From 4c6e39025ca80555a7b98e9d34375e9b7a90570e Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Feb 2022 12:14:07 -0500 Subject: [PATCH 01/40] Have aes-ambassadorns YAML files, since Edge Stack 1.14 is often installed in the ambassador namespace Signed-off-by: Flynn --- Makefile | 16 +- .../aes-ambassadorns-migration/require.yaml | 13 + .../aes-ambassadorns-migration/values.yaml | 34 + k8s-config/aes-ambassadorns/require.yaml | 32 + k8s-config/aes-ambassadorns/values.yaml | 39 + .../aes-ambassadorns-migration.yaml | 378 +++++++++ manifests/edge-stack/aes-ambassadorns.yaml | 777 ++++++++++++++++++ 7 files changed, 1283 insertions(+), 6 deletions(-) create mode 100644 k8s-config/aes-ambassadorns-migration/require.yaml create mode 100644 k8s-config/aes-ambassadorns-migration/values.yaml create mode 100644 k8s-config/aes-ambassadorns/require.yaml create mode 100644 k8s-config/aes-ambassadorns/values.yaml create mode 100644 manifests/edge-stack/aes-ambassadorns-migration.yaml create mode 100644 manifests/edge-stack/aes-ambassadorns.yaml diff --git a/Makefile b/Makefile index e7acbf4..581bd4c 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,8 @@ SHELL := /bin/bash HELM_OUTPUT_DIR := $(EDGE_STACK_HOME)/build/helm/ generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns.yaml @@ -29,12 +31,14 @@ $(HELM_OUTPUT_DIR): $(EDGE_STACK_HOME)/charts/edge-stack/charts FORCE mkdir -p $@ helm template edge-stack --output-dir $@ -n ambassador $(EDGE_STACK_HOME)/charts/edge-stack -helm-namespace.aes = ambassador -helm-namespace.aes-defaultns = default -helm-namespace.aes-defaultms-migration = default -helm-namespace.aes-emissaryns = emissary -helm-namespace.aes-emissaryns-migration = emissary -helm-namespace.resources-migration = default +helm-namespace.aes = ambassador +helm-namespace.aes-ambassadorns = ambassador +helm-namespace.aes-ambassadorns-migration = ambassador +helm-namespace.aes-defaultns = default +helm-namespace.aes-defaultns-migration = default +helm-namespace.aes-emissaryns = emissary +helm-namespace.aes-emissaryns-migration = emissary +helm-namespace.resources-migration = default $(EDGE_STACK_HOME)/k8s-config/%/helm-expanded.yaml: \ $(EDGE_STACK_HOME)/charts/edge-stack/charts \ $(EDGE_STACK_HOME)/k8s-config/%/values.yaml \ diff --git a/k8s-config/aes-ambassadorns-migration/require.yaml b/k8s-config/aes-ambassadorns-migration/require.yaml new file mode 100644 index 0000000..915e8e2 --- /dev/null +++ b/k8s-config/aes-ambassadorns-migration/require.yaml @@ -0,0 +1,13 @@ +resources: + # everything else + - { kind: Service, name: edge-stack-redis, namespace: ambassador } + - { kind: Deployment, name: edge-stack-redis, namespace: ambassador } + - { kind: Secret, name: edge-stack, namespace: ambassador } + - { kind: Service, name: test-aes, namespace: ambassador } + - { kind: Deployment, name: aes, namespace: ambassador } + - { kind: ServiceAccount, name: edge-stack, namespace: ambassador } + - { kind: ClusterRoleBinding, name: edge-stack } + - { kind: ClusterRole, name: edge-stack } + - { kind: ClusterRole, name: edge-stack-aes } + - { kind: ClusterRole, name: edge-stack-crd } + - { kind: ClusterRole, name: edge-stack-watch } diff --git a/k8s-config/aes-ambassadorns-migration/values.yaml b/k8s-config/aes-ambassadorns-migration/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-ambassadorns-migration/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/k8s-config/aes-ambassadorns/require.yaml b/k8s-config/aes-ambassadorns/require.yaml new file mode 100644 index 0000000..d767792 --- /dev/null +++ b/k8s-config/aes-ambassadorns/require.yaml @@ -0,0 +1,32 @@ +resources: + - { kind: Namespace, name: ambassador } + - { kind: ServiceAccount, name: edge-stack-agent, namespace: ambassador } + - { kind: ServiceAccount, name: edge-stack, namespace: ambassador } + - { kind: Secret, name: edge-stack, namespace: ambassador } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRole, name: edge-stack } + - { kind: ClusterRole, name: edge-stack-crd } + - { kind: ClusterRole, name: edge-stack-watch } + - { kind: ClusterRole, name: edge-stack-aes } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: ClusterRoleBinding, name: edge-stack } + - { kind: Role, name: edge-stack-agent-config, namespace: ambassador } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: ambassador } + - { kind: Service, name: edge-stack-admin, namespace: ambassador } + - { kind: Service, name: edge-stack, namespace: ambassador } + - { kind: Service, name: edge-stack-redis, namespace: ambassador } + - { kind: Deployment, name: edge-stack-agent, namespace: ambassador } + - { kind: Deployment, name: edge-stack, namespace: ambassador } + - { kind: Deployment, name: edge-stack-redis, namespace: ambassador } + - { kind: AuthService, name: edge-stack-auth, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal-assets, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal-demo, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal-api, namespace: ambassador } + - { kind: RateLimitService, name: edge-stack-ratelimit, namespace: ambassador } diff --git a/k8s-config/aes-ambassadorns/values.yaml b/k8s-config/aes-ambassadorns/values.yaml new file mode 100644 index 0000000..65f5340 --- /dev/null +++ b/k8s-config/aes-ambassadorns/values.yaml @@ -0,0 +1,39 @@ +emissary-ingress: + replicaCount: 1 + createNamespace: true + deploymentTool: getambassador.io + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + service: ambassador + topologyKey: kubernetes.io/hostname + weight: 100 + +registry: + create: true +devportal: + docsPrefix: "/docs/" +authService: + optional_configurations: + allow_request_body: false + status_on_error: + code: 504 +redis: + serviceSelector: + service: ambassador-redis +deploymentTool: getambassador.io diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml new file mode 100644 index 0000000..61f72db --- /dev/null +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -0,0 +1,378 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack Redis store for auth and rate limiting, + among other things. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: 6379 + selector: + service: ambassador-redis +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: {} +spec: + replicas: 1 + selector: + matchLabels: + service: ambassador-redis + template: + metadata: + labels: + service: ambassador-redis + spec: + containers: + - name: redis + image: redis:5.0.1 + imagePullPolicy: IfNotPresent + resources: {} + restartPolicy: Always +--- +# Source: edge-stack/templates/aes-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: edge-stack + namespace: ambassador +type: Opaque +data: + license-key: '' +--- +# Source: edge-stack/templates/oss-migration-test-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-aes + namespace: ambassador + labels: + product: aes +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + targetPort: 8080 + - name: https + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- +# Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aes + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack + strategy: + type: RollingUpdate + + + progressDeadlineSeconds: 600 + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + profile: main + annotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + spec: + terminationGracePeriodSeconds: 0 + securityContext: + runAsUser: 8888 + restartPolicy: Always + serviceAccountName: edge-stack + volumes: + - name: ambassador-pod-info + downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - name: edge-stack-secrets + secret: + secretName: edge-stack + + containers: + - name: aes + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + - name: admin + containerPort: 8877 + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AMBASSADOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AES_ACME_LEADER_DISABLE + value: 'true' + - name: AMBASSADOR_DRAIN_TIME + value: '600' + - name: AMBASSADOR_INTERNAL_URL + value: https://127.0.0.1:8443 + - name: AMBASSADOR_URL + value: https://ambassador.ambassador.svc.cluster.local + - name: POLL_EVERY_SECS + value: '60' + - name: REDIS_URL + value: edge-stack-redis:6379 + + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /ambassador/v0/check_alive + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /ambassador/v0/check_ready + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + volumeMounts: + - name: ambassador-pod-info + mountPath: /tmp/ambassador-pod-info + readOnly: true + + - name: edge-stack-secrets + mountPath: /.config/ambassador + readOnly: true + + resources: + limits: + cpu: 1000m + memory: 600Mi + requests: + cpu: 200m + memory: 300Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + imagePullSecrets: [] + dnsPolicy: ClusterFirst + hostNetwork: false +--- +# Source: edge-stack/charts/emissary-ingress/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack +subjects: +- name: edge-stack + namespace: ambassador + kind: ServiceAccount +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# Aggregate # +###################################################################### +# This ClusterRole has an empty `rules` and instead sets +# `aggregationRule` in order to aggregate several other ClusterRoles +# together, to avoid the need for multiple ClusterRoleBindings. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack +rules: [] +--- +# Source: edge-stack/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-aes + labels: + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: [secrets] + verbs: [get, list, watch, create, update] + +- apiGroups: [''] + resources: [events] + verbs: [get, list, watch, create, patch] + +- apiGroups: [coordination.k8s.io] + resources: [leases] + verbs: [get, create, update] + +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch, create, update] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# No namespace # +###################################################################### +# These ClusterRoles should be limited to resource types that are +# non-namespaced, and therefore cannot be put in a Role, even if +# Emissary is in single-namespace mode. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-crd + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch, delete] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# All namespaces # +###################################################################### +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-watch + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: + - namespaces + - services + - secrets + - endpoints + verbs: [get, list, watch] + +- apiGroups: [getambassador.io] + resources: ['*'] + verbs: [get, list, watch, update, patch, create, delete] + +- apiGroups: [getambassador.io] + resources: [mappings/status] + verbs: [update] + +- apiGroups: [networking.internal.knative.dev] + resources: [clusteringresses, ingresses] + verbs: [get, list, watch] + +- apiGroups: [networking.x-k8s.io] + resources: ['*'] + verbs: [get, list, watch] + +- apiGroups: [networking.internal.knative.dev] + resources: [ingresses/status, clusteringresses/status] + verbs: [update] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses, ingressclasses] + verbs: [get, list, watch] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses/status] + verbs: [update] diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml new file mode 100644 index 0000000..59bd7a8 --- /dev/null +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -0,0 +1,777 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + labels: + product: aes + name: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/templates/aes-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: edge-stack + namespace: ambassador +type: Opaque +data: + license-key: '' +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# Aggregate # +###################################################################### +# This ClusterRole has an empty `rules` and instead sets +# `aggregationRule` in order to aggregate several other ClusterRoles +# together, to avoid the need for multiple ClusterRoleBindings. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# No namespace # +###################################################################### +# These ClusterRoles should be limited to resource types that are +# non-namespaced, and therefore cannot be put in a Role, even if +# Emissary is in single-namespace mode. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-crd + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch, delete] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# All namespaces # +###################################################################### +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-watch + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: + - namespaces + - services + - secrets + - endpoints + verbs: [get, list, watch] + +- apiGroups: [getambassador.io] + resources: ['*'] + verbs: [get, list, watch, update, patch, create, delete] + +- apiGroups: [getambassador.io] + resources: [mappings/status] + verbs: [update] + +- apiGroups: [networking.internal.knative.dev] + resources: [clusteringresses, ingresses] + verbs: [get, list, watch] + +- apiGroups: [networking.x-k8s.io] + resources: ['*'] + verbs: [get, list, watch] + +- apiGroups: [networking.internal.knative.dev] + resources: [ingresses/status, clusteringresses/status] + verbs: [update] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses, ingressclasses] + verbs: [get, list, watch] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses/status] + verbs: [update] +--- +# Source: edge-stack/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-aes + labels: + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: [secrets] + verbs: [get, list, watch, create, update] + +- apiGroups: [''] + resources: [events] + verbs: [get, list, watch, create, patch] + +- apiGroups: [coordination.k8s.io] + resources: [leases] + verbs: [get, create, update] + +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch, create, update] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack +subjects: +- name: edge-stack + namespace: ambassador + kind: ServiceAccount +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-admin + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack admin service for internal use and + health checks. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 8877 + targetPort: admin + protocol: TCP + name: ambassador-admin + - port: 8005 + targetPort: 8005 + protocol: TCP + name: ambassador-snapshot + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- +# Source: edge-stack/charts/emissary-ingress/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + app.kubernetes.io/component: ambassador-service + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack goes beyond traditional API Gateways + and Ingress Controllers with the advanced edge features needed to support developer + self-service and full-cycle development. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: edge-stack-redis.ambassador +spec: + type: LoadBalancer + ports: + - name: http + port: 80 + targetPort: 8080 + - name: https + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack + profile: main +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack Redis store for auth and rate limiting, + among other things. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: 6379 + selector: + service: ambassador-redis +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + command: [agent] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.ambassador:8005/snapshot-external + progressDeadlineSeconds: 600 +--- +# Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack + strategy: + type: RollingUpdate + + + progressDeadlineSeconds: 600 + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + profile: main + annotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + spec: + terminationGracePeriodSeconds: 0 + securityContext: + runAsUser: 8888 + restartPolicy: Always + serviceAccountName: edge-stack + volumes: + - name: ambassador-pod-info + downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - name: edge-stack-secrets + secret: + secretName: edge-stack + + containers: + - name: aes + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + - name: admin + containerPort: 8877 + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AMBASSADOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AMBASSADOR_DRAIN_TIME + value: '600' + - name: AMBASSADOR_INTERNAL_URL + value: https://127.0.0.1:8443 + - name: POLL_EVERY_SECS + value: '60' + - name: REDIS_URL + value: edge-stack-redis:6379 + + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /ambassador/v0/check_alive + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /ambassador/v0/check_ready + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + volumeMounts: + - name: ambassador-pod-info + mountPath: /tmp/ambassador-pod-info + readOnly: true + + - name: edge-stack-secrets + mountPath: /.config/ambassador + readOnly: true + + resources: + limits: + cpu: 1000m + memory: 600Mi + requests: + cpu: 200m + memory: 300Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + service: ambassador + topologyKey: kubernetes.io/hostname + weight: 100 + imagePullSecrets: [] + dnsPolicy: ClusterFirst + hostNetwork: false +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: {} +spec: + replicas: 1 + selector: + matchLabels: + service: ambassador-redis + template: + metadata: + labels: + service: ambassador-redis + spec: + containers: + - name: redis + image: redis:5.0.1 + imagePullPolicy: IfNotPresent + resources: {} + restartPolicy: Always +--- +# Source: edge-stack/templates/aes-authservice.yaml +apiVersion: getambassador.io/v2 +kind: AuthService +metadata: + name: edge-stack-auth + namespace: ambassador + labels: + product: aes +spec: + proto: grpc + auth_service: 127.0.0.1:8500 + allow_request_body: false + status_on_error: + code: 504 +--- +# Source: edge-stack/templates/aes-internal.yaml +# Configure DevPortal +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is referenced by convention, it's important to leave as-is. + name: edge-stack-devportal + namespace: ambassador + labels: + product: aes +spec: + prefix: /docs/ + rewrite: /docs/ + service: 127.0.0.1:8500 +--- +# Source: edge-stack/templates/aes-internal.yaml +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + name: edge-stack-devportal-assets + namespace: ambassador + labels: + product: aes +spec: + prefix: /documentation/(assets|styles)/(.*)(.css) + prefix_regex: true + regex_rewrite: + pattern: /documentation/(.*) + substitution: /docs/\1 + service: 127.0.0.1:8500 + add_response_headers: + cache-control: + value: public, max-age=3600, immutable + append: false +--- +# Source: edge-stack/templates/aes-internal.yaml +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is what the demo uses. Sigh. + name: edge-stack-devportal-demo + namespace: ambassador + labels: + product: aes +spec: + prefix: /docs/ + rewrite: /docs/ + service: 127.0.0.1:8500 +--- +# Source: edge-stack/templates/aes-internal.yaml +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is referenced by convention, it's important to leave as-is. + name: edge-stack-devportal-api + namespace: ambassador + labels: + product: aes +spec: + prefix: /openapi/ + rewrite: '' + service: 127.0.0.1:8500 +--- +# Source: edge-stack/templates/aes-ratelimit.yaml +apiVersion: getambassador.io/v2 +kind: RateLimitService +metadata: + name: edge-stack-ratelimit + namespace: ambassador + labels: + product: aes +spec: + service: 127.0.0.1:8500 From 9b7e4a4664f3c50b0234c79a1f8790b0ce767d30 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Feb 2022 12:14:50 -0500 Subject: [PATCH 02/40] Generate agent migration YAML Signed-off-by: Flynn --- Makefile | 6 + .../aes-ambassadorns-agent/require.yaml | 13 + k8s-config/aes-ambassadorns-agent/values.yaml | 34 +++ k8s-config/aes-defaultns-agent/require.yaml | 13 + k8s-config/aes-defaultns-agent/values.yaml | 34 +++ k8s-config/aes-emissaryns-agent/require.yaml | 13 + k8s-config/aes-emissaryns-agent/values.yaml | 34 +++ .../edge-stack/aes-ambassadorns-agent.yaml | 250 ++++++++++++++++++ manifests/edge-stack/aes-defaultns-agent.yaml | 250 ++++++++++++++++++ .../edge-stack/aes-emissaryns-agent.yaml | 250 ++++++++++++++++++ 10 files changed, 897 insertions(+) create mode 100644 k8s-config/aes-ambassadorns-agent/require.yaml create mode 100644 k8s-config/aes-ambassadorns-agent/values.yaml create mode 100644 k8s-config/aes-defaultns-agent/require.yaml create mode 100644 k8s-config/aes-defaultns-agent/values.yaml create mode 100644 k8s-config/aes-emissaryns-agent/require.yaml create mode 100644 k8s-config/aes-emissaryns-agent/values.yaml create mode 100644 manifests/edge-stack/aes-ambassadorns-agent.yaml create mode 100644 manifests/edge-stack/aes-defaultns-agent.yaml create mode 100644 manifests/edge-stack/aes-emissaryns-agent.yaml diff --git a/Makefile b/Makefile index 581bd4c..893b961 100644 --- a/Makefile +++ b/Makefile @@ -5,10 +5,13 @@ HELM_OUTPUT_DIR := $(EDGE_STACK_HOME)/build/helm/ generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns-agent.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns-agent.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns-agent.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml generate/files += $(EDGE_STACK_HOME)/CHANGELOG.md @@ -33,11 +36,14 @@ $(HELM_OUTPUT_DIR): $(EDGE_STACK_HOME)/charts/edge-stack/charts FORCE helm-namespace.aes = ambassador helm-namespace.aes-ambassadorns = ambassador +helm-namespace.aes-ambassadorns-agent = ambassador helm-namespace.aes-ambassadorns-migration = ambassador helm-namespace.aes-defaultns = default +helm-namespace.aes-defaultns-agent = default helm-namespace.aes-defaultns-migration = default helm-namespace.aes-emissaryns = emissary helm-namespace.aes-emissaryns-migration = emissary +helm-namespace.aes-emissaryns-agent = emissary helm-namespace.resources-migration = default $(EDGE_STACK_HOME)/k8s-config/%/helm-expanded.yaml: \ $(EDGE_STACK_HOME)/charts/edge-stack/charts \ diff --git a/k8s-config/aes-ambassadorns-agent/require.yaml b/k8s-config/aes-ambassadorns-agent/require.yaml new file mode 100644 index 0000000..ab2ef31 --- /dev/null +++ b/k8s-config/aes-ambassadorns-agent/require.yaml @@ -0,0 +1,13 @@ +resources: + - { kind: ServiceAccount, name: edge-stack-agent, namespace: ambassador } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: Role, name: edge-stack-agent-config, namespace: ambassador } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: ambassador } + - { kind: Deployment, name: edge-stack-agent, namespace: ambassador } diff --git a/k8s-config/aes-ambassadorns-agent/values.yaml b/k8s-config/aes-ambassadorns-agent/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-ambassadorns-agent/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/k8s-config/aes-defaultns-agent/require.yaml b/k8s-config/aes-defaultns-agent/require.yaml new file mode 100644 index 0000000..a5654af --- /dev/null +++ b/k8s-config/aes-defaultns-agent/require.yaml @@ -0,0 +1,13 @@ +resources: + - { kind: ServiceAccount, name: edge-stack-agent, namespace: default } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: Role, name: edge-stack-agent-config, namespace: default } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: default } + - { kind: Deployment, name: edge-stack-agent, namespace: default } diff --git a/k8s-config/aes-defaultns-agent/values.yaml b/k8s-config/aes-defaultns-agent/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-defaultns-agent/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/k8s-config/aes-emissaryns-agent/require.yaml b/k8s-config/aes-emissaryns-agent/require.yaml new file mode 100644 index 0000000..e622083 --- /dev/null +++ b/k8s-config/aes-emissaryns-agent/require.yaml @@ -0,0 +1,13 @@ +resources: + - { kind: ServiceAccount, name: edge-stack-agent, namespace: emissary } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: Role, name: edge-stack-agent-config, namespace: emissary } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: emissary } + - { kind: Deployment, name: edge-stack-agent, namespace: emissary } diff --git a/k8s-config/aes-emissaryns-agent/values.yaml b/k8s-config/aes-emissaryns-agent/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-emissaryns-agent/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml new file mode 100644 index 0000000..52db419 --- /dev/null +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -0,0 +1,250 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + command: [agent] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.ambassador:8005/snapshot-external + progressDeadlineSeconds: 600 diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml new file mode 100644 index 0000000..d78fadd --- /dev/null +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -0,0 +1,250 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: default +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: default +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + command: [agent] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.default:8005/snapshot-external + progressDeadlineSeconds: 600 diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml new file mode 100644 index 0000000..01af55f --- /dev/null +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -0,0 +1,250 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: emissary +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: emissary +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + command: [agent] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.emissary:8005/snapshot-external + progressDeadlineSeconds: 600 From 2582d7c4c9ab39e44535f2c25ed02529bba33a40 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Feb 2022 12:15:14 -0500 Subject: [PATCH 03/40] Update aes-crds.yaml with unserved v1 Signed-off-by: Flynn --- manifests/edge-stack/aes-crds.yaml | 104 +++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 1367b6b..0ef5017 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -1710,6 +1710,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: AuthService is the Schema for the authservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1797,6 +1805,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: ConsulResolver is the Schema for the ConsulResolver API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2004,6 +2020,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: DevPortal is the Schema for the DevPortals API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2489,6 +2513,14 @@ spec: storage: false subresources: status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Host is the Schema for the hosts API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2567,6 +2599,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2645,6 +2685,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2947,6 +2995,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: LogService is the Schema for the logservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -3812,6 +3868,14 @@ spec: storage: false subresources: status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Mapping is the Schema for the mappings API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -3899,6 +3963,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are "ambassador" or "tls". + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -4028,6 +4100,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: RateLimitService is the Schema for the ratelimitservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -4216,6 +4296,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: TCPMapping is the Schema for the tcpmappings API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -4387,6 +4475,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: TLSContext is the Schema for the tlscontexts API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -4564,6 +4660,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: TracingService is the Schema for the tracingservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- ################################################################################ # Namespace # From 5e2005f20a10da2b4213354f32b95b0e6f3b8b55 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Feb 2022 22:43:03 -0500 Subject: [PATCH 04/40] No v1 needed for Hosts Signed-off-by: Flynn --- manifests/edge-stack/aes-crds.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 0ef5017..490a9ca 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -2513,14 +2513,6 @@ spec: storage: false subresources: status: {} - - name: v1 - schema: - openAPIV3Schema: - description: Host is the Schema for the hosts API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition From b6545dfec26581399e38a28eb6905cccfb766a11 Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Fri, 4 Feb 2022 01:47:03 -0800 Subject: [PATCH 05/40] Edge Stack 2.2.0 --- CHANGELOG.md | 35 + VERSION | 2 +- charts/edge-stack/#CHANGELOG.md# | 561 ++++++++ charts/edge-stack/CHANGELOG.md | 4 + charts/edge-stack/Chart.lock | 8 +- charts/edge-stack/Chart.yaml | 8 +- docs/releaseNotes.yml | 62 + manifests/edge-stack/aes-crds.yaml | 1267 +++++++++++++---- .../edge-stack/aes-defaultns-migration.yaml | 3 + manifests/edge-stack/aes-defaultns.yaml | 5 +- .../edge-stack/aes-emissaryns-migration.yaml | 3 + manifests/edge-stack/aes-emissaryns.yaml | 5 +- manifests/edge-stack/aes.yaml | 5 +- 13 files changed, 1679 insertions(+), 289 deletions(-) create mode 100644 charts/edge-stack/#CHANGELOG.md# diff --git a/CHANGELOG.md b/CHANGELOG.md index eeacbd0..6a1a894 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -77,6 +77,41 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest ## RELEASE NOTES +## [2.2.0] TBD +[2.2.0]: https://github.com/datawire/edge-stack/releases/v2.2.0 + +## Ambassador Edge Stack + +- Feature: Ambassador Edge Stack now supports the metric `ambassador_log_level{label="debug"}` which will be + set to 1 if debug logging is enabled for the running Emissary instance, or to 0 if not. This can + help to be sure that a running production instance was not actually left doing debugging logging, + for example. (Thanks to Fabrice!) ([3906]) + +- Feature: Ambassador Edge Stack is now leveraging a new Envoy Proxy patch that allows Envoy to accept + escaped '%' characters in its configuration. This means that error_response_overrides and other + custom user content can now contain '%' symbols escaped as '%%' ([DW Envoy: 74]) ([Upstream Envoy: 19383]) + +- Feature: Ambassador Edge Stack now supports sending the body of requests to the AuthService and external + authentication services by configuring `include_body.body_raw_bytes` in each resource. ([Support binary uploads]) + +- Feature: Ambassador Edge Stack now supports configuring Certificate Revocation Lists containing a list of + certificates that have been revoked before their expiration. Configuration for CRLs can be done on + the `Listener`, `Host`, or `TLSContext`. + +- Feature: The new `precedence` field in `FilterPolicy` rules allows for manual configuration of + `FilterPolicy` rules instead of the default behavior where Ambassador Edge Stack always selects + the rule with the most specific hostname and path. + +- Bugfix: Intermitent 503 outages with consul upstream services have been resolved in Ambassador Edge Stack. + +- Bugfix: Configuring the OAuth Filter's cache duration with `maxStale` now supports caching responses from + validating opaque userInfo tokens. + +[3906]: https://github.com/emissary-ingress/emissary/issues/3906 +[DW Envoy: 74]: https://github.com/datawire/envoy/pull/74 +[Upstream Envoy: 19383]: https://github.com/envoyproxy/envoy/pull/19383 +[Support binary uploads]: https://github.com/emissary-ingress/emissary/pull/3995 + ## [2.1.2] 2022-01-25 [2.1.2]: https://github.com/datawire/edge-stack/releases/v2.1.2 diff --git a/VERSION b/VERSION index eca07e4..f7757a2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.2 +2.2.0-rc.0 diff --git a/charts/edge-stack/#CHANGELOG.md# b/charts/edge-stack/#CHANGELOG.md# new file mode 100644 index 0000000..a2bab30 --- /dev/null +++ b/charts/edge-stack/#CHANGELOG.md# @@ -0,0 +1,561 @@ +# Change Log + +This file documents all notable changes to Edge Stack Helm Chart. The release +numbering uses [semantic versioning](http://semver.org). + +## v7.2.2 + +- Update Edge Stack chart image to version v2.1.2: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) + +## v7.2.1 + +- Update Edge Stack chart image to version v2.1.1: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) + +## v7.2.0 + +- Update Edge Stack chart image to version v2.1.0: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) + +## v7.1.11 + +- Update Edge Stack chart image to version v2.0.5: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) + +## v7.1.10 + +- Switch Edge Stack CRDs to API version `v3alpha1`. + +## v7.1.9 + +- Update Edge Stack chart image to version v2.0.4: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) + +## v7.1.8-ea + +- Update Edge Stack chart image to version v2.0.3-ea: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) + +## v7.1.3 - v7.1.7: Internal, not released + +## v7.1.2-ea + +- Update Edge Stack chart image to version v2.0.2-ea: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) + +## v7.1.1-ea + +- Update Edge Stack chart image to version v2.0.1-ea: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) + +## v7.1.0-ea + +- Feature: New canarying features for Ambassador in the chart that allow creation of a secondary deployment/service to test new versions and environment variables. +- Feature: Exposed `progressDeadlineSeconds` for the Ambassador and Ambassador Agent Deployments with new values + +## v7.0.0-ea + +- Update Edge Stack chart image to version v2.0.0-ea: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) +- Split [ambassador](https://github.com/emissary-ingress/emissary/tree/v1.13.9/charts/ambassador) helm chart into `edge-stack` (this repo) and `emissary-ingress`. + +## v6.7.9 + +- Update Ambassador chart image to version 1.13.6: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + + +## v6.7.8 + +- Update Ambassador chart image to version 1.13.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + + +## v6.7.7 + +- Bugfix: ambassador-injector and telepresence-proxy now use the correct default image repository + +## v6.7.6 + +- Update Ambassador chart image to version 1.13.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Change: unless image.repository or image.fullImageOverride is explicitly set, the ambassador image used will be templated on .Values.enableAES. If AES is enabled, the chart will use docker.io/datawire/aes, otherwise will use docker.io/datawire/ambassador. + +## v6.7.5 + +- Update Ambassador chart image to version v1.13.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.7.4 + +- Feature: The [Ambassador Module](https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/) can now be configured and managed by Helm + +## v6.7.3 + +- Update Ambassador chart image to version v1.13.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.7.2 + +- Bugfix: Don't change the Role name when running in singleNamespace mode. + +## v6.7.1 + +- Update Ambassador chart image to version v1.13.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.7.0 + +- Update Ambassador to version 1.13.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Feature: Ambassador Agent now available for API Gateway (https://app.getambassador.io) +- Feature: Add support for [pod toplology spread constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) via the `topologySpreadConstraints` helm value to the Ambassador deployment. (thanks, [@lawliet89](https://github.com/lawliet89)!) +- BugFix: Add missing `ambassador_id` for resolvers. +- Change: Ambassador ClusterRoles are now aggregated under the label `rbac.getambassador.io/role-group`. The aggregated role has the same name as the previous role name (so no need to update ClusterRoleBindings). + +## v6.6.4 + +- Update Ambassador to version 1.12.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.6.3 + +- Update Ambassador to version 1.12.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.6.2 + +- Update Ambassador to version 1.12.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.6.1 + +- Fix metadata field in ConsulRevoler +- Make resolvers available to OSS + +## v6.6.0 + +- Update Ambassador to version 1.12.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Feature: Apply Ambassador Agent deployment by default to enable Service Catalog reporting (https://app.getambassador.io) + +## v6.5.22 + +- Bugfix: Disable the cloud agent by default. The agent will be enabled in 6.6.0. +- Bugfix: Adds a check to prevent the cloud agent from being installed if AES version is less than 1.12.0 + +## v6.5.21 + +- Update Ambassador to version 1.12.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Feature: Add support for the ambassador-agent, reporting to Service Catalog (https://app.getambassador.io) +- Feature: All services are automatically instrumented with discovery annotations. + +## v6.5.20 + +- Update Ambassador to version v1.11.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.19 + +- Make all `livenessProbe` and `readinessProbe` configurations available to the values file + +## v6.5.18 + +- Update Ambassador to version v1.11.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.17 + +- Update Ambassador to version v1.11.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Bugfix: Fix Mapping definition to correctly support labels in use. + +## v6.5.16 + +- Bugfix: Ambassador CRD cleanup will now execute as expected. + +## v6.5.15 + +- Bugfix: Ambassador RBAC now includes permissions for IngressClasses. + +## v6.5.14 + +- Update for Ambassador v1.10.0 + +## v6.5.13 + +- Update for Ambassador v1.9.1 + +## v6.5.12 + +- Feature: Add ability to configure `terminationGracePeriodSeconds` for the Ambassador container +- Update for Ambassador v1.9.0 + +## v6.5.11 + +- Feature: add affinity and tolerations support for redis pods + +## v6.5.10 + +- Update Ambassador to version 1.8.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.9 + +- Update Ambassador to version 1.8.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Bugfix: The RBAC for AES now grants permission to "patch" Events.v1.core. Previously it granted "create" but not "patch". + +## v6.5.8 + +- Update Ambassador to version 1.7.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.7 + +- Update Ambassador to version 1.7.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- The BusyBox image image used by `test-ready` is now configurable (thanks, [Alan Silva](https://github.com/OmegaVVeapon)!) + +## v6.5.6 + +- Update Ambassador to version 1.7.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Feature: Allow overriding the namespace for the release using the values file: [ambassador-chart/#122](https://github.com/datawire/ambassador-chart/pull/122) + +## v6.5.5 + +- Allow hyphens in service annotations: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.4 + +- Upgrade Ambassador to version 1.7.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.3 + +- Upgrade Ambassador to version 1.7.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.2 + +- Feature: Add support for DaemonSet/Deployment labels: [ambassador-chart/#114](https://github.com/datawire/ambassador-chart/pull/114) +- Upgrade Ambassador to version 1.6.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.1 + +- Upgrade Ambassador to version 1.6.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.0 + +- Upgrade Ambassador to version 1.6.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.10 + +- Feature: Allow specifying annotations for the license-key-secret: [ambassador-chart/#106](https://github.com/datawire/ambassador-chart/issues/106) +- Feature: Annotation for keeping the AES secret on removal: [ambassador-chart/#110](https://github.com/datawire/ambassador-chart/issues/110) +- Fix: do not mount the secret if we do not want a secret: [ambassador-chart/#103](https://github.com/datawire/ambassador-chart/issues/103) +- Internal CI refactorings. + +## v6.4.9 + +- BugFix: Cannot specify podSecurityPolicies: [ambassador-chart/#97](https://github.com/datawire/ambassador-chart/issues/97) + +## v6.4.8 + +- Upgrade Ambassador to version 1.5.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.7 + +- BugFix: Registry service is now using the proper `app.kubernetes.io/name` +- BugFix: Restore ability to set `REDIS` env vars in `env` instead of `redisEnv` +- Feature: Add `envRaw` to support supplying raw yaml for environment variables. Deprecates `redisEnv`. + +## v6.4.6 + +- Upgrade Ambassador to version 1.5.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Added support setting external IPs for the ambassador service (thanks, [Jason Smith](https://github.com/jasons42)!) + +## v6.4.5 + +- Upgrade Ambassador to version 1.5.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.4 + +- Feature flag for enabling or disabling the [`Project` registry](https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/) +- redisEnv for setting environment variables to control how Ambassador interacts with redis. See [redis environment](https://www.getambassador.io/docs/edge-stack/latest/topics/running/environment/#redis) + +## v6.4.3 + +- Upgrade Ambassador to version 1.5.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.2 + +- Upgrade Ambassador to version 1.5.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.1 + +- BugFix: The `PodSecurityPolicy` should not be created by default since it is a cluster-wide resource that should only be created once. + +If you would like to use the default `PodSecurityPolicy`, make sure to unset `security.podSecurityPolicy` it in all other releases. + +## v6.4.0 + +- Upgrade Ambassador to version 1.5.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- AuthService and RateLimitService are now installed in the same namespace as Ambassador. +- Changes RBAC permissions to better support single-namespace installations and detecting getambassador.io CRDs. +- Add option to install Service Preview components (traffic-manager, traffic-agent). +- Add option to install ambassador-injector, alongside Service Preview. +- Add additional security policy configurations. + + `securityContext` has been deprecated in favor of `security` which allows you to set container and pod security contexts as well as a default `PodSecurityPolicy`. + +## v6.3.6 + +- Switch from Quay.io to DockerHub + +## v6.3.5 + +- Upgrade Ambassador to version 1.4.3: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.3.4 + +- Minor bug fixes + +## v6.3.3 + +- Add extra labels to ServiceMonitor: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.3.2 + +- Upgrade Ambassador to version 1.4.2: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.3.1 + +- Upgrade Ambassador to version 1.4.1: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.3.0 + +- Adds: Option to create a ServiceMonitor for scraping via Prometheus Operator + +## v6.2.5 + +- Upgrade Ambassador to version 1.4.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.2.4 + +- Fix typing so that Helm3 doesn't complain (thanks, [Fabrice Rabaute](https://github.com/jfrabaute)!) + +## v6.2.3 + +- Upgrade Ambassador to version 1.3.2. +- Use explicit types for things like ports, so that things like `helm .. --set service.ports[0].port=80` will be integers instead of ending up as strings + +## v6.2.2 + +- Upgrade Ambassador to version 1.3.1. +- Remove unnecessary `version` field from CRDs. +- Add static label to AES resources, to better support `edgectl install` + +## v6.2.1 + +- Upgrade Ambassador to version 1.3.0. + +## v6.2.0 + +- Add option to not create DevPortal routes + +## v6.1.5 + +- Upgrade Ambassador to version 1.2.2. + +## v6.1.4 + +- Upgrade from Ambassador 1.2.0 to 1.2.1. + +## v6.1.3 + +- Upgrade from Ambassador 1.1.1 to 1.2.0. + +## v6.1.2 + +- Upgrade from Ambassador 1.1.0 to 1.1.1. + +## v6.1.1 + +Minor Improvements: + +- Adds: Option to override the name of the RBAC resources + +## v6.1.0 + +Minor improvements including: + +- Adds: Option to set `restartPolicy` +- Adds: Option to give the AES license key secret a custom name +- Fixes: Assumption that the AES will be installed only from the `datawire/aes` repository. The `enableAES` flag now configures whether the AES is installed. +- Clarification on how to install OSS + +## v6.0.0 + +Introduces Ambassador Edge Stack being installed by default. + +### Breaking changes + +Ambassador Pro support has been removed in 6.0.0. Please upgrade to the Ambassador Edge Stack. + +## v5.0.0 + +### Breaking changes + +**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified. + +- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed + +## v4.0.0 + +### Breaking Changes + +- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core +- The license key is now stored and read from a Kubernetes secret by default +- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. + +### Minor Changes + +- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance +- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) +- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` +- Fixed misnamed selector for redis instance that failed in an edge case +- Exposes annotations for redis deployment and service + +## v3.0.0 + +### Breaking Changes + +- The default annotation has been removed. The service port will be set dynamically to 8080 or 8443 for http and https respectively. +- `service.http`, `service.https`, and `additionalTCPPort` has been replaced with `service.ports`. +- `rbac.namespaced` has been removed. Use `scope.singleNamespace` instead. + +### Minor Changes + +- Ambassador Pro will pick up when `AMBASSADOR_ID` is set in `.Values.env` [[#15025]](https://github.com/helm/charts/issues/15025). +- `{{release name}}-admins` has been renamed to `{{release name}}-admin` to match YAML install templates +- RBAC configuration has been updated to allow for CRD use when `scope.singleNamespace: true`. [[ambassador/#1576]](https://github.com/datawire/ambassador/issues/1576) +- RBAC configuration now allows for multiple Ambassadors to use CRDs. Set `crds.enabled` in releases that expect CRDs [[ambassador/#1679]](https://github.com/datawire/ambassador/issues/1679) + +## v2.6.0 + +### Minor Changes + +- Add ambassador CRDs! +- Update ambassador to 0.70.0 + +## v2.5.1 + +### Minor Changes + +- Update ambassador to 0.61.1 + +## v2.5.0 + +### Minor Changes + +- Add support for autoscaling using HPA, see `autoscaling` values. + +## v2.4.1 + +### Minor Changes + +- Update ambassador to 0.61.0 + +## v2.4.0 + +### Minor Changes + +- Allow configuring `hostNetwork` and `dnsPolicy` + +## v2.3.1 + +### Minor Changes + +- Adds HOST_IP environment variable + +## v2.3.0 + +### Minor Changes + +- Adds support for init containers using `initContainers` and pod labels `podLabels` + +## v2.2.5 + +### Minor Changes + +- Update ambassador to 0.60.3 + +## v2.2.4 + +### Minor Changes + +- Add support for Ambassador PRO [see readme](https://github.com/helm/charts/blob/master/stable/ambassador/README.md#ambassador-pro) + +## v2.2.3 + +### Minor Changes + +- Update ambassador to 0.60.2 + +## v2.2.2 + +### Minor Changes + +- Update ambassador to 0.60.1 + +## v2.2.1 + +### Minor Changes + +- Fix RBAC for ambassador 0.60.0 + +## v2.2.0 + +### Minor Changes + +- Update ambassador to 0.60.0 + +## v2.1.0 + +### Minor Changes + +- Added `scope.singleNamespace` for configuring ambassador to run in single namespace + +## v2.0.2 + +### Minor Changes + +- Update ambassador to 0.53.1 + +## v2.0.1 + +### Minor Changes + +- Update ambassador to 0.52.0 + +## v2.0.0 + +### Major Changes + +- Removed `ambassador.id` and `namespace.single` in favor of setting environment variables. + +## v1.1.5 + +### Minor Changes + +- Update ambassador to 0.50.3 + +## v1.1.4 + +### Minor Changes + +- support targetPort specification + +## v1.1.3 + +### Minor Changes + +- Update ambassador to 0.50.2 + +## v1.1.2 + +### Minor Changes + +- Add additional chart maintainer + +## v1.1.1 + +### Minor Changes + +- Default replicas -> 3 + +## v1.1.0 + +### Minor Changes + +- Allow RBAC to be namespaced (`rbac.namespaced`) + +## v1.0.0 + +### Major Changes + +- First release of Ambassador Helm Chart in helm/charts +- For migration see [Migrating from datawire/ambassador chart](https://github.com/helm/charts/tree/master/stable/ambassador#migrating-from-datawireambassador-chart-chart-version-0400-or-0500) diff --git a/charts/edge-stack/CHANGELOG.md b/charts/edge-stack/CHANGELOG.md index a2bab30..b7d4682 100644 --- a/charts/edge-stack/CHANGELOG.md +++ b/charts/edge-stack/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Edge Stack Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v7.2.3 + +- Update Edge Stack chart image to version v2.2.0: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) + ## v7.2.2 - Update Edge Stack chart image to version v2.1.2: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 6f312a4..ce3c815 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress - repository: https://s3.amazonaws.com/datawire-static-files/charts - version: 7.2.2 -digest: sha256:43fd13e494c74484656c6a811f8474b6a227c896c1b42e75f46f5fe2f23c09b8 -generated: "2022-01-25T18:57:51.910303-05:00" + repository: https://s3.amazonaws.com/datawire-static-files/charts-dev + version: 7.2.3-0.20220204073549-9a80e23c882a +digest: sha256:0630b7270acf8a4601376c0041650d49e6f28fbf8e16b5e55fd565fae7c048bf +generated: "2022-02-04T01:45:52.057437702-08:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index d229d53..729717a 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.1.2 +appVersion: 2.2.0-rc.0 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.2.2 +version: 7.2.3-rc.0 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: v7.2.2 - repository: "https://s3.amazonaws.com/datawire-static-files/charts" + version: v7.2.3-0.20220204073549-9a80e23c882a + repository: "https://s3.amazonaws.com/datawire-static-files/charts-dev" diff --git a/docs/releaseNotes.yml b/docs/releaseNotes.yml index 4b360d1..5c21163 100644 --- a/docs/releaseNotes.yml +++ b/docs/releaseNotes.yml @@ -31,6 +31,68 @@ changelog: https://github.com/datawire/edge-stack/blob/$branch$/CHANGELOG.md items: + - version: 2.2.0 + date: 'TBD' + notes: + - title: Support a log-level metric + type: feature + body: >- + $productName$ now supports the metric ambassador_log_level{label="debug"} + which will be set to 1 if debug logging is enabled for the running Emissary + instance, or to 0 if not. This can help to be sure that a running production + instance was not actually left doing debugging logging, for example. + (Thanks to Fabrice!) + github: + - title: 3906 + link: https://github.com/emissary-ingress/emissary/issues/3906 + docs: topics/running/statistics/8877-metrics/ + + - title: Envoy configuration % escaping + type: feature + body: >- + $productName$ is now leveraging a new Envoy Proxy patch that allows Envoy to accept escaped + '%' characters in its configuration. This means that error_response_overrides and other + custom user content can now contain '%' symbols escaped as '%%' + docs: topics/running/custom-error-responses + github: + - title: "DW Envoy: 74" + link: https://github.com/datawire/envoy/pull/74 + - title: "Upstream Envoy: 19383" + link: https://github.com/envoyproxy/envoy/pull/19383 + + - title: Support binary uploads for AuthService and External Filters + type: feature + body: >- + $productName$ now supports sending the body of requests to the AuthService and external authentication services by configuring include_body.body_raw_bytes in each resource. + github: + - title: "Support binary uploads" + link: https://github.com/emissary-ingress/emissary/pull/3995 + docs: topics/running/services/auth-service/#fields + + - title: Support configuration for Envoy's Certificate Revocation Lists + type: feature + body: >- + $productName$ now supports configuring Certificate Revocation Lists containing a list of certificates that have been revoked before their expiration. Configuration for CRLs can be done on the Listener, Host, or TLSContext. + docs: topics/running/listener/#certvalidation + + - title: Allow configuring FilterPolicy rule priority + type: feature + body: >- + The new precedence field in FilterPolicy rules allows for manual configuration of FilterPolicy rules instead of the default behavior where $productName$ always selects the rule with the most specific hostname and path. + docs: topics/using/filters + + - title: Resolved 503 outages with Consul services + type: bugfix + body: >- + Intermitent 503 outages with consul upstream services have been resolved in $productName$. + docs: https://github.com/emissary-ingress/emissary/issues/3680 + + - title: OAuth cache config supports userInfo token validation responsess + type: bugfix + body: >- + Configuring the OAuth Filter's cache duration with maxStale now supports caching responses from validating opaque userInfo tokens. + docs: topics/using/filters/oauth2/#oauth-resource-server-settings + - version: 2.1.2 date: '2022-01-25' notes: diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 1367b6b..a1a3716 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -39,10 +39,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -56,7 +60,9 @@ spec: items: properties: arguments: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true ifRequestHeader: @@ -98,10 +104,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -115,7 +125,9 @@ spec: items: properties: arguments: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true ifRequestHeader: @@ -157,10 +169,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -174,7 +190,9 @@ spec: items: properties: arguments: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true ifRequestHeader: @@ -251,10 +269,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -299,16 +321,27 @@ spec: type: integer type: object timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: - description: Emissary supports setting "tls" to the name of a TLSContext. Edge Stack External Filters do NOT yet support that; in External Filters "tls" is a boolean indicating whether to originate TLS. + description: Emissary supports setting "tls" to the name of a + TLSContext. Edge Stack External Filters do NOT yet support + that; in External Filters "tls" is a boolean indicating whether + to originate TLS. type: boolean required: - auth_service type: object JWT: - description: "FilterJWT \n Currently supported algorithms: \n - RSA * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go v3.2.0. Keep this list in sync if we pull in a jwt-go update. More algorithms can be added with jwt.RegistersigningMethod(). \n Haha, JK, our JWKS parser only understands RSA keys." + description: "FilterJWT \n Currently supported algorithms: \n - RSA + \ * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" + \ * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" + \ * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" + - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go + v3.2.0. Keep this list in sync if we pull in a jwt-go update. More + algorithms can be added with jwt.RegistersigningMethod(). \n Haha, + JK, our JWKS parser only understands RSA keys." properties: audience: type: string @@ -413,11 +446,15 @@ spec: nbfSafetyMargin: type: string otherClaims: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true otherHeaderParameters: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true setClientID: @@ -535,10 +572,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -583,16 +624,27 @@ spec: type: integer type: object timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: - description: Emissary supports setting "tls" to the name of a TLSContext. Edge Stack External Filters do NOT yet support that; in External Filters "tls" is a boolean indicating whether to originate TLS. + description: Emissary supports setting "tls" to the name of a + TLSContext. Edge Stack External Filters do NOT yet support + that; in External Filters "tls" is a boolean indicating whether + to originate TLS. type: boolean required: - auth_service type: object JWT: - description: "FilterJWT \n Currently supported algorithms: \n - RSA * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go v3.2.0. Keep this list in sync if we pull in a jwt-go update. More algorithms can be added with jwt.RegistersigningMethod(). \n Haha, JK, our JWKS parser only understands RSA keys." + description: "FilterJWT \n Currently supported algorithms: \n - RSA + \ * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" + \ * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" + \ * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" + - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go + v3.2.0. Keep this list in sync if we pull in a jwt-go update. More + algorithms can be added with jwt.RegistersigningMethod(). \n Haha, + JK, our JWKS parser only understands RSA keys." properties: audience: type: string @@ -697,11 +749,15 @@ spec: nbfSafetyMargin: type: string otherClaims: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true otherHeaderParameters: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true setClientID: @@ -819,10 +875,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -862,22 +922,35 @@ spec: - grpc type: string status_on_error: - description: 'TODO(lukeshu): In v3alpha2, consider getting rid of this struct type in favor of just using an int (i.e. `statusOnError: 500` instead of the current `statusOnError: { code: 500 }`).' + description: 'TODO(lukeshu): In v3alpha2, consider getting rid + of this struct type in favor of just using an int (i.e. `statusOnError: + 500` instead of the current `statusOnError: { code: 500 }`).' properties: code: type: integer type: object timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: - description: Emissary supports setting "tls" to the name of a TLSContext. Edge Stack External Filters do NOT yet support that; in External Filters "tls" is a boolean indicating whether to originate TLS. + description: Emissary supports setting "tls" to the name of a + TLSContext. Edge Stack External Filters do NOT yet support + that; in External Filters "tls" is a boolean indicating whether + to originate TLS. type: boolean required: - auth_service type: object JWT: - description: "FilterJWT \n Currently supported algorithms: \n - RSA * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go v3.2.0. Keep this list in sync if we pull in a jwt-go update. More algorithms can be added with jwt.RegistersigningMethod(). \n Haha, JK, our JWKS parser only understands RSA keys." + description: "FilterJWT \n Currently supported algorithms: \n - RSA + \ * \"RS256\" * \"RS384\" * \"RS512\" - RSA-PSS * \"PS256\" + \ * \"PS384\" * \"PS512\" - ECDSA * \"ES256\" * \"ES384\" + \ * \"ES512\" - HMAC-SHA * \"HS256\" * \"HS384\" * \"HS512\" + - \"none\" \n This is this list of algos built-in to github.com/dgrijalva/jwt-go + v3.2.0. Keep this list in sync if we pull in a jwt-go update. More + algorithms can be added with jwt.RegistersigningMethod(). \n Haha, + JK, our JWKS parser only understands RSA keys." properties: audience: type: string @@ -982,11 +1055,15 @@ spec: nbfSafetyMargin: type: string otherClaims: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true otherHeaderParameters: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go + type, but it preserves its contents in a roundtrippable + way. type: object x-kubernetes-preserve-unknown-fields: true setClientID: @@ -1139,10 +1216,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1221,10 +1302,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1303,10 +1388,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1385,10 +1474,14 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1503,10 +1596,14 @@ spec: description: AuthService is the Schema for the authservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1597,10 +1694,14 @@ spec: description: AuthService is the Schema for the authservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1624,12 +1725,17 @@ spec: type: string type: array ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array auth_service: - description: 'TODO(lukeshu): In v3alpha2, consider renameing `auth_service` to just `service`, for consistency with the other resource types.' + description: 'TODO(lukeshu): In v3alpha2, consider renameing `auth_service` + to just `service`, for consistency with the other resource types.' type: string circuit_breakers: items: @@ -1677,25 +1783,55 @@ spec: stats_name: type: string status_on_error: - description: 'TODO(lukeshu): In v3alpha2, consider getting rid of this struct type in favor of just using an int (i.e. `statusOnError: 500` instead of the current `statusOnError: { code: 500 }`).' + description: 'TODO(lukeshu): In v3alpha2, consider getting rid of + this struct type in favor of just using an int (i.e. `statusOnError: + 500` instead of the current `statusOnError: { code: 500 }`).' properties: code: type: integer type: object timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: type: string v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements when converting from v3alpha1 to v2. The values in an V2ExplicitTLS should not in any way affect the runtime operation of Emissary; except that it may affect internal names in the Envoy config, which may in turn affect stats names. But it should not affect any end-user observable behavior. + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. properties: serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize the scheme-part of the service URL. \n Acceptable values are \"http://\" (case-insensitive), \"https://\" (case-insensitive), or \"\". The value is used if it agrees with whether or not this resource enables TLS origination, or if something else in the resource overrides the scheme." + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." pattern: ^([hH][tT][tT][pP][sS]?://)?$ type: string tls: - description: "TLS controls whether and how to represent the \"tls\" field when its value could be implied by the \"service\" field. In v2, there were a lot of different ways to spell an \"empty\" value, and this field specifies which way to spell it (and will therefore only be used if the value will indeed be empty). \n | Value | Representation | Meaning of representation | |--------------+---------------------------------------+------------------------------------| | \"\" | omit the field | defer to service (no TLSContext) | | \"null\" | store an explicit \"null\" in the field | defer to service (no TLSContext) | | \"string\" | store an empty string in the field | defer to service (no TLSContext) | | \"bool:false\" | store a Boolean \"false\" in the field | defer to service (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" in the field | originate TLS (no TLSContext) | \n If the meaning of the representation contradicts anything else (if a TLSContext is to be used, or in the case of \"bool:true\" if TLS is not to be originated), then this field is ignored." + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." enum: - "" - "null" @@ -1749,15 +1885,21 @@ spec: description: ConsulResolver is the Schema for the ConsulResolver API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use. + description: ConsulResolver tells Ambassador to use Consul to resolve + services. In addition to the AmbassadorID, it needs information about + which Consul server and DC to use. properties: address: type: string @@ -1774,20 +1916,30 @@ spec: description: ConsulResolver is the Schema for the ConsulResolver API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use. + description: ConsulResolver tells Ambassador to use Consul to resolve + services. In addition to the AmbassadorID, it needs information about + which Consul server and DC to use. properties: address: type: string ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -1833,13 +1985,25 @@ spec: - name: v2 schema: openAPIV3Schema: - description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)." + description: "DevPortal is the Schema for the DevPortals API \n DevPortal + resources specify the `what` and `how` is shown in a DevPortal: \n * `what` + is in a DevPortal can be controlled with - a `selector`, that can be used + for filtering `Mappings`. - a `docs` listing of (services, url) * `how` + is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). + \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server + will show them at different endpoints. A `DevPortal` resource with a special + name, `ambassador`, will be used for configuring the default Dev Portal + (served at `/docs/` by default)." properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1847,7 +2011,8 @@ spec: description: DevPortalSpec defines the desired state of DevPortal properties: content: - description: Content specifies where the content shown in the DevPortal come from + description: Content specifies where the content shown in the DevPortal + come from properties: branch: type: string @@ -1862,13 +2027,19 @@ spec: docs: description: Docs is a static docs definition items: - description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of : tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.' + description: 'DevPortalDocsSpec is a static documentation definition: + instead of using a Selector for finding documentation for services, + users can provide a static list of : tuples. These + services will be shown in the Dev Portal with the documentation + obtained from this URL.' properties: service: description: Service is the service being documented type: string timeout_ms: - description: Timeout specifies the amount of time devportal will wait for the downstream service to report an openapi spec back + description: Timeout specifies the amount of time devportal + will wait for the downstream service to report an openapi + spec back type: integer url: description: URL is the URL used for obtaining docs @@ -1876,21 +2047,28 @@ spec: type: object type: array naming_scheme: - description: Describes how to display "services" in the DevPortal. Default namespace.name + description: Describes how to display "services" in the DevPortal. + Default namespace.name enum: - namespace.name - name.prefix type: string preserve_servers: - description: Configures this DevPortal to use server definitions from the openAPI doc instead of rewriting them based on the url used for the connection. + description: Configures this DevPortal to use server definitions from + the openAPI doc instead of rewriting them based on the url used + for the connection. type: boolean search: - description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal + description: DevPortalSearchSpec allows configuration over search + functionality for the DevPortal properties: enabled: type: boolean type: - description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint' + description: 'Type of search. "title-only" does a fuzzy search + over openapi and page titles "all-content" will fuzzy search + over all openapi and page content. "title-only" is the default. + warning: using all-content may incur a larger memory footprint' enum: - title-only - all-content @@ -1902,10 +2080,12 @@ spec: matchLabels: additionalProperties: type: string - description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal. + description: MatchLabels specifies the list of labels that must + be present in Mappings for being present in this DevPortal. type: object matchNamespaces: - description: MatchNamespaces is a list of namespaces that will be included in this DevPortal. + description: MatchNamespaces is a list of namespaces that will + be included in this DevPortal. items: type: string type: array @@ -1918,13 +2098,25 @@ spec: - name: v3alpha1 schema: openAPIV3Schema: - description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)." + description: "DevPortal is the Schema for the DevPortals API \n DevPortal + resources specify the `what` and `how` is shown in a DevPortal: \n * `what` + is in a DevPortal can be controlled with - a `selector`, that can be used + for filtering `Mappings`. - a `docs` listing of (services, url) * `how` + is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). + \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server + will show them at different endpoints. A `DevPortal` resource with a special + name, `ambassador`, will be used for configuring the default Dev Portal + (served at `/docs/` by default)." properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1932,12 +2124,17 @@ spec: description: DevPortalSpec defines the desired state of DevPortal properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array content: - description: Content specifies where the content shown in the DevPortal come from + description: Content specifies where the content shown in the DevPortal + come from properties: branch: type: string @@ -1952,13 +2149,19 @@ spec: docs: description: Docs is a static docs definition items: - description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of : tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.' + description: 'DevPortalDocsSpec is a static documentation definition: + instead of using a Selector for finding documentation for services, + users can provide a static list of : tuples. These + services will be shown in the Dev Portal with the documentation + obtained from this URL.' properties: service: description: Service is the service being documented type: string timeout_ms: - description: Timeout specifies the amount of time devportal will wait for the downstream service to report an openapi spec back + description: Timeout specifies the amount of time devportal + will wait for the downstream service to report an openapi + spec back type: integer url: description: URL is the URL used for obtaining docs @@ -1966,21 +2169,28 @@ spec: type: object type: array naming_scheme: - description: Describes how to display "services" in the DevPortal. Default namespace.name + description: Describes how to display "services" in the DevPortal. + Default namespace.name enum: - namespace.name - name.prefix type: string preserve_servers: - description: Configures this DevPortal to use server definitions from the openAPI doc instead of rewriting them based on the url used for the connection. + description: Configures this DevPortal to use server definitions from + the openAPI doc instead of rewriting them based on the url used + for the connection. type: boolean search: - description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal + description: DevPortalSearchSpec allows configuration over search + functionality for the DevPortal properties: enabled: type: boolean type: - description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint' + description: 'Type of search. "title-only" does a fuzzy search + over openapi and page titles "all-content" will fuzzy search + over all openapi and page content. "title-only" is the default. + warning: using all-content may incur a larger memory footprint' enum: - title-only - all-content @@ -1992,10 +2202,12 @@ spec: matchLabels: additionalProperties: type: string - description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal. + description: MatchLabels specifies the list of labels that must + be present in Mappings for being present in this DevPortal. type: object matchNamespaces: - description: MatchNamespaces is a list of namespaces that will be included in this DevPortal. + description: MatchNamespaces is a list of namespaces that will + be included in this DevPortal. items: type: string type: array @@ -2059,10 +2271,14 @@ spec: description: Host is the Schema for the hosts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2070,18 +2286,36 @@ spec: description: HostSpec defines the desired state of Host properties: acmeProvider: - description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret. + description: Specifies whether/who to talk ACME with to automatically + manage the $tlsSecret. properties: authority: - description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host. + description: Specifies who to talk ACME with to get certs. Defaults + to Let's Encrypt; if "none" (case-insensitive), do not try to + do ACME for this Host. type: string email: type: string privateKeySecret: - description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Specifies the Kubernetes Secret to use to store + the private key of the ACME account (essentially, where to store + the auto-generated password for the auto-created ACME account). + \ You should not normally need to set this--the default value + is based on a combination of the ACME authority being registered + wit and the email address associated with the account. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because + we're opinionated, it does not support referencing a Secret + in another namespace (because most native Kubernetes resources + don't support that), but if we ever abandon that opinion and + decide to support non-local references it, it would be by adding + a `namespace:` field by changing it from a core.v1.LocalObjectReference + to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` + notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object registration: @@ -2092,7 +2326,8 @@ spec: description: Hostname by which the Ambassador can be reached. type: string previewUrl: - description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled. + description: Configuration for the Preview URL feature of Service + Preview. Defaults to preview URLs not enabled. properties: enabled: description: Is the Preview URL feature enabled? @@ -2119,21 +2354,32 @@ spec: type: object type: object selector: - description: Selector by which we can find further configuration. Defaults to hostname=$hostname + description: Selector by which we can find further configuration. + Defaults to hostname=$hostname properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2145,11 +2391,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object tls: - description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`. + description: TLS configuration. It is not valid to specify both `tlsContext` + and `tls`. properties: alpn_protocols: type: string @@ -2181,17 +2432,39 @@ spec: type: string type: object tlsContext: - description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Name of the TLSContext the Host resource is linked with. + It is not valid to specify both `tlsContext` and `tls`. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because we're + opinionated, it does not support referencing a Secret in another + namespace (because most native Kubernetes resources don't support + that), but if we ever abandon that opinion and decide to support + non-local references it, it would be by adding a `namespace:` field + by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, + not by adopting the `{name}.{namespace}` notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object tlsSecret: - description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Name of the Kubernetes secret into which to save generated + certificates. If ACME is enabled (see $acmeProvider), then the + default is $hostname; otherwise the default is \"\". If the value + is \"\", then we do not do TLS for this Host. \n Note that this + is a native-Kubernetes-style core.v1.LocalObjectReference, not an + Ambassador-style `{name}.{namespace}` string. Because we're opinionated, + it does not support referencing a Secret in another namespace (because + most native Kubernetes resources don't support that), but if we + ever abandon that opinion and decide to support non-local references + it, it would be by adding a `namespace:` field by changing it from + a core.v1.LocalObjectReference to a core.v1.SecretReference, not + by adopting the `{name}.{namespace}` notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: object @@ -2202,13 +2475,15 @@ spec: errorBackoff: type: string errorReason: - description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error. + description: errorReason, errorTimestamp, and errorBackoff are valid + when state==Error. type: string errorTimestamp: format: date-time type: string phaseCompleted: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. enum: - NA - DefaultsFilled @@ -2217,7 +2492,8 @@ spec: - ACMECertificateChallenge type: string phasePending: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. enum: - NA - DefaultsFilled @@ -2226,7 +2502,12 @@ spec: - ACMECertificateChallenge type: string state: - description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty. + description: The first value listed in the Enum marker becomes the + "zero" value, and it would be great if "Pending" could be the default + value; but it's Important that the "zero" value be able to be shown + as empty/omitted from display, and we really do want `kubectl get + hosts` to say "Pending" in the "STATE" column, and not leave the + column empty. enum: - Initial - Pending @@ -2268,10 +2549,14 @@ spec: description: Host is the Schema for the hosts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2279,18 +2564,36 @@ spec: description: HostSpec defines the desired state of Host properties: acmeProvider: - description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret. + description: Specifies whether/who to talk ACME with to automatically + manage the $tlsSecret. properties: authority: - description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host. + description: Specifies who to talk ACME with to get certs. Defaults + to Let's Encrypt; if "none" (case-insensitive), do not try to + do ACME for this Host. type: string email: type: string privateKeySecret: - description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Specifies the Kubernetes Secret to use to store + the private key of the ACME account (essentially, where to store + the auto-generated password for the auto-created ACME account). + \ You should not normally need to set this--the default value + is based on a combination of the ACME authority being registered + wit and the email address associated with the account. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because + we're opinionated, it does not support referencing a Secret + in another namespace (because most native Kubernetes resources + don't support that), but if we ever abandon that opinion and + decide to support non-local references it, it would be by adding + a `namespace:` field by changing it from a core.v1.LocalObjectReference + to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` + notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object registration: @@ -2306,21 +2609,33 @@ spec: description: Hostname by which the Ambassador can be reached. type: string mappingSelector: - description: Selector for Mappings we'll associate with this Host. At the moment, Selector and MappingSelector are synonyms, but that will change soon. + description: Selector for Mappings we'll associate with this Host. + At the moment, Selector and MappingSelector are synonyms, but that + will change soon. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2332,11 +2647,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object previewUrl: - description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled. + description: Configuration for the Preview URL feature of Service + Preview. Defaults to preview URLs not enabled. properties: enabled: description: Is the Preview URL feature enabled? @@ -2363,21 +2683,33 @@ spec: type: object type: object selector: - description: "DEPRECATED: Selector by which we can find further configuration. Use MappingSelector instead. \n TODO(lukeshu): In v3alpha2, figure out how to get rid of HostSpec.DeprecatedSelector." + description: "DEPRECATED: Selector by which we can find further configuration. + Use MappingSelector instead. \n TODO(lukeshu): In v3alpha2, figure + out how to get rid of HostSpec.DeprecatedSelector." properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2389,11 +2721,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object tls: - description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`. + description: TLS configuration. It is not valid to specify both `tlsContext` + and `tls`. properties: alpn_protocols: type: string @@ -2425,17 +2762,39 @@ spec: type: string type: object tlsContext: - description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Name of the TLSContext the Host resource is linked with. + It is not valid to specify both `tlsContext` and `tls`. \n Note + that this is a native-Kubernetes-style core.v1.LocalObjectReference, + not an Ambassador-style `{name}.{namespace}` string. Because we're + opinionated, it does not support referencing a Secret in another + namespace (because most native Kubernetes resources don't support + that), but if we ever abandon that opinion and decide to support + non-local references it, it would be by adding a `namespace:` field + by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, + not by adopting the `{name}.{namespace}` notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object tlsSecret: - description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + description: "Name of the Kubernetes secret into which to save generated + certificates. If ACME is enabled (see $acmeProvider), then the + default is $hostname; otherwise the default is \"\". If the value + is \"\", then we do not do TLS for this Host. \n Note that this + is a native-Kubernetes-style core.v1.LocalObjectReference, not an + Ambassador-style `{name}.{namespace}` string. Because we're opinionated, + it does not support referencing a Secret in another namespace (because + most native Kubernetes resources don't support that), but if we + ever abandon that opinion and decide to support non-local references + it, it would be by adding a `namespace:` field by changing it from + a core.v1.LocalObjectReference to a core.v1.SecretReference, not + by adopting the `{name}.{namespace}` notation." properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: object @@ -2445,13 +2804,15 @@ spec: errorBackoff: type: string errorReason: - description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error. + description: errorReason, errorTimestamp, and errorBackoff are valid + when state==Error. type: string errorTimestamp: format: date-time type: string phaseCompleted: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. enum: - NA - DefaultsFilled @@ -2460,7 +2821,8 @@ spec: - ACMECertificateChallenge type: string phasePending: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + description: phaseCompleted and phasePending are valid when state==Pending + or state==Error. enum: - NA - DefaultsFilled @@ -2469,7 +2831,12 @@ spec: - ACMECertificateChallenge type: string state: - description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty. + description: The first value listed in the Enum marker becomes the + "zero" value, and it would be great if "Pending" could be the default + value; but it's Important that the "zero" value be able to be shown + as empty/omitted from display, and we really do want `kubectl get + hosts` to say "Pending" in the "STATE" column, and not leave the + column empty. enum: - Initial - Pending @@ -2525,18 +2892,25 @@ spec: - name: v2 schema: openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver + API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID. + description: KubernetesEndpointResolver tells Ambassador to use Kubernetes + Endpoints resources to resolve services. It actually has no spec other + than the AmbassadorID. type: object x-kubernetes-preserve-unknown-fields: true type: object @@ -2545,21 +2919,32 @@ spec: - name: v3alpha1 schema: openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver + API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID. + description: KubernetesEndpointResolver tells Ambassador to use Kubernetes + Endpoints resources to resolve services. It actually has no spec other + than the AmbassadorID. properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -2603,18 +2988,25 @@ spec: - name: v2 schema: openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver + API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID. + description: KubernetesServiceResolver tells Ambassador to use Kubernetes + Service resources to resolve services. It actually has no spec other + than the AmbassadorID. type: object x-kubernetes-preserve-unknown-fields: true type: object @@ -2623,21 +3015,32 @@ spec: - name: v3alpha1 schema: openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver + API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID. + description: KubernetesServiceResolver tells Ambassador to use Kubernetes + Service resources to resolve services. It actually has no spec other + than the AmbassadorID. properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -2694,10 +3097,14 @@ spec: description: Listener is the Schema for the hosts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2705,15 +3112,21 @@ spec: description: ListenerSpec defines the desired state of this Port properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array hostBinding: - description: HostBinding allows restricting which Hosts will be used for this Listener. + description: HostBinding allows restricting which Hosts will be used + for this Listener. properties: namespace: - description: NamespaceBindingType defines we we specify which namespaces to look for Hosts in. + description: NamespaceBindingType defines we we specify which + namespaces to look for Hosts in. properties: from: description: NamespaceFromType defines how we evaluate a NamespaceBindingType. @@ -2724,21 +3137,34 @@ spec: type: string type: object selector: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector + applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -2750,22 +3176,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object type: object l7Depth: - description: L7Depth specifies how many layer 7 load balancers are between us and the edge of the network. + description: L7Depth specifies how many layer 7 load balancers are + between us and the edge of the network. format: int32 type: integer port: - description: Port is the network port. Only one Listener can use a given port. + description: Port is the network port. Only one Listener can use a + given port. format: int32 maximum: 65535 minimum: 1 type: integer protocol: - description: Protocol is a shorthand for certain predefined stacks. Exactly one of Protocol or ProtocolStack must be supplied. + description: Protocol is a shorthand for certain predefined stacks. + Exactly one of Protocol or ProtocolStack must be supplied. enum: - HTTP - HTTPS @@ -2776,9 +3209,12 @@ spec: - UDP type: string protocolStack: - description: ProtocolStack explicitly specifies the protocol stack to set up. Exactly one of Protocol or ProtocolStack must be supplied. + description: ProtocolStack explicitly specifies the protocol stack + to set up. Exactly one of Protocol or ProtocolStack must be supplied. items: - description: ProtocolStackElement defines specific layers that may be combined in a protocol stack for processing connections to a port. + description: ProtocolStackElement defines specific layers that may + be combined in a protocol stack for processing connections to + a port. enum: - HTTP - PROXY @@ -2788,14 +3224,17 @@ spec: type: string type: array securityModel: - description: SecurityModel specifies how to determine whether connections to this port are secure or insecure. + description: SecurityModel specifies how to determine whether connections + to this port are secure or insecure. enum: - XFP - SECURE - INSECURE type: string statsPrefix: - description: 'StatsPrefix specifies the prefix for statistics sent by Envoy about this Listener. The default depends on the protocol: "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".' + description: 'StatsPrefix specifies the prefix for statistics sent + by Envoy about this Listener. The default depends on the protocol: + "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".' type: string required: - hostBinding @@ -2845,10 +3284,14 @@ spec: description: LogService is the Schema for the logservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2897,10 +3340,14 @@ spec: description: LogService is the Schema for the logservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2908,7 +3355,11 @@ spec: description: LogServiceSpec defines the desired state of LogService properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -3002,10 +3453,14 @@ spec: description: Mapping is the Schema for the mappings API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -3021,7 +3476,16 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true allow_upgrade: - description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1" + description: "A case-insensitive list of the non-HTTP protocols to + allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" + mechanism[1]. After the upgrade, Ambassador does not interpret + the traffic, and behaves similarly to how it does for TCPMappings. + \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, + if your upstream service supports WebSockets, you would write \n + \ allow_upgrade: - websocket \n Or if your upstream service + supports upgrading from HTTP to SPDY (as the Kubernetes apiserver + does for `kubectl exec` functionality), you would write \n allow_upgrade: + \ - spdy/3.1" items: type: string type: array @@ -3034,7 +3498,8 @@ spec: bypass_auth: type: boolean bypass_error_response_overrides: - description: If true, bypasses any `error_response_overrides` set on the Ambassador module. + description: If true, bypasses any `error_response_overrides` set + on the Ambassador module. type: boolean case_sensitive: type: boolean @@ -3075,7 +3540,8 @@ spec: dns_type: type: string docs: - description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal) + description: DocsInfo provides some extra information about the docs + for the Mapping (used by the Dev Portal) properties: display_name: type: string @@ -3093,11 +3559,14 @@ spec: enable_ipv6: type: boolean envoy_override: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true error_response_overrides: - description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any. + description: Error response overrides for this Mapping. Replaces all + of the `error_response_overrides` set on the Ambassador module, + if any. items: description: A response rewrite for an HTTP error response properties: @@ -3105,26 +3574,35 @@ spec: description: The new response body properties: content_type: - description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'. + description: The content type to set on the error response + body when using text_format or text_format_source. Defaults + to 'text/plain'. type: string json_format: additionalProperties: type: string - description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.' + description: 'A JSON response with content-type: application/json. + The values can contain format text like in text_format.' type: object text_format: - description: A format string representing a text response body. Content-Type can be set using the `content_type` field below. + description: A format string representing a text response + body. Content-Type can be set using the `content_type` + field below. type: string text_format_source: - description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration. + description: A format string sourced from a file on the + Ambassador container. Useful for larger response bodies + that should not be placed inline in configuration. properties: filename: - description: The name of a file on the Ambassador pod that contains a format text string. + description: The name of a file on the Ambassador pod + that contains a format text string. type: string type: object type: object on_status_code: - description: The status code to match on -- not a pointer because it's required. + description: The status code to match on -- not a pointer because + it's required. maximum: 599 minimum: 400 type: integer @@ -3160,15 +3638,20 @@ spec: type: object labels: additionalProperties: - description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex. + description: A MappingLabelGroupsArray is an array of MappingLabelGroups. + I know, complex. items: - description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.' + description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: + a second map, where the key is a human-readable name that identifies + the group.' maxProperties: 1 minProperties: 1 type: object x-kubernetes-preserve-unknown-fields: true type: array - description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups. + description: A DomainMap is the overall Mapping.spec.Labels type. + It maps domains (kind of like namespaces for Mapping labels) to + arrays of label groups. type: object load_balancer: properties: @@ -3203,14 +3686,16 @@ spec: type: boolean modules: items: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but + it preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true type: array outlier_detection: type: string path_redirect: - description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`. + description: Path replacement to use when generating an HTTP redirect. + Used with `host_redirect`. type: string precedence: type: integer @@ -3219,7 +3704,8 @@ spec: prefix_exact: type: boolean prefix_redirect: - description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + description: Prefix rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. type: string prefix_regex: type: boolean @@ -3229,7 +3715,8 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true redirect_response_code: - description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`. + description: The response code to use when generating an HTTP redirect. + Defaults to 301. Used with `host_redirect`. enum: - 301 - 302 @@ -3246,7 +3733,8 @@ spec: type: string type: object regex_redirect: - description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + description: Prefix regex rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. properties: pattern: type: string @@ -3287,10 +3775,13 @@ spec: shadow: type: boolean timeout_ms: - description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. + description: The timeout for requests that use this Mapping. Overrides + `cluster_request_timeout_ms` set on the Ambassador Module, if it + exists. type: integer use_websocket: - description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`' + description: 'use_websocket is deprecated, and is equivlaent to setting + `allow_upgrade: ["websocket"]`' type: boolean v3StatsName: type: string @@ -3340,10 +3831,14 @@ spec: description: Mapping is the Schema for the mappings API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -3383,12 +3878,25 @@ spec: type: object type: object allow_upgrade: - description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1" + description: "A case-insensitive list of the non-HTTP protocols to + allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" + mechanism[1]. After the upgrade, Ambassador does not interpret + the traffic, and behaves similarly to how it does for TCPMappings. + \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, + if your upstream service supports WebSockets, you would write \n + \ allow_upgrade: - websocket \n Or if your upstream service + supports upgrading from HTTP to SPDY (as the Kubernetes apiserver + does for `kubectl exec` functionality), you would write \n allow_upgrade: + \ - spdy/3.1" items: type: string type: array ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -3401,7 +3909,8 @@ spec: bypass_auth: type: boolean bypass_error_response_overrides: - description: If true, bypasses any `error_response_overrides` set on the Ambassador module. + description: If true, bypasses any `error_response_overrides` set + on the Ambassador module. type: boolean case_sensitive: type: boolean @@ -3424,15 +3933,18 @@ spec: type: object type: array cluster_idle_timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer cluster_max_connection_lifetime_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer cluster_tag: type: string connect_timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer cors: properties: @@ -3462,7 +3974,8 @@ spec: dns_type: type: string docs: - description: DocsInfo provides some extra information about the docs for the Mapping. Docs is used by both the agent and the DevPortal. + description: DocsInfo provides some extra information about the docs + for the Mapping. Docs is used by both the agent and the DevPortal. properties: display_name: type: string @@ -3471,7 +3984,8 @@ spec: path: type: string timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer url: type: string @@ -3481,11 +3995,14 @@ spec: enable_ipv6: type: boolean envoy_override: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true error_response_overrides: - description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any. + description: Error response overrides for this Mapping. Replaces all + of the `error_response_overrides` set on the Ambassador module, + if any. items: description: A response rewrite for an HTTP error response properties: @@ -3493,26 +4010,35 @@ spec: description: The new response body properties: content_type: - description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'. + description: The content type to set on the error response + body when using text_format or text_format_source. Defaults + to 'text/plain'. type: string json_format: additionalProperties: type: string - description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.' + description: 'A JSON response with content-type: application/json. + The values can contain format text like in text_format.' type: object text_format: - description: A format string representing a text response body. Content-Type can be set using the `content_type` field below. + description: A format string representing a text response + body. Content-Type can be set using the `content_type` + field below. type: string text_format_source: - description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration. + description: A format string sourced from a file on the + Ambassador container. Useful for larger response bodies + that should not be placed inline in configuration. properties: filename: - description: The name of a file on the Ambassador pod that contains a format text string. + description: The name of a file on the Ambassador pod + that contains a format text string. type: string type: object type: object on_status_code: - description: The status code to match on -- not a pointer because it's required. + description: The status code to match on -- not a pointer because + it's required. maximum: 599 minimum: 400 type: integer @@ -3529,20 +4055,39 @@ spec: type: string type: object host: - description: "Exact match for the hostname of a request if HostRegex is false; regex match for the hostname if HostRegex is true. \n Host specifies both a match for the ':authority' header of a request, as well as a match criterion for Host CRDs: a Mapping that specifies Host will not associate with a Host that doesn't have a matching Hostname. \n If both Host and Hostname are set, an error is logged, Host is ignored, and Hostname is used. \n DEPRECATED: Host is either an exact match or a regex, depending on HostRegex. Use HostName instead. \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.host and MappingSpec.host_regex in favor of a MappingSpec.deprecated_hostname_regex." + description: "Exact match for the hostname of a request if HostRegex + is false; regex match for the hostname if HostRegex is true. \n + Host specifies both a match for the ':authority' header of a request, + as well as a match criterion for Host CRDs: a Mapping that specifies + Host will not associate with a Host that doesn't have a matching + Hostname. \n If both Host and Hostname are set, an error is logged, + Host is ignored, and Hostname is used. \n DEPRECATED: Host is either + an exact match or a regex, depending on HostRegex. Use HostName + instead. \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.host + and MappingSpec.host_regex in favor of a MappingSpec.deprecated_hostname_regex." type: string host_redirect: type: boolean host_regex: - description: "DEPRECATED: Host is either an exact match or a regex, depending on HostRegex. Use HostName instead. \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.host and MappingSpec.host_regex in favor of a MappingSpec.deprecated_hostname_regex." + description: "DEPRECATED: Host is either an exact match or a regex, + depending on HostRegex. Use HostName instead. \n TODO(lukeshu): + In v3alpha2, get rid of MappingSpec.host and MappingSpec.host_regex + in favor of a MappingSpec.deprecated_hostname_regex." type: boolean host_rewrite: type: string hostname: - description: "Hostname is a DNS glob specifying the hosts to which this Mapping applies. \n Hostname specifies both a match for the ':authority' header of a request, as well as a match criterion for Host CRDs: a Mapping that specifies Hostname will not associate with a Host that doesn't have a matching Hostname. \n If both Host and Hostname are set, an error is logged, Host is ignored, and Hostname is used." + description: "Hostname is a DNS glob specifying the hosts to which + this Mapping applies. \n Hostname specifies both a match for the + ':authority' header of a request, as well as a match criterion for + Host CRDs: a Mapping that specifies Hostname will not associate + with a Host that doesn't have a matching Hostname. \n If both Host + and Hostname are set, an error is logged, Host is ignored, and Hostname + is used." type: string idle_timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer keepalive: properties: @@ -3555,17 +4100,21 @@ spec: type: object labels: additionalProperties: - description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex. + description: A MappingLabelGroupsArray is an array of MappingLabelGroups. + I know, complex. items: additionalProperties: - description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.' + description: 'A MappingLabelsArray is the value in the MappingLabelGroup: + an array of label specifiers.' items: - description: "A MappingLabelSpecifier (finally!) defines a single label. \n This mimics envoy/config/route/v3/route_components.proto:RateLimit:Action:action_specifier." + description: "A MappingLabelSpecifier (finally!) defines a + single label. \n This mimics envoy/config/route/v3/route_components.proto:RateLimit:Action:action_specifier." maxProperties: 1 minProperties: 1 properties: destination_cluster: - description: Sets the label "destination_cluster=«Envoy destination cluster name»". + description: Sets the label "destination_cluster=«Envoy + destination cluster name»". properties: key: enum: @@ -3575,7 +4124,8 @@ spec: - key type: object generic_key: - description: Sets the label "«key»=«value»" (where by default «key» is "generic_key"). + description: Sets the label "«key»=«value»" (where by + default «key» is "generic_key"). properties: key: description: The default is "generic_key". @@ -3588,7 +4138,8 @@ spec: - value type: object remote_address: - description: Sets the label "remote_address=«IP address of the client»". + description: Sets the label "remote_address=«IP address + of the client»". properties: key: enum: @@ -3598,7 +4149,9 @@ spec: - key type: object request_headers: - description: If the «header_name» header is set, then set the label "«key»=«Value of the «header_name» header»"; otherwise skip applying this label group. + description: If the «header_name» header is set, then + set the label "«key»=«Value of the «header_name» header»"; + otherwise skip applying this label group. properties: header_name: type: string @@ -3611,7 +4164,8 @@ spec: - key type: object source_cluster: - description: Sets the label "source_cluster=«Envoy source cluster name»". + description: Sets the label "source_cluster=«Envoy source + cluster name»". properties: key: enum: @@ -3622,12 +4176,16 @@ spec: type: object type: object type: array - description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.' + description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: + a second map, where the key is a human-readable name that identifies + the group.' maxProperties: 1 minProperties: 1 type: object type: array - description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups. + description: A DomainMap is the overall Mapping.spec.Labels type. + It maps domains (kind of like namespaces for Mapping labels) to + arrays of label groups. type: object load_balancer: properties: @@ -3662,14 +4220,16 @@ spec: type: boolean modules: items: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but + it preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true type: array outlier_detection: type: string path_redirect: - description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`. + description: Path replacement to use when generating an HTTP redirect. + Used with `host_redirect`. type: string precedence: type: integer @@ -3678,7 +4238,8 @@ spec: prefix_exact: type: boolean prefix_redirect: - description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + description: Prefix rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. type: string prefix_regex: type: boolean @@ -3689,7 +4250,8 @@ spec: type: string type: object redirect_response_code: - description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`. + description: The response code to use when generating an HTTP redirect. + Defaults to 301. Used with `host_redirect`. enum: - 301 - 302 @@ -3706,7 +4268,8 @@ spec: type: string type: object regex_redirect: - description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + description: Prefix regex rewrite to use when generating an HTTP redirect. + Used with `host_redirect`. properties: pattern: type: string @@ -3757,12 +4320,16 @@ spec: stats_name: type: string timeout_ms: - description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. + description: The timeout for requests that use this Mapping. Overrides + `cluster_request_timeout_ms` set on the Ambassador Module, if it + exists. type: integer tls: type: string use_websocket: - description: "use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: [\"websocket\"]` \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.DeprecatedUseWebsocket." + description: "use_websocket is deprecated, and is equivlaent to setting + `allow_upgrade: [\"websocket\"]` \n TODO(lukeshu): In v3alpha2, + get rid of MappingSpec.DeprecatedUseWebsocket." type: boolean v2BoolHeaders: items: @@ -3773,14 +4340,41 @@ spec: type: string type: array v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements when converting from v3alpha1 to v2. The values in an V2ExplicitTLS should not in any way affect the runtime operation of Emissary; except that it may affect internal names in the Envoy config, which may in turn affect stats names. But it should not affect any end-user observable behavior. + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. properties: serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize the scheme-part of the service URL. \n Acceptable values are \"http://\" (case-insensitive), \"https://\" (case-insensitive), or \"\". The value is used if it agrees with whether or not this resource enables TLS origination, or if something else in the resource overrides the scheme." + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." pattern: ^([hH][tT][tT][pP][sS]?://)?$ type: string tls: - description: "TLS controls whether and how to represent the \"tls\" field when its value could be implied by the \"service\" field. In v2, there were a lot of different ways to spell an \"empty\" value, and this field specifies which way to spell it (and will therefore only be used if the value will indeed be empty). \n | Value | Representation | Meaning of representation | |--------------+---------------------------------------+------------------------------------| | \"\" | omit the field | defer to service (no TLSContext) | | \"null\" | store an explicit \"null\" in the field | defer to service (no TLSContext) | | \"string\" | store an empty string in the field | defer to service (no TLSContext) | | \"bool:false\" | store a Boolean \"false\" in the field | defer to service (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" in the field | originate TLS (no TLSContext) | \n If the meaning of the representation contradicts anything else (if a TLSContext is to be used, or in the case of \"bool:true\" if TLS is not to be originated), then this field is ignored." + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." enum: - "" - "null" @@ -3848,20 +4442,28 @@ spec: - name: v2 schema: openAPIV3Schema: - description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" + description: "A Module defines system-wide configuration. The type of module + is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". + \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module + https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: config: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true type: object @@ -3872,25 +4474,37 @@ spec: - name: v3alpha1 schema: openAPIV3Schema: - description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" + description: "A Module defines system-wide configuration. The type of module + is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". + \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module + https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array config: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + description: UntypedDict is relatively opaque as a Go type, but it + preserves its contents in a roundtrippable way. type: object x-kubernetes-preserve-unknown-fields: true required: @@ -3938,10 +4552,14 @@ spec: description: RateLimitService is the Schema for the ratelimitservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -3974,10 +4592,14 @@ spec: description: RateLimitService is the Schema for the ratelimitservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4001,19 +4623,47 @@ spec: stats_name: type: string timeout_ms: - description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.' + description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` + fields to `{foo}`/`metav1.Duration`.' type: integer tls: type: string v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements when converting from v3alpha1 to v2. The values in an V2ExplicitTLS should not in any way affect the runtime operation of Emissary; except that it may affect internal names in the Envoy config, which may in turn affect stats names. But it should not affect any end-user observable behavior. + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. properties: serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize the scheme-part of the service URL. \n Acceptable values are \"http://\" (case-insensitive), \"https://\" (case-insensitive), or \"\". The value is used if it agrees with whether or not this resource enables TLS origination, or if something else in the resource overrides the scheme." + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." pattern: ^([hH][tT][tT][pP][sS]?://)?$ type: string tls: - description: "TLS controls whether and how to represent the \"tls\" field when its value could be implied by the \"service\" field. In v2, there were a lot of different ways to spell an \"empty\" value, and this field specifies which way to spell it (and will therefore only be used if the value will indeed be empty). \n | Value | Representation | Meaning of representation | |--------------+---------------------------------------+------------------------------------| | \"\" | omit the field | defer to service (no TLSContext) | | \"null\" | store an explicit \"null\" in the field | defer to service (no TLSContext) | | \"string\" | store an empty string in the field | defer to service (no TLSContext) | | \"bool:false\" | store a Boolean \"false\" in the field | defer to service (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" in the field | originate TLS (no TLSContext) | \n If the meaning of the representation contradicts anything else (if a TLSContext is to be used, or in the case of \"bool:true\" if TLS is not to be originated), then this field is ignored." + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." enum: - "" - "null" @@ -4067,10 +4717,14 @@ spec: description: TCPMapping is the Schema for the tcpmappings API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4133,10 +4787,14 @@ spec: description: TCPMapping is the Schema for the tcpmappings API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4146,7 +4804,11 @@ spec: address: type: string ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -4191,14 +4853,41 @@ spec: tls: type: string v2ExplicitTLS: - description: V2ExplicitTLS controls some vanity/stylistic elements when converting from v3alpha1 to v2. The values in an V2ExplicitTLS should not in any way affect the runtime operation of Emissary; except that it may affect internal names in the Envoy config, which may in turn affect stats names. But it should not affect any end-user observable behavior. + description: V2ExplicitTLS controls some vanity/stylistic elements + when converting from v3alpha1 to v2. The values in an V2ExplicitTLS + should not in any way affect the runtime operation of Emissary; + except that it may affect internal names in the Envoy config, which + may in turn affect stats names. But it should not affect any end-user + observable behavior. properties: serviceScheme: - description: "ServiceScheme specifies how to spell and capitalize the scheme-part of the service URL. \n Acceptable values are \"http://\" (case-insensitive), \"https://\" (case-insensitive), or \"\". The value is used if it agrees with whether or not this resource enables TLS origination, or if something else in the resource overrides the scheme." + description: "ServiceScheme specifies how to spell and capitalize + the scheme-part of the service URL. \n Acceptable values are + \"http://\" (case-insensitive), \"https://\" (case-insensitive), + or \"\". The value is used if it agrees with whether or not + this resource enables TLS origination, or if something else + in the resource overrides the scheme." pattern: ^([hH][tT][tT][pP][sS]?://)?$ type: string tls: - description: "TLS controls whether and how to represent the \"tls\" field when its value could be implied by the \"service\" field. In v2, there were a lot of different ways to spell an \"empty\" value, and this field specifies which way to spell it (and will therefore only be used if the value will indeed be empty). \n | Value | Representation | Meaning of representation | |--------------+---------------------------------------+------------------------------------| | \"\" | omit the field | defer to service (no TLSContext) | | \"null\" | store an explicit \"null\" in the field | defer to service (no TLSContext) | | \"string\" | store an empty string in the field | defer to service (no TLSContext) | | \"bool:false\" | store a Boolean \"false\" in the field | defer to service (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" in the field | originate TLS (no TLSContext) | \n If the meaning of the representation contradicts anything else (if a TLSContext is to be used, or in the case of \"bool:true\" if TLS is not to be originated), then this field is ignored." + description: "TLS controls whether and how to represent the \"tls\" + field when its value could be implied by the \"service\" field. + \ In v2, there were a lot of different ways to spell an \"empty\" + value, and this field specifies which way to spell it (and will + therefore only be used if the value will indeed be empty). \n + \ | Value | Representation | Meaning + of representation | |--------------+---------------------------------------+------------------------------------| + \ | \"\" | omit the field | + defer to service (no TLSContext) | | \"null\" | store + an explicit \"null\" in the field | defer to service (no TLSContext) + \ | | \"string\" | store an empty string in the field + \ | defer to service (no TLSContext) | | \"bool:false\" + | store a Boolean \"false\" in the field | defer to service + (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" + in the field | originate TLS (no TLSContext) | \n If + the meaning of the representation contradicts anything else + (if a TLSContext is to be used, or in the case of \"bool:true\" + if TLS is not to be originated), then this field is ignored." enum: - "" - "null" @@ -4255,10 +4944,14 @@ spec: description: TLSContext is the Schema for the tlscontexts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4322,10 +5015,14 @@ spec: description: TLSContext is the Schema for the tlscontexts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4335,7 +5032,11 @@ spec: alpn_protocols: type: string ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array @@ -4426,10 +5127,14 @@ spec: description: TracingService is the Schema for the tracingservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4496,10 +5201,14 @@ spec: description: TracingService is the Schema for the tracingservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4507,7 +5216,11 @@ spec: description: TracingServiceSpec defines the desired state of TracingService properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural)." + description: "AmbassadorID declares which Ambassador instances should + pay attention to this resource. If no value is provided, the default + is: \n ambassador_id: - \"default\" \n TODO(lukeshu): In v3alpha2, + consider renaming all of the `ambassador_id` (singular) fields to + `ambassador_ids` (plural)." items: type: string type: array diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index 7712009..20cc3da 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -158,6 +158,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AES_ACME_LEADER_DISABLE value: 'true' - name: AMBASSADOR_DRAIN_TIME @@ -346,6 +348,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 043bd51..dcf05a7 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -144,7 +144,7 @@ metadata: rules: - apiGroups: [argoproj.io] resources: [rollouts] - verbs: [get, list, watch] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -234,6 +234,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] @@ -599,6 +600,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AMBASSADOR_DRAIN_TIME value: '600' - name: AMBASSADOR_INTERNAL_URL diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 5daa4f0..af2f22b 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -158,6 +158,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AES_ACME_LEADER_DISABLE value: 'true' - name: AMBASSADOR_DRAIN_TIME @@ -346,6 +348,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index ee040ef..83d221e 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -152,7 +152,7 @@ metadata: rules: - apiGroups: [argoproj.io] resources: [rollouts] - verbs: [get, list, watch] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -242,6 +242,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] @@ -607,6 +608,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AMBASSADOR_DRAIN_TIME value: '600' - name: AMBASSADOR_INTERNAL_URL diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 59bd7a8..44cf2c1 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -152,7 +152,7 @@ metadata: rules: - apiGroups: [argoproj.io] resources: [rollouts] - verbs: [get, list, watch] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -242,6 +242,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] @@ -607,6 +608,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AMBASSADOR_DRAIN_TIME value: '600' - name: AMBASSADOR_INTERNAL_URL From 96825c6c19ce9690a1eb1d92949e068262262397 Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Fri, 4 Feb 2022 01:59:49 -0800 Subject: [PATCH 06/40] fix image values in chart Signed-off-by: Aidan Hahn --- charts/edge-stack/values.yaml | 2 +- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index 7e05042..3bd8d79 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.1.2 + tag: 2.2.0-rc.0 pullPolicy: IfNotPresent rbac: diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index a1a3716..0b3bbfe 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5454,7 +5454,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index 20cc3da..d0dc4a8 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index dcf05a7..9063bb6 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] env: @@ -582,7 +582,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index af2f22b..30fda9f 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 83d221e..6e0a55e 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] env: @@ -590,7 +590,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 44cf2c1..2e93486 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] env: @@ -590,7 +590,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent ports: - name: http From 622534789af608133b3adc5585862427735edaad Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Fri, 4 Feb 2022 12:33:30 -0700 Subject: [PATCH 07/40] Simplify the venv rule Signed-off-by: Luke Shumaker --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index e7acbf4..2e6423f 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ generate/files += $(EDGE_STACK_HOME)/.circleci/config.yml $(EDGE_STACK_HOME)/venv: python3 -m venv $@ - $@/bin/python -m pip install ruamel.yaml + $@/bin/pip3 install ruamel.yaml FORCE: .PHONY: FORCE From d79c6500830afd9cb58adeebe997dc831f7589a3 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Fri, 4 Feb 2022 12:44:10 -0700 Subject: [PATCH 08/40] make generate from apro.git Signed-off-by: Luke Shumaker --- manifests/edge-stack/aes-crds.yaml | 34 +++++++++++++++--------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 0b3bbfe..d152843 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -234,7 +234,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1181,7 +1181,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1562,7 +1562,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1851,7 +1851,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1954,7 +1954,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2221,7 +2221,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2861,7 +2861,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2957,7 +2957,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -3053,7 +3053,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -3250,7 +3250,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -3403,7 +3403,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4411,7 +4411,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4518,7 +4518,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4683,7 +4683,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4910,7 +4910,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -5093,7 +5093,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml From f72d9b90b3474fafb8668afa41b5a1a5a10f6c34 Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Fri, 4 Feb 2022 16:35:16 -0800 Subject: [PATCH 09/40] Edge Stack 2.2.0 --- charts/edge-stack/Chart.lock | 6 ++-- charts/edge-stack/Chart.yaml | 4 +-- manifests/edge-stack/aes-crds.yaml | 34 +++++++++---------- .../edge-stack/aes-defaultns-migration.yaml | 2 ++ manifests/edge-stack/aes-defaultns.yaml | 5 +++ .../edge-stack/aes-emissaryns-migration.yaml | 2 ++ manifests/edge-stack/aes-emissaryns.yaml | 5 +++ manifests/edge-stack/aes.yaml | 5 +++ 8 files changed, 41 insertions(+), 22 deletions(-) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index ce3c815..91274d9 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.2.3-0.20220204073549-9a80e23c882a -digest: sha256:0630b7270acf8a4601376c0041650d49e6f28fbf8e16b5e55fd565fae7c048bf -generated: "2022-02-04T01:45:52.057437702-08:00" + version: 7.3.0-rc.1 +digest: sha256:aa4dd4015f8d3891dfadaf1bd3f0b63f31eb79a3a71d3deb9262dd85006964f6 +generated: "2022-02-04T16:30:47.712999366-08:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 729717a..751aeb8 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.2.0-rc.0 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.2.3-rc.0 +version: 7.3.0-rc.0 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: v7.2.3-0.20220204073549-9a80e23c882a + version: v7.3.0-rc.1 repository: "https://s3.amazonaws.com/datawire-static-files/charts-dev" diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 0b3bbfe..d152843 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -234,7 +234,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1181,7 +1181,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1562,7 +1562,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1851,7 +1851,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -1954,7 +1954,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2221,7 +2221,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2861,7 +2861,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -2957,7 +2957,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -3053,7 +3053,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -3250,7 +3250,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -3403,7 +3403,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4411,7 +4411,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4518,7 +4518,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4683,7 +4683,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -4910,7 +4910,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml @@ -5093,7 +5093,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.6.2 labels: app.kubernetes.io/instance: emissary-apiext app.kubernetes.io/managed-by: kubectl_apply_-f_aes-apiext.yaml diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index d0dc4a8..73d1a5b 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -150,6 +150,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack:8006 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 9063bb6..55af379 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -513,6 +513,9 @@ spec: image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8006 + name: grpc env: - name: AGENT_NAMESPACE valueFrom: @@ -592,6 +595,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack:8006 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 30fda9f..3bdbee7 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -150,6 +150,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack:8006 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 6e0a55e..6c0753b 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -521,6 +521,9 @@ spec: image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8006 + name: grpc env: - name: AGENT_NAMESPACE valueFrom: @@ -600,6 +603,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack:8006 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 2e93486..b1c6e9f 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -521,6 +521,9 @@ spec: image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8006 + name: grpc env: - name: AGENT_NAMESPACE valueFrom: @@ -600,6 +603,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack:8006 - name: HOST_IP valueFrom: fieldRef: From 0836774fa91ebace5f8bd59b87a6aea9f40d5b89 Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Fri, 4 Feb 2022 17:35:14 -0800 Subject: [PATCH 10/40] update charts Signed-off-by: Aidan Hahn --- charts/edge-stack/Chart.lock | 4 ++-- charts/edge-stack/Chart.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 91274d9..c09a716 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts-dev version: 7.3.0-rc.1 -digest: sha256:aa4dd4015f8d3891dfadaf1bd3f0b63f31eb79a3a71d3deb9262dd85006964f6 -generated: "2022-02-04T16:30:47.712999366-08:00" +digest: sha256:8ce8ad373b9b610b25e1df4eb5c4337c0dfad2639e041dfc1f2f2960f1c0b5ac +generated: "2022-02-04T17:34:25.848959322-08:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 751aeb8..8c6bb45 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: v7.3.0-rc.1 + version: 7.3.0-rc.1 repository: "https://s3.amazonaws.com/datawire-static-files/charts-dev" From 462331a767876c65923f16880a246e2ed0263876 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Feb 2022 12:14:07 -0500 Subject: [PATCH 11/40] Have aes-ambassadorns YAML files, since Edge Stack 1.14 is often installed in the ambassador namespace Signed-off-by: Flynn --- Makefile | 16 +- .../aes-ambassadorns-migration/require.yaml | 13 + .../aes-ambassadorns-migration/values.yaml | 34 + k8s-config/aes-ambassadorns/require.yaml | 32 + k8s-config/aes-ambassadorns/values.yaml | 39 + .../aes-ambassadorns-migration.yaml | 378 +++++++++ manifests/edge-stack/aes-ambassadorns.yaml | 777 ++++++++++++++++++ 7 files changed, 1283 insertions(+), 6 deletions(-) create mode 100644 k8s-config/aes-ambassadorns-migration/require.yaml create mode 100644 k8s-config/aes-ambassadorns-migration/values.yaml create mode 100644 k8s-config/aes-ambassadorns/require.yaml create mode 100644 k8s-config/aes-ambassadorns/values.yaml create mode 100644 manifests/edge-stack/aes-ambassadorns-migration.yaml create mode 100644 manifests/edge-stack/aes-ambassadorns.yaml diff --git a/Makefile b/Makefile index e7acbf4..581bd4c 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,8 @@ SHELL := /bin/bash HELM_OUTPUT_DIR := $(EDGE_STACK_HOME)/build/helm/ generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns.yaml @@ -29,12 +31,14 @@ $(HELM_OUTPUT_DIR): $(EDGE_STACK_HOME)/charts/edge-stack/charts FORCE mkdir -p $@ helm template edge-stack --output-dir $@ -n ambassador $(EDGE_STACK_HOME)/charts/edge-stack -helm-namespace.aes = ambassador -helm-namespace.aes-defaultns = default -helm-namespace.aes-defaultms-migration = default -helm-namespace.aes-emissaryns = emissary -helm-namespace.aes-emissaryns-migration = emissary -helm-namespace.resources-migration = default +helm-namespace.aes = ambassador +helm-namespace.aes-ambassadorns = ambassador +helm-namespace.aes-ambassadorns-migration = ambassador +helm-namespace.aes-defaultns = default +helm-namespace.aes-defaultns-migration = default +helm-namespace.aes-emissaryns = emissary +helm-namespace.aes-emissaryns-migration = emissary +helm-namespace.resources-migration = default $(EDGE_STACK_HOME)/k8s-config/%/helm-expanded.yaml: \ $(EDGE_STACK_HOME)/charts/edge-stack/charts \ $(EDGE_STACK_HOME)/k8s-config/%/values.yaml \ diff --git a/k8s-config/aes-ambassadorns-migration/require.yaml b/k8s-config/aes-ambassadorns-migration/require.yaml new file mode 100644 index 0000000..915e8e2 --- /dev/null +++ b/k8s-config/aes-ambassadorns-migration/require.yaml @@ -0,0 +1,13 @@ +resources: + # everything else + - { kind: Service, name: edge-stack-redis, namespace: ambassador } + - { kind: Deployment, name: edge-stack-redis, namespace: ambassador } + - { kind: Secret, name: edge-stack, namespace: ambassador } + - { kind: Service, name: test-aes, namespace: ambassador } + - { kind: Deployment, name: aes, namespace: ambassador } + - { kind: ServiceAccount, name: edge-stack, namespace: ambassador } + - { kind: ClusterRoleBinding, name: edge-stack } + - { kind: ClusterRole, name: edge-stack } + - { kind: ClusterRole, name: edge-stack-aes } + - { kind: ClusterRole, name: edge-stack-crd } + - { kind: ClusterRole, name: edge-stack-watch } diff --git a/k8s-config/aes-ambassadorns-migration/values.yaml b/k8s-config/aes-ambassadorns-migration/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-ambassadorns-migration/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/k8s-config/aes-ambassadorns/require.yaml b/k8s-config/aes-ambassadorns/require.yaml new file mode 100644 index 0000000..d767792 --- /dev/null +++ b/k8s-config/aes-ambassadorns/require.yaml @@ -0,0 +1,32 @@ +resources: + - { kind: Namespace, name: ambassador } + - { kind: ServiceAccount, name: edge-stack-agent, namespace: ambassador } + - { kind: ServiceAccount, name: edge-stack, namespace: ambassador } + - { kind: Secret, name: edge-stack, namespace: ambassador } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRole, name: edge-stack } + - { kind: ClusterRole, name: edge-stack-crd } + - { kind: ClusterRole, name: edge-stack-watch } + - { kind: ClusterRole, name: edge-stack-aes } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: ClusterRoleBinding, name: edge-stack } + - { kind: Role, name: edge-stack-agent-config, namespace: ambassador } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: ambassador } + - { kind: Service, name: edge-stack-admin, namespace: ambassador } + - { kind: Service, name: edge-stack, namespace: ambassador } + - { kind: Service, name: edge-stack-redis, namespace: ambassador } + - { kind: Deployment, name: edge-stack-agent, namespace: ambassador } + - { kind: Deployment, name: edge-stack, namespace: ambassador } + - { kind: Deployment, name: edge-stack-redis, namespace: ambassador } + - { kind: AuthService, name: edge-stack-auth, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal-assets, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal-demo, namespace: ambassador } + - { kind: Mapping, name: edge-stack-devportal-api, namespace: ambassador } + - { kind: RateLimitService, name: edge-stack-ratelimit, namespace: ambassador } diff --git a/k8s-config/aes-ambassadorns/values.yaml b/k8s-config/aes-ambassadorns/values.yaml new file mode 100644 index 0000000..65f5340 --- /dev/null +++ b/k8s-config/aes-ambassadorns/values.yaml @@ -0,0 +1,39 @@ +emissary-ingress: + replicaCount: 1 + createNamespace: true + deploymentTool: getambassador.io + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + service: ambassador + topologyKey: kubernetes.io/hostname + weight: 100 + +registry: + create: true +devportal: + docsPrefix: "/docs/" +authService: + optional_configurations: + allow_request_body: false + status_on_error: + code: 504 +redis: + serviceSelector: + service: ambassador-redis +deploymentTool: getambassador.io diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml new file mode 100644 index 0000000..61f72db --- /dev/null +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -0,0 +1,378 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack Redis store for auth and rate limiting, + among other things. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: 6379 + selector: + service: ambassador-redis +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: {} +spec: + replicas: 1 + selector: + matchLabels: + service: ambassador-redis + template: + metadata: + labels: + service: ambassador-redis + spec: + containers: + - name: redis + image: redis:5.0.1 + imagePullPolicy: IfNotPresent + resources: {} + restartPolicy: Always +--- +# Source: edge-stack/templates/aes-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: edge-stack + namespace: ambassador +type: Opaque +data: + license-key: '' +--- +# Source: edge-stack/templates/oss-migration-test-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-aes + namespace: ambassador + labels: + product: aes +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + targetPort: 8080 + - name: https + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- +# Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aes + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack + strategy: + type: RollingUpdate + + + progressDeadlineSeconds: 600 + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + profile: main + annotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + spec: + terminationGracePeriodSeconds: 0 + securityContext: + runAsUser: 8888 + restartPolicy: Always + serviceAccountName: edge-stack + volumes: + - name: ambassador-pod-info + downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - name: edge-stack-secrets + secret: + secretName: edge-stack + + containers: + - name: aes + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + - name: admin + containerPort: 8877 + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AMBASSADOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AES_ACME_LEADER_DISABLE + value: 'true' + - name: AMBASSADOR_DRAIN_TIME + value: '600' + - name: AMBASSADOR_INTERNAL_URL + value: https://127.0.0.1:8443 + - name: AMBASSADOR_URL + value: https://ambassador.ambassador.svc.cluster.local + - name: POLL_EVERY_SECS + value: '60' + - name: REDIS_URL + value: edge-stack-redis:6379 + + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /ambassador/v0/check_alive + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /ambassador/v0/check_ready + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + volumeMounts: + - name: ambassador-pod-info + mountPath: /tmp/ambassador-pod-info + readOnly: true + + - name: edge-stack-secrets + mountPath: /.config/ambassador + readOnly: true + + resources: + limits: + cpu: 1000m + memory: 600Mi + requests: + cpu: 200m + memory: 300Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + imagePullSecrets: [] + dnsPolicy: ClusterFirst + hostNetwork: false +--- +# Source: edge-stack/charts/emissary-ingress/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack +subjects: +- name: edge-stack + namespace: ambassador + kind: ServiceAccount +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# Aggregate # +###################################################################### +# This ClusterRole has an empty `rules` and instead sets +# `aggregationRule` in order to aggregate several other ClusterRoles +# together, to avoid the need for multiple ClusterRoleBindings. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack +rules: [] +--- +# Source: edge-stack/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-aes + labels: + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: [secrets] + verbs: [get, list, watch, create, update] + +- apiGroups: [''] + resources: [events] + verbs: [get, list, watch, create, patch] + +- apiGroups: [coordination.k8s.io] + resources: [leases] + verbs: [get, create, update] + +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch, create, update] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# No namespace # +###################################################################### +# These ClusterRoles should be limited to resource types that are +# non-namespaced, and therefore cannot be put in a Role, even if +# Emissary is in single-namespace mode. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-crd + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch, delete] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# All namespaces # +###################################################################### +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-watch + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: + - namespaces + - services + - secrets + - endpoints + verbs: [get, list, watch] + +- apiGroups: [getambassador.io] + resources: ['*'] + verbs: [get, list, watch, update, patch, create, delete] + +- apiGroups: [getambassador.io] + resources: [mappings/status] + verbs: [update] + +- apiGroups: [networking.internal.knative.dev] + resources: [clusteringresses, ingresses] + verbs: [get, list, watch] + +- apiGroups: [networking.x-k8s.io] + resources: ['*'] + verbs: [get, list, watch] + +- apiGroups: [networking.internal.knative.dev] + resources: [ingresses/status, clusteringresses/status] + verbs: [update] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses, ingressclasses] + verbs: [get, list, watch] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses/status] + verbs: [update] diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml new file mode 100644 index 0000000..59bd7a8 --- /dev/null +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -0,0 +1,777 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + labels: + product: aes + name: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/templates/aes-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: edge-stack + namespace: ambassador +type: Opaque +data: + license-key: '' +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# Aggregate # +###################################################################### +# This ClusterRole has an empty `rules` and instead sets +# `aggregationRule` in order to aggregate several other ClusterRoles +# together, to avoid the need for multiple ClusterRoleBindings. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# No namespace # +###################################################################### +# These ClusterRoles should be limited to resource types that are +# non-namespaced, and therefore cannot be put in a Role, even if +# Emissary is in single-namespace mode. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-crd + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch, delete] +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +###################################################################### +# All namespaces # +###################################################################### +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-watch + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: + - namespaces + - services + - secrets + - endpoints + verbs: [get, list, watch] + +- apiGroups: [getambassador.io] + resources: ['*'] + verbs: [get, list, watch, update, patch, create, delete] + +- apiGroups: [getambassador.io] + resources: [mappings/status] + verbs: [update] + +- apiGroups: [networking.internal.knative.dev] + resources: [clusteringresses, ingresses] + verbs: [get, list, watch] + +- apiGroups: [networking.x-k8s.io] + resources: ['*'] + verbs: [get, list, watch] + +- apiGroups: [networking.internal.knative.dev] + resources: [ingresses/status, clusteringresses/status] + verbs: [update] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses, ingressclasses] + verbs: [get, list, watch] + +- apiGroups: [extensions, networking.k8s.io] + resources: [ingresses/status] + verbs: [update] +--- +# Source: edge-stack/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-aes + labels: + product: aes + rbac.getambassador.io/role-group: edge-stack +rules: +- apiGroups: [''] + resources: [secrets] + verbs: [get, list, watch, create, update] + +- apiGroups: [''] + resources: [events] + verbs: [get, list, watch, create, patch] + +- apiGroups: [coordination.k8s.io] + resources: [leases] + verbs: [get, create, update] + +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch, create, update] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack +subjects: +- name: edge-stack + namespace: ambassador + kind: ServiceAccount +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-admin + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack admin service for internal use and + health checks. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 8877 + targetPort: admin + protocol: TCP + name: ambassador-admin + - port: 8005 + targetPort: 8005 + protocol: TCP + name: ambassador-snapshot + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- +# Source: edge-stack/charts/emissary-ingress/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + app.kubernetes.io/component: ambassador-service + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack goes beyond traditional API Gateways + and Ingress Controllers with the advanced edge features needed to support developer + self-service and full-cycle development. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: edge-stack-redis.ambassador +spec: + type: LoadBalancer + ports: + - name: http + port: 80 + targetPort: 8080 + - name: https + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack + profile: main +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack Redis store for auth and rate limiting, + among other things. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: 6379 + selector: + service: ambassador-redis +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + command: [agent] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.ambassador:8005/snapshot-external + progressDeadlineSeconds: 600 +--- +# Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack + strategy: + type: RollingUpdate + + + progressDeadlineSeconds: 600 + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + profile: main + annotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + spec: + terminationGracePeriodSeconds: 0 + securityContext: + runAsUser: 8888 + restartPolicy: Always + serviceAccountName: edge-stack + volumes: + - name: ambassador-pod-info + downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - name: edge-stack-secrets + secret: + secretName: edge-stack + + containers: + - name: aes + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + - name: admin + containerPort: 8877 + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AMBASSADOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AMBASSADOR_DRAIN_TIME + value: '600' + - name: AMBASSADOR_INTERNAL_URL + value: https://127.0.0.1:8443 + - name: POLL_EVERY_SECS + value: '60' + - name: REDIS_URL + value: edge-stack-redis:6379 + + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /ambassador/v0/check_alive + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /ambassador/v0/check_ready + port: admin + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 3 + volumeMounts: + - name: ambassador-pod-info + mountPath: /tmp/ambassador-pod-info + readOnly: true + + - name: edge-stack-secrets + mountPath: /.config/ambassador + readOnly: true + + resources: + limits: + cpu: 1000m + memory: 600Mi + requests: + cpu: 200m + memory: 300Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + service: ambassador + topologyKey: kubernetes.io/hostname + weight: 100 + imagePullSecrets: [] + dnsPolicy: ClusterFirst + hostNetwork: false +--- +# Source: edge-stack/templates/aes-redis.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-redis + namespace: ambassador + labels: + product: aes + annotations: {} +spec: + replicas: 1 + selector: + matchLabels: + service: ambassador-redis + template: + metadata: + labels: + service: ambassador-redis + spec: + containers: + - name: redis + image: redis:5.0.1 + imagePullPolicy: IfNotPresent + resources: {} + restartPolicy: Always +--- +# Source: edge-stack/templates/aes-authservice.yaml +apiVersion: getambassador.io/v2 +kind: AuthService +metadata: + name: edge-stack-auth + namespace: ambassador + labels: + product: aes +spec: + proto: grpc + auth_service: 127.0.0.1:8500 + allow_request_body: false + status_on_error: + code: 504 +--- +# Source: edge-stack/templates/aes-internal.yaml +# Configure DevPortal +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is referenced by convention, it's important to leave as-is. + name: edge-stack-devportal + namespace: ambassador + labels: + product: aes +spec: + prefix: /docs/ + rewrite: /docs/ + service: 127.0.0.1:8500 +--- +# Source: edge-stack/templates/aes-internal.yaml +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + name: edge-stack-devportal-assets + namespace: ambassador + labels: + product: aes +spec: + prefix: /documentation/(assets|styles)/(.*)(.css) + prefix_regex: true + regex_rewrite: + pattern: /documentation/(.*) + substitution: /docs/\1 + service: 127.0.0.1:8500 + add_response_headers: + cache-control: + value: public, max-age=3600, immutable + append: false +--- +# Source: edge-stack/templates/aes-internal.yaml +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is what the demo uses. Sigh. + name: edge-stack-devportal-demo + namespace: ambassador + labels: + product: aes +spec: + prefix: /docs/ + rewrite: /docs/ + service: 127.0.0.1:8500 +--- +# Source: edge-stack/templates/aes-internal.yaml +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is referenced by convention, it's important to leave as-is. + name: edge-stack-devportal-api + namespace: ambassador + labels: + product: aes +spec: + prefix: /openapi/ + rewrite: '' + service: 127.0.0.1:8500 +--- +# Source: edge-stack/templates/aes-ratelimit.yaml +apiVersion: getambassador.io/v2 +kind: RateLimitService +metadata: + name: edge-stack-ratelimit + namespace: ambassador + labels: + product: aes +spec: + service: 127.0.0.1:8500 From 94d4602944648a5f537a6c2a8d50b5c55ec67d96 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Feb 2022 12:14:50 -0500 Subject: [PATCH 12/40] Generate agent migration YAML Signed-off-by: Flynn --- Makefile | 6 + .../aes-ambassadorns-agent/require.yaml | 13 + k8s-config/aes-ambassadorns-agent/values.yaml | 34 +++ k8s-config/aes-defaultns-agent/require.yaml | 13 + k8s-config/aes-defaultns-agent/values.yaml | 34 +++ k8s-config/aes-emissaryns-agent/require.yaml | 13 + k8s-config/aes-emissaryns-agent/values.yaml | 34 +++ .../edge-stack/aes-ambassadorns-agent.yaml | 250 ++++++++++++++++++ manifests/edge-stack/aes-defaultns-agent.yaml | 250 ++++++++++++++++++ .../edge-stack/aes-emissaryns-agent.yaml | 250 ++++++++++++++++++ 10 files changed, 897 insertions(+) create mode 100644 k8s-config/aes-ambassadorns-agent/require.yaml create mode 100644 k8s-config/aes-ambassadorns-agent/values.yaml create mode 100644 k8s-config/aes-defaultns-agent/require.yaml create mode 100644 k8s-config/aes-defaultns-agent/values.yaml create mode 100644 k8s-config/aes-emissaryns-agent/require.yaml create mode 100644 k8s-config/aes-emissaryns-agent/values.yaml create mode 100644 manifests/edge-stack/aes-ambassadorns-agent.yaml create mode 100644 manifests/edge-stack/aes-defaultns-agent.yaml create mode 100644 manifests/edge-stack/aes-emissaryns-agent.yaml diff --git a/Makefile b/Makefile index 581bd4c..893b961 100644 --- a/Makefile +++ b/Makefile @@ -5,10 +5,13 @@ HELM_OUTPUT_DIR := $(EDGE_STACK_HOME)/build/helm/ generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns-agent.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-ambassadorns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns-agent.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns.yaml +generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns-agent.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns-migration.yaml generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml generate/files += $(EDGE_STACK_HOME)/CHANGELOG.md @@ -33,11 +36,14 @@ $(HELM_OUTPUT_DIR): $(EDGE_STACK_HOME)/charts/edge-stack/charts FORCE helm-namespace.aes = ambassador helm-namespace.aes-ambassadorns = ambassador +helm-namespace.aes-ambassadorns-agent = ambassador helm-namespace.aes-ambassadorns-migration = ambassador helm-namespace.aes-defaultns = default +helm-namespace.aes-defaultns-agent = default helm-namespace.aes-defaultns-migration = default helm-namespace.aes-emissaryns = emissary helm-namespace.aes-emissaryns-migration = emissary +helm-namespace.aes-emissaryns-agent = emissary helm-namespace.resources-migration = default $(EDGE_STACK_HOME)/k8s-config/%/helm-expanded.yaml: \ $(EDGE_STACK_HOME)/charts/edge-stack/charts \ diff --git a/k8s-config/aes-ambassadorns-agent/require.yaml b/k8s-config/aes-ambassadorns-agent/require.yaml new file mode 100644 index 0000000..ab2ef31 --- /dev/null +++ b/k8s-config/aes-ambassadorns-agent/require.yaml @@ -0,0 +1,13 @@ +resources: + - { kind: ServiceAccount, name: edge-stack-agent, namespace: ambassador } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: Role, name: edge-stack-agent-config, namespace: ambassador } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: ambassador } + - { kind: Deployment, name: edge-stack-agent, namespace: ambassador } diff --git a/k8s-config/aes-ambassadorns-agent/values.yaml b/k8s-config/aes-ambassadorns-agent/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-ambassadorns-agent/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/k8s-config/aes-defaultns-agent/require.yaml b/k8s-config/aes-defaultns-agent/require.yaml new file mode 100644 index 0000000..a5654af --- /dev/null +++ b/k8s-config/aes-defaultns-agent/require.yaml @@ -0,0 +1,13 @@ +resources: + - { kind: ServiceAccount, name: edge-stack-agent, namespace: default } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: Role, name: edge-stack-agent-config, namespace: default } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: default } + - { kind: Deployment, name: edge-stack-agent, namespace: default } diff --git a/k8s-config/aes-defaultns-agent/values.yaml b/k8s-config/aes-defaultns-agent/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-defaultns-agent/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/k8s-config/aes-emissaryns-agent/require.yaml b/k8s-config/aes-emissaryns-agent/require.yaml new file mode 100644 index 0000000..e622083 --- /dev/null +++ b/k8s-config/aes-emissaryns-agent/require.yaml @@ -0,0 +1,13 @@ +resources: + - { kind: ServiceAccount, name: edge-stack-agent, namespace: emissary } + - { kind: ClusterRole, name: edge-stack-agent } + - { kind: ClusterRole, name: edge-stack-agent-pods } + - { kind: ClusterRole, name: edge-stack-agent-deployments } + - { kind: ClusterRole, name: edge-stack-agent-endpoints } + - { kind: ClusterRole, name: edge-stack-agent-configmaps } + - { kind: ClusterRole, name: edge-stack-agent-rollouts } + - { kind: ClusterRole, name: edge-stack-agent-applications } + - { kind: ClusterRoleBinding, name: edge-stack-agent } + - { kind: Role, name: edge-stack-agent-config, namespace: emissary } + - { kind: RoleBinding, name: edge-stack-agent-config, namespace: emissary } + - { kind: Deployment, name: edge-stack-agent, namespace: emissary } diff --git a/k8s-config/aes-emissaryns-agent/values.yaml b/k8s-config/aes-emissaryns-agent/values.yaml new file mode 100644 index 0000000..311087c --- /dev/null +++ b/k8s-config/aes-emissaryns-agent/values.yaml @@ -0,0 +1,34 @@ +emissary-ingress: + deploymentTool: getambassador.io + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + product: aes + topologyKey: kubernetes.io/hostname + weight: 100 + env: + POLL_EVERY_SECS: '60' + AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local' + AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443' + AMBASSADOR_DRAIN_TIME: '600' + AES_ACME_LEADER_DISABLE: 'true' + podAnnotations: + consul.hashicorp.com/connect-inject: 'false' + sidecar.istio.io/inject: 'false' + containerNameOverride: aes + restartPolicy: Always + terminationGracePeriodSeconds: "0" + service: + type: LoadBalancer + deploymentNameOverride: aes + +enableTestService: true + +deploymentTool: getambassador.io +redis: + serviceSelector: + service: ambassador-redis diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml new file mode 100644 index 0000000..52db419 --- /dev/null +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -0,0 +1,250 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: ambassador +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + command: [agent] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.ambassador:8005/snapshot-external + progressDeadlineSeconds: 600 diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml new file mode 100644 index 0000000..d78fadd --- /dev/null +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -0,0 +1,250 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: default +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: default +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: default + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + command: [agent] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.default:8005/snapshot-external + progressDeadlineSeconds: 600 diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml new file mode 100644 index 0000000..01af55f --- /dev/null +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -0,0 +1,250 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: edge-stack-agent + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: edge-stack-agent +rules: [] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-pods + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [pods] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-deployments + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [apps, extensions] + resources: [deployments] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-endpoints + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [endpoints] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-configmaps + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-rollouts + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: edge-stack-agent-applications + labels: + rbac.getambassador.io/role-group: edge-stack-agent + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [argoproj.io] + resources: [applications] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edge-stack-agent + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edge-stack-agent +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: emissary +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: edge-stack-agent-config + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +rules: +- apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch] +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: edge-stack-agent-config + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: edge-stack-agent-config +subjects: +- kind: ServiceAccount + name: edge-stack-agent + namespace: emissary +--- +# Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: edge-stack-agent + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: edge-stack-agent + app.kubernetes.io/instance: edge-stack + template: + metadata: + labels: + app.kubernetes.io/name: edge-stack-agent + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + product: aes + spec: + serviceAccountName: edge-stack-agent + containers: + - name: agent + image: docker.io/datawire/aes:2.1.2 + imagePullPolicy: IfNotPresent + command: [agent] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: https://app.getambassador.io/ + - name: AES_SNAPSHOT_URL + value: http://edge-stack-admin.emissary:8005/snapshot-external + progressDeadlineSeconds: 600 From 1ad858df2f2fda7e24635c5da4ab2ccb8034b1bd Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Feb 2022 12:15:14 -0500 Subject: [PATCH 13/40] Update aes-crds.yaml with unserved v1 Signed-off-by: Flynn --- manifests/edge-stack/aes-crds.yaml | 104 +++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index d152843..f1f927f 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -1846,6 +1846,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: AuthService is the Schema for the authservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1949,6 +1957,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: ConsulResolver is the Schema for the ConsulResolver API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2216,6 +2232,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: DevPortal is the Schema for the DevPortals API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2856,6 +2880,14 @@ spec: storage: false subresources: status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Host is the Schema for the hosts API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2952,6 +2984,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -3048,6 +3088,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -3398,6 +3446,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: LogService is the Schema for the logservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -4406,6 +4462,14 @@ spec: storage: false subresources: status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Mapping is the Schema for the mappings API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -4513,6 +4577,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are "ambassador" or "tls". + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -4678,6 +4750,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: RateLimitService is the Schema for the ratelimitservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -4905,6 +4985,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: TCPMapping is the Schema for the tcpmappings API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -5088,6 +5176,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: TLSContext is the Schema for the tlscontexts API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -5277,6 +5373,14 @@ spec: type: object served: true storage: false + - name: v1 + schema: + openAPIV3Schema: + description: TracingService is the Schema for the tracingservices API + type: object + x-kubernetes-preserve-unknown-fields: true + served: false + storage: false --- ################################################################################ # Namespace # From 2625376590dc2a45adc6798b5d1b88c319016c25 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Feb 2022 22:43:03 -0500 Subject: [PATCH 14/40] No v1 needed for Hosts Signed-off-by: Flynn --- manifests/edge-stack/aes-crds.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index f1f927f..2caaa9a 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -2880,14 +2880,6 @@ spec: storage: false subresources: status: {} - - name: v1 - schema: - openAPIV3Schema: - description: Host is the Schema for the hosts API - type: object - x-kubernetes-preserve-unknown-fields: true - served: false - storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition From 7d96bdefc740eedf1583919c7a7f6d1c4d261d97 Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 4 Feb 2022 23:31:41 -0500 Subject: [PATCH 15/40] Update for 2.2.0-rc.0 Signed-off-by: Flynn --- manifests/edge-stack/aes-ambassadorns-agent.yaml | 7 +++++-- .../edge-stack/aes-ambassadorns-migration.yaml | 7 ++++++- manifests/edge-stack/aes-ambassadorns.yaml | 14 +++++++++++--- manifests/edge-stack/aes-crds.yaml | 9 ++++++--- manifests/edge-stack/aes-defaultns-agent.yaml | 7 +++++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 7 +++++-- 6 files changed, 38 insertions(+), 13 deletions(-) diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index 52db419..25b62a9 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -120,7 +120,7 @@ metadata: rules: - apiGroups: [argoproj.io] resources: [rollouts] - verbs: [get, list, watch] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -233,9 +233,12 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8006 + name: grpc env: - name: AGENT_NAMESPACE valueFrom: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index 61f72db..8948818 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent ports: - name: http @@ -150,6 +150,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack:8006 - name: HOST_IP valueFrom: fieldRef: @@ -158,6 +160,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AES_ACME_LEADER_DISABLE value: 'true' - name: AMBASSADOR_DRAIN_TIME @@ -346,6 +350,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index 59bd7a8..b1c6e9f 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -152,7 +152,7 @@ metadata: rules: - apiGroups: [argoproj.io] resources: [rollouts] - verbs: [get, list, watch] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -242,6 +242,7 @@ rules: - namespaces - services - secrets + - configmaps - endpoints verbs: [get, list, watch] @@ -517,9 +518,12 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8006 + name: grpc env: - name: AGENT_NAMESPACE valueFrom: @@ -589,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent ports: - name: http @@ -599,6 +603,8 @@ spec: - name: admin containerPort: 8877 env: + - name: AMBASSADOR_GRPC_METRICS_SINK + value: edge-stack:8006 - name: HOST_IP valueFrom: fieldRef: @@ -607,6 +613,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: edge-stack-agent-cloud-token - name: AMBASSADOR_DRAIN_TIME value: '600' - name: AMBASSADOR_INTERNAL_URL diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 2caaa9a..c56c86a 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -2979,7 +2979,8 @@ spec: - name: v1 schema: openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver + API type: object x-kubernetes-preserve-unknown-fields: true served: false @@ -3083,7 +3084,8 @@ spec: - name: v1 schema: openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver + API type: object x-kubernetes-preserve-unknown-fields: true served: false @@ -4572,7 +4574,8 @@ spec: - name: v1 schema: openAPIV3Schema: - description: A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are "ambassador" or "tls". + description: A Module defines system-wide configuration. The type of module + is controlled by the .metadata.name; valid names are "ambassador" or "tls". type: object x-kubernetes-preserve-unknown-fields: true served: false diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index d78fadd..98276d4 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -120,7 +120,7 @@ metadata: rules: - apiGroups: [argoproj.io] resources: [rollouts] - verbs: [get, list, watch] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -233,9 +233,12 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8006 + name: grpc env: - name: AGENT_NAMESPACE valueFrom: diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index 01af55f..dd32ee9 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -120,7 +120,7 @@ metadata: rules: - apiGroups: [argoproj.io] resources: [rollouts] - verbs: [get, list, watch] + verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -233,9 +233,12 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.1.2 + image: docker.io/datawire/aes:2.2.0-rc.0 imagePullPolicy: IfNotPresent command: [agent] + ports: + - containerPort: 8006 + name: grpc env: - name: AGENT_NAMESPACE valueFrom: From 3cc9e70fc966f40ce44c36688ecdc3ff9c606859 Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Mon, 7 Feb 2022 17:12:09 -0800 Subject: [PATCH 16/40] bump for next RC Signed-off-by: Aidan Hahn --- VERSION | 2 +- charts/edge-stack/Chart.lock | 6 +++--- charts/edge-stack/Chart.yaml | 6 +++--- charts/edge-stack/values.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 4 ++-- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 15 files changed, 23 insertions(+), 23 deletions(-) diff --git a/VERSION b/VERSION index f7757a2..9a09f63 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.0-rc.0 +2.2.0-rc.1 diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index c09a716..d37ed78 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.0-rc.1 -digest: sha256:8ce8ad373b9b610b25e1df4eb5c4337c0dfad2639e041dfc1f2f2960f1c0b5ac -generated: "2022-02-04T17:34:25.848959322-08:00" + version: 7.3.0-rc.2 +digest: sha256:e775b3ac12922dbf838a1a68eb4ad5bc531bb4e9aa76dc52b71edc234b91f383 +generated: "2022-02-07T17:08:49.825495036-08:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 8c6bb45..f8da483 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.2.0-rc.0 +appVersion: 2.2.0-rc.1 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.3.0-rc.0 +version: 7.3.0-rc.1 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.0-rc.1 + version: 7.3.0-rc.2 repository: "https://s3.amazonaws.com/datawire-static-files/charts-dev" diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index 3bd8d79..78ef3d7 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.2.0-rc.0 + tag: 2.2.0-rc.1 pullPolicy: IfNotPresent rbac: diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index 25b62a9..3d12243 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -233,7 +233,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index 8948818..e3be8aa 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index b1c6e9f..3f8a95f 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index c56c86a..5089f59 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5553,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index 98276d4..1b589e2 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -233,7 +233,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index 73d1a5b..bd884cf 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 55af379..a73ea40 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -585,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index dd32ee9..613c342 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -233,7 +233,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 3bdbee7..4d3a1d4 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 6c0753b..904432d 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index b1c6e9f..3f8a95f 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.0 + image: docker.io/datawire/aes:2.2.0-rc.1 imagePullPolicy: IfNotPresent ports: - name: http From a5a516e785814ae3da147d85721692b520e3acdc Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Tue, 8 Feb 2022 11:56:17 -0800 Subject: [PATCH 17/40] RC2 charts Signed-off-by: Aidan Hahn --- VERSION | 2 +- charts/edge-stack/Chart.yaml | 4 ++-- charts/edge-stack/values.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 4 ++-- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/VERSION b/VERSION index 9a09f63..a7807e7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.0-rc.1 +2.2.0-rc.2 diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index f8da483..47ede90 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.2.0-rc.1 +appVersion: 2.2.0-rc.2 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.3.0-rc.1 +version: 7.3.0-rc.2 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index 78ef3d7..7c67f80 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.2.0-rc.1 + tag: 2.2.0-rc.2 pullPolicy: IfNotPresent rbac: diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index 3d12243..a67a641 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -233,7 +233,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index e3be8aa..02da072 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index 3f8a95f..204112c 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 5089f59..205f514 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5553,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index 1b589e2..4b0cda0 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -233,7 +233,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index bd884cf..47f341e 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index a73ea40..efbb95b 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -585,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index 613c342..883293b 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -233,7 +233,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 4d3a1d4..d5f3f2b 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 904432d..46a158c 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 3f8a95f..204112c 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.1 + image: docker.io/datawire/aes:2.2.0-rc.2 imagePullPolicy: IfNotPresent ports: - name: http From 307e254f43d57190f4aaf12b08dc1f835b951253 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 8 Feb 2022 17:33:23 -0700 Subject: [PATCH 18/40] make chart/update-emissary: Tidy, update the repo based on the version Signed-off-by: Luke Shumaker --- charts/charts.mk | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/charts/charts.mk b/charts/charts.mk index 5b5544e..4ae043b 100644 --- a/charts/charts.mk +++ b/charts/charts.mk @@ -22,14 +22,17 @@ define _docgen fi endef +EMISSARY_CHART_REPO_GA = https://s3.amazonaws.com/datawire-static-files/charts +EMISSARY_CHART_REPO_PRE = https://s3.amazonaws.com/datawire-static-files/charts-dev +EMISSARY_CHART_REPO = $(if $(findstring -,$(EMISSARY_CHART_VERSION)),$(EMISSARY_CHART_REPO_PRE),$(EMISSARY_CHART_REPO_GA)) chart/update-emissary: $(YQ) - [ -n "${EMISSARY_CHART_VERSION}" ] || (echo "EMISSARY_CHART_VERSION must be set for non-GA pushes" && exit 1) + [ -n '$(EMISSARY_CHART_VERSION)' ] || (echo "EMISSARY_CHART_VERSION must be set for non-GA pushes" && exit 1) rm -f $(CHART_DIR)/charts/emissary-ingress*.tgz - $(YQ) w -i $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).version' "${EMISSARY_CHART_VERSION}" + $(YQ) w -i $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).version' '$(patsubst v%,%,$(EMISSARY_CHART_VERSION))' + $(YQ) w -i $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).repository' '$(EMISSARY_CHART_REPO)' helm repo rm emissary-updater || true - helm repo add emissary-updater `$(YQ) r $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).repository'` + helm repo add emissary-updater '$(EMISSARY_CHART_REPO)' helm dep update $(CHART_DIR) - git add $(CHART_DIR)/charts/emissary*.tgz $(CHART_DIR)/Chart.yaml $(CHART_DIR)/Chart.lock .PHONY: chart/update-emissary chart/docgen: From 196f4ce3984d2c6972d5f3a133ed41b7876480a3 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 8 Feb 2022 17:45:49 -0700 Subject: [PATCH 19/40] From apro.git: `make generate` Signed-off-by: Luke Shumaker --- charts/edge-stack/Chart.lock | 6 +++--- charts/edge-stack/Chart.yaml | 4 ++-- manifests/edge-stack/aes-ambassadorns-agent.yaml | 4 ++-- manifests/edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 6 +++--- manifests/edge-stack/aes-defaultns-agent.yaml | 4 ++-- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 6 +++--- manifests/edge-stack/aes-emissaryns-agent.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 6 +++--- manifests/edge-stack/aes.yaml | 6 +++--- 12 files changed, 26 insertions(+), 26 deletions(-) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index d37ed78..0c9ff4a 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.0-rc.2 -digest: sha256:e775b3ac12922dbf838a1a68eb4ad5bc531bb4e9aa76dc52b71edc234b91f383 -generated: "2022-02-07T17:08:49.825495036-08:00" + version: 7.3.0-rc.2.0.20220209165154-b6cd397b4fb3 +digest: sha256:5e851285aa6ea6b7dfe9a0625cb3604ae1be41d5226cc98208e7cb6b64e698ce +generated: "2022-02-09T10:10:32.32440863-07:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 47ede90..b665170 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.0-rc.2 - repository: "https://s3.amazonaws.com/datawire-static-files/charts-dev" + version: 7.3.0-rc.2.0.20220209165154-b6cd397b4fb3 + repository: https://s3.amazonaws.com/datawire-static-files/charts-dev diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index a67a641..c556442 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -237,8 +237,8 @@ spec: imagePullPolicy: IfNotPresent command: [agent] ports: - - containerPort: 8006 - name: grpc + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index 02da072..24b63d9 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -151,7 +151,7 @@ spec: containerPort: 8877 env: - name: AMBASSADOR_GRPC_METRICS_SINK - value: edge-stack:8006 + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index 204112c..823119c 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -522,8 +522,8 @@ spec: imagePullPolicy: IfNotPresent command: [agent] ports: - - containerPort: 8006 - name: grpc + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: @@ -604,7 +604,7 @@ spec: containerPort: 8877 env: - name: AMBASSADOR_GRPC_METRICS_SINK - value: edge-stack:8006 + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index 4b0cda0..57c3005 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -237,8 +237,8 @@ spec: imagePullPolicy: IfNotPresent command: [agent] ports: - - containerPort: 8006 - name: grpc + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index 47f341e..af75d2e 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -151,7 +151,7 @@ spec: containerPort: 8877 env: - name: AMBASSADOR_GRPC_METRICS_SINK - value: edge-stack:8006 + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index efbb95b..301bbe8 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -514,8 +514,8 @@ spec: imagePullPolicy: IfNotPresent command: [agent] ports: - - containerPort: 8006 - name: grpc + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: @@ -596,7 +596,7 @@ spec: containerPort: 8877 env: - name: AMBASSADOR_GRPC_METRICS_SINK - value: edge-stack:8006 + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index 883293b..fc81184 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -237,8 +237,8 @@ spec: imagePullPolicy: IfNotPresent command: [agent] ports: - - containerPort: 8006 - name: grpc + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index d5f3f2b..20a07d3 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -151,7 +151,7 @@ spec: containerPort: 8877 env: - name: AMBASSADOR_GRPC_METRICS_SINK - value: edge-stack:8006 + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 46a158c..8f21f8c 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -522,8 +522,8 @@ spec: imagePullPolicy: IfNotPresent command: [agent] ports: - - containerPort: 8006 - name: grpc + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: @@ -604,7 +604,7 @@ spec: containerPort: 8877 env: - name: AMBASSADOR_GRPC_METRICS_SINK - value: edge-stack:8006 + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 204112c..823119c 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -522,8 +522,8 @@ spec: imagePullPolicy: IfNotPresent command: [agent] ports: - - containerPort: 8006 - name: grpc + - containerPort: 8080 + name: http env: - name: AGENT_NAMESPACE valueFrom: @@ -604,7 +604,7 @@ spec: containerPort: 8877 env: - name: AMBASSADOR_GRPC_METRICS_SINK - value: edge-stack:8006 + value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: From 07bc69147fb91e3acd7d30846f3f9bcd9c6060f5 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 9 Feb 2022 13:30:30 -0700 Subject: [PATCH 20/40] Update to Emissary 2.2.0-rc.3 Signed-off-by: Luke Shumaker --- charts/edge-stack/Chart.lock | 6 +++--- charts/edge-stack/Chart.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 2 +- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 2 +- manifests/edge-stack/aes.yaml | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 0c9ff4a..90a7f42 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.0-rc.2.0.20220209165154-b6cd397b4fb3 -digest: sha256:5e851285aa6ea6b7dfe9a0625cb3604ae1be41d5226cc98208e7cb6b64e698ce -generated: "2022-02-09T10:10:32.32440863-07:00" + version: 7.3.0-rc.3 +digest: sha256:453641097480ceb1d573d9c872aa86053f37371e8d6661aaf252d393c5ef2b8e +generated: "2022-02-09T13:25:49.46587531-07:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index b665170..d2e6e87 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.0-rc.2.0.20220209165154-b6cd397b4fb3 + version: 7.3.0-rc.3 repository: https://s3.amazonaws.com/datawire-static-files/charts-dev diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index c556442..0b73299 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -119,7 +119,7 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] + resources: [rollouts, rollouts/status] verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index 823119c..b1e3ac2 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -151,7 +151,7 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] + resources: [rollouts, rollouts/status] verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index 57c3005..a8d7bd8 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -119,7 +119,7 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] + resources: [rollouts, rollouts/status] verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 301bbe8..9209882 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -143,7 +143,7 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] + resources: [rollouts, rollouts/status] verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index fc81184..a887483 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -119,7 +119,7 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] + resources: [rollouts, rollouts/status] verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 8f21f8c..1ccd71e 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -151,7 +151,7 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] + resources: [rollouts, rollouts/status] verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 823119c..b1e3ac2 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -151,7 +151,7 @@ metadata: product: aes rules: - apiGroups: [argoproj.io] - resources: [rollouts] + resources: [rollouts, rollouts/status] verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml From 589cc097267f5e0629acf7fb139b60449eac28f9 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 9 Feb 2022 13:36:12 -0700 Subject: [PATCH 21/40] Prepare Edge-Stack 2.2.0-rc.3 Signed-off-by: Luke Shumaker --- CHANGELOG.md | 2 +- VERSION | 2 +- charts/edge-stack/CHANGELOG.md | 2 +- charts/edge-stack/Chart.yaml | 4 ++-- charts/edge-stack/values.yaml | 2 +- docs/releaseNotes.yml | 2 +- manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 4 ++-- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 17 files changed, 22 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a1a894..6d9fbe6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -77,7 +77,7 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest ## RELEASE NOTES -## [2.2.0] TBD +## [2.2.0] 2022-02-09 [2.2.0]: https://github.com/datawire/edge-stack/releases/v2.2.0 ## Ambassador Edge Stack diff --git a/VERSION b/VERSION index a7807e7..6046403 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.0-rc.2 +2.2.0-rc.3 diff --git a/charts/edge-stack/CHANGELOG.md b/charts/edge-stack/CHANGELOG.md index b7d4682..3c2364b 100644 --- a/charts/edge-stack/CHANGELOG.md +++ b/charts/edge-stack/CHANGELOG.md @@ -3,7 +3,7 @@ This file documents all notable changes to Edge Stack Helm Chart. The release numbering uses [semantic versioning](http://semver.org). -## v7.2.3 +## v7.3.0 - Update Edge Stack chart image to version v2.2.0: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index d2e6e87..77c54e6 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.2.0-rc.2 +appVersion: 2.2.0-rc.3 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.3.0-rc.2 +version: 7.3.0-rc.3 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index 7c67f80..d32ed43 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.2.0-rc.2 + tag: 2.2.0-rc.3 pullPolicy: IfNotPresent rbac: diff --git a/docs/releaseNotes.yml b/docs/releaseNotes.yml index 5c21163..20ea32d 100644 --- a/docs/releaseNotes.yml +++ b/docs/releaseNotes.yml @@ -32,7 +32,7 @@ changelog: https://github.com/datawire/edge-stack/blob/$branch$/CHANGELOG.md items: - version: 2.2.0 - date: 'TBD' + date: '2022-02-09' notes: - title: Support a log-level metric type: feature diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index 0b73299..c15bad3 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -233,7 +233,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index 24b63d9..acc1f4f 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index b1e3ac2..7bd9676 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 205f514..84c597e 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5553,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index a8d7bd8..55e85b3 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -233,7 +233,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index af75d2e..e2b83d4 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 9209882..b955a35 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -585,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index a887483..d001bdc 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -233,7 +233,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 20a07d3..789ff25 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 1ccd71e..618d3c0 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index b1e3ac2..7bd9676 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.2 + image: docker.io/datawire/aes:2.2.0-rc.3 imagePullPolicy: IfNotPresent ports: - name: http From 23583846220c52acf82bd85e2406de5e007cfc89 Mon Sep 17 00:00:00 2001 From: Flynn Date: Wed, 9 Feb 2022 16:14:13 -0500 Subject: [PATCH 22/40] Include `edge-stack-admin` in the `-agent` files for migrations. Signed-off-by: Flynn --- .../aes-ambassadorns-agent/require.yaml | 1 + k8s-config/aes-defaultns-agent/require.yaml | 1 + k8s-config/aes-emissaryns-agent/require.yaml | 1 + .../edge-stack/aes-ambassadorns-agent.yaml | 40 +++++++++++++++++++ manifests/edge-stack/aes-defaultns-agent.yaml | 40 +++++++++++++++++++ .../edge-stack/aes-emissaryns-agent.yaml | 40 +++++++++++++++++++ 6 files changed, 123 insertions(+) diff --git a/k8s-config/aes-ambassadorns-agent/require.yaml b/k8s-config/aes-ambassadorns-agent/require.yaml index ab2ef31..06c1f7f 100644 --- a/k8s-config/aes-ambassadorns-agent/require.yaml +++ b/k8s-config/aes-ambassadorns-agent/require.yaml @@ -10,4 +10,5 @@ resources: - { kind: ClusterRoleBinding, name: edge-stack-agent } - { kind: Role, name: edge-stack-agent-config, namespace: ambassador } - { kind: RoleBinding, name: edge-stack-agent-config, namespace: ambassador } + - { kind: Service, name: edge-stack-admin, namespace: ambassador } - { kind: Deployment, name: edge-stack-agent, namespace: ambassador } diff --git a/k8s-config/aes-defaultns-agent/require.yaml b/k8s-config/aes-defaultns-agent/require.yaml index a5654af..4ec6c9d 100644 --- a/k8s-config/aes-defaultns-agent/require.yaml +++ b/k8s-config/aes-defaultns-agent/require.yaml @@ -10,4 +10,5 @@ resources: - { kind: ClusterRoleBinding, name: edge-stack-agent } - { kind: Role, name: edge-stack-agent-config, namespace: default } - { kind: RoleBinding, name: edge-stack-agent-config, namespace: default } + - { kind: Service, name: edge-stack-admin, namespace: default } - { kind: Deployment, name: edge-stack-agent, namespace: default } diff --git a/k8s-config/aes-emissaryns-agent/require.yaml b/k8s-config/aes-emissaryns-agent/require.yaml index e622083..3835e80 100644 --- a/k8s-config/aes-emissaryns-agent/require.yaml +++ b/k8s-config/aes-emissaryns-agent/require.yaml @@ -10,4 +10,5 @@ resources: - { kind: ClusterRoleBinding, name: edge-stack-agent } - { kind: Role, name: edge-stack-agent-config, namespace: emissary } - { kind: RoleBinding, name: edge-stack-agent-config, namespace: emissary } + - { kind: Service, name: edge-stack-admin, namespace: emissary } - { kind: Deployment, name: edge-stack-agent, namespace: emissary } diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index c15bad3..928dbd1 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -201,6 +201,46 @@ subjects: name: edge-stack-agent namespace: ambassador --- +# Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-admin + namespace: ambassador + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack admin service for internal use and + health checks. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 8877 + targetPort: admin + protocol: TCP + name: ambassador-admin + - port: 8005 + targetPort: 8005 + protocol: TCP + name: ambassador-snapshot + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: apps/v1 kind: Deployment diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index 55e85b3..527daf2 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -201,6 +201,46 @@ subjects: name: edge-stack-agent namespace: default --- +# Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-admin + namespace: default + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack admin service for internal use and + health checks. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 8877 + targetPort: admin + protocol: TCP + name: ambassador-admin + - port: 8005 + targetPort: 8005 + protocol: TCP + name: ambassador-snapshot + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: apps/v1 kind: Deployment diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index d001bdc..83a192f 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -201,6 +201,46 @@ subjects: name: edge-stack-agent namespace: emissary --- +# Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: edge-stack-admin + namespace: emissary + labels: + app.kubernetes.io/name: edge-stack + + app.kubernetes.io/instance: edge-stack + app.kubernetes.io/part-of: edge-stack + app.kubernetes.io/managed-by: getambassador.io + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: Ambassador Labs + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: The Ambassador Edge Stack admin service for internal use and + health checks. + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: None +spec: + type: ClusterIP + ports: + - port: 8877 + targetPort: admin + protocol: TCP + name: ambassador-admin + - port: 8005 + targetPort: 8005 + protocol: TCP + name: ambassador-snapshot + selector: + app.kubernetes.io/name: edge-stack + app.kubernetes.io/instance: edge-stack +--- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: apps/v1 kind: Deployment From 5640bf3c955a12ed825c496800da48cb33edba46 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 9 Feb 2022 17:06:57 -0700 Subject: [PATCH 23/40] Update to Emissary 2.2.0-rc.4 Signed-off-by: Luke Shumaker --- charts/edge-stack/Chart.lock | 6 +++--- charts/edge-stack/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 90a7f42..1f36f23 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.0-rc.3 -digest: sha256:453641097480ceb1d573d9c872aa86053f37371e8d6661aaf252d393c5ef2b8e -generated: "2022-02-09T13:25:49.46587531-07:00" + version: 7.3.0-rc.4 +digest: sha256:3ab71014d9e26d414ac4b7396d8a9e2e169b2a175899e6a9dd813ce0d0069ad8 +generated: "2022-02-09T17:01:15.037771003-07:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 77c54e6..5ee159f 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.0-rc.3 + version: 7.3.0-rc.4 repository: https://s3.amazonaws.com/datawire-static-files/charts-dev From 5839f71f6516149376ef468bbdaa9f5fcd136ffb Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 9 Feb 2022 17:08:40 -0700 Subject: [PATCH 24/40] Prepare Edge Stack 2.2.0-rc.4 Signed-off-by: Luke Shumaker --- VERSION | 2 +- charts/edge-stack/Chart.yaml | 4 ++-- charts/edge-stack/values.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 4 ++-- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/VERSION b/VERSION index 6046403..7bbe1d0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.0-rc.3 +2.2.0-rc.4 diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 5ee159f..41bf249 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.2.0-rc.3 +appVersion: 2.2.0-rc4 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.3.0-rc.3 +version: 7.3.0-rc.4 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index d32ed43..c458491 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.2.0-rc.3 + tag: 2.2.0-rc.4 pullPolicy: IfNotPresent rbac: diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index 928dbd1..7bca594 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index acc1f4f..689b9bb 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index 7bd9676..23d8ab4 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 84c597e..750492e 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5553,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index 527daf2..b317850 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index e2b83d4..40fc79f 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index b955a35..0860410 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -585,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index 83a192f..ffea1ef 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 789ff25..9e624e7 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 618d3c0..32e4678 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 7bd9676..23d8ab4 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.3 + image: docker.io/datawire/aes:2.2.0-rc.4 imagePullPolicy: IfNotPresent ports: - name: http From 906d720dc34bb2866a9c91a77697c4c253aecc47 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 10 Feb 2022 12:26:15 -0500 Subject: [PATCH 25/40] Delete backup file that shouldn't have been committed Signed-off-by: Flynn --- charts/edge-stack/#CHANGELOG.md# | 561 ------------------------------- 1 file changed, 561 deletions(-) delete mode 100644 charts/edge-stack/#CHANGELOG.md# diff --git a/charts/edge-stack/#CHANGELOG.md# b/charts/edge-stack/#CHANGELOG.md# deleted file mode 100644 index a2bab30..0000000 --- a/charts/edge-stack/#CHANGELOG.md# +++ /dev/null @@ -1,561 +0,0 @@ -# Change Log - -This file documents all notable changes to Edge Stack Helm Chart. The release -numbering uses [semantic versioning](http://semver.org). - -## v7.2.2 - -- Update Edge Stack chart image to version v2.1.2: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) - -## v7.2.1 - -- Update Edge Stack chart image to version v2.1.1: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) - -## v7.2.0 - -- Update Edge Stack chart image to version v2.1.0: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) - -## v7.1.11 - -- Update Edge Stack chart image to version v2.0.5: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) - -## v7.1.10 - -- Switch Edge Stack CRDs to API version `v3alpha1`. - -## v7.1.9 - -- Update Edge Stack chart image to version v2.0.4: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) - -## v7.1.8-ea - -- Update Edge Stack chart image to version v2.0.3-ea: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) - -## v7.1.3 - v7.1.7: Internal, not released - -## v7.1.2-ea - -- Update Edge Stack chart image to version v2.0.2-ea: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) - -## v7.1.1-ea - -- Update Edge Stack chart image to version v2.0.1-ea: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) - -## v7.1.0-ea - -- Feature: New canarying features for Ambassador in the chart that allow creation of a secondary deployment/service to test new versions and environment variables. -- Feature: Exposed `progressDeadlineSeconds` for the Ambassador and Ambassador Agent Deployments with new values - -## v7.0.0-ea - -- Update Edge Stack chart image to version v2.0.0-ea: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) -- Split [ambassador](https://github.com/emissary-ingress/emissary/tree/v1.13.9/charts/ambassador) helm chart into `edge-stack` (this repo) and `emissary-ingress`. - -## v6.7.9 - -- Update Ambassador chart image to version 1.13.6: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - - -## v6.7.8 - -- Update Ambassador chart image to version 1.13.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - - -## v6.7.7 - -- Bugfix: ambassador-injector and telepresence-proxy now use the correct default image repository - -## v6.7.6 - -- Update Ambassador chart image to version 1.13.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Change: unless image.repository or image.fullImageOverride is explicitly set, the ambassador image used will be templated on .Values.enableAES. If AES is enabled, the chart will use docker.io/datawire/aes, otherwise will use docker.io/datawire/ambassador. - -## v6.7.5 - -- Update Ambassador chart image to version v1.13.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.7.4 - -- Feature: The [Ambassador Module](https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/) can now be configured and managed by Helm - -## v6.7.3 - -- Update Ambassador chart image to version v1.13.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.7.2 - -- Bugfix: Don't change the Role name when running in singleNamespace mode. - -## v6.7.1 - -- Update Ambassador chart image to version v1.13.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.7.0 - -- Update Ambassador to version 1.13.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Ambassador Agent now available for API Gateway (https://app.getambassador.io) -- Feature: Add support for [pod toplology spread constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) via the `topologySpreadConstraints` helm value to the Ambassador deployment. (thanks, [@lawliet89](https://github.com/lawliet89)!) -- BugFix: Add missing `ambassador_id` for resolvers. -- Change: Ambassador ClusterRoles are now aggregated under the label `rbac.getambassador.io/role-group`. The aggregated role has the same name as the previous role name (so no need to update ClusterRoleBindings). - -## v6.6.4 - -- Update Ambassador to version 1.12.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.6.3 - -- Update Ambassador to version 1.12.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.6.2 - -- Update Ambassador to version 1.12.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.6.1 - -- Fix metadata field in ConsulRevoler -- Make resolvers available to OSS - -## v6.6.0 - -- Update Ambassador to version 1.12.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Apply Ambassador Agent deployment by default to enable Service Catalog reporting (https://app.getambassador.io) - -## v6.5.22 - -- Bugfix: Disable the cloud agent by default. The agent will be enabled in 6.6.0. -- Bugfix: Adds a check to prevent the cloud agent from being installed if AES version is less than 1.12.0 - -## v6.5.21 - -- Update Ambassador to version 1.12.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Add support for the ambassador-agent, reporting to Service Catalog (https://app.getambassador.io) -- Feature: All services are automatically instrumented with discovery annotations. - -## v6.5.20 - -- Update Ambassador to version v1.11.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.19 - -- Make all `livenessProbe` and `readinessProbe` configurations available to the values file - -## v6.5.18 - -- Update Ambassador to version v1.11.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.17 - -- Update Ambassador to version v1.11.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Bugfix: Fix Mapping definition to correctly support labels in use. - -## v6.5.16 - -- Bugfix: Ambassador CRD cleanup will now execute as expected. - -## v6.5.15 - -- Bugfix: Ambassador RBAC now includes permissions for IngressClasses. - -## v6.5.14 - -- Update for Ambassador v1.10.0 - -## v6.5.13 - -- Update for Ambassador v1.9.1 - -## v6.5.12 - -- Feature: Add ability to configure `terminationGracePeriodSeconds` for the Ambassador container -- Update for Ambassador v1.9.0 - -## v6.5.11 - -- Feature: add affinity and tolerations support for redis pods - -## v6.5.10 - -- Update Ambassador to version 1.8.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.9 - -- Update Ambassador to version 1.8.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Bugfix: The RBAC for AES now grants permission to "patch" Events.v1.core. Previously it granted "create" but not "patch". - -## v6.5.8 - -- Update Ambassador to version 1.7.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.7 - -- Update Ambassador to version 1.7.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- The BusyBox image image used by `test-ready` is now configurable (thanks, [Alan Silva](https://github.com/OmegaVVeapon)!) - -## v6.5.6 - -- Update Ambassador to version 1.7.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Allow overriding the namespace for the release using the values file: [ambassador-chart/#122](https://github.com/datawire/ambassador-chart/pull/122) - -## v6.5.5 - -- Allow hyphens in service annotations: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.4 - -- Upgrade Ambassador to version 1.7.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.3 - -- Upgrade Ambassador to version 1.7.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.2 - -- Feature: Add support for DaemonSet/Deployment labels: [ambassador-chart/#114](https://github.com/datawire/ambassador-chart/pull/114) -- Upgrade Ambassador to version 1.6.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.1 - -- Upgrade Ambassador to version 1.6.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.0 - -- Upgrade Ambassador to version 1.6.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.10 - -- Feature: Allow specifying annotations for the license-key-secret: [ambassador-chart/#106](https://github.com/datawire/ambassador-chart/issues/106) -- Feature: Annotation for keeping the AES secret on removal: [ambassador-chart/#110](https://github.com/datawire/ambassador-chart/issues/110) -- Fix: do not mount the secret if we do not want a secret: [ambassador-chart/#103](https://github.com/datawire/ambassador-chart/issues/103) -- Internal CI refactorings. - -## v6.4.9 - -- BugFix: Cannot specify podSecurityPolicies: [ambassador-chart/#97](https://github.com/datawire/ambassador-chart/issues/97) - -## v6.4.8 - -- Upgrade Ambassador to version 1.5.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.7 - -- BugFix: Registry service is now using the proper `app.kubernetes.io/name` -- BugFix: Restore ability to set `REDIS` env vars in `env` instead of `redisEnv` -- Feature: Add `envRaw` to support supplying raw yaml for environment variables. Deprecates `redisEnv`. - -## v6.4.6 - -- Upgrade Ambassador to version 1.5.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Added support setting external IPs for the ambassador service (thanks, [Jason Smith](https://github.com/jasons42)!) - -## v6.4.5 - -- Upgrade Ambassador to version 1.5.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.4 - -- Feature flag for enabling or disabling the [`Project` registry](https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/) -- redisEnv for setting environment variables to control how Ambassador interacts with redis. See [redis environment](https://www.getambassador.io/docs/edge-stack/latest/topics/running/environment/#redis) - -## v6.4.3 - -- Upgrade Ambassador to version 1.5.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.2 - -- Upgrade Ambassador to version 1.5.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.1 - -- BugFix: The `PodSecurityPolicy` should not be created by default since it is a cluster-wide resource that should only be created once. - -If you would like to use the default `PodSecurityPolicy`, make sure to unset `security.podSecurityPolicy` it in all other releases. - -## v6.4.0 - -- Upgrade Ambassador to version 1.5.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- AuthService and RateLimitService are now installed in the same namespace as Ambassador. -- Changes RBAC permissions to better support single-namespace installations and detecting getambassador.io CRDs. -- Add option to install Service Preview components (traffic-manager, traffic-agent). -- Add option to install ambassador-injector, alongside Service Preview. -- Add additional security policy configurations. - - `securityContext` has been deprecated in favor of `security` which allows you to set container and pod security contexts as well as a default `PodSecurityPolicy`. - -## v6.3.6 - -- Switch from Quay.io to DockerHub - -## v6.3.5 - -- Upgrade Ambassador to version 1.4.3: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.4 - -- Minor bug fixes - -## v6.3.3 - -- Add extra labels to ServiceMonitor: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.2 - -- Upgrade Ambassador to version 1.4.2: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.1 - -- Upgrade Ambassador to version 1.4.1: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.0 - -- Adds: Option to create a ServiceMonitor for scraping via Prometheus Operator - -## v6.2.5 - -- Upgrade Ambassador to version 1.4.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.2.4 - -- Fix typing so that Helm3 doesn't complain (thanks, [Fabrice Rabaute](https://github.com/jfrabaute)!) - -## v6.2.3 - -- Upgrade Ambassador to version 1.3.2. -- Use explicit types for things like ports, so that things like `helm .. --set service.ports[0].port=80` will be integers instead of ending up as strings - -## v6.2.2 - -- Upgrade Ambassador to version 1.3.1. -- Remove unnecessary `version` field from CRDs. -- Add static label to AES resources, to better support `edgectl install` - -## v6.2.1 - -- Upgrade Ambassador to version 1.3.0. - -## v6.2.0 - -- Add option to not create DevPortal routes - -## v6.1.5 - -- Upgrade Ambassador to version 1.2.2. - -## v6.1.4 - -- Upgrade from Ambassador 1.2.0 to 1.2.1. - -## v6.1.3 - -- Upgrade from Ambassador 1.1.1 to 1.2.0. - -## v6.1.2 - -- Upgrade from Ambassador 1.1.0 to 1.1.1. - -## v6.1.1 - -Minor Improvements: - -- Adds: Option to override the name of the RBAC resources - -## v6.1.0 - -Minor improvements including: - -- Adds: Option to set `restartPolicy` -- Adds: Option to give the AES license key secret a custom name -- Fixes: Assumption that the AES will be installed only from the `datawire/aes` repository. The `enableAES` flag now configures whether the AES is installed. -- Clarification on how to install OSS - -## v6.0.0 - -Introduces Ambassador Edge Stack being installed by default. - -### Breaking changes - -Ambassador Pro support has been removed in 6.0.0. Please upgrade to the Ambassador Edge Stack. - -## v5.0.0 - -### Breaking changes - -**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified. - -- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed - -## v4.0.0 - -### Breaking Changes - -- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core -- The license key is now stored and read from a Kubernetes secret by default -- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. - -### Minor Changes - -- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance -- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) -- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` -- Fixed misnamed selector for redis instance that failed in an edge case -- Exposes annotations for redis deployment and service - -## v3.0.0 - -### Breaking Changes - -- The default annotation has been removed. The service port will be set dynamically to 8080 or 8443 for http and https respectively. -- `service.http`, `service.https`, and `additionalTCPPort` has been replaced with `service.ports`. -- `rbac.namespaced` has been removed. Use `scope.singleNamespace` instead. - -### Minor Changes - -- Ambassador Pro will pick up when `AMBASSADOR_ID` is set in `.Values.env` [[#15025]](https://github.com/helm/charts/issues/15025). -- `{{release name}}-admins` has been renamed to `{{release name}}-admin` to match YAML install templates -- RBAC configuration has been updated to allow for CRD use when `scope.singleNamespace: true`. [[ambassador/#1576]](https://github.com/datawire/ambassador/issues/1576) -- RBAC configuration now allows for multiple Ambassadors to use CRDs. Set `crds.enabled` in releases that expect CRDs [[ambassador/#1679]](https://github.com/datawire/ambassador/issues/1679) - -## v2.6.0 - -### Minor Changes - -- Add ambassador CRDs! -- Update ambassador to 0.70.0 - -## v2.5.1 - -### Minor Changes - -- Update ambassador to 0.61.1 - -## v2.5.0 - -### Minor Changes - -- Add support for autoscaling using HPA, see `autoscaling` values. - -## v2.4.1 - -### Minor Changes - -- Update ambassador to 0.61.0 - -## v2.4.0 - -### Minor Changes - -- Allow configuring `hostNetwork` and `dnsPolicy` - -## v2.3.1 - -### Minor Changes - -- Adds HOST_IP environment variable - -## v2.3.0 - -### Minor Changes - -- Adds support for init containers using `initContainers` and pod labels `podLabels` - -## v2.2.5 - -### Minor Changes - -- Update ambassador to 0.60.3 - -## v2.2.4 - -### Minor Changes - -- Add support for Ambassador PRO [see readme](https://github.com/helm/charts/blob/master/stable/ambassador/README.md#ambassador-pro) - -## v2.2.3 - -### Minor Changes - -- Update ambassador to 0.60.2 - -## v2.2.2 - -### Minor Changes - -- Update ambassador to 0.60.1 - -## v2.2.1 - -### Minor Changes - -- Fix RBAC for ambassador 0.60.0 - -## v2.2.0 - -### Minor Changes - -- Update ambassador to 0.60.0 - -## v2.1.0 - -### Minor Changes - -- Added `scope.singleNamespace` for configuring ambassador to run in single namespace - -## v2.0.2 - -### Minor Changes - -- Update ambassador to 0.53.1 - -## v2.0.1 - -### Minor Changes - -- Update ambassador to 0.52.0 - -## v2.0.0 - -### Major Changes - -- Removed `ambassador.id` and `namespace.single` in favor of setting environment variables. - -## v1.1.5 - -### Minor Changes - -- Update ambassador to 0.50.3 - -## v1.1.4 - -### Minor Changes - -- support targetPort specification - -## v1.1.3 - -### Minor Changes - -- Update ambassador to 0.50.2 - -## v1.1.2 - -### Minor Changes - -- Add additional chart maintainer - -## v1.1.1 - -### Minor Changes - -- Default replicas -> 3 - -## v1.1.0 - -### Minor Changes - -- Allow RBAC to be namespaced (`rbac.namespaced`) - -## v1.0.0 - -### Major Changes - -- First release of Ambassador Helm Chart in helm/charts -- For migration see [Migrating from datawire/ambassador chart](https://github.com/helm/charts/tree/master/stable/ambassador#migrating-from-datawireambassador-chart-chart-version-0400-or-0500) From 8a00f65c9f4076c28edf059feca64525ef6d5551 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 10 Feb 2022 12:26:43 -0500 Subject: [PATCH 26/40] Update for 2.2.0-rc.5 Signed-off-by: Flynn --- CHANGELOG.md | 45 ++++++++++++--------- VERSION | 2 +- charts/edge-stack/Chart.lock | 6 +-- charts/edge-stack/Chart.yaml | 6 +-- docs/releaseNotes.yml | 76 ++++++++++++++++++++++++------------ 5 files changed, 84 insertions(+), 51 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d9fbe6..0422ea6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -77,40 +77,49 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest ## RELEASE NOTES -## [2.2.0] 2022-02-09 +## [2.2.0] 2022-02-10 [2.2.0]: https://github.com/datawire/edge-stack/releases/v2.2.0 ## Ambassador Edge Stack +- Change: Support for the Envoy V2 API is deprecated as of Ambassador Edge Stack v2.1, and will be removed + in Ambassador Edge Stack v3.0. The `AMBASSADOR_ENVOY_API_VERSION` environment variable will be + removed at the same time. Only the Envoy V3 API will be supported (this has been the default since + Ambassador Edge Stack v1.14.0). + +- Change: Ambassador Edge Stack will now watch for ConfigMap or Secret resources specified by the + `AGENT_CONFIG_RESOURCE_NAME` environment variable in order to allow all components (and not only + the Ambassador Agent) to authenticate requests to Ambassador Cloud. + +- Security: Ambassador Edge Stack has updated Alpine to 3.15, and Python and Go dependencies to their latest + compatible versions, to incorporate numerous security patches. + - Feature: Ambassador Edge Stack now supports the metric `ambassador_log_level{label="debug"}` which will be set to 1 if debug logging is enabled for the running Emissary instance, or to 0 if not. This can help to be sure that a running production instance was not actually left doing debugging logging, - for example. (Thanks to Fabrice!) ([3906]) + for example. (Thanks to Fabrice!) ([#3906]) - Feature: Ambassador Edge Stack is now leveraging a new Envoy Proxy patch that allows Envoy to accept escaped '%' characters in its configuration. This means that error_response_overrides and other - custom user content can now contain '%' symbols escaped as '%%' ([DW Envoy: 74]) ([Upstream Envoy: 19383]) - -- Feature: Ambassador Edge Stack now supports sending the body of requests to the AuthService and external - authentication services by configuring `include_body.body_raw_bytes` in each resource. ([Support binary uploads]) - -- Feature: Ambassador Edge Stack now supports configuring Certificate Revocation Lists containing a list of - certificates that have been revoked before their expiration. Configuration for CRLs can be done on - the `Listener`, `Host`, or `TLSContext`. + custom user content can now contain '%' symbols escaped as '%%'. ([DW Envoy: 74]) ([Upstream Envoy: 19383]) -- Feature: The new `precedence` field in `FilterPolicy` rules allows for manual configuration of - `FilterPolicy` rules instead of the default behavior where Ambassador Edge Stack always selects - the rule with the most specific hostname and path. +- Feature: Support for streaming Envoy metrics about the clusters to Ambassador Cloud. ([#4053]) -- Bugfix: Intermitent 503 outages with consul upstream services have been resolved in Ambassador Edge Stack. +- Feature: The Ambassador agent now receives commands to manipulate Rollouts (pause, continue, and abort are + currently supported) via directives and executes them in the cluster. A report is sent to + Ambassador Cloud including the command ID, whether it ran successfully, and an error message in + case there was any. ([#4040]) -- Bugfix: Configuring the OAuth Filter's cache duration with `maxStale` now supports caching responses from - validating opaque userInfo tokens. +- Bugfix: Kubernetes Secrets that should contain TLS certificates are now validated before being accepted + for configuration. A Secret that contains an invalid TLS certificate will be logged as an invalid + resource. ([#3821]) -[3906]: https://github.com/emissary-ingress/emissary/issues/3906 +[#3906]: https://github.com/emissary-ingress/emissary/issues/3906 [DW Envoy: 74]: https://github.com/datawire/envoy/pull/74 [Upstream Envoy: 19383]: https://github.com/envoyproxy/envoy/pull/19383 -[Support binary uploads]: https://github.com/emissary-ingress/emissary/pull/3995 +[#4053]: https://github.com/emissary-ingress/emissary/pull/4053 +[#4040]: https://github.com/emissary-ingress/emissary/pull/4040 +[#3821]: https://github.com/emissary-ingress/emissary/issues/3821 ## [2.1.2] 2022-01-25 [2.1.2]: https://github.com/datawire/edge-stack/releases/v2.1.2 diff --git a/VERSION b/VERSION index 7bbe1d0..fe5250a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.0-rc.4 +2.2.0-rc.5 diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 1f36f23..ebd447a 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.0-rc.4 -digest: sha256:3ab71014d9e26d414ac4b7396d8a9e2e169b2a175899e6a9dd813ce0d0069ad8 -generated: "2022-02-09T17:01:15.037771003-07:00" + version: 7.3.0-rc.5 +digest: sha256:c9e4c5e2633ccdf9dd43244ba0fc6c693226881a23f7065e7997bbde7f6d59fa +generated: "2022-02-10T12:05:08.097926-05:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 41bf249..e688672 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.2.0-rc4 +appVersion: 2.2.0-rc.5 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.3.0-rc.4 +version: 7.3.0-rc.5 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.0-rc.4 + version: 7.3.0-rc.5 repository: https://s3.amazonaws.com/datawire-static-files/charts-dev diff --git a/docs/releaseNotes.yml b/docs/releaseNotes.yml index 20ea32d..ae796a7 100644 --- a/docs/releaseNotes.yml +++ b/docs/releaseNotes.yml @@ -28,12 +28,35 @@ # `FOO/releaseNotes.yml`, then the image paths are # relative to `FOO/release-notes/`. # - docs: The path to the documentation page where additional information can be found. +# - href: A path from the root to a resource on the getambassador website, takes precedence over a docs link. changelog: https://github.com/datawire/edge-stack/blob/$branch$/CHANGELOG.md items: - version: 2.2.0 - date: '2022-02-09' + date: '2022-02-10' notes: + - title: Envoy V2 API deprecation + type: change + body: >- + Support for the Envoy V2 API is deprecated as of $productName$ v2.1, and will be removed in $productName$ + v3.0. The AMBASSADOR_ENVOY_API_VERSION environment variable will be removed at the same + time. Only the Envoy V3 API will be supported (this has been the default since $productName$ v1.14.0). + + - title: Ambassador Edge Stack will watch for Cloud Connect Tokens + type: change + body: >- + $productName$ will now watch for ConfigMap or Secret resources specified by the + AGENT_CONFIG_RESOURCE_NAME environment variable in order to allow all + components (and not only the Ambassador Agent) to authenticate requests to + Ambassador Cloud. + image: ./v2.2.0-cloud.png + + - title: Update Alpine and libraries + type: security + body: >- + $productName$ has updated Alpine to 3.15, and Python and Go dependencies + to their latest compatible versions, to incorporate numerous security patches. + - title: Support a log-level metric type: feature body: >- @@ -43,7 +66,7 @@ items: instance was not actually left doing debugging logging, for example. (Thanks to Fabrice!) github: - - title: 3906 + - title: "#3906" link: https://github.com/emissary-ingress/emissary/issues/3906 docs: topics/running/statistics/8877-metrics/ @@ -52,47 +75,48 @@ items: body: >- $productName$ is now leveraging a new Envoy Proxy patch that allows Envoy to accept escaped '%' characters in its configuration. This means that error_response_overrides and other - custom user content can now contain '%' symbols escaped as '%%' + custom user content can now contain '%' symbols escaped as '%%'. docs: topics/running/custom-error-responses github: - title: "DW Envoy: 74" link: https://github.com/datawire/envoy/pull/74 - title: "Upstream Envoy: 19383" link: https://github.com/envoyproxy/envoy/pull/19383 + image: ./v2.2.0-percent-escape.png - - title: Support binary uploads for AuthService and External Filters + - title: Stream metrics from Envoy to Ambassador Cloud type: feature body: >- - $productName$ now supports sending the body of requests to the AuthService and external authentication services by configuring include_body.body_raw_bytes in each resource. + Support for streaming Envoy metrics about the clusters to Ambassador Cloud. github: - - title: "Support binary uploads" - link: https://github.com/emissary-ingress/emissary/pull/3995 - docs: topics/running/services/auth-service/#fields - - - title: Support configuration for Envoy's Certificate Revocation Lists - type: feature - body: >- - $productName$ now supports configuring Certificate Revocation Lists containing a list of certificates that have been revoked before their expiration. Configuration for CRLs can be done on the Listener, Host, or TLSContext. - docs: topics/running/listener/#certvalidation + - title: "#4053" + link: https://github.com/emissary-ingress/emissary/pull/4053 + docs: https://github.com/emissary-ingress/emissary/pull/4053 - - title: Allow configuring FilterPolicy rule priority + - title: Support received commands to pause, continue and abort a Rollout via Agent directives type: feature body: >- - The new precedence field in FilterPolicy rules allows for manual configuration of FilterPolicy rules instead of the default behavior where $productName$ always selects the rule with the most specific hostname and path. - docs: topics/using/filters + The Ambassador agent now receives commands to manipulate Rollouts (pause, continue, and + abort are currently supported) via directives and executes them in the cluster. A report + is sent to Ambassador Cloud including the command ID, whether it ran successfully, and + an error message in case there was any. + github: + - title: "#4040" + link: https://github.com/emissary-ingress/emissary/pull/4040 + docs: https://github.com/emissary-ingress/emissary/pull/4040 - - title: Resolved 503 outages with Consul services + - title: Validate certificates in TLS Secrets type: bugfix body: >- - Intermitent 503 outages with consul upstream services have been resolved in $productName$. - docs: https://github.com/emissary-ingress/emissary/issues/3680 + Kubernetes Secrets that should contain TLS certificates are now validated before being + accepted for configuration. A Secret that contains an invalid TLS certificate will be logged + as an invalid resource. + github: + - title: "#3821" + link: https://github.com/emissary-ingress/emissary/issues/3821 + docs: ../topics/running/tls + image: ./v2.2.0-tls-cert-validation.png - - title: OAuth cache config supports userInfo token validation responsess - type: bugfix - body: >- - Configuring the OAuth Filter's cache duration with maxStale now supports caching responses from validating opaque userInfo tokens. - docs: topics/using/filters/oauth2/#oauth-resource-server-settings - - version: 2.1.2 date: '2022-01-25' notes: From 54ef7f2c92e7add21a524b06496e88589d03e8ad Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 10 Feb 2022 12:49:33 -0500 Subject: [PATCH 27/40] Correctly update values.yaml and generate Signed-off-by: Flynn --- charts/edge-stack/values.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 4 ++-- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 12 files changed, 16 insertions(+), 16 deletions(-) diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index c458491..59022d9 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.2.0-rc.4 + tag: 2.2.0-rc.5 pullPolicy: IfNotPresent rbac: diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index 7bca594..24bcbcb 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index 689b9bb..1f95132 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index 23d8ab4..40514df 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 750492e..1533d10 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5553,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index b317850..cf29e13 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index 40fc79f..0e955f3 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 0860410..0405b1e 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -585,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index ffea1ef..1d121c0 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 9e624e7..a4b1f58 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 32e4678..cb0dc96 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 23d8ab4..40514df 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.4 + image: docker.io/datawire/aes:2.2.0-rc.5 imagePullPolicy: IfNotPresent ports: - name: http From 17ff8b341545828405d111b0f22f1af9ad8fb8a8 Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Thu, 10 Feb 2022 13:14:38 -0800 Subject: [PATCH 28/40] Updates for 2.2 GA Signed-off-by: Aidan Hahn --- CHANGELOG.md | 5 ----- VERSION | 2 +- charts/edge-stack/Chart.lock | 8 ++++---- charts/edge-stack/Chart.yaml | 8 ++++---- charts/edge-stack/values.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 4 ++-- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 16 files changed, 25 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0422ea6..41074fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -82,11 +82,6 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest ## Ambassador Edge Stack -- Change: Support for the Envoy V2 API is deprecated as of Ambassador Edge Stack v2.1, and will be removed - in Ambassador Edge Stack v3.0. The `AMBASSADOR_ENVOY_API_VERSION` environment variable will be - removed at the same time. Only the Envoy V3 API will be supported (this has been the default since - Ambassador Edge Stack v1.14.0). - - Change: Ambassador Edge Stack will now watch for ConfigMap or Secret resources specified by the `AGENT_CONFIG_RESOURCE_NAME` environment variable in order to allow all components (and not only the Ambassador Agent) to authenticate requests to Ambassador Cloud. diff --git a/VERSION b/VERSION index fe5250a..ccbccc3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.0-rc.5 +2.2.0 diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index ebd447a..899198b 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress - repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.0-rc.5 -digest: sha256:c9e4c5e2633ccdf9dd43244ba0fc6c693226881a23f7065e7997bbde7f6d59fa -generated: "2022-02-10T12:05:08.097926-05:00" + repository: https://s3.amazonaws.com/datawire-static-files/charts + version: 7.3.0 +digest: sha256:c4685611ce82ad107714de6910d8bb206d770c8dd6962f501603b2d96e80d2f6 +generated: "2022-02-10T12:45:44.975886331-08:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index e688672..f4faa61 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.2.0-rc.5 +appVersion: 2.2.0 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.3.0-rc.5 +version: 7.3.0 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.0-rc.5 - repository: https://s3.amazonaws.com/datawire-static-files/charts-dev + version: 7.3.0 + repository: https://s3.amazonaws.com/datawire-static-files/charts diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index 59022d9..ea9f805 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.2.0-rc.5 + tag: 2.2.0 pullPolicy: IfNotPresent rbac: diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index 24bcbcb..3cd368f 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index 1f95132..eb36eb2 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index 40514df..daa01e8 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index 1533d10..a3cac0e 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5553,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index cf29e13..2185024 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index 0e955f3..e6da644 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 0405b1e..ca49425 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -585,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index 1d121c0..89f21ac 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index a4b1f58..33b8b00 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index cb0dc96..6eb4a21 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 40514df..daa01e8 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0-rc.5 + image: docker.io/datawire/aes:2.2.0 imagePullPolicy: IfNotPresent ports: - name: http From 15150fe3dcad81e0f4c02c893f934216e862ed49 Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Fri, 11 Feb 2022 10:11:34 -0800 Subject: [PATCH 29/40] update changelog Signed-off-by: Aidan Hahn --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41074fc..0422ea6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -82,6 +82,11 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest ## Ambassador Edge Stack +- Change: Support for the Envoy V2 API is deprecated as of Ambassador Edge Stack v2.1, and will be removed + in Ambassador Edge Stack v3.0. The `AMBASSADOR_ENVOY_API_VERSION` environment variable will be + removed at the same time. Only the Envoy V3 API will be supported (this has been the default since + Ambassador Edge Stack v1.14.0). + - Change: Ambassador Edge Stack will now watch for ConfigMap or Secret resources specified by the `AGENT_CONFIG_RESOURCE_NAME` environment variable in order to allow all components (and not only the Ambassador Agent) to authenticate requests to Ambassador Cloud. From cf02be6497ce34ff5d4ef7ef84461d6fd975c4f4 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Fri, 11 Feb 2022 15:21:54 -0700 Subject: [PATCH 30/40] make go-mod-tidy && make generate Signed-off-by: Luke Shumaker (cherry picked from commit 6048cb882bd796137b07237396171a44b0c8566d) --- charts/edge-stack/Chart.lock | 8 ++++---- charts/edge-stack/Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 899198b..3080e36 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress - repository: https://s3.amazonaws.com/datawire-static-files/charts - version: 7.3.0 -digest: sha256:c4685611ce82ad107714de6910d8bb206d770c8dd6962f501603b2d96e80d2f6 -generated: "2022-02-10T12:45:44.975886331-08:00" + repository: https://s3.amazonaws.com/datawire-static-files/charts-dev + version: 7.3.1-0.20220211211150-a9c031b59932 +digest: sha256:e556c725227daaa52f2a12d3c5e2dcbb72510dc2f9695ba0dbc9396d1e01d139 +generated: "2022-02-11T14:57:09.278406113-07:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index f4faa61..814a7e7 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.0 - repository: https://s3.amazonaws.com/datawire-static-files/charts + version: 7.3.1-0.20220211211150-a9c031b59932 + repository: https://s3.amazonaws.com/datawire-static-files/charts-dev From 0aea9f77e98d583e14e0f08355efbc91c3473707 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Thu, 17 Feb 2022 22:33:52 -0700 Subject: [PATCH 31/40] facilitate: Generate Chart.lock without downloading the Emissary chart This makes `make generate` slightly faster, but it also reduces reliance on emissary.git automation. --- charts/charts.mk | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/charts.mk b/charts/charts.mk index 4ae043b..1ca5861 100644 --- a/charts/charts.mk +++ b/charts/charts.mk @@ -30,9 +30,6 @@ chart/update-emissary: $(YQ) rm -f $(CHART_DIR)/charts/emissary-ingress*.tgz $(YQ) w -i $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).version' '$(patsubst v%,%,$(EMISSARY_CHART_VERSION))' $(YQ) w -i $(CHART_DIR)/Chart.yaml 'dependencies.(name==emissary-ingress).repository' '$(EMISSARY_CHART_REPO)' - helm repo rm emissary-updater || true - helm repo add emissary-updater '$(EMISSARY_CHART_REPO)' - helm dep update $(CHART_DIR) .PHONY: chart/update-emissary chart/docgen: From 837ee5498786de7131fb8ba5239d971ca442b682 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Thu, 17 Feb 2022 22:56:50 -0700 Subject: [PATCH 32/40] facilitate: Don't have `make generate` Download the Emissary chart This requires a supporting change in emissary.git. This also reduces reliance on emissary.git automation. --- Makefile | 5 ++--- charts/edge-stack/Chart.lock | 6 +++--- charts/edge-stack/Chart.yaml | 2 +- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 18b88f7..064b3b0 100644 --- a/Makefile +++ b/Makefile @@ -25,9 +25,8 @@ FORCE: .PHONY: FORCE .SECONDARY: -$(EDGE_STACK_HOME)/charts/edge-stack/charts: %/charts: %/Chart.yaml - rm -rf $@ - cd $* && helm dependency update +$(EDGE_STACK_HOME)/charts/edge-stack/charts: FORCE + $(MAKE) -C .. $@ $(HELM_OUTPUT_DIR): $(EDGE_STACK_HOME)/charts/edge-stack/charts FORCE rm -rf $@ diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 3080e36..87551c1 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.1-0.20220211211150-a9c031b59932 -digest: sha256:e556c725227daaa52f2a12d3c5e2dcbb72510dc2f9695ba0dbc9396d1e01d139 -generated: "2022-02-11T14:57:09.278406113-07:00" + version: 7.3.1-0.20220218170742-db7ace0ddd33 +digest: sha256:4cc92ff119237dd768d861bb139867c5f67096dbdaef4f9d0d291a8125a78390 +generated: "2022-02-18T14:23:32.895879831-07:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 814a7e7..f5423a1 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.1-0.20220211211150-a9c031b59932 + version: 7.3.1-0.20220218170742-db7ace0ddd33 repository: https://s3.amazonaws.com/datawire-static-files/charts-dev From c725c3d434e6b74e14581cacbafcf2ae17911f3d Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Fri, 18 Feb 2022 14:37:53 -0700 Subject: [PATCH 33/40] Bump to an Emissary with the Envoy security patches --- charts/edge-stack/Chart.lock | 6 +++--- charts/edge-stack/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 87551c1..791a186 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.1-0.20220218170742-db7ace0ddd33 -digest: sha256:4cc92ff119237dd768d861bb139867c5f67096dbdaef4f9d0d291a8125a78390 -generated: "2022-02-18T14:23:32.895879831-07:00" + version: 7.3.1-0.20220218203457-b727aaae1f2f +digest: sha256:b7a7c9f227e128ef34a02666f30dc7514852d953ce5a2f911caf4b14ba77b358 +generated: "2022-02-18T14:33:50.762297228-07:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index f5423a1..6e708f2 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.1-0.20220218170742-db7ace0ddd33 + version: 7.3.1-0.20220218203457-b727aaae1f2f repository: https://s3.amazonaws.com/datawire-static-files/charts-dev From f79e5e095c47596be9bab4aa6026ab82067819f4 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 22 Feb 2022 14:37:03 -0700 Subject: [PATCH 34/40] Prepare 2.2.1 GA [ci-skip] --- VERSION | 2 +- charts/edge-stack/CHANGELOG.md | 4 ++++ charts/edge-stack/Chart.yaml | 8 ++++---- charts/edge-stack/values.yaml | 2 +- docs/releaseNotes.yml | 22 ++++++++++++++++++++++ 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/VERSION b/VERSION index ccbccc3..c043eea 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.0 +2.2.1 diff --git a/charts/edge-stack/CHANGELOG.md b/charts/edge-stack/CHANGELOG.md index 3c2364b..6be69b7 100644 --- a/charts/edge-stack/CHANGELOG.md +++ b/charts/edge-stack/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Edge Stack Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v7.3.1 + +- Update Edge Stack chart image to version v2.2.1: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) + ## v7.3.0 - Update Edge Stack chart image to version v2.2.0: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 6e708f2..e9dd701 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.2.0 +appVersion: 2.2.1 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.3.0 +version: 7.3.1 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.1-0.20220218203457-b727aaae1f2f - repository: https://s3.amazonaws.com/datawire-static-files/charts-dev + version: 7.3.1 + repository: https://s3.amazonaws.com/datawire-static-files/charts diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index ea9f805..a89e379 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.2.0 + tag: 2.2.1 pullPolicy: IfNotPresent rbac: diff --git a/docs/releaseNotes.yml b/docs/releaseNotes.yml index ae796a7..dc17d56 100644 --- a/docs/releaseNotes.yml +++ b/docs/releaseNotes.yml @@ -32,6 +32,28 @@ changelog: https://github.com/datawire/edge-stack/blob/$branch$/CHANGELOG.md items: + - version: 2.2.1 + date: '2022-02-22' + notes: + - title: Envoy V2 API deprecation + type: change + body: >- + Support for the Envoy V2 API is deprecated as of $productName$ v2.1, and will be removed in $productName$ + v3.0. The AMBASSADOR_ENVOY_API_VERSION environment variable will be removed at the same + time. Only the Envoy V3 API will be supported (this has been the default since $productName$ v1.14.0). + + - title: Envoy security updates + type: security + body: >- + Upgraded Envoy to address security vulnerabilities CVE-2021-43824, CVE-2021-43825, CVE-2021-43826, + CVE-2022-21654, and CVE-2022-21655. + docs: https://groups.google.com/g/envoy-announce/c/bIUgEDKHl4g + - title: Correctly support canceling rollouts + type: bugfix + body: >- + The Ambassador Agent now correctly supports requests to cancel a rollout. + docs: ../../argo/latest/howtos/manage-rollouts-using-cloud + - version: 2.2.0 date: '2022-02-10' notes: From 637c9bcd26d095d0a7ba80a800128a1e39c045b9 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 22 Feb 2022 14:37:11 -0700 Subject: [PATCH 35/40] make generate --- CHANGELOG.md | 15 +++++++++++++++ charts/edge-stack/Chart.lock | 8 ++++---- manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- .../edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 4 ++-- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- .../edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 13 files changed, 34 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0422ea6..43988df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -77,6 +77,21 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest ## RELEASE NOTES +## [2.2.1] 2022-02-22 +[2.2.1]: https://github.com/datawire/edge-stack/releases/v2.2.1 + +## Ambassador Edge Stack + +- Change: Support for the Envoy V2 API is deprecated as of Ambassador Edge Stack v2.1, and will be removed + in Ambassador Edge Stack v3.0. The `AMBASSADOR_ENVOY_API_VERSION` environment variable will be + removed at the same time. Only the Envoy V3 API will be supported (this has been the default since + Ambassador Edge Stack v1.14.0). + +- Security: Upgraded Envoy to address security vulnerabilities CVE-2021-43824, CVE-2021-43825, CVE-2021-43826, + CVE-2022-21654, and CVE-2022-21655. + +- Bugfix: The Ambassador Agent now correctly supports requests to cancel a rollout. + ## [2.2.0] 2022-02-10 [2.2.0]: https://github.com/datawire/edge-stack/releases/v2.2.0 diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 791a186..990ec15 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress - repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.1-0.20220218203457-b727aaae1f2f -digest: sha256:b7a7c9f227e128ef34a02666f30dc7514852d953ce5a2f911caf4b14ba77b358 -generated: "2022-02-18T14:33:50.762297228-07:00" + repository: https://s3.amazonaws.com/datawire-static-files/charts + version: 7.3.1 +digest: sha256:fbe74819194ad56fc13ed31c6f286e7533b7302030a7efb5bb764179f0f98e6a +generated: "2022-02-22T14:31:12.48815216-07:00" diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index 3cd368f..b2d00b6 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index eb36eb2..7b714a1 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index daa01e8..830b96d 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index a3cac0e..d6d9b13 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5553,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index 2185024..1fb5f55 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index e6da644..d493e84 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index ca49425..5055d14 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -585,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index 89f21ac..e3dc264 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 33b8b00..8bf8ff7 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 6eb4a21..b57db9c 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index daa01e8..830b96d 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.0 + image: docker.io/datawire/aes:2.2.1 imagePullPolicy: IfNotPresent ports: - name: http From 2d0cef426bd3389ec954811fac08398c09d1e5c3 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 22 Feb 2022 16:13:01 -0700 Subject: [PATCH 36/40] .circleci/yq.d: Update for Go 1.17 --- .circleci/yq.d/go.mod | 18 +++++++++++++++++- .circleci/yq.d/go.sum | 8 ++++---- .circleci/yq.d/pin.go | 6 ++++++ 3 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 .circleci/yq.d/pin.go diff --git a/.circleci/yq.d/go.mod b/.circleci/yq.d/go.mod index c980f04..cec1377 100644 --- a/.circleci/yq.d/go.mod +++ b/.circleci/yq.d/go.mod @@ -1,5 +1,21 @@ module github.com/datawire/build-aux/bin-go/yq -go 1.13 +go 1.17 require github.com/mikefarah/yq/v3 v3.0.0-20200417222338-3f913afbb9ed + +require ( + github.com/fatih/color v1.9.0 // indirect + github.com/goccy/go-yaml v1.4.3 // indirect + github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect + github.com/mattn/go-colorable v0.1.6 // indirect + github.com/mattn/go-isatty v0.0.12 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/spf13/cobra v1.0.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 // indirect + golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 // indirect + gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect + gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect +) diff --git a/.circleci/yq.d/go.sum b/.circleci/yq.d/go.sum index ae98e17..e9ee171 100644 --- a/.circleci/yq.d/go.sum +++ b/.circleci/yq.d/go.sum @@ -45,6 +45,7 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmg github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= @@ -52,8 +53,10 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= @@ -68,12 +71,8 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mikefarah/yq v1.15.0 h1:ViMYNRG5UB7hzm8olxMFqPtkpMXXKO4g32/v9JUa62o= -github.com/mikefarah/yq v2.4.0+incompatible h1:oBxbWy8R9hI3BIUUxEf0CzikWa2AgnGrGhvGQt5jgjk= github.com/mikefarah/yq/v3 v3.0.0-20200417222338-3f913afbb9ed h1:OPcaXkq4IrtwnP0leTxMFv9f6R9HVNmK9ryr80sWUEM= github.com/mikefarah/yq/v3 v3.0.0-20200417222338-3f913afbb9ed/go.mod h1:A6ElbOcozhGwjUdRx9kn1HtKJteuLrx76cnZYjSTJFw= -github.com/mikefarah/yq/v3 v3.0.0-20200501003153-6fc3566acd3a h1:cC7JRs/VhffZg3JHuYqZOI8BIVI7r3ufx4xLRNgDuus= -github.com/mikefarah/yq/v3 v3.0.0-20200501003153-6fc3566acd3a/go.mod h1:A6ElbOcozhGwjUdRx9kn1HtKJteuLrx76cnZYjSTJFw= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -161,6 +160,7 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v9 v9.30.0/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= diff --git a/.circleci/yq.d/pin.go b/.circleci/yq.d/pin.go new file mode 100644 index 0000000..d0c8edc --- /dev/null +++ b/.circleci/yq.d/pin.go @@ -0,0 +1,6 @@ +//go:build pin +// +build pin + +package ignore + +import "github.com/mikefarah/yq/v3" From f395464d2b1c3e7575059d65f6bb9e1831c6340e Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 22 Feb 2022 16:09:29 -0700 Subject: [PATCH 37/40] Makefile: Fix stand-alone `make generate` So that it can be run without having apro.git. --- Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 064b3b0..dea05f2 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,11 @@ FORCE: .SECONDARY: $(EDGE_STACK_HOME)/charts/edge-stack/charts: FORCE - $(MAKE) -C .. $@ + if test -f ../go.mod && test "$$(cd .. && go list -m)" == github.com/datawire/apro/v2; then \ + $(MAKE) -C .. $@; \ + else \ + cd $(@D) && helm dependency update; \ + fi $(HELM_OUTPUT_DIR): $(EDGE_STACK_HOME)/charts/edge-stack/charts FORCE rm -rf $@ From 8b67e6e84ef36ccc86e5fcb820b509b5966d01ed Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Thu, 24 Feb 2022 11:30:48 -0800 Subject: [PATCH 38/40] AES 2.2.2-rc.0 hand changes Signed-off-by: Aidan Hahn --- VERSION | 2 +- charts/edge-stack/CHANGELOG.md | 4 ++++ charts/edge-stack/Chart.lock | 8 ++++---- charts/edge-stack/Chart.yaml | 8 ++++---- charts/edge-stack/values.yaml | 2 +- docs/releaseNotes.yml | 20 ++++++++++++++++++++ 6 files changed, 34 insertions(+), 10 deletions(-) diff --git a/VERSION b/VERSION index c043eea..355aae9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.1 +2.2.2-rc.0 diff --git a/charts/edge-stack/CHANGELOG.md b/charts/edge-stack/CHANGELOG.md index 6be69b7..a86f075 100644 --- a/charts/edge-stack/CHANGELOG.md +++ b/charts/edge-stack/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Edge Stack Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v7.3.2 + +- Update Edge Stack chart image to version v2.2.2: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) + ## v7.3.1 - Update Edge Stack chart image to version v2.2.1: [CHANGELOG](https://github.com/datawire/edge-stack/blob/master/CHANGELOG.md) diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 990ec15..5f919f2 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress - repository: https://s3.amazonaws.com/datawire-static-files/charts - version: 7.3.1 -digest: sha256:fbe74819194ad56fc13ed31c6f286e7533b7302030a7efb5bb764179f0f98e6a -generated: "2022-02-22T14:31:12.48815216-07:00" + repository: https://s3.amazonaws.com/datawire-static-files/charts-dev + version: 7.3.2-rc.0 +digest: sha256:3f535bd0c27e3a88bfcc4f1b541b9e030d4df36394cd0f104399c785e148d14c +generated: "2022-02-24T11:16:21.62833898-08:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index e9dd701..5bf7748 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.2.1 +appVersion: 2.2.2 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.3.1 +version: 7.3.2-rc.0 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.1 - repository: https://s3.amazonaws.com/datawire-static-files/charts + version: 7.3.2-rc.0 + repository: https://s3.amazonaws.com/datawire-static-files/charts-dev diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index a89e379..32cba27 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.2.1 + tag: 2.2.2-rc.0 pullPolicy: IfNotPresent rbac: diff --git a/docs/releaseNotes.yml b/docs/releaseNotes.yml index dc17d56..1b87ff5 100644 --- a/docs/releaseNotes.yml +++ b/docs/releaseNotes.yml @@ -32,6 +32,25 @@ changelog: https://github.com/datawire/edge-stack/blob/$branch$/CHANGELOG.md items: + - version: 2.2.2 + date: 'TBD' + notes: + - title: TLS Secret validation is now opt-in + type: change + body: >- + You may now choose to enable TLS Secret validation by setting the + AMBASSADOR_FORCE_SECRET_VALIDATION=true environment variable. The default configuration does not + enforce secret validation. + + - title: Correctly validate EC (Elliptic Curve) Private Keys + type: bugfix + body: >- + Kubernetes Secrets that should contain an EC (Elliptic Curve) TLS Private Key are now properly validated. + github: + - title: 4134 + link: https://github.com/emissary-ingress/emissary/issues/4134 + docs: https://github.com/emissary-ingress/emissary/issues/4134 + - version: 2.2.1 date: '2022-02-22' notes: @@ -48,6 +67,7 @@ items: Upgraded Envoy to address security vulnerabilities CVE-2021-43824, CVE-2021-43825, CVE-2021-43826, CVE-2022-21654, and CVE-2022-21655. docs: https://groups.google.com/g/envoy-announce/c/bIUgEDKHl4g + - title: Correctly support canceling rollouts type: bugfix body: >- From 32f462eb91c40d370415307dc7b9e85590eef67c Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Thu, 24 Feb 2022 11:32:45 -0800 Subject: [PATCH 39/40] generated chart changes Signed-off-by: Aidan Hahn --- CHANGELOG.md | 14 ++++++++++++++ manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- .../edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 4 ++-- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 12 files changed, 29 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 43988df..4389570 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -77,6 +77,20 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest ## RELEASE NOTES +## [2.2.2] TBD +[2.2.2]: https://github.com/datawire/edge-stack/releases/v2.2.2 + +## Ambassador Edge Stack + +- Change: You may now choose to enable TLS Secret validation by setting the + `AMBASSADOR_FORCE_SECRET_VALIDATION=true` environment variable. The default configuration does not + enforce secret validation. + +- Bugfix: Kubernetes Secrets that should contain an EC (Elliptic Curve) TLS Private Key are now properly + validated. ([4134]) + +[4134]: https://github.com/emissary-ingress/emissary/issues/4134 + ## [2.2.1] 2022-02-22 [2.2.1]: https://github.com/datawire/edge-stack/releases/v2.2.1 diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index b2d00b6..648aa20 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index 7b714a1..12b885d 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index 830b96d..84628c3 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index d6d9b13..b4bf5af 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5553,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index 1fb5f55..703d39b 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index d493e84..9903e45 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 5055d14..22676ca 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -585,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index e3dc264..c3531d4 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 8bf8ff7..9261635 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index b57db9c..5243555 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 830b96d..84628c3 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.1 + image: docker.io/datawire/aes:2.2.2-rc.0 imagePullPolicy: IfNotPresent ports: - name: http From 683c062f1f4ecf22d9c3ee28f4b3b7610b31e7ad Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Fri, 25 Feb 2022 13:05:39 -0800 Subject: [PATCH 40/40] 2.2.2 GA edits Signed-off-by: Aidan Hahn --- VERSION | 2 +- charts/edge-stack/Chart.lock | 8 ++++---- charts/edge-stack/Chart.yaml | 6 +++--- charts/edge-stack/values.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-agent.yaml | 2 +- manifests/edge-stack/aes-ambassadorns-migration.yaml | 2 +- manifests/edge-stack/aes-ambassadorns.yaml | 4 ++-- manifests/edge-stack/aes-crds.yaml | 2 +- manifests/edge-stack/aes-defaultns-agent.yaml | 2 +- manifests/edge-stack/aes-defaultns-migration.yaml | 2 +- manifests/edge-stack/aes-defaultns.yaml | 4 ++-- manifests/edge-stack/aes-emissaryns-agent.yaml | 2 +- manifests/edge-stack/aes-emissaryns-migration.yaml | 2 +- manifests/edge-stack/aes-emissaryns.yaml | 4 ++-- manifests/edge-stack/aes.yaml | 4 ++-- 15 files changed, 24 insertions(+), 24 deletions(-) diff --git a/VERSION b/VERSION index 355aae9..b1b25a5 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.2-rc.0 +2.2.2 diff --git a/charts/edge-stack/Chart.lock b/charts/edge-stack/Chart.lock index 5f919f2..8b08658 100644 --- a/charts/edge-stack/Chart.lock +++ b/charts/edge-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: emissary-ingress - repository: https://s3.amazonaws.com/datawire-static-files/charts-dev - version: 7.3.2-rc.0 -digest: sha256:3f535bd0c27e3a88bfcc4f1b541b9e030d4df36394cd0f104399c785e148d14c -generated: "2022-02-24T11:16:21.62833898-08:00" + repository: https://s3.amazonaws.com/datawire-static-files/charts + version: 7.3.2 +digest: sha256:bd7cedbf03bcc3f255a08a818e9a34e0b2715e0f61c8645ac1c80ecf0ac3ef3e +generated: "2022-02-25T13:00:54.216180784-08:00" diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml index 5bf7748..204509f 100644 --- a/charts/edge-stack/Chart.yaml +++ b/charts/edge-stack/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.2.2 description: A Helm chart for Ambassador Edge Stack name: edge-stack -version: 7.3.2-rc.0 +version: 7.3.2 # TODO: change these to whatever the appropriate things are icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ @@ -27,5 +27,5 @@ maintainers: engine: gotpl dependencies: - name: emissary-ingress - version: 7.3.2-rc.0 - repository: https://s3.amazonaws.com/datawire-static-files/charts-dev + version: 7.3.2 + repository: https://s3.amazonaws.com/datawire-static-files/charts diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml index 32cba27..fb6b33b 100644 --- a/charts/edge-stack/values.yaml +++ b/charts/edge-stack/values.yaml @@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break image: repository: docker.io/datawire/aes - tag: 2.2.2-rc.0 + tag: 2.2.2 pullPolicy: IfNotPresent rbac: diff --git a/manifests/edge-stack/aes-ambassadorns-agent.yaml b/manifests/edge-stack/aes-ambassadorns-agent.yaml index 648aa20..0f99029 100644 --- a/manifests/edge-stack/aes-ambassadorns-agent.yaml +++ b/manifests/edge-stack/aes-ambassadorns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-ambassadorns-migration.yaml b/manifests/edge-stack/aes-ambassadorns-migration.yaml index 12b885d..b59c76c 100644 --- a/manifests/edge-stack/aes-ambassadorns-migration.yaml +++ b/manifests/edge-stack/aes-ambassadorns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-ambassadorns.yaml b/manifests/edge-stack/aes-ambassadorns.yaml index 84628c3..570c758 100644 --- a/manifests/edge-stack/aes-ambassadorns.yaml +++ b/manifests/edge-stack/aes-ambassadorns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-crds.yaml b/manifests/edge-stack/aes-crds.yaml index b4bf5af..31ccf88 100644 --- a/manifests/edge-stack/aes-crds.yaml +++ b/manifests/edge-stack/aes-crds.yaml @@ -5553,7 +5553,7 @@ spec: serviceAccountName: emissary-apiext containers: - name: emissary-apiext - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [ "apiext", "emissary-apiext" ] ports: diff --git a/manifests/edge-stack/aes-defaultns-agent.yaml b/manifests/edge-stack/aes-defaultns-agent.yaml index 703d39b..0e618ad 100644 --- a/manifests/edge-stack/aes-defaultns-agent.yaml +++ b/manifests/edge-stack/aes-defaultns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-defaultns-migration.yaml b/manifests/edge-stack/aes-defaultns-migration.yaml index 9903e45..ceb3a2d 100644 --- a/manifests/edge-stack/aes-defaultns-migration.yaml +++ b/manifests/edge-stack/aes-defaultns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-defaultns.yaml b/manifests/edge-stack/aes-defaultns.yaml index 22676ca..3501103 100644 --- a/manifests/edge-stack/aes-defaultns.yaml +++ b/manifests/edge-stack/aes-defaultns.yaml @@ -510,7 +510,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -585,7 +585,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns-agent.yaml b/manifests/edge-stack/aes-emissaryns-agent.yaml index c3531d4..b3087d6 100644 --- a/manifests/edge-stack/aes-emissaryns-agent.yaml +++ b/manifests/edge-stack/aes-emissaryns-agent.yaml @@ -273,7 +273,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] ports: diff --git a/manifests/edge-stack/aes-emissaryns-migration.yaml b/manifests/edge-stack/aes-emissaryns-migration.yaml index 9261635..345aa34 100644 --- a/manifests/edge-stack/aes-emissaryns-migration.yaml +++ b/manifests/edge-stack/aes-emissaryns-migration.yaml @@ -140,7 +140,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes-emissaryns.yaml b/manifests/edge-stack/aes-emissaryns.yaml index 5243555..104695b 100644 --- a/manifests/edge-stack/aes-emissaryns.yaml +++ b/manifests/edge-stack/aes-emissaryns.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml index 84628c3..570c758 100644 --- a/manifests/edge-stack/aes.yaml +++ b/manifests/edge-stack/aes.yaml @@ -518,7 +518,7 @@ spec: serviceAccountName: edge-stack-agent containers: - name: agent - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent command: [agent] ports: @@ -593,7 +593,7 @@ spec: containers: - name: aes - image: docker.io/datawire/aes:2.2.2-rc.0 + image: docker.io/datawire/aes:2.2.2 imagePullPolicy: IfNotPresent ports: - name: http