1apiVersion: v1
2kind: Namespace
3metadata:
4 name: emissary
5 labels:
6 platform.edge.ncr.com/component: emissary
7 annotations:
8 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
9 pallet.edge.ncr.com/name: store-emissary
10 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
11 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
12 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
13 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
14---
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 name: authservices.getambassador.io
19 labels:
20 app.kubernetes.io/name: ambassador
21 product: aes
22 platform.edge.ncr.com/component: emissary
23 annotations:
24 controller-gen.kubebuilder.io/version: v0.5.0
25 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
26 pallet.edge.ncr.com/name: store-emissary
27 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
28 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
29 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
30 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
31spec:
32 group: getambassador.io
33 names:
34 kind: AuthService
35 categories:
36 - ambassador-crds
37 listKind: AuthServiceList
38 plural: authservices
39 singular: authservice
40 scope: Namespaced
41 versions:
42 - name: v3alpha1
43 schema:
44 openAPIV3Schema:
45 type: object
46 description: AuthService is the Schema for the authservices API
47 properties:
48 apiVersion:
49 type: string
50 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
51 kind:
52 type: string
53 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
54 metadata:
55 type: object
56 spec:
57 type: object
58 description: AuthServiceSpec defines the desired state of AuthService
59 properties:
60 add_auth_headers:
61 type: object
62 additionalProperties:
63 type: string
64 add_linkerd_headers:
65 type: boolean
66 allow_request_body:
67 type: boolean
68 allowed_authorization_headers:
69 type: array
70 items:
71 type: string
72 allowed_request_headers:
73 type: array
74 items:
75 type: string
76 ambassador_id:
77 type: array
78 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
79 items:
80 type: string
81 auth_service:
82 type: string
83 failure_mode_allow:
84 type: boolean
85 include_body:
86 type: object
87 properties:
88 allow_partial:
89 type: boolean
90 max_bytes:
91 type: integer
92 description: These aren't pointer types because they are required.
93 required:
94 - allow_partial
95 - max_bytes
96 path_prefix:
97 type: string
98 proto:
99 type: string
100 enum:
101 - http
102 - grpc
103 protocol_version:
104 type: string
105 enum:
106 - v2
107 - v3
108 stats_name:
109 type: string
110 status_on_error:
111 type: object
112 description: Why isn't this just an int??
113 properties:
114 code:
115 type: integer
116 timeout_ms:
117 type: integer
118 tls:
119 type: string
120 required:
121 - auth_service
122 served: true
123 storage: true
124---
125apiVersion: apiextensions.k8s.io/v1
126kind: CustomResourceDefinition
127metadata:
128 name: consulresolvers.getambassador.io
129 labels:
130 app.kubernetes.io/name: ambassador
131 product: aes
132 platform.edge.ncr.com/component: emissary
133 annotations:
134 controller-gen.kubebuilder.io/version: v0.5.0
135 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
136 pallet.edge.ncr.com/name: store-emissary
137 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
138 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
139 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
140 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
141spec:
142 group: getambassador.io
143 names:
144 kind: ConsulResolver
145 categories:
146 - ambassador-crds
147 listKind: ConsulResolverList
148 plural: consulresolvers
149 singular: consulresolver
150 scope: Namespaced
151 versions:
152 - name: v3alpha1
153 schema:
154 openAPIV3Schema:
155 type: object
156 description: ConsulResolver is the Schema for the ConsulResolver API
157 properties:
158 apiVersion:
159 type: string
160 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
161 kind:
162 type: string
163 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
164 metadata:
165 type: object
166 spec:
167 type: object
168 description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use.
169 properties:
170 address:
171 type: string
172 ambassador_id:
173 type: array
174 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
175 items:
176 type: string
177 datacenter:
178 type: string
179 served: true
180 storage: true
181---
182apiVersion: apiextensions.k8s.io/v1
183kind: CustomResourceDefinition
184metadata:
185 name: devportals.getambassador.io
186 labels:
187 app.kubernetes.io/name: ambassador
188 product: aes
189 platform.edge.ncr.com/component: emissary
190 annotations:
191 controller-gen.kubebuilder.io/version: v0.5.0
192 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
193 pallet.edge.ncr.com/name: store-emissary
194 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
195 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
196 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
197 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
198spec:
199 group: getambassador.io
200 names:
201 kind: DevPortal
202 categories:
203 - ambassador-crds
204 listKind: DevPortalList
205 plural: devportals
206 singular: devportal
207 scope: Namespaced
208 versions:
209 - name: v3alpha1
210 schema:
211 openAPIV3Schema:
212 type: object
213 description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)."
214 properties:
215 apiVersion:
216 type: string
217 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
218 kind:
219 type: string
220 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
221 metadata:
222 type: object
223 spec:
224 type: object
225 description: DevPortalSpec defines the desired state of DevPortal
226 properties:
227 selector:
228 type: object
229 description: Selector is used for choosing what is shown in the DevPortal
230 properties:
231 matchLabels:
232 type: object
233 additionalProperties:
234 type: string
235 description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal.
236 matchNamespaces:
237 type: array
238 description: MatchNamespaces is a list of namespaces that will be included in this DevPortal.
239 items:
240 type: string
241 ambassador_id:
242 type: array
243 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
244 items:
245 type: string
246 content:
247 type: object
248 description: Content specifies where the content shown in the DevPortal come from
249 properties:
250 branch:
251 type: string
252 dir:
253 type: string
254 url:
255 type: string
256 default:
257 type: boolean
258 description: Default must be true when this is the default DevPortal
259 docs:
260 type: array
261 description: Docs is a static docs definition
262 items:
263 type: object
264 description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of <service>:<URL> tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.'
265 properties:
266 service:
267 type: string
268 description: Service is the service being documented
269 timeout_ms:
270 type: integer
271 description: Timeout specifies the amount of time devportal will wait for the downstream service to report an openapi spec back
272 url:
273 type: string
274 description: URL is the URL used for obtaining docs
275 naming_scheme:
276 type: string
277 description: Describes how to display "services" in the DevPortal. Default namespace.name
278 enum:
279 - namespace.name
280 - name.prefix
281 preserve_servers:
282 type: boolean
283 description: Configures this DevPortal to use server definitions from the openAPI doc instead of rewriting them based on the url used for the connection.
284 search:
285 type: object
286 description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal
287 properties:
288 type:
289 type: string
290 description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint'
291 enum:
292 - title-only
293 - all-content
294 enabled:
295 type: boolean
296 served: true
297 storage: true
298---
299apiVersion: apiextensions.k8s.io/v1
300kind: CustomResourceDefinition
301metadata:
302 name: hosts.getambassador.io
303 labels:
304 app.kubernetes.io/name: ambassador
305 product: aes
306 platform.edge.ncr.com/component: emissary
307 annotations:
308 controller-gen.kubebuilder.io/version: v0.5.0
309 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
310 pallet.edge.ncr.com/name: store-emissary
311 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
312 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
313 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
314 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
315spec:
316 group: getambassador.io
317 names:
318 kind: Host
319 categories:
320 - ambassador-crds
321 listKind: HostList
322 plural: hosts
323 singular: host
324 scope: Namespaced
325 versions:
326 - name: v3alpha1
327 additionalPrinterColumns:
328 - name: Hostname
329 type: string
330 jsonPath: .spec.hostname
331 - name: State
332 type: string
333 jsonPath: .status.state
334 - name: Phase Completed
335 type: string
336 jsonPath: .status.phaseCompleted
337 - name: Phase Pending
338 type: string
339 jsonPath: .status.phasePending
340 - name: Age
341 type: date
342 jsonPath: .metadata.creationTimestamp
343 schema:
344 openAPIV3Schema:
345 type: object
346 description: Host is the Schema for the hosts API
347 properties:
348 apiVersion:
349 type: string
350 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
351 kind:
352 type: string
353 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
354 metadata:
355 type: object
356 spec:
357 type: object
358 description: HostSpec defines the desired state of Host
359 properties:
360 selector:
361 type: object
362 description: 'DEPRECATED: Selector by which we can find further configuration. Use MappingSelector instead.'
363 properties:
364 matchExpressions:
365 type: array
366 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
367 items:
368 type: object
369 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
370 properties:
371 key:
372 type: string
373 description: key is the label key that the selector applies to.
374 operator:
375 type: string
376 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
377 values:
378 type: array
379 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
380 items:
381 type: string
382 required:
383 - key
384 - operator
385 matchLabels:
386 type: object
387 additionalProperties:
388 type: string
389 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
390 hostname:
391 type: string
392 description: Hostname by which the Ambassador can be reached.
393 acmeProvider:
394 type: object
395 description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret.
396 properties:
397 authority:
398 type: string
399 description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host.
400 email:
401 type: string
402 privateKeySecret:
403 type: object
404 description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
405 properties:
406 name:
407 type: string
408 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
409 registration:
410 type: string
411 description: This is normally set automatically
412 ambassadorId:
413 type: array
414 description: A compatibility alias for "ambassador_id"; because Host used to be specified with protobuf, and jsonpb allowed either "ambassador_id" or "ambassadorId", and even though we didn't tell people about "ambassadorId" it's what the web policy console generated because of jsonpb. So Hosts with 'ambassadorId' exist in the wild.
415 items:
416 type: string
417 ambassador_id:
418 type: array
419 description: Common to all Ambassador objects (and optional).
420 items:
421 type: string
422 mapping_selector:
423 type: object
424 description: Selector for Mappings we'll associate with this Host.
425 properties:
426 matchExpressions:
427 type: array
428 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
429 items:
430 type: object
431 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
432 properties:
433 key:
434 type: string
435 description: key is the label key that the selector applies to.
436 operator:
437 type: string
438 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
439 values:
440 type: array
441 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
442 items:
443 type: string
444 required:
445 - key
446 - operator
447 matchLabels:
448 type: object
449 additionalProperties:
450 type: string
451 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
452 previewUrl:
453 type: object
454 description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled.
455 properties:
456 type:
457 type: string
458 description: What type of Preview URL is allowed?
459 enum:
460 - Path
461 enabled:
462 type: boolean
463 description: Is the Preview URL feature enabled?
464 requestPolicy:
465 type: object
466 description: Request policy definition.
467 properties:
468 insecure:
469 type: object
470 properties:
471 action:
472 type: string
473 enum:
474 - Redirect
475 - Reject
476 - Route
477 additionalPort:
478 type: integer
479 tls:
480 type: object
481 description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`.
482 properties:
483 alpn_protocols:
484 type: string
485 ca_secret:
486 type: string
487 cacert_chain_file:
488 type: string
489 cert_chain_file:
490 type: string
491 cert_required:
492 type: boolean
493 cipher_suites:
494 type: array
495 items:
496 type: string
497 ecdh_curves:
498 type: array
499 items:
500 type: string
501 max_tls_version:
502 type: string
503 min_tls_version:
504 type: string
505 private_key_file:
506 type: string
507 redirect_cleartext_from:
508 type: integer
509 sni:
510 type: string
511 tlsContext:
512 type: object
513 description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
514 properties:
515 name:
516 type: string
517 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
518 tlsSecret:
519 type: object
520 description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation."
521 properties:
522 name:
523 type: string
524 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
525 status:
526 type: object
527 description: HostStatus defines the observed state of Host
528 properties:
529 errorBackoff:
530 type: string
531 errorReason:
532 type: string
533 description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error.
534 errorTimestamp:
535 type: string
536 format: date-time
537 phaseCompleted:
538 type: string
539 description: phaseCompleted and phasePending are valid when state==Pending or state==Error.
540 enum:
541 - NA
542 - DefaultsFilled
543 - ACMEUserPrivateKeyCreated
544 - ACMEUserRegistered
545 - ACMECertificateChallenge
546 phasePending:
547 type: string
548 description: phaseCompleted and phasePending are valid when state==Pending or state==Error.
549 enum:
550 - NA
551 - DefaultsFilled
552 - ACMEUserPrivateKeyCreated
553 - ACMEUserRegistered
554 - ACMECertificateChallenge
555 state:
556 type: string
557 description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty.
558 enum:
559 - Initial
560 - Pending
561 - Ready
562 - Error
563 tlsCertificateSource:
564 type: string
565 enum:
566 - Unknown
567 - None
568 - Other
569 - ACME
570 served: true
571 storage: true
572 subresources:
573 status: {}
574---
575apiVersion: apiextensions.k8s.io/v1
576kind: CustomResourceDefinition
577metadata:
578 name: kubernetesendpointresolvers.getambassador.io
579 labels:
580 app.kubernetes.io/name: ambassador
581 product: aes
582 platform.edge.ncr.com/component: emissary
583 annotations:
584 controller-gen.kubebuilder.io/version: v0.5.0
585 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
586 pallet.edge.ncr.com/name: store-emissary
587 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
588 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
589 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
590 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
591spec:
592 group: getambassador.io
593 names:
594 kind: KubernetesEndpointResolver
595 categories:
596 - ambassador-crds
597 listKind: KubernetesEndpointResolverList
598 plural: kubernetesendpointresolvers
599 singular: kubernetesendpointresolver
600 scope: Namespaced
601 versions:
602 - name: v3alpha1
603 schema:
604 openAPIV3Schema:
605 type: object
606 description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API
607 properties:
608 apiVersion:
609 type: string
610 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
611 kind:
612 type: string
613 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
614 metadata:
615 type: object
616 spec:
617 type: object
618 description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID.
619 properties:
620 ambassador_id:
621 type: array
622 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
623 items:
624 type: string
625 served: true
626 storage: true
627---
628apiVersion: apiextensions.k8s.io/v1
629kind: CustomResourceDefinition
630metadata:
631 name: kubernetesserviceresolvers.getambassador.io
632 labels:
633 app.kubernetes.io/name: ambassador
634 product: aes
635 platform.edge.ncr.com/component: emissary
636 annotations:
637 controller-gen.kubebuilder.io/version: v0.5.0
638 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
639 pallet.edge.ncr.com/name: store-emissary
640 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
641 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
642 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
643 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
644spec:
645 group: getambassador.io
646 names:
647 kind: KubernetesServiceResolver
648 categories:
649 - ambassador-crds
650 listKind: KubernetesServiceResolverList
651 plural: kubernetesserviceresolvers
652 singular: kubernetesserviceresolver
653 scope: Namespaced
654 versions:
655 - name: v3alpha1
656 schema:
657 openAPIV3Schema:
658 type: object
659 description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API
660 properties:
661 apiVersion:
662 type: string
663 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
664 kind:
665 type: string
666 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
667 metadata:
668 type: object
669 spec:
670 type: object
671 description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID.
672 properties:
673 ambassador_id:
674 type: array
675 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
676 items:
677 type: string
678 served: true
679 storage: true
680---
681apiVersion: apiextensions.k8s.io/v1
682kind: CustomResourceDefinition
683metadata:
684 name: listeners.getambassador.io
685 labels:
686 app.kubernetes.io/name: ambassador
687 product: aes
688 platform.edge.ncr.com/component: emissary
689 annotations:
690 controller-gen.kubebuilder.io/version: v0.5.0
691 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
692 pallet.edge.ncr.com/name: store-emissary
693 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
694 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
695 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
696 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
697spec:
698 group: getambassador.io
699 names:
700 kind: Listener
701 categories:
702 - ambassador-crds
703 listKind: ListenerList
704 plural: listeners
705 singular: listener
706 scope: Namespaced
707 versions:
708 - name: v3alpha1
709 additionalPrinterColumns:
710 - name: Port
711 type: string
712 jsonPath: .spec.port
713 - name: Protocol
714 type: string
715 jsonPath: .spec.protocol
716 - name: Stack
717 type: string
718 jsonPath: .spec.protocolStack
719 - name: StatsPrefix
720 type: string
721 jsonPath: .spec.statsPrefix
722 - name: Security
723 type: string
724 jsonPath: .spec.securityModel
725 - name: L7Depth
726 type: string
727 jsonPath: .spec.l7Depth
728 schema:
729 openAPIV3Schema:
730 type: object
731 description: Listener is the Schema for the hosts API
732 properties:
733 apiVersion:
734 type: string
735 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
736 kind:
737 type: string
738 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
739 metadata:
740 type: object
741 spec:
742 type: object
743 description: ListenerSpec defines the desired state of this Port
744 properties:
745 protocol:
746 type: string
747 description: Protocol is a shorthand for certain predefined stacks. Exactly one of Protocol or ProtocolStack must be supplied.
748 enum:
749 - HTTP
750 - HTTPS
751 - HTTPPROXY
752 - HTTPSPROXY
753 - TCP
754 - TLS
755 - UDP
756 port:
757 type: integer
758 description: Port is the network port. Only one Listener can use a given port.
759 format: int32
760 maximum: 65535
761 minimum: 1
762 ambassador_id:
763 type: array
764 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
765 items:
766 type: string
767 hostBinding:
768 type: object
769 description: HostBinding allows restricting which Hosts will be used for this Listener.
770 properties:
771 namespace:
772 type: object
773 description: NamespaceBindingType defines we we specify which namespaces to look for Hosts in.
774 properties:
775 from:
776 type: string
777 description: NamespaceFromType defines how we evaluate a NamespaceBindingType.
778 enum:
779 - SELF
780 - ALL
781 - SELECTOR
782 selector:
783 type: object
784 description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
785 properties:
786 matchExpressions:
787 type: array
788 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
789 items:
790 type: object
791 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
792 properties:
793 key:
794 type: string
795 description: key is the label key that the selector applies to.
796 operator:
797 type: string
798 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
799 values:
800 type: array
801 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
802 items:
803 type: string
804 required:
805 - key
806 - operator
807 matchLabels:
808 type: object
809 additionalProperties:
810 type: string
811 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
812 l7Depth:
813 type: integer
814 description: L7Depth specifies how many layer 7 load balancers are between us and the edge of the network.
815 format: int32
816 protocolStack:
817 type: array
818 description: ProtocolStack explicitly specifies the protocol stack to set up. Exactly one of Protocol or ProtocolStack must be supplied.
819 items:
820 type: string
821 description: ProtocolStackElement defines specific layers that may be combined in a protocol stack for processing connections to a port.
822 enum:
823 - HTTP
824 - PROXY
825 - TLS
826 - TCP
827 - UDP
828 securityModel:
829 type: string
830 description: SecurityModel specifies how to determine whether connections to this port are secure or insecure.
831 enum:
832 - XFP
833 - SECURE
834 - INSECURE
835 statsPrefix:
836 type: string
837 description: 'StatsPrefix specifies the prefix for statistics sent by Envoy about this Listener. The default depends on the protocol: "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".'
838 required:
839 - hostBinding
840 - port
841 - securityModel
842 served: true
843 storage: true
844 subresources: {}
845---
846apiVersion: apiextensions.k8s.io/v1
847kind: CustomResourceDefinition
848metadata:
849 name: logservices.getambassador.io
850 labels:
851 app.kubernetes.io/name: ambassador
852 product: aes
853 platform.edge.ncr.com/component: emissary
854 annotations:
855 controller-gen.kubebuilder.io/version: v0.5.0
856 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
857 pallet.edge.ncr.com/name: store-emissary
858 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
859 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
860 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
861 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
862spec:
863 group: getambassador.io
864 names:
865 kind: LogService
866 categories:
867 - ambassador-crds
868 listKind: LogServiceList
869 plural: logservices
870 singular: logservice
871 scope: Namespaced
872 versions:
873 - name: v3alpha1
874 schema:
875 openAPIV3Schema:
876 type: object
877 description: LogService is the Schema for the logservices API
878 properties:
879 apiVersion:
880 type: string
881 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
882 kind:
883 type: string
884 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
885 metadata:
886 type: object
887 spec:
888 type: object
889 description: LogServiceSpec defines the desired state of LogService
890 properties:
891 service:
892 type: string
893 ambassador_id:
894 type: array
895 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
896 items:
897 type: string
898 driver:
899 type: string
900 enum:
901 - tcp
902 - http
903 driver_config:
904 type: object
905 properties:
906 additional_log_headers:
907 type: array
908 items:
909 type: object
910 properties:
911 during_request:
912 type: boolean
913 during_response:
914 type: boolean
915 during_trailer:
916 type: boolean
917 header_name:
918 type: string
919 flush_interval_byte_size:
920 type: integer
921 flush_interval_time:
922 type: integer
923 grpc:
924 type: boolean
925 stats_name:
926 type: string
927 served: true
928 storage: true
929---
930apiVersion: apiextensions.k8s.io/v1
931kind: CustomResourceDefinition
932metadata:
933 name: mappings.getambassador.io
934 labels:
935 app.kubernetes.io/name: ambassador
936 product: aes
937 platform.edge.ncr.com/component: emissary
938 annotations:
939 controller-gen.kubebuilder.io/version: v0.5.0
940 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
941 pallet.edge.ncr.com/name: store-emissary
942 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
943 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
944 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
945 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
946spec:
947 group: getambassador.io
948 names:
949 kind: Mapping
950 categories:
951 - ambassador-crds
952 listKind: MappingList
953 plural: mappings
954 singular: mapping
955 scope: Namespaced
956 versions:
957 - name: v3alpha1
958 additionalPrinterColumns:
959 - name: Source Host
960 type: string
961 jsonPath: .spec.host
962 - name: Source Prefix
963 type: string
964 jsonPath: .spec.prefix
965 - name: Dest Service
966 type: string
967 jsonPath: .spec.service
968 - name: State
969 type: string
970 jsonPath: .status.state
971 - name: Reason
972 type: string
973 jsonPath: .status.reason
974 schema:
975 openAPIV3Schema:
976 type: object
977 description: Mapping is the Schema for the mappings API
978 properties:
979 apiVersion:
980 type: string
981 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
982 kind:
983 type: string
984 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
985 metadata:
986 type: object
987 spec:
988 type: object
989 description: MappingSpec defines the desired state of Mapping
990 properties:
991 labels:
992 type: object
993 additionalProperties:
994 type: array
995 description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex.
996 items:
997 type: object
998 additionalProperties:
999 type: array
1000 description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.'
1001 items:
1002 type: object
1003 description: "A MappingLabelSpecifier (finally!) defines a single label. \n This mimics envoy/config/route/v3/route_components.proto:RateLimit:Action:action_specifier."
1004 maxProperties: 1
1005 minProperties: 1
1006 properties:
1007 destination_cluster:
1008 type: object
1009 description: Sets the label "destination_cluster=«Envoy destination cluster name»".
1010 properties:
1011 key:
1012 type: string
1013 enum:
1014 - destination_cluster
1015 required:
1016 - key
1017 generic_key:
1018 type: object
1019 description: Sets the label "«key»=«value»" (where by default «key» is "generic_key").
1020 properties:
1021 value:
1022 type: string
1023 key:
1024 type: string
1025 description: The default is "generic_key".
1026 required:
1027 - value
1028 remote_address:
1029 type: object
1030 description: Sets the label "remote_address=«IP address of the client»".
1031 properties:
1032 key:
1033 type: string
1034 enum:
1035 - remote_address
1036 required:
1037 - key
1038 request_headers:
1039 type: object
1040 description: If the «header_name» header is set, then set the label "«key»=«Value of the «header_name» header»"; otherwise skip applying this label group.
1041 properties:
1042 header_name:
1043 type: string
1044 key:
1045 type: string
1046 omit_if_not_present:
1047 type: boolean
1048 required:
1049 - header_name
1050 - key
1051 source_cluster:
1052 type: object
1053 description: Sets the label "source_cluster=«Envoy source cluster name»".
1054 properties:
1055 key:
1056 type: string
1057 enum:
1058 - source_cluster
1059 required:
1060 - key
1061 description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.'
1062 maxProperties: 1
1063 minProperties: 1
1064 description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups.
1065 service:
1066 type: string
1067 hostname:
1068 type: string
1069 description: "Hostname is a DNS glob specifying the hosts to which this Mapping applies. \n Hostname specifies both a match for the ':authority' header of a request, as well as a match criterion for Host CRDs: a Mapping that specifies Hostname will not associate with a Host that doesn't have a matching Hostname. \n If both Host and Hostname are set, an error is logged, Host is ignored, and Hostname is used."
1070 priority:
1071 type: string
1072 prefix:
1073 type: string
1074 add_linkerd_headers:
1075 type: boolean
1076 add_request_headers:
1077 type: object
1078 additionalProperties:
1079 type: object
1080 properties:
1081 value:
1082 type: string
1083 append:
1084 type: boolean
1085 add_response_headers:
1086 type: object
1087 additionalProperties:
1088 type: object
1089 properties:
1090 value:
1091 type: string
1092 append:
1093 type: boolean
1094 allow_upgrade:
1095 type: array
1096 description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1"
1097 items:
1098 type: string
1099 ambassador_id:
1100 type: array
1101 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
1102 items:
1103 type: string
1104 auth_context_extensions:
1105 type: object
1106 additionalProperties:
1107 type: string
1108 auto_host_rewrite:
1109 type: boolean
1110 bypass_auth:
1111 type: boolean
1112 bypass_error_response_overrides:
1113 type: boolean
1114 description: If true, bypasses any `error_response_overrides` set on the Ambassador module.
1115 case_sensitive:
1116 type: boolean
1117 circuit_breakers:
1118 type: array
1119 items:
1120 type: object
1121 properties:
1122 priority:
1123 type: string
1124 enum:
1125 - default
1126 - high
1127 max_connections:
1128 type: integer
1129 max_pending_requests:
1130 type: integer
1131 max_requests:
1132 type: integer
1133 max_retries:
1134 type: integer
1135 cluster_idle_timeout_ms:
1136 type: integer
1137 cluster_max_connection_lifetime_ms:
1138 type: integer
1139 cluster_tag:
1140 type: string
1141 connect_timeout_ms:
1142 type: integer
1143 cors:
1144 type: object
1145 properties:
1146 credentials:
1147 type: boolean
1148 exposed_headers:
1149 type: array
1150 items:
1151 type: string
1152 headers:
1153 type: array
1154 items:
1155 type: string
1156 max_age:
1157 type: string
1158 methods:
1159 type: array
1160 items:
1161 type: string
1162 origins:
1163 type: array
1164 items:
1165 type: string
1166 dns_type:
1167 type: string
1168 docs:
1169 type: object
1170 description: DocsInfo provides some extra information about the docs for the Mapping. Docs is used by both the agent and the DevPortal.
1171 properties:
1172 display_name:
1173 type: string
1174 ignored:
1175 type: boolean
1176 path:
1177 type: string
1178 timeout_ms:
1179 type: integer
1180 url:
1181 type: string
1182 enable_ipv4:
1183 type: boolean
1184 enable_ipv6:
1185 type: boolean
1186 envoy_override:
1187 type: object
1188 description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
1189 x-kubernetes-preserve-unknown-fields: true
1190 error_response_overrides:
1191 type: array
1192 description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any.
1193 items:
1194 type: object
1195 description: A response rewrite for an HTTP error response
1196 properties:
1197 body:
1198 type: object
1199 description: The new response body
1200 properties:
1201 content_type:
1202 type: string
1203 description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'.
1204 json_format:
1205 type: object
1206 additionalProperties:
1207 type: string
1208 description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.'
1209 text_format:
1210 type: string
1211 description: A format string representing a text response body. Content-Type can be set using the `content_type` field below.
1212 text_format_source:
1213 type: object
1214 description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration.
1215 properties:
1216 filename:
1217 type: string
1218 description: The name of a file on the Ambassador pod that contains a format text string.
1219 on_status_code:
1220 type: integer
1221 description: The status code to match on -- not a pointer because it's required.
1222 maximum: 599
1223 minimum: 400
1224 required:
1225 - body
1226 - on_status_code
1227 minItems: 1
1228 grpc:
1229 type: boolean
1230 headers:
1231 type: object
1232 additionalProperties:
1233 type: string
1234 host:
1235 type: string
1236 description: "Exact match for the hostname of a request if HostRegex is false; regex match for the hostname if HostRegex is true. \n Host specifies both a match for the ':authority' header of a request, as well as a match criterion for Host CRDs: a Mapping that specifies Host will not associate with a Host that doesn't have a matching Hostname. \n If both Host and Hostname are set, an error is logged, Host is ignored, and Hostname is used. \n DEPRECATED: Host is either an exact match or a regex, depending on HostRegex. Use HostName instead."
1237 host_redirect:
1238 type: boolean
1239 host_regex:
1240 type: boolean
1241 description: 'DEPRECATED: Host is either an exact match or a regex, depending on HostRegex. Use HostName instead.'
1242 host_rewrite:
1243 type: string
1244 idle_timeout_ms:
1245 type: integer
1246 keepalive:
1247 type: object
1248 properties:
1249 idle_time:
1250 type: integer
1251 interval:
1252 type: integer
1253 probes:
1254 type: integer
1255 load_balancer:
1256 type: object
1257 properties:
1258 cookie:
1259 type: object
1260 properties:
1261 name:
1262 type: string
1263 path:
1264 type: string
1265 ttl:
1266 type: string
1267 required:
1268 - name
1269 header:
1270 type: string
1271 policy:
1272 type: string
1273 enum:
1274 - round_robin
1275 - ring_hash
1276 - maglev
1277 - least_request
1278 source_ip:
1279 type: boolean
1280 required:
1281 - policy
1282 method:
1283 type: string
1284 method_regex:
1285 type: boolean
1286 modules:
1287 type: array
1288 items:
1289 type: object
1290 description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
1291 x-kubernetes-preserve-unknown-fields: true
1292 outlier_detection:
1293 type: string
1294 path_redirect:
1295 type: string
1296 description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`.
1297 precedence:
1298 type: integer
1299 prefix_exact:
1300 type: boolean
1301 prefix_redirect:
1302 type: string
1303 description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`.
1304 prefix_regex:
1305 type: boolean
1306 query_parameters:
1307 type: object
1308 additionalProperties:
1309 type: string
1310 redirect_response_code:
1311 type: integer
1312 description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`.
1313 enum:
1314 - 301
1315 - 302
1316 - 303
1317 - 307
1318 - 308
1319 regex_headers:
1320 type: object
1321 additionalProperties:
1322 type: string
1323 regex_query_parameters:
1324 type: object
1325 additionalProperties:
1326 type: string
1327 regex_redirect:
1328 type: object
1329 description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`.
1330 properties:
1331 pattern:
1332 type: string
1333 substitution:
1334 type: string
1335 regex_rewrite:
1336 type: object
1337 properties:
1338 pattern:
1339 type: string
1340 substitution:
1341 type: string
1342 remove_request_headers:
1343 type: array
1344 items:
1345 type: string
1346 remove_response_headers:
1347 type: array
1348 items:
1349 type: string
1350 resolver:
1351 type: string
1352 respect_dns_ttl:
1353 type: boolean
1354 retry_policy:
1355 type: object
1356 properties:
1357 num_retries:
1358 type: integer
1359 per_try_timeout:
1360 type: string
1361 retry_on:
1362 type: string
1363 enum:
1364 - 5xx
1365 - gateway-error
1366 - connect-failure
1367 - retriable-4xx
1368 - refused-stream
1369 - retriable-status-codes
1370 rewrite:
1371 type: string
1372 shadow:
1373 type: boolean
1374 stats_name:
1375 type: string
1376 timeout_ms:
1377 type: integer
1378 description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists.
1379 tls:
1380 type: string
1381 use_websocket:
1382 type: boolean
1383 description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`'
1384 weight:
1385 type: integer
1386 required:
1387 - prefix
1388 - service
1389 status:
1390 type: object
1391 description: MappingStatus defines the observed state of Mapping
1392 properties:
1393 reason:
1394 type: string
1395 state:
1396 type: string
1397 enum:
1398 - ""
1399 - Inactive
1400 - Running
1401 served: true
1402 storage: true
1403 subresources:
1404 status: {}
1405---
1406apiVersion: apiextensions.k8s.io/v1
1407kind: CustomResourceDefinition
1408metadata:
1409 name: modules.getambassador.io
1410 labels:
1411 app.kubernetes.io/name: ambassador
1412 product: aes
1413 platform.edge.ncr.com/component: emissary
1414 annotations:
1415 controller-gen.kubebuilder.io/version: v0.5.0
1416 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1417 pallet.edge.ncr.com/name: store-emissary
1418 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1419 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1420 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1421 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1422spec:
1423 group: getambassador.io
1424 names:
1425 kind: Module
1426 categories:
1427 - ambassador-crds
1428 listKind: ModuleList
1429 plural: modules
1430 singular: module
1431 scope: Namespaced
1432 versions:
1433 - name: v3alpha1
1434 schema:
1435 openAPIV3Schema:
1436 type: object
1437 description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
1438 properties:
1439 apiVersion:
1440 type: string
1441 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1442 kind:
1443 type: string
1444 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1445 metadata:
1446 type: object
1447 spec:
1448 type: object
1449 properties:
1450 ambassador_id:
1451 type: array
1452 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
1453 items:
1454 type: string
1455 config:
1456 type: object
1457 description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way.
1458 x-kubernetes-preserve-unknown-fields: true
1459 required:
1460 - config
1461 served: true
1462 storage: true
1463---
1464apiVersion: apiextensions.k8s.io/v1
1465kind: CustomResourceDefinition
1466metadata:
1467 name: ratelimitservices.getambassador.io
1468 labels:
1469 app.kubernetes.io/name: ambassador
1470 product: aes
1471 platform.edge.ncr.com/component: emissary
1472 annotations:
1473 controller-gen.kubebuilder.io/version: v0.5.0
1474 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1475 pallet.edge.ncr.com/name: store-emissary
1476 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1477 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1478 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1479 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1480spec:
1481 group: getambassador.io
1482 names:
1483 kind: RateLimitService
1484 categories:
1485 - ambassador-crds
1486 listKind: RateLimitServiceList
1487 plural: ratelimitservices
1488 singular: ratelimitservice
1489 scope: Namespaced
1490 versions:
1491 - name: v3alpha1
1492 schema:
1493 openAPIV3Schema:
1494 type: object
1495 description: RateLimitService is the Schema for the ratelimitservices API
1496 properties:
1497 apiVersion:
1498 type: string
1499 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1500 kind:
1501 type: string
1502 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1503 metadata:
1504 type: object
1505 spec:
1506 type: object
1507 description: RateLimitServiceSpec defines the desired state of RateLimitService
1508 properties:
1509 service:
1510 type: string
1511 ambassador_id:
1512 type: array
1513 description: Common to all Ambassador objects.
1514 items:
1515 type: string
1516 domain:
1517 type: string
1518 protocol_version:
1519 type: string
1520 enum:
1521 - v2
1522 - v3
1523 stats_name:
1524 type: string
1525 timeout_ms:
1526 type: integer
1527 tls:
1528 type: string
1529 required:
1530 - service
1531 served: true
1532 storage: true
1533---
1534apiVersion: apiextensions.k8s.io/v1
1535kind: CustomResourceDefinition
1536metadata:
1537 name: tcpmappings.getambassador.io
1538 labels:
1539 app.kubernetes.io/name: ambassador
1540 product: aes
1541 platform.edge.ncr.com/component: emissary
1542 annotations:
1543 controller-gen.kubebuilder.io/version: v0.5.0
1544 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1545 pallet.edge.ncr.com/name: store-emissary
1546 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1547 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1548 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1549 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1550spec:
1551 group: getambassador.io
1552 names:
1553 kind: TCPMapping
1554 categories:
1555 - ambassador-crds
1556 listKind: TCPMappingList
1557 plural: tcpmappings
1558 singular: tcpmapping
1559 scope: Namespaced
1560 versions:
1561 - name: v3alpha1
1562 schema:
1563 openAPIV3Schema:
1564 type: object
1565 description: TCPMapping is the Schema for the tcpmappings API
1566 properties:
1567 apiVersion:
1568 type: string
1569 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1570 kind:
1571 type: string
1572 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1573 metadata:
1574 type: object
1575 spec:
1576 type: object
1577 description: TCPMappingSpec defines the desired state of TCPMapping
1578 properties:
1579 service:
1580 type: string
1581 port:
1582 type: integer
1583 description: Port isn't a pointer because it's required.
1584 address:
1585 type: string
1586 ambassador_id:
1587 type: array
1588 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
1589 items:
1590 type: string
1591 circuit_breakers:
1592 type: array
1593 items:
1594 type: object
1595 properties:
1596 priority:
1597 type: string
1598 enum:
1599 - default
1600 - high
1601 max_connections:
1602 type: integer
1603 max_pending_requests:
1604 type: integer
1605 max_requests:
1606 type: integer
1607 max_retries:
1608 type: integer
1609 cluster_tag:
1610 type: string
1611 enable_ipv4:
1612 type: boolean
1613 enable_ipv6:
1614 type: boolean
1615 host:
1616 type: string
1617 idle_timeout_ms:
1618 type: string
1619 description: 'FIXME(lukeshu): Surely this should be an ''int''?'
1620 resolver:
1621 type: string
1622 stats_name:
1623 type: string
1624 tls:
1625 type: string
1626 weight:
1627 type: integer
1628 required:
1629 - port
1630 - service
1631 served: true
1632 storage: true
1633---
1634apiVersion: apiextensions.k8s.io/v1
1635kind: CustomResourceDefinition
1636metadata:
1637 name: tlscontexts.getambassador.io
1638 labels:
1639 app.kubernetes.io/name: ambassador
1640 product: aes
1641 platform.edge.ncr.com/component: emissary
1642 annotations:
1643 controller-gen.kubebuilder.io/version: v0.5.0
1644 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1645 pallet.edge.ncr.com/name: store-emissary
1646 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1647 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1648 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1649 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1650spec:
1651 group: getambassador.io
1652 names:
1653 kind: TLSContext
1654 categories:
1655 - ambassador-crds
1656 listKind: TLSContextList
1657 plural: tlscontexts
1658 singular: tlscontext
1659 scope: Namespaced
1660 versions:
1661 - name: v3alpha1
1662 schema:
1663 openAPIV3Schema:
1664 type: object
1665 description: TLSContext is the Schema for the tlscontexts API
1666 properties:
1667 apiVersion:
1668 type: string
1669 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1670 kind:
1671 type: string
1672 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1673 metadata:
1674 type: object
1675 spec:
1676 type: object
1677 description: TLSContextSpec defines the desired state of TLSContext
1678 properties:
1679 alpn_protocols:
1680 type: string
1681 ambassador_id:
1682 type: array
1683 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
1684 items:
1685 type: string
1686 ca_secret:
1687 type: string
1688 cacert_chain_file:
1689 type: string
1690 cert_chain_file:
1691 type: string
1692 cert_required:
1693 type: boolean
1694 cipher_suites:
1695 type: array
1696 items:
1697 type: string
1698 ecdh_curves:
1699 type: array
1700 items:
1701 type: string
1702 hosts:
1703 type: array
1704 items:
1705 type: string
1706 max_tls_version:
1707 type: string
1708 enum:
1709 - v1.0
1710 - v1.1
1711 - v1.2
1712 - v1.3
1713 min_tls_version:
1714 type: string
1715 enum:
1716 - v1.0
1717 - v1.1
1718 - v1.2
1719 - v1.3
1720 private_key_file:
1721 type: string
1722 redirect_cleartext_from:
1723 type: integer
1724 secret:
1725 type: string
1726 secret_namespacing:
1727 type: boolean
1728 sni:
1729 type: string
1730 served: true
1731 storage: true
1732---
1733apiVersion: apiextensions.k8s.io/v1
1734kind: CustomResourceDefinition
1735metadata:
1736 name: tracingservices.getambassador.io
1737 labels:
1738 app.kubernetes.io/name: ambassador
1739 product: aes
1740 platform.edge.ncr.com/component: emissary
1741 annotations:
1742 controller-gen.kubebuilder.io/version: v0.5.0
1743 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1744 pallet.edge.ncr.com/name: store-emissary
1745 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1746 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1747 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1748 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1749spec:
1750 group: getambassador.io
1751 names:
1752 kind: TracingService
1753 categories:
1754 - ambassador-crds
1755 listKind: TracingServiceList
1756 plural: tracingservices
1757 singular: tracingservice
1758 scope: Namespaced
1759 versions:
1760 - name: v3alpha1
1761 schema:
1762 openAPIV3Schema:
1763 type: object
1764 description: TracingService is the Schema for the tracingservices API
1765 properties:
1766 apiVersion:
1767 type: string
1768 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1769 kind:
1770 type: string
1771 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1772 metadata:
1773 type: object
1774 spec:
1775 type: object
1776 description: TracingServiceSpec defines the desired state of TracingService
1777 properties:
1778 service:
1779 type: string
1780 ambassador_id:
1781 type: array
1782 description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\""
1783 items:
1784 type: string
1785 config:
1786 type: object
1787 properties:
1788 access_token_file:
1789 type: string
1790 collector_cluster:
1791 type: string
1792 collector_endpoint:
1793 type: string
1794 collector_endpoint_version:
1795 type: string
1796 enum:
1797 - HTTP_JSON_V1
1798 - HTTP_JSON
1799 - HTTP_PROTO
1800 collector_hostname:
1801 type: string
1802 service_name:
1803 type: string
1804 shared_span_context:
1805 type: boolean
1806 trace_id_128bit:
1807 type: boolean
1808 driver:
1809 type: string
1810 enum:
1811 - lightstep
1812 - zipkin
1813 - datadog
1814 sampling:
1815 type: object
1816 properties:
1817 client:
1818 type: integer
1819 overall:
1820 type: integer
1821 random:
1822 type: integer
1823 stats_name:
1824 type: string
1825 tag_headers:
1826 type: array
1827 items:
1828 type: string
1829 required:
1830 - driver
1831 - service
1832 served: true
1833 storage: true
1834---
1835# Source: emissary-ingress/templates/serviceaccount.yaml
1836apiVersion: v1
1837kind: ServiceAccount
1838metadata:
1839 name: emissary-ingress
1840 namespace: emissary
1841 labels:
1842 product: aes
1843 platform.edge.ncr.com/component: emissary
1844 annotations:
1845 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1846 pallet.edge.ncr.com/name: store-emissary
1847 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1848 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1849 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1850 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1851---
1852# Source: emissary-ingress/templates/ambassador-agent.yaml
1853apiVersion: v1
1854kind: ServiceAccount
1855metadata:
1856 name: emissary-ingress-agent
1857 namespace: emissary
1858 labels:
1859 product: aes
1860 platform.edge.ncr.com/component: emissary
1861 annotations:
1862 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1863 pallet.edge.ncr.com/name: store-emissary
1864 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1865 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1866 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1867 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1868---
1869# Source: emissary-ingress/templates/ambassador-agent.yaml
1870apiVersion: rbac.authorization.k8s.io/v1
1871kind: Role
1872metadata:
1873 name: emissary-ingress-agent-config
1874 namespace: emissary
1875 labels:
1876 product: aes
1877 platform.edge.ncr.com/component: emissary
1878 annotations:
1879 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1880 pallet.edge.ncr.com/name: store-emissary
1881 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1882 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1883 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1884 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1885rules:
1886- resources: [configmaps]
1887 apiGroups: ['']
1888 verbs: [get, list, watch]
1889---
1890# Source: emissary-ingress/templates/rbac.yaml
1891apiVersion: rbac.authorization.k8s.io/v1
1892kind: ClusterRole
1893metadata:
1894 name: emissary-ingress
1895 labels:
1896 product: aes
1897 platform.edge.ncr.com/component: emissary
1898 annotations:
1899 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1900 pallet.edge.ncr.com/name: store-emissary
1901 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1902 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1903 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1904 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1905aggregationRule:
1906 clusterRoleSelectors:
1907 - matchLabels:
1908 rbac.getambassador.io/role-group: emissary-ingress
1909rules: []
1910---
1911# Source: emissary-ingress/templates/ambassador-agent.yaml
1912apiVersion: rbac.authorization.k8s.io/v1
1913kind: ClusterRole
1914metadata:
1915 name: emissary-ingress-agent
1916 labels:
1917 product: aes
1918 platform.edge.ncr.com/component: emissary
1919 annotations:
1920 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1921 pallet.edge.ncr.com/name: store-emissary
1922 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1923 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1924 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1925 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1926aggregationRule:
1927 clusterRoleSelectors:
1928 - matchLabels:
1929 rbac.getambassador.io/role-group: emissary-ingress-agent
1930rules: []
1931---
1932# Source: emissary-ingress/templates/ambassador-agent.yaml
1933apiVersion: rbac.authorization.k8s.io/v1
1934kind: ClusterRole
1935metadata:
1936 name: emissary-ingress-agent-applications
1937 labels:
1938 product: aes
1939 rbac.getambassador.io/role-group: emissary-ingress-agent
1940 platform.edge.ncr.com/component: emissary
1941 annotations:
1942 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1943 pallet.edge.ncr.com/name: store-emissary
1944 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1945 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1946 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1947 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1948rules:
1949- resources: [applications]
1950 apiGroups: [argoproj.io]
1951 verbs: [get, list, watch]
1952---
1953# Source: emissary-ingress/templates/ambassador-agent.yaml
1954apiVersion: rbac.authorization.k8s.io/v1
1955kind: ClusterRole
1956metadata:
1957 name: emissary-ingress-agent-configmaps
1958 labels:
1959 product: aes
1960 rbac.getambassador.io/role-group: emissary-ingress-agent
1961 platform.edge.ncr.com/component: emissary
1962 annotations:
1963 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1964 pallet.edge.ncr.com/name: store-emissary
1965 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1966 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1967 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1968 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1969rules:
1970- resources: [configmaps]
1971 apiGroups: ['']
1972 verbs: [get, list, watch]
1973---
1974# Source: emissary-ingress/templates/ambassador-agent.yaml
1975apiVersion: rbac.authorization.k8s.io/v1
1976kind: ClusterRole
1977metadata:
1978 name: emissary-ingress-agent-deployments
1979 labels:
1980 product: aes
1981 rbac.getambassador.io/role-group: emissary-ingress-agent
1982 platform.edge.ncr.com/component: emissary
1983 annotations:
1984 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1985 pallet.edge.ncr.com/name: store-emissary
1986 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1987 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1988 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
1989 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1990rules:
1991- resources: [deployments]
1992 apiGroups: [apps, extensions]
1993 verbs: [get, list, watch]
1994---
1995# Source: emissary-ingress/templates/ambassador-agent.yaml
1996apiVersion: rbac.authorization.k8s.io/v1
1997kind: ClusterRole
1998metadata:
1999 name: emissary-ingress-agent-endpoints
2000 labels:
2001 product: aes
2002 rbac.getambassador.io/role-group: emissary-ingress-agent
2003 platform.edge.ncr.com/component: emissary
2004 annotations:
2005 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2006 pallet.edge.ncr.com/name: store-emissary
2007 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2008 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2009 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2010 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2011rules:
2012- resources: [endpoints]
2013 apiGroups: ['']
2014 verbs: [get, list, watch]
2015---
2016# Source: emissary-ingress/templates/ambassador-agent.yaml
2017apiVersion: rbac.authorization.k8s.io/v1
2018kind: ClusterRole
2019metadata:
2020 name: emissary-ingress-agent-pods
2021 labels:
2022 product: aes
2023 rbac.getambassador.io/role-group: emissary-ingress-agent
2024 platform.edge.ncr.com/component: emissary
2025 annotations:
2026 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2027 pallet.edge.ncr.com/name: store-emissary
2028 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2029 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2030 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2031 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2032rules:
2033- resources: [pods]
2034 apiGroups: ['']
2035 verbs: [get, list, watch]
2036---
2037# Source: emissary-ingress/templates/ambassador-agent.yaml
2038apiVersion: rbac.authorization.k8s.io/v1
2039kind: ClusterRole
2040metadata:
2041 name: emissary-ingress-agent-rollouts
2042 labels:
2043 product: aes
2044 rbac.getambassador.io/role-group: emissary-ingress-agent
2045 platform.edge.ncr.com/component: emissary
2046 annotations:
2047 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2048 pallet.edge.ncr.com/name: store-emissary
2049 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2050 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2051 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2052 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2053rules:
2054- resources: [rollouts]
2055 apiGroups: [argoproj.io]
2056 verbs: [get, list, watch]
2057---
2058# Source: emissary-ingress/templates/rbac.yaml
2059# CRDs are cluster scoped resources, so they need to be in a cluster role,
2060# even if ambassador is running in single namespace mode
2061apiVersion: rbac.authorization.k8s.io/v1
2062kind: ClusterRole
2063metadata:
2064 name: emissary-ingress-crd
2065 labels:
2066 product: aes
2067 rbac.getambassador.io/role-group: emissary-ingress
2068 platform.edge.ncr.com/component: emissary
2069 annotations:
2070 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2071 pallet.edge.ncr.com/name: store-emissary
2072 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2073 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2074 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2075 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2076rules:
2077- resources: [customresourcedefinitions]
2078 apiGroups: [apiextensions.k8s.io]
2079 verbs: [get, list, watch, delete]
2080---
2081# Source: emissary-ingress/templates/rbac.yaml
2082apiVersion: rbac.authorization.k8s.io/v1
2083kind: ClusterRole
2084metadata:
2085 name: emissary-ingress-watch
2086 labels:
2087 product: aes
2088 rbac.getambassador.io/role-group: emissary-ingress
2089 platform.edge.ncr.com/component: emissary
2090 annotations:
2091 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2092 pallet.edge.ncr.com/name: store-emissary
2093 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2094 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2095 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2096 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2097rules:
2098- resources:
2099 - namespaces
2100 - services
2101 - secrets
2102 - endpoints
2103 apiGroups: ['']
2104 verbs: [get, list, watch]
2105- resources: ['*']
2106 apiGroups: [getambassador.io]
2107 verbs: [get, list, watch, update, patch, create, delete]
2108- resources: [mappings/status]
2109 apiGroups: [getambassador.io]
2110 verbs: [update]
2111- resources: [clusteringresses, ingresses]
2112 apiGroups: [networking.internal.knative.dev]
2113 verbs: [get, list, watch]
2114- resources: ['*']
2115 apiGroups: [networking.x-k8s.io]
2116 verbs: [get, list, watch]
2117- resources: [ingresses/status, clusteringresses/status]
2118 apiGroups: [networking.internal.knative.dev]
2119 verbs: [update]
2120- resources: [ingresses, ingressclasses]
2121 apiGroups: [extensions, networking.k8s.io]
2122 verbs: [get, list, watch]
2123- resources: [ingresses/status]
2124 apiGroups: [extensions, networking.k8s.io]
2125 verbs: [update]
2126---
2127# Source: emissary-ingress/templates/ambassador-agent.yaml
2128apiVersion: rbac.authorization.k8s.io/v1
2129kind: RoleBinding
2130metadata:
2131 name: emissary-ingress-agent-config
2132 namespace: emissary
2133 labels:
2134 product: aes
2135 platform.edge.ncr.com/component: emissary
2136 annotations:
2137 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2138 pallet.edge.ncr.com/name: store-emissary
2139 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2140 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2141 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2142 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2143roleRef:
2144 name: emissary-ingress-agent-config
2145 kind: Role
2146 apiGroup: rbac.authorization.k8s.io
2147subjects:
2148- name: emissary-ingress-agent
2149 namespace: emissary
2150 kind: ServiceAccount
2151---
2152# Source: emissary-ingress/templates/rbac.yaml
2153apiVersion: rbac.authorization.k8s.io/v1
2154kind: ClusterRoleBinding
2155metadata:
2156 name: emissary-ingress
2157 labels:
2158 product: aes
2159 platform.edge.ncr.com/component: emissary
2160 annotations:
2161 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2162 pallet.edge.ncr.com/name: store-emissary
2163 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2164 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2165 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2166 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2167roleRef:
2168 name: emissary-ingress
2169 kind: ClusterRole
2170 apiGroup: rbac.authorization.k8s.io
2171subjects:
2172- name: emissary-ingress
2173 namespace: emissary
2174 kind: ServiceAccount
2175---
2176# Source: emissary-ingress/templates/ambassador-agent.yaml
2177apiVersion: rbac.authorization.k8s.io/v1
2178kind: ClusterRoleBinding
2179metadata:
2180 name: emissary-ingress-agent
2181 labels:
2182 product: aes
2183 platform.edge.ncr.com/component: emissary
2184 annotations:
2185 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2186 pallet.edge.ncr.com/name: store-emissary
2187 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2188 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2189 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2190 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2191roleRef:
2192 name: emissary-ingress-agent
2193 kind: ClusterRole
2194 apiGroup: rbac.authorization.k8s.io
2195subjects:
2196- name: emissary-ingress-agent
2197 namespace: emissary
2198 kind: ServiceAccount
2199---
2200# Source: emissary-ingress/templates/service.yaml
2201apiVersion: v1
2202kind: Service
2203metadata:
2204 name: emissary-ingress
2205 namespace: emissary
2206 labels:
2207 app.kubernetes.io/component: ambassador-service
2208 product: aes
2209 platform.edge.ncr.com/component: emissary
2210 annotations:
2211 a8r.io/bugs: https://github.com/datawire/ambassador/issues
2212 a8r.io/chat: http://a8r.io/Slack
2213 a8r.io/dependencies: emissary-ingress-redis.emissary
2214 a8r.io/description: The Ambassador Edge Stack goes beyond traditional API Gateways and Ingress Controllers with the advanced edge features needed to support developer self-service and full-cycle development.
2215 a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
2216 a8r.io/owner: Ambassador Labs
2217 a8r.io/repository: github.com/datawire/ambassador
2218 a8r.io/support: https://www.getambassador.io/about-us/support/
2219 coredns.io/hostname: store.ncr.corp
2220 metallb.universe.tf/allow-shared-ip: ingress-key
2221 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2222 pallet.edge.ncr.com/name: store-emissary
2223 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2224 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2225 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2226 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2227spec:
2228 type: LoadBalancer
2229 selector:
2230 service: ambassador
2231 profile: main
2232 platform.edge.ncr.com/component: emissary
2233 ports:
2234 - name: http
2235 port: 80
2236 targetPort: 8080
2237 - name: https
2238 port: 443
2239 targetPort: 8443
2240---
2241# Source: emissary-ingress/templates/admin-service.yaml
2242apiVersion: v1
2243kind: Service
2244metadata:
2245 name: emissary-ingress-admin
2246 namespace: emissary
2247 labels:
2248 # Hard-coded label for Prometheus Operator ServiceMonitor
2249 service: ambassador-admin
2250 product: aes
2251 platform.edge.ncr.com/component: emissary
2252 annotations:
2253 a8r.io/bugs: https://github.com/datawire/ambassador/issues
2254 a8r.io/chat: http://a8r.io/Slack
2255 a8r.io/dependencies: None
2256 a8r.io/description: The Ambassador Edge Stack admin service for internal use and health checks.
2257 a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
2258 a8r.io/owner: Ambassador Labs
2259 a8r.io/repository: github.com/datawire/ambassador
2260 a8r.io/support: https://www.getambassador.io/about-us/support/
2261 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2262 pallet.edge.ncr.com/name: store-emissary
2263 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2264 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2265 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2266 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2267spec:
2268 type: NodePort
2269 selector:
2270 service: ambassador
2271 platform.edge.ncr.com/component: emissary
2272 ports:
2273 - name: ambassador-admin
2274 protocol: TCP
2275 port: 8877
2276 targetPort: admin
2277 - name: ambassador-snapshot
2278 protocol: TCP
2279 port: 8005
2280 targetPort: 8005
2281---
2282apiVersion: apps/v1
2283kind: Deployment
2284metadata:
2285 labels:
2286 product: aes
2287 platform.edge.ncr.com/component: emissary
2288 name: emissary-ingress
2289 namespace: emissary
2290 annotations:
2291 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2292 pallet.edge.ncr.com/name: store-emissary
2293 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2294 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2295 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2296 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2297spec:
2298 progressDeadlineSeconds: 600
2299 replicas: 1
2300 selector:
2301 matchLabels:
2302 service: ambassador
2303 platform.edge.ncr.com/component: emissary
2304 strategy:
2305 type: RollingUpdate
2306 template:
2307 metadata:
2308 annotations:
2309 consul.hashicorp.com/connect-inject: "false"
2310 sidecar.istio.io/inject: "false"
2311 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2312 pallet.edge.ncr.com/name: store-emissary
2313 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2314 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2315 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2316 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2317 labels:
2318 app.kubernetes.io/managed-by: getambassador.io
2319 profile: main
2320 service: ambassador
2321 platform.edge.ncr.com/component: emissary
2322 spec:
2323 affinity:
2324 podAntiAffinity:
2325 preferredDuringSchedulingIgnoredDuringExecution:
2326 - podAffinityTerm:
2327 labelSelector:
2328 matchLabels:
2329 service: ambassador
2330 platform.edge.ncr.com/component: emissary
2331 topologyKey: kubernetes.io/hostname
2332 weight: 100
2333 containers:
2334 - env:
2335 - name: HOST_IP
2336 valueFrom:
2337 fieldRef:
2338 fieldPath: status.hostIP
2339 - name: AMBASSADOR_NAMESPACE
2340 valueFrom:
2341 fieldRef:
2342 fieldPath: metadata.namespace
2343 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/index.docker.io/emissaryingress/emissary:2.0.4
2344 imagePullPolicy: IfNotPresent
2345 livenessProbe:
2346 failureThreshold: 3
2347 httpGet:
2348 path: /ambassador/v0/check_alive
2349 port: admin
2350 initialDelaySeconds: 30
2351 periodSeconds: 3
2352 name: ambassador
2353 ports:
2354 - containerPort: 8080
2355 name: http
2356 - containerPort: 8443
2357 name: https
2358 - containerPort: 8877
2359 name: admin
2360 - containerPort: 1883
2361 name: mqtt
2362 protocol: TCP
2363 - containerPort: 6379
2364 name: redis
2365 protocol: TCP
2366 - containerPort: 16999
2367 name: kubernetes
2368 protocol: TCP
2369 readinessProbe:
2370 failureThreshold: 3
2371 httpGet:
2372 path: /ambassador/v0/check_ready
2373 port: admin
2374 initialDelaySeconds: 30
2375 periodSeconds: 3
2376 resources:
2377 limits:
2378 cpu: "1"
2379 memory: 400Mi
2380 requests:
2381 cpu: 200m
2382 memory: 100Mi
2383 securityContext:
2384 allowPrivilegeEscalation: false
2385 volumeMounts:
2386 - mountPath: /tmp/ambassador-pod-info
2387 name: ambassador-pod-info
2388 readOnly: true
2389 dnsPolicy: ClusterFirst
2390 hostNetwork: false
2391 imagePullSecrets: []
2392 restartPolicy: Always
2393 securityContext:
2394 runAsUser: 8888
2395 serviceAccountName: emissary-ingress
2396 terminationGracePeriodSeconds: 0
2397 volumes:
2398 - downwardAPI:
2399 items:
2400 - fieldRef:
2401 fieldPath: metadata.labels
2402 path: labels
2403 name: ambassador-pod-info
2404---
2405# Source: emissary-ingress/templates/ambassador-agent.yaml
2406apiVersion: apps/v1
2407kind: Deployment
2408metadata:
2409 name: emissary-ingress-agent
2410 namespace: emissary
2411 labels:
2412 app.kubernetes.io/instance: emissary-ingress
2413 app.kubernetes.io/name: emissary-ingress-agent
2414 platform.edge.ncr.com/component: emissary
2415 annotations:
2416 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2417 pallet.edge.ncr.com/name: store-emissary
2418 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2419 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2420 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2421 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2422spec:
2423 replicas: 1
2424 selector:
2425 matchLabels:
2426 app.kubernetes.io/instance: emissary-ingress
2427 app.kubernetes.io/name: emissary-ingress-agent
2428 platform.edge.ncr.com/component: emissary
2429 template:
2430 metadata:
2431 labels:
2432 app.kubernetes.io/instance: emissary-ingress
2433 app.kubernetes.io/name: emissary-ingress-agent
2434 platform.edge.ncr.com/component: emissary
2435 annotations:
2436 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2437 pallet.edge.ncr.com/name: store-emissary
2438 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2439 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2440 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2441 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2442 spec:
2443 serviceAccountName: emissary-ingress-agent
2444 containers:
2445 - name: agent
2446 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/index.docker.io/emissaryingress/emissary:2.0.4
2447 command: [agent]
2448 env:
2449 - name: AGENT_NAMESPACE
2450 valueFrom:
2451 fieldRef:
2452 fieldPath: metadata.namespace
2453 - name: AGENT_CONFIG_RESOURCE_NAME
2454 value: emissary-ingress-agent-cloud-token
2455 - name: RPC_CONNECTION_ADDRESS
2456 value: https://app.getambassador.io/
2457 - name: AES_SNAPSHOT_URL
2458 value: http://emissary-ingress-admin.emissary:8005/snapshot-external
2459 imagePullPolicy: IfNotPresent
2460 progressDeadlineSeconds: 600
2461---
2462apiVersion: cert-manager.io/v1
2463kind: Certificate
2464metadata:
2465 name: emissary-ca
2466 namespace: emissary
2467 labels:
2468 platform.edge.ncr.com/component: emissary
2469 annotations:
2470 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2471 pallet.edge.ncr.com/name: store-emissary
2472 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2473 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2474 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2475 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2476spec:
2477 dnsNames:
2478 - "*.store.ncr.corp"
2479 isCA: true
2480 issuerRef:
2481 name: selfsigned-issuer
2482 kind: ClusterIssuer
2483 group: cert-manager.io
2484 privateKey:
2485 algorithm: ECDSA
2486 size: 256
2487 secretName: gateway-tls-cert
2488---
2489apiVersion: cert-manager.io/v1
2490kind: ClusterIssuer
2491metadata:
2492 name: selfsigned-issuer
2493 namespace: emissary
2494 labels:
2495 platform.edge.ncr.com/component: emissary
2496 annotations:
2497 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2498 pallet.edge.ncr.com/name: store-emissary
2499 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2500 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2501 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2502 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2503spec:
2504 selfSigned: {}
2505---
2506apiVersion: cert-manager.io/v1
2507kind: Issuer
2508metadata:
2509 name: emissary-ca-issuer
2510 namespace: emissary
2511 labels:
2512 platform.edge.ncr.com/component: emissary
2513 annotations:
2514 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2515 pallet.edge.ncr.com/name: store-emissary
2516 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2517 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2518 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2519 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2520spec:
2521 ca:
2522 secretName: gateway-tls-cert
2523---
2524apiVersion: getambassador.io/v3alpha1
2525kind: Host
2526metadata:
2527 name: ingress-host
2528 namespace: emissary
2529 labels:
2530 platform.edge.ncr.com/component: emissary
2531 annotations:
2532 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2533 pallet.edge.ncr.com/name: store-emissary
2534 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2535 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2536 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2537 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2538spec:
2539 hostname: "store.ncr.corp"
2540 acmeProvider:
2541 authority: none
2542 tlsContext:
2543 name: emissary-ingress-tlscontext
2544 tlsSecret:
2545 name: gateway-tls-cert
2546---
2547apiVersion: getambassador.io/v3alpha1
2548kind: Host
2549metadata:
2550 name: ingress-host-wildcard
2551 namespace: emissary
2552 labels:
2553 platform.edge.ncr.com/component: emissary
2554 annotations:
2555 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2556 pallet.edge.ncr.com/name: store-emissary
2557 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2558 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2559 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2560 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2561spec:
2562 hostname: "*.store.ncr.corp"
2563 acmeProvider:
2564 authority: none
2565 tlsContext:
2566 name: emissary-ingress-tlscontext
2567 tlsSecret:
2568 name: gateway-tls-cert
2569---
2570apiVersion: getambassador.io/v3alpha1
2571kind: Listener
2572metadata:
2573 name: ingress-listener
2574 namespace: emissary
2575 labels:
2576 platform.edge.ncr.com/component: emissary
2577 annotations:
2578 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2579 pallet.edge.ncr.com/name: store-emissary
2580 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2581 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2582 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2583 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2584spec:
2585 protocol: HTTPS
2586 port: 8443
2587 hostBinding:
2588 namespace:
2589 from: SELF # any Host in the same namespace as this listener will be associated with it, if we want more control we can use 'selector' instead
2590 securityModel: XFP
2591---
2592apiVersion: getambassador.io/v3alpha1
2593kind: Module
2594metadata:
2595 name: ambassador
2596 namespace: emissary
2597 labels:
2598 platform.edge.ncr.com/component: emissary
2599 annotations:
2600 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2601 pallet.edge.ncr.com/name: store-emissary
2602 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2603 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2604 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2605 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2606spec:
2607 config:
2608 add_linkerd_headers: true
2609 cluster_request_timeout_ms: 30000
2610 lua_scripts: |
2611 function envoy_on_request(request_handle)
2612 local authority = request_handle:headers():get(":authority")
2613 if(string.find(authority, ":") ~= nil)
2614 then
2615 local authority_index = string.find(authority, ":")
2616 local stripped_authority = string.sub(authority, 1, authority_index - 1)
2617 request_handle:headers():replace(":authority", stripped_authority)
2618 end
2619 end
2620 strip_matching_host_port: true
2621---
2622apiVersion: getambassador.io/v3alpha1
2623kind: TLSContext
2624metadata:
2625 name: emissary-ingress-tlscontext
2626 namespace: emissary
2627 labels:
2628 platform.edge.ncr.com/component: emissary
2629 annotations:
2630 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
2631 pallet.edge.ncr.com/name: store-emissary
2632 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
2633 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
2634 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
2635 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
2636spec:
2637 alpn_protocols: h2
2638 cert_required: false
2639 hosts: ['*.store.ncr.corp', 'store.ncr.corp']
2640 min_tls_version: v1.3
2641 secret: gateway-tls-cert
View as plain text