...

Text file src/edge-infra.dev/third_party/k8s/emissary/base/emissary-emissaryns.yaml

Documentation: edge-infra.dev/third_party/k8s/emissary/base

     1# GENERATED FILE: edits made by hand will not be preserved.
     2---
     3apiVersion: v1
     4kind: Service
     5metadata:
     6  annotations:
     7    a8r.io/bugs: https://github.com/datawire/ambassador/issues
     8    a8r.io/chat: http://a8r.io/Slack
     9    a8r.io/dependencies: None
    10    a8r.io/description: The Ambassador Edge Stack admin service for internal use and
    11      health checks.
    12    a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
    13    a8r.io/owner: Ambassador Labs
    14    a8r.io/repository: github.com/datawire/ambassador
    15    a8r.io/support: https://www.getambassador.io/about-us/support/
    16  labels:
    17    app.kubernetes.io/instance: emissary-ingress
    18    app.kubernetes.io/managed-by: getambassador.io
    19    app.kubernetes.io/name: emissary-ingress
    20    app.kubernetes.io/part-of: emissary-ingress
    21    product: aes
    22    service: ambassador-admin
    23  name: emissary-ingress-admin
    24  namespace: emissary
    25spec:
    26  ports:
    27  - name: ambassador-admin
    28    port: 8877
    29    protocol: TCP
    30    targetPort: admin
    31  - name: ambassador-snapshot
    32    port: 8005
    33    protocol: TCP
    34    targetPort: 8005
    35  selector:
    36    app.kubernetes.io/instance: emissary-ingress
    37    app.kubernetes.io/name: emissary-ingress
    38  type: NodePort
    39---
    40apiVersion: v1
    41kind: Service
    42metadata:
    43  annotations:
    44    a8r.io/bugs: https://github.com/datawire/ambassador/issues
    45    a8r.io/chat: http://a8r.io/Slack
    46    a8r.io/dependencies: emissary-ingress-redis.emissary
    47    a8r.io/description: The Ambassador Edge Stack goes beyond traditional API Gateways
    48      and Ingress Controllers with the advanced edge features needed to support developer
    49      self-service and full-cycle development.
    50    a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
    51    a8r.io/owner: Ambassador Labs
    52    a8r.io/repository: github.com/datawire/ambassador
    53    a8r.io/support: https://www.getambassador.io/about-us/support/
    54  labels:
    55    app.kubernetes.io/component: ambassador-service
    56    app.kubernetes.io/instance: emissary-ingress
    57    app.kubernetes.io/managed-by: getambassador.io
    58    app.kubernetes.io/name: emissary-ingress
    59    app.kubernetes.io/part-of: emissary-ingress
    60    product: aes
    61  name: emissary-ingress
    62  namespace: emissary
    63spec:
    64  ports:
    65  - name: http
    66    port: 80
    67    targetPort: 8080
    68  - name: https
    69    port: 443
    70    targetPort: 8443
    71  selector:
    72    app.kubernetes.io/instance: emissary-ingress
    73    app.kubernetes.io/name: emissary-ingress
    74    profile: main
    75  type: LoadBalancer
    76---
    77apiVersion: v1
    78kind: Service
    79metadata:
    80  labels:
    81    product: aes
    82  name: emissary-ingress-agent
    83  namespace: emissary
    84spec:
    85  ports:
    86  - name: http
    87    port: 80
    88    protocol: TCP
    89    targetPort: http
    90  selector:
    91    app.kubernetes.io/instance: emissary-ingress
    92    app.kubernetes.io/name: emissary-ingress-agent
    93---
    94aggregationRule:
    95  clusterRoleSelectors:
    96  - matchLabels:
    97      rbac.getambassador.io/role-group: emissary-ingress
    98apiVersion: rbac.authorization.k8s.io/v1
    99kind: ClusterRole
   100metadata:
   101  labels:
   102    app.kubernetes.io/instance: emissary-ingress
   103    app.kubernetes.io/managed-by: getambassador.io
   104    app.kubernetes.io/name: emissary-ingress
   105    app.kubernetes.io/part-of: emissary-ingress
   106    product: aes
   107  name: emissary-ingress
   108rules: []
   109---
   110apiVersion: v1
   111kind: ServiceAccount
   112metadata:
   113  labels:
   114    app.kubernetes.io/instance: emissary-ingress
   115    app.kubernetes.io/managed-by: getambassador.io
   116    app.kubernetes.io/name: emissary-ingress
   117    app.kubernetes.io/part-of: emissary-ingress
   118    product: aes
   119  name: emissary-ingress
   120  namespace: emissary
   121---
   122apiVersion: rbac.authorization.k8s.io/v1
   123kind: ClusterRoleBinding
   124metadata:
   125  labels:
   126    app.kubernetes.io/instance: emissary-ingress
   127    app.kubernetes.io/managed-by: getambassador.io
   128    app.kubernetes.io/name: emissary-ingress
   129    app.kubernetes.io/part-of: emissary-ingress
   130    product: aes
   131  name: emissary-ingress
   132roleRef:
   133  apiGroup: rbac.authorization.k8s.io
   134  kind: ClusterRole
   135  name: emissary-ingress
   136subjects:
   137- kind: ServiceAccount
   138  name: emissary-ingress
   139  namespace: emissary
   140---
   141apiVersion: rbac.authorization.k8s.io/v1
   142kind: ClusterRole
   143metadata:
   144  labels:
   145    app.kubernetes.io/instance: emissary-ingress
   146    app.kubernetes.io/managed-by: getambassador.io
   147    app.kubernetes.io/name: emissary-ingress
   148    app.kubernetes.io/part-of: emissary-ingress
   149    product: aes
   150    rbac.getambassador.io/role-group: emissary-ingress
   151  name: emissary-ingress-crd
   152rules:
   153- apiGroups:
   154  - apiextensions.k8s.io
   155  resources:
   156  - customresourcedefinitions
   157  verbs:
   158  - get
   159  - list
   160  - watch
   161  - delete
   162---
   163apiVersion: rbac.authorization.k8s.io/v1
   164kind: ClusterRole
   165metadata:
   166  labels:
   167    app.kubernetes.io/instance: emissary-ingress
   168    app.kubernetes.io/managed-by: getambassador.io
   169    app.kubernetes.io/name: emissary-ingress
   170    app.kubernetes.io/part-of: emissary-ingress
   171    product: aes
   172    rbac.getambassador.io/role-group: emissary-ingress
   173  name: emissary-ingress-watch
   174rules:
   175- apiGroups:
   176  - ""
   177  resources:
   178  - namespaces
   179  - services
   180  - secrets
   181  - configmaps
   182  - endpoints
   183  verbs:
   184  - get
   185  - list
   186  - watch
   187- apiGroups:
   188  - getambassador.io
   189  - gateway.getambassador.io
   190  resources:
   191  - '*'
   192  verbs:
   193  - get
   194  - list
   195  - watch
   196  - update
   197  - patch
   198  - create
   199  - delete
   200- apiGroups:
   201  - getambassador.io
   202  resources:
   203  - mappings/status
   204  verbs:
   205  - update
   206- apiGroups:
   207  - networking.internal.knative.dev
   208  resources:
   209  - clusteringresses
   210  - ingresses
   211  verbs:
   212  - get
   213  - list
   214  - watch
   215- apiGroups:
   216  - networking.x-k8s.io
   217  resources:
   218  - '*'
   219  verbs:
   220  - get
   221  - list
   222  - watch
   223- apiGroups:
   224  - networking.internal.knative.dev
   225  resources:
   226  - ingresses/status
   227  - clusteringresses/status
   228  verbs:
   229  - update
   230- apiGroups:
   231  - extensions
   232  - networking.k8s.io
   233  resources:
   234  - ingresses
   235  - ingressclasses
   236  verbs:
   237  - get
   238  - list
   239  - watch
   240- apiGroups:
   241  - extensions
   242  - networking.k8s.io
   243  resources:
   244  - ingresses/status
   245  verbs:
   246  - update
   247---
   248apiVersion: apps/v1
   249kind: Deployment
   250metadata:
   251  labels:
   252    app.kubernetes.io/instance: emissary-ingress
   253    app.kubernetes.io/managed-by: getambassador.io
   254    app.kubernetes.io/name: emissary-ingress
   255    app.kubernetes.io/part-of: emissary-ingress
   256    product: aes
   257  name: emissary-ingress
   258  namespace: emissary
   259spec:
   260  progressDeadlineSeconds: 600
   261  replicas: 3
   262  selector:
   263    matchLabels:
   264      app.kubernetes.io/instance: emissary-ingress
   265      app.kubernetes.io/name: emissary-ingress
   266  strategy:
   267    type: RollingUpdate
   268  template:
   269    metadata:
   270      annotations:
   271        consul.hashicorp.com/connect-inject: "false"
   272        sidecar.istio.io/inject: "false"
   273      labels:
   274        app.kubernetes.io/instance: emissary-ingress
   275        app.kubernetes.io/managed-by: getambassador.io
   276        app.kubernetes.io/name: emissary-ingress
   277        app.kubernetes.io/part-of: emissary-ingress
   278        product: aes
   279        profile: main
   280    spec:
   281      affinity:
   282        podAntiAffinity:
   283          preferredDuringSchedulingIgnoredDuringExecution:
   284          - podAffinityTerm:
   285              labelSelector:
   286                matchLabels:
   287                  service: ambassador
   288              topologyKey: kubernetes.io/hostname
   289            weight: 100
   290      containers:
   291      - env:
   292        - name: AMBASSADOR_NAMESPACE
   293          valueFrom:
   294            fieldRef:
   295              fieldPath: metadata.namespace
   296        - name: AGENT_CONFIG_RESOURCE_NAME
   297          value: emissary-ingress-agent-cloud-token
   298        image: docker.io/emissaryingress/emissary:3.9.1
   299        imagePullPolicy: IfNotPresent
   300        livenessProbe:
   301          failureThreshold: 3
   302          httpGet:
   303            path: /ambassador/v0/check_alive
   304            port: admin
   305          initialDelaySeconds: 30
   306          periodSeconds: 3
   307        name: ambassador
   308        ports:
   309        - containerPort: 8080
   310          name: http
   311        - containerPort: 8443
   312          name: https
   313        - containerPort: 8877
   314          name: admin
   315        readinessProbe:
   316          failureThreshold: 3
   317          httpGet:
   318            path: /ambassador/v0/check_ready
   319            port: admin
   320          initialDelaySeconds: 30
   321          periodSeconds: 3
   322        resources:
   323          limits:
   324            cpu: 1
   325            memory: 400Mi
   326          requests:
   327            cpu: 200m
   328            memory: 100Mi
   329        securityContext:
   330          allowPrivilegeEscalation: false
   331        volumeMounts:
   332        - mountPath: /tmp/ambassador-pod-info
   333          name: ambassador-pod-info
   334          readOnly: true
   335      dnsPolicy: ClusterFirst
   336      hostNetwork: false
   337      imagePullSecrets: []
   338      initContainers:
   339      - args:
   340        - |
   341          deployment_name="emissary-apiext"
   342          deployment_namespace="emissary-system"
   343          while true; do
   344            echo "checking if deployment/$deployment_name in namespace: $deployment_namespace exists."
   345            if kubectl get deployment "$deployment_name" -n $deployment_namespace > /dev/null 2>&1; then
   346              echo "$deployment_name.$deployment_namespace exists."
   347              echo "checking if $deployment_name.$deployment_namespace is fully available..."
   348              kubectl wait --for=condition=available deployment/"$deployment_name" -n $deployment_namespace --timeout=5m
   349              if [ $? -eq 0 ]; then
   350                echo "$deployment_name.$deployment_namespace is available"
   351                while true; do
   352                desired_replicas=$(kubectl get deployment $deployment_name -n $deployment_namespace -o jsonpath='{.spec.replicas}')
   353                current_replicas=$(kubectl get deployment $deployment_name -n $deployment_namespace -o jsonpath='{.status.replicas}')
   354                if [[ $current_replicas != $desired_replicas ]]; then
   355                  echo "$deployment_name.$deployment_namespace is in the process of restarting. Have: $current_replicas, want $desired_replicas"
   356                  sleep 3
   357                else
   358                  echo "$deployment_name.$deployment_namespace is fully ready and not currently restarting.  Have: $current_replicas, want $desired_replicas"
   359                  break
   360                fi
   361                done
   362                break
   363              else
   364                echo "$deployment_name.$deployment_namespace did not become available within the timeout"
   365              fi
   366            else
   367              echo "$deployment_name.$deployment_namespace does not exist yet. Waiting..."
   368              sleep 3
   369            fi
   370          done
   371        command:
   372        - /bin/sh
   373        - -c
   374        image: istio/kubectl:1.5.10
   375        imagePullPolicy: IfNotPresent
   376        name: wait-for-apiext
   377        securityContext:
   378          runAsUser: 8888
   379      restartPolicy: Always
   380      securityContext:
   381        runAsUser: 8888
   382      serviceAccountName: emissary-ingress
   383      terminationGracePeriodSeconds: 0
   384      volumes:
   385      - downwardAPI:
   386          items:
   387          - fieldRef:
   388              fieldPath: metadata.labels
   389            path: labels
   390        name: ambassador-pod-info
   391---
   392apiVersion: getambassador.io/v3alpha1
   393kind: Module
   394metadata:
   395  labels:
   396    app.kubernetes.io/component: emissary-ingress
   397    app.kubernetes.io/instance: emissary-ingress
   398    app.kubernetes.io/managed-by: getambassador.io
   399    app.kubernetes.io/name: emissary-ingress
   400    app.kubernetes.io/part-of: emissary-ingress
   401    product: aes
   402  name: ambassador
   403  namespace: emissary
   404spec:
   405  config:
   406    diagnostics:
   407      allow_non_local: true
   408      enabled: false
   409---
   410apiVersion: v1
   411kind: ServiceAccount
   412metadata:
   413  labels:
   414    app.kubernetes.io/instance: emissary-ingress
   415    app.kubernetes.io/managed-by: getambassador.io
   416    app.kubernetes.io/name: emissary-ingress-agent
   417    app.kubernetes.io/part-of: emissary-ingress
   418    product: aes
   419  name: emissary-ingress-agent
   420  namespace: emissary
   421---
   422apiVersion: rbac.authorization.k8s.io/v1
   423kind: ClusterRoleBinding
   424metadata:
   425  labels:
   426    app.kubernetes.io/instance: emissary-ingress
   427    app.kubernetes.io/managed-by: getambassador.io
   428    app.kubernetes.io/name: emissary-ingress-agent
   429    app.kubernetes.io/part-of: emissary-ingress
   430    product: aes
   431  name: emissary-ingress-agent
   432roleRef:
   433  apiGroup: rbac.authorization.k8s.io
   434  kind: ClusterRole
   435  name: emissary-ingress-agent
   436subjects:
   437- kind: ServiceAccount
   438  name: emissary-ingress-agent
   439  namespace: emissary
   440---
   441aggregationRule:
   442  clusterRoleSelectors:
   443  - matchLabels:
   444      rbac.getambassador.io/role-group: emissary-ingress-agent
   445apiVersion: rbac.authorization.k8s.io/v1
   446kind: ClusterRole
   447metadata:
   448  labels:
   449    app.kubernetes.io/instance: emissary-ingress
   450    app.kubernetes.io/managed-by: getambassador.io
   451    app.kubernetes.io/name: emissary-ingress-agent
   452    app.kubernetes.io/part-of: emissary-ingress
   453    product: aes
   454  name: emissary-ingress-agent
   455rules: []
   456---
   457apiVersion: rbac.authorization.k8s.io/v1
   458kind: ClusterRole
   459metadata:
   460  labels:
   461    app.kubernetes.io/instance: emissary-ingress
   462    app.kubernetes.io/managed-by: getambassador.io
   463    app.kubernetes.io/name: emissary-ingress-agent
   464    app.kubernetes.io/part-of: emissary-ingress
   465    product: aes
   466    rbac.getambassador.io/role-group: emissary-ingress-agent
   467  name: emissary-ingress-agent-pods
   468rules:
   469- apiGroups:
   470  - ""
   471  resources:
   472  - pods
   473  verbs:
   474  - get
   475  - list
   476  - watch
   477---
   478apiVersion: rbac.authorization.k8s.io/v1
   479kind: ClusterRole
   480metadata:
   481  labels:
   482    app.kubernetes.io/instance: emissary-ingress
   483    app.kubernetes.io/managed-by: getambassador.io
   484    app.kubernetes.io/name: emissary-ingress-agent
   485    app.kubernetes.io/part-of: emissary-ingress
   486    product: aes
   487    rbac.getambassador.io/role-group: emissary-ingress-agent
   488  name: emissary-ingress-agent-rollouts
   489rules:
   490- apiGroups:
   491  - argoproj.io
   492  resources:
   493  - rollouts
   494  - rollouts/status
   495  verbs:
   496  - get
   497  - list
   498  - watch
   499  - patch
   500---
   501apiVersion: rbac.authorization.k8s.io/v1
   502kind: ClusterRole
   503metadata:
   504  labels:
   505    app.kubernetes.io/instance: emissary-ingress
   506    app.kubernetes.io/managed-by: getambassador.io
   507    app.kubernetes.io/name: emissary-ingress-agent
   508    app.kubernetes.io/part-of: emissary-ingress
   509    product: aes
   510    rbac.getambassador.io/role-group: emissary-ingress-agent
   511  name: emissary-ingress-agent-applications
   512rules:
   513- apiGroups:
   514  - argoproj.io
   515  resources:
   516  - applications
   517  verbs:
   518  - get
   519  - list
   520  - watch
   521---
   522apiVersion: rbac.authorization.k8s.io/v1
   523kind: ClusterRole
   524metadata:
   525  labels:
   526    app.kubernetes.io/instance: emissary-ingress
   527    app.kubernetes.io/managed-by: getambassador.io
   528    app.kubernetes.io/name: emissary-ingress-agent
   529    app.kubernetes.io/part-of: emissary-ingress
   530    product: aes
   531    rbac.getambassador.io/role-group: emissary-ingress-agent
   532  name: emissary-ingress-agent-deployments
   533rules:
   534- apiGroups:
   535  - apps
   536  - extensions
   537  resources:
   538  - deployments
   539  verbs:
   540  - get
   541  - list
   542  - watch
   543---
   544apiVersion: rbac.authorization.k8s.io/v1
   545kind: ClusterRole
   546metadata:
   547  labels:
   548    app.kubernetes.io/instance: emissary-ingress
   549    app.kubernetes.io/managed-by: getambassador.io
   550    app.kubernetes.io/name: emissary-ingress-agent
   551    app.kubernetes.io/part-of: emissary-ingress
   552    product: aes
   553    rbac.getambassador.io/role-group: emissary-ingress-agent
   554  name: emissary-ingress-agent-endpoints
   555rules:
   556- apiGroups:
   557  - ""
   558  resources:
   559  - endpoints
   560  verbs:
   561  - get
   562  - list
   563  - watch
   564---
   565apiVersion: rbac.authorization.k8s.io/v1
   566kind: ClusterRole
   567metadata:
   568  labels:
   569    app.kubernetes.io/instance: emissary-ingress
   570    app.kubernetes.io/managed-by: getambassador.io
   571    app.kubernetes.io/name: emissary-ingress-agent
   572    app.kubernetes.io/part-of: emissary-ingress
   573    product: aes
   574    rbac.getambassador.io/role-group: emissary-ingress-agent
   575  name: emissary-ingress-agent-configmaps
   576rules:
   577- apiGroups:
   578  - ""
   579  resources:
   580  - configmaps
   581  verbs:
   582  - get
   583  - list
   584  - watch
   585---
   586apiVersion: rbac.authorization.k8s.io/v1
   587kind: Role
   588metadata:
   589  labels:
   590    app.kubernetes.io/instance: emissary-ingress
   591    app.kubernetes.io/managed-by: getambassador.io
   592    app.kubernetes.io/name: emissary-ingress-agent
   593    app.kubernetes.io/part-of: emissary-ingress
   594    product: aes
   595  name: emissary-ingress-agent-config
   596  namespace: emissary
   597rules:
   598- apiGroups:
   599  - ""
   600  resources:
   601  - configmaps
   602  verbs:
   603  - get
   604  - list
   605  - watch
   606- apiGroups:
   607  - ""
   608  resources:
   609  - secrets
   610  verbs:
   611  - get
   612  - list
   613  - watch
   614  - create
   615  - delete
   616  - patch
   617---
   618apiVersion: rbac.authorization.k8s.io/v1
   619kind: RoleBinding
   620metadata:
   621  labels:
   622    app.kubernetes.io/instance: emissary-ingress
   623    app.kubernetes.io/managed-by: getambassador.io
   624    app.kubernetes.io/name: emissary-ingress-agent
   625    app.kubernetes.io/part-of: emissary-ingress
   626    product: aes
   627  name: emissary-ingress-agent-config
   628  namespace: emissary
   629roleRef:
   630  apiGroup: rbac.authorization.k8s.io
   631  kind: Role
   632  name: emissary-ingress-agent-config
   633subjects:
   634- kind: ServiceAccount
   635  name: emissary-ingress-agent
   636  namespace: emissary
   637---
   638apiVersion: rbac.authorization.k8s.io/v1
   639kind: Role
   640metadata:
   641  labels:
   642    app.kubernetes.io/instance: emissary-ingress
   643    app.kubernetes.io/managed-by: getambassador.io
   644    app.kubernetes.io/name: emissary-ingress
   645    app.kubernetes.io/part-of: emissary-ingress
   646    product: aes
   647    rbac.getambassador.io/role-group: emissary-ingress
   648  name: emissary-ingress-apiext
   649  namespace: emissary-system
   650rules:
   651- apiGroups:
   652  - apps
   653  resources:
   654  - deployments
   655  verbs:
   656  - get
   657  - list
   658  - watch
   659---
   660apiVersion: rbac.authorization.k8s.io/v1
   661kind: RoleBinding
   662metadata:
   663  labels:
   664    app.kubernetes.io/instance: emissary-ingress
   665    app.kubernetes.io/managed-by: getambassador.io
   666    app.kubernetes.io/name: emissary-ingress
   667    app.kubernetes.io/part-of: emissary-ingress
   668    product: aes
   669  name: emissary-ingress-apiext
   670  namespace: emissary-system
   671roleRef:
   672  apiGroup: rbac.authorization.k8s.io
   673  kind: Role
   674  name: emissary-ingress-apiext
   675subjects:
   676- kind: ServiceAccount
   677  name: emissary-ingress
   678  namespace: emissary
   679---
   680apiVersion: apps/v1
   681kind: Deployment
   682metadata:
   683  labels:
   684    app.kubernetes.io/instance: emissary-ingress
   685    app.kubernetes.io/managed-by: getambassador.io
   686    app.kubernetes.io/name: emissary-ingress-agent
   687    app.kubernetes.io/part-of: emissary-ingress
   688    product: aes
   689  name: emissary-ingress-agent
   690  namespace: emissary
   691spec:
   692  progressDeadlineSeconds: 600
   693  replicas: 1
   694  selector:
   695    matchLabels:
   696      app.kubernetes.io/instance: emissary-ingress
   697      app.kubernetes.io/name: emissary-ingress-agent
   698  template:
   699    metadata:
   700      labels:
   701        app.kubernetes.io/instance: emissary-ingress
   702        app.kubernetes.io/managed-by: getambassador.io
   703        app.kubernetes.io/name: emissary-ingress-agent
   704        app.kubernetes.io/part-of: emissary-ingress
   705        product: aes
   706    spec:
   707      containers:
   708      - env:
   709        - name: AGENT_NAMESPACE
   710          valueFrom:
   711            fieldRef:
   712              fieldPath: metadata.namespace
   713        - name: AGENT_CONFIG_RESOURCE_NAME
   714          value: emissary-ingress-agent-cloud-token
   715        - name: RPC_CONNECTION_ADDRESS
   716          value: https://app.getambassador.io/
   717        - name: AES_SNAPSHOT_URL
   718          value: http://emissary-ingress-admin.emissary:8005/snapshot-external
   719        - name: AES_REPORT_DIAGNOSTICS_TO_CLOUD
   720          value: "true"
   721        - name: AES_DIAGNOSTICS_URL
   722          value: http://emissary-ingress-admin.emissary:8877/ambassador/v0/diag/?json=true
   723        image: docker.io/ambassador/ambassador-agent:1.0.14
   724        imagePullPolicy: IfNotPresent
   725        name: agent
   726        ports:
   727        - containerPort: 8080
   728          name: http
   729      serviceAccountName: emissary-ingress-agent

View as plain text