diff --git a/.circleci/yq.d/go.mod b/.circleci/yq.d/go.mod index c980f04..cec1377 100644 --- a/.circleci/yq.d/go.mod +++ b/.circleci/yq.d/go.mod @@ -1,5 +1,21 @@ module github.com/datawire/build-aux/bin-go/yq -go 1.13 +go 1.17 require github.com/mikefarah/yq/v3 v3.0.0-20200417222338-3f913afbb9ed + +require ( + github.com/fatih/color v1.9.0 // indirect + github.com/goccy/go-yaml v1.4.3 // indirect + github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect + github.com/mattn/go-colorable v0.1.6 // indirect + github.com/mattn/go-isatty v0.0.12 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/spf13/cobra v1.0.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 // indirect + golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 // indirect + gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect + gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect +) diff --git a/.circleci/yq.d/go.sum b/.circleci/yq.d/go.sum index ae98e17..e9ee171 100644 --- a/.circleci/yq.d/go.sum +++ b/.circleci/yq.d/go.sum @@ -45,6 +45,7 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmg github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= @@ -52,8 +53,10 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= @@ -68,12 +71,8 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mikefarah/yq v1.15.0 h1:ViMYNRG5UB7hzm8olxMFqPtkpMXXKO4g32/v9JUa62o= -github.com/mikefarah/yq v2.4.0+incompatible h1:oBxbWy8R9hI3BIUUxEf0CzikWa2AgnGrGhvGQt5jgjk= github.com/mikefarah/yq/v3 v3.0.0-20200417222338-3f913afbb9ed h1:OPcaXkq4IrtwnP0leTxMFv9f6R9HVNmK9ryr80sWUEM= github.com/mikefarah/yq/v3 v3.0.0-20200417222338-3f913afbb9ed/go.mod h1:A6ElbOcozhGwjUdRx9kn1HtKJteuLrx76cnZYjSTJFw= -github.com/mikefarah/yq/v3 v3.0.0-20200501003153-6fc3566acd3a h1:cC7JRs/VhffZg3JHuYqZOI8BIVI7r3ufx4xLRNgDuus= -github.com/mikefarah/yq/v3 v3.0.0-20200501003153-6fc3566acd3a/go.mod h1:A6ElbOcozhGwjUdRx9kn1HtKJteuLrx76cnZYjSTJFw= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -161,6 +160,7 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v9 v9.30.0/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= diff --git a/.circleci/yq.d/pin.go b/.circleci/yq.d/pin.go new file mode 100644 index 0000000..d0c8edc --- /dev/null +++ b/.circleci/yq.d/pin.go @@ -0,0 +1,6 @@ +//go:build pin +// +build pin + +package ignore + +import "github.com/mikefarah/yq/v3" diff --git a/CHANGELOG.md b/CHANGELOG.md index eeacbd0..4389570 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -77,6 +77,79 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest ## RELEASE NOTES +## [2.2.2] TBD +[2.2.2]: https://github.com/datawire/edge-stack/releases/v2.2.2 + +## Ambassador Edge Stack + +- Change: You may now choose to enable TLS Secret validation by setting the + `AMBASSADOR_FORCE_SECRET_VALIDATION=true` environment variable. The default configuration does not + enforce secret validation. + +- Bugfix: Kubernetes Secrets that should contain an EC (Elliptic Curve) TLS Private Key are now properly + validated. ([4134]) + +[4134]: https://github.com/emissary-ingress/emissary/issues/4134 + +## [2.2.1] 2022-02-22 +[2.2.1]: https://github.com/datawire/edge-stack/releases/v2.2.1 + +## Ambassador Edge Stack + +- Change: Support for the Envoy V2 API is deprecated as of Ambassador Edge Stack v2.1, and will be removed + in Ambassador Edge Stack v3.0. The `AMBASSADOR_ENVOY_API_VERSION` environment variable will be + removed at the same time. Only the Envoy V3 API will be supported (this has been the default since + Ambassador Edge Stack v1.14.0). + +- Security: Upgraded Envoy to address security vulnerabilities CVE-2021-43824, CVE-2021-43825, CVE-2021-43826, + CVE-2022-21654, and CVE-2022-21655. + +- Bugfix: The Ambassador Agent now correctly supports requests to cancel a rollout. + +## [2.2.0] 2022-02-10 +[2.2.0]: https://github.com/datawire/edge-stack/releases/v2.2.0 + +## Ambassador Edge Stack + +- Change: Support for the Envoy V2 API is deprecated as of Ambassador Edge Stack v2.1, and will be removed + in Ambassador Edge Stack v3.0. The `AMBASSADOR_ENVOY_API_VERSION` environment variable will be + removed at the same time. Only the Envoy V3 API will be supported (this has been the default since + Ambassador Edge Stack v1.14.0). + +- Change: Ambassador Edge Stack will now watch for ConfigMap or Secret resources specified by the + `AGENT_CONFIG_RESOURCE_NAME` environment variable in order to allow all components (and not only + the Ambassador Agent) to authenticate requests to Ambassador Cloud. + +- Security: Ambassador Edge Stack has updated Alpine to 3.15, and Python and Go dependencies to their latest + compatible versions, to incorporate numerous security patches. + +- Feature: Ambassador Edge Stack now supports the metric `ambassador_log_level{label="debug"}` which will be + set to 1 if debug logging is enabled for the running Emissary instance, or to 0 if not. This can + help to be sure that a running production instance was not actually left doing debugging logging, + for example. (Thanks to Fabrice!) ([#3906]) + +- Feature: Ambassador Edge Stack is now leveraging a new Envoy Proxy patch that allows Envoy to accept + escaped '%' characters in its configuration. This means that error_response_overrides and other + custom user content can now contain '%' symbols escaped as '%%'. ([DW Envoy: 74]) ([Upstream Envoy: 19383]) + +- Feature: Support for streaming Envoy metrics about the clusters to Ambassador Cloud. ([#4053]) + +- Feature: The Ambassador agent now receives commands to manipulate Rollouts (pause, continue, and abort are + currently supported) via directives and executes them in the cluster. A report is sent to + Ambassador Cloud including the command ID, whether it ran successfully, and an error message in + case there was any. ([#4040]) + +- Bugfix: Kubernetes Secrets that should contain TLS certificates are now validated before being accepted + for configuration. A Secret that contains an invalid TLS certificate will be logged as an invalid + resource. ([#3821]) + +[#3906]: https://github.com/emissary-ingress/emissary/issues/3906 +[DW Envoy: 74]: https://github.com/datawire/envoy/pull/74 +[Upstream Envoy: 19383]: https://github.com/envoyproxy/envoy/pull/19383 +[#4053]: https://github.com/emissary-ingress/emissary/pull/4053 +[#4040]: https://github.com/emissary-ingress/emissary/pull/4040 +[#3821]: https://github.com/emissary-ingress/emissary/issues/3821 + ## [2.1.2] 2022-01-25 [2.1.2]: https://github.com/datawire/edge-stack/releases/v2.1.2 diff --git a/Makefile b/Makefile index e7acbf4..dea05f2 100644 --- a/Makefile +++ b/Makefile @@ -4,9 +4,14 @@ SHELL := /bin/bash HELM_OUTPUT_DIR := $(EDGE_STACK_HOME)/build/helm/ generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns-agent.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns-agent.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns-agent.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml generate/files += $(EDGE_STACK_HOME)/CHANGELOG.md @@ -14,27 +19,35 @@ generate/files += $(EDGE_STACK_HOME)/.circleci/config.yml $(EDGE_STACK_HOME)/venv: python3 -m venv $@ - $@/bin/python -m pip install ruamel.yaml + $@/bin/pip3 install ruamel.yaml FORCE: .PHONY: FORCE .SECONDARY: -$(EDGE_STACK_HOME)/charts/edge-stack/charts: %/charts: %/Chart.yaml - rm -rf $@ - cd $* && helm dependency update +$(EDGE_STACK_HOME)/charts/edge-stack/charts: FORCE + if test -f ../go.mod && test "$$(cd .. && go list -m)" == github.com/datawire/apro/v2; then \ + $(MAKE) -C .. $@; \ + else \ + cd $(@D) && helm dependency update; \ + fi $(HELM_OUTPUT_DIR): $(EDGE_STACK_HOME)/charts/edge-stack/charts FORCE rm -rf $@ mkdir -p $@ helm template edge-stack --output-dir $@ -n ambassador $(EDGE_STACK_HOME)/charts/edge-stack -helm-namespace.aes = ambassador -helm-namespace.aes-defaultns = default -helm-namespace.aes-defaultms-migration = default -helm-namespace.aes-emissaryns = emissary -helm-namespace.aes-emissaryns-migration = emissary -helm-namespace.resources-migration = default +helm-namespace.aes = ambassador +helm-namespace.aes-ambassadorns = ambassador +helm-namespace.aes-ambassadorns-agent = ambassador +helm-namespace.aes-ambassadorns-migration = ambassador +helm-namespace.aes-defaultns = default +helm-namespace.aes-defaultns-agent = default +helm-namespace.aes-defaultns-migration = default +helm-namespace.aes-emissaryns = emissary +helm-namespace.aes-emissaryns-migration = emissary +helm-namespace.aes-emissaryns-agent = emissary +helm-namespace.resources-migration = default $(EDGE_STACK_HOME)/k8s-config/%/helm-expanded.yaml: \ $(EDGE_STACK_HOME)/charts/edge-stack/charts \ $(EDGE_STACK_HOME)/k8s-config/%/values.yaml \ diff --git a/VERSION b/VERSION index eca07e4..b1b25a5 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.2 +2.2.2 diff --git a/charts/charts.mk b/charts/charts.mk index 5b5544e..1ca5861 100644 --- a/charts/charts.mk +++ b/charts/charts.mk @@ -22,14 +22,14 @@ define _docgen fi endef +EMISSARY_CHART_REPO_GA = https://s3.amazonaws.com/datawire-static-files/charts +EMISSARY_CHART_REPO_PRE = https://s3.amazonaws.com/datawire-static-files/charts-dev +EMISSARY_CHART_REPO = $(if $(findstring -,$(EMISSARY_CHART_VERSION)),$(EMISSARY_CHART_REPO_PRE),$(EMISSARY_CHART_REPO_GA)) chart/update-emissary: $(YQ) - [ -n "${EMISSARY_CHART_VERSION}" ] || (echo "EMISSARY_CHART_VERSION must be set for non-GA pushes" && exit 1) + [ -n '$(EMISSARY_CHART_VERSION)' ] || (echo "EMISSARY_CHART_VERSION must be set for non-GA pushes" && exit 1) rm -f $(CHART_DIR)/charts/emissary-ingress*.tgz - $(YQ) w -i $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).version' "${EMISSARY_CHART_VERSION}" - helm repo rm emissary-updater || true - helm repo add emissary-updater `$(YQ) r $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).repository'` - helm dep update $(CHART_DIR) - git add $(CHART_DIR)/charts/emissary*.tgz $(CHART_DIR)/Chart.yaml $(CHART_DIR)/Chart.lock + $(YQ) w -i $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).version' '$(patsubst v%,%,$(EMISSARY_CHART_VERSION))' + $(YQ) w -i $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).repository' '$(EMISSARY_CHART_REPO)' .PHONY: chart/update-emissary chart/docgen: diff --git a/charts/edge-stack/CHANGELOG.md b/charts/edge-stack/CHANGELOG.md index a2bab30..a86f075 100644 --- a/charts/edge-stack/CHANGELOG.md +++ b/charts/edge-stack/CHANGELOG.md @@ -3,6 +3,18 @@ This file documents all notable changes to Edge Stack Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v7.3.2 + +- Update Edge Stack chart image to version v2.2.2: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) + +## v7.3.1 + +- Update Edge Stack chart image to version v2.2.1: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) + +## v7.3.0 + +- Update Edge Stack chart image to version v2.2.0: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) + ## v7.2.2 - Update Edge Stack chart image to version v2.1.2: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 6f312a4..8b08658 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts - version: 7.2.2 -digest: sha256:43fd13e494c74484656c6a811f8474b6a227c896c1b42e75f46f5fe2f23c09b8 -generated: "2022-01-25T18:57:51.910303-05:00" + version: 7.3.2 +digest: sha256:bd7cedbf03bcc3f255a08a818e9a34e0b2715e0f61c8645ac1c80ecf0ac3ef3e +generated: "2022-02-25T13:00:54.216180784-08:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index d229d53..204509f 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.1.2 +appVersion: 2.2.2 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.2.2 +version: 7.3.2 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: v7.2.2 - repository: "https://s3.amazonaws.com/datawire-static-files/charts" + version: 7.3.2 + repository: https://s3.amazonaws.com/datawire-static-files/charts diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index 7e05042..fb6b33b 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.1.2 + tag: 2.2.2 pullPolicy: IfNotPresent rbac: diff --git a/docs/releaseNotes.yml b/docs/releaseNotes.yml index 4b360d1..1b87ff5 100644 --- a/docs/releaseNotes.yml +++ b/docs/releaseNotes.yml @@ -28,9 +28,137 @@ # `FOO/releaseNotes.yml`, then the image paths are # relative to `FOO/release-notes/`. # - docs: The path to the documentation page where additional information can be found. +# - href: A path from the root to a resource on the getambassador website, takes precedence over a docs link. changelog: https://github.com/datawire/edge-stack/blob/$branch$/CHANGELOG.md items: + - version: 2.2.2 + date: 'TBD' + notes: + - title: TLS Secret validation is now opt-in + type: change + body: >- + You may now choose to enable TLS Secret validation by setting the + AMBASSADOR_FORCE_SECRET_VALIDATION=true environment variable. The default configuration does not + enforce secret validation. + + - title: Correctly validate EC (Elliptic Curve) Private Keys + type: bugfix + body: >- + Kubernetes Secrets that should contain an EC (Elliptic Curve) TLS Private Key are now properly validated. + github: + - title: 4134 + link: https://github.com/emissary-ingress/emissary/issues/4134 + docs: https://github.com/emissary-ingress/emissary/issues/4134 + + - version: 2.2.1 + date: '2022-02-22' + notes: + - title: Envoy V2 API deprecation + type: change + body: >- + Support for the Envoy V2 API is deprecated as of $productName$ v2.1, and will be removed in $productName$ + v3.0. The AMBASSADOR_ENVOY_API_VERSION environment variable will be removed at the same + time. Only the Envoy V3 API will be supported (this has been the default since $productName$ v1.14.0). + + - title: Envoy security updates + type: security + body: >- + Upgraded Envoy to address security vulnerabilities CVE-2021-43824, CVE-2021-43825, CVE-2021-43826, + CVE-2022-21654, and CVE-2022-21655. + docs: https://groups.google.com/g/envoy-announce/c/bIUgEDKHl4g + + - title: Correctly support canceling rollouts + type: bugfix + body: >- + The Ambassador Agent now correctly supports requests to cancel a rollout. + docs: ../../argo/latest/howtos/manage-rollouts-using-cloud + + - version: 2.2.0 + date: '2022-02-10' + notes: + - title: Envoy V2 API deprecation + type: change + body: >- + Support for the Envoy V2 API is deprecated as of $productName$ v2.1, and will be removed in $productName$ + v3.0. The AMBASSADOR_ENVOY_API_VERSION environment variable will be removed at the same + time. Only the Envoy V3 API will be supported (this has been the default since $productName$ v1.14.0). + + - title: Ambassador Edge Stack will watch for Cloud Connect Tokens + type: change + body: >- + $productName$ will now watch for ConfigMap or Secret resources specified by the + AGENT_CONFIG_RESOURCE_NAME environment variable in order to allow all + components (and not only the Ambassador Agent) to authenticate requests to + Ambassador Cloud. + image: ./v2.2.0-cloud.png + + - title: Update Alpine and libraries + type: security + body: >- + $productName$ has updated Alpine to 3.15, and Python and Go dependencies + to their latest compatible versions, to incorporate numerous security patches. + + - title: Support a log-level metric + type: feature + body: >- + $productName$ now supports the metric ambassador_log_level{label="debug"} + which will be set to 1 if debug logging is enabled for the running Emissary + instance, or to 0 if not. This can help to be sure that a running production + instance was not actually left doing debugging logging, for example. + (Thanks to Fabrice!) + github: + - title: "#3906" + link: https://github.com/emissary-ingress/emissary/issues/3906 + docs: topics/running/statistics/8877-metrics/ + + - title: Envoy configuration % escaping + type: feature + body: >- + $productName$ is now leveraging a new Envoy Proxy patch that allows Envoy to accept escaped + '%' characters in its configuration. This means that error_response_overrides and other + custom user content can now contain '%' symbols escaped as '%%'. + docs: topics/running/custom-error-responses + github: + - title: "DW Envoy: 74" + link: https://github.com/datawire/envoy/pull/74 + - title: "Upstream Envoy: 19383" + link: https://github.com/envoyproxy/envoy/pull/19383 + image: ./v2.2.0-percent-escape.png + + - title: Stream metrics from Envoy to Ambassador Cloud + type: feature + body: >- + Support for streaming Envoy metrics about the clusters to Ambassador Cloud. + github: + - title: "#4053" + link: https://github.com/emissary-ingress/emissary/pull/4053 + docs: https://github.com/emissary-ingress/emissary/pull/4053 + + - title: Support received commands to pause, continue and abort a Rollout via Agent directives + type: feature + body: >- + The Ambassador agent now receives commands to manipulate Rollouts (pause, continue, and + abort are currently supported) via directives and executes them in the cluster. A report + is sent to Ambassador Cloud including the command ID, whether it ran successfully, and + an error message in case there was any. + github: + - title: "#4040" + link: https://github.com/emissary-ingress/emissary/pull/4040 + docs: https://github.com/emissary-ingress/emissary/pull/4040 + + - title: Validate certificates in TLS Secrets + type: bugfix + body: >- + Kubernetes Secrets that should contain TLS certificates are now validated before being + accepted for configuration. A Secret that contains an invalid TLS certificate will be logged + as an invalid resource. + github: + - title: "#3821" + link: https://github.com/emissary-ingress/emissary/issues/3821 + docs: ../topics/running/tls + image: ./v2.2.0-tls-cert-validation.png + - version: 2.1.2 date: '2022-01-25' notes: diff --git a/k8s-config/aes-ambassadorns-agent/require.yaml b/k8s-config/aes-ambassadorns-agent/require.yaml new file mode 100644 index 0000000..06c1f7f --- /dev/null +++ b/k8s-config/aes-ambassadorns-agent/require.yaml @@ -0,0 +1,14 @@ +resources: + - { kind: ServiceAccount, name: edge-stack-agent, namespace: ambassador } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: Role, name: edge-stack-agent-config, namespace: ambassador } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: ambassador } + - { kind: Service, name: edge-stack-admin, namespace: ambassador } + - { kind: Deployment, name: edge-stack-agent, namespace: ambassador } diff --git a/k8s-config/aes-ambassadorns-agent/values.yaml b/k8s-config/aes-ambassadorns-agent/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-ambassadorns-agent/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/k8s-config/aes-ambassadorns-migration/require.yaml b/k8s-config/aes-ambassadorns-migration/require.yaml new file mode 100644 index 0000000..915e8e2 --- /dev/null +++ b/k8s-config/aes-ambassadorns-migration/require.yaml @@ -0,0 +1,13 @@ +resources: + # everything else + - { kind: Service, name: edge-stack-redis, namespace: ambassador } + - { kind: Deployment, name: edge-stack-redis, namespace: ambassador } + - { kind: Secret, name: edge-stack, namespace: ambassador } + - { kind: Service, name: test-aes, namespace: ambassador } + - { kind: Deployment, name: aes, namespace: ambassador } + - { kind: ServiceAccount, name: edge-stack, namespace: ambassador } + - { kind: ClusterRoleBinding, name: edge-stack } + - { kind: ClusterRole, name: edge-stack } + - { kind: ClusterRole, name: edge-stack-aes } + - { kind: ClusterRole, name: edge-stack-crd } + - { kind: ClusterRole, name: edge-stack-watch } diff --git a/k8s-config/aes-ambassadorns-migration/values.yaml b/k8s-config/aes-ambassadorns-migration/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-ambassadorns-migration/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/k8s-config/aes-ambassadorns/require.yaml b/k8s-config/aes-ambassadorns/require.yaml new file mode 100644 index 0000000..d767792 --- /dev/null +++ b/k8s-config/aes-ambassadorns/require.yaml @@ -0,0 +1,32 @@ +resources: + - { kind: Namespace, name: ambassador } + - { kind: ServiceAccount, name: edge-stack-agent, namespace: ambassador } + - { kind: ServiceAccount, name: edge-stack, namespace: ambassador } + - { kind: Secret, name: edge-stack, namespace: ambassador } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRole, name: edge-stack } + - { kind: ClusterRole, name: edge-stack-crd } + - { kind: ClusterRole, name: edge-stack-watch } + - { kind: ClusterRole, name: edge-stack-aes } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: ClusterRoleBinding, name: edge-stack } + - { kind: Role, name: edge-stack-agent-config, namespace: ambassador } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: ambassador } + - { kind: Service, name: edge-stack-admin, namespace: ambassador } + - { kind: Service, name: edge-stack, namespace: ambassador } + - { kind: Service, name: edge-stack-redis, namespace: ambassador } + - { kind: Deployment, name: edge-stack-agent, namespace: ambassador } + - { kind: Deployment, name: edge-stack, namespace: ambassador } + - { kind: Deployment, name: edge-stack-redis, namespace: ambassador } + - { kind: AuthService, name: edge-stack-auth, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal-assets, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal-demo, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal-api, namespace: ambassador } + - { kind: RateLimitService, name: edge-stack-ratelimit, namespace: ambassador } diff --git a/k8s-config/aes-ambassadorns/values.yaml b/k8s-config/aes-ambassadorns/values.yaml new file mode 100644 index 0000000..65f5340 --- /dev/null +++ b/k8s-config/aes-ambassadorns/values.yaml @@ -0,0 +1,39 @@ +emissary-ingress: + replicaCount: 1 + createNamespace: true + deploymentTool: getambassador.io + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + service: ambassador + topologyKey: kubernetes.io/hostname + weight: 100 + +registry: + create: true +devportal: + docsPrefix: "/docs/" +authService: + optional_configurations: + allow_request_body: false + status_on_error: + code: 504 +redis: + serviceSelector: + service: ambassador-redis +deploymentTool: getambassador.io diff --git a/k8s-config/aes-defaultns-agent/require.yaml b/k8s-config/aes-defaultns-agent/require.yaml new file mode 100644 index 0000000..4ec6c9d --- /dev/null +++ b/k8s-config/aes-defaultns-agent/require.yaml @@ -0,0 +1,14 @@ +resources: + - { kind: ServiceAccount, name: edge-stack-agent, namespace: default } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: Role, name: edge-stack-agent-config, namespace: default } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: default } + - { kind: Service, name: edge-stack-admin, namespace: default } + - { kind: Deployment, name: edge-stack-agent, namespace: default } diff --git a/k8s-config/aes-defaultns-agent/values.yaml b/k8s-config/aes-defaultns-agent/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-defaultns-agent/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/k8s-config/aes-emissaryns-agent/require.yaml b/k8s-config/aes-emissaryns-agent/require.yaml new file mode 100644 index 0000000..3835e80 --- /dev/null +++ b/k8s-config/aes-emissaryns-agent/require.yaml @@ -0,0 +1,14 @@ +resources: + - { kind: ServiceAccount, name: edge-stack-agent, namespace: emissary } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: Role, name: edge-stack-agent-config, namespace: emissary } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: emissary } + - { kind: Service, name: edge-stack-admin, namespace: emissary } + - { kind: Deployment, name: edge-stack-agent, namespace: emissary } diff --git a/k8s-config/aes-emissaryns-agent/values.yaml b/k8s-config/aes-emissaryns-agent/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-emissaryns-agent/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml new file mode 100644 index 0000000..0f99029 --- /dev/null +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -0,0 +1,293 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts, rollouts/status] + verbs: [get, list, watch, patch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-admin + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack admin service for internal use and + health checks. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 8877 + targetPort: admin + protocol: TCP + name: ambassador-admin + - port: 8005 + targetPort: 8005 + protocol: TCP + name: ambassador-snapshot + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.2.2 + imagePullPolicy: IfNotPresent + command: [agent] + ports: + - containerPort: 8080 + name: http + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.ambassador:8005/snapshot-external + progressDeadlineSeconds: 600 diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml new file mode 100644 index 0000000..b59c76c --- /dev/null +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -0,0 +1,383 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack Redis store for auth and rate limiting, + among other things. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: 6379 + selector: + service: ambassador-redis +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: {} +spec: + replicas: 1 + selector: + matchLabels: + service: ambassador-redis + template: + metadata: + labels: + service: ambassador-redis + spec: + containers: + - name: redis + image: redis:5.0.1 + imagePullPolicy: IfNotPresent + resources: {} + restartPolicy: Always +--- +# Source: edge-stack/templates/aes-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: edge-stack + namespace: ambassador +type: Opaque +data: + license-key: '' +--- +# Source: edge-stack/templates/oss-migration-test-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-aes + namespace: ambassador + labels: + product: aes +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + targetPort: 8080 + - name: https + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- +# Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aes + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack + strategy: + type: RollingUpdate + + + progressDeadlineSeconds: 600 + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + profile: main + annotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + spec: + terminationGracePeriodSeconds: 0 + securityContext: + runAsUser: 8888 + restartPolicy: Always + serviceAccountName: edge-stack + volumes: + - name: ambassador-pod-info + downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - name: edge-stack-secrets + secret: + secretName: edge-stack + + containers: + - name: aes + image: docker.io/datawire/aes:2.2.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + - name: admin + containerPort: 8877 + env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack-agent:80 + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AMBASSADOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: AES_ACME_LEADER_DISABLE + value: 'true' + - name: AMBASSADOR_DRAIN_TIME + value: '600' + - name: AMBASSADOR_INTERNAL_URL + value: https://127.0.0.1:8443 + - name: AMBASSADOR_URL + value: https://ambassador.ambassador.svc.cluster.local + - name: POLL_EVERY_SECS + value: '60' + - name: REDIS_URL + value: edge-stack-redis:6379 + + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /ambassador/v0/check_alive + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /ambassador/v0/check_ready + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + volumeMounts: + - name: ambassador-pod-info + mountPath: /tmp/ambassador-pod-info + readOnly: true + + - name: edge-stack-secrets + mountPath: /.config/ambassador + readOnly: true + + resources: + limits: + cpu: 1000m + memory: 600Mi + requests: + cpu: 200m + memory: 300Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + imagePullSecrets: [] + dnsPolicy: ClusterFirst + hostNetwork: false +--- +# Source: edge-stack/charts/emissary-ingress/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack +subjects: +- name: edge-stack + namespace: ambassador + kind: ServiceAccount +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# Aggregate # +###################################################################### +# This ClusterRole has an empty `rules` and instead sets +# `aggregationRule` in order to aggregate several other ClusterRoles +# together, to avoid the need for multiple ClusterRoleBindings. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack +rules: [] +--- +# Source: edge-stack/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-aes + labels: + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: [secrets] + verbs: [get, list, watch, create, update] + +- apiGroups: [''] + resources: [events] + verbs: [get, list, watch, create, patch] + +- apiGroups: [coordination.k8s.io] + resources: [leases] + verbs: [get, create, update] + +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch, create, update] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# No namespace # +###################################################################### +# These ClusterRoles should be limited to resource types that are +# non-namespaced, and therefore cannot be put in a Role, even if +# Emissary is in single-namespace mode. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-crd + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch, delete] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# All namespaces # +###################################################################### +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-watch + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: + - namespaces + - services + - secrets + - configmaps + - endpoints + verbs: [get, list, watch] + +- apiGroups: [getambassador.io] + resources: ['*'] + verbs: [get, list, watch, update, patch, create, delete] + +- apiGroups: [getambassador.io] + resources: [mappings/status] + verbs: [update] + +- apiGroups: [networking.internal.knative.dev] + resources: [clusteringresses, ingresses] + verbs: [get, list, watch] + +- apiGroups: [networking.x-k8s.io] + resources: ['*'] + verbs: [get, list, watch] + +- apiGroups: [networking.internal.knative.dev] + resources: [ingresses/status, clusteringresses/status] + verbs: [update] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses, ingressclasses] + verbs: [get, list, watch] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses/status] + verbs: [update] diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml new file mode 100644 index 0000000..570c758 --- /dev/null +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -0,0 +1,785 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + labels: + product: aes + name: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/templates/aes-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: edge-stack + namespace: ambassador +type: Opaque +data: + license-key: '' +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts, rollouts/status] + verbs: [get, list, watch, patch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# Aggregate # +###################################################################### +# This ClusterRole has an empty `rules` and instead sets +# `aggregationRule` in order to aggregate several other ClusterRoles +# together, to avoid the need for multiple ClusterRoleBindings. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# No namespace # +###################################################################### +# These ClusterRoles should be limited to resource types that are +# non-namespaced, and therefore cannot be put in a Role, even if +# Emissary is in single-namespace mode. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-crd + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch, delete] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# All namespaces # +###################################################################### +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-watch + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: + - namespaces + - services + - secrets + - configmaps + - endpoints + verbs: [get, list, watch] + +- apiGroups: [getambassador.io] + resources: ['*'] + verbs: [get, list, watch, update, patch, create, delete] + +- apiGroups: [getambassador.io] + resources: [mappings/status] + verbs: [update] + +- apiGroups: [networking.internal.knative.dev] + resources: [clusteringresses, ingresses] + verbs: [get, list, watch] + +- apiGroups: [networking.x-k8s.io] + resources: ['*'] + verbs: [get, list, watch] + +- apiGroups: [networking.internal.knative.dev] + resources: [ingresses/status, clusteringresses/status] + verbs: [update] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses, ingressclasses] + verbs: [get, list, watch] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses/status] + verbs: [update] +--- +# Source: edge-stack/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-aes + labels: + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: [secrets] + verbs: [get, list, watch, create, update] + +- apiGroups: [''] + resources: [events] + verbs: [get, list, watch, create, patch] + +- apiGroups: [coordination.k8s.io] + resources: [leases] + verbs: [get, create, update] + +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch, create, update] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack +subjects: +- name: edge-stack + namespace: ambassador + kind: ServiceAccount +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-admin + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack admin service for internal use and + health checks. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 8877 + targetPort: admin + protocol: TCP + name: ambassador-admin + - port: 8005 + targetPort: 8005 + protocol: TCP + name: ambassador-snapshot + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- +# Source: edge-stack/charts/emissary-ingress/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + app.kubernetes.io/component: ambassador-service + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack goes beyond traditional API Gateways + and Ingress Controllers with the advanced edge features needed to support developer + self-service and full-cycle development. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: edge-stack-redis.ambassador +spec: + type: LoadBalancer + ports: + - name: http + port: 80 + targetPort: 8080 + - name: https + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack + profile: main +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack Redis store for auth and rate limiting, + among other things. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: 6379 + selector: + service: ambassador-redis +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.2.2 + imagePullPolicy: IfNotPresent + command: [agent] + ports: + - containerPort: 8080 + name: http + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.ambassador:8005/snapshot-external + progressDeadlineSeconds: 600 +--- +# Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack + strategy: + type: RollingUpdate + + + progressDeadlineSeconds: 600 + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + profile: main + annotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + spec: + terminationGracePeriodSeconds: 0 + securityContext: + runAsUser: 8888 + restartPolicy: Always + serviceAccountName: edge-stack + volumes: + - name: ambassador-pod-info + downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - name: edge-stack-secrets + secret: + secretName: edge-stack + + containers: + - name: aes + image: docker.io/datawire/aes:2.2.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + - name: admin + containerPort: 8877 + env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack-agent:80 + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AMBASSADOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: AMBASSADOR_DRAIN_TIME + value: '600' + - name: AMBASSADOR_INTERNAL_URL + value: https://127.0.0.1:8443 + - name: POLL_EVERY_SECS + value: '60' + - name: REDIS_URL + value: edge-stack-redis:6379 + + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /ambassador/v0/check_alive + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /ambassador/v0/check_ready + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + volumeMounts: + - name: ambassador-pod-info + mountPath: /tmp/ambassador-pod-info + readOnly: true + + - name: edge-stack-secrets + mountPath: /.config/ambassador + readOnly: true + + resources: + limits: + cpu: 1000m + memory: 600Mi + requests: + cpu: 200m + memory: 300Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + service: ambassador + topologyKey: kubernetes.io/hostname + weight: 100 + imagePullSecrets: [] + dnsPolicy: ClusterFirst + hostNetwork: false +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: {} +spec: + replicas: 1 + selector: + matchLabels: + service: ambassador-redis + template: + metadata: + labels: + service: ambassador-redis + spec: + containers: + - name: redis + image: redis:5.0.1 + imagePullPolicy: IfNotPresent + resources: {} + restartPolicy: Always +--- +# Source: edge-stack/templates/aes-authservice.yaml +apiVersion: getambassador.io/v2 +kind: AuthService +metadata: + name: edge-stack-auth + namespace: ambassador + labels: + product: aes +spec: + proto: grpc + auth_service: 127.0.0.1:8500 + allow_request_body: false + status_on_error: + code: 504 +--- +# Source: edge-stack/templates/aes-internal.yaml +# Configure DevPortal +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is referenced by convention, it's important to leave as-is. + name: edge-stack-devportal + namespace: ambassador + labels: + product: aes +spec: + prefix: /docs/ + rewrite: /docs/ + service: 127.0.0.1:8500 +--- +# Source: edge-stack/templates/aes-internal.yaml +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + name: edge-stack-devportal-assets + namespace: ambassador + labels: + product: aes +spec: + prefix: /documentation/(assets|styles)/(.*)(.css) + prefix_regex: true + regex_rewrite: + pattern: /documentation/(.*) + substitution: /docs/\1 + service: 127.0.0.1:8500 + add_response_headers: + cache-control: + value: public, max-age=3600, immutable + append: false +--- +# Source: edge-stack/templates/aes-internal.yaml +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is what the demo uses. Sigh. + name: edge-stack-devportal-demo + namespace: ambassador + labels: + product: aes +spec: + prefix: /docs/ + rewrite: /docs/ + service: 127.0.0.1:8500 +--- +# Source: edge-stack/templates/aes-internal.yaml +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is referenced by convention, it's important to leave as-is. + name: edge-stack-devportal-api + namespace: ambassador + labels: + product: aes +spec: + prefix: /openapi/ + rewrite: '' + service: 127.0.0.1:8500 +--- +# Source: edge-stack/templates/aes-ratelimit.yaml +apiVersion: getambassador.io/v2 +kind: RateLimitService +metadata: + name: edge-stack-ratelimit + namespace: ambassador + labels: + product: aes +spec: + service: 127.0.0.1:8500 diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 1367b6b..31ccf88 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -39,10 +39,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -56,7 +60,9 @@ spec: items: properties: arguments: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true ifRequestHeader: @@ -98,10 +104,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -115,7 +125,9 @@ spec: items: properties: arguments: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true ifRequestHeader: @@ -157,10 +169,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -174,7 +190,9 @@ spec: items: properties: arguments: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true ifRequestHeader: @@ -216,7 +234,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -251,10 +269,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -299,16 +321,27 @@ spec: type: integer type: object timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: - description: Emissary supports setting "tls" to the name of a TLSContext. Edge Stack External Filters do NOT yet support that; in External Filters "tls" is a boolean indicating whether to originate TLS. + description: Emissary supports setting "tls" to the name of a + TLSContext. Edge Stack External Filters do NOT yet support + that; in External Filters "tls" is a boolean indicating whether + to originate TLS. type: boolean required: - auth_service type: object JWT: - description: "FilterJWT \n Currently supported algorithms: \n - RSA * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go v3.2.0. Keep this list in sync if we pull in a jwt-go update. More algorithms can be added with jwt.RegistersigningMethod(). \n Haha, JK, our JWKS parser only understands RSA keys." + description: "FilterJWT \n Currently supported algorithms: \n - RSA + \ * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" + \ * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" + \ * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" + - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go + v3.2.0. Keep this list in sync if we pull in a jwt-go update. More + algorithms can be added with jwt.RegistersigningMethod(). \n Haha, + JK, our JWKS parser only understands RSA keys." properties: audience: type: string @@ -413,11 +446,15 @@ spec: nbfSafetyMargin: type: string otherClaims: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true otherHeaderParameters: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true setClientID: @@ -535,10 +572,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -583,16 +624,27 @@ spec: type: integer type: object timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: - description: Emissary supports setting "tls" to the name of a TLSContext. Edge Stack External Filters do NOT yet support that; in External Filters "tls" is a boolean indicating whether to originate TLS. + description: Emissary supports setting "tls" to the name of a + TLSContext. Edge Stack External Filters do NOT yet support + that; in External Filters "tls" is a boolean indicating whether + to originate TLS. type: boolean required: - auth_service type: object JWT: - description: "FilterJWT \n Currently supported algorithms: \n - RSA * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go v3.2.0. Keep this list in sync if we pull in a jwt-go update. More algorithms can be added with jwt.RegistersigningMethod(). \n Haha, JK, our JWKS parser only understands RSA keys." + description: "FilterJWT \n Currently supported algorithms: \n - RSA + \ * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" + \ * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" + \ * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" + - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go + v3.2.0. Keep this list in sync if we pull in a jwt-go update. More + algorithms can be added with jwt.RegistersigningMethod(). \n Haha, + JK, our JWKS parser only understands RSA keys." properties: audience: type: string @@ -697,11 +749,15 @@ spec: nbfSafetyMargin: type: string otherClaims: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true otherHeaderParameters: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true setClientID: @@ -819,10 +875,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -862,22 +922,35 @@ spec: - grpc type: string status_on_error: - description: 'TODO(lukeshu): In v3alpha2, consider getting rid of this struct type in favor of just using an int (i.e. `statusOnError: 500` instead of the current `statusOnError: { code: 500 }`).' + description: 'TODO(lukeshu): In v3alpha2, consider getting rid + of this struct type in favor of just using an int (i.e. `statusOnError: + 500` instead of the current `statusOnError: { code: 500 }`).' properties: code: type: integer type: object timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: - description: Emissary supports setting "tls" to the name of a TLSContext. Edge Stack External Filters do NOT yet support that; in External Filters "tls" is a boolean indicating whether to originate TLS. + description: Emissary supports setting "tls" to the name of a + TLSContext. Edge Stack External Filters do NOT yet support + that; in External Filters "tls" is a boolean indicating whether + to originate TLS. type: boolean required: - auth_service type: object JWT: - description: "FilterJWT \n Currently supported algorithms: \n - RSA * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go v3.2.0. Keep this list in sync if we pull in a jwt-go update. More algorithms can be added with jwt.RegistersigningMethod(). \n Haha, JK, our JWKS parser only understands RSA keys." + description: "FilterJWT \n Currently supported algorithms: \n - RSA + \ * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" + \ * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" + \ * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" + - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go + v3.2.0. Keep this list in sync if we pull in a jwt-go update. More + algorithms can be added with jwt.RegistersigningMethod(). \n Haha, + JK, our JWKS parser only understands RSA keys." properties: audience: type: string @@ -982,11 +1055,15 @@ spec: nbfSafetyMargin: type: string otherClaims: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true otherHeaderParameters: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true setClientID: @@ -1104,7 +1181,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1139,10 +1216,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1221,10 +1302,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1303,10 +1388,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1385,10 +1474,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1469,7 +1562,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1503,10 +1596,14 @@ spec: description: AuthService is the Schema for the authservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1597,10 +1694,14 @@ spec: description: AuthService is the Schema for the authservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1624,12 +1725,17 @@ spec: type: string type: array ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array auth_service: - description: 'TODO(lukeshu): In v3alpha2, consider renameing `auth_service` to just `service`, for consistency with the other resource types.' + description: 'TODO(lukeshu): In v3alpha2, consider renameing `auth_service` + to just `service`, for consistency with the other resource types.' type: string circuit_breakers: items: @@ -1677,25 +1783,55 @@ spec: stats_name: type: string status_on_error: - description: 'TODO(lukeshu): In v3alpha2, consider getting rid of this struct type in favor of just using an int (i.e. `statusOnError: 500` instead of the current `statusOnError: { code: 500 }`).' + description: 'TODO(lukeshu): In v3alpha2, consider getting rid of + this struct type in favor of just using an int (i.e. `statusOnError: + 500` instead of the current `statusOnError: { code: 500 }`).' properties: code: type: integer type: object timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: type: string v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements when converting from v3alpha1 to v2. The values in an V2ExplicitTLS should not in any way affect the runtime operation of Emissary; except that it may affect internal names in the Envoy config, which may in turn affect stats names. But it should not affect any end-user observable behavior. + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. properties: serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize the scheme-part of the service URL. \n Acceptable values are \"http://\" (case-insensitive), \"https://\" (case-insensitive), or \"\". The value is used if it agrees with whether or not this resource enables TLS origination, or if something else in the resource overrides the scheme." + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." pattern: ^([hH][tT][tT][pP][sS]?://)?$ type: string tls: - description: "TLS controls whether and how to represent the \"tls\" field when its value could be implied by the \"service\" field. In v2, there were a lot of different ways to spell an \"empty\" value, and this field specifies which way to spell it (and will therefore only be used if the value will indeed be empty). \n | Value | Representation | Meaning of representation | |--------------+---------------------------------------+------------------------------------| | \"\" | omit the field | defer to service (no TLSContext) | | \"null\" | store an explicit \"null\" in the field | defer to service (no TLSContext) | | \"string\" | store an empty string in the field | defer to service (no TLSContext) | | \"bool:false\" | store a Boolean \"false\" in the field | defer to service (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" in the field | originate TLS (no TLSContext) | \n If the meaning of the representation contradicts anything else (if a TLSContext is to be used, or in the case of \"bool:true\" if TLS is not to be originated), then this field is ignored." + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." enum: - "" - "null" @@ -1710,12 +1846,20 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: AuthService is the Schema for the authservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1749,15 +1893,21 @@ spec: description: ConsulResolver is the Schema for the ConsulResolver API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use. + description: ConsulResolver tells Ambassador to use Consul to resolve + services. In addition to the AmbassadorID, it needs information about + which Consul server and DC to use. properties: address: type: string @@ -1774,20 +1924,30 @@ spec: description: ConsulResolver is the Schema for the ConsulResolver API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use. + description: ConsulResolver tells Ambassador to use Consul to resolve + services. In addition to the AmbassadorID, it needs information about + which Consul server and DC to use. properties: address: type: string ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -1797,12 +1957,20 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: ConsulResolver is the Schema for the ConsulResolver API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1833,13 +2001,25 @@ spec: - name: v2 schema: openAPIV3Schema: - description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)." + description: "DevPortal is the Schema for the DevPortals API \n DevPortal + resources specify the `what` and `how` is shown in a DevPortal: \n * `what` + is in a DevPortal can be controlled with - a `selector`, that can be used + for filtering `Mappings`. - a `docs` listing of (services, url) * `how` + is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). + \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server + will show them at different endpoints. A `DevPortal` resource with a special + name, `ambassador`, will be used for configuring the default Dev Portal + (served at `/docs/` by default)." properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1847,7 +2027,8 @@ spec: description: DevPortalSpec defines the desired state of DevPortal properties: content: - description: Content specifies where the content shown in the DevPortal come from + description: Content specifies where the content shown in the DevPortal + come from properties: branch: type: string @@ -1862,13 +2043,19 @@ spec: docs: description: Docs is a static docs definition items: - description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of : tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.' + description: 'DevPortalDocsSpec is a static documentation definition: + instead of using a Selector for finding documentation for services, + users can provide a static list of : tuples. These + services will be shown in the Dev Portal with the documentation + obtained from this URL.' properties: service: description: Service is the service being documented type: string timeout_ms: - description: Timeout specifies the amount of time devportal will wait for the downstream service to report an openapi spec back + description: Timeout specifies the amount of time devportal + will wait for the downstream service to report an openapi + spec back type: integer url: description: URL is the URL used for obtaining docs @@ -1876,21 +2063,28 @@ spec: type: object type: array naming_scheme: - description: Describes how to display "services" in the DevPortal. Default namespace.name + description: Describes how to display "services" in the DevPortal. + Default namespace.name enum: - namespace.name - name.prefix type: string preserve_servers: - description: Configures this DevPortal to use server definitions from the openAPI doc instead of rewriting them based on the url used for the connection. + description: Configures this DevPortal to use server definitions from + the openAPI doc instead of rewriting them based on the url used + for the connection. type: boolean search: - description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal + description: DevPortalSearchSpec allows configuration over search + functionality for the DevPortal properties: enabled: type: boolean type: - description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint' + description: 'Type of search. "title-only" does a fuzzy search + over openapi and page titles "all-content" will fuzzy search + over all openapi and page content. "title-only" is the default. + warning: using all-content may incur a larger memory footprint' enum: - title-only - all-content @@ -1902,10 +2096,12 @@ spec: matchLabels: additionalProperties: type: string - description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal. + description: MatchLabels specifies the list of labels that must + be present in Mappings for being present in this DevPortal. type: object matchNamespaces: - description: MatchNamespaces is a list of namespaces that will be included in this DevPortal. + description: MatchNamespaces is a list of namespaces that will + be included in this DevPortal. items: type: string type: array @@ -1918,13 +2114,25 @@ spec: - name: v3alpha1 schema: openAPIV3Schema: - description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)." + description: "DevPortal is the Schema for the DevPortals API \n DevPortal + resources specify the `what` and `how` is shown in a DevPortal: \n * `what` + is in a DevPortal can be controlled with - a `selector`, that can be used + for filtering `Mappings`. - a `docs` listing of (services, url) * `how` + is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). + \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server + will show them at different endpoints. A `DevPortal` resource with a special + name, `ambassador`, will be used for configuring the default Dev Portal + (served at `/docs/` by default)." properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1932,12 +2140,17 @@ spec: description: DevPortalSpec defines the desired state of DevPortal properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array content: - description: Content specifies where the content shown in the DevPortal come from + description: Content specifies where the content shown in the DevPortal + come from properties: branch: type: string @@ -1952,13 +2165,19 @@ spec: docs: description: Docs is a static docs definition items: - description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of : tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.' + description: 'DevPortalDocsSpec is a static documentation definition: + instead of using a Selector for finding documentation for services, + users can provide a static list of : tuples. These + services will be shown in the Dev Portal with the documentation + obtained from this URL.' properties: service: description: Service is the service being documented type: string timeout_ms: - description: Timeout specifies the amount of time devportal will wait for the downstream service to report an openapi spec back + description: Timeout specifies the amount of time devportal + will wait for the downstream service to report an openapi + spec back type: integer url: description: URL is the URL used for obtaining docs @@ -1966,21 +2185,28 @@ spec: type: object type: array naming_scheme: - description: Describes how to display "services" in the DevPortal. Default namespace.name + description: Describes how to display "services" in the DevPortal. + Default namespace.name enum: - namespace.name - name.prefix type: string preserve_servers: - description: Configures this DevPortal to use server definitions from the openAPI doc instead of rewriting them based on the url used for the connection. + description: Configures this DevPortal to use server definitions from + the openAPI doc instead of rewriting them based on the url used + for the connection. type: boolean search: - description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal + description: DevPortalSearchSpec allows configuration over search + functionality for the DevPortal properties: enabled: type: boolean type: - description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint' + description: 'Type of search. "title-only" does a fuzzy search + over openapi and page titles "all-content" will fuzzy search + over all openapi and page content. "title-only" is the default. + warning: using all-content may incur a larger memory footprint' enum: - title-only - all-content @@ -1992,10 +2218,12 @@ spec: matchLabels: additionalProperties: type: string - description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal. + description: MatchLabels specifies the list of labels that must + be present in Mappings for being present in this DevPortal. type: object matchNamespaces: - description: MatchNamespaces is a list of namespaces that will be included in this DevPortal. + description: MatchNamespaces is a list of namespaces that will + be included in this DevPortal. items: type: string type: array @@ -2004,12 +2232,20 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: DevPortal is the Schema for the DevPortals API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2059,10 +2295,14 @@ spec: description: Host is the Schema for the hosts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2070,18 +2310,36 @@ spec: description: HostSpec defines the desired state of Host properties: acmeProvider: - description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret. + description: Specifies whether/who to talk ACME with to automatically + manage the $tlsSecret. properties: authority: - description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host. + description: Specifies who to talk ACME with to get certs. Defaults + to Let's Encrypt; if "none" (case-insensitive), do not try to + do ACME for this Host. type: string email: type: string privateKeySecret: - description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Specifies the Kubernetes Secret to use to store + the private key of the ACME account (essentially, where to store + the auto-generated password for the auto-created ACME account). + \ You should not normally need to set this--the default value + is based on a combination of the ACME authority being registered + wit and the email address associated with the account. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because + we're opinionated, it does not support referencing a Secret + in another namespace (because most native Kubernetes resources + don't support that), but if we ever abandon that opinion and + decide to support non-local references it, it would be by adding + a `namespace:` field by changing it from a core.v1.LocalObjectReference + to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` + notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object registration: @@ -2092,7 +2350,8 @@ spec: description: Hostname by which the Ambassador can be reached. type: string previewUrl: - description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled. + description: Configuration for the Preview URL feature of Service + Preview. Defaults to preview URLs not enabled. properties: enabled: description: Is the Preview URL feature enabled? @@ -2119,21 +2378,32 @@ spec: type: object type: object selector: - description: Selector by which we can find further configuration. Defaults to hostname=$hostname + description: Selector by which we can find further configuration. + Defaults to hostname=$hostname properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2145,11 +2415,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object tls: - description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`. + description: TLS configuration. It is not valid to specify both `tlsContext` + and `tls`. properties: alpn_protocols: type: string @@ -2181,17 +2456,39 @@ spec: type: string type: object tlsContext: - description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Name of the TLSContext the Host resource is linked with. + It is not valid to specify both `tlsContext` and `tls`. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because we're + opinionated, it does not support referencing a Secret in another + namespace (because most native Kubernetes resources don't support + that), but if we ever abandon that opinion and decide to support + non-local references it, it would be by adding a `namespace:` field + by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, + not by adopting the `{name}.{namespace}` notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object tlsSecret: - description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Name of the Kubernetes secret into which to save generated + certificates. If ACME is enabled (see $acmeProvider), then the + default is $hostname; otherwise the default is \"\". If the value + is \"\", then we do not do TLS for this Host. \n Note that this + is a native-Kubernetes-style core.v1.LocalObjectReference, not an + Ambassador-style `{name}.{namespace}` string. Because we're opinionated, + it does not support referencing a Secret in another namespace (because + most native Kubernetes resources don't support that), but if we + ever abandon that opinion and decide to support non-local references + it, it would be by adding a `namespace:` field by changing it from + a core.v1.LocalObjectReference to a core.v1.SecretReference, not + by adopting the `{name}.{namespace}` notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: object @@ -2202,13 +2499,15 @@ spec: errorBackoff: type: string errorReason: - description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error. + description: errorReason, errorTimestamp, and errorBackoff are valid + when state==Error. type: string errorTimestamp: format: date-time type: string phaseCompleted: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. enum: - NA - DefaultsFilled @@ -2217,7 +2516,8 @@ spec: - ACMECertificateChallenge type: string phasePending: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. enum: - NA - DefaultsFilled @@ -2226,7 +2526,12 @@ spec: - ACMECertificateChallenge type: string state: - description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty. + description: The first value listed in the Enum marker becomes the + "zero" value, and it would be great if "Pending" could be the default + value; but it's Important that the "zero" value be able to be shown + as empty/omitted from display, and we really do want `kubectl get + hosts` to say "Pending" in the "STATE" column, and not leave the + column empty. enum: - Initial - Pending @@ -2268,10 +2573,14 @@ spec: description: Host is the Schema for the hosts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2279,18 +2588,36 @@ spec: description: HostSpec defines the desired state of Host properties: acmeProvider: - description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret. + description: Specifies whether/who to talk ACME with to automatically + manage the $tlsSecret. properties: authority: - description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host. + description: Specifies who to talk ACME with to get certs. Defaults + to Let's Encrypt; if "none" (case-insensitive), do not try to + do ACME for this Host. type: string email: type: string privateKeySecret: - description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Specifies the Kubernetes Secret to use to store + the private key of the ACME account (essentially, where to store + the auto-generated password for the auto-created ACME account). + \ You should not normally need to set this--the default value + is based on a combination of the ACME authority being registered + wit and the email address associated with the account. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because + we're opinionated, it does not support referencing a Secret + in another namespace (because most native Kubernetes resources + don't support that), but if we ever abandon that opinion and + decide to support non-local references it, it would be by adding + a `namespace:` field by changing it from a core.v1.LocalObjectReference + to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` + notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object registration: @@ -2306,21 +2633,33 @@ spec: description: Hostname by which the Ambassador can be reached. type: string mappingSelector: - description: Selector for Mappings we'll associate with this Host. At the moment, Selector and MappingSelector are synonyms, but that will change soon. + description: Selector for Mappings we'll associate with this Host. + At the moment, Selector and MappingSelector are synonyms, but that + will change soon. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2332,11 +2671,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object previewUrl: - description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled. + description: Configuration for the Preview URL feature of Service + Preview. Defaults to preview URLs not enabled. properties: enabled: description: Is the Preview URL feature enabled? @@ -2363,21 +2707,33 @@ spec: type: object type: object selector: - description: "DEPRECATED: Selector by which we can find further configuration. Use MappingSelector instead. \n TODO(lukeshu): In v3alpha2, figure out how to get rid of HostSpec.DeprecatedSelector." + description: "DEPRECATED: Selector by which we can find further configuration. + Use MappingSelector instead. \n TODO(lukeshu): In v3alpha2, figure + out how to get rid of HostSpec.DeprecatedSelector." properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2389,11 +2745,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object tls: - description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`. + description: TLS configuration. It is not valid to specify both `tlsContext` + and `tls`. properties: alpn_protocols: type: string @@ -2425,17 +2786,39 @@ spec: type: string type: object tlsContext: - description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Name of the TLSContext the Host resource is linked with. + It is not valid to specify both `tlsContext` and `tls`. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because we're + opinionated, it does not support referencing a Secret in another + namespace (because most native Kubernetes resources don't support + that), but if we ever abandon that opinion and decide to support + non-local references it, it would be by adding a `namespace:` field + by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, + not by adopting the `{name}.{namespace}` notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object tlsSecret: - description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Name of the Kubernetes secret into which to save generated + certificates. If ACME is enabled (see $acmeProvider), then the + default is $hostname; otherwise the default is \"\". If the value + is \"\", then we do not do TLS for this Host. \n Note that this + is a native-Kubernetes-style core.v1.LocalObjectReference, not an + Ambassador-style `{name}.{namespace}` string. Because we're opinionated, + it does not support referencing a Secret in another namespace (because + most native Kubernetes resources don't support that), but if we + ever abandon that opinion and decide to support non-local references + it, it would be by adding a `namespace:` field by changing it from + a core.v1.LocalObjectReference to a core.v1.SecretReference, not + by adopting the `{name}.{namespace}` notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: object @@ -2445,13 +2828,15 @@ spec: errorBackoff: type: string errorReason: - description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error. + description: errorReason, errorTimestamp, and errorBackoff are valid + when state==Error. type: string errorTimestamp: format: date-time type: string phaseCompleted: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. enum: - NA - DefaultsFilled @@ -2460,7 +2845,8 @@ spec: - ACMECertificateChallenge type: string phasePending: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. enum: - NA - DefaultsFilled @@ -2469,7 +2855,12 @@ spec: - ACMECertificateChallenge type: string state: - description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty. + description: The first value listed in the Enum marker becomes the + "zero" value, and it would be great if "Pending" could be the default + value; but it's Important that the "zero" value be able to be shown + as empty/omitted from display, and we really do want `kubectl get + hosts` to say "Pending" in the "STATE" column, and not leave the + column empty. enum: - Initial - Pending @@ -2494,7 +2885,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2525,18 +2916,25 @@ spec: - name: v2 schema: openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver + API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID. + description: KubernetesEndpointResolver tells Ambassador to use Kubernetes + Endpoints resources to resolve services. It actually has no spec other + than the AmbassadorID. type: object x-kubernetes-preserve-unknown-fields: true type: object @@ -2545,21 +2943,32 @@ spec: - name: v3alpha1 schema: openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver + API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID. + description: KubernetesEndpointResolver tells Ambassador to use Kubernetes + Endpoints resources to resolve services. It actually has no spec other + than the AmbassadorID. properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -2567,12 +2976,21 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver + API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2603,18 +3021,25 @@ spec: - name: v2 schema: openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver + API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID. + description: KubernetesServiceResolver tells Ambassador to use Kubernetes + Service resources to resolve services. It actually has no spec other + than the AmbassadorID. type: object x-kubernetes-preserve-unknown-fields: true type: object @@ -2623,21 +3048,32 @@ spec: - name: v3alpha1 schema: openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver + API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID. + description: KubernetesServiceResolver tells Ambassador to use Kubernetes + Service resources to resolve services. It actually has no spec other + than the AmbassadorID. properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -2645,12 +3081,21 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver + API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2694,10 +3139,14 @@ spec: description: Listener is the Schema for the hosts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2705,15 +3154,21 @@ spec: description: ListenerSpec defines the desired state of this Port properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array hostBinding: - description: HostBinding allows restricting which Hosts will be used for this Listener. + description: HostBinding allows restricting which Hosts will be used + for this Listener. properties: namespace: - description: NamespaceBindingType defines we we specify which namespaces to look for Hosts in. + description: NamespaceBindingType defines we we specify which + namespaces to look for Hosts in. properties: from: description: NamespaceFromType defines how we evaluate a NamespaceBindingType. @@ -2724,21 +3179,34 @@ spec: type: string type: object selector: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector + applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -2750,22 +3218,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object type: object l7Depth: - description: L7Depth specifies how many layer 7 load balancers are between us and the edge of the network. + description: L7Depth specifies how many layer 7 load balancers are + between us and the edge of the network. format: int32 type: integer port: - description: Port is the network port. Only one Listener can use a given port. + description: Port is the network port. Only one Listener can use a + given port. format: int32 maximum: 65535 minimum: 1 type: integer protocol: - description: Protocol is a shorthand for certain predefined stacks. Exactly one of Protocol or ProtocolStack must be supplied. + description: Protocol is a shorthand for certain predefined stacks. + Exactly one of Protocol or ProtocolStack must be supplied. enum: - HTTP - HTTPS @@ -2776,9 +3251,12 @@ spec: - UDP type: string protocolStack: - description: ProtocolStack explicitly specifies the protocol stack to set up. Exactly one of Protocol or ProtocolStack must be supplied. + description: ProtocolStack explicitly specifies the protocol stack + to set up. Exactly one of Protocol or ProtocolStack must be supplied. items: - description: ProtocolStackElement defines specific layers that may be combined in a protocol stack for processing connections to a port. + description: ProtocolStackElement defines specific layers that may + be combined in a protocol stack for processing connections to + a port. enum: - HTTP - PROXY @@ -2788,14 +3266,17 @@ spec: type: string type: array securityModel: - description: SecurityModel specifies how to determine whether connections to this port are secure or insecure. + description: SecurityModel specifies how to determine whether connections + to this port are secure or insecure. enum: - XFP - SECURE - INSECURE type: string statsPrefix: - description: 'StatsPrefix specifies the prefix for statistics sent by Envoy about this Listener. The default depends on the protocol: "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".' + description: 'StatsPrefix specifies the prefix for statistics sent + by Envoy about this Listener. The default depends on the protocol: + "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".' type: string required: - hostBinding @@ -2811,7 +3292,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2845,10 +3326,14 @@ spec: description: LogService is the Schema for the logservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2897,10 +3382,14 @@ spec: description: LogService is the Schema for the logservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2908,7 +3397,11 @@ spec: description: LogServiceSpec defines the desired state of LogService properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -2947,12 +3440,20 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: LogService is the Schema for the logservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -3002,10 +3503,14 @@ spec: description: Mapping is the Schema for the mappings API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -3021,7 +3526,16 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true allow_upgrade: - description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1" + description: "A case-insensitive list of the non-HTTP protocols to + allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" + mechanism[1]. After the upgrade, Ambassador does not interpret + the traffic, and behaves similarly to how it does for TCPMappings. + \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, + if your upstream service supports WebSockets, you would write \n + \ allow_upgrade: - websocket \n Or if your upstream service + supports upgrading from HTTP to SPDY (as the Kubernetes apiserver + does for `kubectl exec` functionality), you would write \n allow_upgrade: + \ - spdy/3.1" items: type: string type: array @@ -3034,7 +3548,8 @@ spec: bypass_auth: type: boolean bypass_error_response_overrides: - description: If true, bypasses any `error_response_overrides` set on the Ambassador module. + description: If true, bypasses any `error_response_overrides` set + on the Ambassador module. type: boolean case_sensitive: type: boolean @@ -3075,7 +3590,8 @@ spec: dns_type: type: string docs: - description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal) + description: DocsInfo provides some extra information about the docs + for the Mapping (used by the Dev Portal) properties: display_name: type: string @@ -3093,11 +3609,14 @@ spec: enable_ipv6: type: boolean envoy_override: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true error_response_overrides: - description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any. + description: Error response overrides for this Mapping. Replaces all + of the `error_response_overrides` set on the Ambassador module, + if any. items: description: A response rewrite for an HTTP error response properties: @@ -3105,26 +3624,35 @@ spec: description: The new response body properties: content_type: - description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'. + description: The content type to set on the error response + body when using text_format or text_format_source. Defaults + to 'text/plain'. type: string json_format: additionalProperties: type: string - description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.' + description: 'A JSON response with content-type: application/json. + The values can contain format text like in text_format.' type: object text_format: - description: A format string representing a text response body. Content-Type can be set using the `content_type` field below. + description: A format string representing a text response + body. Content-Type can be set using the `content_type` + field below. type: string text_format_source: - description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration. + description: A format string sourced from a file on the + Ambassador container. Useful for larger response bodies + that should not be placed inline in configuration. properties: filename: - description: The name of a file on the Ambassador pod that contains a format text string. + description: The name of a file on the Ambassador pod + that contains a format text string. type: string type: object type: object on_status_code: - description: The status code to match on -- not a pointer because it's required. + description: The status code to match on -- not a pointer because + it's required. maximum: 599 minimum: 400 type: integer @@ -3160,15 +3688,20 @@ spec: type: object labels: additionalProperties: - description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex. + description: A MappingLabelGroupsArray is an array of MappingLabelGroups. + I know, complex. items: - description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.' + description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: + a second map, where the key is a human-readable name that identifies + the group.' maxProperties: 1 minProperties: 1 type: object x-kubernetes-preserve-unknown-fields: true type: array - description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups. + description: A DomainMap is the overall Mapping.spec.Labels type. + It maps domains (kind of like namespaces for Mapping labels) to + arrays of label groups. type: object load_balancer: properties: @@ -3203,14 +3736,16 @@ spec: type: boolean modules: items: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but + it preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true type: array outlier_detection: type: string path_redirect: - description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`. + description: Path replacement to use when generating an HTTP redirect. + Used with `host_redirect`. type: string precedence: type: integer @@ -3219,7 +3754,8 @@ spec: prefix_exact: type: boolean prefix_redirect: - description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + description: Prefix rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. type: string prefix_regex: type: boolean @@ -3229,7 +3765,8 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true redirect_response_code: - description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`. + description: The response code to use when generating an HTTP redirect. + Defaults to 301. Used with `host_redirect`. enum: - 301 - 302 @@ -3246,7 +3783,8 @@ spec: type: string type: object regex_redirect: - description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + description: Prefix regex rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. properties: pattern: type: string @@ -3287,10 +3825,13 @@ spec: shadow: type: boolean timeout_ms: - description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. + description: The timeout for requests that use this Mapping. Overrides + `cluster_request_timeout_ms` set on the Ambassador Module, if it + exists. type: integer use_websocket: - description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`' + description: 'use_websocket is deprecated, and is equivlaent to setting + `allow_upgrade: ["websocket"]`' type: boolean v3StatsName: type: string @@ -3340,10 +3881,14 @@ spec: description: Mapping is the Schema for the mappings API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -3383,12 +3928,25 @@ spec: type: object type: object allow_upgrade: - description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1" + description: "A case-insensitive list of the non-HTTP protocols to + allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" + mechanism[1]. After the upgrade, Ambassador does not interpret + the traffic, and behaves similarly to how it does for TCPMappings. + \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, + if your upstream service supports WebSockets, you would write \n + \ allow_upgrade: - websocket \n Or if your upstream service + supports upgrading from HTTP to SPDY (as the Kubernetes apiserver + does for `kubectl exec` functionality), you would write \n allow_upgrade: + \ - spdy/3.1" items: type: string type: array ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -3401,7 +3959,8 @@ spec: bypass_auth: type: boolean bypass_error_response_overrides: - description: If true, bypasses any `error_response_overrides` set on the Ambassador module. + description: If true, bypasses any `error_response_overrides` set + on the Ambassador module. type: boolean case_sensitive: type: boolean @@ -3424,15 +3983,18 @@ spec: type: object type: array cluster_idle_timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer cluster_max_connection_lifetime_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer cluster_tag: type: string connect_timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer cors: properties: @@ -3462,7 +4024,8 @@ spec: dns_type: type: string docs: - description: DocsInfo provides some extra information about the docs for the Mapping. Docs is used by both the agent and the DevPortal. + description: DocsInfo provides some extra information about the docs + for the Mapping. Docs is used by both the agent and the DevPortal. properties: display_name: type: string @@ -3471,7 +4034,8 @@ spec: path: type: string timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer url: type: string @@ -3481,11 +4045,14 @@ spec: enable_ipv6: type: boolean envoy_override: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true error_response_overrides: - description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any. + description: Error response overrides for this Mapping. Replaces all + of the `error_response_overrides` set on the Ambassador module, + if any. items: description: A response rewrite for an HTTP error response properties: @@ -3493,26 +4060,35 @@ spec: description: The new response body properties: content_type: - description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'. + description: The content type to set on the error response + body when using text_format or text_format_source. Defaults + to 'text/plain'. type: string json_format: additionalProperties: type: string - description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.' + description: 'A JSON response with content-type: application/json. + The values can contain format text like in text_format.' type: object text_format: - description: A format string representing a text response body. Content-Type can be set using the `content_type` field below. + description: A format string representing a text response + body. Content-Type can be set using the `content_type` + field below. type: string text_format_source: - description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration. + description: A format string sourced from a file on the + Ambassador container. Useful for larger response bodies + that should not be placed inline in configuration. properties: filename: - description: The name of a file on the Ambassador pod that contains a format text string. + description: The name of a file on the Ambassador pod + that contains a format text string. type: string type: object type: object on_status_code: - description: The status code to match on -- not a pointer because it's required. + description: The status code to match on -- not a pointer because + it's required. maximum: 599 minimum: 400 type: integer @@ -3529,20 +4105,39 @@ spec: type: string type: object host: - description: "Exact match for the hostname of a request if HostRegex is false; regex match for the hostname if HostRegex is true. \n Host specifies both a match for the ':authority' header of a request, as well as a match criterion for Host CRDs: a Mapping that specifies Host will not associate with a Host that doesn't have a matching Hostname. \n If both Host and Hostname are set, an error is logged, Host is ignored, and Hostname is used. \n DEPRECATED: Host is either an exact match or a regex, depending on HostRegex. Use HostName instead. \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.host and MappingSpec.host_regex in favor of a MappingSpec.deprecated_hostname_regex." + description: "Exact match for the hostname of a request if HostRegex + is false; regex match for the hostname if HostRegex is true. \n + Host specifies both a match for the ':authority' header of a request, + as well as a match criterion for Host CRDs: a Mapping that specifies + Host will not associate with a Host that doesn't have a matching + Hostname. \n If both Host and Hostname are set, an error is logged, + Host is ignored, and Hostname is used. \n DEPRECATED: Host is either + an exact match or a regex, depending on HostRegex. Use HostName + instead. \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.host + and MappingSpec.host_regex in favor of a MappingSpec.deprecated_hostname_regex." type: string host_redirect: type: boolean host_regex: - description: "DEPRECATED: Host is either an exact match or a regex, depending on HostRegex. Use HostName instead. \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.host and MappingSpec.host_regex in favor of a MappingSpec.deprecated_hostname_regex." + description: "DEPRECATED: Host is either an exact match or a regex, + depending on HostRegex. Use HostName instead. \n TODO(lukeshu): + In v3alpha2, get rid of MappingSpec.host and MappingSpec.host_regex + in favor of a MappingSpec.deprecated_hostname_regex." type: boolean host_rewrite: type: string hostname: - description: "Hostname is a DNS glob specifying the hosts to which this Mapping applies. \n Hostname specifies both a match for the ':authority' header of a request, as well as a match criterion for Host CRDs: a Mapping that specifies Hostname will not associate with a Host that doesn't have a matching Hostname. \n If both Host and Hostname are set, an error is logged, Host is ignored, and Hostname is used." + description: "Hostname is a DNS glob specifying the hosts to which + this Mapping applies. \n Hostname specifies both a match for the + ':authority' header of a request, as well as a match criterion for + Host CRDs: a Mapping that specifies Hostname will not associate + with a Host that doesn't have a matching Hostname. \n If both Host + and Hostname are set, an error is logged, Host is ignored, and Hostname + is used." type: string idle_timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer keepalive: properties: @@ -3555,17 +4150,21 @@ spec: type: object labels: additionalProperties: - description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex. + description: A MappingLabelGroupsArray is an array of MappingLabelGroups. + I know, complex. items: additionalProperties: - description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.' + description: 'A MappingLabelsArray is the value in the MappingLabelGroup: + an array of label specifiers.' items: - description: "A MappingLabelSpecifier (finally!) defines a single label. \n This mimics envoy/config/route/v3/route_components.proto:RateLimit:Action:action_specifier." + description: "A MappingLabelSpecifier (finally!) defines a + single label. \n This mimics envoy/config/route/v3/route_components.proto:RateLimit:Action:action_specifier." maxProperties: 1 minProperties: 1 properties: destination_cluster: - description: Sets the label "destination_cluster=«Envoy destination cluster name»". + description: Sets the label "destination_cluster=«Envoy + destination cluster name»". properties: key: enum: @@ -3575,7 +4174,8 @@ spec: - key type: object generic_key: - description: Sets the label "«key»=«value»" (where by default «key» is "generic_key"). + description: Sets the label "«key»=«value»" (where by + default «key» is "generic_key"). properties: key: description: The default is "generic_key". @@ -3588,7 +4188,8 @@ spec: - value type: object remote_address: - description: Sets the label "remote_address=«IP address of the client»". + description: Sets the label "remote_address=«IP address + of the client»". properties: key: enum: @@ -3598,7 +4199,9 @@ spec: - key type: object request_headers: - description: If the «header_name» header is set, then set the label "«key»=«Value of the «header_name» header»"; otherwise skip applying this label group. + description: If the «header_name» header is set, then + set the label "«key»=«Value of the «header_name» header»"; + otherwise skip applying this label group. properties: header_name: type: string @@ -3611,7 +4214,8 @@ spec: - key type: object source_cluster: - description: Sets the label "source_cluster=«Envoy source cluster name»". + description: Sets the label "source_cluster=«Envoy source + cluster name»". properties: key: enum: @@ -3622,12 +4226,16 @@ spec: type: object type: object type: array - description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.' + description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: + a second map, where the key is a human-readable name that identifies + the group.' maxProperties: 1 minProperties: 1 type: object type: array - description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups. + description: A DomainMap is the overall Mapping.spec.Labels type. + It maps domains (kind of like namespaces for Mapping labels) to + arrays of label groups. type: object load_balancer: properties: @@ -3662,14 +4270,16 @@ spec: type: boolean modules: items: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but + it preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true type: array outlier_detection: type: string path_redirect: - description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`. + description: Path replacement to use when generating an HTTP redirect. + Used with `host_redirect`. type: string precedence: type: integer @@ -3678,7 +4288,8 @@ spec: prefix_exact: type: boolean prefix_redirect: - description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + description: Prefix rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. type: string prefix_regex: type: boolean @@ -3689,7 +4300,8 @@ spec: type: string type: object redirect_response_code: - description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`. + description: The response code to use when generating an HTTP redirect. + Defaults to 301. Used with `host_redirect`. enum: - 301 - 302 @@ -3706,7 +4318,8 @@ spec: type: string type: object regex_redirect: - description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + description: Prefix regex rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. properties: pattern: type: string @@ -3757,12 +4370,16 @@ spec: stats_name: type: string timeout_ms: - description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. + description: The timeout for requests that use this Mapping. Overrides + `cluster_request_timeout_ms` set on the Ambassador Module, if it + exists. type: integer tls: type: string use_websocket: - description: "use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: [\"websocket\"]` \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.DeprecatedUseWebsocket." + description: "use_websocket is deprecated, and is equivlaent to setting + `allow_upgrade: [\"websocket\"]` \n TODO(lukeshu): In v3alpha2, + get rid of MappingSpec.DeprecatedUseWebsocket." type: boolean v2BoolHeaders: items: @@ -3773,14 +4390,41 @@ spec: type: string type: array v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements when converting from v3alpha1 to v2. The values in an V2ExplicitTLS should not in any way affect the runtime operation of Emissary; except that it may affect internal names in the Envoy config, which may in turn affect stats names. But it should not affect any end-user observable behavior. + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. properties: serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize the scheme-part of the service URL. \n Acceptable values are \"http://\" (case-insensitive), \"https://\" (case-insensitive), or \"\". The value is used if it agrees with whether or not this resource enables TLS origination, or if something else in the resource overrides the scheme." + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." pattern: ^([hH][tT][tT][pP][sS]?://)?$ type: string tls: - description: "TLS controls whether and how to represent the \"tls\" field when its value could be implied by the \"service\" field. In v2, there were a lot of different ways to spell an \"empty\" value, and this field specifies which way to spell it (and will therefore only be used if the value will indeed be empty). \n | Value | Representation | Meaning of representation | |--------------+---------------------------------------+------------------------------------| | \"\" | omit the field | defer to service (no TLSContext) | | \"null\" | store an explicit \"null\" in the field | defer to service (no TLSContext) | | \"string\" | store an empty string in the field | defer to service (no TLSContext) | | \"bool:false\" | store a Boolean \"false\" in the field | defer to service (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" in the field | originate TLS (no TLSContext) | \n If the meaning of the representation contradicts anything else (if a TLSContext is to be used, or in the case of \"bool:true\" if TLS is not to be originated), then this field is ignored." + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." enum: - "" - "null" @@ -3812,12 +4456,20 @@ spec: storage: false subresources: status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Mapping is the Schema for the mappings API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -3848,20 +4500,28 @@ spec: - name: v2 schema: openAPIV3Schema: - description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" + description: "A Module defines system-wide configuration. The type of module + is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". + \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module + https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: config: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true type: object @@ -3872,25 +4532,37 @@ spec: - name: v3alpha1 schema: openAPIV3Schema: - description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" + description: "A Module defines system-wide configuration. The type of module + is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". + \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module + https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array config: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true required: @@ -3899,12 +4571,21 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: A Module defines system-wide configuration. The type of module + is controlled by the .metadata.name; valid names are "ambassador" or "tls". + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -3938,10 +4619,14 @@ spec: description: RateLimitService is the Schema for the ratelimitservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -3974,10 +4659,14 @@ spec: description: RateLimitService is the Schema for the ratelimitservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4001,19 +4690,47 @@ spec: stats_name: type: string timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: type: string v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements when converting from v3alpha1 to v2. The values in an V2ExplicitTLS should not in any way affect the runtime operation of Emissary; except that it may affect internal names in the Envoy config, which may in turn affect stats names. But it should not affect any end-user observable behavior. + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. properties: serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize the scheme-part of the service URL. \n Acceptable values are \"http://\" (case-insensitive), \"https://\" (case-insensitive), or \"\". The value is used if it agrees with whether or not this resource enables TLS origination, or if something else in the resource overrides the scheme." + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." pattern: ^([hH][tT][tT][pP][sS]?://)?$ type: string tls: - description: "TLS controls whether and how to represent the \"tls\" field when its value could be implied by the \"service\" field. In v2, there were a lot of different ways to spell an \"empty\" value, and this field specifies which way to spell it (and will therefore only be used if the value will indeed be empty). \n | Value | Representation | Meaning of representation | |--------------+---------------------------------------+------------------------------------| | \"\" | omit the field | defer to service (no TLSContext) | | \"null\" | store an explicit \"null\" in the field | defer to service (no TLSContext) | | \"string\" | store an empty string in the field | defer to service (no TLSContext) | | \"bool:false\" | store a Boolean \"false\" in the field | defer to service (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" in the field | originate TLS (no TLSContext) | \n If the meaning of the representation contradicts anything else (if a TLSContext is to be used, or in the case of \"bool:true\" if TLS is not to be originated), then this field is ignored." + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." enum: - "" - "null" @@ -4028,12 +4745,20 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: RateLimitService is the Schema for the ratelimitservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4067,10 +4792,14 @@ spec: description: TCPMapping is the Schema for the tcpmappings API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4133,10 +4862,14 @@ spec: description: TCPMapping is the Schema for the tcpmappings API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4146,7 +4879,11 @@ spec: address: type: string ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -4191,14 +4928,41 @@ spec: tls: type: string v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements when converting from v3alpha1 to v2. The values in an V2ExplicitTLS should not in any way affect the runtime operation of Emissary; except that it may affect internal names in the Envoy config, which may in turn affect stats names. But it should not affect any end-user observable behavior. + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. properties: serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize the scheme-part of the service URL. \n Acceptable values are \"http://\" (case-insensitive), \"https://\" (case-insensitive), or \"\". The value is used if it agrees with whether or not this resource enables TLS origination, or if something else in the resource overrides the scheme." + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." pattern: ^([hH][tT][tT][pP][sS]?://)?$ type: string tls: - description: "TLS controls whether and how to represent the \"tls\" field when its value could be implied by the \"service\" field. In v2, there were a lot of different ways to spell an \"empty\" value, and this field specifies which way to spell it (and will therefore only be used if the value will indeed be empty). \n | Value | Representation | Meaning of representation | |--------------+---------------------------------------+------------------------------------| | \"\" | omit the field | defer to service (no TLSContext) | | \"null\" | store an explicit \"null\" in the field | defer to service (no TLSContext) | | \"string\" | store an empty string in the field | defer to service (no TLSContext) | | \"bool:false\" | store a Boolean \"false\" in the field | defer to service (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" in the field | originate TLS (no TLSContext) | \n If the meaning of the representation contradicts anything else (if a TLSContext is to be used, or in the case of \"bool:true\" if TLS is not to be originated), then this field is ignored." + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." enum: - "" - "null" @@ -4216,12 +4980,20 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: TCPMapping is the Schema for the tcpmappings API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4255,10 +5027,14 @@ spec: description: TLSContext is the Schema for the tlscontexts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4322,10 +5098,14 @@ spec: description: TLSContext is the Schema for the tlscontexts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4335,7 +5115,11 @@ spec: alpn_protocols: type: string ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -4387,12 +5171,20 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: TLSContext is the Schema for the tlscontexts API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4426,10 +5218,14 @@ spec: description: TracingService is the Schema for the tracingservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4496,10 +5292,14 @@ spec: description: TracingService is the Schema for the tracingservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4507,7 +5307,11 @@ spec: description: TracingServiceSpec defines the desired state of TracingService properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -4564,6 +5368,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: TracingService is the Schema for the tracingservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- ################################################################################ # Namespace # @@ -4741,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml new file mode 100644 index 0000000..0e618ad --- /dev/null +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -0,0 +1,293 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts, rollouts/status] + verbs: [get, list, watch, patch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: default +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: default +--- +# Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-admin + namespace: default + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack admin service for internal use and + health checks. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 8877 + targetPort: admin + protocol: TCP + name: ambassador-admin + - port: 8005 + targetPort: 8005 + protocol: TCP + name: ambassador-snapshot + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.2.2 + imagePullPolicy: IfNotPresent + command: [agent] + ports: + - containerPort: 8080 + name: http + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.default:8005/snapshot-external + progressDeadlineSeconds: 600 diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index 7712009..ceb3a2d 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http @@ -150,6 +150,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: @@ -158,6 +160,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AES_ACME_LEADER_DISABLE value: 'true' - name: AMBASSADOR_DRAIN_TIME @@ -346,6 +350,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 043bd51..3501103 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -143,8 +143,8 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] - verbs: [get, list, watch] + resources: [rollouts, rollouts/status] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -234,6 +234,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] @@ -509,9 +510,12 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: @@ -581,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http @@ -591,6 +595,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: @@ -599,6 +605,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AMBASSADOR_DRAIN_TIME value: '600' - name: AMBASSADOR_INTERNAL_URL diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml new file mode 100644 index 0000000..b3087d6 --- /dev/null +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -0,0 +1,293 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts, rollouts/status] + verbs: [get, list, watch, patch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: emissary +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: emissary +--- +# Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-admin + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack admin service for internal use and + health checks. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 8877 + targetPort: admin + protocol: TCP + name: ambassador-admin + - port: 8005 + targetPort: 8005 + protocol: TCP + name: ambassador-snapshot + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.2.2 + imagePullPolicy: IfNotPresent + command: [agent] + ports: + - containerPort: 8080 + name: http + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.emissary:8005/snapshot-external + progressDeadlineSeconds: 600 diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 5daa4f0..345aa34 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http @@ -150,6 +150,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: @@ -158,6 +160,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AES_ACME_LEADER_DISABLE value: 'true' - name: AMBASSADOR_DRAIN_TIME @@ -346,6 +350,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index ee040ef..104695b 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -151,8 +151,8 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] - verbs: [get, list, watch] + resources: [rollouts, rollouts/status] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -242,6 +242,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] @@ -517,9 +518,12 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: @@ -589,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http @@ -599,6 +603,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: @@ -607,6 +613,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AMBASSADOR_DRAIN_TIME value: '600' - name: AMBASSADOR_INTERNAL_URL diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 59bd7a8..570c758 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -151,8 +151,8 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] - verbs: [get, list, watch] + resources: [rollouts, rollouts/status] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -242,6 +242,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] @@ -517,9 +518,12 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: @@ -589,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http @@ -599,6 +603,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: @@ -607,6 +613,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AMBASSADOR_DRAIN_TIME value: '600' - name: AMBASSADOR_INTERNAL_URL