Last active
February 13, 2019 22:25
-
-
Save iNoahNothing/eb514d00d5f120bb43b73b666ec70cfe to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: datawire | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
service: ambassador | |
name: ambassador | |
namespace: datawire | |
annotations: | |
getambassador.io/config: | | |
--- | |
apiVersion: ambassador/v1 | |
kind: Module | |
name: ambassador | |
config: | |
use_remote_address: true | |
--- | |
apiVersion: ambassador/v1 | |
kind: Module | |
name: tls | |
config: | |
server: | |
enabled: true | |
redirect_cleartext_from: 80 | |
--- | |
apiVersion: ambassador/v1 | |
kind: TLSContext | |
name: wild-demo-context | |
hosts: | |
- demo.k736.net | |
- "*.demo.k736.net" | |
secret: wild-demo-cert | |
spec: | |
type: LoadBalancer | |
externalTrafficPolicy: Local | |
ports: | |
- name: http | |
port: 80 | |
targetPort: 80 | |
- name: https | |
port: 443 | |
targetPort: 443 | |
selector: | |
service: ambassador |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ k logs $(getPod -g ambassador) -c ambassador | |
2019-02-13 22:25:22 kubewatch [21 TMainThread] 0.50.1 INFO: kubewatch starting: mode 'cluster-id' ambassador_config_dir '/ambassador/ambassador-config' envoy_config_file '/ambassador/envoy/envoy.json' debug 'False' delay '1.0' pid 'None' | |
2019-02-13 22:25:22 kubewatch [21 TMainThread] 0.50.1 INFO: namespace datawire, watching all namespaces | |
2019-02-13 22:25:22 kubewatch [21 TMainThread] 0.50.1 INFO: cluster ID is d9df889a-739c-52a4-a651-751f8427a55d (from namespace default) | |
AMBASSADOR: using cluster ID d9df889a-739c-52a4-a651-751f8427a55d | |
AMBASSADOR: starting ads | |
AMBASSADOR: starting diagd | |
AMBASSADOR: pinging diagd (10)... | |
time="2019-02-13T22:25:22Z" level=info msg="Ambex 0.1.1 starting..." | |
time="2019-02-13T22:25:22Z" level=info msg=Listening port=18000 | |
time="2019-02-13T22:25:22Z" level=info msg="Wrote PID" file=ambex.pid pid=27 | |
time="2019-02-13T22:25:22Z" level=info msg="Pushing snapshot v0" | |
AMBASSADOR: pinging diagd (9)... | |
2019-02-13 22:25:23 diagd 0.50.1 [P28TMainThread] INFO: thread count 3, listening on 0.0.0.0:8877 | |
[2019-02-13 22:25:23 +0000] [28] [INFO] Starting gunicorn 19.9.0 | |
[2019-02-13 22:25:23 +0000] [28] [INFO] Listening at: http://0.0.0.0:8877 (28) | |
[2019-02-13 22:25:23 +0000] [28] [INFO] Using worker: threads | |
[2019-02-13 22:25:23 +0000] [42] [INFO] Booting worker with pid: 42 | |
2019-02-13 22:25:23 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: starting event watcher | |
2019-02-13 22:25:23 diagd 0.50.1 [P42TMainThread] INFO: Starting periodic updates | |
2019-02-13 22:25:23 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: loading configuration from disk: /ambassador/ambassador-config | |
2019-02-13 22:25:23 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: no configuration found at /ambassador/ambassador-config | |
AMBASSADOR: pinging diagd (8)... | |
AMBASSADOR: diagd running | |
+ set +x | |
AMBASSADOR: waiting | |
PIDS: 27:ambex 28:diagd 48:kubewatch | |
+ kubewatch --sync 'python3 /ambassador/post_update.py' --warmup-delay 10s secrets services | |
2019-02-13 22:25:28 diagd 0.50.1 [P42TAmbassadorEventWatcher] WARNING: EnvoyStats.update_log_levels failed: HTTPConnectionPool(host='127.0.0.1', port=8001): Max retries exceeded with url: /logging (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f344867e780>: Failed to establish a new connection: [Errno 111] Connection refused',)) | |
2019-02-13 22:25:28 diagd 0.50.1 [P42TAmbassadorEventWatcher] WARNING: EnvoyStats.update failed: HTTPConnectionPool(host='127.0.0.1', port=8001): Max retries exceeded with url: /stats (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f344867ee80>: Failed to establish a new connection: [Errno 111] Connection refused',)) | |
2019-02-13 22:25:33 diagd 0.50.1 [P42TAmbassadorEventWatcher] WARNING: EnvoyStats.update_log_levels failed: HTTPConnectionPool(host='127.0.0.1', port=8001): Max retries exceeded with url: /logging (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f34486a7550>: Failed to establish a new connection: [Errno 111] Connection refused',)) | |
2019-02-13 22:25:33 diagd 0.50.1 [P42TAmbassadorEventWatcher] WARNING: EnvoyStats.update failed: HTTPConnectionPool(host='127.0.0.1', port=8001): Max retries exceeded with url: /stats (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f34486a7be0>: Failed to establish a new connection: [Errno 111] Connection refused',)) | |
2019/02/13 22:25:35 SYNC: python3 /ambassador/post_update.py http://localhost:41789/api/snapshot/1 | |
2019-02-13 22:25:35 diagd 0.50.1 [P42TThreadPoolExecutor-0_0] INFO: Update requested from http://localhost:41789/api/snapshot/1 | |
2019-02-13 22:25:35 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: copying configuration from http://localhost:41789/api/snapshot/1 to /ambassador/snapshots/snapshot-1.yaml | |
2019-02-13 22:25:35 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 34711 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 170 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 275 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 104 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 206 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 136 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 143 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 125 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 136 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 109 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 148 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 378 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 367 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 145 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: anonymous YAML.1: parsing 169 bytes of YAML | |
2019-02-13 22:25:36 diagd 0.50.1 [P42TAmbassadorEventWatcher] INFO: no configuration found in snapshot 1? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: datawire | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: ambassador | |
rules: | |
- apiGroups: [""] | |
resources: | |
- services | |
verbs: ["get", "list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- configmaps | |
verbs: ["create", "update", "patch", "get", "list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- secrets | |
verbs: ["get", "list", "watch"] | |
- apiGroups: ["getambassador.io"] | |
resources: | |
- policies | |
- ratelimits | |
- tenants | |
verbs: ["get", "list", "watch"] | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: ambassador | |
namespace: datawire | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: ambassador | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: ambassador | |
subjects: | |
- kind: ServiceAccount | |
name: ambassador | |
namespace: datawire | |
###################################################################### | |
# Create a CRDs used to configure ambassador-pro | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: policies.getambassador.io | |
spec: | |
group: getambassador.io | |
version: v1beta1 | |
versions: | |
- name: v1beta1 | |
served: true | |
storage: true | |
scope: Namespaced | |
names: | |
plural: policies | |
singular: policy | |
kind: Policy | |
shortNames: | |
- pol | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: tenants.getambassador.io | |
spec: | |
group: getambassador.io | |
version: v1beta1 | |
versions: | |
- name: v1beta1 | |
served: true | |
storage: true | |
scope: Namespaced | |
names: | |
plural: tenants | |
singular: tenant | |
kind: Tenant | |
shortNames: | |
- ten | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: ratelimits.getambassador.io | |
spec: | |
group: getambassador.io | |
version: v1beta1 | |
versions: | |
- name: v1beta1 | |
served: true | |
storage: true | |
scope: Namespaced | |
names: | |
plural: ratelimits | |
singular: ratelimit | |
kind: RateLimit | |
shortNames: | |
- rl | |
###################################################################### | |
# Redis for Ambassador Pro ratelimit | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: ambassador-pro-redis | |
namespace: datawire | |
annotations: | |
getambassador.io/config: | | |
--- | |
apiVersion: ambassador/v0 | |
kind: Mapping | |
name: diag-mapping | |
prefix: /ambassador/ | |
service: ambassador-admin:8877 | |
rewrite: /ambassador/v0/diag/ | |
spec: | |
type: ClusterIP | |
ports: | |
- port: 6379 | |
targetPort: 6379 | |
selector: | |
service: ambassador-pro-redis | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: ambassador-pro-redis | |
namespace: datawire | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
service: ambassador-pro-redis | |
template: | |
metadata: | |
labels: | |
service: ambassador-pro-redis | |
spec: | |
containers: | |
- name: redis | |
image: redis:5.0.1 | |
restartPolicy: Always | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
service: ambassador-admin | |
name: ambassador-admin | |
namespace: datawire | |
spec: | |
type: NodePort | |
ports: | |
- name: ambassador-admin | |
port: 8877 | |
targetPort: 8877 | |
selector: | |
service: ambassador | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
name: ambassador | |
namespace: datawire | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
service: ambassador | |
template: | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
"consul.hashicorp.com/connect-inject": "false" | |
labels: | |
service: ambassador | |
spec: | |
serviceAccountName: ambassador | |
containers: | |
- name: ambassador | |
image: quay.io/datawire/ambassador:0.50.1 | |
resources: | |
limits: | |
cpu: 1 | |
memory: 400Mi | |
requests: | |
cpu: 200m | |
memory: 100Mi | |
env: | |
- name: AMBASSADOR_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: STATSD_ENABLED | |
value: "true" | |
- name: AMBASSADOR_ID | |
value: ambassador | |
ports: | |
- name: http | |
containerPort: 80 | |
- name: https | |
containerPort: 443 | |
- name: admin | |
containerPort: 8877 | |
livenessProbe: | |
httpGet: | |
path: /ambassador/v0/check_alive | |
port: 8877 | |
initialDelaySeconds: 30 | |
periodSeconds: 3 | |
readinessProbe: | |
httpGet: | |
path: /ambassador/v0/check_ready | |
port: 8877 | |
initialDelaySeconds: 30 | |
periodSeconds: 3 | |
- name: ambassador-pro | |
image: quay.io/datawire/ambassador_pro:amb-sidecar-0.1.3-rc1 | |
ports: | |
- name: ratelimit-grpc | |
containerPort: 8081 | |
- name: ratelimit-debug | |
containerPort: 6070 | |
- name: auth-http | |
containerPort: 8080 | |
env: | |
# For auth: Auth provider's absolute url: {scheme}://{host} | |
- name: AUTH_PROVIDER_URL | |
value: https://kubecon-demo.auth0.com | |
- name: REDIS_SOCKET_TYPE | |
value: tcp | |
- name: REDIS_URL | |
value: ambassador-pro-redis:6379 | |
- name: AMBASSADOR_LICENSE_KEY | |
value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Im5rcmF1c2UiLCJleHAiOjE1Nzg0MTg4ODZ9.S_6-zdPyy4z1N4Jmo5e4A7WME4CbQVLqnIn_13i5ikw | |
restartPolicy: Always | |
imagePullSecrets: | |
- name: ambassador-pro-registry-credentials |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment