1# GENERATED FILE: edits made by hand will not be preserved.
2---
3apiVersion: v1
4kind: Service
5metadata:
6 annotations:
7 a8r.io/bugs: https://github.com/datawire/ambassador/issues
8 a8r.io/chat: http://a8r.io/Slack
9 a8r.io/dependencies: None
10 a8r.io/description: The Ambassador Edge Stack admin service for internal use and
11 health checks.
12 a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
13 a8r.io/owner: Ambassador Labs
14 a8r.io/repository: github.com/datawire/ambassador
15 a8r.io/support: https://www.getambassador.io/about-us/support/
16 labels:
17 app.kubernetes.io/instance: emissary-ingress
18 app.kubernetes.io/managed-by: getambassador.io
19 app.kubernetes.io/name: emissary-ingress
20 app.kubernetes.io/part-of: emissary-ingress
21 product: aes
22 service: ambassador-admin
23 name: emissary-ingress-admin
24 namespace: emissary
25spec:
26 ports:
27 - name: ambassador-admin
28 port: 8877
29 protocol: TCP
30 targetPort: admin
31 - name: ambassador-snapshot
32 port: 8005
33 protocol: TCP
34 targetPort: 8005
35 selector:
36 app.kubernetes.io/instance: emissary-ingress
37 app.kubernetes.io/name: emissary-ingress
38 type: NodePort
39---
40apiVersion: v1
41kind: Service
42metadata:
43 annotations:
44 a8r.io/bugs: https://github.com/datawire/ambassador/issues
45 a8r.io/chat: http://a8r.io/Slack
46 a8r.io/dependencies: emissary-ingress-redis.emissary
47 a8r.io/description: The Ambassador Edge Stack goes beyond traditional API Gateways
48 and Ingress Controllers with the advanced edge features needed to support developer
49 self-service and full-cycle development.
50 a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
51 a8r.io/owner: Ambassador Labs
52 a8r.io/repository: github.com/datawire/ambassador
53 a8r.io/support: https://www.getambassador.io/about-us/support/
54 labels:
55 app.kubernetes.io/component: ambassador-service
56 app.kubernetes.io/instance: emissary-ingress
57 app.kubernetes.io/managed-by: getambassador.io
58 app.kubernetes.io/name: emissary-ingress
59 app.kubernetes.io/part-of: emissary-ingress
60 product: aes
61 name: emissary-ingress
62 namespace: emissary
63spec:
64 ports:
65 - name: http
66 port: 80
67 targetPort: 8080
68 - name: https
69 port: 443
70 targetPort: 8443
71 selector:
72 app.kubernetes.io/instance: emissary-ingress
73 app.kubernetes.io/name: emissary-ingress
74 profile: main
75 type: LoadBalancer
76---
77apiVersion: v1
78kind: Service
79metadata:
80 labels:
81 product: aes
82 name: emissary-ingress-agent
83 namespace: emissary
84spec:
85 ports:
86 - name: http
87 port: 80
88 protocol: TCP
89 targetPort: http
90 selector:
91 app.kubernetes.io/instance: emissary-ingress
92 app.kubernetes.io/name: emissary-ingress-agent
93---
94aggregationRule:
95 clusterRoleSelectors:
96 - matchLabels:
97 rbac.getambassador.io/role-group: emissary-ingress
98apiVersion: rbac.authorization.k8s.io/v1
99kind: ClusterRole
100metadata:
101 labels:
102 app.kubernetes.io/instance: emissary-ingress
103 app.kubernetes.io/managed-by: getambassador.io
104 app.kubernetes.io/name: emissary-ingress
105 app.kubernetes.io/part-of: emissary-ingress
106 product: aes
107 name: emissary-ingress
108rules: []
109---
110apiVersion: v1
111kind: ServiceAccount
112metadata:
113 labels:
114 app.kubernetes.io/instance: emissary-ingress
115 app.kubernetes.io/managed-by: getambassador.io
116 app.kubernetes.io/name: emissary-ingress
117 app.kubernetes.io/part-of: emissary-ingress
118 product: aes
119 name: emissary-ingress
120 namespace: emissary
121---
122apiVersion: rbac.authorization.k8s.io/v1
123kind: ClusterRoleBinding
124metadata:
125 labels:
126 app.kubernetes.io/instance: emissary-ingress
127 app.kubernetes.io/managed-by: getambassador.io
128 app.kubernetes.io/name: emissary-ingress
129 app.kubernetes.io/part-of: emissary-ingress
130 product: aes
131 name: emissary-ingress
132roleRef:
133 apiGroup: rbac.authorization.k8s.io
134 kind: ClusterRole
135 name: emissary-ingress
136subjects:
137- kind: ServiceAccount
138 name: emissary-ingress
139 namespace: emissary
140---
141apiVersion: rbac.authorization.k8s.io/v1
142kind: ClusterRole
143metadata:
144 labels:
145 app.kubernetes.io/instance: emissary-ingress
146 app.kubernetes.io/managed-by: getambassador.io
147 app.kubernetes.io/name: emissary-ingress
148 app.kubernetes.io/part-of: emissary-ingress
149 product: aes
150 rbac.getambassador.io/role-group: emissary-ingress
151 name: emissary-ingress-crd
152rules:
153- apiGroups:
154 - apiextensions.k8s.io
155 resources:
156 - customresourcedefinitions
157 verbs:
158 - get
159 - list
160 - watch
161 - delete
162---
163apiVersion: rbac.authorization.k8s.io/v1
164kind: ClusterRole
165metadata:
166 labels:
167 app.kubernetes.io/instance: emissary-ingress
168 app.kubernetes.io/managed-by: getambassador.io
169 app.kubernetes.io/name: emissary-ingress
170 app.kubernetes.io/part-of: emissary-ingress
171 product: aes
172 rbac.getambassador.io/role-group: emissary-ingress
173 name: emissary-ingress-watch
174rules:
175- apiGroups:
176 - ""
177 resources:
178 - namespaces
179 - services
180 - secrets
181 - configmaps
182 - endpoints
183 verbs:
184 - get
185 - list
186 - watch
187- apiGroups:
188 - getambassador.io
189 - gateway.getambassador.io
190 resources:
191 - '*'
192 verbs:
193 - get
194 - list
195 - watch
196 - update
197 - patch
198 - create
199 - delete
200- apiGroups:
201 - getambassador.io
202 resources:
203 - mappings/status
204 verbs:
205 - update
206- apiGroups:
207 - networking.internal.knative.dev
208 resources:
209 - clusteringresses
210 - ingresses
211 verbs:
212 - get
213 - list
214 - watch
215- apiGroups:
216 - networking.x-k8s.io
217 resources:
218 - '*'
219 verbs:
220 - get
221 - list
222 - watch
223- apiGroups:
224 - networking.internal.knative.dev
225 resources:
226 - ingresses/status
227 - clusteringresses/status
228 verbs:
229 - update
230- apiGroups:
231 - extensions
232 - networking.k8s.io
233 resources:
234 - ingresses
235 - ingressclasses
236 verbs:
237 - get
238 - list
239 - watch
240- apiGroups:
241 - extensions
242 - networking.k8s.io
243 resources:
244 - ingresses/status
245 verbs:
246 - update
247---
248apiVersion: apps/v1
249kind: Deployment
250metadata:
251 labels:
252 app.kubernetes.io/instance: emissary-ingress
253 app.kubernetes.io/managed-by: getambassador.io
254 app.kubernetes.io/name: emissary-ingress
255 app.kubernetes.io/part-of: emissary-ingress
256 product: aes
257 name: emissary-ingress
258 namespace: emissary
259spec:
260 progressDeadlineSeconds: 600
261 replicas: 3
262 selector:
263 matchLabels:
264 app.kubernetes.io/instance: emissary-ingress
265 app.kubernetes.io/name: emissary-ingress
266 strategy:
267 type: RollingUpdate
268 template:
269 metadata:
270 annotations:
271 consul.hashicorp.com/connect-inject: "false"
272 sidecar.istio.io/inject: "false"
273 labels:
274 app.kubernetes.io/instance: emissary-ingress
275 app.kubernetes.io/managed-by: getambassador.io
276 app.kubernetes.io/name: emissary-ingress
277 app.kubernetes.io/part-of: emissary-ingress
278 product: aes
279 profile: main
280 spec:
281 affinity:
282 podAntiAffinity:
283 preferredDuringSchedulingIgnoredDuringExecution:
284 - podAffinityTerm:
285 labelSelector:
286 matchLabels:
287 service: ambassador
288 topologyKey: kubernetes.io/hostname
289 weight: 100
290 containers:
291 - env:
292 - name: AMBASSADOR_NAMESPACE
293 valueFrom:
294 fieldRef:
295 fieldPath: metadata.namespace
296 - name: AGENT_CONFIG_RESOURCE_NAME
297 value: emissary-ingress-agent-cloud-token
298 image: docker.io/emissaryingress/emissary:3.9.1
299 imagePullPolicy: IfNotPresent
300 livenessProbe:
301 failureThreshold: 3
302 httpGet:
303 path: /ambassador/v0/check_alive
304 port: admin
305 initialDelaySeconds: 30
306 periodSeconds: 3
307 name: ambassador
308 ports:
309 - containerPort: 8080
310 name: http
311 - containerPort: 8443
312 name: https
313 - containerPort: 8877
314 name: admin
315 readinessProbe:
316 failureThreshold: 3
317 httpGet:
318 path: /ambassador/v0/check_ready
319 port: admin
320 initialDelaySeconds: 30
321 periodSeconds: 3
322 resources:
323 limits:
324 cpu: 1
325 memory: 400Mi
326 requests:
327 cpu: 200m
328 memory: 100Mi
329 securityContext:
330 allowPrivilegeEscalation: false
331 volumeMounts:
332 - mountPath: /tmp/ambassador-pod-info
333 name: ambassador-pod-info
334 readOnly: true
335 dnsPolicy: ClusterFirst
336 hostNetwork: false
337 imagePullSecrets: []
338 initContainers:
339 - args:
340 - |
341 deployment_name="emissary-apiext"
342 deployment_namespace="emissary-system"
343 while true; do
344 echo "checking if deployment/$deployment_name in namespace: $deployment_namespace exists."
345 if kubectl get deployment "$deployment_name" -n $deployment_namespace > /dev/null 2>&1; then
346 echo "$deployment_name.$deployment_namespace exists."
347 echo "checking if $deployment_name.$deployment_namespace is fully available..."
348 kubectl wait --for=condition=available deployment/"$deployment_name" -n $deployment_namespace --timeout=5m
349 if [ $? -eq 0 ]; then
350 echo "$deployment_name.$deployment_namespace is available"
351 while true; do
352 desired_replicas=$(kubectl get deployment $deployment_name -n $deployment_namespace -o jsonpath='{.spec.replicas}')
353 current_replicas=$(kubectl get deployment $deployment_name -n $deployment_namespace -o jsonpath='{.status.replicas}')
354 if [[ $current_replicas != $desired_replicas ]]; then
355 echo "$deployment_name.$deployment_namespace is in the process of restarting. Have: $current_replicas, want $desired_replicas"
356 sleep 3
357 else
358 echo "$deployment_name.$deployment_namespace is fully ready and not currently restarting. Have: $current_replicas, want $desired_replicas"
359 break
360 fi
361 done
362 break
363 else
364 echo "$deployment_name.$deployment_namespace did not become available within the timeout"
365 fi
366 else
367 echo "$deployment_name.$deployment_namespace does not exist yet. Waiting..."
368 sleep 3
369 fi
370 done
371 command:
372 - /bin/sh
373 - -c
374 image: istio/kubectl:1.5.10
375 imagePullPolicy: IfNotPresent
376 name: wait-for-apiext
377 securityContext:
378 runAsUser: 8888
379 restartPolicy: Always
380 securityContext:
381 runAsUser: 8888
382 serviceAccountName: emissary-ingress
383 terminationGracePeriodSeconds: 0
384 volumes:
385 - downwardAPI:
386 items:
387 - fieldRef:
388 fieldPath: metadata.labels
389 path: labels
390 name: ambassador-pod-info
391---
392apiVersion: getambassador.io/v3alpha1
393kind: Module
394metadata:
395 labels:
396 app.kubernetes.io/component: emissary-ingress
397 app.kubernetes.io/instance: emissary-ingress
398 app.kubernetes.io/managed-by: getambassador.io
399 app.kubernetes.io/name: emissary-ingress
400 app.kubernetes.io/part-of: emissary-ingress
401 product: aes
402 name: ambassador
403 namespace: emissary
404spec:
405 config:
406 diagnostics:
407 allow_non_local: true
408 enabled: false
409---
410apiVersion: v1
411kind: ServiceAccount
412metadata:
413 labels:
414 app.kubernetes.io/instance: emissary-ingress
415 app.kubernetes.io/managed-by: getambassador.io
416 app.kubernetes.io/name: emissary-ingress-agent
417 app.kubernetes.io/part-of: emissary-ingress
418 product: aes
419 name: emissary-ingress-agent
420 namespace: emissary
421---
422apiVersion: rbac.authorization.k8s.io/v1
423kind: ClusterRoleBinding
424metadata:
425 labels:
426 app.kubernetes.io/instance: emissary-ingress
427 app.kubernetes.io/managed-by: getambassador.io
428 app.kubernetes.io/name: emissary-ingress-agent
429 app.kubernetes.io/part-of: emissary-ingress
430 product: aes
431 name: emissary-ingress-agent
432roleRef:
433 apiGroup: rbac.authorization.k8s.io
434 kind: ClusterRole
435 name: emissary-ingress-agent
436subjects:
437- kind: ServiceAccount
438 name: emissary-ingress-agent
439 namespace: emissary
440---
441aggregationRule:
442 clusterRoleSelectors:
443 - matchLabels:
444 rbac.getambassador.io/role-group: emissary-ingress-agent
445apiVersion: rbac.authorization.k8s.io/v1
446kind: ClusterRole
447metadata:
448 labels:
449 app.kubernetes.io/instance: emissary-ingress
450 app.kubernetes.io/managed-by: getambassador.io
451 app.kubernetes.io/name: emissary-ingress-agent
452 app.kubernetes.io/part-of: emissary-ingress
453 product: aes
454 name: emissary-ingress-agent
455rules: []
456---
457apiVersion: rbac.authorization.k8s.io/v1
458kind: ClusterRole
459metadata:
460 labels:
461 app.kubernetes.io/instance: emissary-ingress
462 app.kubernetes.io/managed-by: getambassador.io
463 app.kubernetes.io/name: emissary-ingress-agent
464 app.kubernetes.io/part-of: emissary-ingress
465 product: aes
466 rbac.getambassador.io/role-group: emissary-ingress-agent
467 name: emissary-ingress-agent-pods
468rules:
469- apiGroups:
470 - ""
471 resources:
472 - pods
473 verbs:
474 - get
475 - list
476 - watch
477---
478apiVersion: rbac.authorization.k8s.io/v1
479kind: ClusterRole
480metadata:
481 labels:
482 app.kubernetes.io/instance: emissary-ingress
483 app.kubernetes.io/managed-by: getambassador.io
484 app.kubernetes.io/name: emissary-ingress-agent
485 app.kubernetes.io/part-of: emissary-ingress
486 product: aes
487 rbac.getambassador.io/role-group: emissary-ingress-agent
488 name: emissary-ingress-agent-rollouts
489rules:
490- apiGroups:
491 - argoproj.io
492 resources:
493 - rollouts
494 - rollouts/status
495 verbs:
496 - get
497 - list
498 - watch
499 - patch
500---
501apiVersion: rbac.authorization.k8s.io/v1
502kind: ClusterRole
503metadata:
504 labels:
505 app.kubernetes.io/instance: emissary-ingress
506 app.kubernetes.io/managed-by: getambassador.io
507 app.kubernetes.io/name: emissary-ingress-agent
508 app.kubernetes.io/part-of: emissary-ingress
509 product: aes
510 rbac.getambassador.io/role-group: emissary-ingress-agent
511 name: emissary-ingress-agent-applications
512rules:
513- apiGroups:
514 - argoproj.io
515 resources:
516 - applications
517 verbs:
518 - get
519 - list
520 - watch
521---
522apiVersion: rbac.authorization.k8s.io/v1
523kind: ClusterRole
524metadata:
525 labels:
526 app.kubernetes.io/instance: emissary-ingress
527 app.kubernetes.io/managed-by: getambassador.io
528 app.kubernetes.io/name: emissary-ingress-agent
529 app.kubernetes.io/part-of: emissary-ingress
530 product: aes
531 rbac.getambassador.io/role-group: emissary-ingress-agent
532 name: emissary-ingress-agent-deployments
533rules:
534- apiGroups:
535 - apps
536 - extensions
537 resources:
538 - deployments
539 verbs:
540 - get
541 - list
542 - watch
543---
544apiVersion: rbac.authorization.k8s.io/v1
545kind: ClusterRole
546metadata:
547 labels:
548 app.kubernetes.io/instance: emissary-ingress
549 app.kubernetes.io/managed-by: getambassador.io
550 app.kubernetes.io/name: emissary-ingress-agent
551 app.kubernetes.io/part-of: emissary-ingress
552 product: aes
553 rbac.getambassador.io/role-group: emissary-ingress-agent
554 name: emissary-ingress-agent-endpoints
555rules:
556- apiGroups:
557 - ""
558 resources:
559 - endpoints
560 verbs:
561 - get
562 - list
563 - watch
564---
565apiVersion: rbac.authorization.k8s.io/v1
566kind: ClusterRole
567metadata:
568 labels:
569 app.kubernetes.io/instance: emissary-ingress
570 app.kubernetes.io/managed-by: getambassador.io
571 app.kubernetes.io/name: emissary-ingress-agent
572 app.kubernetes.io/part-of: emissary-ingress
573 product: aes
574 rbac.getambassador.io/role-group: emissary-ingress-agent
575 name: emissary-ingress-agent-configmaps
576rules:
577- apiGroups:
578 - ""
579 resources:
580 - configmaps
581 verbs:
582 - get
583 - list
584 - watch
585---
586apiVersion: rbac.authorization.k8s.io/v1
587kind: Role
588metadata:
589 labels:
590 app.kubernetes.io/instance: emissary-ingress
591 app.kubernetes.io/managed-by: getambassador.io
592 app.kubernetes.io/name: emissary-ingress-agent
593 app.kubernetes.io/part-of: emissary-ingress
594 product: aes
595 name: emissary-ingress-agent-config
596 namespace: emissary
597rules:
598- apiGroups:
599 - ""
600 resources:
601 - configmaps
602 verbs:
603 - get
604 - list
605 - watch
606- apiGroups:
607 - ""
608 resources:
609 - secrets
610 verbs:
611 - get
612 - list
613 - watch
614 - create
615 - delete
616 - patch
617---
618apiVersion: rbac.authorization.k8s.io/v1
619kind: RoleBinding
620metadata:
621 labels:
622 app.kubernetes.io/instance: emissary-ingress
623 app.kubernetes.io/managed-by: getambassador.io
624 app.kubernetes.io/name: emissary-ingress-agent
625 app.kubernetes.io/part-of: emissary-ingress
626 product: aes
627 name: emissary-ingress-agent-config
628 namespace: emissary
629roleRef:
630 apiGroup: rbac.authorization.k8s.io
631 kind: Role
632 name: emissary-ingress-agent-config
633subjects:
634- kind: ServiceAccount
635 name: emissary-ingress-agent
636 namespace: emissary
637---
638apiVersion: rbac.authorization.k8s.io/v1
639kind: Role
640metadata:
641 labels:
642 app.kubernetes.io/instance: emissary-ingress
643 app.kubernetes.io/managed-by: getambassador.io
644 app.kubernetes.io/name: emissary-ingress
645 app.kubernetes.io/part-of: emissary-ingress
646 product: aes
647 rbac.getambassador.io/role-group: emissary-ingress
648 name: emissary-ingress-apiext
649 namespace: emissary-system
650rules:
651- apiGroups:
652 - apps
653 resources:
654 - deployments
655 verbs:
656 - get
657 - list
658 - watch
659---
660apiVersion: rbac.authorization.k8s.io/v1
661kind: RoleBinding
662metadata:
663 labels:
664 app.kubernetes.io/instance: emissary-ingress
665 app.kubernetes.io/managed-by: getambassador.io
666 app.kubernetes.io/name: emissary-ingress
667 app.kubernetes.io/part-of: emissary-ingress
668 product: aes
669 name: emissary-ingress-apiext
670 namespace: emissary-system
671roleRef:
672 apiGroup: rbac.authorization.k8s.io
673 kind: Role
674 name: emissary-ingress-apiext
675subjects:
676- kind: ServiceAccount
677 name: emissary-ingress
678 namespace: emissary
679---
680apiVersion: apps/v1
681kind: Deployment
682metadata:
683 labels:
684 app.kubernetes.io/instance: emissary-ingress
685 app.kubernetes.io/managed-by: getambassador.io
686 app.kubernetes.io/name: emissary-ingress-agent
687 app.kubernetes.io/part-of: emissary-ingress
688 product: aes
689 name: emissary-ingress-agent
690 namespace: emissary
691spec:
692 progressDeadlineSeconds: 600
693 replicas: 1
694 selector:
695 matchLabels:
696 app.kubernetes.io/instance: emissary-ingress
697 app.kubernetes.io/name: emissary-ingress-agent
698 template:
699 metadata:
700 labels:
701 app.kubernetes.io/instance: emissary-ingress
702 app.kubernetes.io/managed-by: getambassador.io
703 app.kubernetes.io/name: emissary-ingress-agent
704 app.kubernetes.io/part-of: emissary-ingress
705 product: aes
706 spec:
707 containers:
708 - env:
709 - name: AGENT_NAMESPACE
710 valueFrom:
711 fieldRef:
712 fieldPath: metadata.namespace
713 - name: AGENT_CONFIG_RESOURCE_NAME
714 value: emissary-ingress-agent-cloud-token
715 - name: RPC_CONNECTION_ADDRESS
716 value: https://app.getambassador.io/
717 - name: AES_SNAPSHOT_URL
718 value: http://emissary-ingress-admin.emissary:8005/snapshot-external
719 - name: AES_REPORT_DIAGNOSTICS_TO_CLOUD
720 value: "true"
721 - name: AES_DIAGNOSTICS_URL
722 value: http://emissary-ingress-admin.emissary:8877/ambassador/v0/diag/?json=true
723 image: docker.io/ambassador/ambassador-agent:1.0.14
724 imagePullPolicy: IfNotPresent
725 name: agent
726 ports:
727 - containerPort: 8080
728 name: http
729 serviceAccountName: emissary-ingress-agent
View as plain text