From 7fa9edf51a54197579777b5a97f904bbf4d0ec4e Mon Sep 17 00:00:00 2001 From: Noah Krause Date: Thu, 12 Sep 2019 23:06:32 -0400 Subject: [PATCH] [stable/ambassador] Major upgrades to Ambassador Pro (#16904) * Upgrade Ambassador Pro to 0.7.0 - Ambassador Pro 0.7.0 introduces Ambassador certified builds that require - A license key - Use an image from the quay.io/datawire/ambassador_pro repository - templates/deployment.yaml has been formatted in a backwards compatible way so all Ambassador Pro images before 0.7.0 will still use Ambassador OSS repo. Signed-off-by: Noah Krause * Store license key in k8s secret by default Signed-off-by: Noah Krause * Add deprecation warning for using prom exporter Signed-off-by: Noah Krause * Major upgrades to Ambassador Pro installation - Introduces the performance tuned and certified build of open source Ambassador, Ambassador core - The license key is now stored and read from a Kubernetes secret by default - Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. - Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance - Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) - The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` - Fixed misnamed selector for redis instance that failed in an edge case Signed-off-by: Noah Krause * Expose annotations for redis deploy Signed-off-by: Noah Krause * Minor updated to changelog and readme Signed-off-by: Noah Krause * Whitespace cleanup Signed-off-by: Noah Krause * Fix type error Signed-off-by: Noah Krause --- stable/ambassador/CHANGELOG.md | 16 +++ stable/ambassador/Chart.yaml | 2 +- stable/ambassador/README.md | 69 +++++++++-- .../ambassador-pro-license-key-secret.yaml | 2 +- .../templates/ambassador-pro-redis.yaml | 14 ++- .../templates/ambassador-pro-service.yaml | 61 ++++++++-- stable/ambassador/templates/crds.yaml | 30 +++-- stable/ambassador/templates/deployment.yaml | 21 +++- stable/ambassador/values.yaml | 107 +++++++++++++----- 9 files changed, 264 insertions(+), 58 deletions(-) diff --git a/stable/ambassador/CHANGELOG.md b/stable/ambassador/CHANGELOG.md index 778636a31799..06571d090323 100644 --- a/stable/ambassador/CHANGELOG.md +++ b/stable/ambassador/CHANGELOG.md @@ -3,6 +3,22 @@ This file documents all notable changes to Ambassador Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v4.0.0 + +### Breaking Changes + +- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core +- The license key is now stored and read from a Kubernetes secret by default +- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. + +### Minor Changes + +- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance +- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) +- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` +- Fixed misnamed selector for redis instance that failed in an edge case +- Exposes annotations for redis deployment and service + ## v3.0.0 ### Breaking Changes diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml index 135027099ffd..b051ebb2bae9 100644 --- a/stable/ambassador/Chart.yaml +++ b/stable/ambassador/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.78.0 description: A Helm chart for Datawire Ambassador name: ambassador -version: 3.3.4 +version: 4.0.0 icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ sources: diff --git a/stable/ambassador/README.md b/stable/ambassador/README.md index 3e26dc699da0..8631cf8ea47e 100755 --- a/stable/ambassador/README.md +++ b/stable/ambassador/README.md @@ -70,11 +70,6 @@ The following tables lists the configurable parameters of the Ambassador chart a | `deploymentAnnotations` | Additional annotations for ambassador DaemonSet/Deployment | `{}` | | `podLabels` | Additional labels for ambassador pods | | | `priorityClassName` | The name of the priorityClass for the ambassador DaemonSet/Deployment | `""` | -| `prometheusExporter.enabled` | Prometheus exporter side-car enabled | `false` | -| `prometheusExporter.pullPolicy` | Image pull policy | `IfNotPresent` | -| `prometheusExporter.repository` | Prometheus exporter image | `prom/statsd-exporter` | -| `prometheusExporter.tag` | Prometheus exporter image | `v0.8.1` | -| `prometheusExporter.resources` | CPU/memory resource requests/limits | `{}` | | `rbac.create` | If `true`, create and use RBAC resources | `true` | | `rbac.podSecurityPolicies` | pod security polices to bind to | | | `replicaCount` | Number of Ambassador replicas | `3` | @@ -93,17 +88,30 @@ The following tables lists the configurable parameters of the Ambassador chart a | `volumes` | Volumes for the ambassador service | `[]` | | `pro.enabled` | Installs the Ambassador Pro container as a sidecar to Ambassador | `false` | | `pro.image.repository` | Ambassador Pro image | `quay.io/datawire/ambassador_pro` | -| `pro.image.tag` | Ambassador Pro image tag | `amb-sidecar-0.6.0` | +| `pro.image.tag` | Ambassador Pro image tag | `0.7.0` | | `pro.ports.auth` | Ambassador Pro authentication port | `8500` | | `pro.ports.ratelimit` | Ambassador Pro ratelimit port | `8500` | | `pro.logLevel` | Log level for Ambassador Pro | `"info"` | | `pro.licenseKey.value` | License key for Ambassador Pro | "" | -| `pro.licenseKey.secret` | Stores the license key as a base64-encoded string in a Kubernetes secret | `false` | +| `pro.licenseKey.secret.enabled` | Reads the license key as a base64-encoded string in a Kubernetes secret | `true` | +| `pro.licenseKey.secret.create` | Stores the license key as a base64-encoded string in a Kubernetes secret | `true` | | `pro.env` | Set additional environment variables for Ambassador Pro. (See below) | `{}` | +| `pro.resources` | Set resource requests and limits from Ambassador Pro | `{}` | +| `pro.authService.enabled` | Enables the Ambassador Pro authentication service | `true` | +| `pro.authService.optional_configurations` | Exposes [additional configuration options](https://www.getambassador.io/reference/services/auth-service/) for the `AuthService` | `""` | +| `pro.rateLimit.enabled` | Enables the Ambassador Pro rate limit service | `true` | +| `pro.rateLimit.redis.annotations.deployment` | Annotations for the redis deployment | `{}` | +| `pro.rateLimit.redis.annotations.service` | Annotations for the redis service | `{}` | +| `pro.rateLimit.redis.resources` | Set resource requests and limits for the rate limit service's redis instance | `{}` | | `autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | `false` | | `autoscaling.minReplica` | If autoscaling enabled, this field sets minimum replica count | `2` | | `autoscaling.maxReplica` | If autoscaling enabled, this field sets maximum replica count | `5` | | `autoscaling.metrics` | If autoscaling enabled, configure hpa metrics | | +| `prometheusExporter.enabled` | DEPRECATED: Prometheus exporter side-car enabled | `false` | +| `prometheusExporter.pullPolicy` | DEPRECATED: Image pull policy | `IfNotPresent` | +| `prometheusExporter.repository` | DEPRECATED: Prometheus exporter image | `prom/statsd-exporter` | +| `prometheusExporter.tag` | DEPRECATED: Prometheus exporter image | `v0.8.1` | +| `prometheusExporter.resources` | DEPRECATED: CPU/memory resource requests/limits | `{}` | **NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations. @@ -113,6 +121,12 @@ Ambassador configuration is done through annotations on Kubernetes services or C If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above. +### Prometheus Metrics + +Using the Prometheus Exporter has been deprecated and is no longer recommended. + +Please see Ambassador's [monitoring with Prometheus](https://www.getambassador.io/user-guide/monitoring/) docs for more information on using the `/metrics` endpoint for metrics collection. + ### Ambassador Pro Setting `pro.enabled: true` will install Ambassador Pro as a sidecar to Ambassador with the required CRDs and redis instance. @@ -163,6 +177,47 @@ $ helm upgrade --install --wait my-release -f values.yaml stable/ambassador # Upgrading +## To 4.0.0 + +The 4.0.0 chart contains a number of changes to the way Ambassador Pro is installed. + +- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core +- The license key is now stored and read from a Kubernetes secret by default +- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. +- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance +- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) +- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` +- Fixed misnamed selector for redis instance that failed in an edge case +- Exposes annotations for redis deployment and service + +### Breaking changes + +The value of `.Values.pro.image.tag` has been shortened to assume `amb-sidecar` (and `amb-core` for Ambassador core) +`values.yaml` +```diff +<3.0.0> + image: + repository: quay.io/datawire/ambassador_pro +- tag: amb-sidecar-0.6.0 + +<4.0.0+> + image: + repository: quay.io/datawire/ambassador_pro ++ tag: 0.7.0 +``` + +Method for creating a Kubernetes secret to hold the license key has been changed + +`values.yaml` +```diff +<3.0.0> +- secret: false +<4.0.0> ++ secret: ++ enabled: true ++ create: true +``` + ## To 3.0.0 ### Service Ports diff --git a/stable/ambassador/templates/ambassador-pro-license-key-secret.yaml b/stable/ambassador/templates/ambassador-pro-license-key-secret.yaml index 05e59843c900..d953783c65a0 100644 --- a/stable/ambassador/templates/ambassador-pro-license-key-secret.yaml +++ b/stable/ambassador/templates/ambassador-pro-license-key-secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.pro.licenseKey.secret -}} +{{- if and .Values.pro.enabled .Values.pro.licenseKey.secret.create -}} apiVersion: v1 kind: Secret metadata: diff --git a/stable/ambassador/templates/ambassador-pro-redis.yaml b/stable/ambassador/templates/ambassador-pro-redis.yaml index 478828763489..3e112fc5837b 100644 --- a/stable/ambassador/templates/ambassador-pro-redis.yaml +++ b/stable/ambassador/templates/ambassador-pro-redis.yaml @@ -4,11 +4,13 @@ kind: Service metadata: name: {{ include "ambassador.fullname" . }}-pro-redis labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-pro-redis + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-pro-redis app.kubernetes.io/part-of: {{ .Release.Name }} helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + {{- toYaml .Values.pro.rateLimit.redis.annotations.service | nindent 4}} spec: type: ClusterIP ports: @@ -23,25 +25,29 @@ kind: Deployment metadata: name: {{ include "ambassador.fullname" . }}-pro-redis labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-pro-redis + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-pro-redis app.kubernetes.io/part-of: {{ .Release.Name }} helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + {{- toYaml .Values.pro.rateLimit.redis.annotations.deployment | nindent 4}} spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-pro-redis + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-pro-redis app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }}-pro-redis + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-pro-redis app.kubernetes.io/instance: {{ .Release.Name }} spec: containers: - name: redis image: redis:5.0.1 restartPolicy: Always + resources: + {{- toYaml .Values.pro.rateLimit.redis.resources | nindent 8 }} {{- end -}} diff --git a/stable/ambassador/templates/ambassador-pro-service.yaml b/stable/ambassador/templates/ambassador-pro-service.yaml index 90f0972221f2..ae2792f877bb 100644 --- a/stable/ambassador/templates/ambassador-pro-service.yaml +++ b/stable/ambassador/templates/ambassador-pro-service.yaml @@ -1,4 +1,46 @@ -{{- if .Values.pro.enabled -}} +{{- if .Values.pro.enabled }} +{{- if .Values.crds.enabled }} +{{- if .Values.pro.authService.enabled }} +--- +apiVersion: getambassador.io/v1 +kind: AuthService +metadata: + name: ambassador-pro-auth +spec: + proto: grpc + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + auth_service: 127.0.0.1:{{ .Values.pro.ports.auth }} + {{- if .Values.pro.authService.optional_configurations }} + {{- toYaml .Values.pro.authService.optional_configurations | nindent 2}} + {{- end }} +--- +apiVersion: getambassador.io/v1 +kind: Mapping +metadata: + name: callback-mapping +spec: + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + prefix: /callback + service: NoTaReAlSeRvIcE +{{- end -}} +{{- if .Values.pro.rateLimit.enabled }} +--- +apiVersion: getambassador.io/v1 +kind: RateLimitService +metadata: + name: ambassador-pro-ratelimit +spec: + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + service: 127.0.0.1:{{ .Values.pro.ports.ratelimit }} +{{- end }} +{{- else }} +--- apiVersion: v1 kind: Service metadata: @@ -12,36 +54,41 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} annotations: getambassador.io/config: | + {{- if .Values.pro.authService.enabled }} --- apiVersion: ambassador/v1 kind: AuthService name: ambassador-pro-auth proto: grpc - auth_service: 127.0.0.1:{{ .Values.pro.ports.auth }} - allow_request_body: false # setting this to 'true' allows Plugin and External filters to access the body, but has performance overhead {{- if hasKey .Values.env "AMBASSADOR_ID" }} ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} {{- end }} + auth_service: 127.0.0.1:{{ .Values.pro.ports.auth }} + {{- toYaml .Values.pro.authService.optional_configurations | nindent 6}} --- # This mapping needs to exist, but is never actually followed. apiVersion: ambassador/v1 kind: Mapping name: callback_mapping - prefix: /callback - service: NoTaReAlSeRvIcE {{- if hasKey .Values.env "AMBASSADOR_ID" }} ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} {{- end }} + prefix: /callback + service: NoTaReAlSeRvIcE + {{- end }} + {{- if .Values.pro.rateLimit.enabled }} --- apiVersion: ambassador/v1 kind: RateLimitService name: ambassador-pro-ratelimit - service: 127.0.0.1:{{ .Values.pro.ports.ratelimit }} {{- if hasKey .Values.env "AMBASSADOR_ID" }} ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} {{- end }} + service: 127.0.0.1:{{ .Values.pro.ports.ratelimit }} + {{- end }} spec: ports: - name: ratelimit-grpc port: 80 -{{- end -}} +# {{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/ambassador/templates/crds.yaml b/stable/ambassador/templates/crds.yaml index 23fa8a56529f..55796977fb8c 100644 --- a/stable/ambassador/templates/crds.yaml +++ b/stable/ambassador/templates/crds.yaml @@ -10,8 +10,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: @@ -37,8 +38,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: @@ -64,8 +66,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: @@ -91,8 +94,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: @@ -118,8 +122,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: @@ -145,8 +150,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: @@ -172,8 +178,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: @@ -199,8 +206,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: @@ -226,8 +234,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: @@ -252,8 +261,9 @@ metadata: helm.sh/chart: {{ include "ambassador.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.crds.keep }} annotations: + "helm.sh/hook": crd-install + {{ if .Values.crds.keep }} "helm.sh/resource-policy": keep {{ end }} spec: diff --git a/stable/ambassador/templates/deployment.yaml b/stable/ambassador/templates/deployment.yaml index 17ad489e4522..bead4f6d4514 100644 --- a/stable/ambassador/templates/deployment.yaml +++ b/stable/ambassador/templates/deployment.yaml @@ -93,7 +93,11 @@ spec: {{- toYaml .Values.prometheusExporter.resources | nindent 12 }} {{- end }} - name: {{ .Chart.Name }} + {{- if and .Values.pro.enabled (gt .Values.pro.image.tag "0.6.0") }} + image: "{{ .Values.pro.image.repository }}:amb-core-{{ .Values.pro.image.tag }}" + {{ else }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: {{- range .Values.service.ports }} @@ -110,6 +114,17 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP + {{- if and .Values.pro.enabled (gt .Values.pro.image.tag "0.6.0") }} + - name: AMBASSADOR_LICENSE_KEY + {{- if .Values.pro.licenseKey.secret.enabled }} + valueFrom: + secretKeyRef: + name: ambassador-pro-license-key + key: key + {{ else }} + value: {{ .Values.pro.licenseKey.value }} + {{- end }} + {{- end }} {{- if .Values.prometheusExporter.enabled }} - name: STATSD_ENABLED value: "true" @@ -159,7 +174,7 @@ spec: {{- toYaml .Values.resources | nindent 12 }} {{- if .Values.pro.enabled }} - name: ambassador-pro - image: "{{ .Values.pro.image.repository }}:{{ .Values.pro.image.tag }}" + image: "{{ .Values.pro.image.repository }}:amb-sidecar-{{ .Values.pro.image.tag }}" ports: - name: grpc-auth containerPort: {{ .Values.pro.ports.auth }} @@ -187,7 +202,7 @@ spec: value: {{ .Values.env.AMBASSADOR_ID | quote }} {{- end }} - name: AMBASSADOR_LICENSE_KEY - {{- if .Values.pro.licenseKey.secret }} + {{- if .Values.pro.licenseKey.secret.enabled }} valueFrom: secretKeyRef: name: ambassador-pro-license-key @@ -204,6 +219,8 @@ spec: {{- end }} {{- end }} {{- end }} + resources: + {{- toYaml .Values.pro.resources | nindent 12 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/stable/ambassador/values.yaml b/stable/ambassador/values.yaml index 3b1e928745f3..854d98f22d36 100644 --- a/stable/ambassador/values.yaml +++ b/stable/ambassador/values.yaml @@ -184,7 +184,87 @@ tolerations: [] affinity: {} -# Enabling the prometheus exporter creates a sidecar and configures ambassador to use it +ambassadorConfig: "" + +crds: + enabled: true + create: true + keep: true + +pro: + enabled: false + image: + repository: quay.io/datawire/ambassador_pro + tag: 0.7.0 + # As of Ambassador Pro 0.6.0, both the RateLimitService and AuthService use the same port + ports: + auth: 8500 + ratelimit: 8500 + logLevel: info + # A license key is required to use Ambassador Pro. + # Get a license key by signing up for a free trial here: https://www.getambassador.io/pro/free-trial + licenseKey: + value: "{{INSERT LICENSE KEY HERE}}" + # The license key will be stored and read from a Kubernetes secret named ambassador-pro-license-key + # Set create: true for the first install and create: false for all subsequent installs + secret: + enabled: true + create: true + # Ambassador Pro environment variables can be found at https://www.getambassador.io/reference/pro/environment + # For consistency, AMBASSADOR_ID is copied over from the Ambassador env above and will be ignored if set here. + env: + {} + resources: {} + # If you want to specify resources, uncomment the following + # lines and remove the curly braces after 'resources:'. + # These are placeholder values and must be tuned. + # limits: + # cpu: 100m + # memory: 256Mi + # requests: + # cpu: 50m + # memory: 128Mi + + authService: + enabled: true + # Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information + optional_configurations: + # include_body: + # max_bytes: 4096 + # allow_partial: true + # status_on_error: + # code: 403 + # failure_mode_allow: false + # retry_policy: + # retry_on: "5xx" + # num_retries: 2 + # add_linkerd_headers: true + # timeout_ms: 30000 + + rateLimit: + enabled: true + redis: + # Annotations for Ambassador Pro's redis instance. + annotations: + deployment: + {} + service: + {} + resources: {} + # If you want to specify resources, uncomment the following + # lines and remove the curly braces after 'resources:'. + # These are placeholder values and must be tuned. + # limits: + # cpu: 100m + # memory: 256Mi + # requests: + # cpu: 50m + # memory: 128Mi + +# DEPRECATED: Ambassador now exposes the /metrics endpoint in Envoy. +# DEPRECATED: See https://www.getambassador.io/user-guide/monitoring#deployment for more information on how to use the /metrics endpoint +# +# DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it prometheusExporter: enabled: false repository: prom/statsd-exporter @@ -210,28 +290,3 @@ prometheusExporter: # timer_type: 'histogram' # labels: # cluster_name: "$1" - -ambassadorConfig: "" - -pro: - enabled: false - image: - repository: quay.io/datawire/ambassador_pro - tag: amb-sidecar-0.6.0 - # As of Ambassador Pro 0.6.0, both the RateLimitService and AuthService use the same port - ports: - auth: 8500 - ratelimit: 8500 - logLevel: info - licenseKey: - value: - secret: false - # Ambassador Pro environment variables can be found at https://www.getambassador.io/reference/pro/environment - # For consistency, AMBASSADOR_ID is copied over from the Ambassador env above and will be ignored if set here. - env: - {} - -crds: - enabled: true - create: true - keep: true