io" .Values.sysctlImage.registry -}}
{{- $tag := default "latest" .Values.sysctlImage.tag | toString -}}
{{- printf "%s/%s:%s" $registryName .Values.sysctlImage.repository $tag -}}
{{- end -}}
{{- /*
Credit: @technosophos
https://github.com/technosophos/common-chart/
labels.standard prints the standard Helm labels.
The standard labels are frequently used in metadata.
*/ -}}
{{- define "labels.standard" -}}
app: {{ template "redis-ha.name" . }}
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ template "chartref" . }}
{{- end -}}
{{- /*
Credit: @technosophos
https://github.com/technosophos/common-chart/
chartref prints a chart name and version.
It does minimal escaping for use in Kubernetes labels.
Example output:
zookeeper-1.2.3
wordpress-3.2.1_20170219
*/ -}}
{{- define "chartref" -}}
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "redis-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "redis-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- define "redis-ha.masterGroupName" -}}
{{- $masterGroupName := tpl ( .Values.redis.masterGroupName | default "") . -}}
{{- $validMasterGroupName := regexMatch "^[\\w-\\.]+$" $masterGroupName -}}
{{- if $validMasterGroupName -}}
{{ $masterGroupName }}
{{- else -}}
{{ required "A valid .Values.redis.masterGroupName entry is required (matching ^[\\w-\\.]+$)" ""}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for poddisruptionbudget.
*/}}
{{- define "redis-ha.podDisruptionBudget.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "policy/v1" }}
{{- print "policy/v1" -}}
{{- else -}}
{{- print "policy/v1beta1" -}}
{{- end -}}
{{- end -}}

15
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-auth-secret.yaml
View File

@ -1,15 +0,0 @@
{{- if and .Values.auth (not .Values.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
type: Opaque
data:
{{ .Values.authKey }}: {{ .Values.redisPassword | b64enc | quote }}
{{- end -}}

60
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-announce-service.yaml
View File

@ -1,60 +0,0 @@
{{- $fullName := include "redis-ha.fullname" . }}
{{- $namespace := .Release.Namespace -}}
{{- $replicas := int (toString .Values.replicas) }}
{{- $root := . }}
{{- range $i := until $replicas }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}-announce-{{ $i }}
namespace: {{ $namespace | quote}}
labels:
{{ include "labels.standard" $root | indent 4 }}
{{- range $key, $value := $root.Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
{{- if $root.Values.serviceAnnotations }}
{{ toYaml $root.Values.serviceAnnotations | indent 4 }}
{{- end }}
spec:
publishNotReadyAddresses: true
type: ClusterIP
ports:
{{- if ne (int $root.Values.redis.port) 0 }}
- name: tcp-server
port: {{ $root.Values.redis.port }}
protocol: TCP
targetPort: redis
{{- end }}
{{- if $root.Values.redis.tlsPort }}
- name: server-tls
port: {{ $root.Values.redis.tlsPort }}
protocol: TCP
targetPort: redis-tls
{{- end }}
{{- if ne (int $root.Values.sentinel.port) 0 }}
- name: tcp-sentinel
port: {{ $root.Values.sentinel.port }}
protocol: TCP
targetPort: sentinel
{{- end }}
{{- if $root.Values.sentinel.tlsPort }}
- name: sentinel-tls
port: {{ $root.Values.sentinel.tlsPort }}
protocol: TCP
targetPort: sentinel-tls
{{- end }}
{{- if $root.Values.exporter.enabled }}
- name: http-exporter
port: {{ $root.Values.exporter.port }}
protocol: TCP
targetPort: {{ $root.Values.exporter.portName }}
{{- end }}
selector:
release: {{ $root.Release.Name }}
app: {{ include "redis-ha.name" $root }}
"statefulset.kubernetes.io/pod-name": {{ $fullName }}-server-{{ $i }}
{{- end }}

37
charts/argo/argo-cd/5.8.0/charts/redis-ha/templates/redis-ha-configmap.yaml
View File

@ -1,37 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis-ha.fullname" . }}-configmap
namespace: {{ .Release.Namespace | quote }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
{{- range $key, $value := .Values.configmap.labels }}
{{ $key }}: {{ $value | toString }}
{{- end }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
data:
redis.conf: |
{{- include "config-redis.conf" . }}
sentinel.conf: |
{{- include "config-sentinel.conf" . }}
init.sh: |
{{- include "config-init.sh" . }}
fix-split-brain.sh: |
{{- include "fix-split-brain.sh" . }}
{{ if .Values.haproxy.enabled }}
haproxy.cfg: |
{{- include "config-haproxy.cfg" . }}
{{- end }}
haproxy_init.sh: |
{{- include "config-haproxy_init.sh" . }}
trigger-failover-if-master.sh: |
{{- include "trigger-failover-if-master.sh" . }}

Some files were not shown because too many files have changed in this diff Show More