--- apiVersion: v1 kind: Secret metadata: name: ambassador-injector-tls namespace: ambassador type: Opaque data: ## TLS certificate and key for `ambassador-injector.ambassador.svc` crt.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2VENDQWRFQ0NRREI1M0duaHdlRDREQU5CZ2txaGtpRzl3MEJBUVVGQURCQU1UNHdQQVlEVlFRREREVkIKYldKaGMzTmhaRzl5SUVWa1oyVWdVM1JoWTJzZ1FXUnRhWE56YVc5dUlFTnZiblJ5YjJ4c1pYSWdWMlZpYUc5dgpheUJEUVRBZUZ3MHlNREEwTXpBeE5UVXlNakphRncweU1UQTBNalV4TlRVeU1qSmFNQzB4S3pBcEJnTlZCQU1NCkltRnRZbUZ6YzJGa2IzSXRhVzVxWldOMGIzSXVZVzFpWVhOellXUnZjaTV6ZG1Nd2dnRWlNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEM2ZIM0dRMjBKU21KZ0lINUZXWHNKVXNvZ3NvUVN0bDVOcUtZeAp2VnRHRkVMTXN5Z1FReWx3aHR6RDlablZiNjNPWWxlWTNzM0NkM1dScnl3T003ZjZ4UUxNaUsrbFF1L3NjQ3pDCnYxVzFUVzNJeTJpR0kxS1U5bXN2TVdDbGpOaUZML0IxRnYrbGgycjN5NHQ3WXJCNGNKcWxWNXdwb1grdjhycEwKd2xxU29ib042Zm1JdlBuZktuZjRFdjhZM0VJSnZWVlk2VXZmTS9haXRvTFQ4bm5PWFpzb1VXR2dHdFY0YlVBUApQbGtEVUhmZE13NitqZC9CbTJpRklrWkNtaytrZzQxdHRwczBRWklqK3piaVJrMmhTeWN1QjVoZVQ0NFhZY2s5CnlKTXVNbVNmU2VQck96N2lmTHk5d2RzalZncS9ZNGVGTDdyMFpncGxCZDlhdkFmMUFnTUJBQUV3RFFZSktvWkkKaHZjTkFRRUZCUUFEZ2dFQkFERlU1UGZtK0RhSW9nMTRUdHZqRUhiS3ZZWld6OVdsTXd5Y1Z5a25ORXVVSUpWRwpFMUJvZE1FUHpZUmR2ajAreTBBY3VaLzUrYnpCdnp3amRuSmhkMklHMmloTm83UlcvY1JkYmJ4cE1HT2d1N0xOCmtXRkR0QlpNeUpES3JmNlIwZzNWcTRNcUdGQk9vblpJSjk0cUYzMlJaNDgyRzMyYlhhNlVHWmVOTUs3SVM4aTEKbUhRdWl5aGRzNDVmMVMwSXMzREtoM2wzQm5NNTlWU0VGVDNkb3NEanhRbG13Q1pOQUhPTk9mNVhtbHhZbDArNgo0ZVhRR0I1cERoUkJ2elhEblNBUWZCWTBpZHNRQWhhTm5Cczc2d1g0VFRkVURobFpReE00RFQzVXcvSkFBMmFMCnlyNDNoYytmZDNKSHlXYTRUeHAwQ2RDTjZ3emlnQTFRK0dtRFpxWT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBOTN4OXhrTnRDVXBpWUNCK1JWbDdDVkxLSUxLRUVyWmVUYWltTWIxYlJoUkN6TE1vCkVFTXBjSWJjdy9XWjFXK3R6bUpYbU43TnduZDFrYThzRGpPMytzVUN6SWl2cFVMdjdIQXN3cjlWdFUxdHlNdG8KaGlOU2xQWnJMekZncFl6WWhTL3dkUmIvcFlkcTk4dUxlMkt3ZUhDYXBWZWNLYUYvci9LNlM4SmFrcUc2RGVuNQppTHo1M3lwMytCTC9HTnhDQ2IxVldPbEwzelAyb3JhQzAvSjV6bDJiS0ZGaG9CclZlRzFBRHo1WkExQjMzVE1PCnZvM2Z3WnRvaFNKR1FwcFBwSU9OYmJhYk5FR1NJL3MyNGtaTm9Vc25MZ2VZWGsrT0YySEpQY2lUTGpKa24wbmoKNnpzKzRueTh2Y0hiSTFZS3YyT0hoUys2OUdZS1pRWGZXcndIOVFJREFRQUJBb0lCQVFERHpPQ05YWWNFbEs4awpNbEQwZVFqWXBZRjVRUU13OHN2RlVTcTdxMzV0QVZhZ01SWC9WOE9QWFlPSUhlV3BjWVBuQnZNYTVSdVJRWVhvCnp0aGlIQlR3OTdGeE5Lc1NhdFQ3RVB5NHp6djJCdDVXd0dkZnlNNXJRRklvc2o0dWZESkpuVlgyclUxeEhxUkkKaStjOHBTWE5BL20xMm95WWUwZFVZd3QxS0wwVHlBWG56dW5zcnZXTGNQam5aNUpFSHlMT3hDTVNOdWZCUzAzYwpmVFlYSEhvYUVIUUk5VmJuUVFFemE1Yk4rSXhxWVpodWZ4dStOa0pjR1lMS3c0Rkg5QU4xWTlQbXBrTEJNMFI0Cm1VZTFqRkJLL2xVK3Bud2xpNlZHOFpsbVRXbnVwVGpYcGt3K3Q4V1dBbE9CTHpucXNhQ3hLRGlIWVR0Q3ludi8KV3lBMFpIeEJBb0dCQVA0TkhzQlJjU0ZDcHI4ZEpDaTdpN3pVZjdGc3NmUUV4RlVlTGNoTWNZelErdUlSUnltLwpJbWgxR1FJeHpOV2d4TzNhMzltNmZHZW1vUld3bGVlclJ1dkZEV1IzU0laV1J5ZHByaFliZk1wSlNiR3V1ODNSCkEzR0RYNWtpUGpPQXlpdW9aZlN0K2ZET3hyNW45ay9vZGxRMkJ0Mm5qdUxYbk5hVkcrZnl1Vys5QW9HQkFQbGkKZXNheElwUXlxbTNRNDFyVERZUXVkazFDMnp1U1FkRVlRTjQyOUJGaWtYMGlWR2c0MnVzTkFKZXRVVTlqNy9YTQoyS1JUZi9RamtjUTRLWVl1WkRXa2paRC8zQWRYYlI5UTEyUWxweGRDYUNKZ3FBbEJlSkswbnNJc2VMVDBWMEFqCms4MW5YRWZ2b1NGN1BISHVlZDU1d1dxQWpSZDgzaEJJdEhBczdVQ1pBb0dBQW1GUkZuQXM1U2pnc3cyczF3emEKeEV3aFhpSXNrS0t5ekRGYU1IUTI1Q0RaR09FY2o1R1Eydld0NUUxZkkrazdyeGJMM2hoWExnbHJuTzVvbVNFTApxdzNQa0U5bHlJeHFZajRsT1dQTWlZQ2lSaDNpK0l5cXdaZC9mOG5JVjJjdmZiVTRMMUNwOU0yYkl4R0tSemxnClVtMm5KdEI1RURzQTV5bkNkeXZZL09rQ2dZQmxPRHRzK2VoM0RqbHVhU0plY3R0Qmt6b2hFY201M0JzcXF4VnAKSEJUa0dZWERySE5sK2UyaENaMzc4alRXYkZHeENudkQ5c0F3YjE5eXJQanRwVmEzRHhzR2gxTGZCL1VhaU0xagpzSVNwUkNMUUVUc2l4cGdSczQzY2NnQnNNZUJZQUJpMWZnWk9qRXh5TW5yT0kyVURqNWVaaXFPNXJNelUveTE5CmVqNnh3UUtCZ0RLUXFsWXFjZ0I5cEEwODFrZVBlRUdXSVVNdXQySkZOeThON2Q4YjBrOEpZejdwUGM2TWx2VWQKd2dGdS9JNDg0YVR5MEhUNTJPQVVmUGNhYmY5b3orNkd0a0dSQ2Q1QVJrSlhtS2huNGN1Z1IyNDJOVi9Sa1RBQwpOU0dtWjZOdGcwdDJLcFg0L00vK2dCWXlOdUxxNzNpQ1B5MUZvcjl5M202NlE5SXpUenlhCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration metadata: name: ambassador-injector-webhook-config webhooks: - name: ambassador-injector.getambassador.io clientConfig: service: name: ambassador-injector namespace: ambassador path: "/traffic-agent" caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvRENDQWVRQ0NRRGc2ZXpnOWthazZEQU5CZ2txaGtpRzl3MEJBUXNGQURCQU1UNHdQQVlEVlFRREREVkIKYldKaGMzTmhaRzl5SUVWa1oyVWdVM1JoWTJzZ1FXUnRhWE56YVc5dUlFTnZiblJ5YjJ4c1pYSWdWMlZpYUc5dgpheUJEUVRBZUZ3MHlNREEwTXpBeE5UVXlNakphRncweU1UQTBNalV4TlRVeU1qSmFNRUF4UGpBOEJnTlZCQU1NCk5VRnRZbUZ6YzJGa2IzSWdSV1JuWlNCVGRHRmpheUJCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm8KYjI5cklFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTVIelBTeVg2QmxXdApDMjgvMTNFdnl6VFV1QjZiYU1PVHBhM2N5QlVyWlRaeFZqVXJkRGVMTHVUMmNjcW4yM3NobXd4cWpRNFNoTUxOCjZGZWwrQklQc2YwWW40bVg5Rng4M3p5YjY1T1dsQzNHQ2QyTkVFMkpKVGVkQXJxa28wbXFwRVovb09uRTNJbW4Kb0E1V3VQM0NSZHFCekpoQk9iR2N5aGpMNVY3b1ZYL0JtdVFSZlVaRWJXUkp5elpOTVBtUWdyT0lvS2FmWWtRaQpMNG5xTzJzUldQVythUFhkWnJQMjFkYThrZ2U5UWRGZ3JLOG5VVGhzb0l3bFFpOVFVcW5hTURWbzJYTnNwQ2R1CkZQWnVFV25VL1pQQk0vZTNxbDRwQkZxaGJvdWRCNUJWZzE4Um54V0VQZDZWTzJoRmJRQ2c0ekdnZDZlZmIvUkwKeXdrRURsSUpNUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQzh0UTlHNVJqam0zQUFKYVN5NytNTgpBam12Snp0dkoyRVZQd3V0N3ZsV1YvclE5VHp4RnhHa3ZHU0JjRjA2ait1V2NxTktlTHhTeTZNZ21ER0JGKytnCnRYS1VMY0pCanVZZGt6N2Y0QTQ3Yzl4a0Fpckh3c2RnekcwK2R6MHFZOE1ab2x0RmtzRm9JdG1MaVZOYkNucGIKRDZKZlFSc3k0MHc5aVo4Q0RXczhYRU54ZmtxTTNZSlQ0cTFQbWFOTS96eWErblNVTWVyV0tWcFBwb3lyZHhqWApLekZFdFlPL1FwU2ZPa2UwUDN0NW90OEpnSVM3TUd3VzRGMFVub01UNTRCR25KaDBHbmlyWDF4bVZMVE81Sy8wClM5YzZLU2FaK1BoNmFFNzAzenFDZkxvSnY5N1FFS3lVTmE0Y1FBbXAzSWdaNFBNN2dJODFjL3ZGeU1xL3NEYjcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= failurePolicy: Ignore rules: - operations: ["CREATE"] apiGroups: [""] apiVersions: ["v1"] resources: ["pods"] --- apiVersion: apps/v1 kind: Deployment metadata: name: ambassador-injector namespace: ambassador spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: ambassador-injector app.kubernetes.io/instance: ambassador template: metadata: labels: app.kubernetes.io/name: ambassador-injector app.kubernetes.io/instance: ambassador annotations: consul.hashicorp.com/connect-inject: 'false' sidecar.istio.io/inject: 'false' spec: containers: - name: webhook image: docker.io/datawire/aes:1.14.4 command: [ "aes-injector" ] env: - name: TRAFFIC_AGENT_IMAGE # Mandatory. The Traffic Agent is included in the AES image. value: docker.io/datawire/aes:1.14.4 - name: TRAFFIC_AGENT_SERVICE_ACCOUNT_NAME # Optional. The Injector can configure the sidecar to use a specific ServiceAccount and service-account-token. if unspecified, the original Pod ServiceAccount is used. value: traffic-agent - name: TRAFFIC_AGENT_AGENT_LISTEN_PORT # Optional. The port on which the Traffic Agent will listen. Defaults to "9900". value: "9900" - name: AGENT_MANAGER_NAMESPACE # Optional. Namespace for contacting the Traffic Manager. Defaults to "ambassador". value: ambassador ports: - containerPort: 8443 name: https livenessProbe: httpGet: path: /healthz port: https scheme: HTTPS volumeMounts: - mountPath: /var/run/secrets/tls name: tls readOnly: true volumes: - name: tls secret: secretName: ambassador-injector-tls --- apiVersion: v1 kind: Service metadata: name: ambassador-injector namespace: ambassador annotations: a8r.io/owner: "Ambassador Labs" a8r.io/repository: github.com/datawire/ambassador a8r.io/description: "The Ambassador Edge Stack Service Preview Traffic Agent Sidecar injector." a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ a8r.io/chat: http://a8r.io/Slack a8r.io/bugs: https://github.com/datawire/ambassador/issues a8r.io/support: https://www.getambassador.io/about-us/support/ a8r.io/dependencies: "None" spec: type: ClusterIP selector: app.kubernetes.io/name: ambassador-injector app.kubernetes.io/instance: ambassador ports: - name: ambassador-injector port: 443 targetPort: https