diff --git a/CHANGELOG.md b/CHANGELOG.md
index bd7f7e9..7d82ce9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -66,15 +66,34 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest
## RELEASE NOTES
-## [2.0.1-ea] (TBD)
+## Next Release
+
+(no changes yet)
+
+## [2.0.1-ea] August 12, 2021
+[2.0.1-ea]: https://github.com/datawire/edge-stack/compare/v2.0.0-ea...v2.0.1-ea
+
+### Ambassador Edge Stack
We're pleased to introduce Edge Stack 2.0.1 as a developer preview. The 2.X family introduces a number of changes to allow Edge Stack to more gracefully handle larger installations, reduce global configuration to better handle multitenant or multiorganizational installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on Slack and let us know what you think.
### Ambassador Edge Stack
-- Bugfix: The `AmbassadorMapping` resource can now specify `docs.timeout_ms` to set the timeout when the
+- Feature: Ambassador Agent reports sidecar process information and Mapping OpenAPI documentation to Ambassador Cloud to provide more visibility into services and clusters.
+- Feature: The optional `stats_prefix` element of the `AmbassadorListener` CRD now determines the prefix of HTTP statistics emitted for a specific `AmbassadorListener`.
+- Feature: The optional `stats_name` element of `AmbassadorMapping`, `AmbassadorTCPMapping`, `AuthService`, `LogService`, `RateLimitService`, and `TracingService` now sets the name under which cluster statistics will be logged. The default is the `service`, with non-alphanumeric characters replaced by underscores.
+- Bugfix: The `AmbassadorMapping` resource can now specify `docs.timeout_ms` to set the timeout when the
Dev Portal is fetching API specifications.
- Bugfix: The Dev Portal will now strip HTML tags when displaying search results, showing just
+- Bugfix: Ambassador Edge Stack has updated to `k8s.io/klog/v2` to track upstream and to quiet unnecessary log output.
+- Change: Logs now include subsecond time resolutions, rather than just seconds.
+- Change: Envoy-configuration snapshots get saved (as `ambex-#.json`) in `/ambassador/snapshots`.
+ The number of snapshots is controlled by the `AMBASSADOR_AMBEX_SNAPSHOT_COUNT` environment
+ variable; set it to 0 to disable. The default is 30.
+- Change: Set `AMBASSADOR_AMBEX_NO_RATELIMIT` to `true` to completely disable ratelimiting Envoy
+ reconfiguration under memory pressure. This can help performance with the endpoint or Consul
+ resolvers, but could make OOMkills more likely with large configurations. The default is `false`,
+ meaning that the rate limiter is active.
the actual content of the search result.
- Change: Consul certificate-rotation logging now includes the fingerprints and validity
timestamps of certificates being rotated.
diff --git a/Makefile b/Makefile
index 8fad01c..ab24fd4 100644
--- a/Makefile
+++ b/Makefile
@@ -5,8 +5,20 @@ HELM_OUTPUT_DIR := $(EDGE_STACK_HOME)/build/helm/
update-yaml/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml
update-yaml/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-crds.yaml
+update-yaml/files += $(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml
+update-yaml/files += $(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml
-$(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml) $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/charts/*.tgz) $(EDGE_STACK_HOME)/charts/edge-stack/values.yaml $(EDGE_STACK_HOME)/k8s-config/aes/values.yaml
+create-venv:
+ [[ -d $(EDGE_STACK_HOME)/venv ]] || python3 -m venv $(EDGE_STACK_HOME)/venv
+.PHONY: create-venv
+
+python-setup: create-venv
+ $(EDGE_STACK_HOME)/venv/bin/python -m pip install ruamel.yaml
+.PHONY: python-setup
+
+FORCE:
+
+$(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml) $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/charts/*.tgz) $(EDGE_STACK_HOME)/charts/edge-stack/values.yaml $(EDGE_STACK_HOME)/k8s-config/aes/values.yaml FORCE
mkdir -p $(@D)
helm template edge-stack -n ambassador -f $(EDGE_STACK_HOME)/k8s-config/aes/values.yaml $(EDGE_STACK_HOME)/charts/edge-stack/ > $@
@@ -16,13 +28,31 @@ template-helm:
helm template edge-stack --output-dir $(HELM_OUTPUT_DIR) --include-crds -n ambassador $(EDGE_STACK_HOME)/charts/edge-stack
.PHONY: template-helm
-$(EDGE_STACK_HOME)/manifests/edge-stack/aes-crds.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml) $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/charts/*.tgz) template-helm
+$(EDGE_STACK_HOME)/manifests/edge-stack/aes-crds.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml) $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/charts/*.tgz) template-helm FORCE
cat $(sort $(wildcard $(HELM_OUTPUT_DIR)/edge-stack/charts/emissary-ingress/crds/*.yaml)) > $@
cat $(sort $(wildcard $(HELM_OUTPUT_DIR)/edge-stack/crds/*.yaml)) >> $@
rm -rf $(HELM_OUTPUT_DIR)
+define generate_yaml_from_helm
+ mkdir -p `dirname $(3)` && \
+ mkdir -p $(EDGE_STACK_HOME)/build/yaml/$(1) && \
+ helm template edge-stack -n $(2) \
+ -f $(EDGE_STACK_HOME)/k8s-config/$(1)/values.yaml \
+ $(EDGE_STACK_HOME)/charts/edge-stack > $(EDGE_STACK_HOME)/build/yaml/$(1)/helm-expanded.yaml
+ $(EDGE_STACK_HOME)/venv/bin/python $(EDGE_STACK_HOME)/k8s-config/create_yaml.py \
+ $(EDGE_STACK_HOME)/build/yaml/$(1)/helm-expanded.yaml $(EDGE_STACK_HOME)/k8s-config/$(1)/require.yaml > $(3)
+endef
+
+$(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml: $(EDGE_STACK_HOME)/k8s-config/create_yaml.py $(EDGE_STACK_HOME)/k8s-config/oss-migration/require.yaml $(EDGE_STACK_HOME)/k8s-config/oss-migration/values.yaml $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml $(EDGE_STACK_HOME)/charts/edge-stack/values.yaml python-setup FORCE
+ @printf ' $(CYN)$@$(END)\n'
+ $(call generate_yaml_from_helm,oss-migration,default,$@)
+
+$(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml: $(EDGE_STACK_HOME)/k8s-config/create_yaml.py $(EDGE_STACK_HOME)/k8s-config/resources-migration/require.yaml $(EDGE_STACK_HOME)/k8s-config/resources-migration/values.yaml $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml $(EDGE_STACK_HOME)/charts/edge-stack/values.yaml python-setup FORCE
+ @printf ' $(CYN)$@$(END)\n'
+ $(call generate_yaml_from_helm,resources-migration,default,$@)
+
update-yaml:
- @echo '$(MAKE) $$(update-yaml/files)'; $(MAKE) $(update-yaml/files)
+ @echo '$(MAKE) $$(update-yaml/files)'; $(MAKE) $(update-yaml/files) --always-make
.PHONY: update-yaml
push-manifests:
diff --git a/charts/edge-stack/CHANGELOG.md b/charts/edge-stack/CHANGELOG.md
index 45a25da..e84588d 100644
--- a/charts/edge-stack/CHANGELOG.md
+++ b/charts/edge-stack/CHANGELOG.md
@@ -7,6 +7,10 @@ numbering uses [semantic versioning](http://semver.org).
(no changes yet)
+## v7.1.1-ea
+
+- Update Edge Stack chart image to version v2.0.1-ea: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
+
## v7.1.0-ea
- Feature: New canarying features for Ambassador in the chart that allow creation of a secondary deployment/service to test new versions and environment variables.
diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml
index 0f6168b..5efe7b0 100644
--- a/charts/edge-stack/Chart.yaml
+++ b/charts/edge-stack/Chart.yaml
@@ -1,8 +1,8 @@
apiVersion: v2
-appVersion: 2.0.0-ea
+appVersion: 2.0.1-ea
description: A Helm chart for Ambassador Edge Stack
name: edge-stack
-version: 7.1.0-ea
+version: 7.1.1-ea
# TODO: change these to whatever the appropriate things are
icon: https://www.getambassador.io/images/logo.png
home: https://www.getambassador.io/
diff --git a/charts/edge-stack/README.md b/charts/edge-stack/README.md
index 2413466..5b21f2c 100644
--- a/charts/edge-stack/README.md
+++ b/charts/edge-stack/README.md
@@ -7,7 +7,7 @@
```console
$ helm repo add edge-stack https://s3.amazonaws.com/datawire-static-files/charts
$ helm repo update
-$ helm install edge-stack edge-stack/edge-stack -n ambassador --version=v0.0.1
+$ helm install edge-stack --devel edge-stack/edge-stack -n ambassador
```
## Introduction
@@ -23,7 +23,7 @@ This chart deploys Edge Stack on a [Kubernetes](http://kubernetes.io) cluster us
To install the chart with the release name `edge-stack`:
```console
-$ helm install edge-stack edge-stack/edge-stack -n ambassador --version=v0.0.1
+$ helm install edge-stack --devel edge-stack/edge-stack -n ambassador
```
The command deploys Edge Stack on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -48,46 +48,56 @@ Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md)
The following table lists the configurable parameters of the `edge-stack` chart and their default values.
-| Parameter | Description | Default |
-|---------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| nameOverride | Manually set metadata for the Release. Defaults to .Chart.Name | `edge-stack` |
-| fullnameOverride | Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador" | `''` |
-| namespaceOverride | Defaults to .Release.Namespace | `''` |
-| emissary-ingress | Emissary Chart Values. all values under emissary-ingress key are passed to [the emissary chart](https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/README.md)
Example:
`setting `emissary-ingress.service.type=NodePort` will pass `service.type=NodePort` to the underlying emissary chart` | `{"envRaw":"- name: REDIS_URL\n {{- if .Values.redisURL }}\n value: {{ .Values.redisURL }}\n {{- else }}\n value: {{ include \"ambassador.fullname\" . }}-redis:6379\n {{- end }}\n{{- if and .Values.licenseKey.secretName }}\n- name: AMBASSADOR_AES_SECRET_NAME\n value: {{ .Values.licenseKey.secretName }}\n{{- end }}\n","image":{"pullPolicy":"IfNotPresent","repository":"docker.io/datawire/aes","tag":"2.0.0-ea"},"licenseKey":{"createSecret":true},"nameOverride":"edge-stack","service":{"ports":[{"name":"http","port":80,"targetPort":8080},{"name":"https","port":443,"targetPort":8443}],"type":"LoadBalancer"},"serviceAccount":{"create":true},"singleNamespace":false,"volumeMountsRaw":"{{- if and .Values.licenseKey.createSecret }}\n- name: {{ include \"ambassador.fullname\" . }}-edge-stack-secrets\n mountPath: /.config/ambassador\n readOnly: true\n{{- end }}\n","volumesRaw":"- name: {{ include \"ambassador.fullname\" . }}-edge-stack-secrets\n secret:\n {{- if and .Values.licenseKey .Values.licenseKey.secretName }}\n secretName: {{ .Values.licenseKey.secretName }}\n {{- else }}\n secretName: {{ include \"ambassador.fullname\" . }}-edge-stack\n {{- end }}\n"}` |
-| rbac.create | Specifies whether RBAC resources should be created | `true` |
-| rbac.nameOverride | Name of the RBAC resources defaults to the name of the release. Set nameOverride when installing Ambassador with cluster-wide scope in different namespaces with the same release name to avoid conflicts. | `` |
-| global.rbac.create | Specifies whether RBAC resources should be created | `true` |
-| global.rbac.nameOverride | Name of the RBAC resources defaults to the name of the release. Set nameOverride when installing Ambassador with cluster-wide scope in different namespaces with the same release name to avoid conflicts. | `` |
-| global.crds.enabled | | `true` |
-| global.crds.create | | `true` |
-| global.crds.keep | | `true` |
-| licenseKey.value | | `` |
-| licenseKey.createSecret | | `true` |
-| licenseKey.secretName | | `` |
-| createDevPortalMappings | The DevPortal is exposed at /docs/ endpoint in the AES container. Setting this to true will automatically create routes for the DevPortal. | `true` |
-| devportal.docsPrefix | | `/documentation/` |
-| redisURL | The Ambassador Edge Stack uses a redis instance for managing authentication, rate limiting, and sharing minor configuration details between pods for centralized management. These values configure the redis instance that ships by default with The Ambassador Edge Stack. URL of your redis instance. Defaults to redis instance created below. | `` |
-| redis.create | | `true` |
-| redis.image.repository | | `redis` |
-| redis.image.tag | | `5.0.1` |
-| redis.image.pullPolicy | | `IfNotPresent` |
-| authService.deploymentExtraName | | `auth` |
-| authService.create | | `true` |
-| rateLimit.create | | `true` |
-| rateLimit.deploymentExtraName | | `ratelimit` |
-| deploymentTool | | `''` |
-| enableTestService | | `false` |
+| Parameter | Description | Default |
+|-------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| nameOverride | Manually set metadata for the Release. Defaults to .Chart.Name | `edge-stack` |
+| fullnameOverride | Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador" | `''` |
+| namespaceOverride | Defaults to .Release.Namespace | `''` |
+| emissary-ingress | Emissary Chart Values. all values under emissary-ingress key are passed to [the emissary chart](https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/README.md)
Example:
`setting `emissary-ingress.service.type=NodePort` will pass `service.type=NodePort` to the underlying emissary chart` | `{"envRaw":"- name: REDIS_URL\n {{- if .Values.redisURL }}\n value: {{ .Values.redisURL }}\n {{- else }}\n value: {{ include \"ambassador.fullname\" . }}-redis:6379\n {{- end }}\n{{- if and .Values.licenseKey.secretName }}\n- name: AMBASSADOR_AES_SECRET_NAME\n value: {{ .Values.licenseKey.secretName }}\n{{- end }}\n","image":{"pullPolicy":"IfNotPresent","repository":"docker.io/datawire/aes","tag":"2.0.1-ea"},"licenseKey":{"createSecret":true},"nameOverride":"edge-stack","service":{"ports":[{"name":"http","port":80,"targetPort":8080},{"name":"https","port":443,"targetPort":8443}],"type":"LoadBalancer"},"serviceAccount":{"create":true},"singleNamespace":false,"test":{"enabled":false},"volumeMountsRaw":"{{- if and .Values.licenseKey.createSecret }}\n- name: {{ include \"ambassador.fullname\" . }}-secrets\n mountPath: /.config/ambassador\n readOnly: true\n{{- end }}\n","volumesRaw":"- name: {{ include \"ambassador.fullname\" . }}-secrets\n secret:\n {{- if and .Values.licenseKey .Values.licenseKey.secretName }}\n secretName: {{ .Values.licenseKey.secretName }}\n {{- else }}\n secretName: {{ include \"ambassador.fullname\" . }}\n {{- end }}\n"}` |
+| rbac.create | Specifies whether RBAC resources should be created | `true` |
+| rbac.podSecurityPolicies | List of Pod Security Policies to use on the container. If security.podSecurityPolicy is set, it will be appended to the list | `[]` |
+| rbac.nameOverride | Name of the RBAC resources defaults to the name of the release. Set nameOverride when installing Ambassador with cluster-wide scope in different namespaces with the same release name to avoid conflicts. | `` |
+| global.rbac.create | Specifies whether RBAC resources should be created | `true` |
+| global.rbac.podSecurityPolicies | List of Pod Security Policies to use on the container. If security.podSecurityPolicy is set, it will be appended to the list | `[]` |
+| global.rbac.nameOverride | Name of the RBAC resources defaults to the name of the release. Set nameOverride when installing Ambassador with cluster-wide scope in different namespaces with the same release name to avoid conflicts. | `` |
+| global.crds.enabled | | `true` |
+| global.crds.create | | `true` |
+| global.crds.keep | | `true` |
+| licenseKey.value | | `` |
+| licenseKey.createSecret | | `true` |
+| licenseKey.secretName | | `` |
+| licenseKey.annotations | Annotations to attach to the license-key-secret. | `{}` |
+| createDevPortalMappings | The DevPortal is exposed at /docs/ endpoint in the AES container. Setting this to true will automatically create routes for the DevPortal. | `true` |
+| devportal.docsPrefix | | `/documentation/` |
+| redisURL | The Ambassador Edge Stack uses a redis instance for managing authentication, rate limiting, and sharing minor configuration details between pods for centralized management. These values configure the redis instance that ships by default with The Ambassador Edge Stack. URL of your redis instance. Defaults to redis instance created below. | `` |
+| redis.create | | `true` |
+| redis.image.repository | | `redis` |
+| redis.image.tag | | `5.0.1` |
+| redis.image.pullPolicy | | `IfNotPresent` |
+| redis.annotations.deployment | | `{}` |
+| redis.annotations.service | | `{}` |
+| redis.resources | | `{}` |
+| redis.nodeSelector | If you want to specify resources, uncomment the following lines and remove the curly braces after 'resources:'. These are placeholder values and must be tuned. limits: cpu: 100m memory: 256Mi requests: cpu: 50m memory: 128Mi | `{}` |
+| redis.affinity | | `{}` |
+| redis.tolerations | | `{}` |
+| authService.deploymentExtraName | | `auth` |
+| authService.create | | `true` |
+| authService.optional_configurations | Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information | `{}` |
+| rateLimit.create | | `true` |
+| rateLimit.deploymentExtraName | | `ratelimit` |
+| deploymentTool | | `''` |
+| enableTestService | | `false` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
```console
-$ helm install edge-stack edge-stack/edge-stack -n ambassador --version=v0.0.1 --set nameOverride=edge-stack
+$ helm install edge-stack --devel edge-stack/edge-stack -n ambassador --set nameOverride=edge-stack
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while
installing the chart. For example:
```console
-$ helm install edge-stack edge-stack/edge-stack -n ambassador --version=v0.0.1 --values values.yaml
+$ helm install edge-stack --devel edge-stack/edge-stack -n ambassador --values values.yaml
```
diff --git a/charts/edge-stack/doc.yaml b/charts/edge-stack/doc.yaml
index 13cba22..4457d3b 100644
--- a/charts/edge-stack/doc.yaml
+++ b/charts/edge-stack/doc.yaml
@@ -9,7 +9,6 @@ repository:
name: edge-stack
chart:
name: edge-stack
- version: v0.0.1
values: "-- generate from values file --"
valuesExample: "-- generate from values file --"
prerequisites:
diff --git a/charts/edge-stack/readme.tpl b/charts/edge-stack/readme.tpl
index 74dc449..a1e3acd 100644
--- a/charts/edge-stack/readme.tpl
+++ b/charts/edge-stack/readme.tpl
@@ -7,7 +7,7 @@
```console
$ helm repo add {{ .Repository.Name }} {{ .Repository.URL }}
$ helm repo update
-$ helm install {{ .Release.Name }} {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }}
+$ helm install {{ .Release.Name }} --devel {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }}
```
## Introduction
@@ -24,7 +24,7 @@ This chart deploys {{ .Project.App }} on a [Kubernetes](http://kubernetes.io) cl
To install the chart with the release name `{{ .Release.Name }}`:
```console
-$ helm install {{ .Release.Name }} {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }}
+$ helm install {{ .Release.Name }} --devel {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }}
```
The command deploys {{ .Project.App }} on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -55,13 +55,13 @@ The following table lists the configurable parameters of the `{{ .Chart.Name }}`
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
```console
-$ helm install {{ .Release.Name }} {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }} --set {{ .Chart.ValuesExample }}
+$ helm install {{ .Release.Name }} --devel {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }} --set {{ .Chart.ValuesExample }}
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while
installing the chart. For example:
```console
-$ helm install {{ .Release.Name }} {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }} --values values.yaml
+$ helm install {{ .Release.Name }} --devel {{ .Repository.Name }}/{{ .Chart.Name }} -n {{ .Release.Namespace }}{{ with .Chart.Version }} --version={{.}}{{ end }} --values values.yaml
```
{{- end }}
diff --git a/charts/edge-stack/templates/aes-secret.yaml b/charts/edge-stack/templates/aes-secret.yaml
index 8735ad9..f32a9bf 100644
--- a/charts/edge-stack/templates/aes-secret.yaml
+++ b/charts/edge-stack/templates/aes-secret.yaml
@@ -12,7 +12,7 @@ metadata:
{{- if .Values.licenseKey.secretName }}
name: {{ .Values.licenseKey.secretName }}
{{- else }}
- name: {{ include "ambassador.fullname" . }}-edge-stack
+ name: {{ include "ambassador.fullname" . }}
{{- end }}
namespace: {{ include "ambassador.namespace" . }}
type: Opaque
diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml
index 281d070..d46b1ea 100644
--- a/charts/edge-stack/values.yaml
+++ b/charts/edge-stack/values.yaml
@@ -16,6 +16,8 @@ namespaceOverride: ''
# Example:
# setting `emissary-ingress.service.type=NodePort` will pass `service.type=NodePort` to the underlying emissary chart
emissary-ingress: # +doc-gen:break
+ test:
+ enabled: false
service:
type: LoadBalancer
@@ -48,16 +50,16 @@ emissary-ingress: # +doc-gen:break
value: {{ .Values.licenseKey.secretName }}
{{- end }}
volumesRaw: |
- - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets
+ - name: {{ include "ambassador.fullname" . }}-secrets
secret:
{{- if and .Values.licenseKey .Values.licenseKey.secretName }}
secretName: {{ .Values.licenseKey.secretName }}
{{- else }}
- secretName: {{ include "ambassador.fullname" . }}-edge-stack
+ secretName: {{ include "ambassador.fullname" . }}
{{- end }}
volumeMountsRaw: |
{{- if and .Values.licenseKey.createSecret }}
- - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets
+ - name: {{ include "ambassador.fullname" . }}-secrets
mountPath: /.config/ambassador
readOnly: true
{{- end }}
@@ -68,7 +70,7 @@ emissary-ingress: # +doc-gen:break
image:
repository: docker.io/datawire/aes
- tag: 2.0.0-ea
+ tag: 2.0.1-ea
pullPolicy: IfNotPresent
rbac:
diff --git a/charts/scripts/update_chart_image_values.py b/charts/scripts/update_chart_image_values.py
index 6ca993a..31342fa 100644
--- a/charts/scripts/update_chart_image_values.py
+++ b/charts/scripts/update_chart_image_values.py
@@ -21,7 +21,7 @@ def main(values_file, image_tag, repo=None):
if 'image' not in helm_values['emissary-ingress']:
helm_values['emissary-ingress']['image'] = {}
helm_values['emissary-ingress']['image'][image_key] = image_tag
- if repo is not None and repo is not '':
+ if repo is not None and repo != '':
helm_values['emissary-ingress']['image'][repo_key] = repo
with open(values_file, 'w') as f:
diff --git a/k8s-config/aes/values.yaml b/k8s-config/aes/values.yaml
index 892a071..746020f 100644
--- a/k8s-config/aes/values.yaml
+++ b/k8s-config/aes/values.yaml
@@ -4,7 +4,6 @@ emissary-ingress:
deploymentTool: getambassador.io
env:
POLL_EVERY_SECS: '60'
- AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local'
AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443'
AMBASSADOR_DRAIN_TIME: '600'
podAnnotations:
@@ -34,10 +33,7 @@ registry:
create: true
devportal:
docsPrefix: "/docs/"
-rateLimit:
- deploymentExtraName: edge-stack-ratelimit
authService:
- deploymentExtraName: edge-stack-auth
optional_configurations:
allow_request_body: false
status_on_error:
diff --git a/k8s-config/create_yaml.py b/k8s-config/create_yaml.py
new file mode 100644
index 0000000..73995bb
--- /dev/null
+++ b/k8s-config/create_yaml.py
@@ -0,0 +1,87 @@
+# This script is to help generate any flat yaml files from the ambassador helm chart.
+#
+# This script takes two arguments:
+# 1. A multi-doc yaml file generated from running:
+# `helm template ambassador -f [VALUES_FILE.yaml] -n [NAMESPACE] ./charts/ambassador`
+# 2. A yaml file listing the required kubernetes resources from the generated helm template to
+# output to stdout. See ../aes/require.yaml for an example
+#
+# This script will output to stdout the resources from 1) iff they are referenced in 2). It will
+# preserve the ordering from 2), and will error if any resources named in 2) are missing in 1)
+import sys
+import ruamel.yaml
+
+
+NO_NAMESPACE = '__no_namespace'
+
+
+def get_resource_key(resource):
+ metadata = resource.get('metadata', {})
+ namespace = metadata['namespace'] if 'namespace' in metadata else NO_NAMESPACE
+
+ return '{}.{}.{}'.format(resource['kind'], metadata['name'], namespace)
+
+
+def get_requirement_key(req):
+ if 'kind' not in req or 'name' not in req:
+ raise Exception('Malformed requirement %s' % req)
+ ns = req['namespace'] if 'namespace' in req else NO_NAMESPACE
+ return '{}.{}.{}'.format(req['kind'], req['name'], ns)
+
+
+# ensure that the yaml docs are sorted in the same way as in the requirements.
+# order actually matters here. for example, we need the namespace show up before any
+# namespaced resources.
+# Also this ensures that all the "required" resources make it into the final yaml
+def same_sort(requirements, yaml_docs):
+ sorted_resources = []
+ for req in requirements.get('resources'):
+ req_key = get_requirement_key(req)
+ if req_key not in yaml_docs:
+ raise Exception('Resource %s not found in generated yaml' % req_key)
+ sorted_resources.append(yaml_docs[req_key])
+ return sorted_resources
+
+
+class RequirementChecker():
+
+ def __init__(self, requirements):
+ self.requirements = {}
+ for req in requirements:
+ key = get_requirement_key(req)
+ self.requirements[key] = True
+
+
+ def is_required(self, resource):
+ key = get_resource_key(resource)
+ return key in self.requirements
+
+
+def main(templated_helm_file, require_file):
+ yaml = ruamel.yaml.YAML()
+ yaml.indent(mapping=2)
+ with open(templated_helm_file, 'r') as f:
+ templated_helm = yaml.load_all(f.read())
+ with open(require_file, 'r') as f:
+ requirements = yaml.load(f.read())
+ checker = RequirementChecker(requirements.get('resources'))
+
+ new_doc = {}
+ for yaml_doc in templated_helm:
+ if yaml_doc is None:
+ continue
+ if checker.is_required(yaml_doc):
+ new_doc[get_resource_key(yaml_doc)] = yaml_doc
+ print('# GENERATED FILE: edits made by hand will not be preserved.')
+ print('---')
+ yaml.dump_all(same_sort(requirements, new_doc), sys.stdout)
+
+
+if __name__ == '__main__':
+ if len(sys.argv) != 3:
+ print('USAGE: create_yaml.py [HELM_GENERATED_FILE] [REQUIREMENTS_FILE]')
+ sys.exit(1)
+ templated_helm = sys.argv[1]
+ require_file = sys.argv[2]
+
+ main(templated_helm, require_file)
diff --git a/k8s-config/oss-migration/require.yaml b/k8s-config/oss-migration/require.yaml
new file mode 100644
index 0000000..71dcab6
--- /dev/null
+++ b/k8s-config/oss-migration/require.yaml
@@ -0,0 +1,29 @@
+resources:
+ - kind: Service
+ name: edge-stack-redis
+ namespace: default
+ - kind: Deployment
+ name: edge-stack-redis
+ namespace: default
+ - kind: Secret
+ name: edge-stack
+ namespace: default
+ - kind: Service
+ name: test-aes
+ namespace: default
+ - kind: Deployment
+ name: aes
+ namespace: default
+ - kind: ServiceAccount
+ name: edge-stack
+ namespace: default
+ - kind: ClusterRoleBinding
+ name: edge-stack
+ - kind: ClusterRole
+ name: edge-stack
+ - kind: ClusterRole
+ name: edge-stack-aes
+ - kind: ClusterRole
+ name: edge-stack-crd
+ - kind: ClusterRole
+ name: edge-stack-watch
diff --git a/k8s-config/oss-migration/values.yaml b/k8s-config/oss-migration/values.yaml
new file mode 100644
index 0000000..b24a73c
--- /dev/null
+++ b/k8s-config/oss-migration/values.yaml
@@ -0,0 +1,35 @@
+emissary-ingress:
+ deploymentTool: getambassador.io
+ replicaCount: 1
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ product: aes
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ env:
+ POLL_EVERY_SECS: '60'
+ AMBASSADOR_URL: 'https://ambassador.ambassador.svc.cluster.local'
+ AMBASSADOR_INTERNAL_URL: 'https://127.0.0.1:8443'
+ AMBASSADOR_DRAIN_TIME: '600'
+ podAnnotations:
+ consul.hashicorp.com/connect-inject: 'false'
+ sidecar.istio.io/inject: 'false'
+ containerNameOverride: aes
+ restartPolicy: Always
+ terminationGracePeriodSeconds: "0"
+ service:
+ type: LoadBalancer
+ selector:
+ product: aes
+ deploymentNameOverride: aes
+
+enableTestService: true
+
+deploymentTool: getambassador.io
+redis:
+ serviceSelector:
+ service: ambassador-redis
diff --git a/k8s-config/resources-migration/require.yaml b/k8s-config/resources-migration/require.yaml
new file mode 100644
index 0000000..37cef70
--- /dev/null
+++ b/k8s-config/resources-migration/require.yaml
@@ -0,0 +1,19 @@
+resources:
+ - kind: RateLimitService
+ name: edge-stack-ratelimit
+ namespace: default
+ - kind: AuthService
+ name: edge-stack-auth
+ namespace: default
+ - kind: AmbassadorMapping
+ name: edge-stack-devportal
+ namespace: default
+ - kind: AmbassadorMapping
+ name: edge-stack-devportal-assets
+ namespace: default
+ - kind: AmbassadorMapping
+ name: edge-stack-devportal-demo
+ namespace: default
+ - kind: AmbassadorMapping
+ name: edge-stack-devportal-api
+ namespace: default
diff --git a/k8s-config/resources-migration/values.yaml b/k8s-config/resources-migration/values.yaml
new file mode 100644
index 0000000..4c6ac87
--- /dev/null
+++ b/k8s-config/resources-migration/values.yaml
@@ -0,0 +1,11 @@
+rateLimit:
+ deploymentExtraName: ratelimit
+authService:
+ deploymentExtraName: auth
+ optional_configurations:
+ allow_request_body: false
+ status_on_error:
+ code: 504
+emissary-ingress:
+ deploymentTool: getambassador.io
+deploymentTool: getambassador.io
diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml
index e50ecaf..581a95e 100644
--- a/manifests/edge-stack/aes.yaml
+++ b/manifests/edge-stack/aes.yaml
@@ -29,7 +29,7 @@ metadata:
apiVersion: v1
kind: Secret
metadata:
- name: edge-stack-edge-stack
+ name: edge-stack
namespace: ambassador
type: Opaque
data:
@@ -353,7 +353,8 @@ spec:
targetPort: 8443
selector:
- service: ambassador
+ service: ambassador
+ profile: main
---
# Source: edge-stack/templates/aes-redis.yaml
apiVersion: v1
@@ -405,7 +406,7 @@ spec:
serviceAccountName: edge-stack-agent
containers:
- name: agent
- image: docker.io/datawire/aes:2.0.0-ea
+ image: docker.io/datawire/aes:2.0.1-ea
imagePullPolicy: IfNotPresent
command: [ "agent" ]
env:
@@ -419,6 +420,9 @@ spec:
value: https://app.getambassador.io/
- name: AES_SNAPSHOT_URL
value: "http://edge-stack-admin.ambassador:8005/snapshot-external"
+
+
+ progressDeadlineSeconds: 600
---
# Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml
apiVersion: apps/v1
@@ -436,12 +440,16 @@ spec:
service: ambassador
strategy:
type: RollingUpdate
+
+
+ progressDeadlineSeconds: 600
template:
metadata:
labels:
service: ambassador
app.kubernetes.io/managed-by: getambassador.io
+ profile: main
annotations:
consul.hashicorp.com/connect-inject: "false"
sidecar.istio.io/inject: "false"
@@ -458,13 +466,13 @@ spec:
- fieldRef:
fieldPath: metadata.labels
path: labels
- - name: edge-stack-edge-stack-secrets
+ - name: edge-stack-secrets
secret:
- secretName: edge-stack-edge-stack
+ secretName: edge-stack
containers:
- name: aes
- image: docker.io/datawire/aes:2.0.0-ea
+ image: docker.io/datawire/aes:2.0.1-ea
imagePullPolicy: IfNotPresent
ports:
- name: http
@@ -486,8 +494,6 @@ spec:
value: "600"
- name: "AMBASSADOR_INTERNAL_URL"
value: "https://127.0.0.1:8443"
- - name: "AMBASSADOR_URL"
- value: "https://ambassador.ambassador.svc.cluster.local"
- name: "POLL_EVERY_SECS"
value: "60"
- name: REDIS_URL
@@ -514,7 +520,7 @@ spec:
mountPath: /tmp/ambassador-pod-info
readOnly: true
- - name: edge-stack-edge-stack-secrets
+ - name: edge-stack-secrets
mountPath: /.config/ambassador
readOnly: true
@@ -640,7 +646,7 @@ spec:
apiVersion: getambassador.io/v2
kind: AuthService
metadata:
- name: edge-stack-edge-stack-auth
+ name: edge-stack-auth
namespace: ambassador
labels:
product: aes
@@ -655,29 +661,9 @@ spec:
apiVersion: getambassador.io/v2
kind: RateLimitService
metadata:
- name: edge-stack-edge-stack-ratelimit
+ name: edge-stack-ratelimit
namespace: ambassador
labels:
product: aes
spec:
service: 127.0.0.1:8500
----
-# Source: edge-stack/charts/emissary-ingress/templates/tests/test-ready.yaml
-apiVersion: v1
-kind: Pod
-metadata:
- name: "edge-stack-test-ready"
- labels:
- app.kubernetes.io/name: edge-stack
- helm.sh/chart: emissary-ingress-7.0.0-ea
- app.kubernetes.io/instance: edge-stack
- app.kubernetes.io/managed-by: getambassador.io
- annotations:
- "helm.sh/hook": test-success
-spec:
- containers:
- - name: wget
- image: busybox
- command: ['wget']
- args: ['edge-stack:80/ambassador/v0/check_ready']
- restartPolicy: Never
diff --git a/manifests/edge-stack/oss-migration.yaml b/manifests/edge-stack/oss-migration.yaml
new file mode 100644
index 0000000..abe27c7
--- /dev/null
+++ b/manifests/edge-stack/oss-migration.yaml
@@ -0,0 +1,331 @@
+# GENERATED FILE: edits made by hand will not be preserved.
+---
+# Source: edge-stack/templates/aes-redis.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: edge-stack-redis
+ namespace: default
+ labels:
+ product: aes
+ annotations:
+ a8r.io/owner: Ambassador Labs
+ a8r.io/repository: github.com/datawire/ambassador
+ a8r.io/description: The Ambassador Edge Stack Redis store for auth and rate limiting,
+ among other things.
+ a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
+ a8r.io/chat: http://a8r.io/Slack
+ a8r.io/bugs: https://github.com/datawire/ambassador/issues
+ a8r.io/support: https://www.getambassador.io/about-us/support/
+ a8r.io/dependencies: None
+spec:
+ type: ClusterIP
+ ports:
+ - port: 6379
+ targetPort: 6379
+ selector:
+ service: ambassador-redis
+---
+# Source: edge-stack/templates/aes-redis.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: edge-stack-redis
+ namespace: default
+ labels:
+ product: aes
+ annotations: {}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ service: ambassador-redis
+ template:
+ metadata:
+ labels:
+ service: ambassador-redis
+ spec:
+ containers:
+ - name: redis
+ image: redis:5.0.1
+ imagePullPolicy: IfNotPresent
+ resources: {}
+ restartPolicy: Always
+---
+# Source: edge-stack/templates/aes-secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: edge-stack
+ namespace: default
+type: Opaque
+data:
+ license-key: ''
+---
+# Source: edge-stack/templates/oss-migration-test-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: test-aes
+ namespace: default
+ labels:
+ product: aes
+spec:
+ type: LoadBalancer
+ externalTrafficPolicy: Local
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8080
+ - name: https
+ port: 443
+ targetPort: 8443
+ selector:
+ product: aes
+---
+# Source: edge-stack/charts/emissary-ingress/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: aes
+ namespace: default
+ labels:
+ product: aes
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ product: aes
+ strategy:
+ type: RollingUpdate
+
+
+ progressDeadlineSeconds: 600
+ template:
+ metadata:
+ labels:
+ product: aes
+ app.kubernetes.io/managed-by: getambassador.io
+ profile: main
+ annotations:
+ consul.hashicorp.com/connect-inject: 'false'
+ sidecar.istio.io/inject: 'false'
+ spec:
+ terminationGracePeriodSeconds: 0
+ securityContext:
+ runAsUser: 8888
+ restartPolicy: Always
+ serviceAccountName: edge-stack
+ volumes:
+ - name: ambassador-pod-info
+ downwardAPI:
+ items:
+ - fieldRef:
+ fieldPath: metadata.labels
+ path: labels
+ - name: edge-stack-secrets
+ secret:
+ secretName: edge-stack
+
+ containers:
+ - name: aes
+ image: docker.io/datawire/aes:2.0.1-ea
+ imagePullPolicy: IfNotPresent
+ ports:
+ - name: http
+ containerPort: 8080
+ - name: https
+ containerPort: 8443
+ - name: admin
+ containerPort: 8877
+ env:
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: AMBASSADOR_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: AMBASSADOR_DRAIN_TIME
+ value: '600'
+ - name: AMBASSADOR_INTERNAL_URL
+ value: https://127.0.0.1:8443
+ - name: AMBASSADOR_URL
+ value: https://ambassador.ambassador.svc.cluster.local
+ - name: POLL_EVERY_SECS
+ value: '60'
+ - name: REDIS_URL
+ value: edge-stack-redis:6379
+
+ securityContext:
+ allowPrivilegeEscalation: false
+ livenessProbe:
+ httpGet:
+ path: /ambassador/v0/check_alive
+ port: admin
+ failureThreshold: 3
+ initialDelaySeconds: 30
+ periodSeconds: 3
+ readinessProbe:
+ httpGet:
+ path: /ambassador/v0/check_ready
+ port: admin
+ failureThreshold: 3
+ initialDelaySeconds: 30
+ periodSeconds: 3
+ volumeMounts:
+ - name: ambassador-pod-info
+ mountPath: /tmp/ambassador-pod-info
+ readOnly: true
+
+ - name: edge-stack-secrets
+ mountPath: /.config/ambassador
+ readOnly: true
+
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 600Mi
+ requests:
+ cpu: 200m
+ memory: 300Mi
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ product: aes
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ imagePullSecrets: []
+ dnsPolicy: ClusterFirst
+ hostNetwork: false
+---
+# Source: edge-stack/charts/emissary-ingress/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: edge-stack
+ namespace: default
+ labels:
+ product: aes
+---
+# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: edge-stack
+ labels:
+ product: aes
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: edge-stack
+subjects:
+- name: edge-stack
+ namespace: default
+ kind: ServiceAccount
+---
+# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: edge-stack
+ labels:
+ product: aes
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rbac.getambassador.io/role-group: edge-stack
+rules: []
+---
+# Source: edge-stack/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: edge-stack-aes
+ labels:
+ product: aes
+ rbac.getambassador.io/role-group: edge-stack
+rules:
+- apiGroups: ['']
+ resources: [secrets]
+ verbs: [get, list, watch, create, update]
+
+- apiGroups: ['']
+ resources: [events]
+ verbs: [get, list, watch, create, patch]
+
+- apiGroups: [coordination.k8s.io]
+ resources: [leases]
+ verbs: [get, create, update]
+
+- apiGroups: ['']
+ resources: [endpoints]
+ verbs: [get, list, watch, create, update]
+---
+# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml
+# CRDs are cluster scoped resources, so they need to be in a cluster role,
+# even if ambassador is running in single namespace mode
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: edge-stack-crd
+ labels:
+ product: aes
+ rbac.getambassador.io/role-group: edge-stack
+rules:
+- apiGroups: [apiextensions.k8s.io]
+ resources: [customresourcedefinitions]
+ verbs: [get, list, watch, delete]
+---
+# Source: edge-stack/charts/emissary-ingress/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: edge-stack-watch
+ labels:
+ product: aes
+ rbac.getambassador.io/role-group: edge-stack
+rules:
+- apiGroups: ['']
+ resources:
+ - namespaces
+ - services
+ - secrets
+ - endpoints
+ verbs: [get, list, watch]
+
+- apiGroups: [x.getambassador.io, getambassador.io]
+ resources: ['*']
+ verbs: [get, list, watch, update, patch, create, delete]
+
+- apiGroups: [getambassador.io]
+ resources: [mappings/status]
+ verbs: [update]
+
+- apiGroups: [x.getambassador.io]
+ resources: [ambassadormappings/status]
+ verbs: [update]
+
+- apiGroups: [networking.internal.knative.dev]
+ resources: [clusteringresses, ingresses]
+ verbs: [get, list, watch]
+
+- apiGroups: [networking.x-k8s.io]
+ resources: ['*']
+ verbs: [get, list, watch]
+
+- apiGroups: [networking.internal.knative.dev]
+ resources: [ingresses/status, clusteringresses/status]
+ verbs: [update]
+
+- apiGroups: [extensions, networking.k8s.io]
+ resources: [ingresses, ingressclasses]
+ verbs: [get, list, watch]
+
+- apiGroups: [extensions, networking.k8s.io]
+ resources: [ingresses/status]
+ verbs: [update]
diff --git a/manifests/edge-stack/resources-migration.yaml b/manifests/edge-stack/resources-migration.yaml
new file mode 100644
index 0000000..e3a22ff
--- /dev/null
+++ b/manifests/edge-stack/resources-migration.yaml
@@ -0,0 +1,94 @@
+# GENERATED FILE: edits made by hand will not be preserved.
+---
+# Source: edge-stack/templates/aes-ratelimit.yaml
+apiVersion: getambassador.io/v2
+kind: RateLimitService
+metadata:
+ name: edge-stack-ratelimit
+ namespace: default
+ labels:
+ product: aes
+spec:
+ service: 127.0.0.1:8500
+---
+# Source: edge-stack/templates/aes-authservice.yaml
+apiVersion: getambassador.io/v2
+kind: AuthService
+metadata:
+ name: edge-stack-auth
+ namespace: default
+ labels:
+ product: aes
+spec:
+ proto: grpc
+ auth_service: 127.0.0.1:8500
+ allow_request_body: false
+ status_on_error:
+ code: 504
+---
+# Source: edge-stack/templates/aes-internal.yaml
+# Configure DevPortal
+apiVersion: x.getambassador.io/v3alpha1
+kind: AmbassadorMapping
+metadata:
+ # This Mapping name is referenced by convention, it's important to leave as-is.
+ name: edge-stack-devportal
+ namespace: default
+ labels:
+ product: aes
+spec:
+ prefix: /documentation/
+ hostname: '*'
+ rewrite: /docs/
+ service: 127.0.0.1:8500
+---
+# Source: edge-stack/templates/aes-internal.yaml
+apiVersion: x.getambassador.io/v3alpha1
+kind: AmbassadorMapping
+metadata:
+ name: edge-stack-devportal-assets
+ namespace: default
+ labels:
+ product: aes
+spec:
+ prefix: /documentation/(assets|styles)/(.*)(.css)
+ hostname: '*'
+ prefix_regex: true
+ regex_rewrite:
+ pattern: /documentation/(.*)
+ substitution: /docs/\1
+ service: 127.0.0.1:8500
+ add_response_headers:
+ cache-control:
+ value: public, max-age=3600, immutable
+ append: false
+---
+# Source: edge-stack/templates/aes-internal.yaml
+apiVersion: x.getambassador.io/v3alpha1
+kind: AmbassadorMapping
+metadata:
+ # This Mapping name is what the demo uses. Sigh.
+ name: edge-stack-devportal-demo
+ namespace: default
+ labels:
+ product: aes
+spec:
+ prefix: /docs/
+ hostname: '*'
+ rewrite: /docs/
+ service: 127.0.0.1:8500
+---
+# Source: edge-stack/templates/aes-internal.yaml
+apiVersion: x.getambassador.io/v3alpha1
+kind: AmbassadorMapping
+metadata:
+ # This Mapping name is referenced by convention, it's important to leave as-is.
+ name: edge-stack-devportal-api
+ namespace: default
+ labels:
+ product: aes
+spec:
+ prefix: /openapi/
+ hostname: '*'
+ rewrite: ''
+ service: 127.0.0.1:8500