# GENERATED FILE: edits made by hand will not be preserved. --- # Source: edge-stack/templates/aes-redis.yaml apiVersion: v1 kind: Service metadata: name: edge-stack-redis namespace: emissary labels: product: aes annotations: a8r.io/owner: Ambassador Labs a8r.io/repository: github.com/datawire/ambassador a8r.io/description: The Ambassador Edge Stack Redis store for auth and rate limiting, among other things. a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ a8r.io/chat: http://a8r.io/Slack a8r.io/bugs: https://github.com/datawire/ambassador/issues a8r.io/support: https://www.getambassador.io/about-us/support/ a8r.io/dependencies: None spec: type: ClusterIP ports: - port: 6379 targetPort: 6379 selector: service: ambassador-redis --- # Source: edge-stack/templates/aes-redis.yaml apiVersion: apps/v1 kind: Deployment metadata: name: edge-stack-redis namespace: emissary labels: product: aes annotations: {} spec: replicas: 1 selector: matchLabels: service: ambassador-redis template: metadata: labels: service: ambassador-redis spec: containers: - name: redis image: redis:5.0.1 imagePullPolicy: IfNotPresent resources: {} restartPolicy: Always --- # Source: edge-stack/templates/aes-secret.yaml apiVersion: v1 kind: Secret metadata: name: edge-stack namespace: emissary type: Opaque data: license-key: '' --- # Source: edge-stack/templates/oss-migration-test-service.yaml apiVersion: v1 kind: Service metadata: name: test-aes namespace: emissary labels: product: aes spec: type: LoadBalancer externalTrafficPolicy: Local ports: - name: http port: 80 targetPort: 8080 - name: https port: 443 targetPort: 8443 selector: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack --- # Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: aes namespace: emissary labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack strategy: type: RollingUpdate progressDeadlineSeconds: 600 template: metadata: labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes profile: main annotations: consul.hashicorp.com/connect-inject: 'false' sidecar.istio.io/inject: 'false' spec: terminationGracePeriodSeconds: 0 securityContext: runAsUser: 8888 restartPolicy: Always serviceAccountName: edge-stack volumes: - name: ambassador-pod-info downwardAPI: items: - fieldRef: fieldPath: metadata.labels path: labels - name: edge-stack-secrets secret: secretName: edge-stack containers: - name: aes image: docker.io/datawire/aes:3.6.0 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 8080 - name: https containerPort: 8443 - name: admin containerPort: 8877 env: - name: AMBASSADOR_GRPC_METRICS_SINK value: edge-stack-agent:80 - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: AMBASSADOR_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: AGENT_CONFIG_RESOURCE_NAME value: edge-stack-agent-cloud-token - name: AES_ACME_LEADER_DISABLE value: 'true' - name: AMBASSADOR_DRAIN_TIME value: '600' - name: AMBASSADOR_INTERNAL_URL value: https://127.0.0.1:8443 - name: AMBASSADOR_URL value: https://ambassador.ambassador.svc.cluster.local - name: POLL_EVERY_SECS value: '60' - name: REDIS_URL value: edge-stack-redis:6379 securityContext: allowPrivilegeEscalation: false livenessProbe: httpGet: path: /ambassador/v0/check_alive port: admin failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 3 readinessProbe: httpGet: path: /ambassador/v0/check_ready port: admin failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 3 volumeMounts: - name: ambassador-pod-info mountPath: /tmp/ambassador-pod-info readOnly: true - name: edge-stack-secrets mountPath: /.config/ambassador readOnly: true resources: limits: cpu: 1000m memory: 600Mi requests: cpu: 200m memory: 300Mi affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: product: aes topologyKey: kubernetes.io/hostname weight: 100 imagePullSecrets: [] dnsPolicy: ClusterFirst hostNetwork: false --- # Source: edge-stack/charts/emissary-ingress/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: edge-stack namespace: emissary labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes --- # Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: edge-stack labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: edge-stack subjects: - name: edge-stack namespace: emissary kind: ServiceAccount --- # Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml ###################################################################### # Aggregate # ###################################################################### # This ClusterRole has an empty `rules` and instead sets # `aggregationRule` in order to aggregate several other ClusterRoles # together, to avoid the need for multiple ClusterRoleBindings. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes aggregationRule: clusterRoleSelectors: - matchLabels: rbac.getambassador.io/role-group: edge-stack rules: [] --- # Source: edge-stack/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-aes labels: product: aes rbac.getambassador.io/role-group: edge-stack rules: - apiGroups: [''] resources: [secrets] verbs: [get, list, watch, create, update] - apiGroups: [''] resources: [events] verbs: [get, list, watch, create, patch] - apiGroups: [coordination.k8s.io] resources: [leases] verbs: [get, create, update] - apiGroups: [''] resources: [endpoints] verbs: [get, list, watch, create, update] --- # Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml ###################################################################### # No namespace # ###################################################################### # These ClusterRoles should be limited to resource types that are # non-namespaced, and therefore cannot be put in a Role, even if # Emissary is in single-namespace mode. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-crd labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rbac.getambassador.io/role-group: edge-stack rules: - apiGroups: [apiextensions.k8s.io] resources: [customresourcedefinitions] verbs: [get, list, watch, delete] --- # Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml ###################################################################### # All namespaces # ###################################################################### apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-stack-watch labels: app.kubernetes.io/name: edge-stack app.kubernetes.io/instance: edge-stack app.kubernetes.io/part-of: edge-stack app.kubernetes.io/managed-by: getambassador.io product: aes rbac.getambassador.io/role-group: edge-stack rules: - apiGroups: [''] resources: - namespaces - services - secrets - configmaps - endpoints verbs: [get, list, watch] - apiGroups: [getambassador.io] resources: ['*'] verbs: [get, list, watch, update, patch, create, delete] - apiGroups: [getambassador.io] resources: [mappings/status] verbs: [update] - apiGroups: [networking.internal.knative.dev] resources: [clusteringresses, ingresses] verbs: [get, list, watch] - apiGroups: [networking.x-k8s.io] resources: ['*'] verbs: [get, list, watch] - apiGroups: [networking.internal.knative.dev] resources: [ingresses/status, clusteringresses/status] verbs: [update] - apiGroups: [extensions, networking.k8s.io] resources: [ingresses, ingressclasses] verbs: [get, list, watch] - apiGroups: [extensions, networking.k8s.io] resources: [ingresses/status] verbs: [update]