diff --git a/CHANGELOG.md b/CHANGELOG.md index 8af409ffb..6a03577f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,13 @@ numbering uses [semantic versioning](http://semver.org). ## Next Release + +## v6.5.21 + +- Update Ambassador to version 1.12.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Feature: Add support for the ambassador-agent, reporting to Service Catalog (https://app.getambassador.io) +- Feature: All services are automatically instrumented with discovery annotations. + ## v6.5.20 - Update Ambassador to version v1.11.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) diff --git a/Chart.yaml b/Chart.yaml index 97c8efa6f..973c8f646 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 -appVersion: 1.11.2 -ossVersion: 1.11.2 +appVersion: 1.12.0 +ossVersion: 1.12.0 description: A Helm chart for Datawire Ambassador name: ambassador -version: 6.5.20 +version: 6.5.21 icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ sources: diff --git a/README.md b/README.md index d325f9fce..4012126b1 100755 --- a/README.md +++ b/README.md @@ -100,7 +100,7 @@ The following tables lists the configurable parameters of the Ambassador chart a | `envRaw` | Additional environment variables in raw YAML format | `{}` | | `image.pullPolicy` | Ambassador image pull policy | `IfNotPresent` | | `image.repository` | Ambassador image | `docker.io/datawire/aes` | -| `image.tag` | Ambassador image tag | `1.11.2` | +| `image.tag` | Ambassador image tag | `1.12.0` | | `imagePullSecrets` | Image pull secrets | `[]` | | `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` | | `scope.singleNamespace` | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false` | @@ -187,6 +187,11 @@ The following tables lists the configurable parameters of the Ambassador chart a | `servicePreview.trafficAgent.port` | Traffic-agent listening port number when injected with ambassador-injector | `9900` | | `servicePreview.trafficAgent.serviceAccountName` | Label Selector for Prometheus to find ServiceMonitors | `traffic-agent` | | `servicePreview.trafficAgent.singleNamespace` | If `true`, installs the traffic-agent ServiceAccount and Role in the current installation namespace; Otherwise uses a global ClusterRole applied to every ServiceAccount | `true` | +| `agent.enabled` | If `true`, installs the ambassador-agent Deployment, ServiceAccount and ClusterRole in the ambassador namespace | `true` | +| `agent.cloudConnectionToken` | API token for reporting snapshots to the [Service Catalog](https://app.getambassador.io/cloud/catalog/); If empty, agent will not report snapshots | `""` | +| `agent.rpcAddress` | Address of the ambassador Service Catalog rpc server. | `https://app.getambassador.io/` | +| `agent.image.repository` | Image repository for the ambassador-agent deployment. Defaults to value of `image.repository` | Same value as `image.repository` | +| `agent.image.tag` | Image tag for the ambassador-agent deployment. Defaults to value of `image.tag` | Same value as `image.tag` | **NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations. diff --git a/crds/getambassador.io_mappings.yaml b/crds/getambassador.io_mappings.yaml index ccbc1c081..c21494779 100644 --- a/crds/getambassador.io_mappings.yaml +++ b/crds/getambassador.io_mappings.yaml @@ -107,6 +107,8 @@ spec: type: array cluster_idle_timeout_ms: type: integer + cluster_max_connection_lifetime_ms: + type: integer cluster_tag: type: string connect_timeout_ms: @@ -372,6 +374,7 @@ spec: shadow: type: boolean timeout_ms: + description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. type: integer tls: oneOf: diff --git a/templates/admin-service.yaml b/templates/admin-service.yaml index 539fc05da..9cd4b5caf 100644 --- a/templates/admin-service.yaml +++ b/templates/admin-service.yaml @@ -17,8 +17,16 @@ metadata: # Hard-coded label for Prometheus Operator ServiceMonitor service: ambassador-admin product: aes - {{- with .Values.adminService.annotations }} annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack admin service for internal use and health checks." + a8r.io/documentation: https://www.getambassador.io/docs/latest/ + a8r.io/chat: http://d6e.co/slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" + {{- with .Values.adminService.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: @@ -31,6 +39,10 @@ spec: {{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }} nodePort: {{ int .Values.adminService.nodePort }} {{- end }} + - port: {{ .Values.adminService.snapshotPort }} + targetPort: {{ .Values.adminService.snapshotPort }} + protocol: TCP + name: ambassador-snapshot selector: app.kubernetes.io/name: {{ include "ambassador.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/aes-agent.yaml b/templates/aes-agent.yaml new file mode 100644 index 000000000..c69c6566d --- /dev/null +++ b/templates/aes-agent.yaml @@ -0,0 +1,186 @@ +{{- if and .Values.agent.enabled .Values.enableAES }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ambassador.fullname" . }}-agent + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ include "ambassador.fullname" . }}-agent-config + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ambassador.fullname" . }}-agent-config +subjects: +- kind: ServiceAccount + name: {{ include "ambassador.fullname" . }}-agent + namespace: {{ include "ambassador.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ include "ambassador.fullname" . }}-agent-config + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +rules: +- apiGroups: [""] + resources: [ "configmaps" ] + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ambassador.fullname" . }}-agent + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ambassador.fullname" . }}-agent +subjects: +- kind: ServiceAccount + name: {{ include "ambassador.fullname" . }}-agent + namespace: {{ include "ambassador.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.fullname" . }}-agent + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +rules: +- apiGroups: [""] + resources: [ "pods" ] + verbs: [ "get", "list", "watch" ] + +{{ if ne .Values.agent.cloudConnectToken "" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "ambassador.fullname" . }}-agent-cloud-token + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent-cloud-token + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +data: + CLOUD_CONNECT_TOKEN: {{ .Values.agent.cloudConnectToken }} +{{ end }} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ambassador.fullname" . }}-agent + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes + spec: + serviceAccountName: {{ include "ambassador.fullname" . }}-agent + containers: + - name: agent + image: "{{ .Values.agent.image.repository | default .Values.image.repository }}:{{ .Values.agent.image.tag | default .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: [ "agent" ] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: {{ include "ambassador.fullname" . }}-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: {{ .Values.agent.rpcAddress }} + - name: AES_SNAPSHOT_URL + value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.snapshotPort }}/snapshot-external" +{{- end }} diff --git a/templates/aes-injector.yaml b/templates/aes-injector.yaml index 40eecdf77..987389af9 100644 --- a/templates/aes-injector.yaml +++ b/templates/aes-injector.yaml @@ -84,6 +84,15 @@ metadata: {{- else }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} + annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack Service Preview Traffic Agent Sidecar injector." + a8r.io/documentation: https://www.getambassador.io/docs/latest/ + a8r.io/chat: http://d6e.co/slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" spec: type: ClusterIP selector: diff --git a/templates/aes-redis.yaml b/templates/aes-redis.yaml index be680ffd1..4157e2f02 100644 --- a/templates/aes-redis.yaml +++ b/templates/aes-redis.yaml @@ -16,7 +16,17 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} annotations: - {{- toYaml .Values.redis.annotations.service | nindent 4}} + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack Redis store for auth and rate limiting, among other things." + a8r.io/documentation: https://www.getambassador.io/docs/latest/ + a8r.io/chat: http://d6e.co/slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" + {{- with .Values.redis.annotations.service }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: ClusterIP ports: diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 543e37179..2b47b25fe 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -157,7 +157,7 @@ spec: {{- end }} {{- end}} - name: admin - containerPort: 8877 + containerPort: {{ .Values.adminService.port }} env: - name: HOST_IP valueFrom: diff --git a/templates/projects.yaml b/templates/projects.yaml index c516d5d5d..88a1685b6 100644 --- a/templates/projects.yaml +++ b/templates/projects.yaml @@ -93,6 +93,15 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} product: aes + annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge internal image registry." + a8r.io/documentation: https://www.getambassador.io/docs/latest/ + a8r.io/chat: http://d6e.co/slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" spec: type: ClusterIP selector: diff --git a/templates/service.yaml b/templates/service.yaml index fc7e91c2e..1cb414b54 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -15,8 +15,16 @@ metadata: {{- end }} app.kubernetes.io/component: ambassador-service product: aes -{{- if .Values.service.annotations }} annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack goes beyond traditional API Gateways and Ingress Controllers with the advanced edge features needed to support developer self-service and full-cycle development." + a8r.io/documentation: https://www.getambassador.io/docs/latest/ + a8r.io/chat: http://d6e.co/slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ include "ambassador.namespace" . }} +{{- if .Values.service.annotations }} {{- range $key, $value := .Values.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} diff --git a/templates/traffic-manager.yaml b/templates/traffic-manager.yaml index 64cfc8d09..942ee61e7 100644 --- a/templates/traffic-manager.yaml +++ b/templates/traffic-manager.yaml @@ -160,7 +160,16 @@ metadata: app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} {{- else }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} + {{- end }} + annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack Service Preview Telepresence Proxy." + a8r.io/documentation: https://www.getambassador.io/docs/latest/ + a8r.io/chat: http://d6e.co/slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" spec: type: ClusterIP clusterIP: None diff --git a/values.yaml b/values.yaml index 2dfafc9f6..5a577c22d 100644 --- a/values.yaml +++ b/values.yaml @@ -119,7 +119,7 @@ security: image: repository: docker.io/datawire/aes - tag: 1.11.2 + tag: 1.12.0 pullPolicy: IfNotPresent dnsPolicy: "ClusterFirst" @@ -211,6 +211,7 @@ adminService: create: true type: ClusterIP port: 8877 + snapshotPort: 8005 # NodePort used if type is NodePort # nodePort: 38877 annotations: @@ -474,3 +475,15 @@ servicePreview: # for the service. crtPEM: "" keyPEM: "" + +# Configure the ambassador agent +agent: + enabled: true + # this will be empty when it first gets applied, then the user will edit the agent to + # make it start reporting + cloudConnectToken: "" + rpcAddress: https://app.getambassador.io/ + image: + # Leave blank to use image.repository and image.tag + tag: + repository: