From 0a57ea1d2c64133db79dc472e6eea3064823a815 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 24 Sep 2024 11:09:26 -0500 Subject: [PATCH 1/2] chore: Deprecate AppMesh charts following announcement for end of support of the AWS AppMesh service --- README.md | 22 +- stable/appmesh-controller/.helmignore | 24 - stable/appmesh-controller/Chart.yaml | 16 - stable/appmesh-controller/README.md | 453 -- stable/appmesh-controller/ci/values.yaml | 9 - stable/appmesh-controller/crds/crds.yaml | 4155 ----------------- .../crds/kustomization.yaml | 4 - stable/appmesh-controller/templates/NOTES.txt | 1 - .../appmesh-controller/templates/_helpers.tpl | 69 - .../templates/deployment.yaml | 152 - stable/appmesh-controller/templates/pdb.yaml | 18 - stable/appmesh-controller/templates/psp.yaml | 57 - stable/appmesh-controller/templates/rbac.yaml | 81 - .../appmesh-controller/templates/service.yaml | 13 - .../templates/serviceaccount.yaml | 13 - .../appmesh-controller/templates/webhook.yaml | 157 - stable/appmesh-controller/test.yaml | 177 - .../upgrade/pre_upgrade_check.sh | 110 - stable/appmesh-controller/values.yaml | 168 - stable/appmesh-controller/webhookconfig.yaml | 20 - stable/appmesh-gateway/.helmignore | 24 - stable/appmesh-gateway/Chart.yaml | 18 - stable/appmesh-gateway/README.md | 118 - stable/appmesh-gateway/ci/values.yaml | 7 - stable/appmesh-gateway/templates/NOTES.txt | 1 - stable/appmesh-gateway/templates/_helpers.tpl | 57 - .../appmesh-gateway/templates/deployment.yaml | 80 - stable/appmesh-gateway/templates/gateway.yaml | 24 - stable/appmesh-gateway/templates/hpa.yaml | 23 - stable/appmesh-gateway/templates/psp.yaml | 57 - stable/appmesh-gateway/templates/service.yaml | 21 - .../templates/serviceaccount.yaml | 13 - stable/appmesh-gateway/values.yaml | 70 - stable/appmesh-grafana/.helmignore | 21 - stable/appmesh-grafana/Chart.yaml | 21 - stable/appmesh-grafana/README.md | 56 - .../dashboards/canary-releases.json | 1270 ----- .../dashboards/control-plane.json | 682 --- .../dashboards/data-plane.json | 2492 ---------- stable/appmesh-grafana/templates/NOTES.txt | 1 - stable/appmesh-grafana/templates/_helpers.tpl | 56 - stable/appmesh-grafana/templates/account.yaml | 8 - .../templates/dashboards-cfg.yaml | 8 - .../templates/datasources-cfg.yaml | 19 - .../appmesh-grafana/templates/deployment.yaml | 88 - .../templates/grafana-cfg.yaml | 13 - .../templates/providers-cfg.yaml | 18 - stable/appmesh-grafana/templates/psp.yaml | 57 - stable/appmesh-grafana/templates/service.yaml | 16 - stable/appmesh-grafana/values.yaml | 43 - stable/appmesh-inject/.helmignore | 21 - stable/appmesh-inject/Chart.yaml | 19 - stable/appmesh-inject/README.md | 88 - stable/appmesh-inject/ci/values.yaml | 8 - stable/appmesh-inject/templates/NOTES.txt | 1 - stable/appmesh-inject/templates/_helpers.tpl | 68 - stable/appmesh-inject/templates/account.yaml | 8 - .../appmesh-inject/templates/deployment.yaml | 96 - stable/appmesh-inject/templates/mesh.yaml | 14 - stable/appmesh-inject/templates/psp.yaml | 57 - stable/appmesh-inject/templates/rbac.yaml | 27 - stable/appmesh-inject/templates/service.yaml | 15 - stable/appmesh-inject/templates/webhook.yaml | 36 - stable/appmesh-inject/values.yaml | 84 - stable/appmesh-jaeger/.helmignore | 21 - stable/appmesh-jaeger/Chart.yaml | 19 - stable/appmesh-jaeger/README.md | 83 - stable/appmesh-jaeger/templates/NOTES.txt | 3 - stable/appmesh-jaeger/templates/_helpers.tpl | 56 - stable/appmesh-jaeger/templates/account.yaml | 8 - .../appmesh-jaeger/templates/deployment.yaml | 112 - stable/appmesh-jaeger/templates/psp.yaml | 57 - stable/appmesh-jaeger/templates/service.yaml | 20 - stable/appmesh-jaeger/values.yaml | 62 - stable/appmesh-prometheus/.helmignore | 21 - stable/appmesh-prometheus/Chart.yaml | 19 - stable/appmesh-prometheus/README.md | 146 - stable/appmesh-prometheus/templates/NOTES.txt | 1 - .../appmesh-prometheus/templates/_helpers.tpl | 56 - .../appmesh-prometheus/templates/account.yaml | 8 - .../appmesh-prometheus/templates/config.yaml | 151 - .../templates/deployment.yaml | 86 - stable/appmesh-prometheus/templates/psp.yaml | 57 - stable/appmesh-prometheus/templates/rbac.yaml | 38 - .../appmesh-prometheus/templates/service.yaml | 16 - stable/appmesh-prometheus/values.yaml | 55 - stable/appmesh-spire-agent/Chart.yaml | 17 - stable/appmesh-spire-agent/README.md | 46 - .../appmesh-spire-agent/templates/NOTES.txt | 1 - .../templates/_helpers.tpl | 56 - .../templates/account.yaml | 13 - .../templates/deployment.yaml | 68 - .../appmesh-spire-agent/templates/rbac.yaml | 27 - .../templates/spire-agent-cfg.yaml | 41 - stable/appmesh-spire-agent/values.yaml | 53 - stable/appmesh-spire-server/Chart.yaml | 17 - stable/appmesh-spire-server/README.md | 62 - .../appmesh-spire-server/templates/NOTES.txt | 1 - .../templates/_helpers.tpl | 56 - .../templates/account.yaml | 14 - .../templates/deployment.yaml | 60 - .../appmesh-spire-server/templates/rbac.yaml | 55 - .../templates/service.yaml | 13 - .../templates/spire-bundle-cfg.yaml | 5 - .../templates/spire-server-cfg.yaml | 59 - stable/appmesh-spire-server/values.yaml | 57 - 106 files changed, 13 insertions(+), 13446 deletions(-) delete mode 100644 stable/appmesh-controller/.helmignore delete mode 100644 stable/appmesh-controller/Chart.yaml delete mode 100644 stable/appmesh-controller/README.md delete mode 100644 stable/appmesh-controller/ci/values.yaml delete mode 100644 stable/appmesh-controller/crds/crds.yaml delete mode 100644 stable/appmesh-controller/crds/kustomization.yaml delete mode 100644 stable/appmesh-controller/templates/NOTES.txt delete mode 100644 stable/appmesh-controller/templates/_helpers.tpl delete mode 100644 stable/appmesh-controller/templates/deployment.yaml delete mode 100644 stable/appmesh-controller/templates/pdb.yaml delete mode 100644 stable/appmesh-controller/templates/psp.yaml delete mode 100644 stable/appmesh-controller/templates/rbac.yaml delete mode 100644 stable/appmesh-controller/templates/service.yaml delete mode 100644 stable/appmesh-controller/templates/serviceaccount.yaml delete mode 100644 stable/appmesh-controller/templates/webhook.yaml delete mode 100644 stable/appmesh-controller/test.yaml delete mode 100755 stable/appmesh-controller/upgrade/pre_upgrade_check.sh delete mode 100644 stable/appmesh-controller/values.yaml delete mode 100644 stable/appmesh-controller/webhookconfig.yaml delete mode 100644 stable/appmesh-gateway/.helmignore delete mode 100644 stable/appmesh-gateway/Chart.yaml delete mode 100644 stable/appmesh-gateway/README.md delete mode 100644 stable/appmesh-gateway/ci/values.yaml delete mode 100644 stable/appmesh-gateway/templates/NOTES.txt delete mode 100644 stable/appmesh-gateway/templates/_helpers.tpl delete mode 100644 stable/appmesh-gateway/templates/deployment.yaml delete mode 100644 stable/appmesh-gateway/templates/gateway.yaml delete mode 100644 stable/appmesh-gateway/templates/hpa.yaml delete mode 100644 stable/appmesh-gateway/templates/psp.yaml delete mode 100644 stable/appmesh-gateway/templates/service.yaml delete mode 100644 stable/appmesh-gateway/templates/serviceaccount.yaml delete mode 100644 stable/appmesh-gateway/values.yaml delete mode 100644 stable/appmesh-grafana/.helmignore delete mode 100644 stable/appmesh-grafana/Chart.yaml delete mode 100644 stable/appmesh-grafana/README.md delete mode 100644 stable/appmesh-grafana/dashboards/canary-releases.json delete mode 100644 stable/appmesh-grafana/dashboards/control-plane.json delete mode 100644 stable/appmesh-grafana/dashboards/data-plane.json delete mode 100644 stable/appmesh-grafana/templates/NOTES.txt delete mode 100644 stable/appmesh-grafana/templates/_helpers.tpl delete mode 100644 stable/appmesh-grafana/templates/account.yaml delete mode 100644 stable/appmesh-grafana/templates/dashboards-cfg.yaml delete mode 100644 stable/appmesh-grafana/templates/datasources-cfg.yaml delete mode 100644 stable/appmesh-grafana/templates/deployment.yaml delete mode 100644 stable/appmesh-grafana/templates/grafana-cfg.yaml delete mode 100644 stable/appmesh-grafana/templates/providers-cfg.yaml delete mode 100644 stable/appmesh-grafana/templates/psp.yaml delete mode 100644 stable/appmesh-grafana/templates/service.yaml delete mode 100644 stable/appmesh-grafana/values.yaml delete mode 100644 stable/appmesh-inject/.helmignore delete mode 100644 stable/appmesh-inject/Chart.yaml delete mode 100644 stable/appmesh-inject/README.md delete mode 100644 stable/appmesh-inject/ci/values.yaml delete mode 100644 stable/appmesh-inject/templates/NOTES.txt delete mode 100644 stable/appmesh-inject/templates/_helpers.tpl delete mode 100644 stable/appmesh-inject/templates/account.yaml delete mode 100644 stable/appmesh-inject/templates/deployment.yaml delete mode 100644 stable/appmesh-inject/templates/mesh.yaml delete mode 100644 stable/appmesh-inject/templates/psp.yaml delete mode 100644 stable/appmesh-inject/templates/rbac.yaml delete mode 100644 stable/appmesh-inject/templates/service.yaml delete mode 100644 stable/appmesh-inject/templates/webhook.yaml delete mode 100644 stable/appmesh-inject/values.yaml delete mode 100644 stable/appmesh-jaeger/.helmignore delete mode 100644 stable/appmesh-jaeger/Chart.yaml delete mode 100644 stable/appmesh-jaeger/README.md delete mode 100644 stable/appmesh-jaeger/templates/NOTES.txt delete mode 100644 stable/appmesh-jaeger/templates/_helpers.tpl delete mode 100644 stable/appmesh-jaeger/templates/account.yaml delete mode 100644 stable/appmesh-jaeger/templates/deployment.yaml delete mode 100644 stable/appmesh-jaeger/templates/psp.yaml delete mode 100644 stable/appmesh-jaeger/templates/service.yaml delete mode 100644 stable/appmesh-jaeger/values.yaml delete mode 100644 stable/appmesh-prometheus/.helmignore delete mode 100644 stable/appmesh-prometheus/Chart.yaml delete mode 100644 stable/appmesh-prometheus/README.md delete mode 100644 stable/appmesh-prometheus/templates/NOTES.txt delete mode 100644 stable/appmesh-prometheus/templates/_helpers.tpl delete mode 100644 stable/appmesh-prometheus/templates/account.yaml delete mode 100644 stable/appmesh-prometheus/templates/config.yaml delete mode 100644 stable/appmesh-prometheus/templates/deployment.yaml delete mode 100644 stable/appmesh-prometheus/templates/psp.yaml delete mode 100644 stable/appmesh-prometheus/templates/rbac.yaml delete mode 100644 stable/appmesh-prometheus/templates/service.yaml delete mode 100644 stable/appmesh-prometheus/values.yaml delete mode 100644 stable/appmesh-spire-agent/Chart.yaml delete mode 100644 stable/appmesh-spire-agent/README.md delete mode 100644 stable/appmesh-spire-agent/templates/NOTES.txt delete mode 100644 stable/appmesh-spire-agent/templates/_helpers.tpl delete mode 100644 stable/appmesh-spire-agent/templates/account.yaml delete mode 100644 stable/appmesh-spire-agent/templates/deployment.yaml delete mode 100644 stable/appmesh-spire-agent/templates/rbac.yaml delete mode 100644 stable/appmesh-spire-agent/templates/spire-agent-cfg.yaml delete mode 100644 stable/appmesh-spire-agent/values.yaml delete mode 100644 stable/appmesh-spire-server/Chart.yaml delete mode 100644 stable/appmesh-spire-server/README.md delete mode 100644 stable/appmesh-spire-server/templates/NOTES.txt delete mode 100644 stable/appmesh-spire-server/templates/_helpers.tpl delete mode 100644 stable/appmesh-spire-server/templates/account.yaml delete mode 100644 stable/appmesh-spire-server/templates/deployment.yaml delete mode 100644 stable/appmesh-spire-server/templates/rbac.yaml delete mode 100644 stable/appmesh-spire-server/templates/service.yaml delete mode 100644 stable/appmesh-spire-server/templates/spire-bundle-cfg.yaml delete mode 100644 stable/appmesh-spire-server/templates/spire-server-cfg.yaml delete mode 100644 stable/appmesh-spire-server/values.yaml diff --git a/README.md b/README.md index 67afd8c3d..3ebeeea94 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,17 @@ helm repo add eks https://aws.github.io/eks-charts ### App Mesh -* [appmesh-controller](stable/appmesh-controller): App Mesh controller Helm chart for Kubernetes -* [appmesh-prometheus](stable/appmesh-prometheus): App Mesh Prometheus Helm chart for Kubernetes -* [appmesh-grafana](stable/appmesh-grafana): App Mesh Grafana Helm chart for Kubernetes -* [appmesh-jaeger](stable/appmesh-jaeger): App Mesh Jaeger Helm chart for Kubernetes -* [appmesh-spire-server](stable/appmesh-spire-server): App Mesh SPIRE Server Helm chart for Kubernetes -* [appmesh-spire-agent](stable/appmesh-spire-agent): App Mesh SPIRE Agent Helm chart for Kubernetes -* [appmesh-gateway](stable/appmesh-gateway): App Mesh Gateway Helm chart for Kubernetes -* [appmesh-inject](stable/appmesh-inject)(**deprecated**): App Mesh inject Helm chart for Kubernetes +> [!WARNING] +> The following Helm charts are deprecated following the announcement of discontinued support for [AWS AppMesh](https://aws.amazon.com/blogs/containers/migrating-from-aws-app-mesh-to-amazon-ecs-service-connect/) + +* `appmesh-controller`: App Mesh controller Helm chart for Kubernetes +* `appmesh-prometheus`: App Mesh Prometheus Helm chart for Kubernetes +* `appmesh-grafana`: App Mesh Grafana Helm chart for Kubernetes +* `appmesh-jaeger`: App Mesh Jaeger Helm chart for Kubernetes +* `appmesh-spire-server`: App Mesh SPIRE Server Helm chart for Kubernetes +* `appmesh-spire-agent`: App Mesh SPIRE Agent Helm chart for Kubernetes +* `appmesh-gateway`: App Mesh Gateway Helm chart for Kubernetes +* `appmesh-inject`: App Mesh inject Helm chart for Kubernetes ### AWS Node Termination Handler @@ -25,7 +28,8 @@ helm repo add eks https://aws.github.io/eks-charts ### AWS Calico -**This Helm chart is deprecated**. To install Calico network policy enforcement on AWS, follow the EKS [user guide](https://docs.aws.amazon.com/eks/latest/userguide/calico.html). +> [!WARNING] +> This Helm chart is deprecated. To install Calico network policy enforcement on AWS, follow the EKS [user guide](https://docs.aws.amazon.com/eks/latest/userguide/calico.html). ### AWS CloudWatch Metrics diff --git a/stable/appmesh-controller/.helmignore b/stable/appmesh-controller/.helmignore deleted file mode 100644 index bbcfa462d..000000000 --- a/stable/appmesh-controller/.helmignore +++ /dev/null @@ -1,24 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -crds/kustomization.yaml diff --git a/stable/appmesh-controller/Chart.yaml b/stable/appmesh-controller/Chart.yaml deleted file mode 100644 index ea0a3f6f3..000000000 --- a/stable/appmesh-controller/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -name: appmesh-controller -description: App Mesh controller Helm chart for Kubernetes -version: 1.13.1 -appVersion: 1.13.1 -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/eks-charts -maintainers: - - name: Kishor Joshi - url: https://github.com/kishorj - email: kishorj@users.noreply.github.com -keywords: - - eks - - appmesh diff --git a/stable/appmesh-controller/README.md b/stable/appmesh-controller/README.md deleted file mode 100644 index 2e2b0435f..000000000 --- a/stable/appmesh-controller/README.md +++ /dev/null @@ -1,453 +0,0 @@ -# App Mesh Controller - -> :warning: **This controller is published in multiple repos**: Contributions to this Helm chart must be written to [aws/aws-app-mesh-controller-for-k8s Github repo.](https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/config/helm/appmesh-controller) PRs to other repos like **aws/eks-charts** may be closed or overwritten upon next controller release. - -App Mesh controller Helm chart for Kubernetes - -**Note**: If you wish to use [App Mesh preview](https://docs.aws.amazon.com/app-mesh/latest/userguide/preview.html) features, please refer to our [preview version](https://github.com/aws/eks-charts/blob/preview/stable/appmesh-controller/README.md) instructions. - -## Prerequisites - -* Kubernetes >= 1.14 -* IAM permissions (see below) - -## Installing the Chart - -**Note**: AppMesh controller v1.0.0+ is **backwards incompatible** with old versions(e.g. v0.5.0). -If you're running an older version of App Mesh controller, please go to the [upgrade](#upgrade) section below before you proceed. If you are unsure, please run the `appmesh-controller/upgrade/pre_upgrade_check.sh` script to check if your cluster can be upgraded - -Add the EKS repository to Helm: - -```sh -helm repo add eks https://aws.github.io/eks-charts -``` - -Install the App Mesh CRDs: - -```sh -kubectl apply -k "github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=master" -``` - -Create namespace -```sh -kubectl create ns appmesh-system -``` - -The controller runs on the worker nodes, so it needs access to the AWS App Mesh / Cloud Map resources via IAM permissions. The IAM permissions can either be setup via IAM roles for service account or can be attached directly to the worker node IAM roles. - -#### Setup IAM Role for Service Account - -``` -export CLUSTER_NAME= -export AWS_REGION= -export AWS_ACCOUNT_ID= -``` - -Enable IAM OIDC provider -```sh -eksctl utils associate-iam-oidc-provider --region=$AWS_REGION \ - --cluster=$CLUSTER_NAME \ - --approve -``` - -Download the IAM policy for AWS App Mesh Kubernetes Controller -``` -curl -o controller-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json -``` - -Create an IAM policy called AWSAppMeshK8sControllerIAMPolicy -``` -aws iam create-policy \ - --policy-name AWSAppMeshK8sControllerIAMPolicy \ - --policy-document file://controller-iam-policy.json -``` -Take note of the policy ARN that is returned - -Create an IAM role for service account for the App Mesh Kubernetes controller, use the ARN from the step above - -> Note: if you deleted `serviceaccount` in the `appmesh-system` namespace, you will need to delete and re-create `iamserviceaccount`. `eksctl` does not override the `iamserviceaccount` correctly ([see this issue](https://github.com/weaveworks/eksctl/issues/2665)) - -``` -eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ - --namespace appmesh-system \ - --name appmesh-controller \ - --attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/AWSAppMeshK8sControllerIAMPolicy \ - --override-existing-serviceaccounts \ - --approve -``` - -Deploy appmesh-controller - -**Note:** To enable mTLS via SDS(SPIRE), please set "sds.enabled=true". - -```sh -helm upgrade -i appmesh-controller eks/appmesh-controller \ - --namespace appmesh-system \ - --set region=$AWS_REGION \ - --set serviceAccount.create=false \ - --set serviceAccount.name=appmesh-controller -``` - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -**Note** -If you want to start the controller in the EKS private cluster, enable the app mesh and service discovery VPC endpoints to the linked private subnet first. Also accountId is a required field now as `--set accountId=$AWS_ACCOUNT_ID`. -If you want to enable X-ray tracing in private cluster, enable the X-ray VPC endpoint. Also, ECR VPC endpoint [does not support public repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). Controller uses `public.ecr.aws/xray/aws-xray-daemon:latest` by default, so you need to pull this image to local and [push it into your personal ECR repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html). Set it when deploying the controller like: -``` -helm upgrade -i appmesh-controller eks/appmesh-controller \ - --namespace appmesh-system \ - --set region=$AWS_REGION \ - --set serviceAccount.create=false \ - --set serviceAccount.name=appmesh-controller \ - --set accountId=$AWS_ACCOUNT_ID \ - --set log.level=debug \ - --set tracing.enabled=true \ - --set tracing.provider=x-ray \ - --set xray.image.repository={your-account-id}.dkr.ecr.{your-region}.amazonaws.com/{your-repository} \ - --set xray.image.tag={your-xray-daemon-image-tag} -``` -Verify if the X-ray daemon being injected successfully when binding application deployment with virtual node/gateway. -More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html - -**Note** -Make sure that the Envoy proxies have the following IAM policies attached for the Envoy to authenticate with AWS App Mesh and fetch it's configuration -- https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json - -There are **2 ways** you can attach the above policy to the Envoy Pod -#### With IRSA -Download the Envoy IAM policy -``` -curl -o envoy-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json -``` - -Create an IAM policy called AWSAppMeshEnvoyIAMPolicy -``` -aws iam create-policy \ - --policy-name AWSAppMeshEnvoyIAMPolicy \ - --policy-document file://envoy-iam-policy.json -``` - -Take note of the policy ARN that is returned - -If your Mesh enabled applications are already using IRSA then you can attach the above policy to the role belonging to the existing IRSA or you can edit the Trust Relationship of the existing iam role which has this envoy policy so that some other service account in your mesh can also assume this role. - -If not then you can create a service account for your application namespace and use the ARN from the step above. Ensure that Application Namespace already exists - -``` -eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ - --namespace \ - --name envoy-proxy \ - --attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/AWSAppMeshEnvoyIAMPolicy \ - --override-existing-serviceaccounts \ - --approve -``` - -Reference this Service Account in your application pod spec. This should be the pod which would get injected with the Envoy. Refer below example: -``` -https://github.com/aws/aws-app-mesh-examples/blob/5a2d04227593d292d52e5e2ca638d808ebed5e70/walkthroughs/howto-k8s-fargate/v1beta2/manifest.yaml.template#L220 -``` - -#### Without IRSA -Find the Node Instance IAM Role from your worker nodes and attach below policies to it. -**Note** If you created service account for the controller as indicated above then you can skip attaching the Controller IAM policy to worker nodes. Instead attach only the Envoy IAM policy. - -Controller IAM policy -- https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json -Use below command to download the policy if not already -```sh -curl -o controller-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json -``` - -Envoy IAM policy -Attach the below envoy policy to your Worker Nodes (Node Instance IAM Role) -- https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json -Use below command to download the policy if not already -```sh -curl -o envoy-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json -``` - -Apply the IAM policy directly to the worker nodes by replacing the ``, ``, and `` in below command: -```sh -aws iam put-role-policy --role-name --policy-name --policy-document file:// -``` - -Deploy appmesh-controller -```sh -helm upgrade -i appmesh-controller eks/appmesh-controller \ - --namespace appmesh-system -``` - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -### Installation on EKS with Fargate - -``` -export CLUSTER_NAME= -export AWS_REGION= -export AWS_ACCOUNT_ID= -``` - -Create namespace -```sh -kubectl create ns appmesh-system -``` - -Setup EKS Fargate profile -```sh -eksctl create fargateprofile --cluster $CLUSTER_NAME --namespace appmesh-system -``` - -Enable IAM OIDC provider -```sh -eksctl utils associate-iam-oidc-provider --region=$AWS_REGION --cluster=$CLUSTER_NAME --approve -``` - -Download the IAM policy for AWS App Mesh Kubernetes Controller -``` -curl -o controller-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json -``` - -Create an IAM policy called AWSAppMeshK8sControllerIAMPolicy -``` -aws iam create-policy \ - --policy-name AWSAppMeshK8sControllerIAMPolicy \ - --policy-document file://controller-iam-policy.json -``` -Take note of the policy ARN that is returned - -Create an IAM role for service account for the App Mesh Kubernetes controller, use the ARN from the step above - -> Note: if you deleted `serviceaccount` in the `appmesh-system` namespace, you will need to delete and re-create `iamserviceaccount`. `eksctl` does not override the `iamserviceaccount` correctly ([see this issue](https://github.com/weaveworks/eksctl/issues/2665)) - -``` -eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ - --namespace appmesh-system \ - --name appmesh-controller \ - --attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/AWSAppMeshK8sControllerIAMPolicy \ - --override-existing-serviceaccounts \ - --approve -``` - -Deploy appmesh-controller - -**Note:** mTLS via SDS(SPIRE) is not supported on Fargate. - -```sh -helm upgrade -i appmesh-controller eks/appmesh-controller \ - --namespace appmesh-system \ - --set region=$AWS_REGION \ - --set serviceAccount.create=false \ - --set serviceAccount.name=appmesh-controller -``` - -## Upgrade - -This section will assist you in upgrading the appmesh-controller from <=v0.5.0 version to >=v1.0.0 version. - -You can either build new CRDs from scratch or migrate existing CRDs to the new schema. Please refer to the documentation [here for the new API spec](https://aws.github.io/aws-app-mesh-controller-for-k8s/reference/api_spec/). Also, you can find several examples [here](https://github.com/aws/aws-app-mesh-examples/tree/main/walkthroughs) with v1beta2 spec to help you get started. - -Starting v1.0.0, Mesh resource supports namespaceSelectors, where you can either select namespace based on labels (recommended option) or select all namespaces. To select a namespace in a Mesh, you will need to define `namespaceSelector`: - -``` -apiVersion: appmesh.k8s.aws/v1beta2 -kind: Mesh -metadata: - name: -spec: - namespaceSelector: - matchLabels: - mesh: // any string value -``` - -Note: If you set `namespaceSelector: {}`, mesh will select all the namespace in your cluster. Labels on your namespace spec is a no-op when selecting all namespaces. - -In the namespace spec, you will need to add a label `mesh: `. Here's a sample namespace spec: - -``` -apiVersion: v1 -kind: Namespace -metadata: - name: ns - labels: - mesh: - appmesh.k8s.aws/sidecarInjectorWebhook: enabled -``` - -For more examples, please refer to the walkthroughs [here](https://github.com/aws/aws-app-mesh-examples/tree/main/walkthroughs). If you don't find an example that fits your use-case, please read the API spec [here](https://aws.github.io/aws-app-mesh-controller-for-k8s/reference/api_spec/). If you find an issue in the documentation or the examples, please open an issue and we'll help resolve it. - -### Upgrade without preserving old App Mesh resources - -```sh -# Keep old App Mesh controller running, it is responsible to cleanup App Mesh resources in AWS -# Delete all existing App Mesh custom resources (CRs) -kubectl delete virtualservices --all --all-namespaces -kubectl delete virtualnodes --all --all-namespaces -kubectl delete meshes --all --all-namespaces - -# Delete all existing App Mesh CRDs -kubectl delete customresourcedefinition/virtualservices.appmesh.k8s.aws -kubectl delete customresourcedefinition/virtualnodes.appmesh.k8s.aws -kubectl delete customresourcedefinition/meshes.appmesh.k8s.aws -# Note: If a CRD stuck in deletion, it means there still exists some App Mesh custom resources, please check and delete them. - -# Delete App Mesh controller -helm delete appmesh-controller -n appmesh-system - -# Delete App Mesh injector -helm delete appmesh-inject -n appmesh-system -``` - -Run the `appmesh-controller/upgrade/pre_upgrade_check.sh` script and make sure it passes before you proceed - -Now you can proceed with the installation steps described above - -### Upgrade preserving old App Mesh resources - -```sh -# Save manifests of all existing App Mesh custom resources -kubectl get virtualservices --all-namespaces -o yaml > virtualservices.yaml -kubectl get virtualnodes --all-namespaces -o yaml > virtualnodes.yaml -kubectl get meshes --all-namespaces -o yaml > meshes.yaml - -# Delete App Mesh controller, so it won’t clean up App Mesh resources in AWS while we deleting App Mesh CRs later. -helm delete appmesh-controller -n appmesh-system - -# Delete App Mesh injector. -helm delete appmesh-inject -n appmesh-system - -# Remove finalizers from all existing App Mesh CRs. Otherwise, you won’t be able to delete them - -# To remove the finalizers, you could kubectl edit resource, and delete the finalizers attribute from the spec or run the following command to override finalizers. e.g for virtualnodes -# kubectl get virtualnodes --all-namespaces -o=jsonpath='{range .items[*]}{.metadata.namespace}{"\t"}{.metadata.name}{"\n"}{end}' | xargs -n2 sh -c 'kubectl patch virtualnode/$1 -n $0 -p '\''{"metadata":{"finalizers":null}}'\'' --type=merge' - -# Alternatively, you could modify one resource at a time using -# kubectl get -n -o=json | jq '.metadata.finalizers = null' | kubectl apply -f - - -# Delete all existing App Mesh CRs: -kubectl delete virtualservices --all --all-namespaces -kubectl delete virtualnodes --all --all-namespaces -kubectl delete meshes --all --all-namespaces - -# Delete all existing App Mesh CRDs. -kubectl delete customresourcedefinition/virtualservices.appmesh.k8s.aws -kubectl delete customresourcedefinition/virtualnodes.appmesh.k8s.aws -kubectl delete customresourcedefinition/meshes.appmesh.k8s.aws -# Note: If CRDs are stuck in deletion, it means there still exists some App Mesh CRs, please check and delete them. -``` - -Run the `appmesh-controller/upgrade/pre_upgrade_check.sh` script and make sure it passes before you proceed - -Translate the saved old YAML manifests using v1beta1 App Mesh CRD into v1beta2 App Mesh CRD format. Please refer to CRD types ( -https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/config/crd/bases) and Go types -(https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/apis/appmesh/v1beta2) for the CRD Documentation. -Samples applications are in the repo https://github.com/aws/aws-app-mesh-examples for reference. - -Note: Please specify the current appmesh resource names in the awsName field of the translated specs. - -Install the appmesh-controller, label the namespace with values that mesh is selecting on and apply the translated manifest - -### Upgrade from prior script installation - -If you've installed the App Mesh controllers with scripts, you can remove the controllers with the steps below. -```sh -# remove injector objects -kubectl delete ns appmesh-inject -kubectl delete ClusterRoleBinding aws-app-mesh-inject-binding -kubectl delete ClusterRole aws-app-mesh-inject-cr -kubectl delete MutatingWebhookConfiguration aws-app-mesh-inject - -# remove controller objects -kubectl delete ns appmesh-system -kubectl delete ClusterRoleBinding app-mesh-controller-binding -kubectl delete ClusterRole app-mesh-controller -``` -Run the `appmesh-controller/upgrade/pre_upgrade_check.sh` script and make sure it passes before you proceed - -For handling the existing custom resources and the CRDs please refer to either of the previous upgrade sections as relevant. - -## Running on ARM Based Instances -The controller can run on ARM based instances. To do this you need to specify the ARM64 controller image when deploying the Helm chart. -You can specify the ARM64 image by setting the image.tag Helm parameter to `-linux_arm64` - -For example, to run controller version 1.9.0 on ARM instances you could run the following: -```console -helm upgrade -i appmesh-controller eks/appmesh-controller \ - --namespace appmesh-system \ - --set region=$AWS_REGION \ - --set image.tag=v1.9.0-linux_arm64 -``` - -## Uninstalling the Chart - -To uninstall/delete the `appmesh-controller` deployment: - -```console -$ helm delete appmesh-controller -n appmesh-system -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -Parameter | Description | Default ---- | --- | --- -`image.repository` | image repository | ` 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller` -`image.tag` | image tag | `` -`image.pullPolicy` | image pull policy | `IfNotPresent` -`log.level` | controller log level, possible values are `info` and `debug` | `info` -`sds.enabled` | If `true`, SDS will be enabled in Envoy | `false` -`sds.udsPath` | Unix Domain Socket Path of the SDS Provider(SPIRE in the current release) | `/run/spire/sockets/agent.sock` -`resources.requests/cpu` | pod CPU request | `100m` -`resources.requests/memory` | pod memory request | `64Mi` -`resources.limits/cpu` | pod CPU limit | `2000m` -`resources.limits/memory` | pod memory limit | `1Gi` -`affinity` | node/pod affinities | None -`nodeSelector` | node labels for pod assignment | `{}` -`podAnnotations` | annotations to add to each pod | `{}` -`podLabels` | labels to add to each pod | `{}` -`tolerations` | list of node taints to tolerate | `[]` -`rbac.create` | if `true`, create and use RBAC resources | `true` -`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` -`serviceAccount.annotations` | optional annotations to add to service account | `{}` -`serviceAccount.create` | If `true`, create a new service account | `true` -`serviceAccount.name` | Service account to be used | None -`sidecar.image.repository` | Envoy image repository. If you override with non-Amazon built Envoy image, you will need to test/ensure it works with the App Mesh | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy` -`sidecar.image.tag` | Envoy image tag | `` -`sidecar.logLevel` | Envoy log level | `info` -`sidecar.envoyAdminAccessPort` | Envoy Admin Access Port | `9901` -`sidecar.envoyAdminAccessLogFile` | Envoy Admin Access Log File | `/tmp/envoy_admin_access.log` -`sidecar.resources.requests` | Envoy container resource requests | `requests: cpu 10m memory 32Mi` -`sidecar.resources.limits` | Envoy container resource limits | `limits: cpu "" memory ""` -`sidecar.lifecycleHooks.preStopDelay` | Envoy container PreStop Hook Delay Value | `20s` -`sidecar.lifecycleHooks.postStartInterval` | Envoy container PostStart Hook Interval Value | `5s` -`sidecar.lifecycleHooks.postStartTimeout` | Envoy container PostStart Hook Timeout Value | `180s` -`sidecar.probes.readinessProbeInitialDelay` | Envoy container Readiness Probe Initial Delay | `1s` -`sidecar.probes.readinessProbePeriod` | Envoy container Readiness Probe Period | `10s` -`sidecar.waitUntilProxyReady` | Enable pod postStart hook to delay application startup until proxy is ready to accept traffic | `false` -`init.image.repository` | Route manager image repository | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager` -`init.image.tag` | Route manager image tag | `` -`stats.tagsEnabled` | If `true`, Envoy should include app-mesh tags | `false` -`stats.statsdEnabled` | If `true`, Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 | `false` -`stats.statsdAddress` | DogStatsD daemon IP address. This will be overridden if `stats.statsdSocketPath` is specified | `127.0.0.1` -`stats.statsdPort` | DogStatsD daemon port. This will be overridden if `stats.statsdSocketPath` is specified | `8125` -`stats.statsdSocketPath` | DogStatsD Unix domain socket path. If statsd is enabled but this value is not specified then we will use combination of as the default | None -`cloudMapCustomHealthCheck.enabled` | If `true`, CustomHealthCheck will be enabled for CloudMap Services | `false` -`cloudMapDNS.ttl` | Sets CloudMap DNS TTL. Will set value for new CloudMap services, but will not update existing CloudMap services. Existing CloudMap services can be updated using the [AWS CloudMap API](https://docs.aws.amazon.com/cloud-map/latest/api/API_UpdateService.html) | `300` -`tracing.enabled` | If `true`, Envoy will be configured with tracing | `false` -`tracing.provider` | The tracing provider can be x-ray, jaeger or datadog | `x-ray` -`tracing.address` | Jaeger or Datadog agent server address (ignored for X-Ray) | `appmesh-jaeger.appmesh-system` -`tracing.port` | Jaeger or Datadog agent port (ignored for X-Ray) | `9411` -`tracing.samplingRate` | X-Ray tracer sampling rate. Value can be a decimal number between 0 and 1.00 (100%) | `0.05` -`tracing.logLevel` | X-Ray agent log level, from most verbose to least: dev, debug, info, prod(default), warn, error. | `prod` -`tracing.role` | X-Ray agent assume the specified IAM role to upload segments to a different account | `None` -`enableCertManager` | Enable Cert-Manager | `false` -`xray.image.repository` | X-Ray image repository | `public.ecr.aws/xray/aws-xray-daemon` -`xray.image.tag` | X-Ray image tag | `latest` -`accountId` | AWS Account ID for the Kubernetes cluster | None -`env` | environment variables to be injected into the appmesh-controller pod | `{}` -`livenessProbe` | Liveness probe settings for the controller | (see `values.yaml`) -`podDisruptionBudget` | PodDisruptionBudget | `{}` -`tlsMinVersion` | Minimum TLS version for the controller webhook server as shown in [here](https://github.com/kubernetes/component-base/blob/master/cli/flag/ciphersuites_flag.go#L114) | `VersionTLS12` -`tlsCipherSuite` | Comma delimited TLS cipher suites for the controller webhook server as shown [here](https://pkg.go.dev/crypto/tls#pkg-constants) | None \ No newline at end of file diff --git a/stable/appmesh-controller/ci/values.yaml b/stable/appmesh-controller/ci/values.yaml deleted file mode 100644 index bed5b88c1..000000000 --- a/stable/appmesh-controller/ci/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# CI testing values for appmesh-controller - -# This is a dummy account for CI test. Not a valid account ID -accountId: 123456789 -region: us-west-2 -image: - repository: public.ecr.aws/appmesh/appmesh-controller - tag: v1.13.1 - pullPolicy: IfNotPresent diff --git a/stable/appmesh-controller/crds/crds.yaml b/stable/appmesh-controller/crds/crds.yaml deleted file mode 100644 index 90537e320..000000000 --- a/stable/appmesh-controller/crds/crds.yaml +++ /dev/null @@ -1,4155 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: backendgroups.appmesh.k8s.aws -spec: - group: appmesh.k8s.aws - names: - categories: - - all - kind: BackendGroup - listKind: BackendGroupList - plural: backendgroups - singular: backendgroup - scope: Namespaced - versions: - - name: v1beta2 - schema: - openAPIV3Schema: - description: BackendGroup is the Schema for the backendgroups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackendGroupSpec defines the desired state of BackendGroup - properties: - meshRef: - description: "A reference to k8s Mesh CR that this BackendGroup belongs - to. The admission controller populates it using Meshes's selector, - and prevents users from setting this field. \n Populated by the - system. Read-only." - properties: - name: - description: Name is the name of Mesh CR - type: string - uid: - description: UID is the UID of Mesh CR - type: string - required: - - name - - uid - type: object - virtualservices: - description: VirtualServices defines the set of virtual services in - this BackendGroup. - items: - description: VirtualServiceReference holds a reference to VirtualService.appmesh.k8s.aws - properties: - name: - description: Name is the name of VirtualService CR - type: string - namespace: - description: Namespace is the namespace of VirtualService CR. - If unspecified, defaults to the referencing object's namespace - type: string - required: - - name - type: object - type: array - type: object - status: - description: BackendGroupStatus defines the observed state of BackendGroup - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: gatewayroutes.appmesh.k8s.aws -spec: - group: appmesh.k8s.aws - names: - categories: - - all - kind: GatewayRoute - listKind: GatewayRouteList - plural: gatewayroutes - singular: gatewayroute - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The AppMesh GatewayRoute object's Amazon Resource Name - jsonPath: .status.gatewayRouteARN - name: ARN - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: GatewayRoute is the Schema for the gatewayroutes API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GatewayRouteSpec defines the desired state of GatewayRoute - refers to https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_gateways.html - properties: - awsName: - description: AWSName is the AppMesh GatewayRoute object's name. If - unspecified or empty, it defaults to be "${name}_${namespace}" of - k8s GatewayRoute - type: string - grpcRoute: - description: An object that represents the specification of a gRPC - gatewayRoute. - properties: - action: - description: An object that represents the action to take if a - match is determined. - properties: - rewrite: - description: GrpcGatewayRouteRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GrpcGatewayRouteRewrite.html - properties: - hostname: - description: GatewayRouteHostnameRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GatewayRouteHostnameRewrite.html - ENABLE or DISABLE default behavior for Hostname rewrite - properties: - defaultTargetHostname: - enum: - - ENABLED - - DISABLED - type: string - type: object - type: object - target: - description: An object that represents the target that traffic - is routed to when a request matches the route. - properties: - port: - description: Specifies the port of the gateway route target - format: int64 - minimum: 0 - type: integer - virtualService: - description: The virtual service to associate with the - gateway route target. - properties: - virtualServiceARN: - description: Amazon Resource Name to AppMesh VirtualService - object to associate with the gateway route virtual - service target. Exactly one of 'virtualServiceRef' - or 'virtualServiceARN' must be specified. - type: string - virtualServiceRef: - description: Reference to Kubernetes VirtualService - CR in cluster to associate with the gateway route - virtual service target. Exactly one of 'virtualServiceRef' - or 'virtualServiceARN' must be specified. - properties: - name: - description: Name is the name of VirtualService - CR - type: string - namespace: - description: Namespace is the namespace of VirtualService - CR. If unspecified, defaults to the referencing - object's namespace - type: string - required: - - name - type: object - type: object - required: - - virtualService - type: object - required: - - target - type: object - match: - description: An object that represents the criteria for determining - a request match. - properties: - hostname: - description: The client specified Hostname to match on. - properties: - exact: - description: The value sent by the client must match the - specified value exactly. - maxLength: 253 - minLength: 1 - type: string - suffix: - description: The value sent by the client must end with - the specified characters. - maxLength: 253 - minLength: 1 - type: string - type: object - metadata: - description: An object that represents the data to match from - the request. - items: - description: GRPCGatewayRouteMetadata refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GrpcGatewayRouteMetadata.html - properties: - invert: - description: Specify True to match anything except the - match criteria. The default value is False. - type: boolean - match: - description: An object that represents the data to match - from the request. - properties: - exact: - description: The value sent by the client must match - the specified value exactly. - maxLength: 255 - minLength: 1 - type: string - prefix: - description: The value sent by the client must begin - with the specified characters. - maxLength: 255 - minLength: 1 - type: string - range: - description: An object that represents the range - of values to match on - properties: - end: - description: The end of the range. - format: int64 - type: integer - start: - description: The start of the range. - format: int64 - type: integer - required: - - end - - start - type: object - regex: - description: The value sent by the client must include - the specified characters. - maxLength: 255 - minLength: 1 - type: string - suffix: - description: The value sent by the client must end - with the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - name: - description: The name of the route. - maxLength: 50 - minLength: 1 - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - port: - description: Specifies the port the request to be matched - on - format: int64 - minimum: 0 - type: integer - serviceName: - description: Either ServiceName or Hostname must be specified. - Both are allowed as well The fully qualified domain name - for the service to match from the request. - type: string - type: object - required: - - action - - match - type: object - http2Route: - description: An object that represents the specification of an HTTP/2 - gatewayRoute. - properties: - action: - description: An object that represents the action to take if a - match is determined. - properties: - rewrite: - description: HTTPGatewayRouteRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRouteRewrite.html - properties: - hostname: - description: GatewayRouteHostnameRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GatewayRouteHostnameRewrite.html - ENABLE or DISABLE default behavior for Hostname rewrite - properties: - defaultTargetHostname: - enum: - - ENABLED - - DISABLED - type: string - type: object - path: - description: GatewayRoutePathRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRoutePathRewrite.html - properties: - exact: - maxLength: 255 - minLength: 1 - type: string - type: object - prefix: - description: GatewayRoutePrefixRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRoutePrefixRewrite.html - properties: - defaultPrefix: - enum: - - ENABLED - - DISABLED - type: string - value: - description: When DefaultPrefix is specified, Value - cannot be set - maxLength: 255 - minLength: 1 - type: string - type: object - type: object - target: - description: An object that represents the target that traffic - is routed to when a request matches the route. - properties: - port: - description: Specifies the port of the gateway route target - format: int64 - minimum: 0 - type: integer - virtualService: - description: The virtual service to associate with the - gateway route target. - properties: - virtualServiceARN: - description: Amazon Resource Name to AppMesh VirtualService - object to associate with the gateway route virtual - service target. Exactly one of 'virtualServiceRef' - or 'virtualServiceARN' must be specified. - type: string - virtualServiceRef: - description: Reference to Kubernetes VirtualService - CR in cluster to associate with the gateway route - virtual service target. Exactly one of 'virtualServiceRef' - or 'virtualServiceARN' must be specified. - properties: - name: - description: Name is the name of VirtualService - CR - type: string - namespace: - description: Namespace is the namespace of VirtualService - CR. If unspecified, defaults to the referencing - object's namespace - type: string - required: - - name - type: object - type: object - required: - - virtualService - type: object - required: - - target - type: object - match: - description: An object that represents the criteria for determining - a request match. - properties: - headers: - description: An object that represents the client request - headers to match on. - items: - description: HTTPGatewayRouteHeader refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRouteHeader.html - properties: - invert: - description: Specify True to match anything except the - match criteria. The default value is False. - type: boolean - match: - description: The HeaderMatchMethod object. - properties: - exact: - description: The value sent by the client must match - the specified value exactly. - maxLength: 255 - minLength: 1 - type: string - prefix: - description: The value sent by the client must begin - with the specified characters. - maxLength: 255 - minLength: 1 - type: string - range: - description: An object that represents the range - of values to match on. - properties: - end: - description: The end of the range. - format: int64 - type: integer - start: - description: The start of the range. - format: int64 - type: integer - required: - - end - - start - type: object - regex: - description: The value sent by the client must include - the specified characters. - maxLength: 255 - minLength: 1 - type: string - suffix: - description: The value sent by the client must end - with the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - name: - description: A name for the HTTP header in the client - request that will be matched on. - maxLength: 50 - minLength: 1 - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - hostname: - description: The client specified Hostname to match on. - properties: - exact: - description: The value sent by the client must match the - specified value exactly. - maxLength: 253 - minLength: 1 - type: string - suffix: - description: The value sent by the client must end with - the specified characters. - maxLength: 253 - minLength: 1 - type: string - type: object - method: - description: The client request method to match on. - enum: - - CONNECT - - DELETE - - GET - - HEAD - - OPTIONS - - PATCH - - POST - - PUT - - TRACE - type: string - path: - description: Specified path of the request to be matched on - properties: - exact: - description: The value sent by the client must match the - specified value exactly. - maxLength: 255 - minLength: 1 - type: string - regex: - description: The value sent by the client must end with - the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - port: - description: Specifies the port the request to be matched - on - format: int64 - minimum: 0 - type: integer - prefix: - description: Either Prefix or Hostname must be specified. - Both are allowed as well. Specifies the prefix to match - requests with - type: string - queryParameters: - description: Client specified query parameters to match on - items: - description: HTTPQueryParameters refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpQueryParameter.html - properties: - match: - description: The QueryMatchMethod object. - properties: - exact: - type: string - type: object - name: - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - type: object - required: - - action - - match - type: object - httpRoute: - description: An object that represents the specification of an HTTP - gatewayRoute. - properties: - action: - description: An object that represents the action to take if a - match is determined. - properties: - rewrite: - description: HTTPGatewayRouteRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRouteRewrite.html - properties: - hostname: - description: GatewayRouteHostnameRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GatewayRouteHostnameRewrite.html - ENABLE or DISABLE default behavior for Hostname rewrite - properties: - defaultTargetHostname: - enum: - - ENABLED - - DISABLED - type: string - type: object - path: - description: GatewayRoutePathRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRoutePathRewrite.html - properties: - exact: - maxLength: 255 - minLength: 1 - type: string - type: object - prefix: - description: GatewayRoutePrefixRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRoutePrefixRewrite.html - properties: - defaultPrefix: - enum: - - ENABLED - - DISABLED - type: string - value: - description: When DefaultPrefix is specified, Value - cannot be set - maxLength: 255 - minLength: 1 - type: string - type: object - type: object - target: - description: An object that represents the target that traffic - is routed to when a request matches the route. - properties: - port: - description: Specifies the port of the gateway route target - format: int64 - minimum: 0 - type: integer - virtualService: - description: The virtual service to associate with the - gateway route target. - properties: - virtualServiceARN: - description: Amazon Resource Name to AppMesh VirtualService - object to associate with the gateway route virtual - service target. Exactly one of 'virtualServiceRef' - or 'virtualServiceARN' must be specified. - type: string - virtualServiceRef: - description: Reference to Kubernetes VirtualService - CR in cluster to associate with the gateway route - virtual service target. Exactly one of 'virtualServiceRef' - or 'virtualServiceARN' must be specified. - properties: - name: - description: Name is the name of VirtualService - CR - type: string - namespace: - description: Namespace is the namespace of VirtualService - CR. If unspecified, defaults to the referencing - object's namespace - type: string - required: - - name - type: object - type: object - required: - - virtualService - type: object - required: - - target - type: object - match: - description: An object that represents the criteria for determining - a request match. - properties: - headers: - description: An object that represents the client request - headers to match on. - items: - description: HTTPGatewayRouteHeader refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRouteHeader.html - properties: - invert: - description: Specify True to match anything except the - match criteria. The default value is False. - type: boolean - match: - description: The HeaderMatchMethod object. - properties: - exact: - description: The value sent by the client must match - the specified value exactly. - maxLength: 255 - minLength: 1 - type: string - prefix: - description: The value sent by the client must begin - with the specified characters. - maxLength: 255 - minLength: 1 - type: string - range: - description: An object that represents the range - of values to match on. - properties: - end: - description: The end of the range. - format: int64 - type: integer - start: - description: The start of the range. - format: int64 - type: integer - required: - - end - - start - type: object - regex: - description: The value sent by the client must include - the specified characters. - maxLength: 255 - minLength: 1 - type: string - suffix: - description: The value sent by the client must end - with the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - name: - description: A name for the HTTP header in the client - request that will be matched on. - maxLength: 50 - minLength: 1 - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - hostname: - description: The client specified Hostname to match on. - properties: - exact: - description: The value sent by the client must match the - specified value exactly. - maxLength: 253 - minLength: 1 - type: string - suffix: - description: The value sent by the client must end with - the specified characters. - maxLength: 253 - minLength: 1 - type: string - type: object - method: - description: The client request method to match on. - enum: - - CONNECT - - DELETE - - GET - - HEAD - - OPTIONS - - PATCH - - POST - - PUT - - TRACE - type: string - path: - description: Specified path of the request to be matched on - properties: - exact: - description: The value sent by the client must match the - specified value exactly. - maxLength: 255 - minLength: 1 - type: string - regex: - description: The value sent by the client must end with - the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - port: - description: Specifies the port the request to be matched - on - format: int64 - minimum: 0 - type: integer - prefix: - description: Either Prefix or Hostname must be specified. - Both are allowed as well. Specifies the prefix to match - requests with - type: string - queryParameters: - description: Client specified query parameters to match on - items: - description: HTTPQueryParameters refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpQueryParameter.html - properties: - match: - description: The QueryMatchMethod object. - properties: - exact: - type: string - type: object - name: - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - type: object - required: - - action - - match - type: object - meshRef: - description: "A reference to k8s Mesh CR that this GatewayRoute belongs - to. The admission controller populates it using Meshes's selector, - and prevents users from setting this field. \n Populated by the - system. Read-only." - properties: - name: - description: Name is the name of Mesh CR - type: string - uid: - description: UID is the UID of Mesh CR - type: string - required: - - name - - uid - type: object - priority: - description: Priority for the gatewayroute. Default Priority is 1000 - which is lowest priority - format: int64 - maximum: 1000 - minimum: 0 - type: integer - virtualGatewayRef: - description: "A reference to k8s VirtualGateway CR that this GatewayRoute - belongs to. The admission controller populates it using VirtualGateway's - selector, and prevents users from setting this field. \n Populated - by the system. Read-only." - properties: - name: - description: Name is the name of VirtualGateway CR - type: string - namespace: - description: Namespace is the namespace of VirtualGateway CR. - If unspecified, defaults to the referencing object's namespace - type: string - uid: - description: UID is the UID of VirtualGateway CR - type: string - required: - - name - - uid - type: object - type: object - status: - description: GatewayRouteStatus defines the observed state of GatewayRoute - properties: - conditions: - description: The current GatewayRoute status. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of GatewayRoute condition. - type: string - required: - - status - - type - type: object - type: array - gatewayRouteARN: - description: GatewayRouteARN is the AppMesh GatewayRoute object's - Amazon Resource Name - type: string - observedGeneration: - description: The generation observed by the GatewayRoute controller. - format: int64 - type: integer - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: meshes.appmesh.k8s.aws -spec: - group: appmesh.k8s.aws - names: - kind: Mesh - listKind: MeshList - plural: meshes - singular: mesh - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The AppMesh Mesh object's Amazon Resource Name - jsonPath: .status.meshARN - name: ARN - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: Mesh is the Schema for the meshes API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MeshSpec defines the desired state of Mesh refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_MeshSpec.html - properties: - awsName: - description: AWSName is the AppMesh Mesh object's name. If unspecified - or empty, it defaults to be "${name}" of k8s Mesh - type: string - egressFilter: - description: The egress filter rules for the service mesh. If unspecified, - default settings from AWS API will be applied. Refer to AWS Docs - for default settings. - properties: - type: - description: The egress filter type. - enum: - - ALLOW_ALL - - DROP_ALL - type: string - required: - - type - type: object - meshOwner: - description: The AWS IAM account ID of the service mesh owner. Required - if the account ID is not your own. - type: string - meshServiceDiscovery: - properties: - ipPreference: - description: The ipPreference for the mesh. - enum: - - IPv6_ONLY - - IPv4_ONLY - type: string - type: object - namespaceSelector: - description: "NamespaceSelector selects Namespaces using labels to - designate mesh membership. This field follows standard label selector - semantics: \tif present but empty, it selects all namespaces. \tif - absent, it selects no namespace." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - type: object - status: - description: MeshStatus defines the observed state of Mesh - properties: - conditions: - description: The current Mesh status. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of mesh condition. - type: string - required: - - status - - type - type: object - type: array - meshARN: - description: MeshARN is the AppMesh Mesh object's Amazon Resource - Name - type: string - observedGeneration: - description: The generation observed by the Mesh controller. - format: int64 - type: integer - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: virtualgateways.appmesh.k8s.aws -spec: - group: appmesh.k8s.aws - names: - categories: - - all - kind: VirtualGateway - listKind: VirtualGatewayList - plural: virtualgateways - singular: virtualgateway - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The AppMesh VirtualGateway object's Amazon Resource Name - jsonPath: .status.virtualGatewayARN - name: ARN - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: VirtualGateway is the Schema for the virtualgateways API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VirtualGatewaySpec defines the desired state of VirtualGateway - refers to https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_gateways.html - properties: - awsName: - description: AWSName is the AppMesh VirtualGateway object's name. - If unspecified or empty, it defaults to be "${name}_${namespace}" - of k8s VirtualGateway - type: string - backendDefaults: - description: A reference to an object that represents the defaults - for backend GatewayRoutes. - properties: - clientPolicy: - description: A reference to an object that represents a client - policy. - properties: - tls: - description: A reference to an object that represents a Transport - Layer Security (TLS) client policy. - properties: - certificate: - description: A reference to an object that represents - TLS certificate. - properties: - file: - description: An object that represents a TLS cert - via a local file - properties: - certificateChain: - description: The certificate chain for the certificate. - maxLength: 255 - minLength: 1 - type: string - privateKey: - description: The private key for a certificate - stored on the file system of the virtual Gateway. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - - privateKey - type: object - sds: - description: An object that represents a TLS cert - via SDS entry - properties: - secretName: - description: The certificate trust chain for a - certificate issued via SDS cluster - type: string - required: - - secretName - type: object - type: object - enforce: - description: Whether the policy is enforced. If unspecified, - default settings from AWS API will be applied. Refer - to AWS Docs for default settings. - type: boolean - ports: - description: The range of ports that the policy is enforced - for. - items: - format: int64 - maximum: 65535 - minimum: 1 - type: integer - type: array - validation: - description: A reference to an object that represents - a TLS validation context. - properties: - subjectAlternativeNames: - description: Possible alternative names to consider - properties: - match: - description: Match is a required field - properties: - exact: - description: Exact is a required field - items: - type: string - type: array - required: - - exact - type: object - required: - - match - type: object - trust: - description: A reference to an object that represents - a TLS validation context trust - properties: - acm: - description: A reference to an object that represents - a TLS validation context trust for an AWS Certicate - Manager (ACM) certificate. - properties: - certificateAuthorityARNs: - description: One or more ACM Amazon Resource - Name (ARN)s. - items: - type: string - maxItems: 3 - minItems: 1 - type: array - required: - - certificateAuthorityARNs - type: object - file: - description: An object that represents a TLS validation - context trust for a local file. - properties: - certificateChain: - description: The certificate trust chain for - a certificate stored on the file system - of the virtual Gateway. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - type: object - sds: - description: An object that represents a TLS validation - context trust for a SDS certificate - properties: - secretName: - description: The certificate trust chain for - a certificate issued via SDS. - type: string - required: - - secretName - type: object - type: object - required: - - trust - type: object - required: - - validation - type: object - type: object - type: object - gatewayRouteSelector: - description: GatewayRouteSelector selects GatewayRoutes using labels - to designate GatewayRoute membership. If not specified it selects - all GatewayRoutes in that namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - listeners: - description: The listener that the virtual gateway is expected to - receive inbound traffic from - items: - description: VirtualGatewayListener refers to https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_gateways.html - properties: - connectionPool: - description: The connection pool settings for the listener - properties: - grpc: - description: Specifies grpc connection pool settings for - the virtual gateway listener - properties: - maxRequests: - description: Represents the maximum number of inflight - requests that an envoy can concurrently support across - all the hosts in the upstream cluster - format: int64 - minimum: 1 - type: integer - required: - - maxRequests - type: object - http: - description: Specifies http connection pool settings for - the virtual gateway listener - properties: - maxConnections: - description: Represents the maximum number of outbound - TCP connections the envoy can establish concurrently - with all the hosts in the upstream cluster. - format: int64 - minimum: 1 - type: integer - maxPendingRequests: - description: Represents the number of overflowing requests - after max_connections that an envoy will queue to - an upstream cluster. - format: int64 - minimum: 1 - type: integer - required: - - maxConnections - type: object - http2: - description: Specifies http2 connection pool settings for - the virtual gateway listener - properties: - maxRequests: - description: Represents the maximum number of inflight - requests that an envoy can concurrently support across - all the hosts in the upstream cluster - format: int64 - minimum: 1 - type: integer - required: - - maxRequests - type: object - type: object - healthCheck: - description: The health check information for the listener. - properties: - healthyThreshold: - description: The number of consecutive successful health - checks that must occur before declaring listener healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - intervalMillis: - description: The time period in milliseconds between each - health check execution. - format: int64 - maximum: 300000 - minimum: 5000 - type: integer - path: - description: The destination path for the health check request. - This value is only used if the specified protocol is http - or http2. For any other protocol, this value is ignored. - type: string - port: - description: The destination port for the health check request. - format: int64 - maximum: 65535 - minimum: 1 - type: integer - protocol: - description: The protocol for the health check request - enum: - - grpc - - http - - http2 - type: string - timeoutMillis: - description: The amount of time to wait when receiving a - response from the health check, in milliseconds. - format: int64 - maximum: 60000 - minimum: 2000 - type: integer - unhealthyThreshold: - description: The number of consecutive failed health checks - that must occur before declaring a virtual Gateway unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - required: - - intervalMillis - - protocol - - timeoutMillis - - unhealthyThreshold - type: object - portMapping: - description: The port mapping information for the listener. - properties: - port: - description: The port used for the port mapping. - format: int64 - maximum: 65535 - minimum: 1 - type: integer - protocol: - description: The protocol used for the port mapping. - enum: - - grpc - - http - - http2 - type: string - required: - - port - - protocol - type: object - tls: - description: A reference to an object that represents the Transport - Layer Security (TLS) properties for a listener. - properties: - certificate: - description: A reference to an object that represents a - listener's TLS certificate. - properties: - acm: - description: A reference to an object that represents - an AWS Certificate Manager (ACM) certificate. - properties: - certificateARN: - description: The Amazon Resource Name (ARN) for - the certificate. - type: string - required: - - certificateARN - type: object - file: - description: A reference to an object that represents - a local file certificate. - properties: - certificateChain: - description: The certificate chain for the certificate. - maxLength: 255 - minLength: 1 - type: string - privateKey: - description: The private key for a certificate stored - on the file system of the virtual Gateway. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - - privateKey - type: object - sds: - description: A reference to an object that represents - an SDS issued certificate - properties: - secretName: - description: The certificate trust chain for a certificate - issued via SDS cluster - type: string - required: - - secretName - type: object - type: object - mode: - description: ListenerTLS mode - enum: - - DISABLED - - PERMISSIVE - - STRICT - type: string - validation: - description: A reference to an object that represents Validation - context - properties: - subjectAlternativeNames: - description: Possible alternate names to consider - properties: - match: - description: Match is a required field - properties: - exact: - description: Exact is a required field - items: - type: string - type: array - required: - - exact - type: object - required: - - match - type: object - trust: - properties: - acm: - description: A reference to an object that represents - a TLS validation context trust for an AWS Certicate - Manager (ACM) certificate. - properties: - certificateAuthorityARNs: - description: One or more ACM Amazon Resource - Name (ARN)s. - items: - type: string - maxItems: 3 - minItems: 1 - type: array - required: - - certificateAuthorityARNs - type: object - file: - description: An object that represents a TLS validation - context trust for a local file. - properties: - certificateChain: - description: The certificate trust chain for - a certificate stored on the file system of - the virtual Gateway. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - type: object - sds: - description: An object that represents a TLS validation - context trust for an SDS system - properties: - secretName: - description: The certificate trust chain for - a certificate issued via SDS. - type: string - required: - - secretName - type: object - type: object - required: - - trust - type: object - required: - - certificate - - mode - type: object - required: - - portMapping - type: object - minItems: 0 - type: array - logging: - description: The inbound and outbound access logging information for - the virtual gateway. - properties: - accessLog: - description: The access log configuration for a virtual Gateway. - properties: - file: - description: The file object to send virtual gateway access - logs to. - properties: - format: - description: Structured access log output format - properties: - json: - description: Output specified fields as a JSON object - items: - properties: - key: - description: The name of the field in the JSON - object - minLength: 1 - type: string - value: - description: The format string - minLength: 1 - type: string - required: - - key - - value - type: object - type: array - text: - description: Custom format string - type: string - type: object - path: - description: The file path to write access logs to. - maxLength: 255 - minLength: 1 - type: string - required: - - path - type: object - type: object - type: object - meshRef: - description: "A reference to k8s Mesh CR that this VirtualGateway - belongs to. The admission controller populates it using Meshes's - selector, and prevents users from setting this field. \n Populated - by the system. Read-only." - properties: - name: - description: Name is the name of Mesh CR - type: string - uid: - description: UID is the UID of Mesh CR - type: string - required: - - name - - uid - type: object - namespaceSelector: - description: NamespaceSelector selects Namespaces using labels to - designate GatewayRoute membership. This field follows standard label - selector semantics; if present but empty, it selects all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - podSelector: - description: "PodSelector selects Pods using labels to designate VirtualGateway - membership. This field follows standard label selector semantics: - \tif present but empty, it selects all pods within namespace. \tif - absent, it selects no pod." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - type: object - status: - description: VirtualGatewayStatus defines the observed state of VirtualGateway - properties: - conditions: - description: The current VirtualGateway status. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of VirtualGateway condition. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: The generation observed by the VirtualGateway controller. - format: int64 - type: integer - virtualGatewayARN: - description: VirtualGatewayARN is the AppMesh VirtualGateway object's - Amazon Resource Name - type: string - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: virtualnodes.appmesh.k8s.aws -spec: - group: appmesh.k8s.aws - names: - categories: - - all - kind: VirtualNode - listKind: VirtualNodeList - plural: virtualnodes - singular: virtualnode - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The AppMesh VirtualNode object's Amazon Resource Name - jsonPath: .status.virtualNodeARN - name: ARN - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: VirtualNode is the Schema for the virtualnodes API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VirtualNodeSpec defines the desired state of VirtualNode - refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_VirtualNodeSpec.html - properties: - awsName: - description: AWSName is the AppMesh VirtualNode object's name. If - unspecified or empty, it defaults to be "${name}_${namespace}" of - k8s VirtualNode - type: string - backendDefaults: - description: A reference to an object that represents the defaults - for backends. - properties: - clientPolicy: - description: A reference to an object that represents a client - policy. - properties: - tls: - description: A reference to an object that represents a Transport - Layer Security (TLS) client policy. - properties: - certificate: - description: A reference to an object that represents - TLS certificate. - properties: - file: - description: An object that represents a TLS cert - via a local file - properties: - certificateChain: - description: The certificate chain for the certificate. - maxLength: 255 - minLength: 1 - type: string - privateKey: - description: The private key for a certificate - stored on the file system of the virtual node - that the proxy is running on. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - - privateKey - type: object - sds: - description: An object that represents a TLS cert - via SDS entry - properties: - secretName: - description: The certificate trust chain for a - certificate issued via SDS cluster - type: string - required: - - secretName - type: object - type: object - enforce: - description: Whether the policy is enforced. If unspecified, - default settings from AWS API will be applied. Refer - to AWS Docs for default settings. - type: boolean - ports: - description: The range of ports that the policy is enforced - for. - items: - format: int64 - maximum: 65535 - minimum: 1 - type: integer - type: array - validation: - description: A reference to an object that represents - a TLS validation context. - properties: - subjectAlternativeNames: - description: Possible Alternative names to consider - properties: - match: - description: Match is a required field - properties: - exact: - description: Exact is a required field - items: - type: string - type: array - required: - - exact - type: object - required: - - match - type: object - trust: - description: A reference to an object that represents - a TLS validation context trust - properties: - acm: - description: A reference to an object that represents - a TLS validation context trust for an AWS Certicate - Manager (ACM) certificate. - properties: - certificateAuthorityARNs: - description: One or more ACM Amazon Resource - Name (ARN)s. - items: - type: string - maxItems: 3 - minItems: 1 - type: array - required: - - certificateAuthorityARNs - type: object - file: - description: An object that represents a TLS validation - context trust for a local file. - properties: - certificateChain: - description: The certificate trust chain for - a certificate stored on the file system - of the virtual node that the proxy is running - on. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - type: object - sds: - description: An object that represents a TLS validation - context trust for a SDS. - properties: - secretName: - description: The certificate trust chain for - a certificate obtained via SDS - type: string - required: - - secretName - type: object - type: object - required: - - trust - type: object - required: - - validation - type: object - type: object - type: object - backendGroups: - description: BackendGroups that define a set of backends the virtual - node is expected to send outbound traffic to. - items: - description: BackendGroupReference holds a reference to BackendGroup.appmesh.k8s.aws - properties: - name: - description: Name is the name of BackendGroup CR - type: string - namespace: - description: Namespace is the namespace of BackendGroup CR. - If unspecified, defaults to the referencing object's namespace - type: string - required: - - name - type: object - type: array - backends: - description: The backends that the virtual node is expected to send - outbound traffic to. - items: - description: Backend refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_Backend.html - properties: - virtualService: - description: Specifies a virtual service to use as a backend - for a virtual node. - properties: - clientPolicy: - description: A reference to an object that represents the - client policy for a backend. - properties: - tls: - description: A reference to an object that represents - a Transport Layer Security (TLS) client policy. - properties: - certificate: - description: A reference to an object that represents - TLS certificate. - properties: - file: - description: An object that represents a TLS - cert via a local file - properties: - certificateChain: - description: The certificate chain for the - certificate. - maxLength: 255 - minLength: 1 - type: string - privateKey: - description: The private key for a certificate - stored on the file system of the virtual - node that the proxy is running on. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - - privateKey - type: object - sds: - description: An object that represents a TLS - cert via SDS entry - properties: - secretName: - description: The certificate trust chain - for a certificate issued via SDS cluster - type: string - required: - - secretName - type: object - type: object - enforce: - description: Whether the policy is enforced. If - unspecified, default settings from AWS API will - be applied. Refer to AWS Docs for default settings. - type: boolean - ports: - description: The range of ports that the policy - is enforced for. - items: - format: int64 - maximum: 65535 - minimum: 1 - type: integer - type: array - validation: - description: A reference to an object that represents - a TLS validation context. - properties: - subjectAlternativeNames: - description: Possible Alternative names to consider - properties: - match: - description: Match is a required field - properties: - exact: - description: Exact is a required field - items: - type: string - type: array - required: - - exact - type: object - required: - - match - type: object - trust: - description: A reference to an object that represents - a TLS validation context trust - properties: - acm: - description: A reference to an object that - represents a TLS validation context trust - for an AWS Certicate Manager (ACM) certificate. - properties: - certificateAuthorityARNs: - description: One or more ACM Amazon - Resource Name (ARN)s. - items: - type: string - maxItems: 3 - minItems: 1 - type: array - required: - - certificateAuthorityARNs - type: object - file: - description: An object that represents a - TLS validation context trust for a local - file. - properties: - certificateChain: - description: The certificate trust chain - for a certificate stored on the file - system of the virtual node that the - proxy is running on. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - type: object - sds: - description: An object that represents a - TLS validation context trust for a SDS. - properties: - secretName: - description: The certificate trust chain - for a certificate obtained via SDS - type: string - required: - - secretName - type: object - type: object - required: - - trust - type: object - required: - - validation - type: object - type: object - virtualServiceARN: - description: Amazon Resource Name to AppMesh VirtualService - object that is acting as a virtual node backend. Exactly - one of 'virtualServiceRef' or 'virtualServiceARN' must - be specified. - type: string - virtualServiceRef: - description: Reference to Kubernetes VirtualService CR in - cluster that is acting as a virtual node backend. Exactly - one of 'virtualServiceRef' or 'virtualServiceARN' must - be specified. - properties: - name: - description: Name is the name of VirtualService CR - type: string - namespace: - description: Namespace is the namespace of VirtualService - CR. If unspecified, defaults to the referencing object's - namespace - type: string - required: - - name - type: object - type: object - required: - - virtualService - type: object - type: array - listeners: - description: The listener that the virtual node is expected to receive - inbound traffic from - items: - description: Listener refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_Listener.html - properties: - connectionPool: - description: The connection pool settings for the listener - properties: - grpc: - description: Specifies grpc connection pool settings for - the virtual node listener - properties: - maxRequests: - description: Represents the maximum number of inflight - requests that an envoy can concurrently support across - all the hosts in the upstream cluster - format: int64 - minimum: 1 - type: integer - required: - - maxRequests - type: object - http: - description: Specifies http connection pool settings for - the virtual node listener - properties: - maxConnections: - description: Represents the maximum number of outbound - TCP connections the envoy can establish concurrently - with all the hosts in the upstream cluster. - format: int64 - minimum: 1 - type: integer - maxPendingRequests: - description: Represents the number of overflowing requests - after max_connections that an envoy will queue to - an upstream cluster. - format: int64 - minimum: 1 - type: integer - required: - - maxConnections - type: object - http2: - description: Specifies http2 connection pool settings for - the virtual node listener - properties: - maxRequests: - description: Represents the maximum number of inflight - requests that an envoy can concurrently support across - all the hosts in the upstream cluster - format: int64 - minimum: 1 - type: integer - required: - - maxRequests - type: object - tcp: - description: Specifies tcp connection pool settings for - the virtual node listener - properties: - maxConnections: - description: Represents the maximum number of outbound - TCP connections the envoy can establish concurrently - with all the hosts in the upstream cluster. - format: int64 - minimum: 1 - type: integer - required: - - maxConnections - type: object - type: object - healthCheck: - description: The health check information for the listener. - properties: - healthyThreshold: - description: The number of consecutive successful health - checks that must occur before declaring listener healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - intervalMillis: - description: The time period in milliseconds between each - health check execution. - format: int64 - maximum: 300000 - minimum: 5000 - type: integer - path: - description: The destination path for the health check request. - This value is only used if the specified protocol is http - or http2. For any other protocol, this value is ignored. - type: string - port: - description: The destination port for the health check request. - format: int64 - maximum: 65535 - minimum: 1 - type: integer - protocol: - description: The protocol for the health check request - enum: - - grpc - - http - - http2 - - tcp - type: string - timeoutMillis: - description: The amount of time to wait when receiving a - response from the health check, in milliseconds. - format: int64 - maximum: 60000 - minimum: 2000 - type: integer - unhealthyThreshold: - description: The number of consecutive failed health checks - that must occur before declaring a virtual node unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - required: - - healthyThreshold - - intervalMillis - - protocol - - timeoutMillis - - unhealthyThreshold - type: object - outlierDetection: - description: The outlier detection for the listener - properties: - baseEjectionDuration: - description: The base time that a host is ejected for. The - real time is equal to the base time multiplied by the - number of times the host has been ejected - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - interval: - description: The time interval between ejection analysis - sweeps. This can result in both new ejections as well - as hosts being returned to service - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - maxEjectionPercent: - description: The threshold for the max percentage of outlier - hosts that can be ejected from the load balancing set. - maxEjectionPercent=100 means outlier detection can potentially - eject all of the hosts from the upstream service if they - are all considered outliers, leaving the load balancing - set with zero hosts - format: int64 - maximum: 100 - minimum: 0 - type: integer - maxServerErrors: - description: The threshold for the number of server errors - returned by a given host during an outlier detection interval. - If the server error count meets/exceeds this threshold - the host is ejected. A server error is defined as any - HTTP 5xx response (or the equivalent for gRPC and TCP - connections) - format: int64 - minimum: 1 - type: integer - required: - - baseEjectionDuration - - interval - - maxEjectionPercent - - maxServerErrors - type: object - portMapping: - description: The port mapping information for the listener. - properties: - port: - description: The port used for the port mapping. - format: int64 - maximum: 65535 - minimum: 1 - type: integer - protocol: - description: The protocol used for the port mapping. - enum: - - grpc - - http - - http2 - - tcp - type: string - required: - - port - - protocol - type: object - timeout: - description: A reference to an object that represents - properties: - grpc: - description: Specifies grpc timeout information for the - virtual node. - properties: - idle: - description: An object that represents idle timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - perRequest: - description: An object that represents per request timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - type: object - http: - description: Specifies http timeout information for the - virtual node. - properties: - idle: - description: An object that represents idle timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - perRequest: - description: An object that represents per request timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - type: object - http2: - description: Specifies http2 information for the virtual - node. - properties: - idle: - description: An object that represents idle timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - perRequest: - description: An object that represents per request timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - type: object - tcp: - description: Specifies tcp timeout information for the virtual - node. - properties: - idle: - description: An object that represents idle timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - type: object - type: object - tls: - description: A reference to an object that represents the Transport - Layer Security (TLS) properties for a listener. - properties: - certificate: - description: A reference to an object that represents a - listener's TLS certificate. - properties: - acm: - description: A reference to an object that represents - an AWS Certificate Manager (ACM) certificate. - properties: - certificateARN: - description: The Amazon Resource Name (ARN) for - the certificate. - type: string - required: - - certificateARN - type: object - file: - description: A reference to an object that represents - a local file certificate. - properties: - certificateChain: - description: The certificate chain for the certificate. - maxLength: 255 - minLength: 1 - type: string - privateKey: - description: The private key for a certificate stored - on the file system of the virtual node that the - proxy is running on. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - - privateKey - type: object - sds: - description: A reference to an object that represents - an SDS certificate. - properties: - secretName: - description: The certificate trust chain for a certificate - issued via SDS cluster - type: string - required: - - secretName - type: object - type: object - mode: - description: ListenerTLS mode - enum: - - DISABLED - - PERMISSIVE - - STRICT - type: string - validation: - description: A reference to an object that represents an - SDS Trust Domain - properties: - subjectAlternativeNames: - description: Possible alternative names to consider - properties: - match: - description: Match is a required field - properties: - exact: - description: Exact is a required field - items: - type: string - type: array - required: - - exact - type: object - required: - - match - type: object - trust: - properties: - file: - description: An object that represents a TLS validation - context trust for a local file. - properties: - certificateChain: - description: The certificate trust chain for - a certificate stored on the file system of - the virtual node that the proxy is running - on. - maxLength: 255 - minLength: 1 - type: string - required: - - certificateChain - type: object - sds: - description: An object that represents a TLS validation - context trust for an SDS server - properties: - secretName: - description: The certificate trust chain for - a certificate obtained via SDS - type: string - required: - - secretName - type: object - type: object - required: - - trust - type: object - required: - - certificate - - mode - type: object - required: - - portMapping - type: object - minItems: 0 - type: array - logging: - description: The inbound and outbound access logging information for - the virtual node. - properties: - accessLog: - description: The access log configuration for a virtual node. - properties: - file: - description: The file object to send virtual node access logs - to. - properties: - format: - description: Structured access log output format - properties: - json: - description: Output specified fields as a JSON object - items: - properties: - key: - description: The name of the field in the JSON - object - minLength: 1 - type: string - value: - description: The format string - minLength: 1 - type: string - required: - - key - - value - type: object - type: array - text: - description: Custom format string - type: string - type: object - path: - description: The file path to write access logs to. - maxLength: 255 - minLength: 1 - type: string - required: - - path - type: object - type: object - type: object - meshRef: - description: "A reference to k8s Mesh CR that this VirtualNode belongs - to. The admission controller populates it using Meshes's selector, - and prevents users from setting this field. \n Populated by the - system. Read-only." - properties: - name: - description: Name is the name of Mesh CR - type: string - uid: - description: UID is the UID of Mesh CR - type: string - required: - - name - - uid - type: object - podSelector: - description: "PodSelector selects Pods using labels to designate VirtualNode - membership. This field follows standard label selector semantics: - \tif present but empty, it selects all pods within namespace. \tif - absent, it selects no pod." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - serviceDiscovery: - description: The service discovery information for the virtual node. - Optional if there is no inbound traffic(no listeners). Mandatory - if a listener is specified. - properties: - awsCloudMap: - description: Specifies any AWS Cloud Map information for the virtual - node. - properties: - attributes: - description: A string map that contains attributes with values - that you can use to filter instances by any custom attribute - that you specified when you registered the instance - items: - description: AWSCloudMapInstanceAttribute refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_AwsCloudMapInstanceAttribute.html - properties: - key: - description: The name of an AWS Cloud Map service instance - attribute key. - maxLength: 255 - minLength: 1 - type: string - value: - description: The value of an AWS Cloud Map service instance - attribute key. - maxLength: 1024 - minLength: 1 - type: string - required: - - key - - value - type: object - type: array - namespaceName: - description: The name of the AWS Cloud Map namespace to use. - maxLength: 1024 - minLength: 1 - type: string - serviceName: - description: The name of the AWS Cloud Map service to use. - maxLength: 1024 - minLength: 1 - type: string - required: - - namespaceName - - serviceName - type: object - dns: - description: Specifies the DNS information for the virtual node. - properties: - hostname: - description: Specifies the DNS service discovery hostname - for the virtual node. - type: string - responseType: - description: Choose between ENDPOINTS (strict DNS) and LOADBALANCER - (logical DNS) mode in Envoy sidecar - enum: - - ENDPOINTS - - LOADBALANCER - type: string - required: - - hostname - type: object - type: object - type: object - status: - description: VirtualNodeStatus defines the observed state of VirtualNode - properties: - conditions: - description: The current VirtualNode status. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of VirtualNode condition. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: The generation observed by the VirtualNode controller. - format: int64 - type: integer - virtualNodeARN: - description: VirtualNodeARN is the AppMesh VirtualNode object's Amazon - Resource Name - type: string - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: virtualrouters.appmesh.k8s.aws -spec: - group: appmesh.k8s.aws - names: - categories: - - all - kind: VirtualRouter - listKind: VirtualRouterList - plural: virtualrouters - singular: virtualrouter - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The AppMesh VirtualRouter object's Amazon Resource Name - jsonPath: .status.virtualRouterARN - name: ARN - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: VirtualRouter is the Schema for the virtualrouters API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VirtualRouterSpec defines the desired state of VirtualRouter - refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_VirtualRouterSpec.html - properties: - awsName: - description: AWSName is the AppMesh VirtualRouter object's name. If - unspecified or empty, it defaults to be "${name}_${namespace}" of - k8s VirtualRouter - type: string - listeners: - description: The listeners that the virtual router is expected to - receive inbound traffic from - items: - description: VirtualRouterListener refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_VirtualRouterListener.html - properties: - portMapping: - description: The port mapping information for the listener. - properties: - port: - description: The port used for the port mapping. - format: int64 - maximum: 65535 - minimum: 1 - type: integer - protocol: - description: The protocol used for the port mapping. - enum: - - grpc - - http - - http2 - - tcp - type: string - required: - - port - - protocol - type: object - required: - - portMapping - type: object - minItems: 1 - type: array - meshRef: - description: "A reference to k8s Mesh CR that this VirtualRouter belongs - to. The admission controller populates it using Meshes's selector, - and prevents users from setting this field. \n Populated by the - system. Read-only." - properties: - name: - description: Name is the name of Mesh CR - type: string - uid: - description: UID is the UID of Mesh CR - type: string - required: - - name - - uid - type: object - routes: - description: The routes associated with VirtualRouter - items: - description: Route refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_RouteSpec.html - properties: - grpcRoute: - description: An object that represents the specification of - a gRPC route. - properties: - action: - description: An object that represents the action to take - if a match is determined. - properties: - weightedTargets: - description: An object that represents the targets that - traffic is routed to when a request matches the route. - items: - description: WeightedTarget refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_WeightedTarget.html - properties: - port: - description: Specifies the targeted port of the - weighted object - format: int64 - minimum: 0 - type: integer - virtualNodeARN: - description: Amazon Resource Name to AppMesh VirtualNode - object to associate with the weighted target. - Exactly one of 'virtualNodeRef' or 'virtualNodeARN' - must be specified. - type: string - virtualNodeRef: - description: Reference to Kubernetes VirtualNode - CR in cluster to associate with the weighted - target. Exactly one of 'virtualNodeRef' or 'virtualNodeARN' - must be specified. - properties: - name: - description: Name is the name of VirtualNode - CR - type: string - namespace: - description: Namespace is the namespace of - VirtualNode CR. If unspecified, defaults - to the referencing object's namespace - type: string - required: - - name - type: object - weight: - description: The relative weight of the weighted - target. - format: int64 - maximum: 100 - minimum: 0 - type: integer - required: - - weight - type: object - maxItems: 10 - minItems: 1 - type: array - required: - - weightedTargets - type: object - match: - description: An object that represents the criteria for - determining a request match. - properties: - metadata: - description: An object that represents the data to match - from the request. - items: - description: GRPCRouteMetadata refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GrpcRouteMetadata.html - properties: - invert: - description: Specify True to match anything except - the match criteria. The default value is False. - type: boolean - match: - description: An object that represents the data - to match from the request. - properties: - exact: - description: The value sent by the client - must match the specified value exactly. - maxLength: 255 - minLength: 1 - type: string - prefix: - description: The value sent by the client - must begin with the specified characters. - maxLength: 255 - minLength: 1 - type: string - range: - description: An object that represents the - range of values to match on - properties: - end: - description: The end of the range. - format: int64 - type: integer - start: - description: The start of the range. - format: int64 - type: integer - required: - - end - - start - type: object - regex: - description: The value sent by the client - must include the specified characters. - maxLength: 255 - minLength: 1 - type: string - suffix: - description: The value sent by the client - must end with the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - name: - description: The name of the route. - maxLength: 50 - minLength: 1 - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - methodName: - description: The method name to match from the request. - If you specify a name, you must also specify a serviceName. - maxLength: 50 - minLength: 1 - type: string - port: - description: Specifies the port to match requests with - format: int64 - minimum: 0 - type: integer - serviceName: - description: The fully qualified domain name for the - service to match from the request. - type: string - type: object - retryPolicy: - description: An object that represents a retry policy. - properties: - grpcRetryEvents: - items: - enum: - - cancelled - - deadline-exceeded - - internal - - resource-exhausted - - unavailable - type: string - maxItems: 5 - minItems: 1 - type: array - httpRetryEvents: - items: - enum: - - server-error - - gateway-error - - client-error - - stream-error - type: string - maxItems: 25 - minItems: 1 - type: array - maxRetries: - description: The maximum number of retry attempts. - format: int64 - minimum: 0 - type: integer - perRetryTimeout: - description: An object that represents a duration of - time. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - tcpRetryEvents: - items: - enum: - - connection-error - type: string - maxItems: 1 - minItems: 1 - type: array - required: - - maxRetries - - perRetryTimeout - type: object - timeout: - description: An object that represents a grpc timeout. - properties: - idle: - description: An object that represents idle timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - perRequest: - description: An object that represents per request timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - type: object - required: - - action - - match - type: object - http2Route: - description: An object that represents the specification of - an HTTP/2 route. - properties: - action: - description: An object that represents the action to take - if a match is determined. - properties: - weightedTargets: - description: An object that represents the targets that - traffic is routed to when a request matches the route. - items: - description: WeightedTarget refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_WeightedTarget.html - properties: - port: - description: Specifies the targeted port of the - weighted object - format: int64 - minimum: 0 - type: integer - virtualNodeARN: - description: Amazon Resource Name to AppMesh VirtualNode - object to associate with the weighted target. - Exactly one of 'virtualNodeRef' or 'virtualNodeARN' - must be specified. - type: string - virtualNodeRef: - description: Reference to Kubernetes VirtualNode - CR in cluster to associate with the weighted - target. Exactly one of 'virtualNodeRef' or 'virtualNodeARN' - must be specified. - properties: - name: - description: Name is the name of VirtualNode - CR - type: string - namespace: - description: Namespace is the namespace of - VirtualNode CR. If unspecified, defaults - to the referencing object's namespace - type: string - required: - - name - type: object - weight: - description: The relative weight of the weighted - target. - format: int64 - maximum: 100 - minimum: 0 - type: integer - required: - - weight - type: object - maxItems: 10 - minItems: 1 - type: array - required: - - weightedTargets - type: object - match: - description: An object that represents the criteria for - determining a request match. - properties: - headers: - description: An object that represents the client request - headers to match on. - items: - description: HTTPRouteHeader refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpRouteHeader.html - properties: - invert: - description: Specify True to match anything except - the match criteria. The default value is False. - type: boolean - match: - description: The HeaderMatchMethod object. - properties: - exact: - description: The value sent by the client - must match the specified value exactly. - maxLength: 255 - minLength: 1 - type: string - prefix: - description: The value sent by the client - must begin with the specified characters. - maxLength: 255 - minLength: 1 - type: string - range: - description: An object that represents the - range of values to match on. - properties: - end: - description: The end of the range. - format: int64 - type: integer - start: - description: The start of the range. - format: int64 - type: integer - required: - - end - - start - type: object - regex: - description: The value sent by the client - must include the specified characters. - maxLength: 255 - minLength: 1 - type: string - suffix: - description: The value sent by the client - must end with the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - name: - description: A name for the HTTP header in the - client request that will be matched on. - maxLength: 50 - minLength: 1 - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - method: - description: The client request method to match on. - enum: - - CONNECT - - DELETE - - GET - - HEAD - - OPTIONS - - PATCH - - POST - - PUT - - TRACE - type: string - path: - description: The client specified Path to match on. - properties: - exact: - description: The value sent by the client must match - the specified value exactly. - maxLength: 255 - minLength: 1 - type: string - regex: - description: The value sent by the client must end - with the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - port: - description: Specifies the port to match requests with - format: int64 - minimum: 0 - type: integer - prefix: - description: Specifies the prefix to match requests - with - type: string - queryParameters: - description: The client specified queryParameters to - match on - items: - description: HTTPQueryParameters refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpQueryParameter.html - properties: - match: - description: The QueryMatchMethod object. - properties: - exact: - type: string - type: object - name: - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - scheme: - description: The client request scheme to match on - enum: - - http - - https - type: string - type: object - retryPolicy: - description: An object that represents a retry policy. - properties: - httpRetryEvents: - items: - enum: - - server-error - - gateway-error - - client-error - - stream-error - type: string - maxItems: 25 - minItems: 1 - type: array - maxRetries: - description: The maximum number of retry attempts. - format: int64 - minimum: 0 - type: integer - perRetryTimeout: - description: An object that represents a duration of - time - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - tcpRetryEvents: - items: - enum: - - connection-error - type: string - maxItems: 1 - minItems: 1 - type: array - required: - - maxRetries - - perRetryTimeout - type: object - timeout: - description: An object that represents a http timeout. - properties: - idle: - description: An object that represents idle timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - perRequest: - description: An object that represents per request timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - type: object - required: - - action - - match - type: object - httpRoute: - description: An object that represents the specification of - an HTTP route. - properties: - action: - description: An object that represents the action to take - if a match is determined. - properties: - weightedTargets: - description: An object that represents the targets that - traffic is routed to when a request matches the route. - items: - description: WeightedTarget refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_WeightedTarget.html - properties: - port: - description: Specifies the targeted port of the - weighted object - format: int64 - minimum: 0 - type: integer - virtualNodeARN: - description: Amazon Resource Name to AppMesh VirtualNode - object to associate with the weighted target. - Exactly one of 'virtualNodeRef' or 'virtualNodeARN' - must be specified. - type: string - virtualNodeRef: - description: Reference to Kubernetes VirtualNode - CR in cluster to associate with the weighted - target. Exactly one of 'virtualNodeRef' or 'virtualNodeARN' - must be specified. - properties: - name: - description: Name is the name of VirtualNode - CR - type: string - namespace: - description: Namespace is the namespace of - VirtualNode CR. If unspecified, defaults - to the referencing object's namespace - type: string - required: - - name - type: object - weight: - description: The relative weight of the weighted - target. - format: int64 - maximum: 100 - minimum: 0 - type: integer - required: - - weight - type: object - maxItems: 10 - minItems: 1 - type: array - required: - - weightedTargets - type: object - match: - description: An object that represents the criteria for - determining a request match. - properties: - headers: - description: An object that represents the client request - headers to match on. - items: - description: HTTPRouteHeader refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpRouteHeader.html - properties: - invert: - description: Specify True to match anything except - the match criteria. The default value is False. - type: boolean - match: - description: The HeaderMatchMethod object. - properties: - exact: - description: The value sent by the client - must match the specified value exactly. - maxLength: 255 - minLength: 1 - type: string - prefix: - description: The value sent by the client - must begin with the specified characters. - maxLength: 255 - minLength: 1 - type: string - range: - description: An object that represents the - range of values to match on. - properties: - end: - description: The end of the range. - format: int64 - type: integer - start: - description: The start of the range. - format: int64 - type: integer - required: - - end - - start - type: object - regex: - description: The value sent by the client - must include the specified characters. - maxLength: 255 - minLength: 1 - type: string - suffix: - description: The value sent by the client - must end with the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - name: - description: A name for the HTTP header in the - client request that will be matched on. - maxLength: 50 - minLength: 1 - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - method: - description: The client request method to match on. - enum: - - CONNECT - - DELETE - - GET - - HEAD - - OPTIONS - - PATCH - - POST - - PUT - - TRACE - type: string - path: - description: The client specified Path to match on. - properties: - exact: - description: The value sent by the client must match - the specified value exactly. - maxLength: 255 - minLength: 1 - type: string - regex: - description: The value sent by the client must end - with the specified characters. - maxLength: 255 - minLength: 1 - type: string - type: object - port: - description: Specifies the port to match requests with - format: int64 - minimum: 0 - type: integer - prefix: - description: Specifies the prefix to match requests - with - type: string - queryParameters: - description: The client specified queryParameters to - match on - items: - description: HTTPQueryParameters refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpQueryParameter.html - properties: - match: - description: The QueryMatchMethod object. - properties: - exact: - type: string - type: object - name: - type: string - required: - - name - type: object - maxItems: 10 - minItems: 1 - type: array - scheme: - description: The client request scheme to match on - enum: - - http - - https - type: string - type: object - retryPolicy: - description: An object that represents a retry policy. - properties: - httpRetryEvents: - items: - enum: - - server-error - - gateway-error - - client-error - - stream-error - type: string - maxItems: 25 - minItems: 1 - type: array - maxRetries: - description: The maximum number of retry attempts. - format: int64 - minimum: 0 - type: integer - perRetryTimeout: - description: An object that represents a duration of - time - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - tcpRetryEvents: - items: - enum: - - connection-error - type: string - maxItems: 1 - minItems: 1 - type: array - required: - - maxRetries - - perRetryTimeout - type: object - timeout: - description: An object that represents a http timeout. - properties: - idle: - description: An object that represents idle timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - perRequest: - description: An object that represents per request timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - type: object - required: - - action - - match - type: object - name: - description: Route's name - type: string - priority: - description: The priority for the route. - format: int64 - maximum: 1000 - minimum: 0 - type: integer - tcpRoute: - description: An object that represents the specification of - a TCP route. - properties: - action: - description: The action to take if a match is determined. - properties: - weightedTargets: - description: An object that represents the targets that - traffic is routed to when a request matches the route. - items: - description: WeightedTarget refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_WeightedTarget.html - properties: - port: - description: Specifies the targeted port of the - weighted object - format: int64 - minimum: 0 - type: integer - virtualNodeARN: - description: Amazon Resource Name to AppMesh VirtualNode - object to associate with the weighted target. - Exactly one of 'virtualNodeRef' or 'virtualNodeARN' - must be specified. - type: string - virtualNodeRef: - description: Reference to Kubernetes VirtualNode - CR in cluster to associate with the weighted - target. Exactly one of 'virtualNodeRef' or 'virtualNodeARN' - must be specified. - properties: - name: - description: Name is the name of VirtualNode - CR - type: string - namespace: - description: Namespace is the namespace of - VirtualNode CR. If unspecified, defaults - to the referencing object's namespace - type: string - required: - - name - type: object - weight: - description: The relative weight of the weighted - target. - format: int64 - maximum: 100 - minimum: 0 - type: integer - required: - - weight - type: object - maxItems: 10 - minItems: 1 - type: array - required: - - weightedTargets - type: object - match: - description: An object that represents the criteria for - determining a request match. - properties: - port: - description: Specifies the port to match requests with - format: int64 - minimum: 0 - type: integer - type: object - timeout: - description: An object that represents a tcp timeout. - properties: - idle: - description: An object that represents idle timeout - duration. - properties: - unit: - description: A unit of time. - enum: - - s - - ms - type: string - value: - description: A number of time units. - format: int64 - minimum: 0 - type: integer - required: - - unit - - value - type: object - type: object - required: - - action - type: object - required: - - name - type: object - type: array - type: object - status: - description: VirtualRouterStatus defines the observed state of VirtualRouter - properties: - conditions: - description: The current VirtualRouter status. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of VirtualRouter condition. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: The generation observed by the VirtualRouter controller. - format: int64 - type: integer - routeARNs: - additionalProperties: - type: string - description: RouteARNs is a map of AppMesh Route objects' Amazon Resource - Names, indexed by route name. - type: object - virtualRouterARN: - description: VirtualRouterARN is the AppMesh VirtualRouter object's - Amazon Resource Name. - type: string - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: virtualservices.appmesh.k8s.aws -spec: - group: appmesh.k8s.aws - names: - categories: - - all - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - singular: virtualservice - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The AppMesh VirtualService object's Amazon Resource Name - jsonPath: .status.virtualServiceARN - name: ARN - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: VirtualService is the Schema for the virtualservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VirtualServiceSpec defines the desired state of VirtualService - refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_VirtualServiceSpec.html - properties: - awsName: - description: AWSName is the AppMesh VirtualService object's name. - If unspecified or empty, it defaults to be "${name}.${namespace}" - of k8s VirtualService - type: string - meshRef: - description: "A reference to k8s Mesh CR that this VirtualService - belongs to. The admission controller populates it using Meshes's - selector, and prevents users from setting this field. \n Populated - by the system. Read-only." - properties: - name: - description: Name is the name of Mesh CR - type: string - uid: - description: UID is the UID of Mesh CR - type: string - required: - - name - - uid - type: object - provider: - description: The provider for virtual services. You can specify a - single virtual node or virtual router. - properties: - virtualNode: - description: The virtual node associated with a virtual service. - properties: - virtualNodeARN: - description: Amazon Resource Name to AppMesh VirtualNode object - that is acting as a service provider. Exactly one of 'virtualNodeRef' - or 'virtualNodeARN' must be specified. - type: string - virtualNodeRef: - description: Reference to Kubernetes VirtualNode CR in cluster - that is acting as a service provider. Exactly one of 'virtualNodeRef' - or 'virtualNodeARN' must be specified. - properties: - name: - description: Name is the name of VirtualNode CR - type: string - namespace: - description: Namespace is the namespace of VirtualNode - CR. If unspecified, defaults to the referencing object's - namespace - type: string - required: - - name - type: object - type: object - virtualRouter: - description: The virtual router associated with a virtual service. - properties: - virtualRouterARN: - description: Amazon Resource Name to AppMesh VirtualRouter - object that is acting as a service provider. Exactly one - of 'virtualRouterRef' or 'virtualRouterARN' must be specified. - type: string - virtualRouterRef: - description: Reference to Kubernetes VirtualRouter CR in cluster - that is acting as a service provider. Exactly one of 'virtualRouterRef' - or 'virtualRouterARN' must be specified. - properties: - name: - description: Name is the name of VirtualRouter CR - type: string - namespace: - description: Namespace is the namespace of VirtualRouter - CR. If unspecified, defaults to the referencing object's - namespace - type: string - required: - - name - type: object - type: object - type: object - type: object - status: - description: VirtualServiceStatus defines the observed state of VirtualService - properties: - conditions: - description: The current VirtualService status. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of VirtualService condition. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: The generation observed by the VirtualService controller. - format: int64 - type: integer - virtualServiceARN: - description: VirtualServiceARN is the AppMesh VirtualService object's - Amazon Resource Name. - type: string - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/stable/appmesh-controller/crds/kustomization.yaml b/stable/appmesh-controller/crds/kustomization.yaml deleted file mode 100644 index 3f1d1cbba..000000000 --- a/stable/appmesh-controller/crds/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- crds.yaml diff --git a/stable/appmesh-controller/templates/NOTES.txt b/stable/appmesh-controller/templates/NOTES.txt deleted file mode 100644 index b4c61735a..000000000 --- a/stable/appmesh-controller/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -AWS App Mesh controller installed! diff --git a/stable/appmesh-controller/templates/_helpers.tpl b/stable/appmesh-controller/templates/_helpers.tpl deleted file mode 100644 index be1ffd687..000000000 --- a/stable/appmesh-controller/templates/_helpers.tpl +++ /dev/null @@ -1,69 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "appmesh-controller.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "appmesh-controller.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "appmesh-controller.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "appmesh-controller.labels" -}} -app.kubernetes.io/name: {{ include "appmesh-controller.name" . }} -helm.sh/chart: {{ include "appmesh-controller.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "appmesh-controller.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "appmesh-controller.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Generate certificates for webhook -*/}} -{{- define "appmesh-controller.gen-certs" -}} -{{- $fullName := ( include "appmesh-controller.fullname" . ) -}} -{{- $altNames := list ( printf "%s-%s.%s" $fullName "webhook-service" .Release.Namespace ) ( printf "%s-%s.%s.svc" $fullName "webhook-service" .Release.Namespace ) -}} -{{- $ca := genCA "appmesh-controller-ca" 3650 -}} -{{- $cert := genSignedCert ( include "appmesh-controller.fullname" . ) nil $altNames 3650 $ca -}} -caCert: {{ $ca.Cert | b64enc }} -clientCert: {{ $cert.Cert | b64enc }} -clientKey: {{ $cert.Key | b64enc }} -{{- end -}} diff --git a/stable/appmesh-controller/templates/deployment.yaml b/stable/appmesh-controller/templates/deployment.yaml deleted file mode 100644 index ab46d793d..000000000 --- a/stable/appmesh-controller/templates/deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "appmesh-controller.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - control-plane: {{ template "appmesh-controller.fullname" . }} -{{ include "appmesh-controller.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - control-plane: {{ template "appmesh-controller.fullname" . }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 6 }} - {{- end }} - template: - metadata: - labels: - control-plane: {{ template "appmesh-controller.fullname" . }} - app.kubernetes.io/name: {{ include "appmesh-controller.fullname" . }} - app.kubernetes.io/part-of: appmesh - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "8080" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "appmesh-controller.serviceAccountName" . }} - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: {{ template "appmesh-controller.fullname" . }}-webhook-server-cert - containers: - - name: controller - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 8080 - name: metrics-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - command: - - /controller - args: - - --enable-leader-election=true - - --log-level={{ .Values.log.level }} - - --sidecar-image-repository={{ .Values.sidecar.image.repository }} - - --sidecar-image-tag={{ .Values.sidecar.image.tag }} - - --sidecar-cpu-requests={{ .Values.sidecar.resources.requests.cpu }} - - --sidecar-memory-requests={{ .Values.sidecar.resources.requests.memory }} - - --sidecar-cpu-limits={{ .Values.sidecar.resources.limits.cpu }} - - --sidecar-memory-limits={{ .Values.sidecar.resources.limits.memory }} - - --init-image={{ .Values.init.image.repository }}:{{ .Values.init.image.tag }} - - --enable-stats-tags={{ .Values.stats.tagsEnabled }} - - --prestop-delay={{ .Values.sidecar.lifecycleHooks.preStopDelay }} - - --poststart-timeout={{ .Values.sidecar.lifecycleHooks.postStartTimeout }} - - --poststart-interval={{ .Values.sidecar.lifecycleHooks.postStartInterval }} - - --readiness-probe-initial-delay={{ .Values.sidecar.probes.readinessProbeInitialDelay }} - - --readiness-probe-period={{ .Values.sidecar.probes.readinessProbePeriod }} - - --envoy-admin-access-port={{ .Values.sidecar.envoyAdminAccessPort }} - - --envoy-admin-access-log-file={{ .Values.sidecar.envoyAdminAccessLogFile }} - - --envoy-admin-access-enable-ipv6={{ .Values.sidecar.envoyAdminAccessEnableIPv6 }} - - --dual-stack-endpoint={{ .Values.sidecar.useDualStackEndpoint }} - - --fips-endpoint={{ .Values.sidecar.useFipsEndpoint }} - - --envoy-aws-access-key-id={{ .Values.sidecar.envoyAwsAccessKeyId }} - - --envoy-aws-secret-access-key={{ .Values.sidecar.envoyAwsSecretAccessKey }} - - --envoy-aws-session-token={{ .Values.sidecar.envoyAwsSessionToken }} - - --preview={{ .Values.preview }} - - --enable-sds={{ .Values.sds.enabled }} - - --sds-uds-path={{ .Values.sds.udsPath }} - - --enable-backend-groups={{ .Values.enableBackendGroups }} - - --cluster-name={{ .Values.clusterName}} - - --use-aws-dual-stack-endpoint={{ .Values.useAwsDualStackEndpoint}} - - --use-aws-fips-endpoint={{ .Values.useAwsFIPSEndpoint}} - {{- if .Values.cloudMapCustomHealthCheck.enabled }} - - --enable-custom-health-check=true - {{- end }} - {{- if kindIs "int64" .Values.cloudMapDNS.ttl }} - - --cloudmap-dns-ttl={{ .Values.cloudMapDNS.ttl }} - {{- end }} - {{- if .Values.stats.statsdEnabled }} - - --enable-statsd=true - - --statsd-address={{ .Values.stats.statsdAddress }} - - --statsd-port={{ .Values.stats.statsdPort }} - - --statsd-socket-path={{ .Values.stats.statsdSocketPath }} - {{- end }} - {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "x-ray" ) }} - - --enable-xray-tracing=true - - --xray-image={{ .Values.xray.image.repository}}:{{ .Values.xray.image.tag }} - - --xray-daemon-port={{ .Values.tracing.port }} - - --xray-sampling-rate={{ .Values.tracing.samplingRate }} - - --xray-log-level={{ .Values.tracing.logLevel }} - - --xray-config-roleArn={{ .Values.tracing.role }} - {{- end }} - {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "jaeger" ) }} - - --enable-jaeger-tracing=true - - --jaeger-address={{ .Values.tracing.address }} - - --jaeger-port={{ .Values.tracing.port }} - {{- end }} - {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "datadog" ) }} - - --enable-datadog-tracing=true - - --datadog-address={{ .Values.tracing.address }} - - --datadog-port={{ .Values.tracing.port }} - {{- end }} - {{- if .Values.region }} - - --aws-region={{ .Values.region }} - {{- end }} - {{- if .Values.accountId }} - - --aws-account-id={{ .Values.accountId }} - {{- end }} - - --sidecar-log-level={{ .Values.sidecar.logLevel }} - # this must be same as livenessProbe port which can be configured - - --health-probe-port={{ .Values.livenessProbe.httpGet.port }} - - --wait-until-proxy-ready={{ .Values.sidecar.waitUntilProxyReady }} - # TLS configuration - - --tls-min-version={{ .Values.tlsMinVersion }} - - --tls-cipher-suite={{ .Values.tlsCipherSuite }} - {{- if .Values.env }} - env: - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ $value }} - {{- end }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 10 }} - livenessProbe: -{{ toYaml .Values.livenessProbe | indent 10 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/stable/appmesh-controller/templates/pdb.yaml b/stable/appmesh-controller/templates/pdb.yaml deleted file mode 100644 index 8141234af..000000000 --- a/stable/appmesh-controller/templates/pdb.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -{{- if gt (int .Values.replicaCount) 1 }} -kind: PodDisruptionBudget -apiVersion: policy/v1 -metadata: - name: {{ template "appmesh-controller.fullname" . }}-pdb - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -spec: - selector: - matchLabels: - control-plane: {{ template "appmesh-controller.fullname" . }} - app.kubernetes.io/name: {{ include "appmesh-controller.fullname" . }} - app.kubernetes.io/part-of: appmesh -{{- toYaml .Values.podDisruptionBudget | nindent 2 }} -{{- end -}} -{{- end -}} diff --git a/stable/appmesh-controller/templates/psp.yaml b/stable/appmesh-controller/templates/psp.yaml deleted file mode 100644 index 2c8ec64bf..000000000 --- a/stable/appmesh-controller/templates/psp.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "appmesh-controller.fullname" . }} - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - hostIPC: false - hostNetwork: false - hostPID: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "appmesh-controller.fullname" . }}-psp - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "appmesh-controller.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "appmesh-controller.fullname" . }}-psp - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-controller.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "appmesh-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/appmesh-controller/templates/rbac.yaml b/stable/appmesh-controller/templates/rbac.yaml deleted file mode 100644 index 22ca9cf5a..000000000 --- a/stable/appmesh-controller/templates/rbac.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "appmesh-controller.fullname" . }}-leader-election-role - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -rules: -- apiGroups: [""] - resources: [configmaps] - verbs: [create, list, watch] -- apiGroups: [""] - resources: [configmaps] - resourceNames: [appmesh-controller-leader-election] - verbs: [get, patch, update] -- apiGroups: [""] - resources: [events] - verbs: [create, patch] -- apiGroups: ["coordination.k8s.io"] - resources: [leases] - verbs: [create] -- apiGroups: ["coordination.k8s.io"] - resources: [leases] - resourceNames: [appmesh-controller-leader-election] - verbs: [get, update, patch] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "appmesh-controller.fullname" . }}-leader-election-rolebinding - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "appmesh-controller.fullname" . }}-leader-election-role -subjects: -- kind: ServiceAccount - name: {{ template "appmesh-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "appmesh-controller.fullname" . }}-role - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -rules: -- apiGroups: [""] - resources: [events] - verbs: [create, delete, get, list, patch, update, watch] -- apiGroups: [""] - resources: [namespaces, pods, nodes] - verbs: [get, list, watch] -- apiGroups: [""] - resources: [pods/status] - verbs: [get, patch, update] -- apiGroups: [appmesh.k8s.aws] - resources: [backendgroups, gatewayroutes, meshes, virtualgateways, virtualnodes, virtualrouters, virtualservices] - verbs: [create, delete, get, list, patch, update, watch] -- apiGroups: [appmesh.k8s.aws] - resources: [backendgroups/status, gatewayroutes/status, meshes/status, virtualgateways/status, virtualnodes/status, virtualrouters/status, virtualservices/status] - verbs: [get, patch, update] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "appmesh-controller.fullname" . }}-rolebinding - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-controller.fullname" . }}-role -subjects: -- name: {{ template "appmesh-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - kind: ServiceAccount -{{- end }} diff --git a/stable/appmesh-controller/templates/service.yaml b/stable/appmesh-controller/templates/service.yaml deleted file mode 100644 index bdcfec9be..000000000 --- a/stable/appmesh-controller/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "appmesh-controller.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - control-plane: {{ template "appmesh-controller.fullname" . }} diff --git a/stable/appmesh-controller/templates/serviceaccount.yaml b/stable/appmesh-controller/templates/serviceaccount.yaml deleted file mode 100644 index 8b9ba0ee6..000000000 --- a/stable/appmesh-controller/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "appmesh-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "appmesh-controller.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/stable/appmesh-controller/templates/webhook.yaml b/stable/appmesh-controller/templates/webhook.yaml deleted file mode 100644 index 7a382153d..000000000 --- a/stable/appmesh-controller/templates/webhook.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{ $tls := fromYaml ( include "appmesh-controller.gen-certs" . ) }} -{{ $fullName := ( include "appmesh-controller.fullname" . ) }} -{{ $webhookConfig := .Files.Get "webhookconfig.yaml" | fromYaml }} ---- -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: -{{- if $.Values.enableCertManager }} - annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "appmesh-controller.fullname" . }}-serving-cert -{{- end }} - name: {{ template "appmesh-controller.fullname" . }}-mutating-webhook-configuration - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -webhooks: -{{- range $res := $webhookConfig.customResources }} -- clientConfig: - service: - name: {{ $fullName }}-webhook-service - namespace: {{ $.Release.Namespace }} - path: /mutate-appmesh-k8s-aws-v1beta2-{{ $res.name }} - caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }} - failurePolicy: Fail - name: m{{ $res.name }}.appmesh.k8s.aws - rules: - - apiGroups: - - appmesh.k8s.aws - apiVersions: - - v1beta2 - operations: - - CREATE - - UPDATE - resources: - - {{ $res.resource }} - sideEffects: None - admissionReviewVersions: - - v1beta1 -{{- end }} -- clientConfig: - caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }} - service: - name: {{ $fullName }}-webhook-service - namespace: {{ $.Release.Namespace }} - path: /mutate-v1-pod - failurePolicy: Fail - name: mpod.appmesh.k8s.aws - namespaceSelector: - matchExpressions: - - key: appmesh.k8s.aws/sidecarInjectorWebhook - operator: In - values: - - enabled - - disabled - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None - admissionReviewVersions: - - v1beta1 ---- -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: ValidatingWebhookConfiguration -metadata: -{{- if $.Values.enableCertManager }} - annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "appmesh-controller.fullname" . }}-serving-cert -{{- end }} - name: {{ template "appmesh-controller.fullname" . }}-validating-webhook-configuration - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -webhooks: -{{- range $res := $webhookConfig.customResources }} -- clientConfig: - service: - name: {{ $fullName }}-webhook-service - namespace: {{ $.Release.Namespace }} - path: /validate-appmesh-k8s-aws-v1beta2-{{ $res.name }} - caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }} - failurePolicy: Fail - name: v{{ $res.name }}.appmesh.k8s.aws - rules: - - apiGroups: - - appmesh.k8s.aws - apiVersions: - - v1beta2 - operations: - - CREATE - - UPDATE - resources: - - {{ $res.resource }} - sideEffects: None - admissionReviewVersions: - - v1beta1 -{{- end }} ---- -{{- if not $.Values.enableCertManager }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "appmesh-controller.fullname" . }}-webhook-server-cert - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -type: kubernetes.io/tls -data: - ca.crt: {{ $tls.caCert }} - tls.crt: {{ $tls.clientCert }} - tls.key: {{ $tls.clientKey }} -{{- else }} -{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} -apiVersion: cert-manager.io/v1 -{{- else }} -apiVersion: cert-manager.io/v1alpha2 -{{- end }} -kind: Certificate -metadata: - name: {{ template "appmesh-controller.fullname" . }}-serving-cert - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -spec: - dnsNames: - - {{ template "appmesh-controller.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc - - {{ template "appmesh-controller.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.cluster.local - issuerRef: - kind: Issuer - name: {{ template "appmesh-controller.fullname" . }}-selfsigned-issuer - secretName: {{ template "appmesh-controller.fullname" . }}-webhook-server-cert ---- -{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} -apiVersion: cert-manager.io/v1 -{{- else }} -apiVersion: cert-manager.io/v1alpha2 -{{- end }} -kind: Issuer -metadata: - name: {{ template "appmesh-controller.fullname" . }}-selfsigned-issuer - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-controller.labels" . | indent 4 }} -spec: - selfSigned: {} -{{- end }} \ No newline at end of file diff --git a/stable/appmesh-controller/test.yaml b/stable/appmesh-controller/test.yaml deleted file mode 100644 index dd331b15f..000000000 --- a/stable/appmesh-controller/test.yaml +++ /dev/null @@ -1,177 +0,0 @@ -# Test values for appmesh-controller. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 -region: "" -accountId: "" -preview: false -clusterName: "" -useAwsDualStackEndpoint: false -useAwsFIPSEndpoint: false - -image: - repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller - tag: v1.13.1 - pullPolicy: IfNotPresent - -sidecar: - image: - repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy - tag: v1.29.6.0-prod - # sidecar.logLevel: Envoy log level can be info, warn, error or debug - logLevel: info - envoyAdminAccessPort: 9901 - envoyAdminAccessLogFile: /tmp/envoy_admin_access.log - envoyAdminAccessEnableIPv6: false - useDualStackEndpoint: false - useFipsEndpoint: false - resources: - # sidecar.resources.requests: Envoy CPU and memory requests - requests: - cpu: 10m - memory: 32Mi - # sidecar.resources/limits: Envoy CPU and memory limits - limits: - cpu: 100m - memory: 64Mi - lifecycleHooks: - # sidecar.lifecycleHooks: Envoy PreStop Hook Delay - preStopDelay: 20 - postStartTimeout: 180 - postStartInterval: 5 - probes: - # sidecar.probes: Envoy Readiness Probe - readinessProbeInitialDelay: 1 - readinessProbePeriod: 10 - waitUntilProxyReady: false -init: - image: - repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager - tag: v7-prod - -xray: - image: - repository: public.ecr.aws/xray/aws-xray-daemon - tag: latest - -nameOverride: "" -fullnameOverride: "" - -resources: - limits: - cpu: 2000m - memory: 1Gi - requests: - cpu: 100m - memory: 200Mi - -nodeSelector: { - test: test -} - -tolerations: - - key: "key1" - operator: "Equal" - value: "value1" - effect: "NoExecute" - -affinity: { - test: test -} - -podAnnotations: { - test: test -} - -podLabels: { - test: test -} - -cloudMapCustomHealthCheck: - # cloudMapCustomHealthCheck.enabled: `true` if CustomHealthCheck needs to be enabled in CloudMap - enabled: true - -cloudMapDNS: - # cloudMapDNS.ttl if set will use this global ttl value - ttl: 300 - -sds: - # sds.enabled: `true` if SDS based mTLS support needs to be enabled in envoy - enabled: true - #sds.udsPath: UDS Path of the SDS Provider. Default value is tied to SPIRE. - udsPath: /run/spire/sockets/agent.sock - -serviceAccount: - # serviceAccount.create: Whether to create a service account or not - create: true - # serviceAccount.name: The name of the service account to create or use - name: test - # serviceAccount.annotations: optional annotations to be applied to service account - annotations: { - test: test - } - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: true - -log: - #log.level: info (default), debug - level: "info" - -tracing: - # tracing.enabled: `true` if Envoy should be configured tracing - enabled: true - # tracing.provider: can be x-ray, jaeger or datadog - provider: x-ray - # tracing.address: Jaeger or Datadog agent server address (ignored for X-Ray) - address: appmesh-jaeger.appmesh-system - # tracing.port: X-Ray, Jaeger or Datadog agent server port - port: 2000 - # tracing.samplingRate: X-Ray tracer sampling rate - samplingRate: 0.05 - # tracing.logLevel: X-Ray agent log level - logLevel: prod - # tracing.role: X-Ray agent IAM role to upload segments to a different account - role: "" - -stats: - # stats.tagsEnabled: `true` if Envoy should include app-mesh tags - tagsEnabled: false - # stats.statsdEnabled: `true` if Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 - statsdEnabled: false - #stats.statsdAddress: DogStatsD daemon address - statsdAddress: 127.0.0.1 - #stats.statsdPort: DogStatsD daemon port - statsdPort: 8125 - #stats.statsdSocketPath: DogStatsD unix domain socket path - statsdSocketPath: "" - -# Enable cert-manager -enableCertManager: false - -# podDisruptionBudget for Appmesh controller -podDisruptionBudget: {} - # minAvailable: 1 - -# Environment variables to set in appmesh-controller pod -env: {} - -#Example -#env: -# http_proxy: http://proxyserver:3128 -# https_proxy: http://proxyserver:3128 -# no_proxy: "localhost,127.0.0.1,.cluster.local" - -# Liveness probe configuration for the appmesh-controller pod -livenessProbe: - failureThreshold: 2 - httpGet: - path: /healthz - port: 61779 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 10 diff --git a/stable/appmesh-controller/upgrade/pre_upgrade_check.sh b/stable/appmesh-controller/upgrade/pre_upgrade_check.sh deleted file mode 100755 index 0171eb1b4..000000000 --- a/stable/appmesh-controller/upgrade/pre_upgrade_check.sh +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/bash - -check_kube_connection() { - - kube_err=$(kubectl cluster-info 2>&1 >/dev/null) - if [[ -z $kube_err ]]; then - echo "kubectl context check: PASSED!" - return 0 - else - echo "kubectl context check: FAILED -- context or permissions issue for kubectl" - echo $kube_err - return 1 - fi - -} - -check_kube_installation() { - - kube_err=$(kubectl version --client 2>&1 >/dev/null) - if [[ -z $kube_err ]]; then - echo "kubectl installation check: PASSED!" - return 0 - else - echo "kubectl installation check: FAILED -- kubectl not installed" - return 1 - fi - -} - -check_jq_installation() { - - jq_err=$(jq --version 2>&1 >/dev/null) - if [[ -z $jq_err ]]; then - echo "jq installation check: PASSED!" - return 0 - else - echo "jq installation check: FAILED -- jq not installed" - return 1 - fi - -} - -check_old_crds() { - - vs=$(kubectl get crd virtualservices.appmesh.k8s.aws --ignore-not-found -o json | jq -r '.spec.versions[]? | select(.? | .name == "v1beta1")') - vn=$(kubectl get crd virtualnodes.appmesh.k8s.aws --ignore-not-found -o json | jq -r '.spec.versions[]? | select(.? | .name == "v1beta1")') - ms=$(kubectl get crd meshes.appmesh.k8s.aws --ignore-not-found -o json | jq -r '.spec.versions[]? | select(.? | .name == "v1beta1")') - - if [[ -z $vs && -z $vn && -z $ms ]]; then - echo "App Mesh CRD check: PASSED!" - return 0 - else - echo "App Mesh CRD check: FAILED -- v1beta1 CRDs are still installed" - return 1 - fi - -} - -check_controller_version() { - currentver=$(kubectl get deployment -n appmesh-system appmesh-controller --ignore-not-found -o json | jq -r ".spec.template.spec.containers[].image" | cut -f2 -d ':') - requiredver="v1.0.0" - - if [[ "$(printf '%s\n' "$requiredver" "$currentver" | sort -V | head -n1)" = "$requiredver" || -z "$currentver" ]]; then - echo "Controller version check: PASSED!" - return 0 - else - echo "Controller version check: FAILED -- old appmesh-controller ($currentver) is still running" - return 1 - - fi -} - -check_injector() { - status=0 - for ns in "appmesh-inject" "appmesh-system"; do - - injector=$(kubectl get deployment -n ${ns} appmesh-inject --ignore-not-found -o json | jq -r .kind) - - if [ -z $injector ]; then - echo "Injector check for namespace ${ns}: PASSED!" - else - echo "Injector check: FAILED -- appmesh-inject is still running in namespace ${ns}" - return 1 - fi - - done - return 0 -} - -main() { - - exitcode=0 - check_kube_installation || exitcode=1 - check_jq_installation || exitcode=1 - check_kube_connection || exitcode=1 - if [ ${exitcode} = 0 ]; then - check_old_crds || exitcode=1 - check_controller_version || exitcode=1 - check_injector || exitcode=1 - fi - - if [ ${exitcode} = 0 ]; then - echo -e "\nYour cluster is ready for upgrade. Please proceed to the installation instructions" - else - echo -e "\nYour cluster is NOT ready for upgrade to v1.0.0. Please install/uninstall all the identified items before proceeding" - fi - -} - -main \ No newline at end of file diff --git a/stable/appmesh-controller/values.yaml b/stable/appmesh-controller/values.yaml deleted file mode 100644 index 940d17fc0..000000000 --- a/stable/appmesh-controller/values.yaml +++ /dev/null @@ -1,168 +0,0 @@ -# Default values for appmesh-controller. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 -region: "" -accountId: "" -preview: false -enableBackendGroups: false -clusterName: "" -useAwsDualStackEndpoint: false -useAwsFIPSEndpoint: false - -image: - repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller - tag: v1.13.1 - pullPolicy: IfNotPresent - -sidecar: - image: - repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy - tag: v1.29.6.0-prod - # sidecar.logLevel: Envoy log level can be info, warn, error or debug - logLevel: info - envoyAdminAccessPort: 9901 - envoyAdminAccessLogFile: /tmp/envoy_admin_access.log - envoyAdminAccessEnableIPv6: false - useDualStackEndpoint: false - useFipsEndpoint: false - resources: - # sidecar.resources.requests: Envoy CPU and memory requests - requests: - cpu: 10m - memory: 32Mi - # sidecar.resources/limits: Envoy CPU and memory limits - limits: - cpu: "" - memory: "" - lifecycleHooks: - # sidecar.lifecycleHooks: Envoy PreStop Hook Delay - preStopDelay: 20 - postStartInterval: 5 - postStartTimeout: 180 - probes: - # sidecar.probes: Envoy Readiness Probe - readinessProbeInitialDelay: 1 - readinessProbePeriod: 10 - waitUntilProxyReady: false -init: - image: - repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager - tag: v7-prod - -xray: - image: - repository: public.ecr.aws/xray/aws-xray-daemon - tag: latest - -nameOverride: "" -fullnameOverride: "" - -resources: - limits: - cpu: 2000m - memory: 1Gi - requests: - cpu: 100m - memory: 200Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -podAnnotations: {} - -podLabels: {} - -cloudMapCustomHealthCheck: - # cloudMapCustomHealthCheck.enabled: `true` if CustomHealthCheck needs to be enabled in CloudMap - enabled: false - -cloudMapDNS: - # cloudMapDNS.ttl if set will use this global ttl value - ttl: 300 - -sds: - # sds.enabled: `true` if SDS based mTLS support needs to be enabled in envoy - enabled: false - #sds.udsPath: UDS Path of the SDS Provider. Default value is tied to SPIRE. - udsPath: /run/spire/sockets/agent.sock - -serviceAccount: - # serviceAccount.create: Whether to create a service account or not - create: true - # serviceAccount.name: The name of the service account to create or use - name: "" - # serviceAccount.annotations: optional annotations to be applied to service account - annotations: {} - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -log: - #log.level: info (default), debug - level: "info" - -tracing: - # tracing.enabled: `true` if Envoy should be configured tracing - enabled: false - # tracing.provider: can be x-ray, jaeger or datadog - provider: x-ray - # tracing.address: Jaeger or Datadog agent server address (ignored for X-Ray) - address: appmesh-jaeger.appmesh-system - # tracing.port: X-Ray, Jaeger or Datadog agent server port - port: 2000 - # tracing.samplingRate: X-Ray tracer sampling rate - samplingRate: 0.05 - # tracing.logLevel: X-Ray agent log level - logLevel: prod - # tracing.role: X-Ray agent IAM role to upload segments to a different account - role: "" - -stats: - # stats.tagsEnabled: `true` if Envoy should include app-mesh tags - tagsEnabled: false - # stats.statsdEnabled: `true` if Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 - statsdEnabled: false - #stats.statsdAddress: DogStatsD daemon address - statsdAddress: 127.0.0.1 - #stats.statsdPort: DogStatsD daemon port - statsdPort: 8125 - #stats.statsdSocketPath: DogStatsD unix domain socket path - statsdSocketPath: "" - -# Enable cert-manager -enableCertManager: false - -# podDisruptionBudget for Appmesh controller -podDisruptionBudget: {} -# minAvailable: 1 - -# Environment variables to set in appmesh-controller pod -env: {} - -# TLS setting for appmesh-controller -tlsMinVersion: VersionTLS12 -tlsCipherSuite: - -#Example -#env: -# http_proxy: http://proxyserver:3128 -# https_proxy: http://proxyserver:3128 -# no_proxy: "localhost,127.0.0.1,.cluster.local" - -# Liveness probe configuration for the controller -livenessProbe: - failureThreshold: 2 - httpGet: - path: /healthz - port: 61779 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 10 diff --git a/stable/appmesh-controller/webhookconfig.yaml b/stable/appmesh-controller/webhookconfig.yaml deleted file mode 100644 index d67fc5e6c..000000000 --- a/stable/appmesh-controller/webhookconfig.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This file contains configuration for the webhooks defined -# in the appmesh-controller. The contents should not be changed -# unless there are corresponding changes in the appmesh-controller -# controller. This file is referenced in the templates for -# generating the admission webhooks for the resources -customResources: - - name: gatewayroute - resource: gatewayroutes - - name: mesh - resource: meshes - - name: virtualnode - resource: virtualnodes - - name: virtualrouter - resource: virtualrouters - - name: virtualservice - resource: virtualservices - - name: virtualgateway - resource: virtualgateways - - name: backendgroup - resource: backendgroups diff --git a/stable/appmesh-gateway/.helmignore b/stable/appmesh-gateway/.helmignore deleted file mode 100644 index bbcfa462d..000000000 --- a/stable/appmesh-gateway/.helmignore +++ /dev/null @@ -1,24 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -crds/kustomization.yaml diff --git a/stable/appmesh-gateway/Chart.yaml b/stable/appmesh-gateway/Chart.yaml deleted file mode 100644 index 0d9d1ca78..000000000 --- a/stable/appmesh-gateway/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -name: appmesh-gateway -description: App Mesh Gateway Helm chart for Kubernetes -version: 0.1.5 -appVersion: 1.0.0 -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/eks-charts -maintainers: - - name: Stefan Prodan - url: https://github.com/stefanprodan - email: stefanprodan@users.noreply.github.com -keywords: - - eks - - appmesh - - ingress - - gateway diff --git a/stable/appmesh-gateway/README.md b/stable/appmesh-gateway/README.md deleted file mode 100644 index 836a3641e..000000000 --- a/stable/appmesh-gateway/README.md +++ /dev/null @@ -1,118 +0,0 @@ -# App Mesh Gateway - -App Mesh Gateway Helm chart for Kubernetes. - -## Prerequisites - -* App Mesh CRDs -* App Mesh Manager >= 1.0.0 - -**Note** App Mesh Gateway is a release candidate and can be used by -enabling App Mesh preview features (available only in us-west-2 region). - -To enable the preview features: - -* When configuring IAM policies, use `appmesh-preview` as the service name instead of `appmesh` -* Install the App Mesh CRDs with: -```sh -kubectl apply -k github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=preview -``` -* Install the App Mesh Controller chart from the preview branch -* When configuring pods, add the following annotation so Envoy sidecars point to the preview as well: -```yaml -annotations: - appmesh.k8s.aws/preview: enabled -``` - -## Installing the Chart - -Add the EKS repository to Helm: - -```sh -helm repo add eks https://aws.github.io/eks-charts -``` - -Create a namespace with injection enabled: - -```sh -kubectl create ns appmesh-ingress -kubectl label namespace appmesh-ingress appmesh.k8s.aws/sidecarInjectorWebhook=enabled -``` - -Deploy the App Mesh Gateway in the `appmesh-ingress` namespace: - -```sh -helm upgrade -i appmesh-gateway eks/appmesh-gateway \ ---namespace appmesh-ingress -``` - -Find the NLB address: - -```sh -kubectl get svc appmesh-gateway -n appmesh-ingress -``` - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -## Configure auto-scaling - -Install the Horizontal Pod Autoscaler (HPA) metrics server: - -```sh -helm upgrade -i metrics-server stable/metrics-server \ ---namespace kube-system \ ---set args[0]=--kubelet-preferred-address-types=InternalIP -``` - -Configure CPU requests for the gateway pods and enable HPA by setting an average CPU utilization per pod: - -```sh -helm upgrade -i appmesh-gateway eks/appmesh-gateway \ ---namespace appmesh-ingress \ ---set hpa.enabled=true \ ---set hap.minReplicas=2 \ ---set hap.maxReplicas=5 \ ---set hap.averageUtilization=90 \ ---set resources.requests.cpu=1000m -``` - -## Uninstalling the Chart - -To uninstall/delete the `appmesh-gateway` deployment: - -```console -$ helm delete appmesh-gateway -n appmesh-ingress -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -Parameter | Description | Default ---- | --- | --- -`image.repository` | image repository | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy` -`image.tag` | image tag | `` -`image.pullPolicy` | image pull policy | `IfNotPresent` -`skipImageOverride` | when enabled the App Mesh injector will not override the Envoy image | `false` -`service.type` | service type | `LoadBalancer` -`service.port` | service port | `80` -`service.annotations` | service annotations | NLB load balancer type -`service.externalTrafficPolicy` | when set to `Local` it preserves the client source IP | `Cluster` -`appmesh.gateway` | create a `VirtualGateway` object | `true` -`appmesh.preview` | enable App Mesh Preview (us-west-2 only) | `false` -`resources.requests/cpu` | pod CPU request | `100m` -`resources.requests/memory` | pod memory request | `64Mi` -`hpa.enabled` | enabled CPU based auto-scaling | `false` -`hpa.minReplicas` | minimum number of replicas | `2` -`hpa.maxReplicas` | maximum number of replicas | `5` -`hpa.averageUtilization` | CPU average utilization percentage | `90` -`hpa.enabled` | enabled CPU based auto-scaling | `false` -`podAntiAffinity` | soft pod anti-affinity, one replica per node | `true` -`podAnnotations` | annotations to add to each pod | `{}` -`nodeSelector` | node labels for pod assignment | `{}` -`tolerations` | list of node taints to tolerate | `[]` -`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` -`serviceAccount.create` | If `true`, create a new service account | `true` -`serviceAccount.name` | Service account to be used | None diff --git a/stable/appmesh-gateway/ci/values.yaml b/stable/appmesh-gateway/ci/values.yaml deleted file mode 100644 index 0ee90fd04..000000000 --- a/stable/appmesh-gateway/ci/values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# CI testing values for appmesh-gateway - -region: us-west-2 -image: - repository: envoyproxy/envoy - tag: v1.14.2 - pullPolicy: IfNotPresent diff --git a/stable/appmesh-gateway/templates/NOTES.txt b/stable/appmesh-gateway/templates/NOTES.txt deleted file mode 100644 index 12cc8d683..000000000 --- a/stable/appmesh-gateway/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -AWS App Mesh Gateway installed! diff --git a/stable/appmesh-gateway/templates/_helpers.tpl b/stable/appmesh-gateway/templates/_helpers.tpl deleted file mode 100644 index 0ae3c7135..000000000 --- a/stable/appmesh-gateway/templates/_helpers.tpl +++ /dev/null @@ -1,57 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "appmesh-gateway.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "appmesh-gateway.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "appmesh-gateway.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "appmesh-gateway.labels" -}} -app.kubernetes.io/name: {{ include "appmesh-gateway.name" . }} -helm.sh/chart: {{ include "appmesh-gateway.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "appmesh-gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "appmesh-gateway.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - diff --git a/stable/appmesh-gateway/templates/deployment.yaml b/stable/appmesh-gateway/templates/deployment.yaml deleted file mode 100644 index 2fb1dfa01..000000000 --- a/stable/appmesh-gateway/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "appmesh-gateway.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-gateway.labels" . | indent 4 }} -spec: - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 10% - selector: - matchLabels: - app.kubernetes.io/name: {{ template "appmesh-gateway.fullname" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "appmesh-gateway.fullname" . }} - app.kubernetes.io/component: "appmesh-gateway" - annotations: - {{- if .Values.appmesh.preview }} - appmesh.k8s.aws/preview: "enabled" - {{- end }} - {{- if .Values.image.skipImageOverride }} - appmesh.k8s.aws/virtualGatewaySkipImageOverride: "enabled" - {{- end }} - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - serviceAccountName: {{ template "appmesh-gateway.serviceAccountName" . }} - terminationGracePeriodSeconds: 30 - {{- if .Values.podAntiAffinity }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ include "appmesh-gateway.name" . }} - topologyKey: kubernetes.io/hostname - weight: 100 - {{- end }} - containers: - - name: envoy - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: 8088 - name: http - protocol: TCP - - containerPort: 9901 - name: http-admin - protocol: TCP - livenessProbe: - exec: - command: - - sh - - -c - - >- - curl -s http://localhost:9901/server_info | grep state | grep -q LIVE - readinessProbe: - initialDelaySeconds: 5 - tcpSocket: - port: http-admin - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 6 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 6 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 6 }} - {{- end }} diff --git a/stable/appmesh-gateway/templates/gateway.yaml b/stable/appmesh-gateway/templates/gateway.yaml deleted file mode 100644 index 3fe592add..000000000 --- a/stable/appmesh-gateway/templates/gateway.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.appmesh.gateway }} -apiVersion: appmesh.k8s.aws/v1beta2 -kind: VirtualGateway -metadata: - name: {{ template "appmesh-gateway.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-gateway.labels" . | indent 4 }} -spec: - namespaceSelector: - matchLabels: - appmesh.k8s.aws/sidecarInjectorWebhook: enabled - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "appmesh-gateway.fullname" . }} - listeners: - - portMapping: - port: 8088 - protocol: http - logging: - accessLog: - file: - path: "/dev/stdout" -{{- end }} diff --git a/stable/appmesh-gateway/templates/hpa.yaml b/stable/appmesh-gateway/templates/hpa.yaml deleted file mode 100644 index 558dd99db..000000000 --- a/stable/appmesh-gateway/templates/hpa.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.hpa.enabled }} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "appmesh-gateway.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-gateway.labels" . | indent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "appmesh-gateway.fullname" . }} - minReplicas: {{ .Values.hpa.minReplicas }} - maxReplicas: {{ .Values.hpa.maxReplicas }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.hpa.averageUtilization }} -{{- end }} diff --git a/stable/appmesh-gateway/templates/psp.yaml b/stable/appmesh-gateway/templates/psp.yaml deleted file mode 100644 index 204449791..000000000 --- a/stable/appmesh-gateway/templates/psp.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "appmesh-gateway.fullname" . }} - labels: -{{ include "appmesh-gateway.labels" . | indent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - hostIPC: false - hostNetwork: false - hostPID: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "appmesh-gateway.fullname" . }}-psp - labels: -{{ include "appmesh-gateway.labels" . | indent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "appmesh-gateway.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "appmesh-gateway.fullname" . }}-psp - labels: -{{ include "appmesh-gateway.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-gateway.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "appmesh-gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/appmesh-gateway/templates/service.yaml b/stable/appmesh-gateway/templates/service.yaml deleted file mode 100644 index 6fff88d6f..000000000 --- a/stable/appmesh-gateway/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "appmesh-gateway.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-gateway.labels" . | indent 4 }} - annotations: - {{- range $key, $value := .Values.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - type: {{ .Values.service.type }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - name: http - protocol: TCP - selector: - app.kubernetes.io/name: {{ template "appmesh-gateway.fullname" . }} diff --git a/stable/appmesh-gateway/templates/serviceaccount.yaml b/stable/appmesh-gateway/templates/serviceaccount.yaml deleted file mode 100644 index 5872b2d63..000000000 --- a/stable/appmesh-gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "appmesh-gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: -{{- include "appmesh-gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/stable/appmesh-gateway/values.yaml b/stable/appmesh-gateway/values.yaml deleted file mode 100644 index 99d211503..000000000 --- a/stable/appmesh-gateway/values.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Default values for appmesh-gateway. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -nameOverride: "" -fullnameOverride: "" - -image: - repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy - tag: v1.15.1.0-prod - pullPolicy: IfNotPresent - # skipImageOverride: when enabled the App Mesh injector will not override the Envoy image - skipImageOverride: false - -service: - type: LoadBalancer - port: 80 - # externalTrafficPolicy: when set to Local it preserves the client source IP - externalTrafficPolicy: Cluster - # annotations: NLB as default load balancer type - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: nlb - -appmesh: - # appmesh.gateway: Whether to create a VirtualGateway or not - gateway: true - # appmesh.preview: Whether to enable App Mesh Preview (us-west-2 only) or not - preview: false - -# resources: requests are set by default to enable HPA -resources: -# limits: -# cpu: 2000m -# memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - -# hpa: CPU based auto-scaling -hpa: - enabled: false - minReplicas: 2 - maxReplicas: 5 - # CPU average utilization percentage - averageUtilization: 90 - -# podAntiAffinity: the scheduler should prefer to not schedule -# two replica pods onto the same node but no guarantee is provided. -podAntiAffinity: - enabled: true - -# affinity: node/pod affinity (disable podAntiAffinity to use this) -affinity: {} - -nodeSelector: {} - -tolerations: [] - -podAnnotations: {} - -serviceAccount: - # serviceAccount.create: Whether to create a service account or not - create: true - # serviceAccount.name: The name of the service account to create or use - name: "" - annotations: {} - -rbac: - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false diff --git a/stable/appmesh-grafana/.helmignore b/stable/appmesh-grafana/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/stable/appmesh-grafana/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/stable/appmesh-grafana/Chart.yaml b/stable/appmesh-grafana/Chart.yaml deleted file mode 100644 index 0af74939b..000000000 --- a/stable/appmesh-grafana/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -name: appmesh-grafana -description: App Mesh Grafana Helm chart for Kubernetes -version: 1.0.4 -appVersion: 6.4.3 -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/eks-charts -maintainers: - - name: Nicholas Turner - url: https://github.com/nckturner - email: nckturner@users.noreply.github.com - - name: Stefan Prodan - url: https://github.com/stefanprodan - email: stefanprodan@users.noreply.github.com -keywords: - - eks - - appmesh - - grafana - diff --git a/stable/appmesh-grafana/README.md b/stable/appmesh-grafana/README.md deleted file mode 100644 index f83a4186b..000000000 --- a/stable/appmesh-grafana/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# App Mesh Grafana - -App Mesh Grafana Helm chart for Kubernetes - -## Prerequisites - -* Kubernetes >= 1.16 -* AWS App Mesh [Prometheus](https://github.com/aws/eks-charts/tree/master/stable/appmesh-prometheus) >= 0.3.0 - -## Installing the Chart - -Add the EKS repository to Helm: - -```sh -helm repo add eks https://aws.github.io/eks-charts -``` - -Install App Mesh Grafana: - -```sh -helm upgrade -i appmesh-grafana eks/appmesh-grafana \ ---namespace appmesh-system -``` - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -## Uninstalling the Chart - -To uninstall/delete the `appmesh-grafana` deployment: - -```console -helm delete --purge appmesh-grafana -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -Parameter | Description | Default ---- | --- | --- -`image.repository` | image repository | `grafana/grafana` -`image.tag` | image tag | `` -`image.pullPolicy` | image pull policy | `IfNotPresent` -`resources.requests/cpu` | pod CPU request | `100m` -`resources.requests/memory` | pod memory request | `256Mi` -`resources.limits/cpu` | pod CPU limit | `2000m` -`resources.limits/memory` | pod memory limit | `2Gi` -`affinity` | node/pod affinities | None -`nodeSelector` | node labels for pod assignment | `{}` -`tolerations` | list of node taints to tolerate | `[]` -`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` -`serviceAccount.create` | If `true`, create a new service account | `true` -`serviceAccount.name` | Service account to be used | None -`url` | Prometheus URL | `http://appmesh-prometheus:9090` diff --git a/stable/appmesh-grafana/dashboards/canary-releases.json b/stable/appmesh-grafana/dashboards/canary-releases.json deleted file mode 100644 index 5fab43fce..000000000 --- a/stable/appmesh-grafana/dashboards/canary-releases.json +++ /dev/null @@ -1,1270 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 2, - "links": [], - "panels": [ - { - "content": "
\nRED: $workload.$namespace\n
", - "datasource": null, - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "options": {}, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": null, - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 90, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(rate(envoy_cluster_upstream_rq{kubernetes_namespace=~\"$namespace\",app=~\"$workload-primary\"}[30s])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Primary: Incoming Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": null, - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_rq{kubernetes_namespace=~\"$namespace\",app=~\"$workload-primary\",envoy_response_code!~\"5.*\"}[30s])) / sum(irate(envoy_cluster_upstream_rq{kubernetes_namespace=~\"$namespace\",app=~\"$workload-primary\"}[30s]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": null, - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(40, 224, 65, 0.18)", - "full": true, - "lineColor": "#7eb26d", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(rate(envoy_cluster_upstream_rq{kubernetes_namespace=~\"$namespace\",app=~\"$workload\"}[30s])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Canary: Incoming Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": null, - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 99, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(40, 224, 65, 0.18)", - "full": true, - "lineColor": "#7eb26d", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(envoy_cluster_upstream_rq{kubernetes_namespace=~\"$namespace\",app=~\"$workload\",envoy_response_code!~\"5.*\"}[30s])) / sum(irate(envoy_cluster_upstream_rq{kubernetes_namespace=~\"$namespace\",app=~\"$workload\"}[30s]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(envoy_cluster_upstream_cx_rx_bytes_total{kubernetes_namespace=~\"$namespace\",app=~\"$workload-primary\"}[30s])))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "traffic", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Primary: Incoming Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 91, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(envoy_cluster_upstream_cx_rx_bytes_total{kubernetes_namespace=~\"$namespace\",app=~\"$workload\"}[30s])))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "traffic", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Canary: Incoming Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nUSE: $workload.$namespace\n
", - "datasource": null, - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 101, - "links": [], - "mode": "html", - "options": {}, - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 100, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{cpu=\"total\",namespace=\"$namespace\",pod_name=~\"$workload-primary.*\", container_name!~\"POD|istio-proxy|envoy\"}[1m])) by (pod_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ pod_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Primary: CPU Usage by Pod", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": "CPU seconds / second", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 102, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{cpu=\"total\",namespace=\"$namespace\",pod_name=~\"$workload.*\", pod_name!~\"$workload-primary.*\", container_name!~\"POD|istio-proxy|evnoy\"}[1m])) by (pod_name)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ pod_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Canary: CPU Usage by Pod", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": "CPU seconds / second", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 20 - }, - "id": 103, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\",pod_name=~\"$workload-primary.*\", container_name!~\"POD|istio-proxy|envoy\"}) by (pod_name)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ pod_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Primary: Memory Usage by Pod", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 20 - }, - "id": 104, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\",pod_name=~\"$workload.*\", pod_name!~\"$workload-primary.*\", container_name!~\"POD|istio-proxy|envoy\"}) by (pod_name)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ pod_name }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Canary: Memory Usage by Pod", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 105, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "received", - "color": "#f9d9f9" - }, - { - "alias": "transmited", - "color": "#f29191" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate (container_network_receive_bytes_total{namespace=\"$namespace\",pod_name=~\"$workload-primary.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "received", - "refId": "A" - }, - { - "expr": "-sum (rate (container_network_transmit_bytes_total{namespace=\"$namespace\",pod_name=~\"$workload-primary.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "transmited", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Primary: Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "Bps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 106, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "received", - "color": "#f9d9f9" - }, - { - "alias": "transmited", - "color": "#f29191" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate (container_network_receive_bytes_total{namespace=\"$namespace\",pod_name=~\"$workload.*\",pod_name!~\"$workload-primary.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "received", - "refId": "A" - }, - { - "expr": "-sum (rate (container_network_transmit_bytes_total{namespace=\"$namespace\",pod_name=~\"$workload.*\",pod_name!~\"$workload-primary.*\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "transmited", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Canary: Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "Bps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 20, - "style": "light", - "tags": [ - "flagger" - ], - "templating": { - "list": [ - { - "allValue": null, - "current": { - "text": "demo", - "value": "demo" - }, - "datasource": null, - "definition": "flagger_canary_status", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "flagger_canary_status", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "tags": [], - "text": "podinfo", - "value": "podinfo" - }, - "datasource": null, - "definition": "flagger_canary_status", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "flagger_canary_status", - "refresh": 1, - "regex": "/.*name=\"([^\"]*).*/", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "AWS App Mesh: Canary Releases", - "uid": "appmesh-flagger", - "version": 2 -} diff --git a/stable/appmesh-grafana/dashboards/control-plane.json b/stable/appmesh-grafana/dashboards/control-plane.json deleted file mode 100644 index 3ab533bb9..000000000 --- a/stable/appmesh-grafana/dashboards/control-plane.json +++ /dev/null @@ -1,682 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "AWS App Mesh control plane overview", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total number of SDK API calls from App Mesh controller to AWS", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(aws_api_calls_total[1m])) by (operation)", - "legendFormat": "{{operation}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "AWS SDK API calls", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Successful AWS API calls with 2xx response ", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(aws_api_calls_total{status_code=~\"2.*\"}[1m])) by (operation)", - "legendFormat": "{{operation}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "AWS API calls 2xx response", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Failed AWS API calls with 4xx/5xx response", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 20, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(aws_api_calls_total{status_code=~\"4.*|5.*\"}[1m])) by (operation)", - "legendFormat": "{{operation}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "AWS API calls 4xx/5xx response", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Number of goroutines for the App Mesh controller", - "fill": 3, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 16 - }, - "id": 16, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{kubernetes_namespace=\"appmesh-system\", control_plane=\"appmesh-controller\"}", - "legendFormat": "appmesh-controller", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "How many seconds of work has been done that is in progress and hasn't been observed by work_duration. Large values indicate stuck threads. One can deduce the number of stuck threads by observing the rate at which this increases", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 16 - }, - "id": 22, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(workqueue_unfinished_work_seconds{kubernetes_namespace=\"appmesh-system\"}) by (name)", - "legendFormat": "{{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Work queue unfinished work", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "appmesh-system namespace containers memory working set", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 24 - }, - "id": 11, - "interval": "", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{namespace=\"appmesh-system\",container!=\"POD\",container!=\"\"}) by (container)", - "hide": false, - "legendFormat": "{{container}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "decimals": 2, - "description": "appmesh-system namespace containers CPU usage seconds total", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 12, - "interval": "", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (rate(container_cpu_usage_seconds_total{namespace=\"appmesh-system\",container!=\"POD\",container!=\"\"}[1m])) by (container)", - "hide": false, - "legendFormat": "{{container}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 20, - "style": "light", - "tags": [ - "appmesh" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-3h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "AWS App Mesh: Control Plane", - "uid": "appmesh-control-plane", - "version": 1 -} diff --git a/stable/appmesh-grafana/dashboards/data-plane.json b/stable/appmesh-grafana/dashboards/data-plane.json deleted file mode 100644 index e50a7cccb..000000000 --- a/stable/appmesh-grafana/dashboards/data-plane.json +++ /dev/null @@ -1,2492 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "AWS App Mesh data plane overview", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorPostfix": false, - "colorPrefix": false, - "colorValue": true, - "colors": [ - "#3274D9", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": null, - "decimals": 0, - "description": "Total number of App Mesh sidecars", - "format": "short", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 0 - }, - "id": 4, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "pluginVersion": "6.4.3", - "postfix": "", - "postfixFontSize": "100%", - "prefix": "", - "prefixFontSize": "100%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false, - "ymax": null, - "ymin": null - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(envoy_server_live{job=\"appmesh-envoy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Total Envoy sidecars", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Envoy Sidecars", - "transparent": true, - "type": "singlestat", - "valueFontSize": "150%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "#E02F44", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": null, - "decimals": 0, - "description": "Unhealthy App Mesh Envoy instances", - "format": "short", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 7, - "y": 0 - }, - "id": 7, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "100%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "#96D98D", - "full": false, - "lineColor": "#56A64B", - "show": false, - "ymax": null, - "ymin": null - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(envoy_cluster_membership_total{job=\"appmesh-envoy\"}) - sum(envoy_cluster_membership_healthy{job=\"appmesh-envoy\"}))", - "format": "time_series", - "instant": false, - "legendFormat": "Unhealthy sidecars", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Unhealthy Sidecars ", - "transparent": true, - "type": "singlestat", - "valueFontSize": "150%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "App Mesh sidecars total inbound connections", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 11, - "x": 13, - "y": 0 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_http_downstream_cx_active{job=\"appmesh-envoy\"})", - "format": "time_series", - "instant": false, - "legendFormat": "Total connections", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "transparent": true, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "App Mesh in/out traffic", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 9, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null as zero", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_upstream_cx_rx_bytes_total{job=\"appmesh-envoy\"}[1m]))", - "legendFormat": "Inbound", - "refId": "A" - }, - { - "expr": "sum(rate(envoy_cluster_upstream_cx_tx_bytes_total{job=\"appmesh-envoy\"}[1m]))", - "legendFormat": "Outbound", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "decimals": 2, - "description": "App Mesh Envoy requests per second", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 13, - "interval": "", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_upstream_rq{job=\"appmesh-envoy\"}[1m])) by (kubernetes_namespace)", - "hide": false, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Requests by Namespace", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "reqps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "App Mesh Envoy success HTTP requests per second", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 20 - }, - "id": 20, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_upstream_rq{job=\"appmesh-envoy\",envoy_response_code=~\"2.*\"}[1m])) by (kubernetes_namespace)", - "legendFormat": "{{kubernetes_namespace}} 5xx", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy 2xx Requests by Namespace", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "decimals": 2, - "description": "App Mesh Envoy failed HTTP requests per second", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 20 - }, - "id": 14, - "interval": "", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null as zero", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_upstream_rq{job=\"appmesh-envoy\",envoy_response_code=~\"5.*\"}[1m])) by (kubernetes_namespace)", - "hide": false, - "legendFormat": "{{kubernetes_namespace}} 5xx", - "refId": "A" - }, - { - "expr": "sum(rate(envoy_cluster_upstream_rq{job=\"appmesh-envoy\",envoy_response_code=~\"4.*\"}[1m])) by (kubernetes_namespace)", - "hide": false, - "legendFormat": "{{kubernetes_namespace}} 4xx", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy 5xx/4xx Requests by Namespace", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "reqps", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "decimals": null, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "App Mesh Envoy sidecar containers memory working set by namespace", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 28 - }, - "id": 11, - "interval": "", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{container=\"envoy\"}) by (namespace)", - "hide": false, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy Memory Usage by Namespace", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "decimals": 2, - "description": "App Mesh Envoy sidecar containers CPU usage seconds total", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 28 - }, - "id": 12, - "interval": "", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (rate(container_cpu_usage_seconds_total{container=\"envoy\"}[1m])) by (namespace)", - "hide": false, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Envoy CPU Usage by Namespace", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total connection connect timeouts", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_upstream_cx_connect_timeout[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connection Timeout by Namespace", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total requests that timed out waiting for a response", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_upstream_rq_timeout[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request Timeout by Namespace", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Number of enforced outlier ejections due to any outlier type", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 43 - }, - "id": 26, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(round(increase(envoy_cluster_outlier_detection_ejections_enforced_total{job=\"appmesh-envoy\"}[1m]))) by (kubernetes_namespace)", - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Number of enforced outlier ejections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Number of currently ejected hosts due to outlier detection", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 43 - }, - "id": 28, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_outlier_detection_ejections_active{job=\"appmesh-envoy\"}) by (kubernetes_namespace)", - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Number of currently ejected hosts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Number of enforced consecutive 5xx ejections", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 51 - }, - "id": 24, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(round(increase(envoy_cluster_outlier_detection_ejections_enforced_consecutive_5xx{job=\"appmesh-envoy\"}[1m]))) by (kubernetes_namespace)", - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Number of enforced consecutive 5xx ejections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Number of detected consecutive 5xx ejections (even if unenforced)", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 51 - }, - "id": 22, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(round(increase(envoy_cluster_outlier_detection_ejections_detected_consecutive_5xx{job=\"appmesh-envoy\"}[1m]))) by (kubernetes_namespace)", - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Number of detected consecutive 5xx ejections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Number of connection circuit breakers for a namespace. Envoy metric: cx_open", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 59 - }, - "id": 30, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_circuit_breakers_default_cx_open) by (kubernetes_namespace)", - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Connection(cx) circuit breakers", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Number of request circuit breakers for a namespace. Envoy metric: rq_open", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 59 - }, - "id": 32, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(envoy_cluster_circuit_breakers_default_rq_open) by (kubernetes_namespace)", - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (rq) circuit breakers", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total successful TLS connection handshakes", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_handshake[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Successful TLS connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total TLS connections that failed because of missing client certificate", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_fail_verify_no_cert[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SSL Failures - Missing Client Cert", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total TLS connections that failed SAN verification", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_fail_verify_san[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SSL - SAN Verification Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total TLS connections that failed CA verification", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_fail_verify_error[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SSL - CA Verification Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total TLS connection errors not including failed certificate verifications", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_connection_error[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SSL Connection errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total successful TLS connection handshakes", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_handshake[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Successful TLS connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total TLS connections that failed because of missing client certificate", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_fail_verify_no_cert[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SSL Failures - Missing Client Cert", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total TLS connections that failed SAN verification", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_fail_verify_san[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SSL - SAN Verification Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total TLS connections that failed CA verification", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_fail_verify_error[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SSL - CA Verification Failures", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Total TLS connection errors not including failed certificate verifications", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(envoy_cluster_ssl_connection_error[1m])) by (kubernetes_namespace)", - "intervalFactor": 2, - "legendFormat": "{{kubernetes_namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SSL Connection errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 20, - "style": "light", - "tags": [ - "appmesh" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-3h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "AWS App Mesh: Data Plane", - "uid": "appmesh-data-plane", - "version": 1 -} diff --git a/stable/appmesh-grafana/templates/NOTES.txt b/stable/appmesh-grafana/templates/NOTES.txt deleted file mode 100644 index ed016782e..000000000 --- a/stable/appmesh-grafana/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -AWS App Mesh Grafana installed! \ No newline at end of file diff --git a/stable/appmesh-grafana/templates/_helpers.tpl b/stable/appmesh-grafana/templates/_helpers.tpl deleted file mode 100644 index cd56edd5e..000000000 --- a/stable/appmesh-grafana/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "appmesh-grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "appmesh-grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "appmesh-grafana.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "appmesh-grafana.labels" -}} -app.kubernetes.io/name: {{ include "appmesh-grafana.name" . }} -helm.sh/chart: {{ include "appmesh-grafana.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "appmesh-grafana.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "appmesh-grafana.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/stable/appmesh-grafana/templates/account.yaml b/stable/appmesh-grafana/templates/account.yaml deleted file mode 100644 index 99e3da4d2..000000000 --- a/stable/appmesh-grafana/templates/account.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "appmesh-grafana.serviceAccountName" . }} - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} -{{- end }} diff --git a/stable/appmesh-grafana/templates/dashboards-cfg.yaml b/stable/appmesh-grafana/templates/dashboards-cfg.yaml deleted file mode 100644 index 06bbccdf9..000000000 --- a/stable/appmesh-grafana/templates/dashboards-cfg.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "appmesh-grafana.fullname" . }}-dashboards - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} -data: -{{ (.Files.Glob "dashboards/*").AsConfig | indent 2 }} diff --git a/stable/appmesh-grafana/templates/datasources-cfg.yaml b/stable/appmesh-grafana/templates/datasources-cfg.yaml deleted file mode 100644 index 23bbb4070..000000000 --- a/stable/appmesh-grafana/templates/datasources-cfg.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "appmesh-grafana.fullname" . }}-datasources - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} -data: - datasources.yaml: |- - apiVersion: 1 - deleteDatasources: - - name: prometheus - datasources: - - name: prometheus - type: prometheus - access: proxy - url: {{ .Values.url }} - isDefault: true - editable: true - version: 1 diff --git a/stable/appmesh-grafana/templates/deployment.yaml b/stable/appmesh-grafana/templates/deployment.yaml deleted file mode 100644 index 088aa0e5e..000000000 --- a/stable/appmesh-grafana/templates/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "appmesh-grafana.fullname" . }} - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/name: {{ include "appmesh-grafana.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "appmesh-grafana.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: appmesh - annotations: - prometheus.io/scrape: "false" - spec: - serviceAccountName: {{ include "appmesh-grafana.serviceAccountName" . }} - volumes: - - name: grafana - emptyDir: {} - - name: dashboards - configMap: - name: {{ template "appmesh-grafana.fullname" . }}-dashboards - - name: providers - configMap: - name: {{ template "appmesh-grafana.fullname" . }}-providers - - name: datasources - configMap: - name: {{ template "appmesh-grafana.fullname" . }}-datasources - - name: ini - configMap: - name: {{ template "appmesh-grafana.fullname" . }}-ini - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: GF_PATHS_PROVISIONING - value: /etc/grafana/provisioning/ - - name: GF_AUTH_BASIC_ENABLED - value: "false" - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_AUTH_ANONYMOUS_ORG_ROLE - value: Admin - ports: - - name: http - containerPort: 3000 - protocol: TCP - livenessProbe: - tcpSocket: - port: http - readinessProbe: - tcpSocket: - port: http - volumeMounts: - - name: grafana - mountPath: /var/lib/grafana - - name: ini - mountPath: "/etc/grafana/grafana.ini" - subPath: grafana.ini - - name: dashboards - mountPath: /etc/grafana/dashboards - - name: datasources - mountPath: /etc/grafana/provisioning/datasources - - name: providers - mountPath: /etc/grafana/provisioning/dashboards - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/stable/appmesh-grafana/templates/grafana-cfg.yaml b/stable/appmesh-grafana/templates/grafana-cfg.yaml deleted file mode 100644 index b97cb7bd8..000000000 --- a/stable/appmesh-grafana/templates/grafana-cfg.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "appmesh-grafana.fullname" . }}-ini - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} -data: - grafana.ini: | - [users] - default_theme = light - [analytics] - reporting_enabled = false - check_for_updates = false diff --git a/stable/appmesh-grafana/templates/providers-cfg.yaml b/stable/appmesh-grafana/templates/providers-cfg.yaml deleted file mode 100644 index 9edda3050..000000000 --- a/stable/appmesh-grafana/templates/providers-cfg.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "appmesh-grafana.fullname" . }}-providers - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} -data: - providers.yaml: |+ - apiVersion: 1 - providers: - - name: 'default' - orgId: 1 - folder: '' - type: file - disableDeletion: false - editable: true - options: - path: /etc/grafana/dashboards diff --git a/stable/appmesh-grafana/templates/psp.yaml b/stable/appmesh-grafana/templates/psp.yaml deleted file mode 100644 index 6f62bf6af..000000000 --- a/stable/appmesh-grafana/templates/psp.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "appmesh-grafana.fullname" . }} - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - hostIPC: false - hostNetwork: false - hostPID: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "appmesh-grafana.fullname" . }}-psp - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "appmesh-grafana.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "appmesh-grafana.fullname" . }}-psp - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-grafana.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "appmesh-grafana.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/appmesh-grafana/templates/service.yaml b/stable/appmesh-grafana/templates/service.yaml deleted file mode 100644 index 9eb3cbaa9..000000000 --- a/stable/appmesh-grafana/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "appmesh-grafana.fullname" . }} - labels: -{{ include "appmesh-grafana.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "appmesh-grafana.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/stable/appmesh-grafana/values.yaml b/stable/appmesh-grafana/values.yaml deleted file mode 100644 index 22a238845..000000000 --- a/stable/appmesh-grafana/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Default values for appmesh-grafana. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: grafana/grafana - tag: 6.4.3 - pullPolicy: IfNotPresent - -nameOverride: "" -fullnameOverride: "" - -service: - type: ClusterIP - port: 3000 - -resources: - limits: - memory: 512Mi - requests: - cpu: 10m - memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -serviceAccount: - # serviceAccount.create: Whether to create a service account or not - create: true - # serviceAccount.name: The name of the service account to create or use - name: "" - -rbac: - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -# Prometheus URL -url: http://appmesh-prometheus:9090 diff --git a/stable/appmesh-inject/.helmignore b/stable/appmesh-inject/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/stable/appmesh-inject/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/stable/appmesh-inject/Chart.yaml b/stable/appmesh-inject/Chart.yaml deleted file mode 100644 index d1c8fd6c2..000000000 --- a/stable/appmesh-inject/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -name: appmesh-inject -description: App Mesh Inject Helm chart for Kubernetes -version: 0.14.8 -appVersion: 0.5.0 -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/eks-charts -maintainers: - - name: Nicholas Turner - url: https://github.com/nckturner - email: nckturner@users.noreply.github.com - - name: Stefan Prodan - url: https://github.com/stefanprodan - email: stefanprodan@users.noreply.github.com -keywords: - - eks - - appmesh diff --git a/stable/appmesh-inject/README.md b/stable/appmesh-inject/README.md deleted file mode 100644 index af2fe71f5..000000000 --- a/stable/appmesh-inject/README.md +++ /dev/null @@ -1,88 +0,0 @@ -# App Mesh Inject - -App Mesh inject Helm chart for Kubernetes - -**Note**: Users of AppMesh controller v1.0.0+ **shouldn't** install this inject chart. The sidecar injection functionality is already included in the controller itself. - -## Prerequisites - -* Kubernetes >= 1.13 - -## Installing the Chart - -Add the EKS repository to Helm: - -```sh -helm repo add eks https://aws.github.io/eks-charts -``` - -Install the App Mesh CRDs: - -```sh -kubectl apply -k github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=master -``` - -Install the App Mesh admission controller: - -```sh -helm upgrade -i appmesh-inject eks/appmesh-inject \ ---namespace appmesh-system \ ---set mesh.name=global -``` - -Optionally you can create a mesh at install time: - -```sh -helm upgrade -i appmesh-inject eks/appmesh-inject \ ---namespace appmesh-system \ ---set mesh.name=global \ ---set mesh.create=true -``` - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -## Uninstalling the Chart - -To uninstall/delete the `appmesh-inject` deployment: - -```console -helm delete --purge appmesh-inject -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -Parameter | Description | Default ---- | --- | --- -`image.repository` | controller image repository | `602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-app-mesh-inject` -`image.tag` | controller image tag | `` -`image.pullPolicy` | image pull policy | `IfNotPresent` -`resources.requests/cpu` | pod CPU request | `100m` -`resources.requests/memory` | pod memory request | `64Mi` -`resources.limits/cpu` | pod CPU limit | `2000m` -`resources.limits/memory` | pod memory limit | `1Gi` -`affinity` | node/pod affinities | None -`nodeSelector` | node labels for pod assignment | `{}` -`podAnnotations` | annotations to add to each pod | `{}` -`tolerations` | list of node taints to tolerate | `[]` -`rbac.create` | if `true`, create and use RBAC resources | `true` -`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` -`serviceAccount.create` | If `true`, create a new service account | `true` -`serviceAccount.name` | Service account to be used | None -`sidecar.image.repository` | Envoy image repository | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy` -`sidecar.image.tag` | Envoy image tag | `` -`sidecar.logLevel` | Envoy log level | `info` -`sidecar.resources` | Envoy container resources | `requests: cpu 10m memory 32Mi` -`init.image.repository` | Route manager image repository | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager` -`init.image.tag` | Route manager image tag | `` -`mesh.create` | If `true`, create mesh custom resource | `false` -`mesh.name` | The name of the mesh to use | `global` -`mesh.discovery` | The service discovery type to use, can be dns or cloudmap | `dns` -`mesh.egressFilter` | The egress filter used by Mesh, can be DROP_ALL or ALLOW_ALL | `DROP_ALL` -`tracing.enabled` | If `true`, Envoy will be configured with tracing | `false` -`tracing.provider` | The tracing provider can be x-ray, jaeger or datadog | `x-ray` -`tracing.address` | Jaeger or Datadog agent server address (ignored for X-Ray) | `appmesh-jaeger.appmesh-system` -`tracing.port` | Jaeger or Datadog agent port (ignored for X-Ray) | `9411` diff --git a/stable/appmesh-inject/ci/values.yaml b/stable/appmesh-inject/ci/values.yaml deleted file mode 100644 index 438a349e0..000000000 --- a/stable/appmesh-inject/ci/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# CI testing values for appmesh-inject. - -region: us-west-2 -image: - repository: stefanprodan/aws-app-mesh-inject - tag: v0.2.0 - pullPolicy: IfNotPresent - diff --git a/stable/appmesh-inject/templates/NOTES.txt b/stable/appmesh-inject/templates/NOTES.txt deleted file mode 100644 index 48c1dc7ef..000000000 --- a/stable/appmesh-inject/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -AWS App Mesh Inject installed! \ No newline at end of file diff --git a/stable/appmesh-inject/templates/_helpers.tpl b/stable/appmesh-inject/templates/_helpers.tpl deleted file mode 100644 index a44badb7d..000000000 --- a/stable/appmesh-inject/templates/_helpers.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "appmesh-inject.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "appmesh-inject.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "appmesh-inject.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "appmesh-inject.labels" -}} -app.kubernetes.io/name: {{ include "appmesh-inject.name" . }} -helm.sh/chart: {{ include "appmesh-inject.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "appmesh-inject.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "appmesh-inject.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Generate certificates for webhook -*/}} -{{- define "appmesh-inject.gen-certs" -}} -{{- $altNames := list ( printf "%s.%s" (include "appmesh-inject.fullname" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "appmesh-inject.fullname" .) .Release.Namespace ) -}} -{{- $ca := genCA "appmesh-inject-ca" 3650 -}} -{{- $cert := genSignedCert ( include "appmesh-inject.fullname" . ) nil $altNames 3650 $ca -}} -caCert: {{ $ca.Cert | b64enc }} -clientCert: {{ $cert.Cert | b64enc }} -clientKey: {{ $cert.Key | b64enc }} -{{- end -}} diff --git a/stable/appmesh-inject/templates/account.yaml b/stable/appmesh-inject/templates/account.yaml deleted file mode 100644 index 010b6617a..000000000 --- a/stable/appmesh-inject/templates/account.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "appmesh-inject.serviceAccountName" . }} - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -{{- end }} diff --git a/stable/appmesh-inject/templates/deployment.yaml b/stable/appmesh-inject/templates/deployment.yaml deleted file mode 100644 index f54c1b89d..000000000 --- a/stable/appmesh-inject/templates/deployment.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "appmesh-inject.fullname" . }} - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "appmesh-inject.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "appmesh-inject.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: appmesh - annotations: - prometheus.io/scrape: "false" - {{- with .Values.podAnnotations }} -{{ toYaml . | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "appmesh-inject.serviceAccountName" . }} - volumes: - - name: certs - secret: - secretName: {{ template "appmesh-inject.fullname" . }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: certs - mountPath: /etc/webhook/certs - readOnly: true - env: - - name: APPMESH_NAME - value: {{ .Values.mesh.name }} - - name: APPMESH_LOG_LEVEL - value: {{ .Values.sidecar.logLevel }} - command: - - ./appmeshinject - - -sidecar-image={{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }} - - -sidecar-cpu-requests={{ .Values.sidecar.resources.requests.cpu }} - - -sidecar-memory-requests={{ .Values.sidecar.resources.requests.memory }} - - -init-image={{ .Values.init.image.repository }}:{{ .Values.init.image.tag }} - - -enable-stats-tags={{ .Values.stats.tagsEnabled }} - - -enable-statsd={{ .Values.stats.statsdEnabled }} - {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "x-ray" ) }} - - -inject-xray-sidecar=true - {{- end }} - {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "jaeger" ) }} - - -enable-jaeger-tracing=true - - -jaeger-address={{ .Values.tracing.address }} - - -jaeger-port={{ .Values.tracing.port }} - {{- end }} - {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "datadog" ) }} - - -enable-datadog-tracing=true - - -datadog-address={{ .Values.tracing.address }} - - -datadog-port={{ .Values.tracing.port }} - {{- end }} - {{- if .Values.region }} - - -region={{ .Values.region }} - {{- end }} - ports: - - name: https - containerPort: 8080 - protocol: TCP - readinessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - livenessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - securityContext: - readOnlyRootFilesystem: true - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/stable/appmesh-inject/templates/mesh.yaml b/stable/appmesh-inject/templates/mesh.yaml deleted file mode 100644 index b7d1323fa..000000000 --- a/stable/appmesh-inject/templates/mesh.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.mesh.create }} -apiVersion: appmesh.k8s.aws/v1beta1 -kind: Mesh -metadata: - name: {{ .Values.mesh.name }} - annotations: - helm.sh/resource-policy: keep - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -spec: - serviceDiscoveryType: {{ .Values.mesh.discovery }} - egressFilter: - type: {{ .Values.mesh.egressFilter }} -{{- end }} diff --git a/stable/appmesh-inject/templates/psp.yaml b/stable/appmesh-inject/templates/psp.yaml deleted file mode 100644 index e58a252f7..000000000 --- a/stable/appmesh-inject/templates/psp.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "appmesh-inject.fullname" . }} - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - hostIPC: false - hostNetwork: false - hostPID: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "appmesh-inject.fullname" . }}-psp - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "appmesh-inject.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "appmesh-inject.fullname" . }}-psp - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-inject.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "appmesh-inject.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/appmesh-inject/templates/rbac.yaml b/stable/appmesh-inject/templates/rbac.yaml deleted file mode 100644 index 945fce23d..000000000 --- a/stable/appmesh-inject/templates/rbac.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ template "appmesh-inject.fullname" . }} - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -rules: - - apiGroups: ["*"] - resources: ["replicasets"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ template "appmesh-inject.fullname" . }} - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-inject.fullname" . }} -subjects: -- name: {{ template "appmesh-inject.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - kind: ServiceAccount -{{- end }} diff --git a/stable/appmesh-inject/templates/service.yaml b/stable/appmesh-inject/templates/service.yaml deleted file mode 100644 index e3c174e33..000000000 --- a/stable/appmesh-inject/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "appmesh-inject.fullname" . }} - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -spec: - type: ClusterIP - ports: - - name: https - port: 443 - targetPort: https - selector: - app.kubernetes.io/name: {{ include "appmesh-inject.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/stable/appmesh-inject/templates/webhook.yaml b/stable/appmesh-inject/templates/webhook.yaml deleted file mode 100644 index 97cccc2fb..000000000 --- a/stable/appmesh-inject/templates/webhook.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{ $tls := fromYaml ( include "appmesh-inject.gen-certs" . ) }} ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "appmesh-inject.fullname" . }} - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -webhooks: - - name: aws-app-mesh-inject.aws.amazon.com - clientConfig: - service: - name: {{ include "appmesh-inject.name" . }} - namespace: {{ .Release.Namespace }} - path: "/" - caBundle: {{ $tls.caCert }} - rules: - - operations: ["CREATE","UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Ignore - namespaceSelector: - matchLabels: - appmesh.k8s.aws/sidecarInjectorWebhook: enabled ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "appmesh-inject.fullname" . }} - labels: -{{ include "appmesh-inject.labels" . | indent 4 }} -type: Opaque -data: - cert.pem: {{ $tls.clientCert }} - key.pem: {{ $tls.clientKey }} diff --git a/stable/appmesh-inject/values.yaml b/stable/appmesh-inject/values.yaml deleted file mode 100644 index f14321712..000000000 --- a/stable/appmesh-inject/values.yaml +++ /dev/null @@ -1,84 +0,0 @@ -# Default values for appmesh-inject. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 -region: "" - -image: - repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-app-mesh-inject - tag: v0.5.0 - pullPolicy: IfNotPresent - -sidecar: - image: - repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy - tag: v1.15.1.0-prod - # sidecar.logLevel: Envoy log level can be info, warn, error or debug - logLevel: info - resources: - # sidecar.resources.requests: Envoy CPU and memory requests - requests: - cpu: 10m - memory: 32Mi -init: - image: - repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager - tag: v3-prod - -nameOverride: "" -fullnameOverride: "" - -resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 64Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -podAnnotations: {} - -serviceAccount: - # serviceAccount.create: Whether to create a service account or not - create: true - # serviceAccount.name: The name of the service account to create or use - name: "" - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -mesh: - # mesh.create: `true` if mesh resource should be created - create: false - # mesh.name: The name of the mesh to use - name: "global" - # mesh.discovery: The service discovery type to use, can be dns or cloudmap - discovery: dns - # mesh.egressFilter: The mesh Egress Filter, can be ALLOW_ALL or DROP_ALL - egressFilter: DROP_ALL - -tracing: - # tracing.enabled: `true` if Envoy should be configured tracing - enabled: false - # tracing.provider: can be x-ray, jaeger or datadog - provider: x-ray - # tracing.address: Jaeger or Datadog agent server address (ignored for X-Ray) - address: appmesh-jaeger.appmesh-system - # tracing.address: Jaeger or Datadog agent server port (ignored for X-Ray) - port: 9411 - -stats: - # stats.tagsEnabled: `true` if Envoy should include app-mesh tags - tagsEnabled: false - # stats.statsdEnabled: `true` if Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 - statsdEnabled: false diff --git a/stable/appmesh-jaeger/.helmignore b/stable/appmesh-jaeger/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/stable/appmesh-jaeger/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/stable/appmesh-jaeger/Chart.yaml b/stable/appmesh-jaeger/Chart.yaml deleted file mode 100644 index 1de1c616a..000000000 --- a/stable/appmesh-jaeger/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -name: appmesh-jaeger -description: App Mesh Jaeger Helm chart for Kubernetes -version: 1.0.3 -appVersion: 1.29.0 -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/eks-charts -maintainers: - - name: Nicholas Turner - url: https://github.com/nckturner - email: nckturner@users.noreply.github.com - - name: Stefan Prodan - url: https://github.com/stefanprodan - email: stefanprodan@users.noreply.github.com -keywords: - - eks - - appmesh diff --git a/stable/appmesh-jaeger/README.md b/stable/appmesh-jaeger/README.md deleted file mode 100644 index e32399aa5..000000000 --- a/stable/appmesh-jaeger/README.md +++ /dev/null @@ -1,83 +0,0 @@ -# App Mesh Jaeger - -App Mesh Jaeger Helm chart for Kubernetes - -## Prerequisites - -* Kubernetes >= 1.13 - -## Installing the Chart - -Add the EKS repository to Helm: - -```sh -helm repo add eks https://aws.github.io/eks-charts -``` - -Install App Mesh Jaeger: - -```sh -helm upgrade -i appmesh-jaeger eks/appmesh-jaeger \ ---namespace appmesh-system -``` - -For Jaeger persistent storage you can create a [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) -and use `--set persistentVolumeClaim.claimName=`. - -Enable Jaeger tracing for the App Mesh data plane: - -```sh -helm upgrade -i appmesh-controller eks/appmesh-controller \ - --namespace appmesh-system \ - --set tracing.enabled=true \ - --set tracing.provider=jaeger \ - --set tracing.address=appmesh-jaeger.appmesh-system \ - --set tracing.port=9411 -``` - -**Note** that you should restart all pods running inside the mesh after enabling tracing. - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -## Uninstalling the Chart - -To uninstall/delete the `appmesh-jaeger` deployment: - -```console -helm delete appmesh-jaeger -n appmesh-system -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -Parameter | Description | Default ---- | --- | --- -`image.repository` | image repository | `jaegertracing/all-in-one` -`image.tag` | image tag | `` -`image.pullPolicy` | image pull policy | `IfNotPresent` -`resources.requests/cpu` | pod CPU request | `100m` -`resources.requests/memory` | pod memory request | `256Mi` -`resources.limits/cpu` | pod CPU limit | `2000m` -`resources.limits/memory` | pod memory limit | `2Gi` -`probes.liveness.initialDelaySeconds` | seconds to delay liveness probing | `0` -`probes.liveness.periodSeconds` | interval between liveness probing | `10` -`probes.liveness.timeoutSeconds` | timeout for liveness probe | `1` -`probes.liveness.successThreshold` | minimum consecutive successes for probe to be considered successful | `1` -`probes.liveness.failureThreshold` | minimum consecutive fails for probe to be considered failed | `3` -`probes.readiness.initialDelaySeconds` | seconds to delay readiness probing | `0` -`probes.readiness.periodSeconds` | interval between readiness probing | `10` -`probes.readiness.timeoutSeconds` | timeout for readiness probe | `1` -`probes.readiness.successThreshold` | minimum consecutive successes for probe to be considered successful | `1` -`probes.readiness.failureThreshold` | minimum consecutive fails for probe to be considered failed | `3` -`affinity` | node/pod affinities | None -`nodeSelector` | node labels for pod assignment | `{}` -`tolerations` | list of node taints to tolerate | `[]` -`rbac.create` | if `true`, create and use RBAC resources | `true` -`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` -`serviceAccount.create` | If `true`, create a new service account | `true` -`serviceAccount.name` | Service account to be used | None -`memory.maxTraces` | The amount of traces stored in memory | `40000` -`persistentVolumeClaim.claimName` | Specify an existing volume claim to be used for Badger data | None diff --git a/stable/appmesh-jaeger/templates/NOTES.txt b/stable/appmesh-jaeger/templates/NOTES.txt deleted file mode 100644 index 785e3b5fb..000000000 --- a/stable/appmesh-jaeger/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -AWS App Mesh Jaeger installed! -Jaeger UI port: 16686 -Jaeger Zipkin port: 9411 \ No newline at end of file diff --git a/stable/appmesh-jaeger/templates/_helpers.tpl b/stable/appmesh-jaeger/templates/_helpers.tpl deleted file mode 100644 index 0ac10e49d..000000000 --- a/stable/appmesh-jaeger/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "appmesh-jaeger.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "appmesh-jaeger.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "appmesh-jaeger.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "appmesh-jaeger.labels" -}} -app.kubernetes.io/name: {{ include "appmesh-jaeger.name" . }} -helm.sh/chart: {{ include "appmesh-jaeger.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "appmesh-jaeger.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "appmesh-jaeger.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/stable/appmesh-jaeger/templates/account.yaml b/stable/appmesh-jaeger/templates/account.yaml deleted file mode 100644 index 1ea811f71..000000000 --- a/stable/appmesh-jaeger/templates/account.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "appmesh-jaeger.serviceAccountName" . }} - labels: -{{ include "appmesh-jaeger.labels" . | indent 4 }} -{{- end }} diff --git a/stable/appmesh-jaeger/templates/deployment.yaml b/stable/appmesh-jaeger/templates/deployment.yaml deleted file mode 100644 index 802068b27..000000000 --- a/stable/appmesh-jaeger/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "appmesh-jaeger.fullname" . }} - labels: -{{ include "appmesh-jaeger.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/name: {{ include "appmesh-jaeger.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "appmesh-jaeger.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: appmesh - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "14269" - spec: - serviceAccountName: {{ include "appmesh-jaeger.serviceAccountName" . }} - volumes: - - name: data - {{- if .Values.persistentVolumeClaim.claimName }} - persistentVolumeClaim: - claimName: {{ .Values.persistentVolumeClaim.claimName }} - {{- else }} - emptyDir: {} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - # agent: accept zipkin.thrift over compact thrift protocol (deprecated, used by legacy clients only) - - containerPort: 5775 - protocol: UDP - # agent: accept jaeger.thrift over compact thrift protocol - - containerPort: 6831 - protocol: UDP - # agent: accept jaeger.thrift over binary thrift protocol - - containerPort: 6832 - protocol: UDP - # collector: Zipkin compatible endpoint - - containerPort: 9411 - protocol: TCP - # query: serve frontend - - containerPort: 16686 - protocol: TCP - # agent: serve configs - - containerPort: 5778 - protocol: TCP - # collector: accept jaeger.thrift directly from clients - - containerPort: 14268 - protocol: TCP - # collector: Health Check server - - containerPort: 14269 - protocol: TCP - env: - - name: MEMORY_MAX_TRACES - value: "{{ .Values.memory.maxTraces }}" - - name: COLLECTOR_ZIPKIN_HOST_PORT - value: "9411" - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - - name: QUERY_BASE_PATH - value: /jaeger - livenessProbe: - httpGet: - path: / - port: 14269 - initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.probes.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }} - successThreshold: {{ .Values.probes.liveness.successThreshold }} - failureThreshold: {{ .Values.probes.liveness.failureThreshold }} - readinessProbe: - httpGet: - path: / - port: 14269 - initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.probes.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }} - successThreshold: {{ .Values.probes.readiness.successThreshold }} - failureThreshold: {{ .Values.probes.readiness.failureThreshold }} - volumeMounts: - - name: data - mountPath: /badger - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/stable/appmesh-jaeger/templates/psp.yaml b/stable/appmesh-jaeger/templates/psp.yaml deleted file mode 100644 index 79240e0ab..000000000 --- a/stable/appmesh-jaeger/templates/psp.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "appmesh-jaeger.fullname" . }} - labels: -{{ include "appmesh-jaeger.labels" . | indent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - hostIPC: false - hostNetwork: false - hostPID: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "appmesh-jaeger.fullname" . }}-psp - labels: -{{ include "appmesh-jaeger.labels" . | indent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "appmesh-jaeger.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "appmesh-jaeger.fullname" . }}-psp - labels: -{{ include "appmesh-jaeger.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-jaeger.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "appmesh-jaeger.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/appmesh-jaeger/templates/service.yaml b/stable/appmesh-jaeger/templates/service.yaml deleted file mode 100644 index 745a8dacc..000000000 --- a/stable/appmesh-jaeger/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "appmesh-jaeger.fullname" . }} - labels: -{{ include "appmesh-jaeger.labels" . | indent 4 }} -spec: - type: ClusterIP - ports: - - port: 9411 - targetPort: 9411 - protocol: TCP - name: http-zipkin - - port: 16686 - targetPort: 16686 - protocol: TCP - name: http-ui - selector: - app.kubernetes.io/name: {{ include "appmesh-jaeger.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/stable/appmesh-jaeger/values.yaml b/stable/appmesh-jaeger/values.yaml deleted file mode 100644 index bd8b229a4..000000000 --- a/stable/appmesh-jaeger/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# Default values for appmesh-jaeger. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: jaegertracing/all-in-one - tag: 1.29 - pullPolicy: IfNotPresent - -nameOverride: "" -fullnameOverride: "" - -resources: - limits: - cpu: 2000m - memory: 2Gi - requests: - cpu: 100m - memory: 256Mi - - ## Jaeger server readiness and liveness probe initial delay and timeout - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - ## -probes: - liveness: - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - readiness: - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -serviceAccount: - # serviceAccount.create: Whether to create a service account or not - create: true - # serviceAccount.name: The name of the service account to create or use - name: "" - -rbac: - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -memory: - # memory.maxTraces: The amount of traces stored in memory - maxTraces: 40000 - -persistentVolumeClaim: - # persistentVolumeClaim.claimName: Specify an existing volume claim to be used for Badger data - claimName: "" diff --git a/stable/appmesh-prometheus/.helmignore b/stable/appmesh-prometheus/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/stable/appmesh-prometheus/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/stable/appmesh-prometheus/Chart.yaml b/stable/appmesh-prometheus/Chart.yaml deleted file mode 100644 index 0b5b48ed2..000000000 --- a/stable/appmesh-prometheus/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -name: appmesh-prometheus -description: App Mesh Prometheus Helm chart for Kubernetes -version: 1.0.3 -appVersion: 2.13.1 -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/eks-charts -maintainers: - - name: Nicholas Turner - url: https://github.com/nckturner - email: nckturner@users.noreply.github.com - - name: Stefan Prodan - url: https://github.com/stefanprodan - email: stefanprodan@users.noreply.github.com -keywords: - - eks - - appmesh diff --git a/stable/appmesh-prometheus/README.md b/stable/appmesh-prometheus/README.md deleted file mode 100644 index 5acae16b1..000000000 --- a/stable/appmesh-prometheus/README.md +++ /dev/null @@ -1,146 +0,0 @@ -# App Mesh Prometheus - -App Mesh Prometheus Helm chart for Kubernetes - -## Prerequisites - -* Kubernetes >= 1.13 - -## Installing the Chart - -Add the EKS repository to Helm: - -```sh -helm repo add eks https://aws.github.io/eks-charts -``` - -Install App Mesh Prometheus: - -```sh -helm upgrade -i appmesh-prometheus eks/appmesh-prometheus \ ---namespace appmesh-system -``` - -Optional: Persist your data -If you do not persist your Prometheus data, then it will only exist as long as the Prometheus pod is running. For Prometheus persistent storage, you need to use PersistentVolumeClaim. -As for the volume plugin, we use EBS CSI Driver as an example, but you can use other popular volume plugins like NFS, Ceph etc. -In configuration, replace *your-appmesh-cluster* as your EKS appmesh cluster name and *your-aws-account* as your AWS account ID. - -Enable EBS CSI Driver: -- Initialize iam-oidc-provider -``` -eksctl utils associate-iam-oidc-provider --region=us-west-2 --cluster=your-appmesh-cluster --approve -``` -- Create IAM role -``` -eksctl create iamserviceaccount \ - --name ebs-csi-controller-sa \ - --namespace kube-system \ - --cluster your-appmesh-cluster \ - --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ - --approve \ - --role-only \ - --role-name AmazonEKS_EBS_CSI_DriverRole -``` -- Addon the EBS driver to running cluster. -``` -eksctl create addon --name aws-ebs-csi-driver --cluster your-appmesh-cluster --service-account-role-arn arn:aws:iam::your-aws-account:role/AmazonEKS_EBS_CSI_DriverRole --force -``` - -More details: https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html - -- Create a [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) -and use `--set persistentVolumeClaim.claimName=`. - -``` -cat <` -`image.pullPolicy` | image pull policy | `IfNotPresent` -`resources.requests/cpu` | pod CPU request | `100m` -`resources.requests/memory` | pod memory request | `256Mi` -`resources.limits/cpu` | pod CPU limit | `2000m` -`resources.limits/memory` | pod memory limit | `2Gi` -`affinity` | node/pod affinities | None -`nodeSelector` | node labels for pod assignment | `{}` -`tolerations` | list of node taints to tolerate | `[]` -`rbac.create` | if `true`, create and use RBAC resources | `true` -`rbac.pspEnabled` | if `true`, create and use a restricted pod security policy | `false` -`serviceAccount.create` | if `true`, create a new service account | `true` -`serviceAccount.name` | service account to be used | None -`retention` | when to remove old data | `6h` -`scrapeInterval` | interval between consecutive scrapes | `5s` -`persistentVolumeClaim.claimName` | specify an existing volume claim to be used for Prometheus data | None -`remoteWrite.enabled` | if `true`, write prometheus metrics to an external location | `false` -`remoteWrite.url` | the url of the endpoint to send samples to | None -`remoteWrite.bearer_token` | bearer token | None - - -## Troubleshooting - -If the Prometheus port does not open properly, first determine if the Pod is functioning properly. The following is an not ready example: -``` -kubectl -n appmesh-system get deploy,po,svc -NAME READY UP-TO-DATE AVAILABLE AGE -deployment.apps/appmesh-controller 1/1 1 1 42m -deployment.apps/appmesh-prometheus 0/1 1 0 33m - -NAME READY STATUS RESTARTS AGE -pod/appmesh-controller-6dcf8c7787-zgh7w 1/1 Running 0 42m -pod/appmesh-prometheus-6d6ffbb888-5644r 0/1 Pending 0 30m - -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -service/appmesh-controller-webhook-service ClusterIP 10.100.96.3 443/TCP 42m -service/appmesh-prometheus ClusterIP 10.100.53.248 9090/TCP 33m -``` -If the Pod status is unhealthy and you use PVC for persistent storage, first check the status of the PVC, and check the log in event: -``` -kubectl describe pvc -n appmesh-system -``` -If the problem is not solved, check the node's resource deployment, memory and CPU limits: -``` -kubectl describe nodes -``` -If the node doesn't have enough resources, you can try [scaling the cluster](https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html). diff --git a/stable/appmesh-prometheus/templates/NOTES.txt b/stable/appmesh-prometheus/templates/NOTES.txt deleted file mode 100644 index 7833f1f03..000000000 --- a/stable/appmesh-prometheus/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -AWS App Mesh Prometheus installed! \ No newline at end of file diff --git a/stable/appmesh-prometheus/templates/_helpers.tpl b/stable/appmesh-prometheus/templates/_helpers.tpl deleted file mode 100644 index b00abc467..000000000 --- a/stable/appmesh-prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "appmesh-prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "appmesh-prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "appmesh-prometheus.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "appmesh-prometheus.labels" -}} -app.kubernetes.io/name: {{ include "appmesh-prometheus.name" . }} -helm.sh/chart: {{ include "appmesh-prometheus.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "appmesh-prometheus.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "appmesh-prometheus.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/stable/appmesh-prometheus/templates/account.yaml b/stable/appmesh-prometheus/templates/account.yaml deleted file mode 100644 index 61032adbe..000000000 --- a/stable/appmesh-prometheus/templates/account.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "appmesh-prometheus.serviceAccountName" . }} - labels: -{{ include "appmesh-prometheus.labels" . | indent 4 }} -{{- end }} diff --git a/stable/appmesh-prometheus/templates/config.yaml b/stable/appmesh-prometheus/templates/config.yaml deleted file mode 100644 index c93325619..000000000 --- a/stable/appmesh-prometheus/templates/config.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "appmesh-prometheus.fullname" . }} - labels: -{{ include "appmesh-prometheus.labels" . | indent 4 }} -data: - prometheus.yml: |- - global: - scrape_interval: {{ .Values.scrapeInterval }} - - scrape_configs: - - # Scrape config for AppMesh Envoy sidecar - - job_name: 'appmesh-envoy' - metrics_path: /stats/prometheus - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_name] - action: keep - regex: '^envoy$' - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: ${1}:9901 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: kubernetes_pod_name - - # Exclude high cardinality metrics - metric_relabel_configs: - - source_labels: [ cluster_name ] - regex: '(outbound|inbound|prometheus_stats).*' - action: drop - - source_labels: [ tcp_prefix ] - regex: '(outbound|inbound|prometheus_stats).*' - action: drop - - source_labels: [ listener_address ] - regex: '(.+)' - action: drop - - source_labels: [ http_conn_manager_listener_prefix ] - regex: '(.+)' - action: drop - - source_labels: [ http_conn_manager_prefix ] - regex: '(.+)' - action: drop - - source_labels: [ __name__ ] - regex: 'envoy_tls.*' - action: drop - - source_labels: [ __name__ ] - regex: 'envoy_tcp_downstream.*' - action: drop - - source_labels: [ __name__ ] - regex: 'envoy_http_(stats|admin).*' - action: drop - - source_labels: [ __name__ ] - regex: 'envoy_cluster_(lb|retry|bind|internal|max|original).*' - action: drop - - # Scrape config for API servers - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: - - default - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: kubernetes;https - - # Scrape config for cAdvisor - - job_name: 'kubernetes-cadvisor' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - - # Exclude high cardinality metrics - metric_relabel_configs: - - source_labels: [__name__] - regex: (container|machine)_(cpu|memory|network|fs)_(.+) - action: keep - - source_labels: [__name__] - regex: container_memory_failures_total - action: drop - - # Scrape config for pods - - job_name: kubernetes-pods - kubernetes_sd_configs: - - role: pod - relabel_configs: - - action: keep - regex: true - source_labels: - - __meta_kubernetes_pod_annotation_prometheus_io_scrape - - source_labels: [ __address__ ] - regex: '.*9901.*' - action: drop - - action: replace - regex: (.+) - source_labels: - - __meta_kubernetes_pod_annotation_prometheus_io_path - target_label: __metrics_path__ - - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - source_labels: - - __address__ - - __meta_kubernetes_pod_annotation_prometheus_io_port - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - action: replace - source_labels: - - __meta_kubernetes_namespace - target_label: kubernetes_namespace - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: kubernetes_pod_name - - {{- if .Values.remote_write.enabled }} - remote_write: - - url: "{{ .Values.remote_write.endpoint }}" - bearer_token: "{{ .Values.remote_write.bearer_token }}" - {{- end }} \ No newline at end of file diff --git a/stable/appmesh-prometheus/templates/deployment.yaml b/stable/appmesh-prometheus/templates/deployment.yaml deleted file mode 100644 index dd167ca57..000000000 --- a/stable/appmesh-prometheus/templates/deployment.yaml +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "appmesh-prometheus.fullname" . }} - labels: -{{ include "appmesh-prometheus.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/name: {{ include "appmesh-prometheus.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "appmesh-prometheus.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: appmesh - annotations: - checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum | quote }} - spec: - serviceAccountName: {{ include "appmesh-prometheus.serviceAccountName" . }} - volumes: - - name: config-volume - configMap: - name: {{ template "appmesh-prometheus.fullname" . }} - - name: data-volume - {{- if .Values.persistentVolumeClaim.claimName }} - persistentVolumeClaim: - claimName: {{ .Values.persistentVolumeClaim.claimName }} - {{- else }} - emptyDir: {} - {{- end }} - initContainers: - - name: chown - image: alpine:latest - command: ["/bin/sh", "-c"] - args: - - chown 65534:65534 /mount; - volumeMounts: - - name: data-volume - mountPath: /mount - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "--storage.tsdb.retention={{ .Values.retention }}" - - "--config.file=/etc/prometheus/prometheus.yml" - ports: - - name: http - containerPort: 9090 - protocol: TCP - livenessProbe: - httpGet: - path: /-/healthy - port: http - readinessProbe: - httpGet: - path: /-/ready - port: http - securityContext: - runAsUser: 65534 - runAsGroup: 65534 - runAsNonRoot: true - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - name: data-volume - mountPath: /prometheus/data - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/stable/appmesh-prometheus/templates/psp.yaml b/stable/appmesh-prometheus/templates/psp.yaml deleted file mode 100644 index d7094442a..000000000 --- a/stable/appmesh-prometheus/templates/psp.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "appmesh-prometheus.fullname" . }} - labels: -{{ include "appmesh-prometheus.labels" . | indent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - hostIPC: false - hostNetwork: false - hostPID: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "appmesh-prometheus.fullname" . }}-psp - labels: -{{ include "appmesh-prometheus.labels" . | indent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "appmesh-prometheus.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "appmesh-prometheus.fullname" . }}-psp - labels: -{{ include "appmesh-prometheus.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-prometheus.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "appmesh-prometheus.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/appmesh-prometheus/templates/rbac.yaml b/stable/appmesh-prometheus/templates/rbac.yaml deleted file mode 100644 index ebf2ad18b..000000000 --- a/stable/appmesh-prometheus/templates/rbac.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "appmesh-prometheus.fullname" . }} - labels: -{{ include "appmesh-prometheus.labels" . | indent 4 }} -rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - - nodes/proxy - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - nonResourceURLs: ["/metrics"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "appmesh-prometheus.fullname" . }} - labels: -{{ include "appmesh-prometheus.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-prometheus.fullname" . }} -subjects: -- name: {{ template "appmesh-prometheus.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - kind: ServiceAccount -{{- end }} diff --git a/stable/appmesh-prometheus/templates/service.yaml b/stable/appmesh-prometheus/templates/service.yaml deleted file mode 100644 index 8a31db3d7..000000000 --- a/stable/appmesh-prometheus/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "appmesh-prometheus.fullname" . }} - labels: -{{ include "appmesh-prometheus.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "appmesh-prometheus.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/stable/appmesh-prometheus/values.yaml b/stable/appmesh-prometheus/values.yaml deleted file mode 100644 index 19bd34f22..000000000 --- a/stable/appmesh-prometheus/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Default values for appmesh-prometheus. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -retention: 6h -scrapeInterval: 5s - -replicaCount: 1 - -image: - repository: prom/prometheus - tag: v2.13.1 - pullPolicy: IfNotPresent - -nameOverride: "" -fullnameOverride: "" - -service: - type: ClusterIP - port: 9090 - -resources: - limits: - cpu: 2000m - memory: 2Gi - requests: - cpu: 100m - memory: 256Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -serviceAccount: - # serviceAccount.create: Whether to create a service account or not - create: true - # serviceAccount.name: The name of the service account to create or use - name: "" - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -persistentVolumeClaim: - # persistentVolumeClaim.claimName: Specify an existing volume claim to be used for Prometheus data - claimName: "" - -remote_write: - enabled: false - endpoint: "" - bearer_token: "" \ No newline at end of file diff --git a/stable/appmesh-spire-agent/Chart.yaml b/stable/appmesh-spire-agent/Chart.yaml deleted file mode 100644 index 35492e471..000000000 --- a/stable/appmesh-spire-agent/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -name: appmesh-spire-agent -description: SPIRE Agent Helm chart for AppMesh mTLS support on Kubernetes -version: 1.0.7 -appVersion: 1.5.0 -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/eks-charts -maintainers: - - name: Apurup Chevuru - url: https://github.com/achevuru -keywords: - - eks - - appmesh - - spire - diff --git a/stable/appmesh-spire-agent/README.md b/stable/appmesh-spire-agent/README.md deleted file mode 100644 index 31eaf8ccd..000000000 --- a/stable/appmesh-spire-agent/README.md +++ /dev/null @@ -1,46 +0,0 @@ -# Sample App Mesh SPIRE Agent - -Sample App Mesh SPIRE Agent Helm chart for Kubernetes - -## Installing the Chart - -Add the EKS repository to Helm: - -```sh -helm repo add eks https://aws.github.io/eks-charts -``` - -Install App Mesh SPIRE Agent: - -```sh -helm upgrade -i appmesh-spire-agent eks/appmesh-spire-agent \ ---namespace spire -``` - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -## Uninstalling the Chart - -To uninstall/delete the `appmesh-spire-agent` deployment: - -```console -helm delete appmesh-spire-agent --namespace spire -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -Parameter | Description | Default ---- | --- | --- -`config.trustDomain` | SPIRE Trust Domain | `appmesh.aws` -`config.logLevel` | Log Level | `DEBUG` -`config.serverAddress` | SPIRE Server Address | `spire-server` -`config.serverPort` | SPIRE Server Bind Port | `8081` -`serviceAccount.create` | If `true`, create a new service account | `true` -`serviceAccount.name` | Service account to be used | `spire-agent` -`image.tag` | SPIRE Server image version | `1.5.0` - -If you want to upgrade existing SPIRE to a later version without down time, be aware that the difference between SPIRE Agent and SPIRE Server CANNOT BE GREATER than 1 minor version. Also you have to upgrade 1 minor version at a time. Check this [documentation](https://github.com/spiffe/spire/blob/main/doc/upgrading.md) for more info. \ No newline at end of file diff --git a/stable/appmesh-spire-agent/templates/NOTES.txt b/stable/appmesh-spire-agent/templates/NOTES.txt deleted file mode 100644 index 8fb9488c0..000000000 --- a/stable/appmesh-spire-agent/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -SPIRE Agent installed! \ No newline at end of file diff --git a/stable/appmesh-spire-agent/templates/_helpers.tpl b/stable/appmesh-spire-agent/templates/_helpers.tpl deleted file mode 100644 index b2cede6a0..000000000 --- a/stable/appmesh-spire-agent/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "appmesh-spire-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "appmesh-spire-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "appmesh-spire-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "appmesh-spire-agent.labels" -}} -app.kubernetes.io/name: {{ include "appmesh-spire-agent.name" . }} -helm.sh/chart: {{ include "appmesh-spire-agent.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "appmesh-spire-agent.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "appmesh-spire-agent.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/stable/appmesh-spire-agent/templates/account.yaml b/stable/appmesh-spire-agent/templates/account.yaml deleted file mode 100644 index 7446a204c..000000000 --- a/stable/appmesh-spire-agent/templates/account.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "appmesh-spire-agent.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "appmesh-spire-agent.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} \ No newline at end of file diff --git a/stable/appmesh-spire-agent/templates/deployment.yaml b/stable/appmesh-spire-agent/templates/deployment.yaml deleted file mode 100644 index 19bd2b7e5..000000000 --- a/stable/appmesh-spire-agent/templates/deployment.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "appmesh-spire-agent.fullname" . }} - labels: -{{ include "appmesh-spire-agent.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "appmesh-spire-agent.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "appmesh-spire-agent.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: appmesh - spec: - hostPID: true - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ include "appmesh-spire-agent.serviceAccountName" . }} - initContainers: - - name: init - image: "{{ .Values.initContainers.image }}" - args: - - -t - - "30" - - spire-server:8081 - volumes: - - name: spire-config - configMap: - name: {{ template "appmesh-spire-agent.fullname" . }} - - name: spire-bundle - configMap: - name: spire-bundle - - name: spire-agent-socket - hostPath: - path: /run/spire/sockets - type: DirectoryOrCreate - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - -config - - /run/spire/config/agent.conf - livenessProbe: - exec: - command: - - /opt/spire/bin/spire-agent - - healthcheck - - -socketPath - - /run/spire/sockets/agent.sock - failureThreshold: 2 - initialDelaySeconds: 15 - periodSeconds: 60 - timeoutSeconds: 3 - volumeMounts: - - name: spire-config - mountPath: /run/spire/config - readOnly: true - - name: spire-bundle - mountPath: /run/spire/bundle - readOnly: true - - name: spire-agent-socket - mountPath: /run/spire/sockets - readOnly: false diff --git a/stable/appmesh-spire-agent/templates/rbac.yaml b/stable/appmesh-spire-agent/templates/rbac.yaml deleted file mode 100644 index dc03efe26..000000000 --- a/stable/appmesh-spire-agent/templates/rbac.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "appmesh-spire-agent.fullname" . }}-role - labels: -{{ include "appmesh-spire-agent.labels" . | indent 4 }} -rules: - - apiGroups: [""] - resources: ["pods","nodes","nodes/proxy"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "appmesh-spire-agent.fullname" . }}-rolebinding - labels: -{{ include "appmesh-spire-agent.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-spire-agent.fullname" . }}-role -subjects: -- name: {{ template "appmesh-spire-agent.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - kind: ServiceAccount -{{- end }} \ No newline at end of file diff --git a/stable/appmesh-spire-agent/templates/spire-agent-cfg.yaml b/stable/appmesh-spire-agent/templates/spire-agent-cfg.yaml deleted file mode 100644 index bbc61e723..000000000 --- a/stable/appmesh-spire-agent/templates/spire-agent-cfg.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "appmesh-spire-agent.fullname" . }} - labels: -{{ include "appmesh-spire-agent.labels" . | indent 4 }} -data: - agent.conf: | - agent { - data_dir = "/run/spire" - log_level = "{{ .Values.config.logLevel }}" - server_address = "{{ .Values.config.serverAddress }}" - server_port = "{{ .Values.config.serverPort }}" - socket_path = "{{ .Values.config.socketPath }}" - trust_bundle_path = "/run/spire/bundle/bundle.crt" - trust_domain = "{{ .Values.config.trustDomain }}" - } - - plugins { - NodeAttestor "k8s_sat" { - plugin_data { - cluster = "k8s-cluster" - } - } - - KeyManager "memory" { - plugin_data { - } - } - - WorkloadAttestor "k8s" { - plugin_data { - skip_kubelet_verification = true - } - } - - WorkloadAttestor "unix" { - plugin_data { - } - } - } diff --git a/stable/appmesh-spire-agent/values.yaml b/stable/appmesh-spire-agent/values.yaml deleted file mode 100644 index 0a9ac0a0e..000000000 --- a/stable/appmesh-spire-agent/values.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Default values for appmesh-spire-agent. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - repository: gcr.io/spiffe-io/spire-agent - tag: 1.5.0 - pullPolicy: IfNotPresent - -nameOverride: "" -fullnameOverride: "spire-agent" - -resources: - #SPIRE Agent memory limits - limits: - memory: 512Mi - #SPIRE Agent CPU and memory requests - requests: - cpu: 10m - memory: 1Gi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -#SPIRE Agent Init Container parameters -initContainers: - image: gcr.io/spiffe-io/wait-for-it - pullPolicy: IfNotPresent - -serviceAccount: - # serviceAccount.create: Whether to create a service account or not - create: true - # serviceAccount.name: The name of the service account to create or use - name: "spire-agent" - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - -config: - # SPIRE Trust Domain - trustDomain: appmesh.aws - ## SPIRE Agent Log Level - logLevel: DEBUG - # SPIRE Server Bind Address - serverAddress: spire-server - #SPIRE Server Bind Port - serverPort: 8081 - #SPIRE Agent Socket Path - socketPath: /run/spire/sockets/agent.sock diff --git a/stable/appmesh-spire-server/Chart.yaml b/stable/appmesh-spire-server/Chart.yaml deleted file mode 100644 index f143c5751..000000000 --- a/stable/appmesh-spire-server/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -name: appmesh-spire-server -description: SPIRE Server Helm chart for AppMesh mTLS support on Kubernetes -version: 1.0.7 -appVersion: 1.5.0 -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/eks-charts -maintainers: - - name: Apurup Chevuru - url: https://github.com/achevuru -keywords: - - eks - - appmesh - - spire - diff --git a/stable/appmesh-spire-server/README.md b/stable/appmesh-spire-server/README.md deleted file mode 100644 index 42d74638e..000000000 --- a/stable/appmesh-spire-server/README.md +++ /dev/null @@ -1,62 +0,0 @@ -# Sample App Mesh SPIRE Server - -Sample App Mesh SPIRE Server Helm chart for Kubernetes - -## Installing the Chart - -Add the EKS repository to Helm: - -```sh -helm repo add eks https://aws.github.io/eks-charts -``` - -Install App Mesh SPIRE Server: - -```sh -helm upgrade -i appmesh-spire-server eks/appmesh-spire-server \ ---namespace spire -``` - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -## Uninstalling the Chart - -To uninstall/delete the `appmesh-spire-server` deployment: - -```console -helm delete appmesh-spire-server --namespace spire -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -Parameter | Description | Default ---- | --- | --- -`config.trustDomain` | SPIRE Trust Domain | `appmesh.aws` -`config.logLevel` | Log Level | `DEBUG` -`config.svidTTL` | SVID TTL value | `1h` -`config.bindAddress` | SPIRE Server Bind Address | `0.0.0.0` -`config.bindPort` | SPIRE Server Bind Port | `8081` -`serviceAccount.create` | If `true`, create a new service account | `true` -`serviceAccount.name` | Service account to be used | `spire-server` -`config.plugin`| SPIRE Plugin(s) | `null` -`image.tag` | SPIRE Server image version | `1.5.0` - - -To add plugins to the SPIRE server according to the [documentation](https://spiffe.io/docs/latest/planning/extending/), use the following convention -``` yaml -config: - plugin: | - NodeAttestor "tpm" { - plugin_cmd = "/path/to/plugin_cmd" - plugin_checksum = "sha256 of the plugin binary" - plugin_data { - ca_path = "/opt/spire/.data/certs" - } - } -``` - -If you want to upgrade existing SPIRE to a later version without down time, be aware that the difference between SPIRE Agent and SPIRE Server CANNOT BE GREATER than 1 minor version. Also you have to upgrade 1 minor version at a time. Check this [documentation](https://github.com/spiffe/spire/blob/main/doc/upgrading.md) for more info. diff --git a/stable/appmesh-spire-server/templates/NOTES.txt b/stable/appmesh-spire-server/templates/NOTES.txt deleted file mode 100644 index b84dedfc4..000000000 --- a/stable/appmesh-spire-server/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -SPIRE Server installed! \ No newline at end of file diff --git a/stable/appmesh-spire-server/templates/_helpers.tpl b/stable/appmesh-spire-server/templates/_helpers.tpl deleted file mode 100644 index 7f22ec974..000000000 --- a/stable/appmesh-spire-server/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "appmesh-spire-server.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "appmesh-spire-server.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "appmesh-spire-server.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "appmesh-spire-server.labels" -}} -app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} -helm.sh/chart: {{ include "appmesh-spire-server.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "appmesh-spire-server.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "appmesh-spire-server.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/stable/appmesh-spire-server/templates/account.yaml b/stable/appmesh-spire-server/templates/account.yaml deleted file mode 100644 index 7b707df70..000000000 --- a/stable/appmesh-spire-server/templates/account.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "appmesh-spire-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "appmesh-spire-server.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} - diff --git a/stable/appmesh-spire-server/templates/deployment.yaml b/stable/appmesh-spire-server/templates/deployment.yaml deleted file mode 100644 index 39906f24e..000000000 --- a/stable/appmesh-spire-server/templates/deployment.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "appmesh-spire-server.fullname" . }} - labels: -{{ include "appmesh-spire-server.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - serviceName: spire-server - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: appmesh - spec: - serviceAccountName: {{ include "appmesh-spire-server.serviceAccountName" . }} - volumes: - - name: spire-config - configMap: - name: {{ template "appmesh-spire-server.fullname" . }} - containers: - - name: spire-server - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - -config - - /run/spire/config/server.conf - ports: - - containerPort: 8081 - livenessProbe: - exec: - command: - - /opt/spire/bin/spire-server - - healthcheck - failureThreshold: 2 - initialDelaySeconds: 15 - periodSeconds: 60 - timeoutSeconds: 3 - volumeMounts: - - name: spire-config - mountPath: /run/spire/config - readOnly: true - - name: spire-data - mountPath: /run/spire/data - readOnly: false - volumeClaimTemplates: - - metadata: - name: spire-data - namespace: spire - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/stable/appmesh-spire-server/templates/rbac.yaml b/stable/appmesh-spire-server/templates/rbac.yaml deleted file mode 100644 index f5368566d..000000000 --- a/stable/appmesh-spire-server/templates/rbac.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "appmesh-spire-server.fullname" . }}-configmap-role - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-spire-server.labels" . | indent 4 }} -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["patch", "get", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "appmesh-spire-server.fullname" . }}-configmap-rolebinding - namespace: {{ .Release.Namespace }} - labels: -{{ include "appmesh-spire-server.labels" . | indent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "appmesh-spire-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "appmesh-spire-server.fullname" . }}-configmap-role ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "appmesh-spire-server.fullname" . }}-role - labels: -{{ include "appmesh-spire-server.labels" . | indent 4 }} -rules: - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "appmesh-spire-server.fullname" . }}-rolebinding - labels: -{{ include "appmesh-spire-server.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "appmesh-spire-server.fullname" . }}-role -subjects: -- name: {{ template "appmesh-spire-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - kind: ServiceAccount -{{- end }} diff --git a/stable/appmesh-spire-server/templates/service.yaml b/stable/appmesh-spire-server/templates/service.yaml deleted file mode 100644 index da4bec3bf..000000000 --- a/stable/appmesh-spire-server/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "appmesh-spire-server.fullname" . }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.port }} - protocol: TCP - name: grpc - selector: - app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} \ No newline at end of file diff --git a/stable/appmesh-spire-server/templates/spire-bundle-cfg.yaml b/stable/appmesh-spire-server/templates/spire-bundle-cfg.yaml deleted file mode 100644 index 4da32241b..000000000 --- a/stable/appmesh-spire-server/templates/spire-bundle-cfg.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: spire-bundle - namespace: spire \ No newline at end of file diff --git a/stable/appmesh-spire-server/templates/spire-server-cfg.yaml b/stable/appmesh-spire-server/templates/spire-server-cfg.yaml deleted file mode 100644 index 52d92d00f..000000000 --- a/stable/appmesh-spire-server/templates/spire-server-cfg.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "appmesh-spire-server.fullname" . }} - labels: -{{ include "appmesh-spire-server.labels" . | indent 4 }} -data: - server.conf: | - server { - bind_address = "{{ .Values.config.bindAddress }}" - bind_port = "{{ .Values.config.bindPort }}" - socket_path = "/tmp/spire-server/private/api.sock" - trust_domain = "{{ .Values.config.trustDomain }}" - data_dir = "/run/spire/data" - log_level = "{{ .Values.config.logLevel }}" - ca_key_type = "rsa-2048" - - default_svid_ttl = "{{ .Values.config.svidTTL }}" - ca_subject = { - country = ["US"], - organization = ["SPIFFE"], - common_name = "", - } - } - - plugins { - DataStore "sql" { - plugin_data { - database_type = "sqlite3" - connection_string = "/run/spire/data/datastore.sqlite3" - } - } - - NodeAttestor "k8s_sat" { - plugin_data { - clusters = { - "k8s-cluster" = { - use_token_review_api_validation = true - service_account_allow_list = ["spire:spire-agent"] - } - } - } - } - - KeyManager "disk" { - plugin_data { - keys_path = "/run/spire/data/keys.json" - } - } - - Notifier "k8sbundle" { - plugin_data { - } - } - - {{ if .Values.config.plugin }} - {{- .Values.config.plugin | nindent 6 -}} - {{ end }} - } diff --git a/stable/appmesh-spire-server/values.yaml b/stable/appmesh-spire-server/values.yaml deleted file mode 100644 index 75e85774f..000000000 --- a/stable/appmesh-spire-server/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# Default values for appmesh-spire-server. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: gcr.io/spiffe-io/spire-server - tag: 1.5.0 - pullPolicy: IfNotPresent - -nameOverride: "" -fullnameOverride: "spire-server" - -#SPIRE server service parameters -service: - type: NodePort - port: 8081 - -resources: - #SPIRE Server memory limits - limits: - memory: 512Mi - #SPIRE Server CPU and memory requests - requests: - cpu: 10m - memory: 1Gi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -serviceAccount: - # serviceAccount.create: Whether to create a service account or not - create: true - # serviceAccount.name: The name of the service account to create or use - name: "spire-server" - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - -config: - # SPIRE Trust Domain - trustDomain: appmesh.aws - ## SPIRE Server Log Level - logLevel: DEBUG - # SVID TTL value - svidTTL: 1h - # SPIRE Server Bind Address - bindAddress: 0.0.0.0 - # SPIRE Server Bind Port - bindPort: 8081 - # SPIRE Plugins - plugin: "" From 3ca3d5ee91b455efab9843fad3da39a0c2418a59 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 24 Sep 2024 11:16:36 -0500 Subject: [PATCH 2/2] chore: Re-add `appmesh-controller` chart --- README.md | 6 +- stable/appmesh-controller/.helmignore | 24 + stable/appmesh-controller/Chart.yaml | 16 + stable/appmesh-controller/README.md | 453 ++ stable/appmesh-controller/ci/values.yaml | 9 + stable/appmesh-controller/crds/crds.yaml | 4155 +++++++++++++++++ .../crds/kustomization.yaml | 4 + stable/appmesh-controller/templates/NOTES.txt | 1 + .../appmesh-controller/templates/_helpers.tpl | 69 + .../templates/deployment.yaml | 152 + stable/appmesh-controller/templates/pdb.yaml | 18 + stable/appmesh-controller/templates/psp.yaml | 57 + stable/appmesh-controller/templates/rbac.yaml | 81 + .../appmesh-controller/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 13 + .../appmesh-controller/templates/webhook.yaml | 157 + stable/appmesh-controller/test.yaml | 177 + .../upgrade/pre_upgrade_check.sh | 110 + stable/appmesh-controller/values.yaml | 168 + stable/appmesh-controller/webhookconfig.yaml | 20 + 20 files changed, 5702 insertions(+), 1 deletion(-) create mode 100644 stable/appmesh-controller/.helmignore create mode 100644 stable/appmesh-controller/Chart.yaml create mode 100644 stable/appmesh-controller/README.md create mode 100644 stable/appmesh-controller/ci/values.yaml create mode 100644 stable/appmesh-controller/crds/crds.yaml create mode 100644 stable/appmesh-controller/crds/kustomization.yaml create mode 100644 stable/appmesh-controller/templates/NOTES.txt create mode 100644 stable/appmesh-controller/templates/_helpers.tpl create mode 100644 stable/appmesh-controller/templates/deployment.yaml create mode 100644 stable/appmesh-controller/templates/pdb.yaml create mode 100644 stable/appmesh-controller/templates/psp.yaml create mode 100644 stable/appmesh-controller/templates/rbac.yaml create mode 100644 stable/appmesh-controller/templates/service.yaml create mode 100644 stable/appmesh-controller/templates/serviceaccount.yaml create mode 100644 stable/appmesh-controller/templates/webhook.yaml create mode 100644 stable/appmesh-controller/test.yaml create mode 100755 stable/appmesh-controller/upgrade/pre_upgrade_check.sh create mode 100644 stable/appmesh-controller/values.yaml create mode 100644 stable/appmesh-controller/webhookconfig.yaml diff --git a/README.md b/README.md index 3ebeeea94..dde964e5f 100644 --- a/README.md +++ b/README.md @@ -10,10 +10,14 @@ helm repo add eks https://aws.github.io/eks-charts ### App Mesh +> [!NOTE] +> Please see the announcement related to [AWS AppMesh service support](https://aws.amazon.com/blogs/containers/migrating-from-aws-app-mesh-to-amazon-ecs-service-connect/) + +* [appmesh-controller](stable/appmesh-controller): App Mesh controller Helm chart for Kubernetes + > [!WARNING] > The following Helm charts are deprecated following the announcement of discontinued support for [AWS AppMesh](https://aws.amazon.com/blogs/containers/migrating-from-aws-app-mesh-to-amazon-ecs-service-connect/) -* `appmesh-controller`: App Mesh controller Helm chart for Kubernetes * `appmesh-prometheus`: App Mesh Prometheus Helm chart for Kubernetes * `appmesh-grafana`: App Mesh Grafana Helm chart for Kubernetes * `appmesh-jaeger`: App Mesh Jaeger Helm chart for Kubernetes diff --git a/stable/appmesh-controller/.helmignore b/stable/appmesh-controller/.helmignore new file mode 100644 index 000000000..bbcfa462d --- /dev/null +++ b/stable/appmesh-controller/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +crds/kustomization.yaml diff --git a/stable/appmesh-controller/Chart.yaml b/stable/appmesh-controller/Chart.yaml new file mode 100644 index 000000000..ea0a3f6f3 --- /dev/null +++ b/stable/appmesh-controller/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +name: appmesh-controller +description: App Mesh controller Helm chart for Kubernetes +version: 1.13.1 +appVersion: 1.13.1 +home: https://github.com/aws/eks-charts +icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png +sources: + - https://github.com/aws/eks-charts +maintainers: + - name: Kishor Joshi + url: https://github.com/kishorj + email: kishorj@users.noreply.github.com +keywords: + - eks + - appmesh diff --git a/stable/appmesh-controller/README.md b/stable/appmesh-controller/README.md new file mode 100644 index 000000000..2e2b0435f --- /dev/null +++ b/stable/appmesh-controller/README.md @@ -0,0 +1,453 @@ +# App Mesh Controller + +> :warning: **This controller is published in multiple repos**: Contributions to this Helm chart must be written to [aws/aws-app-mesh-controller-for-k8s Github repo.](https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/config/helm/appmesh-controller) PRs to other repos like **aws/eks-charts** may be closed or overwritten upon next controller release. + +App Mesh controller Helm chart for Kubernetes + +**Note**: If you wish to use [App Mesh preview](https://docs.aws.amazon.com/app-mesh/latest/userguide/preview.html) features, please refer to our [preview version](https://github.com/aws/eks-charts/blob/preview/stable/appmesh-controller/README.md) instructions. + +## Prerequisites + +* Kubernetes >= 1.14 +* IAM permissions (see below) + +## Installing the Chart + +**Note**: AppMesh controller v1.0.0+ is **backwards incompatible** with old versions(e.g. v0.5.0). +If you're running an older version of App Mesh controller, please go to the [upgrade](#upgrade) section below before you proceed. If you are unsure, please run the `appmesh-controller/upgrade/pre_upgrade_check.sh` script to check if your cluster can be upgraded + +Add the EKS repository to Helm: + +```sh +helm repo add eks https://aws.github.io/eks-charts +``` + +Install the App Mesh CRDs: + +```sh +kubectl apply -k "github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=master" +``` + +Create namespace +```sh +kubectl create ns appmesh-system +``` + +The controller runs on the worker nodes, so it needs access to the AWS App Mesh / Cloud Map resources via IAM permissions. The IAM permissions can either be setup via IAM roles for service account or can be attached directly to the worker node IAM roles. + +#### Setup IAM Role for Service Account + +``` +export CLUSTER_NAME= +export AWS_REGION= +export AWS_ACCOUNT_ID= +``` + +Enable IAM OIDC provider +```sh +eksctl utils associate-iam-oidc-provider --region=$AWS_REGION \ + --cluster=$CLUSTER_NAME \ + --approve +``` + +Download the IAM policy for AWS App Mesh Kubernetes Controller +``` +curl -o controller-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json +``` + +Create an IAM policy called AWSAppMeshK8sControllerIAMPolicy +``` +aws iam create-policy \ + --policy-name AWSAppMeshK8sControllerIAMPolicy \ + --policy-document file://controller-iam-policy.json +``` +Take note of the policy ARN that is returned + +Create an IAM role for service account for the App Mesh Kubernetes controller, use the ARN from the step above + +> Note: if you deleted `serviceaccount` in the `appmesh-system` namespace, you will need to delete and re-create `iamserviceaccount`. `eksctl` does not override the `iamserviceaccount` correctly ([see this issue](https://github.com/weaveworks/eksctl/issues/2665)) + +``` +eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ + --namespace appmesh-system \ + --name appmesh-controller \ + --attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/AWSAppMeshK8sControllerIAMPolicy \ + --override-existing-serviceaccounts \ + --approve +``` + +Deploy appmesh-controller + +**Note:** To enable mTLS via SDS(SPIRE), please set "sds.enabled=true". + +```sh +helm upgrade -i appmesh-controller eks/appmesh-controller \ + --namespace appmesh-system \ + --set region=$AWS_REGION \ + --set serviceAccount.create=false \ + --set serviceAccount.name=appmesh-controller +``` + +The [configuration](#configuration) section lists the parameters that can be configured during installation. + +**Note** +If you want to start the controller in the EKS private cluster, enable the app mesh and service discovery VPC endpoints to the linked private subnet first. Also accountId is a required field now as `--set accountId=$AWS_ACCOUNT_ID`. +If you want to enable X-ray tracing in private cluster, enable the X-ray VPC endpoint. Also, ECR VPC endpoint [does not support public repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). Controller uses `public.ecr.aws/xray/aws-xray-daemon:latest` by default, so you need to pull this image to local and [push it into your personal ECR repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html). Set it when deploying the controller like: +``` +helm upgrade -i appmesh-controller eks/appmesh-controller \ + --namespace appmesh-system \ + --set region=$AWS_REGION \ + --set serviceAccount.create=false \ + --set serviceAccount.name=appmesh-controller \ + --set accountId=$AWS_ACCOUNT_ID \ + --set log.level=debug \ + --set tracing.enabled=true \ + --set tracing.provider=x-ray \ + --set xray.image.repository={your-account-id}.dkr.ecr.{your-region}.amazonaws.com/{your-repository} \ + --set xray.image.tag={your-xray-daemon-image-tag} +``` +Verify if the X-ray daemon being injected successfully when binding application deployment with virtual node/gateway. +More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html + +**Note** +Make sure that the Envoy proxies have the following IAM policies attached for the Envoy to authenticate with AWS App Mesh and fetch it's configuration +- https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json + +There are **2 ways** you can attach the above policy to the Envoy Pod +#### With IRSA +Download the Envoy IAM policy +``` +curl -o envoy-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json +``` + +Create an IAM policy called AWSAppMeshEnvoyIAMPolicy +``` +aws iam create-policy \ + --policy-name AWSAppMeshEnvoyIAMPolicy \ + --policy-document file://envoy-iam-policy.json +``` + +Take note of the policy ARN that is returned + +If your Mesh enabled applications are already using IRSA then you can attach the above policy to the role belonging to the existing IRSA or you can edit the Trust Relationship of the existing iam role which has this envoy policy so that some other service account in your mesh can also assume this role. + +If not then you can create a service account for your application namespace and use the ARN from the step above. Ensure that Application Namespace already exists + +``` +eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ + --namespace \ + --name envoy-proxy \ + --attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/AWSAppMeshEnvoyIAMPolicy \ + --override-existing-serviceaccounts \ + --approve +``` + +Reference this Service Account in your application pod spec. This should be the pod which would get injected with the Envoy. Refer below example: +``` +https://github.com/aws/aws-app-mesh-examples/blob/5a2d04227593d292d52e5e2ca638d808ebed5e70/walkthroughs/howto-k8s-fargate/v1beta2/manifest.yaml.template#L220 +``` + +#### Without IRSA +Find the Node Instance IAM Role from your worker nodes and attach below policies to it. +**Note** If you created service account for the controller as indicated above then you can skip attaching the Controller IAM policy to worker nodes. Instead attach only the Envoy IAM policy. + +Controller IAM policy +- https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json +Use below command to download the policy if not already +```sh +curl -o controller-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json +``` + +Envoy IAM policy +Attach the below envoy policy to your Worker Nodes (Node Instance IAM Role) +- https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json +Use below command to download the policy if not already +```sh +curl -o envoy-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json +``` + +Apply the IAM policy directly to the worker nodes by replacing the ``, ``, and `` in below command: +```sh +aws iam put-role-policy --role-name --policy-name --policy-document file:// +``` + +Deploy appmesh-controller +```sh +helm upgrade -i appmesh-controller eks/appmesh-controller \ + --namespace appmesh-system +``` + +The [configuration](#configuration) section lists the parameters that can be configured during installation. + +### Installation on EKS with Fargate + +``` +export CLUSTER_NAME= +export AWS_REGION= +export AWS_ACCOUNT_ID= +``` + +Create namespace +```sh +kubectl create ns appmesh-system +``` + +Setup EKS Fargate profile +```sh +eksctl create fargateprofile --cluster $CLUSTER_NAME --namespace appmesh-system +``` + +Enable IAM OIDC provider +```sh +eksctl utils associate-iam-oidc-provider --region=$AWS_REGION --cluster=$CLUSTER_NAME --approve +``` + +Download the IAM policy for AWS App Mesh Kubernetes Controller +``` +curl -o controller-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json +``` + +Create an IAM policy called AWSAppMeshK8sControllerIAMPolicy +``` +aws iam create-policy \ + --policy-name AWSAppMeshK8sControllerIAMPolicy \ + --policy-document file://controller-iam-policy.json +``` +Take note of the policy ARN that is returned + +Create an IAM role for service account for the App Mesh Kubernetes controller, use the ARN from the step above + +> Note: if you deleted `serviceaccount` in the `appmesh-system` namespace, you will need to delete and re-create `iamserviceaccount`. `eksctl` does not override the `iamserviceaccount` correctly ([see this issue](https://github.com/weaveworks/eksctl/issues/2665)) + +``` +eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ + --namespace appmesh-system \ + --name appmesh-controller \ + --attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/AWSAppMeshK8sControllerIAMPolicy \ + --override-existing-serviceaccounts \ + --approve +``` + +Deploy appmesh-controller + +**Note:** mTLS via SDS(SPIRE) is not supported on Fargate. + +```sh +helm upgrade -i appmesh-controller eks/appmesh-controller \ + --namespace appmesh-system \ + --set region=$AWS_REGION \ + --set serviceAccount.create=false \ + --set serviceAccount.name=appmesh-controller +``` + +## Upgrade + +This section will assist you in upgrading the appmesh-controller from <=v0.5.0 version to >=v1.0.0 version. + +You can either build new CRDs from scratch or migrate existing CRDs to the new schema. Please refer to the documentation [here for the new API spec](https://aws.github.io/aws-app-mesh-controller-for-k8s/reference/api_spec/). Also, you can find several examples [here](https://github.com/aws/aws-app-mesh-examples/tree/main/walkthroughs) with v1beta2 spec to help you get started. + +Starting v1.0.0, Mesh resource supports namespaceSelectors, where you can either select namespace based on labels (recommended option) or select all namespaces. To select a namespace in a Mesh, you will need to define `namespaceSelector`: + +``` +apiVersion: appmesh.k8s.aws/v1beta2 +kind: Mesh +metadata: + name: +spec: + namespaceSelector: + matchLabels: + mesh: // any string value +``` + +Note: If you set `namespaceSelector: {}`, mesh will select all the namespace in your cluster. Labels on your namespace spec is a no-op when selecting all namespaces. + +In the namespace spec, you will need to add a label `mesh: `. Here's a sample namespace spec: + +``` +apiVersion: v1 +kind: Namespace +metadata: + name: ns + labels: + mesh: + appmesh.k8s.aws/sidecarInjectorWebhook: enabled +``` + +For more examples, please refer to the walkthroughs [here](https://github.com/aws/aws-app-mesh-examples/tree/main/walkthroughs). If you don't find an example that fits your use-case, please read the API spec [here](https://aws.github.io/aws-app-mesh-controller-for-k8s/reference/api_spec/). If you find an issue in the documentation or the examples, please open an issue and we'll help resolve it. + +### Upgrade without preserving old App Mesh resources + +```sh +# Keep old App Mesh controller running, it is responsible to cleanup App Mesh resources in AWS +# Delete all existing App Mesh custom resources (CRs) +kubectl delete virtualservices --all --all-namespaces +kubectl delete virtualnodes --all --all-namespaces +kubectl delete meshes --all --all-namespaces + +# Delete all existing App Mesh CRDs +kubectl delete customresourcedefinition/virtualservices.appmesh.k8s.aws +kubectl delete customresourcedefinition/virtualnodes.appmesh.k8s.aws +kubectl delete customresourcedefinition/meshes.appmesh.k8s.aws +# Note: If a CRD stuck in deletion, it means there still exists some App Mesh custom resources, please check and delete them. + +# Delete App Mesh controller +helm delete appmesh-controller -n appmesh-system + +# Delete App Mesh injector +helm delete appmesh-inject -n appmesh-system +``` + +Run the `appmesh-controller/upgrade/pre_upgrade_check.sh` script and make sure it passes before you proceed + +Now you can proceed with the installation steps described above + +### Upgrade preserving old App Mesh resources + +```sh +# Save manifests of all existing App Mesh custom resources +kubectl get virtualservices --all-namespaces -o yaml > virtualservices.yaml +kubectl get virtualnodes --all-namespaces -o yaml > virtualnodes.yaml +kubectl get meshes --all-namespaces -o yaml > meshes.yaml + +# Delete App Mesh controller, so it won’t clean up App Mesh resources in AWS while we deleting App Mesh CRs later. +helm delete appmesh-controller -n appmesh-system + +# Delete App Mesh injector. +helm delete appmesh-inject -n appmesh-system + +# Remove finalizers from all existing App Mesh CRs. Otherwise, you won’t be able to delete them + +# To remove the finalizers, you could kubectl edit resource, and delete the finalizers attribute from the spec or run the following command to override finalizers. e.g for virtualnodes +# kubectl get virtualnodes --all-namespaces -o=jsonpath='{range .items[*]}{.metadata.namespace}{"\t"}{.metadata.name}{"\n"}{end}' | xargs -n2 sh -c 'kubectl patch virtualnode/$1 -n $0 -p '\''{"metadata":{"finalizers":null}}'\'' --type=merge' + +# Alternatively, you could modify one resource at a time using +# kubectl get -n -o=json | jq '.metadata.finalizers = null' | kubectl apply -f - + +# Delete all existing App Mesh CRs: +kubectl delete virtualservices --all --all-namespaces +kubectl delete virtualnodes --all --all-namespaces +kubectl delete meshes --all --all-namespaces + +# Delete all existing App Mesh CRDs. +kubectl delete customresourcedefinition/virtualservices.appmesh.k8s.aws +kubectl delete customresourcedefinition/virtualnodes.appmesh.k8s.aws +kubectl delete customresourcedefinition/meshes.appmesh.k8s.aws +# Note: If CRDs are stuck in deletion, it means there still exists some App Mesh CRs, please check and delete them. +``` + +Run the `appmesh-controller/upgrade/pre_upgrade_check.sh` script and make sure it passes before you proceed + +Translate the saved old YAML manifests using v1beta1 App Mesh CRD into v1beta2 App Mesh CRD format. Please refer to CRD types ( +https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/config/crd/bases) and Go types +(https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/apis/appmesh/v1beta2) for the CRD Documentation. +Samples applications are in the repo https://github.com/aws/aws-app-mesh-examples for reference. + +Note: Please specify the current appmesh resource names in the awsName field of the translated specs. + +Install the appmesh-controller, label the namespace with values that mesh is selecting on and apply the translated manifest + +### Upgrade from prior script installation + +If you've installed the App Mesh controllers with scripts, you can remove the controllers with the steps below. +```sh +# remove injector objects +kubectl delete ns appmesh-inject +kubectl delete ClusterRoleBinding aws-app-mesh-inject-binding +kubectl delete ClusterRole aws-app-mesh-inject-cr +kubectl delete MutatingWebhookConfiguration aws-app-mesh-inject + +# remove controller objects +kubectl delete ns appmesh-system +kubectl delete ClusterRoleBinding app-mesh-controller-binding +kubectl delete ClusterRole app-mesh-controller +``` +Run the `appmesh-controller/upgrade/pre_upgrade_check.sh` script and make sure it passes before you proceed + +For handling the existing custom resources and the CRDs please refer to either of the previous upgrade sections as relevant. + +## Running on ARM Based Instances +The controller can run on ARM based instances. To do this you need to specify the ARM64 controller image when deploying the Helm chart. +You can specify the ARM64 image by setting the image.tag Helm parameter to `-linux_arm64` + +For example, to run controller version 1.9.0 on ARM instances you could run the following: +```console +helm upgrade -i appmesh-controller eks/appmesh-controller \ + --namespace appmesh-system \ + --set region=$AWS_REGION \ + --set image.tag=v1.9.0-linux_arm64 +``` + +## Uninstalling the Chart + +To uninstall/delete the `appmesh-controller` deployment: + +```console +$ helm delete appmesh-controller -n appmesh-system +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the chart and their default values. + +Parameter | Description | Default +--- | --- | --- +`image.repository` | image repository | ` 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller` +`image.tag` | image tag | `` +`image.pullPolicy` | image pull policy | `IfNotPresent` +`log.level` | controller log level, possible values are `info` and `debug` | `info` +`sds.enabled` | If `true`, SDS will be enabled in Envoy | `false` +`sds.udsPath` | Unix Domain Socket Path of the SDS Provider(SPIRE in the current release) | `/run/spire/sockets/agent.sock` +`resources.requests/cpu` | pod CPU request | `100m` +`resources.requests/memory` | pod memory request | `64Mi` +`resources.limits/cpu` | pod CPU limit | `2000m` +`resources.limits/memory` | pod memory limit | `1Gi` +`affinity` | node/pod affinities | None +`nodeSelector` | node labels for pod assignment | `{}` +`podAnnotations` | annotations to add to each pod | `{}` +`podLabels` | labels to add to each pod | `{}` +`tolerations` | list of node taints to tolerate | `[]` +`rbac.create` | if `true`, create and use RBAC resources | `true` +`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` +`serviceAccount.annotations` | optional annotations to add to service account | `{}` +`serviceAccount.create` | If `true`, create a new service account | `true` +`serviceAccount.name` | Service account to be used | None +`sidecar.image.repository` | Envoy image repository. If you override with non-Amazon built Envoy image, you will need to test/ensure it works with the App Mesh | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy` +`sidecar.image.tag` | Envoy image tag | `` +`sidecar.logLevel` | Envoy log level | `info` +`sidecar.envoyAdminAccessPort` | Envoy Admin Access Port | `9901` +`sidecar.envoyAdminAccessLogFile` | Envoy Admin Access Log File | `/tmp/envoy_admin_access.log` +`sidecar.resources.requests` | Envoy container resource requests | `requests: cpu 10m memory 32Mi` +`sidecar.resources.limits` | Envoy container resource limits | `limits: cpu "" memory ""` +`sidecar.lifecycleHooks.preStopDelay` | Envoy container PreStop Hook Delay Value | `20s` +`sidecar.lifecycleHooks.postStartInterval` | Envoy container PostStart Hook Interval Value | `5s` +`sidecar.lifecycleHooks.postStartTimeout` | Envoy container PostStart Hook Timeout Value | `180s` +`sidecar.probes.readinessProbeInitialDelay` | Envoy container Readiness Probe Initial Delay | `1s` +`sidecar.probes.readinessProbePeriod` | Envoy container Readiness Probe Period | `10s` +`sidecar.waitUntilProxyReady` | Enable pod postStart hook to delay application startup until proxy is ready to accept traffic | `false` +`init.image.repository` | Route manager image repository | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager` +`init.image.tag` | Route manager image tag | `` +`stats.tagsEnabled` | If `true`, Envoy should include app-mesh tags | `false` +`stats.statsdEnabled` | If `true`, Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 | `false` +`stats.statsdAddress` | DogStatsD daemon IP address. This will be overridden if `stats.statsdSocketPath` is specified | `127.0.0.1` +`stats.statsdPort` | DogStatsD daemon port. This will be overridden if `stats.statsdSocketPath` is specified | `8125` +`stats.statsdSocketPath` | DogStatsD Unix domain socket path. If statsd is enabled but this value is not specified then we will use combination of as the default | None +`cloudMapCustomHealthCheck.enabled` | If `true`, CustomHealthCheck will be enabled for CloudMap Services | `false` +`cloudMapDNS.ttl` | Sets CloudMap DNS TTL. Will set value for new CloudMap services, but will not update existing CloudMap services. Existing CloudMap services can be updated using the [AWS CloudMap API](https://docs.aws.amazon.com/cloud-map/latest/api/API_UpdateService.html) | `300` +`tracing.enabled` | If `true`, Envoy will be configured with tracing | `false` +`tracing.provider` | The tracing provider can be x-ray, jaeger or datadog | `x-ray` +`tracing.address` | Jaeger or Datadog agent server address (ignored for X-Ray) | `appmesh-jaeger.appmesh-system` +`tracing.port` | Jaeger or Datadog agent port (ignored for X-Ray) | `9411` +`tracing.samplingRate` | X-Ray tracer sampling rate. Value can be a decimal number between 0 and 1.00 (100%) | `0.05` +`tracing.logLevel` | X-Ray agent log level, from most verbose to least: dev, debug, info, prod(default), warn, error. | `prod` +`tracing.role` | X-Ray agent assume the specified IAM role to upload segments to a different account | `None` +`enableCertManager` | Enable Cert-Manager | `false` +`xray.image.repository` | X-Ray image repository | `public.ecr.aws/xray/aws-xray-daemon` +`xray.image.tag` | X-Ray image tag | `latest` +`accountId` | AWS Account ID for the Kubernetes cluster | None +`env` | environment variables to be injected into the appmesh-controller pod | `{}` +`livenessProbe` | Liveness probe settings for the controller | (see `values.yaml`) +`podDisruptionBudget` | PodDisruptionBudget | `{}` +`tlsMinVersion` | Minimum TLS version for the controller webhook server as shown in [here](https://github.com/kubernetes/component-base/blob/master/cli/flag/ciphersuites_flag.go#L114) | `VersionTLS12` +`tlsCipherSuite` | Comma delimited TLS cipher suites for the controller webhook server as shown [here](https://pkg.go.dev/crypto/tls#pkg-constants) | None \ No newline at end of file diff --git a/stable/appmesh-controller/ci/values.yaml b/stable/appmesh-controller/ci/values.yaml new file mode 100644 index 000000000..bed5b88c1 --- /dev/null +++ b/stable/appmesh-controller/ci/values.yaml @@ -0,0 +1,9 @@ +# CI testing values for appmesh-controller + +# This is a dummy account for CI test. Not a valid account ID +accountId: 123456789 +region: us-west-2 +image: + repository: public.ecr.aws/appmesh/appmesh-controller + tag: v1.13.1 + pullPolicy: IfNotPresent diff --git a/stable/appmesh-controller/crds/crds.yaml b/stable/appmesh-controller/crds/crds.yaml new file mode 100644 index 000000000..90537e320 --- /dev/null +++ b/stable/appmesh-controller/crds/crds.yaml @@ -0,0 +1,4155 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: backendgroups.appmesh.k8s.aws +spec: + group: appmesh.k8s.aws + names: + categories: + - all + kind: BackendGroup + listKind: BackendGroupList + plural: backendgroups + singular: backendgroup + scope: Namespaced + versions: + - name: v1beta2 + schema: + openAPIV3Schema: + description: BackendGroup is the Schema for the backendgroups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackendGroupSpec defines the desired state of BackendGroup + properties: + meshRef: + description: "A reference to k8s Mesh CR that this BackendGroup belongs + to. The admission controller populates it using Meshes's selector, + and prevents users from setting this field. \n Populated by the + system. Read-only." + properties: + name: + description: Name is the name of Mesh CR + type: string + uid: + description: UID is the UID of Mesh CR + type: string + required: + - name + - uid + type: object + virtualservices: + description: VirtualServices defines the set of virtual services in + this BackendGroup. + items: + description: VirtualServiceReference holds a reference to VirtualService.appmesh.k8s.aws + properties: + name: + description: Name is the name of VirtualService CR + type: string + namespace: + description: Namespace is the namespace of VirtualService CR. + If unspecified, defaults to the referencing object's namespace + type: string + required: + - name + type: object + type: array + type: object + status: + description: BackendGroupStatus defines the observed state of BackendGroup + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: gatewayroutes.appmesh.k8s.aws +spec: + group: appmesh.k8s.aws + names: + categories: + - all + kind: GatewayRoute + listKind: GatewayRouteList + plural: gatewayroutes + singular: gatewayroute + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The AppMesh GatewayRoute object's Amazon Resource Name + jsonPath: .status.gatewayRouteARN + name: ARN + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: GatewayRoute is the Schema for the gatewayroutes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GatewayRouteSpec defines the desired state of GatewayRoute + refers to https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_gateways.html + properties: + awsName: + description: AWSName is the AppMesh GatewayRoute object's name. If + unspecified or empty, it defaults to be "${name}_${namespace}" of + k8s GatewayRoute + type: string + grpcRoute: + description: An object that represents the specification of a gRPC + gatewayRoute. + properties: + action: + description: An object that represents the action to take if a + match is determined. + properties: + rewrite: + description: GrpcGatewayRouteRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GrpcGatewayRouteRewrite.html + properties: + hostname: + description: GatewayRouteHostnameRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GatewayRouteHostnameRewrite.html + ENABLE or DISABLE default behavior for Hostname rewrite + properties: + defaultTargetHostname: + enum: + - ENABLED + - DISABLED + type: string + type: object + type: object + target: + description: An object that represents the target that traffic + is routed to when a request matches the route. + properties: + port: + description: Specifies the port of the gateway route target + format: int64 + minimum: 0 + type: integer + virtualService: + description: The virtual service to associate with the + gateway route target. + properties: + virtualServiceARN: + description: Amazon Resource Name to AppMesh VirtualService + object to associate with the gateway route virtual + service target. Exactly one of 'virtualServiceRef' + or 'virtualServiceARN' must be specified. + type: string + virtualServiceRef: + description: Reference to Kubernetes VirtualService + CR in cluster to associate with the gateway route + virtual service target. Exactly one of 'virtualServiceRef' + or 'virtualServiceARN' must be specified. + properties: + name: + description: Name is the name of VirtualService + CR + type: string + namespace: + description: Namespace is the namespace of VirtualService + CR. If unspecified, defaults to the referencing + object's namespace + type: string + required: + - name + type: object + type: object + required: + - virtualService + type: object + required: + - target + type: object + match: + description: An object that represents the criteria for determining + a request match. + properties: + hostname: + description: The client specified Hostname to match on. + properties: + exact: + description: The value sent by the client must match the + specified value exactly. + maxLength: 253 + minLength: 1 + type: string + suffix: + description: The value sent by the client must end with + the specified characters. + maxLength: 253 + minLength: 1 + type: string + type: object + metadata: + description: An object that represents the data to match from + the request. + items: + description: GRPCGatewayRouteMetadata refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GrpcGatewayRouteMetadata.html + properties: + invert: + description: Specify True to match anything except the + match criteria. The default value is False. + type: boolean + match: + description: An object that represents the data to match + from the request. + properties: + exact: + description: The value sent by the client must match + the specified value exactly. + maxLength: 255 + minLength: 1 + type: string + prefix: + description: The value sent by the client must begin + with the specified characters. + maxLength: 255 + minLength: 1 + type: string + range: + description: An object that represents the range + of values to match on + properties: + end: + description: The end of the range. + format: int64 + type: integer + start: + description: The start of the range. + format: int64 + type: integer + required: + - end + - start + type: object + regex: + description: The value sent by the client must include + the specified characters. + maxLength: 255 + minLength: 1 + type: string + suffix: + description: The value sent by the client must end + with the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + name: + description: The name of the route. + maxLength: 50 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + port: + description: Specifies the port the request to be matched + on + format: int64 + minimum: 0 + type: integer + serviceName: + description: Either ServiceName or Hostname must be specified. + Both are allowed as well The fully qualified domain name + for the service to match from the request. + type: string + type: object + required: + - action + - match + type: object + http2Route: + description: An object that represents the specification of an HTTP/2 + gatewayRoute. + properties: + action: + description: An object that represents the action to take if a + match is determined. + properties: + rewrite: + description: HTTPGatewayRouteRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRouteRewrite.html + properties: + hostname: + description: GatewayRouteHostnameRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GatewayRouteHostnameRewrite.html + ENABLE or DISABLE default behavior for Hostname rewrite + properties: + defaultTargetHostname: + enum: + - ENABLED + - DISABLED + type: string + type: object + path: + description: GatewayRoutePathRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRoutePathRewrite.html + properties: + exact: + maxLength: 255 + minLength: 1 + type: string + type: object + prefix: + description: GatewayRoutePrefixRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRoutePrefixRewrite.html + properties: + defaultPrefix: + enum: + - ENABLED + - DISABLED + type: string + value: + description: When DefaultPrefix is specified, Value + cannot be set + maxLength: 255 + minLength: 1 + type: string + type: object + type: object + target: + description: An object that represents the target that traffic + is routed to when a request matches the route. + properties: + port: + description: Specifies the port of the gateway route target + format: int64 + minimum: 0 + type: integer + virtualService: + description: The virtual service to associate with the + gateway route target. + properties: + virtualServiceARN: + description: Amazon Resource Name to AppMesh VirtualService + object to associate with the gateway route virtual + service target. Exactly one of 'virtualServiceRef' + or 'virtualServiceARN' must be specified. + type: string + virtualServiceRef: + description: Reference to Kubernetes VirtualService + CR in cluster to associate with the gateway route + virtual service target. Exactly one of 'virtualServiceRef' + or 'virtualServiceARN' must be specified. + properties: + name: + description: Name is the name of VirtualService + CR + type: string + namespace: + description: Namespace is the namespace of VirtualService + CR. If unspecified, defaults to the referencing + object's namespace + type: string + required: + - name + type: object + type: object + required: + - virtualService + type: object + required: + - target + type: object + match: + description: An object that represents the criteria for determining + a request match. + properties: + headers: + description: An object that represents the client request + headers to match on. + items: + description: HTTPGatewayRouteHeader refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRouteHeader.html + properties: + invert: + description: Specify True to match anything except the + match criteria. The default value is False. + type: boolean + match: + description: The HeaderMatchMethod object. + properties: + exact: + description: The value sent by the client must match + the specified value exactly. + maxLength: 255 + minLength: 1 + type: string + prefix: + description: The value sent by the client must begin + with the specified characters. + maxLength: 255 + minLength: 1 + type: string + range: + description: An object that represents the range + of values to match on. + properties: + end: + description: The end of the range. + format: int64 + type: integer + start: + description: The start of the range. + format: int64 + type: integer + required: + - end + - start + type: object + regex: + description: The value sent by the client must include + the specified characters. + maxLength: 255 + minLength: 1 + type: string + suffix: + description: The value sent by the client must end + with the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + name: + description: A name for the HTTP header in the client + request that will be matched on. + maxLength: 50 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + hostname: + description: The client specified Hostname to match on. + properties: + exact: + description: The value sent by the client must match the + specified value exactly. + maxLength: 253 + minLength: 1 + type: string + suffix: + description: The value sent by the client must end with + the specified characters. + maxLength: 253 + minLength: 1 + type: string + type: object + method: + description: The client request method to match on. + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + description: Specified path of the request to be matched on + properties: + exact: + description: The value sent by the client must match the + specified value exactly. + maxLength: 255 + minLength: 1 + type: string + regex: + description: The value sent by the client must end with + the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + port: + description: Specifies the port the request to be matched + on + format: int64 + minimum: 0 + type: integer + prefix: + description: Either Prefix or Hostname must be specified. + Both are allowed as well. Specifies the prefix to match + requests with + type: string + queryParameters: + description: Client specified query parameters to match on + items: + description: HTTPQueryParameters refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpQueryParameter.html + properties: + match: + description: The QueryMatchMethod object. + properties: + exact: + type: string + type: object + name: + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + type: object + required: + - action + - match + type: object + httpRoute: + description: An object that represents the specification of an HTTP + gatewayRoute. + properties: + action: + description: An object that represents the action to take if a + match is determined. + properties: + rewrite: + description: HTTPGatewayRouteRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRouteRewrite.html + properties: + hostname: + description: GatewayRouteHostnameRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GatewayRouteHostnameRewrite.html + ENABLE or DISABLE default behavior for Hostname rewrite + properties: + defaultTargetHostname: + enum: + - ENABLED + - DISABLED + type: string + type: object + path: + description: GatewayRoutePathRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRoutePathRewrite.html + properties: + exact: + maxLength: 255 + minLength: 1 + type: string + type: object + prefix: + description: GatewayRoutePrefixRewrite refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRoutePrefixRewrite.html + properties: + defaultPrefix: + enum: + - ENABLED + - DISABLED + type: string + value: + description: When DefaultPrefix is specified, Value + cannot be set + maxLength: 255 + minLength: 1 + type: string + type: object + type: object + target: + description: An object that represents the target that traffic + is routed to when a request matches the route. + properties: + port: + description: Specifies the port of the gateway route target + format: int64 + minimum: 0 + type: integer + virtualService: + description: The virtual service to associate with the + gateway route target. + properties: + virtualServiceARN: + description: Amazon Resource Name to AppMesh VirtualService + object to associate with the gateway route virtual + service target. Exactly one of 'virtualServiceRef' + or 'virtualServiceARN' must be specified. + type: string + virtualServiceRef: + description: Reference to Kubernetes VirtualService + CR in cluster to associate with the gateway route + virtual service target. Exactly one of 'virtualServiceRef' + or 'virtualServiceARN' must be specified. + properties: + name: + description: Name is the name of VirtualService + CR + type: string + namespace: + description: Namespace is the namespace of VirtualService + CR. If unspecified, defaults to the referencing + object's namespace + type: string + required: + - name + type: object + type: object + required: + - virtualService + type: object + required: + - target + type: object + match: + description: An object that represents the criteria for determining + a request match. + properties: + headers: + description: An object that represents the client request + headers to match on. + items: + description: HTTPGatewayRouteHeader refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpGatewayRouteHeader.html + properties: + invert: + description: Specify True to match anything except the + match criteria. The default value is False. + type: boolean + match: + description: The HeaderMatchMethod object. + properties: + exact: + description: The value sent by the client must match + the specified value exactly. + maxLength: 255 + minLength: 1 + type: string + prefix: + description: The value sent by the client must begin + with the specified characters. + maxLength: 255 + minLength: 1 + type: string + range: + description: An object that represents the range + of values to match on. + properties: + end: + description: The end of the range. + format: int64 + type: integer + start: + description: The start of the range. + format: int64 + type: integer + required: + - end + - start + type: object + regex: + description: The value sent by the client must include + the specified characters. + maxLength: 255 + minLength: 1 + type: string + suffix: + description: The value sent by the client must end + with the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + name: + description: A name for the HTTP header in the client + request that will be matched on. + maxLength: 50 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + hostname: + description: The client specified Hostname to match on. + properties: + exact: + description: The value sent by the client must match the + specified value exactly. + maxLength: 253 + minLength: 1 + type: string + suffix: + description: The value sent by the client must end with + the specified characters. + maxLength: 253 + minLength: 1 + type: string + type: object + method: + description: The client request method to match on. + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + description: Specified path of the request to be matched on + properties: + exact: + description: The value sent by the client must match the + specified value exactly. + maxLength: 255 + minLength: 1 + type: string + regex: + description: The value sent by the client must end with + the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + port: + description: Specifies the port the request to be matched + on + format: int64 + minimum: 0 + type: integer + prefix: + description: Either Prefix or Hostname must be specified. + Both are allowed as well. Specifies the prefix to match + requests with + type: string + queryParameters: + description: Client specified query parameters to match on + items: + description: HTTPQueryParameters refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpQueryParameter.html + properties: + match: + description: The QueryMatchMethod object. + properties: + exact: + type: string + type: object + name: + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + type: object + required: + - action + - match + type: object + meshRef: + description: "A reference to k8s Mesh CR that this GatewayRoute belongs + to. The admission controller populates it using Meshes's selector, + and prevents users from setting this field. \n Populated by the + system. Read-only." + properties: + name: + description: Name is the name of Mesh CR + type: string + uid: + description: UID is the UID of Mesh CR + type: string + required: + - name + - uid + type: object + priority: + description: Priority for the gatewayroute. Default Priority is 1000 + which is lowest priority + format: int64 + maximum: 1000 + minimum: 0 + type: integer + virtualGatewayRef: + description: "A reference to k8s VirtualGateway CR that this GatewayRoute + belongs to. The admission controller populates it using VirtualGateway's + selector, and prevents users from setting this field. \n Populated + by the system. Read-only." + properties: + name: + description: Name is the name of VirtualGateway CR + type: string + namespace: + description: Namespace is the namespace of VirtualGateway CR. + If unspecified, defaults to the referencing object's namespace + type: string + uid: + description: UID is the UID of VirtualGateway CR + type: string + required: + - name + - uid + type: object + type: object + status: + description: GatewayRouteStatus defines the observed state of GatewayRoute + properties: + conditions: + description: The current GatewayRoute status. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of GatewayRoute condition. + type: string + required: + - status + - type + type: object + type: array + gatewayRouteARN: + description: GatewayRouteARN is the AppMesh GatewayRoute object's + Amazon Resource Name + type: string + observedGeneration: + description: The generation observed by the GatewayRoute controller. + format: int64 + type: integer + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: meshes.appmesh.k8s.aws +spec: + group: appmesh.k8s.aws + names: + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The AppMesh Mesh object's Amazon Resource Name + jsonPath: .status.meshARN + name: ARN + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Mesh is the Schema for the meshes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshSpec defines the desired state of Mesh refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_MeshSpec.html + properties: + awsName: + description: AWSName is the AppMesh Mesh object's name. If unspecified + or empty, it defaults to be "${name}" of k8s Mesh + type: string + egressFilter: + description: The egress filter rules for the service mesh. If unspecified, + default settings from AWS API will be applied. Refer to AWS Docs + for default settings. + properties: + type: + description: The egress filter type. + enum: + - ALLOW_ALL + - DROP_ALL + type: string + required: + - type + type: object + meshOwner: + description: The AWS IAM account ID of the service mesh owner. Required + if the account ID is not your own. + type: string + meshServiceDiscovery: + properties: + ipPreference: + description: The ipPreference for the mesh. + enum: + - IPv6_ONLY + - IPv4_ONLY + type: string + type: object + namespaceSelector: + description: "NamespaceSelector selects Namespaces using labels to + designate mesh membership. This field follows standard label selector + semantics: \tif present but empty, it selects all namespaces. \tif + absent, it selects no namespace." + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: object + status: + description: MeshStatus defines the observed state of Mesh + properties: + conditions: + description: The current Mesh status. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of mesh condition. + type: string + required: + - status + - type + type: object + type: array + meshARN: + description: MeshARN is the AppMesh Mesh object's Amazon Resource + Name + type: string + observedGeneration: + description: The generation observed by the Mesh controller. + format: int64 + type: integer + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: virtualgateways.appmesh.k8s.aws +spec: + group: appmesh.k8s.aws + names: + categories: + - all + kind: VirtualGateway + listKind: VirtualGatewayList + plural: virtualgateways + singular: virtualgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The AppMesh VirtualGateway object's Amazon Resource Name + jsonPath: .status.virtualGatewayARN + name: ARN + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: VirtualGateway is the Schema for the virtualgateways API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualGatewaySpec defines the desired state of VirtualGateway + refers to https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_gateways.html + properties: + awsName: + description: AWSName is the AppMesh VirtualGateway object's name. + If unspecified or empty, it defaults to be "${name}_${namespace}" + of k8s VirtualGateway + type: string + backendDefaults: + description: A reference to an object that represents the defaults + for backend GatewayRoutes. + properties: + clientPolicy: + description: A reference to an object that represents a client + policy. + properties: + tls: + description: A reference to an object that represents a Transport + Layer Security (TLS) client policy. + properties: + certificate: + description: A reference to an object that represents + TLS certificate. + properties: + file: + description: An object that represents a TLS cert + via a local file + properties: + certificateChain: + description: The certificate chain for the certificate. + maxLength: 255 + minLength: 1 + type: string + privateKey: + description: The private key for a certificate + stored on the file system of the virtual Gateway. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + - privateKey + type: object + sds: + description: An object that represents a TLS cert + via SDS entry + properties: + secretName: + description: The certificate trust chain for a + certificate issued via SDS cluster + type: string + required: + - secretName + type: object + type: object + enforce: + description: Whether the policy is enforced. If unspecified, + default settings from AWS API will be applied. Refer + to AWS Docs for default settings. + type: boolean + ports: + description: The range of ports that the policy is enforced + for. + items: + format: int64 + maximum: 65535 + minimum: 1 + type: integer + type: array + validation: + description: A reference to an object that represents + a TLS validation context. + properties: + subjectAlternativeNames: + description: Possible alternative names to consider + properties: + match: + description: Match is a required field + properties: + exact: + description: Exact is a required field + items: + type: string + type: array + required: + - exact + type: object + required: + - match + type: object + trust: + description: A reference to an object that represents + a TLS validation context trust + properties: + acm: + description: A reference to an object that represents + a TLS validation context trust for an AWS Certicate + Manager (ACM) certificate. + properties: + certificateAuthorityARNs: + description: One or more ACM Amazon Resource + Name (ARN)s. + items: + type: string + maxItems: 3 + minItems: 1 + type: array + required: + - certificateAuthorityARNs + type: object + file: + description: An object that represents a TLS validation + context trust for a local file. + properties: + certificateChain: + description: The certificate trust chain for + a certificate stored on the file system + of the virtual Gateway. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + type: object + sds: + description: An object that represents a TLS validation + context trust for a SDS certificate + properties: + secretName: + description: The certificate trust chain for + a certificate issued via SDS. + type: string + required: + - secretName + type: object + type: object + required: + - trust + type: object + required: + - validation + type: object + type: object + type: object + gatewayRouteSelector: + description: GatewayRouteSelector selects GatewayRoutes using labels + to designate GatewayRoute membership. If not specified it selects + all GatewayRoutes in that namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + listeners: + description: The listener that the virtual gateway is expected to + receive inbound traffic from + items: + description: VirtualGatewayListener refers to https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_gateways.html + properties: + connectionPool: + description: The connection pool settings for the listener + properties: + grpc: + description: Specifies grpc connection pool settings for + the virtual gateway listener + properties: + maxRequests: + description: Represents the maximum number of inflight + requests that an envoy can concurrently support across + all the hosts in the upstream cluster + format: int64 + minimum: 1 + type: integer + required: + - maxRequests + type: object + http: + description: Specifies http connection pool settings for + the virtual gateway listener + properties: + maxConnections: + description: Represents the maximum number of outbound + TCP connections the envoy can establish concurrently + with all the hosts in the upstream cluster. + format: int64 + minimum: 1 + type: integer + maxPendingRequests: + description: Represents the number of overflowing requests + after max_connections that an envoy will queue to + an upstream cluster. + format: int64 + minimum: 1 + type: integer + required: + - maxConnections + type: object + http2: + description: Specifies http2 connection pool settings for + the virtual gateway listener + properties: + maxRequests: + description: Represents the maximum number of inflight + requests that an envoy can concurrently support across + all the hosts in the upstream cluster + format: int64 + minimum: 1 + type: integer + required: + - maxRequests + type: object + type: object + healthCheck: + description: The health check information for the listener. + properties: + healthyThreshold: + description: The number of consecutive successful health + checks that must occur before declaring listener healthy. + format: int64 + maximum: 10 + minimum: 2 + type: integer + intervalMillis: + description: The time period in milliseconds between each + health check execution. + format: int64 + maximum: 300000 + minimum: 5000 + type: integer + path: + description: The destination path for the health check request. + This value is only used if the specified protocol is http + or http2. For any other protocol, this value is ignored. + type: string + port: + description: The destination port for the health check request. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: The protocol for the health check request + enum: + - grpc + - http + - http2 + type: string + timeoutMillis: + description: The amount of time to wait when receiving a + response from the health check, in milliseconds. + format: int64 + maximum: 60000 + minimum: 2000 + type: integer + unhealthyThreshold: + description: The number of consecutive failed health checks + that must occur before declaring a virtual Gateway unhealthy. + format: int64 + maximum: 10 + minimum: 2 + type: integer + required: + - intervalMillis + - protocol + - timeoutMillis + - unhealthyThreshold + type: object + portMapping: + description: The port mapping information for the listener. + properties: + port: + description: The port used for the port mapping. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: The protocol used for the port mapping. + enum: + - grpc + - http + - http2 + type: string + required: + - port + - protocol + type: object + tls: + description: A reference to an object that represents the Transport + Layer Security (TLS) properties for a listener. + properties: + certificate: + description: A reference to an object that represents a + listener's TLS certificate. + properties: + acm: + description: A reference to an object that represents + an AWS Certificate Manager (ACM) certificate. + properties: + certificateARN: + description: The Amazon Resource Name (ARN) for + the certificate. + type: string + required: + - certificateARN + type: object + file: + description: A reference to an object that represents + a local file certificate. + properties: + certificateChain: + description: The certificate chain for the certificate. + maxLength: 255 + minLength: 1 + type: string + privateKey: + description: The private key for a certificate stored + on the file system of the virtual Gateway. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + - privateKey + type: object + sds: + description: A reference to an object that represents + an SDS issued certificate + properties: + secretName: + description: The certificate trust chain for a certificate + issued via SDS cluster + type: string + required: + - secretName + type: object + type: object + mode: + description: ListenerTLS mode + enum: + - DISABLED + - PERMISSIVE + - STRICT + type: string + validation: + description: A reference to an object that represents Validation + context + properties: + subjectAlternativeNames: + description: Possible alternate names to consider + properties: + match: + description: Match is a required field + properties: + exact: + description: Exact is a required field + items: + type: string + type: array + required: + - exact + type: object + required: + - match + type: object + trust: + properties: + acm: + description: A reference to an object that represents + a TLS validation context trust for an AWS Certicate + Manager (ACM) certificate. + properties: + certificateAuthorityARNs: + description: One or more ACM Amazon Resource + Name (ARN)s. + items: + type: string + maxItems: 3 + minItems: 1 + type: array + required: + - certificateAuthorityARNs + type: object + file: + description: An object that represents a TLS validation + context trust for a local file. + properties: + certificateChain: + description: The certificate trust chain for + a certificate stored on the file system of + the virtual Gateway. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + type: object + sds: + description: An object that represents a TLS validation + context trust for an SDS system + properties: + secretName: + description: The certificate trust chain for + a certificate issued via SDS. + type: string + required: + - secretName + type: object + type: object + required: + - trust + type: object + required: + - certificate + - mode + type: object + required: + - portMapping + type: object + minItems: 0 + type: array + logging: + description: The inbound and outbound access logging information for + the virtual gateway. + properties: + accessLog: + description: The access log configuration for a virtual Gateway. + properties: + file: + description: The file object to send virtual gateway access + logs to. + properties: + format: + description: Structured access log output format + properties: + json: + description: Output specified fields as a JSON object + items: + properties: + key: + description: The name of the field in the JSON + object + minLength: 1 + type: string + value: + description: The format string + minLength: 1 + type: string + required: + - key + - value + type: object + type: array + text: + description: Custom format string + type: string + type: object + path: + description: The file path to write access logs to. + maxLength: 255 + minLength: 1 + type: string + required: + - path + type: object + type: object + type: object + meshRef: + description: "A reference to k8s Mesh CR that this VirtualGateway + belongs to. The admission controller populates it using Meshes's + selector, and prevents users from setting this field. \n Populated + by the system. Read-only." + properties: + name: + description: Name is the name of Mesh CR + type: string + uid: + description: UID is the UID of Mesh CR + type: string + required: + - name + - uid + type: object + namespaceSelector: + description: NamespaceSelector selects Namespaces using labels to + designate GatewayRoute membership. This field follows standard label + selector semantics; if present but empty, it selects all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podSelector: + description: "PodSelector selects Pods using labels to designate VirtualGateway + membership. This field follows standard label selector semantics: + \tif present but empty, it selects all pods within namespace. \tif + absent, it selects no pod." + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: object + status: + description: VirtualGatewayStatus defines the observed state of VirtualGateway + properties: + conditions: + description: The current VirtualGateway status. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of VirtualGateway condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the VirtualGateway controller. + format: int64 + type: integer + virtualGatewayARN: + description: VirtualGatewayARN is the AppMesh VirtualGateway object's + Amazon Resource Name + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: virtualnodes.appmesh.k8s.aws +spec: + group: appmesh.k8s.aws + names: + categories: + - all + kind: VirtualNode + listKind: VirtualNodeList + plural: virtualnodes + singular: virtualnode + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The AppMesh VirtualNode object's Amazon Resource Name + jsonPath: .status.virtualNodeARN + name: ARN + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: VirtualNode is the Schema for the virtualnodes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualNodeSpec defines the desired state of VirtualNode + refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_VirtualNodeSpec.html + properties: + awsName: + description: AWSName is the AppMesh VirtualNode object's name. If + unspecified or empty, it defaults to be "${name}_${namespace}" of + k8s VirtualNode + type: string + backendDefaults: + description: A reference to an object that represents the defaults + for backends. + properties: + clientPolicy: + description: A reference to an object that represents a client + policy. + properties: + tls: + description: A reference to an object that represents a Transport + Layer Security (TLS) client policy. + properties: + certificate: + description: A reference to an object that represents + TLS certificate. + properties: + file: + description: An object that represents a TLS cert + via a local file + properties: + certificateChain: + description: The certificate chain for the certificate. + maxLength: 255 + minLength: 1 + type: string + privateKey: + description: The private key for a certificate + stored on the file system of the virtual node + that the proxy is running on. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + - privateKey + type: object + sds: + description: An object that represents a TLS cert + via SDS entry + properties: + secretName: + description: The certificate trust chain for a + certificate issued via SDS cluster + type: string + required: + - secretName + type: object + type: object + enforce: + description: Whether the policy is enforced. If unspecified, + default settings from AWS API will be applied. Refer + to AWS Docs for default settings. + type: boolean + ports: + description: The range of ports that the policy is enforced + for. + items: + format: int64 + maximum: 65535 + minimum: 1 + type: integer + type: array + validation: + description: A reference to an object that represents + a TLS validation context. + properties: + subjectAlternativeNames: + description: Possible Alternative names to consider + properties: + match: + description: Match is a required field + properties: + exact: + description: Exact is a required field + items: + type: string + type: array + required: + - exact + type: object + required: + - match + type: object + trust: + description: A reference to an object that represents + a TLS validation context trust + properties: + acm: + description: A reference to an object that represents + a TLS validation context trust for an AWS Certicate + Manager (ACM) certificate. + properties: + certificateAuthorityARNs: + description: One or more ACM Amazon Resource + Name (ARN)s. + items: + type: string + maxItems: 3 + minItems: 1 + type: array + required: + - certificateAuthorityARNs + type: object + file: + description: An object that represents a TLS validation + context trust for a local file. + properties: + certificateChain: + description: The certificate trust chain for + a certificate stored on the file system + of the virtual node that the proxy is running + on. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + type: object + sds: + description: An object that represents a TLS validation + context trust for a SDS. + properties: + secretName: + description: The certificate trust chain for + a certificate obtained via SDS + type: string + required: + - secretName + type: object + type: object + required: + - trust + type: object + required: + - validation + type: object + type: object + type: object + backendGroups: + description: BackendGroups that define a set of backends the virtual + node is expected to send outbound traffic to. + items: + description: BackendGroupReference holds a reference to BackendGroup.appmesh.k8s.aws + properties: + name: + description: Name is the name of BackendGroup CR + type: string + namespace: + description: Namespace is the namespace of BackendGroup CR. + If unspecified, defaults to the referencing object's namespace + type: string + required: + - name + type: object + type: array + backends: + description: The backends that the virtual node is expected to send + outbound traffic to. + items: + description: Backend refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_Backend.html + properties: + virtualService: + description: Specifies a virtual service to use as a backend + for a virtual node. + properties: + clientPolicy: + description: A reference to an object that represents the + client policy for a backend. + properties: + tls: + description: A reference to an object that represents + a Transport Layer Security (TLS) client policy. + properties: + certificate: + description: A reference to an object that represents + TLS certificate. + properties: + file: + description: An object that represents a TLS + cert via a local file + properties: + certificateChain: + description: The certificate chain for the + certificate. + maxLength: 255 + minLength: 1 + type: string + privateKey: + description: The private key for a certificate + stored on the file system of the virtual + node that the proxy is running on. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + - privateKey + type: object + sds: + description: An object that represents a TLS + cert via SDS entry + properties: + secretName: + description: The certificate trust chain + for a certificate issued via SDS cluster + type: string + required: + - secretName + type: object + type: object + enforce: + description: Whether the policy is enforced. If + unspecified, default settings from AWS API will + be applied. Refer to AWS Docs for default settings. + type: boolean + ports: + description: The range of ports that the policy + is enforced for. + items: + format: int64 + maximum: 65535 + minimum: 1 + type: integer + type: array + validation: + description: A reference to an object that represents + a TLS validation context. + properties: + subjectAlternativeNames: + description: Possible Alternative names to consider + properties: + match: + description: Match is a required field + properties: + exact: + description: Exact is a required field + items: + type: string + type: array + required: + - exact + type: object + required: + - match + type: object + trust: + description: A reference to an object that represents + a TLS validation context trust + properties: + acm: + description: A reference to an object that + represents a TLS validation context trust + for an AWS Certicate Manager (ACM) certificate. + properties: + certificateAuthorityARNs: + description: One or more ACM Amazon + Resource Name (ARN)s. + items: + type: string + maxItems: 3 + minItems: 1 + type: array + required: + - certificateAuthorityARNs + type: object + file: + description: An object that represents a + TLS validation context trust for a local + file. + properties: + certificateChain: + description: The certificate trust chain + for a certificate stored on the file + system of the virtual node that the + proxy is running on. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + type: object + sds: + description: An object that represents a + TLS validation context trust for a SDS. + properties: + secretName: + description: The certificate trust chain + for a certificate obtained via SDS + type: string + required: + - secretName + type: object + type: object + required: + - trust + type: object + required: + - validation + type: object + type: object + virtualServiceARN: + description: Amazon Resource Name to AppMesh VirtualService + object that is acting as a virtual node backend. Exactly + one of 'virtualServiceRef' or 'virtualServiceARN' must + be specified. + type: string + virtualServiceRef: + description: Reference to Kubernetes VirtualService CR in + cluster that is acting as a virtual node backend. Exactly + one of 'virtualServiceRef' or 'virtualServiceARN' must + be specified. + properties: + name: + description: Name is the name of VirtualService CR + type: string + namespace: + description: Namespace is the namespace of VirtualService + CR. If unspecified, defaults to the referencing object's + namespace + type: string + required: + - name + type: object + type: object + required: + - virtualService + type: object + type: array + listeners: + description: The listener that the virtual node is expected to receive + inbound traffic from + items: + description: Listener refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_Listener.html + properties: + connectionPool: + description: The connection pool settings for the listener + properties: + grpc: + description: Specifies grpc connection pool settings for + the virtual node listener + properties: + maxRequests: + description: Represents the maximum number of inflight + requests that an envoy can concurrently support across + all the hosts in the upstream cluster + format: int64 + minimum: 1 + type: integer + required: + - maxRequests + type: object + http: + description: Specifies http connection pool settings for + the virtual node listener + properties: + maxConnections: + description: Represents the maximum number of outbound + TCP connections the envoy can establish concurrently + with all the hosts in the upstream cluster. + format: int64 + minimum: 1 + type: integer + maxPendingRequests: + description: Represents the number of overflowing requests + after max_connections that an envoy will queue to + an upstream cluster. + format: int64 + minimum: 1 + type: integer + required: + - maxConnections + type: object + http2: + description: Specifies http2 connection pool settings for + the virtual node listener + properties: + maxRequests: + description: Represents the maximum number of inflight + requests that an envoy can concurrently support across + all the hosts in the upstream cluster + format: int64 + minimum: 1 + type: integer + required: + - maxRequests + type: object + tcp: + description: Specifies tcp connection pool settings for + the virtual node listener + properties: + maxConnections: + description: Represents the maximum number of outbound + TCP connections the envoy can establish concurrently + with all the hosts in the upstream cluster. + format: int64 + minimum: 1 + type: integer + required: + - maxConnections + type: object + type: object + healthCheck: + description: The health check information for the listener. + properties: + healthyThreshold: + description: The number of consecutive successful health + checks that must occur before declaring listener healthy. + format: int64 + maximum: 10 + minimum: 2 + type: integer + intervalMillis: + description: The time period in milliseconds between each + health check execution. + format: int64 + maximum: 300000 + minimum: 5000 + type: integer + path: + description: The destination path for the health check request. + This value is only used if the specified protocol is http + or http2. For any other protocol, this value is ignored. + type: string + port: + description: The destination port for the health check request. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: The protocol for the health check request + enum: + - grpc + - http + - http2 + - tcp + type: string + timeoutMillis: + description: The amount of time to wait when receiving a + response from the health check, in milliseconds. + format: int64 + maximum: 60000 + minimum: 2000 + type: integer + unhealthyThreshold: + description: The number of consecutive failed health checks + that must occur before declaring a virtual node unhealthy. + format: int64 + maximum: 10 + minimum: 2 + type: integer + required: + - healthyThreshold + - intervalMillis + - protocol + - timeoutMillis + - unhealthyThreshold + type: object + outlierDetection: + description: The outlier detection for the listener + properties: + baseEjectionDuration: + description: The base time that a host is ejected for. The + real time is equal to the base time multiplied by the + number of times the host has been ejected + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections as well + as hosts being returned to service + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + maxEjectionPercent: + description: The threshold for the max percentage of outlier + hosts that can be ejected from the load balancing set. + maxEjectionPercent=100 means outlier detection can potentially + eject all of the hosts from the upstream service if they + are all considered outliers, leaving the load balancing + set with zero hosts + format: int64 + maximum: 100 + minimum: 0 + type: integer + maxServerErrors: + description: The threshold for the number of server errors + returned by a given host during an outlier detection interval. + If the server error count meets/exceeds this threshold + the host is ejected. A server error is defined as any + HTTP 5xx response (or the equivalent for gRPC and TCP + connections) + format: int64 + minimum: 1 + type: integer + required: + - baseEjectionDuration + - interval + - maxEjectionPercent + - maxServerErrors + type: object + portMapping: + description: The port mapping information for the listener. + properties: + port: + description: The port used for the port mapping. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: The protocol used for the port mapping. + enum: + - grpc + - http + - http2 + - tcp + type: string + required: + - port + - protocol + type: object + timeout: + description: A reference to an object that represents + properties: + grpc: + description: Specifies grpc timeout information for the + virtual node. + properties: + idle: + description: An object that represents idle timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + perRequest: + description: An object that represents per request timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + type: object + http: + description: Specifies http timeout information for the + virtual node. + properties: + idle: + description: An object that represents idle timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + perRequest: + description: An object that represents per request timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + type: object + http2: + description: Specifies http2 information for the virtual + node. + properties: + idle: + description: An object that represents idle timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + perRequest: + description: An object that represents per request timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + type: object + tcp: + description: Specifies tcp timeout information for the virtual + node. + properties: + idle: + description: An object that represents idle timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + type: object + type: object + tls: + description: A reference to an object that represents the Transport + Layer Security (TLS) properties for a listener. + properties: + certificate: + description: A reference to an object that represents a + listener's TLS certificate. + properties: + acm: + description: A reference to an object that represents + an AWS Certificate Manager (ACM) certificate. + properties: + certificateARN: + description: The Amazon Resource Name (ARN) for + the certificate. + type: string + required: + - certificateARN + type: object + file: + description: A reference to an object that represents + a local file certificate. + properties: + certificateChain: + description: The certificate chain for the certificate. + maxLength: 255 + minLength: 1 + type: string + privateKey: + description: The private key for a certificate stored + on the file system of the virtual node that the + proxy is running on. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + - privateKey + type: object + sds: + description: A reference to an object that represents + an SDS certificate. + properties: + secretName: + description: The certificate trust chain for a certificate + issued via SDS cluster + type: string + required: + - secretName + type: object + type: object + mode: + description: ListenerTLS mode + enum: + - DISABLED + - PERMISSIVE + - STRICT + type: string + validation: + description: A reference to an object that represents an + SDS Trust Domain + properties: + subjectAlternativeNames: + description: Possible alternative names to consider + properties: + match: + description: Match is a required field + properties: + exact: + description: Exact is a required field + items: + type: string + type: array + required: + - exact + type: object + required: + - match + type: object + trust: + properties: + file: + description: An object that represents a TLS validation + context trust for a local file. + properties: + certificateChain: + description: The certificate trust chain for + a certificate stored on the file system of + the virtual node that the proxy is running + on. + maxLength: 255 + minLength: 1 + type: string + required: + - certificateChain + type: object + sds: + description: An object that represents a TLS validation + context trust for an SDS server + properties: + secretName: + description: The certificate trust chain for + a certificate obtained via SDS + type: string + required: + - secretName + type: object + type: object + required: + - trust + type: object + required: + - certificate + - mode + type: object + required: + - portMapping + type: object + minItems: 0 + type: array + logging: + description: The inbound and outbound access logging information for + the virtual node. + properties: + accessLog: + description: The access log configuration for a virtual node. + properties: + file: + description: The file object to send virtual node access logs + to. + properties: + format: + description: Structured access log output format + properties: + json: + description: Output specified fields as a JSON object + items: + properties: + key: + description: The name of the field in the JSON + object + minLength: 1 + type: string + value: + description: The format string + minLength: 1 + type: string + required: + - key + - value + type: object + type: array + text: + description: Custom format string + type: string + type: object + path: + description: The file path to write access logs to. + maxLength: 255 + minLength: 1 + type: string + required: + - path + type: object + type: object + type: object + meshRef: + description: "A reference to k8s Mesh CR that this VirtualNode belongs + to. The admission controller populates it using Meshes's selector, + and prevents users from setting this field. \n Populated by the + system. Read-only." + properties: + name: + description: Name is the name of Mesh CR + type: string + uid: + description: UID is the UID of Mesh CR + type: string + required: + - name + - uid + type: object + podSelector: + description: "PodSelector selects Pods using labels to designate VirtualNode + membership. This field follows standard label selector semantics: + \tif present but empty, it selects all pods within namespace. \tif + absent, it selects no pod." + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceDiscovery: + description: The service discovery information for the virtual node. + Optional if there is no inbound traffic(no listeners). Mandatory + if a listener is specified. + properties: + awsCloudMap: + description: Specifies any AWS Cloud Map information for the virtual + node. + properties: + attributes: + description: A string map that contains attributes with values + that you can use to filter instances by any custom attribute + that you specified when you registered the instance + items: + description: AWSCloudMapInstanceAttribute refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_AwsCloudMapInstanceAttribute.html + properties: + key: + description: The name of an AWS Cloud Map service instance + attribute key. + maxLength: 255 + minLength: 1 + type: string + value: + description: The value of an AWS Cloud Map service instance + attribute key. + maxLength: 1024 + minLength: 1 + type: string + required: + - key + - value + type: object + type: array + namespaceName: + description: The name of the AWS Cloud Map namespace to use. + maxLength: 1024 + minLength: 1 + type: string + serviceName: + description: The name of the AWS Cloud Map service to use. + maxLength: 1024 + minLength: 1 + type: string + required: + - namespaceName + - serviceName + type: object + dns: + description: Specifies the DNS information for the virtual node. + properties: + hostname: + description: Specifies the DNS service discovery hostname + for the virtual node. + type: string + responseType: + description: Choose between ENDPOINTS (strict DNS) and LOADBALANCER + (logical DNS) mode in Envoy sidecar + enum: + - ENDPOINTS + - LOADBALANCER + type: string + required: + - hostname + type: object + type: object + type: object + status: + description: VirtualNodeStatus defines the observed state of VirtualNode + properties: + conditions: + description: The current VirtualNode status. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of VirtualNode condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the VirtualNode controller. + format: int64 + type: integer + virtualNodeARN: + description: VirtualNodeARN is the AppMesh VirtualNode object's Amazon + Resource Name + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: virtualrouters.appmesh.k8s.aws +spec: + group: appmesh.k8s.aws + names: + categories: + - all + kind: VirtualRouter + listKind: VirtualRouterList + plural: virtualrouters + singular: virtualrouter + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The AppMesh VirtualRouter object's Amazon Resource Name + jsonPath: .status.virtualRouterARN + name: ARN + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: VirtualRouter is the Schema for the virtualrouters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualRouterSpec defines the desired state of VirtualRouter + refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_VirtualRouterSpec.html + properties: + awsName: + description: AWSName is the AppMesh VirtualRouter object's name. If + unspecified or empty, it defaults to be "${name}_${namespace}" of + k8s VirtualRouter + type: string + listeners: + description: The listeners that the virtual router is expected to + receive inbound traffic from + items: + description: VirtualRouterListener refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_VirtualRouterListener.html + properties: + portMapping: + description: The port mapping information for the listener. + properties: + port: + description: The port used for the port mapping. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: The protocol used for the port mapping. + enum: + - grpc + - http + - http2 + - tcp + type: string + required: + - port + - protocol + type: object + required: + - portMapping + type: object + minItems: 1 + type: array + meshRef: + description: "A reference to k8s Mesh CR that this VirtualRouter belongs + to. The admission controller populates it using Meshes's selector, + and prevents users from setting this field. \n Populated by the + system. Read-only." + properties: + name: + description: Name is the name of Mesh CR + type: string + uid: + description: UID is the UID of Mesh CR + type: string + required: + - name + - uid + type: object + routes: + description: The routes associated with VirtualRouter + items: + description: Route refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_RouteSpec.html + properties: + grpcRoute: + description: An object that represents the specification of + a gRPC route. + properties: + action: + description: An object that represents the action to take + if a match is determined. + properties: + weightedTargets: + description: An object that represents the targets that + traffic is routed to when a request matches the route. + items: + description: WeightedTarget refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_WeightedTarget.html + properties: + port: + description: Specifies the targeted port of the + weighted object + format: int64 + minimum: 0 + type: integer + virtualNodeARN: + description: Amazon Resource Name to AppMesh VirtualNode + object to associate with the weighted target. + Exactly one of 'virtualNodeRef' or 'virtualNodeARN' + must be specified. + type: string + virtualNodeRef: + description: Reference to Kubernetes VirtualNode + CR in cluster to associate with the weighted + target. Exactly one of 'virtualNodeRef' or 'virtualNodeARN' + must be specified. + properties: + name: + description: Name is the name of VirtualNode + CR + type: string + namespace: + description: Namespace is the namespace of + VirtualNode CR. If unspecified, defaults + to the referencing object's namespace + type: string + required: + - name + type: object + weight: + description: The relative weight of the weighted + target. + format: int64 + maximum: 100 + minimum: 0 + type: integer + required: + - weight + type: object + maxItems: 10 + minItems: 1 + type: array + required: + - weightedTargets + type: object + match: + description: An object that represents the criteria for + determining a request match. + properties: + metadata: + description: An object that represents the data to match + from the request. + items: + description: GRPCRouteMetadata refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_GrpcRouteMetadata.html + properties: + invert: + description: Specify True to match anything except + the match criteria. The default value is False. + type: boolean + match: + description: An object that represents the data + to match from the request. + properties: + exact: + description: The value sent by the client + must match the specified value exactly. + maxLength: 255 + minLength: 1 + type: string + prefix: + description: The value sent by the client + must begin with the specified characters. + maxLength: 255 + minLength: 1 + type: string + range: + description: An object that represents the + range of values to match on + properties: + end: + description: The end of the range. + format: int64 + type: integer + start: + description: The start of the range. + format: int64 + type: integer + required: + - end + - start + type: object + regex: + description: The value sent by the client + must include the specified characters. + maxLength: 255 + minLength: 1 + type: string + suffix: + description: The value sent by the client + must end with the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + name: + description: The name of the route. + maxLength: 50 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + methodName: + description: The method name to match from the request. + If you specify a name, you must also specify a serviceName. + maxLength: 50 + minLength: 1 + type: string + port: + description: Specifies the port to match requests with + format: int64 + minimum: 0 + type: integer + serviceName: + description: The fully qualified domain name for the + service to match from the request. + type: string + type: object + retryPolicy: + description: An object that represents a retry policy. + properties: + grpcRetryEvents: + items: + enum: + - cancelled + - deadline-exceeded + - internal + - resource-exhausted + - unavailable + type: string + maxItems: 5 + minItems: 1 + type: array + httpRetryEvents: + items: + enum: + - server-error + - gateway-error + - client-error + - stream-error + type: string + maxItems: 25 + minItems: 1 + type: array + maxRetries: + description: The maximum number of retry attempts. + format: int64 + minimum: 0 + type: integer + perRetryTimeout: + description: An object that represents a duration of + time. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + tcpRetryEvents: + items: + enum: + - connection-error + type: string + maxItems: 1 + minItems: 1 + type: array + required: + - maxRetries + - perRetryTimeout + type: object + timeout: + description: An object that represents a grpc timeout. + properties: + idle: + description: An object that represents idle timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + perRequest: + description: An object that represents per request timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + type: object + required: + - action + - match + type: object + http2Route: + description: An object that represents the specification of + an HTTP/2 route. + properties: + action: + description: An object that represents the action to take + if a match is determined. + properties: + weightedTargets: + description: An object that represents the targets that + traffic is routed to when a request matches the route. + items: + description: WeightedTarget refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_WeightedTarget.html + properties: + port: + description: Specifies the targeted port of the + weighted object + format: int64 + minimum: 0 + type: integer + virtualNodeARN: + description: Amazon Resource Name to AppMesh VirtualNode + object to associate with the weighted target. + Exactly one of 'virtualNodeRef' or 'virtualNodeARN' + must be specified. + type: string + virtualNodeRef: + description: Reference to Kubernetes VirtualNode + CR in cluster to associate with the weighted + target. Exactly one of 'virtualNodeRef' or 'virtualNodeARN' + must be specified. + properties: + name: + description: Name is the name of VirtualNode + CR + type: string + namespace: + description: Namespace is the namespace of + VirtualNode CR. If unspecified, defaults + to the referencing object's namespace + type: string + required: + - name + type: object + weight: + description: The relative weight of the weighted + target. + format: int64 + maximum: 100 + minimum: 0 + type: integer + required: + - weight + type: object + maxItems: 10 + minItems: 1 + type: array + required: + - weightedTargets + type: object + match: + description: An object that represents the criteria for + determining a request match. + properties: + headers: + description: An object that represents the client request + headers to match on. + items: + description: HTTPRouteHeader refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpRouteHeader.html + properties: + invert: + description: Specify True to match anything except + the match criteria. The default value is False. + type: boolean + match: + description: The HeaderMatchMethod object. + properties: + exact: + description: The value sent by the client + must match the specified value exactly. + maxLength: 255 + minLength: 1 + type: string + prefix: + description: The value sent by the client + must begin with the specified characters. + maxLength: 255 + minLength: 1 + type: string + range: + description: An object that represents the + range of values to match on. + properties: + end: + description: The end of the range. + format: int64 + type: integer + start: + description: The start of the range. + format: int64 + type: integer + required: + - end + - start + type: object + regex: + description: The value sent by the client + must include the specified characters. + maxLength: 255 + minLength: 1 + type: string + suffix: + description: The value sent by the client + must end with the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + name: + description: A name for the HTTP header in the + client request that will be matched on. + maxLength: 50 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + method: + description: The client request method to match on. + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + description: The client specified Path to match on. + properties: + exact: + description: The value sent by the client must match + the specified value exactly. + maxLength: 255 + minLength: 1 + type: string + regex: + description: The value sent by the client must end + with the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + port: + description: Specifies the port to match requests with + format: int64 + minimum: 0 + type: integer + prefix: + description: Specifies the prefix to match requests + with + type: string + queryParameters: + description: The client specified queryParameters to + match on + items: + description: HTTPQueryParameters refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpQueryParameter.html + properties: + match: + description: The QueryMatchMethod object. + properties: + exact: + type: string + type: object + name: + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + scheme: + description: The client request scheme to match on + enum: + - http + - https + type: string + type: object + retryPolicy: + description: An object that represents a retry policy. + properties: + httpRetryEvents: + items: + enum: + - server-error + - gateway-error + - client-error + - stream-error + type: string + maxItems: 25 + minItems: 1 + type: array + maxRetries: + description: The maximum number of retry attempts. + format: int64 + minimum: 0 + type: integer + perRetryTimeout: + description: An object that represents a duration of + time + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + tcpRetryEvents: + items: + enum: + - connection-error + type: string + maxItems: 1 + minItems: 1 + type: array + required: + - maxRetries + - perRetryTimeout + type: object + timeout: + description: An object that represents a http timeout. + properties: + idle: + description: An object that represents idle timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + perRequest: + description: An object that represents per request timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + type: object + required: + - action + - match + type: object + httpRoute: + description: An object that represents the specification of + an HTTP route. + properties: + action: + description: An object that represents the action to take + if a match is determined. + properties: + weightedTargets: + description: An object that represents the targets that + traffic is routed to when a request matches the route. + items: + description: WeightedTarget refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_WeightedTarget.html + properties: + port: + description: Specifies the targeted port of the + weighted object + format: int64 + minimum: 0 + type: integer + virtualNodeARN: + description: Amazon Resource Name to AppMesh VirtualNode + object to associate with the weighted target. + Exactly one of 'virtualNodeRef' or 'virtualNodeARN' + must be specified. + type: string + virtualNodeRef: + description: Reference to Kubernetes VirtualNode + CR in cluster to associate with the weighted + target. Exactly one of 'virtualNodeRef' or 'virtualNodeARN' + must be specified. + properties: + name: + description: Name is the name of VirtualNode + CR + type: string + namespace: + description: Namespace is the namespace of + VirtualNode CR. If unspecified, defaults + to the referencing object's namespace + type: string + required: + - name + type: object + weight: + description: The relative weight of the weighted + target. + format: int64 + maximum: 100 + minimum: 0 + type: integer + required: + - weight + type: object + maxItems: 10 + minItems: 1 + type: array + required: + - weightedTargets + type: object + match: + description: An object that represents the criteria for + determining a request match. + properties: + headers: + description: An object that represents the client request + headers to match on. + items: + description: HTTPRouteHeader refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpRouteHeader.html + properties: + invert: + description: Specify True to match anything except + the match criteria. The default value is False. + type: boolean + match: + description: The HeaderMatchMethod object. + properties: + exact: + description: The value sent by the client + must match the specified value exactly. + maxLength: 255 + minLength: 1 + type: string + prefix: + description: The value sent by the client + must begin with the specified characters. + maxLength: 255 + minLength: 1 + type: string + range: + description: An object that represents the + range of values to match on. + properties: + end: + description: The end of the range. + format: int64 + type: integer + start: + description: The start of the range. + format: int64 + type: integer + required: + - end + - start + type: object + regex: + description: The value sent by the client + must include the specified characters. + maxLength: 255 + minLength: 1 + type: string + suffix: + description: The value sent by the client + must end with the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + name: + description: A name for the HTTP header in the + client request that will be matched on. + maxLength: 50 + minLength: 1 + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + method: + description: The client request method to match on. + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + description: The client specified Path to match on. + properties: + exact: + description: The value sent by the client must match + the specified value exactly. + maxLength: 255 + minLength: 1 + type: string + regex: + description: The value sent by the client must end + with the specified characters. + maxLength: 255 + minLength: 1 + type: string + type: object + port: + description: Specifies the port to match requests with + format: int64 + minimum: 0 + type: integer + prefix: + description: Specifies the prefix to match requests + with + type: string + queryParameters: + description: The client specified queryParameters to + match on + items: + description: HTTPQueryParameters refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_HttpQueryParameter.html + properties: + match: + description: The QueryMatchMethod object. + properties: + exact: + type: string + type: object + name: + type: string + required: + - name + type: object + maxItems: 10 + minItems: 1 + type: array + scheme: + description: The client request scheme to match on + enum: + - http + - https + type: string + type: object + retryPolicy: + description: An object that represents a retry policy. + properties: + httpRetryEvents: + items: + enum: + - server-error + - gateway-error + - client-error + - stream-error + type: string + maxItems: 25 + minItems: 1 + type: array + maxRetries: + description: The maximum number of retry attempts. + format: int64 + minimum: 0 + type: integer + perRetryTimeout: + description: An object that represents a duration of + time + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + tcpRetryEvents: + items: + enum: + - connection-error + type: string + maxItems: 1 + minItems: 1 + type: array + required: + - maxRetries + - perRetryTimeout + type: object + timeout: + description: An object that represents a http timeout. + properties: + idle: + description: An object that represents idle timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + perRequest: + description: An object that represents per request timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + type: object + required: + - action + - match + type: object + name: + description: Route's name + type: string + priority: + description: The priority for the route. + format: int64 + maximum: 1000 + minimum: 0 + type: integer + tcpRoute: + description: An object that represents the specification of + a TCP route. + properties: + action: + description: The action to take if a match is determined. + properties: + weightedTargets: + description: An object that represents the targets that + traffic is routed to when a request matches the route. + items: + description: WeightedTarget refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_WeightedTarget.html + properties: + port: + description: Specifies the targeted port of the + weighted object + format: int64 + minimum: 0 + type: integer + virtualNodeARN: + description: Amazon Resource Name to AppMesh VirtualNode + object to associate with the weighted target. + Exactly one of 'virtualNodeRef' or 'virtualNodeARN' + must be specified. + type: string + virtualNodeRef: + description: Reference to Kubernetes VirtualNode + CR in cluster to associate with the weighted + target. Exactly one of 'virtualNodeRef' or 'virtualNodeARN' + must be specified. + properties: + name: + description: Name is the name of VirtualNode + CR + type: string + namespace: + description: Namespace is the namespace of + VirtualNode CR. If unspecified, defaults + to the referencing object's namespace + type: string + required: + - name + type: object + weight: + description: The relative weight of the weighted + target. + format: int64 + maximum: 100 + minimum: 0 + type: integer + required: + - weight + type: object + maxItems: 10 + minItems: 1 + type: array + required: + - weightedTargets + type: object + match: + description: An object that represents the criteria for + determining a request match. + properties: + port: + description: Specifies the port to match requests with + format: int64 + minimum: 0 + type: integer + type: object + timeout: + description: An object that represents a tcp timeout. + properties: + idle: + description: An object that represents idle timeout + duration. + properties: + unit: + description: A unit of time. + enum: + - s + - ms + type: string + value: + description: A number of time units. + format: int64 + minimum: 0 + type: integer + required: + - unit + - value + type: object + type: object + required: + - action + type: object + required: + - name + type: object + type: array + type: object + status: + description: VirtualRouterStatus defines the observed state of VirtualRouter + properties: + conditions: + description: The current VirtualRouter status. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of VirtualRouter condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the VirtualRouter controller. + format: int64 + type: integer + routeARNs: + additionalProperties: + type: string + description: RouteARNs is a map of AppMesh Route objects' Amazon Resource + Names, indexed by route name. + type: object + virtualRouterARN: + description: VirtualRouterARN is the AppMesh VirtualRouter object's + Amazon Resource Name. + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: virtualservices.appmesh.k8s.aws +spec: + group: appmesh.k8s.aws + names: + categories: + - all + kind: VirtualService + listKind: VirtualServiceList + plural: virtualservices + singular: virtualservice + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The AppMesh VirtualService object's Amazon Resource Name + jsonPath: .status.virtualServiceARN + name: ARN + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: VirtualService is the Schema for the virtualservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualServiceSpec defines the desired state of VirtualService + refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_VirtualServiceSpec.html + properties: + awsName: + description: AWSName is the AppMesh VirtualService object's name. + If unspecified or empty, it defaults to be "${name}.${namespace}" + of k8s VirtualService + type: string + meshRef: + description: "A reference to k8s Mesh CR that this VirtualService + belongs to. The admission controller populates it using Meshes's + selector, and prevents users from setting this field. \n Populated + by the system. Read-only." + properties: + name: + description: Name is the name of Mesh CR + type: string + uid: + description: UID is the UID of Mesh CR + type: string + required: + - name + - uid + type: object + provider: + description: The provider for virtual services. You can specify a + single virtual node or virtual router. + properties: + virtualNode: + description: The virtual node associated with a virtual service. + properties: + virtualNodeARN: + description: Amazon Resource Name to AppMesh VirtualNode object + that is acting as a service provider. Exactly one of 'virtualNodeRef' + or 'virtualNodeARN' must be specified. + type: string + virtualNodeRef: + description: Reference to Kubernetes VirtualNode CR in cluster + that is acting as a service provider. Exactly one of 'virtualNodeRef' + or 'virtualNodeARN' must be specified. + properties: + name: + description: Name is the name of VirtualNode CR + type: string + namespace: + description: Namespace is the namespace of VirtualNode + CR. If unspecified, defaults to the referencing object's + namespace + type: string + required: + - name + type: object + type: object + virtualRouter: + description: The virtual router associated with a virtual service. + properties: + virtualRouterARN: + description: Amazon Resource Name to AppMesh VirtualRouter + object that is acting as a service provider. Exactly one + of 'virtualRouterRef' or 'virtualRouterARN' must be specified. + type: string + virtualRouterRef: + description: Reference to Kubernetes VirtualRouter CR in cluster + that is acting as a service provider. Exactly one of 'virtualRouterRef' + or 'virtualRouterARN' must be specified. + properties: + name: + description: Name is the name of VirtualRouter CR + type: string + namespace: + description: Namespace is the namespace of VirtualRouter + CR. If unspecified, defaults to the referencing object's + namespace + type: string + required: + - name + type: object + type: object + type: object + type: object + status: + description: VirtualServiceStatus defines the observed state of VirtualService + properties: + conditions: + description: The current VirtualService status. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of VirtualService condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the VirtualService controller. + format: int64 + type: integer + virtualServiceARN: + description: VirtualServiceARN is the AppMesh VirtualService object's + Amazon Resource Name. + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/appmesh-controller/crds/kustomization.yaml b/stable/appmesh-controller/crds/kustomization.yaml new file mode 100644 index 000000000..3f1d1cbba --- /dev/null +++ b/stable/appmesh-controller/crds/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- crds.yaml diff --git a/stable/appmesh-controller/templates/NOTES.txt b/stable/appmesh-controller/templates/NOTES.txt new file mode 100644 index 000000000..b4c61735a --- /dev/null +++ b/stable/appmesh-controller/templates/NOTES.txt @@ -0,0 +1 @@ +AWS App Mesh controller installed! diff --git a/stable/appmesh-controller/templates/_helpers.tpl b/stable/appmesh-controller/templates/_helpers.tpl new file mode 100644 index 000000000..be1ffd687 --- /dev/null +++ b/stable/appmesh-controller/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "appmesh-controller.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "appmesh-controller.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "appmesh-controller.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "appmesh-controller.labels" -}} +app.kubernetes.io/name: {{ include "appmesh-controller.name" . }} +helm.sh/chart: {{ include "appmesh-controller.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "appmesh-controller.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "appmesh-controller.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Generate certificates for webhook +*/}} +{{- define "appmesh-controller.gen-certs" -}} +{{- $fullName := ( include "appmesh-controller.fullname" . ) -}} +{{- $altNames := list ( printf "%s-%s.%s" $fullName "webhook-service" .Release.Namespace ) ( printf "%s-%s.%s.svc" $fullName "webhook-service" .Release.Namespace ) -}} +{{- $ca := genCA "appmesh-controller-ca" 3650 -}} +{{- $cert := genSignedCert ( include "appmesh-controller.fullname" . ) nil $altNames 3650 $ca -}} +caCert: {{ $ca.Cert | b64enc }} +clientCert: {{ $cert.Cert | b64enc }} +clientKey: {{ $cert.Key | b64enc }} +{{- end -}} diff --git a/stable/appmesh-controller/templates/deployment.yaml b/stable/appmesh-controller/templates/deployment.yaml new file mode 100644 index 000000000..ab46d793d --- /dev/null +++ b/stable/appmesh-controller/templates/deployment.yaml @@ -0,0 +1,152 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "appmesh-controller.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + control-plane: {{ template "appmesh-controller.fullname" . }} +{{ include "appmesh-controller.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + control-plane: {{ template "appmesh-controller.fullname" . }} + {{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 6 }} + {{- end }} + template: + metadata: + labels: + control-plane: {{ template "appmesh-controller.fullname" . }} + app.kubernetes.io/name: {{ include "appmesh-controller.fullname" . }} + app.kubernetes.io/part-of: appmesh + {{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} + {{- end }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "appmesh-controller.serviceAccountName" . }} + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: {{ template "appmesh-controller.fullname" . }}-webhook-server-cert + containers: + - name: controller + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8080 + name: metrics-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + command: + - /controller + args: + - --enable-leader-election=true + - --log-level={{ .Values.log.level }} + - --sidecar-image-repository={{ .Values.sidecar.image.repository }} + - --sidecar-image-tag={{ .Values.sidecar.image.tag }} + - --sidecar-cpu-requests={{ .Values.sidecar.resources.requests.cpu }} + - --sidecar-memory-requests={{ .Values.sidecar.resources.requests.memory }} + - --sidecar-cpu-limits={{ .Values.sidecar.resources.limits.cpu }} + - --sidecar-memory-limits={{ .Values.sidecar.resources.limits.memory }} + - --init-image={{ .Values.init.image.repository }}:{{ .Values.init.image.tag }} + - --enable-stats-tags={{ .Values.stats.tagsEnabled }} + - --prestop-delay={{ .Values.sidecar.lifecycleHooks.preStopDelay }} + - --poststart-timeout={{ .Values.sidecar.lifecycleHooks.postStartTimeout }} + - --poststart-interval={{ .Values.sidecar.lifecycleHooks.postStartInterval }} + - --readiness-probe-initial-delay={{ .Values.sidecar.probes.readinessProbeInitialDelay }} + - --readiness-probe-period={{ .Values.sidecar.probes.readinessProbePeriod }} + - --envoy-admin-access-port={{ .Values.sidecar.envoyAdminAccessPort }} + - --envoy-admin-access-log-file={{ .Values.sidecar.envoyAdminAccessLogFile }} + - --envoy-admin-access-enable-ipv6={{ .Values.sidecar.envoyAdminAccessEnableIPv6 }} + - --dual-stack-endpoint={{ .Values.sidecar.useDualStackEndpoint }} + - --fips-endpoint={{ .Values.sidecar.useFipsEndpoint }} + - --envoy-aws-access-key-id={{ .Values.sidecar.envoyAwsAccessKeyId }} + - --envoy-aws-secret-access-key={{ .Values.sidecar.envoyAwsSecretAccessKey }} + - --envoy-aws-session-token={{ .Values.sidecar.envoyAwsSessionToken }} + - --preview={{ .Values.preview }} + - --enable-sds={{ .Values.sds.enabled }} + - --sds-uds-path={{ .Values.sds.udsPath }} + - --enable-backend-groups={{ .Values.enableBackendGroups }} + - --cluster-name={{ .Values.clusterName}} + - --use-aws-dual-stack-endpoint={{ .Values.useAwsDualStackEndpoint}} + - --use-aws-fips-endpoint={{ .Values.useAwsFIPSEndpoint}} + {{- if .Values.cloudMapCustomHealthCheck.enabled }} + - --enable-custom-health-check=true + {{- end }} + {{- if kindIs "int64" .Values.cloudMapDNS.ttl }} + - --cloudmap-dns-ttl={{ .Values.cloudMapDNS.ttl }} + {{- end }} + {{- if .Values.stats.statsdEnabled }} + - --enable-statsd=true + - --statsd-address={{ .Values.stats.statsdAddress }} + - --statsd-port={{ .Values.stats.statsdPort }} + - --statsd-socket-path={{ .Values.stats.statsdSocketPath }} + {{- end }} + {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "x-ray" ) }} + - --enable-xray-tracing=true + - --xray-image={{ .Values.xray.image.repository}}:{{ .Values.xray.image.tag }} + - --xray-daemon-port={{ .Values.tracing.port }} + - --xray-sampling-rate={{ .Values.tracing.samplingRate }} + - --xray-log-level={{ .Values.tracing.logLevel }} + - --xray-config-roleArn={{ .Values.tracing.role }} + {{- end }} + {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "jaeger" ) }} + - --enable-jaeger-tracing=true + - --jaeger-address={{ .Values.tracing.address }} + - --jaeger-port={{ .Values.tracing.port }} + {{- end }} + {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "datadog" ) }} + - --enable-datadog-tracing=true + - --datadog-address={{ .Values.tracing.address }} + - --datadog-port={{ .Values.tracing.port }} + {{- end }} + {{- if .Values.region }} + - --aws-region={{ .Values.region }} + {{- end }} + {{- if .Values.accountId }} + - --aws-account-id={{ .Values.accountId }} + {{- end }} + - --sidecar-log-level={{ .Values.sidecar.logLevel }} + # this must be same as livenessProbe port which can be configured + - --health-probe-port={{ .Values.livenessProbe.httpGet.port }} + - --wait-until-proxy-ready={{ .Values.sidecar.waitUntilProxyReady }} + # TLS configuration + - --tls-min-version={{ .Values.tlsMinVersion }} + - --tls-cipher-suite={{ .Values.tlsCipherSuite }} + {{- if .Values.env }} + env: + {{- range $key, $value := .Values.env }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + {{- end}} + resources: +{{ toYaml .Values.resources | indent 10 }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/stable/appmesh-controller/templates/pdb.yaml b/stable/appmesh-controller/templates/pdb.yaml new file mode 100644 index 000000000..8141234af --- /dev/null +++ b/stable/appmesh-controller/templates/pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget }} +{{- if gt (int .Values.replicaCount) 1 }} +kind: PodDisruptionBudget +apiVersion: policy/v1 +metadata: + name: {{ template "appmesh-controller.fullname" . }}-pdb + namespace: {{ .Release.Namespace }} + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +spec: + selector: + matchLabels: + control-plane: {{ template "appmesh-controller.fullname" . }} + app.kubernetes.io/name: {{ include "appmesh-controller.fullname" . }} + app.kubernetes.io/part-of: appmesh +{{- toYaml .Values.podDisruptionBudget | nindent 2 }} +{{- end -}} +{{- end -}} diff --git a/stable/appmesh-controller/templates/psp.yaml b/stable/appmesh-controller/templates/psp.yaml new file mode 100644 index 000000000..2c8ec64bf --- /dev/null +++ b/stable/appmesh-controller/templates/psp.yaml @@ -0,0 +1,57 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "appmesh-controller.fullname" . }} + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' +spec: + privileged: false + hostIPC: false + hostNetwork: false + hostPID: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + allowedCapabilities: + - '*' + fsGroup: + rule: RunAsAny + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - '*' +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "appmesh-controller.fullname" . }}-psp + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +rules: + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "appmesh-controller.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "appmesh-controller.fullname" . }}-psp + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "appmesh-controller.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ template "appmesh-controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/stable/appmesh-controller/templates/rbac.yaml b/stable/appmesh-controller/templates/rbac.yaml new file mode 100644 index 000000000..22ca9cf5a --- /dev/null +++ b/stable/appmesh-controller/templates/rbac.yaml @@ -0,0 +1,81 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "appmesh-controller.fullname" . }}-leader-election-role + namespace: {{ .Release.Namespace }} + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +rules: +- apiGroups: [""] + resources: [configmaps] + verbs: [create, list, watch] +- apiGroups: [""] + resources: [configmaps] + resourceNames: [appmesh-controller-leader-election] + verbs: [get, patch, update] +- apiGroups: [""] + resources: [events] + verbs: [create, patch] +- apiGroups: ["coordination.k8s.io"] + resources: [leases] + verbs: [create] +- apiGroups: ["coordination.k8s.io"] + resources: [leases] + resourceNames: [appmesh-controller-leader-election] + verbs: [get, update, patch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "appmesh-controller.fullname" . }}-leader-election-rolebinding + namespace: {{ .Release.Namespace }} + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "appmesh-controller.fullname" . }}-leader-election-role +subjects: +- kind: ServiceAccount + name: {{ template "appmesh-controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "appmesh-controller.fullname" . }}-role + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +rules: +- apiGroups: [""] + resources: [events] + verbs: [create, delete, get, list, patch, update, watch] +- apiGroups: [""] + resources: [namespaces, pods, nodes] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [pods/status] + verbs: [get, patch, update] +- apiGroups: [appmesh.k8s.aws] + resources: [backendgroups, gatewayroutes, meshes, virtualgateways, virtualnodes, virtualrouters, virtualservices] + verbs: [create, delete, get, list, patch, update, watch] +- apiGroups: [appmesh.k8s.aws] + resources: [backendgroups/status, gatewayroutes/status, meshes/status, virtualgateways/status, virtualnodes/status, virtualrouters/status, virtualservices/status] + verbs: [get, patch, update] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "appmesh-controller.fullname" . }}-rolebinding + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "appmesh-controller.fullname" . }}-role +subjects: +- name: {{ template "appmesh-controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + kind: ServiceAccount +{{- end }} diff --git a/stable/appmesh-controller/templates/service.yaml b/stable/appmesh-controller/templates/service.yaml new file mode 100644 index 000000000..bdcfec9be --- /dev/null +++ b/stable/appmesh-controller/templates/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "appmesh-controller.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: {{ template "appmesh-controller.fullname" . }} diff --git a/stable/appmesh-controller/templates/serviceaccount.yaml b/stable/appmesh-controller/templates/serviceaccount.yaml new file mode 100644 index 000000000..8b9ba0ee6 --- /dev/null +++ b/stable/appmesh-controller/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "appmesh-controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "appmesh-controller.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/stable/appmesh-controller/templates/webhook.yaml b/stable/appmesh-controller/templates/webhook.yaml new file mode 100644 index 000000000..7a382153d --- /dev/null +++ b/stable/appmesh-controller/templates/webhook.yaml @@ -0,0 +1,157 @@ +{{ $tls := fromYaml ( include "appmesh-controller.gen-certs" . ) }} +{{ $fullName := ( include "appmesh-controller.fullname" . ) }} +{{ $webhookConfig := .Files.Get "webhookconfig.yaml" | fromYaml }} +--- +{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} +apiVersion: admissionregistration.k8s.io/v1 +{{- else }} +apiVersion: admissionregistration.k8s.io/v1beta1 +{{- end }} +kind: MutatingWebhookConfiguration +metadata: +{{- if $.Values.enableCertManager }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "appmesh-controller.fullname" . }}-serving-cert +{{- end }} + name: {{ template "appmesh-controller.fullname" . }}-mutating-webhook-configuration + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +webhooks: +{{- range $res := $webhookConfig.customResources }} +- clientConfig: + service: + name: {{ $fullName }}-webhook-service + namespace: {{ $.Release.Namespace }} + path: /mutate-appmesh-k8s-aws-v1beta2-{{ $res.name }} + caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }} + failurePolicy: Fail + name: m{{ $res.name }}.appmesh.k8s.aws + rules: + - apiGroups: + - appmesh.k8s.aws + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - {{ $res.resource }} + sideEffects: None + admissionReviewVersions: + - v1beta1 +{{- end }} +- clientConfig: + caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }} + service: + name: {{ $fullName }}-webhook-service + namespace: {{ $.Release.Namespace }} + path: /mutate-v1-pod + failurePolicy: Fail + name: mpod.appmesh.k8s.aws + namespaceSelector: + matchExpressions: + - key: appmesh.k8s.aws/sidecarInjectorWebhook + operator: In + values: + - enabled + - disabled + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + admissionReviewVersions: + - v1beta1 +--- +{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} +apiVersion: admissionregistration.k8s.io/v1 +{{- else }} +apiVersion: admissionregistration.k8s.io/v1beta1 +{{- end }} +kind: ValidatingWebhookConfiguration +metadata: +{{- if $.Values.enableCertManager }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "appmesh-controller.fullname" . }}-serving-cert +{{- end }} + name: {{ template "appmesh-controller.fullname" . }}-validating-webhook-configuration + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +webhooks: +{{- range $res := $webhookConfig.customResources }} +- clientConfig: + service: + name: {{ $fullName }}-webhook-service + namespace: {{ $.Release.Namespace }} + path: /validate-appmesh-k8s-aws-v1beta2-{{ $res.name }} + caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }} + failurePolicy: Fail + name: v{{ $res.name }}.appmesh.k8s.aws + rules: + - apiGroups: + - appmesh.k8s.aws + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - {{ $res.resource }} + sideEffects: None + admissionReviewVersions: + - v1beta1 +{{- end }} +--- +{{- if not $.Values.enableCertManager }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "appmesh-controller.fullname" . }}-webhook-server-cert + namespace: {{ .Release.Namespace }} + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +type: kubernetes.io/tls +data: + ca.crt: {{ $tls.caCert }} + tls.crt: {{ $tls.clientCert }} + tls.key: {{ $tls.clientKey }} +{{- else }} +{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} +apiVersion: cert-manager.io/v1 +{{- else }} +apiVersion: cert-manager.io/v1alpha2 +{{- end }} +kind: Certificate +metadata: + name: {{ template "appmesh-controller.fullname" . }}-serving-cert + namespace: {{ .Release.Namespace }} + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +spec: + dnsNames: + - {{ template "appmesh-controller.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc + - {{ template "appmesh-controller.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: {{ template "appmesh-controller.fullname" . }}-selfsigned-issuer + secretName: {{ template "appmesh-controller.fullname" . }}-webhook-server-cert +--- +{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} +apiVersion: cert-manager.io/v1 +{{- else }} +apiVersion: cert-manager.io/v1alpha2 +{{- end }} +kind: Issuer +metadata: + name: {{ template "appmesh-controller.fullname" . }}-selfsigned-issuer + namespace: {{ .Release.Namespace }} + labels: +{{ include "appmesh-controller.labels" . | indent 4 }} +spec: + selfSigned: {} +{{- end }} \ No newline at end of file diff --git a/stable/appmesh-controller/test.yaml b/stable/appmesh-controller/test.yaml new file mode 100644 index 000000000..dd331b15f --- /dev/null +++ b/stable/appmesh-controller/test.yaml @@ -0,0 +1,177 @@ +# Test values for appmesh-controller. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 +region: "" +accountId: "" +preview: false +clusterName: "" +useAwsDualStackEndpoint: false +useAwsFIPSEndpoint: false + +image: + repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller + tag: v1.13.1 + pullPolicy: IfNotPresent + +sidecar: + image: + repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy + tag: v1.29.6.0-prod + # sidecar.logLevel: Envoy log level can be info, warn, error or debug + logLevel: info + envoyAdminAccessPort: 9901 + envoyAdminAccessLogFile: /tmp/envoy_admin_access.log + envoyAdminAccessEnableIPv6: false + useDualStackEndpoint: false + useFipsEndpoint: false + resources: + # sidecar.resources.requests: Envoy CPU and memory requests + requests: + cpu: 10m + memory: 32Mi + # sidecar.resources/limits: Envoy CPU and memory limits + limits: + cpu: 100m + memory: 64Mi + lifecycleHooks: + # sidecar.lifecycleHooks: Envoy PreStop Hook Delay + preStopDelay: 20 + postStartTimeout: 180 + postStartInterval: 5 + probes: + # sidecar.probes: Envoy Readiness Probe + readinessProbeInitialDelay: 1 + readinessProbePeriod: 10 + waitUntilProxyReady: false +init: + image: + repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager + tag: v7-prod + +xray: + image: + repository: public.ecr.aws/xray/aws-xray-daemon + tag: latest + +nameOverride: "" +fullnameOverride: "" + +resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 200Mi + +nodeSelector: { + test: test +} + +tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoExecute" + +affinity: { + test: test +} + +podAnnotations: { + test: test +} + +podLabels: { + test: test +} + +cloudMapCustomHealthCheck: + # cloudMapCustomHealthCheck.enabled: `true` if CustomHealthCheck needs to be enabled in CloudMap + enabled: true + +cloudMapDNS: + # cloudMapDNS.ttl if set will use this global ttl value + ttl: 300 + +sds: + # sds.enabled: `true` if SDS based mTLS support needs to be enabled in envoy + enabled: true + #sds.udsPath: UDS Path of the SDS Provider. Default value is tied to SPIRE. + udsPath: /run/spire/sockets/agent.sock + +serviceAccount: + # serviceAccount.create: Whether to create a service account or not + create: true + # serviceAccount.name: The name of the service account to create or use + name: test + # serviceAccount.annotations: optional annotations to be applied to service account + annotations: { + test: test + } + +rbac: + # rbac.create: `true` if rbac resources should be created + create: true + # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created + pspEnabled: true + +log: + #log.level: info (default), debug + level: "info" + +tracing: + # tracing.enabled: `true` if Envoy should be configured tracing + enabled: true + # tracing.provider: can be x-ray, jaeger or datadog + provider: x-ray + # tracing.address: Jaeger or Datadog agent server address (ignored for X-Ray) + address: appmesh-jaeger.appmesh-system + # tracing.port: X-Ray, Jaeger or Datadog agent server port + port: 2000 + # tracing.samplingRate: X-Ray tracer sampling rate + samplingRate: 0.05 + # tracing.logLevel: X-Ray agent log level + logLevel: prod + # tracing.role: X-Ray agent IAM role to upload segments to a different account + role: "" + +stats: + # stats.tagsEnabled: `true` if Envoy should include app-mesh tags + tagsEnabled: false + # stats.statsdEnabled: `true` if Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 + statsdEnabled: false + #stats.statsdAddress: DogStatsD daemon address + statsdAddress: 127.0.0.1 + #stats.statsdPort: DogStatsD daemon port + statsdPort: 8125 + #stats.statsdSocketPath: DogStatsD unix domain socket path + statsdSocketPath: "" + +# Enable cert-manager +enableCertManager: false + +# podDisruptionBudget for Appmesh controller +podDisruptionBudget: {} + # minAvailable: 1 + +# Environment variables to set in appmesh-controller pod +env: {} + +#Example +#env: +# http_proxy: http://proxyserver:3128 +# https_proxy: http://proxyserver:3128 +# no_proxy: "localhost,127.0.0.1,.cluster.local" + +# Liveness probe configuration for the appmesh-controller pod +livenessProbe: + failureThreshold: 2 + httpGet: + path: /healthz + port: 61779 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 10 diff --git a/stable/appmesh-controller/upgrade/pre_upgrade_check.sh b/stable/appmesh-controller/upgrade/pre_upgrade_check.sh new file mode 100755 index 000000000..0171eb1b4 --- /dev/null +++ b/stable/appmesh-controller/upgrade/pre_upgrade_check.sh @@ -0,0 +1,110 @@ +#!/bin/bash + +check_kube_connection() { + + kube_err=$(kubectl cluster-info 2>&1 >/dev/null) + if [[ -z $kube_err ]]; then + echo "kubectl context check: PASSED!" + return 0 + else + echo "kubectl context check: FAILED -- context or permissions issue for kubectl" + echo $kube_err + return 1 + fi + +} + +check_kube_installation() { + + kube_err=$(kubectl version --client 2>&1 >/dev/null) + if [[ -z $kube_err ]]; then + echo "kubectl installation check: PASSED!" + return 0 + else + echo "kubectl installation check: FAILED -- kubectl not installed" + return 1 + fi + +} + +check_jq_installation() { + + jq_err=$(jq --version 2>&1 >/dev/null) + if [[ -z $jq_err ]]; then + echo "jq installation check: PASSED!" + return 0 + else + echo "jq installation check: FAILED -- jq not installed" + return 1 + fi + +} + +check_old_crds() { + + vs=$(kubectl get crd virtualservices.appmesh.k8s.aws --ignore-not-found -o json | jq -r '.spec.versions[]? | select(.? | .name == "v1beta1")') + vn=$(kubectl get crd virtualnodes.appmesh.k8s.aws --ignore-not-found -o json | jq -r '.spec.versions[]? | select(.? | .name == "v1beta1")') + ms=$(kubectl get crd meshes.appmesh.k8s.aws --ignore-not-found -o json | jq -r '.spec.versions[]? | select(.? | .name == "v1beta1")') + + if [[ -z $vs && -z $vn && -z $ms ]]; then + echo "App Mesh CRD check: PASSED!" + return 0 + else + echo "App Mesh CRD check: FAILED -- v1beta1 CRDs are still installed" + return 1 + fi + +} + +check_controller_version() { + currentver=$(kubectl get deployment -n appmesh-system appmesh-controller --ignore-not-found -o json | jq -r ".spec.template.spec.containers[].image" | cut -f2 -d ':') + requiredver="v1.0.0" + + if [[ "$(printf '%s\n' "$requiredver" "$currentver" | sort -V | head -n1)" = "$requiredver" || -z "$currentver" ]]; then + echo "Controller version check: PASSED!" + return 0 + else + echo "Controller version check: FAILED -- old appmesh-controller ($currentver) is still running" + return 1 + + fi +} + +check_injector() { + status=0 + for ns in "appmesh-inject" "appmesh-system"; do + + injector=$(kubectl get deployment -n ${ns} appmesh-inject --ignore-not-found -o json | jq -r .kind) + + if [ -z $injector ]; then + echo "Injector check for namespace ${ns}: PASSED!" + else + echo "Injector check: FAILED -- appmesh-inject is still running in namespace ${ns}" + return 1 + fi + + done + return 0 +} + +main() { + + exitcode=0 + check_kube_installation || exitcode=1 + check_jq_installation || exitcode=1 + check_kube_connection || exitcode=1 + if [ ${exitcode} = 0 ]; then + check_old_crds || exitcode=1 + check_controller_version || exitcode=1 + check_injector || exitcode=1 + fi + + if [ ${exitcode} = 0 ]; then + echo -e "\nYour cluster is ready for upgrade. Please proceed to the installation instructions" + else + echo -e "\nYour cluster is NOT ready for upgrade to v1.0.0. Please install/uninstall all the identified items before proceeding" + fi + +} + +main \ No newline at end of file diff --git a/stable/appmesh-controller/values.yaml b/stable/appmesh-controller/values.yaml new file mode 100644 index 000000000..940d17fc0 --- /dev/null +++ b/stable/appmesh-controller/values.yaml @@ -0,0 +1,168 @@ +# Default values for appmesh-controller. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 +region: "" +accountId: "" +preview: false +enableBackendGroups: false +clusterName: "" +useAwsDualStackEndpoint: false +useAwsFIPSEndpoint: false + +image: + repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller + tag: v1.13.1 + pullPolicy: IfNotPresent + +sidecar: + image: + repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy + tag: v1.29.6.0-prod + # sidecar.logLevel: Envoy log level can be info, warn, error or debug + logLevel: info + envoyAdminAccessPort: 9901 + envoyAdminAccessLogFile: /tmp/envoy_admin_access.log + envoyAdminAccessEnableIPv6: false + useDualStackEndpoint: false + useFipsEndpoint: false + resources: + # sidecar.resources.requests: Envoy CPU and memory requests + requests: + cpu: 10m + memory: 32Mi + # sidecar.resources/limits: Envoy CPU and memory limits + limits: + cpu: "" + memory: "" + lifecycleHooks: + # sidecar.lifecycleHooks: Envoy PreStop Hook Delay + preStopDelay: 20 + postStartInterval: 5 + postStartTimeout: 180 + probes: + # sidecar.probes: Envoy Readiness Probe + readinessProbeInitialDelay: 1 + readinessProbePeriod: 10 + waitUntilProxyReady: false +init: + image: + repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager + tag: v7-prod + +xray: + image: + repository: public.ecr.aws/xray/aws-xray-daemon + tag: latest + +nameOverride: "" +fullnameOverride: "" + +resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 200Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +podAnnotations: {} + +podLabels: {} + +cloudMapCustomHealthCheck: + # cloudMapCustomHealthCheck.enabled: `true` if CustomHealthCheck needs to be enabled in CloudMap + enabled: false + +cloudMapDNS: + # cloudMapDNS.ttl if set will use this global ttl value + ttl: 300 + +sds: + # sds.enabled: `true` if SDS based mTLS support needs to be enabled in envoy + enabled: false + #sds.udsPath: UDS Path of the SDS Provider. Default value is tied to SPIRE. + udsPath: /run/spire/sockets/agent.sock + +serviceAccount: + # serviceAccount.create: Whether to create a service account or not + create: true + # serviceAccount.name: The name of the service account to create or use + name: "" + # serviceAccount.annotations: optional annotations to be applied to service account + annotations: {} + +rbac: + # rbac.create: `true` if rbac resources should be created + create: true + # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created + pspEnabled: false + +log: + #log.level: info (default), debug + level: "info" + +tracing: + # tracing.enabled: `true` if Envoy should be configured tracing + enabled: false + # tracing.provider: can be x-ray, jaeger or datadog + provider: x-ray + # tracing.address: Jaeger or Datadog agent server address (ignored for X-Ray) + address: appmesh-jaeger.appmesh-system + # tracing.port: X-Ray, Jaeger or Datadog agent server port + port: 2000 + # tracing.samplingRate: X-Ray tracer sampling rate + samplingRate: 0.05 + # tracing.logLevel: X-Ray agent log level + logLevel: prod + # tracing.role: X-Ray agent IAM role to upload segments to a different account + role: "" + +stats: + # stats.tagsEnabled: `true` if Envoy should include app-mesh tags + tagsEnabled: false + # stats.statsdEnabled: `true` if Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 + statsdEnabled: false + #stats.statsdAddress: DogStatsD daemon address + statsdAddress: 127.0.0.1 + #stats.statsdPort: DogStatsD daemon port + statsdPort: 8125 + #stats.statsdSocketPath: DogStatsD unix domain socket path + statsdSocketPath: "" + +# Enable cert-manager +enableCertManager: false + +# podDisruptionBudget for Appmesh controller +podDisruptionBudget: {} +# minAvailable: 1 + +# Environment variables to set in appmesh-controller pod +env: {} + +# TLS setting for appmesh-controller +tlsMinVersion: VersionTLS12 +tlsCipherSuite: + +#Example +#env: +# http_proxy: http://proxyserver:3128 +# https_proxy: http://proxyserver:3128 +# no_proxy: "localhost,127.0.0.1,.cluster.local" + +# Liveness probe configuration for the controller +livenessProbe: + failureThreshold: 2 + httpGet: + path: /healthz + port: 61779 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 10 diff --git a/stable/appmesh-controller/webhookconfig.yaml b/stable/appmesh-controller/webhookconfig.yaml new file mode 100644 index 000000000..d67fc5e6c --- /dev/null +++ b/stable/appmesh-controller/webhookconfig.yaml @@ -0,0 +1,20 @@ +# This file contains configuration for the webhooks defined +# in the appmesh-controller. The contents should not be changed +# unless there are corresponding changes in the appmesh-controller +# controller. This file is referenced in the templates for +# generating the admission webhooks for the resources +customResources: + - name: gatewayroute + resource: gatewayroutes + - name: mesh + resource: meshes + - name: virtualnode + resource: virtualnodes + - name: virtualrouter + resource: virtualrouters + - name: virtualservice + resource: virtualservices + - name: virtualgateway + resource: virtualgateways + - name: backendgroup + resource: backendgroups