# GENERATED FILE: edits made by hand will not be preserved. --- # Source: edge-stack/charts/emissary-ingress/templates/namespace.yaml apiVersion: v1 kind: Namespace metadata: labels: product: aes name: ambassador --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: v1 kind: ServiceAccount metadata: name: edge-stack-agent namespace: ambassador labels: app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes --- # Source: edge-stack/charts/emissary-ingress/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: edge-stack namespace: ambassador labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes --- # Source: edge-stack/templates/aes-secret.yaml apiVersion: v1 kind: Secret metadata: name: edge-stack namespace: ambassador type: Opaque data: license-key: '' --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-agent labels: app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes aggregationRule: clusterRoleSelectors: - matchLabels: rbac.getambassador.io/role-group: edge-stack-agent rules: [] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-agent-pods labels: rbac.getambassador.io/role-group: edge-stack-agent app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rules: - apiGroups: [''] resources: [pods] verbs: [get, list, watch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-agent-deployments labels: rbac.getambassador.io/role-group: edge-stack-agent app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rules: - apiGroups: [apps, extensions] resources: [deployments] verbs: [get, list, watch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-agent-endpoints labels: rbac.getambassador.io/role-group: edge-stack-agent app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rules: - apiGroups: [''] resources: [endpoints] verbs: [get, list, watch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-agent-configmaps labels: rbac.getambassador.io/role-group: edge-stack-agent app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rules: - apiGroups: [''] resources: [configmaps] verbs: [get, list, watch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-agent-rollouts labels: rbac.getambassador.io/role-group: edge-stack-agent app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rules: - apiGroups: [argoproj.io] resources: [rollouts, rollouts/status] verbs: [get, list, watch, patch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-agent-applications labels: rbac.getambassador.io/role-group: edge-stack-agent app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rules: - apiGroups: [argoproj.io] resources: [applications] verbs: [get, list, watch] --- # Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml ###################################################################### # Aggregate # ###################################################################### # This ClusterRole has an empty `rules` and instead sets # `aggregationRule` in order to aggregate several other ClusterRoles # together, to avoid the need for multiple ClusterRoleBindings. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes aggregationRule: clusterRoleSelectors: - matchLabels: rbac.getambassador.io/role-group: edge-stack rules: [] --- # Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml ###################################################################### # No namespace # ###################################################################### # These ClusterRoles should be limited to resource types that are # non-namespaced, and therefore cannot be put in a Role, even if # Emissary is in single-namespace mode. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-crd labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rbac.getambassador.io/role-group: edge-stack rules: - apiGroups: [apiextensions.k8s.io] resources: [customresourcedefinitions] verbs: [get, list, watch, delete] --- # Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml ###################################################################### # All namespaces # ###################################################################### apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-watch labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rbac.getambassador.io/role-group: edge-stack rules: - apiGroups: [''] resources: - namespaces - services - secrets - configmaps - endpoints verbs: [get, list, watch] - apiGroups: [getambassador.io] resources: ['*'] verbs: [get, list, watch, update, patch, create, delete] - apiGroups: [getambassador.io] resources: [mappings/status] verbs: [update] - apiGroups: [networking.internal.knative.dev] resources: [clusteringresses, ingresses] verbs: [get, list, watch] - apiGroups: [networking.x-k8s.io] resources: ['*'] verbs: [get, list, watch] - apiGroups: [networking.internal.knative.dev] resources: [ingresses/status, clusteringresses/status] verbs: [update] - apiGroups: [extensions, networking.k8s.io] resources: [ingresses, ingressclasses] verbs: [get, list, watch] - apiGroups: [extensions, networking.k8s.io] resources: [ingresses/status] verbs: [update] --- # Source: edge-stack/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-aes labels: product: aes rbac.getambassador.io/role-group: edge-stack rules: - apiGroups: [''] resources: [secrets] verbs: [get, list, watch, create, update] - apiGroups: [''] resources: [events] verbs: [get, list, watch, create, patch] - apiGroups: [coordination.k8s.io] resources: [leases] verbs: [get, create, update] - apiGroups: [''] resources: [endpoints] verbs: [get, list, watch, create, update] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: edge-stack-agent labels: app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: edge-stack-agent subjects: - kind: ServiceAccount name: edge-stack-agent namespace: ambassador --- # Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: edge-stack labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: edge-stack subjects: - name: edge-stack namespace: ambassador kind: ServiceAccount --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: edge-stack-agent-config namespace: ambassador labels: app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rules: - apiGroups: [''] resources: [configmaps] verbs: [get, list, watch] - apiGroups: [''] resources: [secrets] verbs: [get, create, delete, patch, watch] --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: edge-stack-agent-config namespace: ambassador labels: app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: edge-stack-agent-config subjects: - kind: ServiceAccount name: edge-stack-agent namespace: ambassador --- # Source: edge-stack/charts/emissary-ingress/templates/admin-service.yaml apiVersion: v1 kind: Service metadata: name: edge-stack-admin namespace: ambassador labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io # Hard-coded label for Prometheus Operator ServiceMonitor service: ambassador-admin product: aes annotations: a8r.io/owner: Ambassador Labs a8r.io/repository: github.com/datawire/ambassador a8r.io/description: The Ambassador Edge Stack admin service for internal use and health checks. a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ a8r.io/chat: http://a8r.io/Slack a8r.io/bugs: https://github.com/datawire/ambassador/issues a8r.io/support: https://www.getambassador.io/about-us/support/ a8r.io/dependencies: None spec: type: ClusterIP ports: - port: 8877 targetPort: admin protocol: TCP name: ambassador-admin - port: 8005 targetPort: 8005 protocol: TCP name: ambassador-snapshot selector: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack --- # Source: edge-stack/charts/emissary-ingress/templates/service.yaml apiVersion: v1 kind: Service metadata: name: edge-stack namespace: ambassador labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io app.kubernetes.io/component: ambassador-service product: aes annotations: a8r.io/owner: Ambassador Labs a8r.io/repository: github.com/datawire/ambassador a8r.io/description: The Ambassador Edge Stack goes beyond traditional API Gateways and Ingress Controllers with the advanced edge features needed to support developer self-service and full-cycle development. a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ a8r.io/chat: http://a8r.io/Slack a8r.io/bugs: https://github.com/datawire/ambassador/issues a8r.io/support: https://www.getambassador.io/about-us/support/ a8r.io/dependencies: edge-stack-redis.ambassador spec: type: LoadBalancer ports: - name: http port: 80 targetPort: 8080 - name: https port: 443 targetPort: 8443 selector: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack profile: main --- # Source: edge-stack/templates/aes-redis.yaml apiVersion: v1 kind: Service metadata: name: edge-stack-redis namespace: ambassador labels: product: aes annotations: a8r.io/owner: Ambassador Labs a8r.io/repository: github.com/datawire/ambassador a8r.io/description: The Ambassador Edge Stack Redis store for auth and rate limiting, among other things. a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ a8r.io/chat: http://a8r.io/Slack a8r.io/bugs: https://github.com/datawire/ambassador/issues a8r.io/support: https://www.getambassador.io/about-us/support/ a8r.io/dependencies: None spec: type: ClusterIP ports: - port: 6379 targetPort: 6379 selector: service: ambassador-redis --- # Source: edge-stack/charts/emissary-ingress/templates/ambassador-agent.yaml apiVersion: apps/v1 kind: Deployment metadata: name: edge-stack-agent namespace: ambassador labels: app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack template: metadata: labels: app.kubernetes.io/name: edge-stack-agent app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes spec: serviceAccountName: edge-stack-agent containers: - name: agent image: docker.io/emissaryingress/emissary:3.1.0 imagePullPolicy: IfNotPresent command: [agent] ports: - containerPort: 8080 name: http env: - name: AGENT_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: AGENT_CONFIG_RESOURCE_NAME value: edge-stack-agent-cloud-token - name: RPC_CONNECTION_ADDRESS value: https://app.getambassador.io/ - name: AES_SNAPSHOT_URL value: http://edge-stack-admin.ambassador:8005/snapshot-external - name: AES_REPORT_DIAGNOSTICS_TO_CLOUD value: 'true' - name: AES_DIAGNOSTICS_URL value: http://edge-stack-admin.ambassador:8877/ambassador/v0/diag/?json=true progressDeadlineSeconds: 600 --- # Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: edge-stack namespace: ambassador labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack strategy: type: RollingUpdate progressDeadlineSeconds: 600 template: metadata: labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes profile: main annotations: consul.hashicorp.com/connect-inject: 'false' sidecar.istio.io/inject: 'false' spec: terminationGracePeriodSeconds: 0 securityContext: runAsUser: 8888 restartPolicy: Always serviceAccountName: edge-stack volumes: - name: ambassador-pod-info downwardAPI: items: - fieldRef: fieldPath: metadata.labels path: labels - name: edge-stack-secrets secret: secretName: edge-stack containers: - name: aes image: docker.io/datawire/aes:3.3.0 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 8080 - name: https containerPort: 8443 - name: admin containerPort: 8877 env: - name: AMBASSADOR_GRPC_METRICS_SINK value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: AMBASSADOR_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: AGENT_CONFIG_RESOURCE_NAME value: edge-stack-agent-cloud-token - name: AMBASSADOR_DRAIN_TIME value: '600' - name: AMBASSADOR_INTERNAL_URL value: https://127.0.0.1:8443 - name: POLL_EVERY_SECS value: '60' - name: REDIS_URL value: edge-stack-redis:6379 securityContext: allowPrivilegeEscalation: false livenessProbe: httpGet: path: /ambassador/v0/check_alive port: admin failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 3 readinessProbe: httpGet: path: /ambassador/v0/check_ready port: admin failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 3 volumeMounts: - name: ambassador-pod-info mountPath: /tmp/ambassador-pod-info readOnly: true - name: edge-stack-secrets mountPath: /.config/ambassador readOnly: true resources: limits: cpu: 1000m memory: 600Mi requests: cpu: 200m memory: 300Mi affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: service: ambassador topologyKey: kubernetes.io/hostname weight: 100 imagePullSecrets: [] dnsPolicy: ClusterFirst hostNetwork: false --- # Source: edge-stack/templates/aes-redis.yaml apiVersion: apps/v1 kind: Deployment metadata: name: edge-stack-redis namespace: ambassador labels: product: aes annotations: {} spec: replicas: 1 selector: matchLabels: service: ambassador-redis template: metadata: labels: service: ambassador-redis spec: containers: - name: redis image: redis:5.0.1 imagePullPolicy: IfNotPresent resources: {} restartPolicy: Always --- # Source: edge-stack/templates/aes-authservice.yaml apiVersion: getambassador.io/v2 kind: AuthService metadata: name: edge-stack-auth namespace: ambassador labels: product: aes spec: proto: grpc protocol_version: v3 auth_service: 127.0.0.1:8500 allow_request_body: false status_on_error: code: 504 --- # Source: edge-stack/templates/aes-internal.yaml # Configure DevPortal apiVersion: getambassador.io/v2 kind: Mapping metadata: # This Mapping name is referenced by convention, it's important to leave as-is. name: edge-stack-devportal namespace: ambassador labels: product: aes spec: prefix: /documentation/ rewrite: /docs/ service: 127.0.0.1:8500 --- # Source: edge-stack/templates/aes-internal.yaml apiVersion: getambassador.io/v2 kind: Mapping metadata: name: edge-stack-devportal-assets namespace: ambassador labels: product: aes spec: prefix: /documentation/(assets|styles)/(.*)(.css) prefix_regex: true regex_rewrite: pattern: /documentation/(.*) substitution: /docs/\1 service: 127.0.0.1:8500 add_response_headers: cache-control: value: public, max-age=3600, immutable append: false --- # Source: edge-stack/templates/aes-internal.yaml apiVersion: getambassador.io/v2 kind: Mapping metadata: # This Mapping name is what the demo uses. Sigh. name: edge-stack-devportal-demo namespace: ambassador labels: product: aes spec: prefix: /docs/ rewrite: /docs/ service: 127.0.0.1:8500 --- # Source: edge-stack/templates/aes-internal.yaml apiVersion: getambassador.io/v2 kind: Mapping metadata: # This Mapping name is referenced by convention, it's important to leave as-is. name: edge-stack-devportal-api namespace: ambassador labels: product: aes spec: prefix: /openapi/ rewrite: '' service: 127.0.0.1:8500 --- # Source: edge-stack/templates/aes-ratelimit.yaml apiVersion: getambassador.io/v2 kind: RateLimitService metadata: name: edge-stack-ratelimit namespace: ambassador labels: product: aes spec: service: 127.0.0.1:8500 protocol_version: v3