Remove deprecated Ambassador ingress code (#8086)

This commit is contained in:
Florian Ruynat 2021-10-27 00:19:09 +02:00 committed by GitHub
parent c2d4822c38
commit 331647f4ab
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 0 additions and 623 deletions

View file

@ -148,7 +148,6 @@ Note: Upstart/SysV init based OS types are not supported.
- [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0
- [weave](https://github.com/weaveworks/weave) v2.8.1
- Application
- [ambassador](https://github.com/datawire/ambassador): v1.5
- [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
- [rbd-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.1-k8s1.11
- [cert-manager](https://github.com/jetstack/cert-manager) v1.5.4
@ -218,8 +217,6 @@ See also [Network checker](docs/netcheck.md).
## Ingress Plugins
- [ambassador](docs/ambassador.md): the Ambassador Ingress Controller and API gateway.
- [nginx](https://kubernetes.github.io/ingress-nginx): the NGINX Ingress Controller.
- [metallb](docs/metallb.md): the MetalLB bare-metal service LoadBalancer provider.

View file

@ -20,7 +20,6 @@
* [OVN4NFV](docs/ovn4nfv.md)
* Ingress
* [ALB Ingress](docs/ingress_controller/alb_ingress_controller.md)
* [Ambassador](docs/ingress_controller/ambassador.md)
* [MetalLB](docs/metallb.md)
* [Nginx Ingress](docs/ingress_controller/ingress_nginx.md)
* [Cloud providers](docs/cloud.md)

View file

@ -100,7 +100,6 @@ The following tags are defined in playbooks:
| Tag name | Used for
|--------------------------------|---------
| ambassador | Ambassador Ingress Controller
| annotate | Create kube-router annotation
| apps | K8s apps definitions
| asserts | Check tasks for download role

View file

@ -1,97 +0,0 @@
# Ambassador
The [Ambassador API Gateway](https://github.com/datawire/ambassador) provides all the functionality of a traditional ingress controller
(e.g., path-based routing) while exposing many additional capabilities such as authentication,
URL rewriting, CORS, rate limiting, and automatic metrics collection.
## Installation
### Configuration
* `ingress_ambassador_namespace` (default `ambassador`): namespace for installing Ambassador.
* `ingress_ambassador_update_window` (default `0 0 * * SUN`): _crontab_-like expression
for specifying when the Operator should try to update the Ambassador API Gateway.
* `ingress_ambassador_version` (default: `*`): SemVer rule for versions allowed for
installation/updates.
* `ingress_ambassador_secure_port` (default: 443): HTTPS port to listen at.
* `ingress_ambassador_insecure_port` (default: 80): HTTP port to listen at.
* `ingress_ambassador_multi_namespaces` (default `false`): By default, Ambassador will only
watch the `ingress_ambassador_namespace` namespace for `AmbassadorInstallation` CRD resources.
When set to `true`, this value will tell the Ambassador Operator to watch **all** namespaces
for CRDs. If you want to run multiple Ambassador ingress instances, set this to `true`.
### Ingress annotations
The Ambassador API Gateway will automatically load balance `Ingress` resources
that include the annotation `kubernetes.io/ingress.class=ambassador`. All the other
resources will be just ignored.
### Ambassador Operator
This Ambassador addon deploys the Ambassador Operator, which in turn will install
the [Ambassador API Gateway](https://github.com/datawire/ambassador) in
a Kubernetes cluster.
The Ambassador Operator is a Kubernetes Operator that controls Ambassador's complete lifecycle
in your cluster, automating many of the repeatable tasks you would otherwise have to perform
yourself. Once installed, the Operator will complete installations and seamlessly upgrade to new
versions of Ambassador as they become available.
## Usage
The following example creates simple http-echo services and an `Ingress` object
to route to these services.
Note well that the [Ambassador API Gateway](https://github.com/datawire/ambassador) will automatically load balance `Ingress` resources
that include the annotation `kubernetes.io/ingress.class=ambassador`. All the other
resources will be just ignored.
```yaml
kind: Pod
apiVersion: v1
metadata:
name: foo-app
labels:
app: foo
spec:
containers:
- name: foo-app
image: hashicorp/http-echo
args:
- "-text=foo"
---
kind: Service
apiVersion: v1
metadata:
name: foo-service
spec:
selector:
app: foo
ports:
# Default port used by the image
- port: 5678
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
annotations:
kubernetes.io/ingress.class: ambassador
spec:
rules:
- http:
paths:
- path: /foo
backend:
serviceName: foo-service
servicePort: 5678
```
Now you can test that the ingress is working with curl:
```console
$ export AMB_IP=$(kubectl get service ambassador -n ambassador -o 'go-template={{range .status.loadBalancer.ingress}}{{print .ip "\n"}}{{end}}')
$ curl $AMB_IP/foo
foo
```

View file

@ -118,12 +118,6 @@ ingress_publish_status_address: ""
# - --default-ssl-certificate=default/foo-tls
# ingress_nginx_class: nginx
# ambassador ingress controller deployment
ingress_ambassador_enabled: false
# ingress_ambassador_namespace: "ambassador"
# ingress_ambassador_version: "*"
# ingress_ambassador_multi_namespaces: false
# ALB ingress controller deployment
ingress_alb_enabled: false
# alb_ingress_aws_region: "us-east-1"

View file

@ -583,8 +583,6 @@ local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-p
local_path_provisioner_image_tag: "v0.0.19"
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
ingress_nginx_controller_image_tag: "v1.0.4"
ingress_ambassador_image_repo: "{{ quay_image_repo }}/datawire/ambassador-operator"
ingress_ambassador_image_tag: "v1.2.9"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
alb_ingress_image_tag: "v1.1.9"
cert_manager_version: "v1.5.4"
@ -1170,15 +1168,6 @@ downloads:
groups:
- kube_node
ingress_ambassador_controller:
enabled: "{{ ingress_ambassador_enabled }}"
container: true
repo: "{{ ingress_ambassador_image_repo }}"
tag: "{{ ingress_ambassador_image_tag }}"
sha256: "{{ ingress_ambassador_digest_checksum|default(None) }}"
groups:
- kube_node
ingress_alb_controller:
enabled: "{{ ingress_alb_enabled }}"
container: true

View file

@ -1,10 +0,0 @@
---
ingress_ambassador_namespace: "ambassador"
ingress_ambassador_version: "*"
ingress_ambassador_update_window: "0 0 * * SUN"
ingress_ambassador_replicas: 1
ingress_ambassador_insecure_port: 80
ingress_ambassador_secure_port: 443
ingress_ambassador_extra_args: []
ingress_ambassador_host_network: false
ingress_ambassador_multi_namespaces: false

View file

@ -1,72 +0,0 @@
---
- name: Ambassador | Create addon dir
file:
path: "{{ kube_config_dir }}/addons/ambassador"
state: directory
owner: root
group: root
mode: 0755
when:
- inventory_hostname == groups['kube_control_plane'][0]
- name: Ambassador | Templates list
set_fact:
ingress_ambassador_templates:
- { name: 00-namespace, file: 00-namespace.yml, type: ns }
- { name: crd-ambassador-installation, file: crd-ambassador-installation.yml, type: customresourcedefinition }
- { name: sa-ambassador, file: sa-ambassador.yml, type: sa }
- { name: clusterrole-ambassador, file: clusterrole-ambassador.yml, type: clusterrole }
- { name: clusterrolebinding-ambassador, file: clusterrolebinding-ambassador.yml, type: clusterrolebinding }
- { name: role-ambassador, file: role-ambassador.yml, type: role }
- { name: rolebinding-ambassador, file: rolebinding-ambassador.yml, type: rolebinding }
- { name: deploy-ambassador, file: deploy-ambassador.yml, type: deploy }
- name: Ambassador | Create manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/ambassador/{{ item.file }}"
loop: "{{ ingress_ambassador_templates }}"
register: ingress_ambassador_manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
- name: Ambassador | Apply manifests
kube:
name: "{{ item.item.name }}"
namespace: "{{ ingress_ambassador_namespace }}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/addons/ambassador/{{ item.item.file }}"
state: "latest"
loop: "{{ ingress_ambassador_manifests.results }}"
when:
- inventory_hostname == groups['kube_control_plane'][0]
# load the AmbassadorInstallation _after_ the CustomResourceDefinition has been loaded
- name: Ambassador | AmbassadorInstallation template
set_fact:
ingress_ambassador_cr_templates:
- { name: cr-ambassador-installation, file: cr-ambassador-installation.yml, type: cr }
- name: Ambassador | Create installation manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/ambassador/{{ item.file }}"
loop: "{{ ingress_ambassador_cr_templates }}"
register: ingress_ambassador_cr_manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
- name: Ambassador | Apply AmbassadorInstallation
kube:
name: "{{ item.item.name }}"
namespace: "{{ ingress_ambassador_namespace }}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/addons/ambassador/{{ item.item.file }}"
state: "latest"
loop: "{{ ingress_ambassador_cr_manifests.results }}"
when:
- inventory_hostname == groups['kube_control_plane'][0]

View file

@ -1,7 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ ingress_ambassador_namespace }}
labels:
name: {{ ingress_ambassador_namespace }}

View file

@ -1,14 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ambassador-operator-cluster
labels:
app.kubernetes.io/name: ambassador-operator
app.kubernetes.io/part-of: ambassador-operator
rules:
- apiGroups: ['*']
resources: ['*']
verbs: ['*']
- nonResourceURLs: ['*']
verbs: ['*']

View file

@ -1,16 +0,0 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ambassador-operator-cluster
labels:
app.kubernetes.io/name: ambassador-operator
app.kubernetes.io/part-of: ambassador-operator
subjects:
- kind: ServiceAccount
name: ambassador-operator
namespace: {{ ingress_ambassador_namespace }}
roleRef:
kind: ClusterRole
name: ambassador-operator-cluster
apiGroup: rbac.authorization.k8s.io

View file

@ -1,38 +0,0 @@
apiVersion: getambassador.io/v2
kind: AmbassadorInstallation
metadata:
name: ambassador
labels:
app.kubernetes.io/name: ambassador-operator
app.kubernetes.io/part-of: ambassador-operator
spec:
installOSS: true
{% if ingress_ambassador_update_window %}
updateWindow: "{{ ingress_ambassador_update_window }}"
{% endif %}
{% if ingress_ambassador_version %}
version: "{{ ingress_ambassador_version }}"
{% endif %}
helmValues:
tolerations:
- key: "node-role.kubernetes.io/master"
effect: NoSchedule
- key: "node-role.kubernetes.io/control-plane"
effect: NoSchedule
deploymentTool: amb-oper-kubespray
{% if ingress_ambassador_host_network %}
hostNetwork: true
{% endif %}
replicaCount: {{ ingress_ambassador_replicas }}
service:
ports:
- name: http
port: 80
hostPort: {{ ingress_ambassador_insecure_port }}
targetPort: 8080
protocol: TCP
- name: https
port: 443
hostPort: {{ ingress_ambassador_secure_port }}
targetPort: 8443
protocol: TCP

View file

@ -1,186 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ambassadorinstallations.getambassador.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.version
name: VERSION
type: string
- JSONPath: .spec.updateWindow
name: UPDATE-WINDOW
type: integer
- JSONPath: .status.lastCheckTime
description: Last time checked
name: LAST-CHECK
type: string
- JSONPath: .status.conditions[?(@.type=='Deployed')].status
description: Indicates if deployment has completed
name: DEPLOYED
type: string
- JSONPath: .status.conditions[?(@.type=='Deployed')].reason
description: Reason for deployment completed
name: REASON
priority: 1
type: string
- JSONPath: .status.conditions[?(@.type=='Deployed')].message
description: Message for deployment completed
name: MESSAGE
priority: 1
type: string
- JSONPath: .status.deployedRelease.appVersion
description: Deployed version of Ambassador
name: DEPLOYED-VERSION
type: string
- JSONPath: .status.deployedRelease.flavor
description: Deployed flavor of Ambassador (OSS or AES)
name: DEPLOYED-FLAVOR
type: string
group: getambassador.io
names:
kind: AmbassadorInstallation
listKind: AmbassadorInstallationList
plural: ambassadorinstallations
singular: ambassadorinstallation
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: AmbassadorInstallation is the Schema for the ambassadorinstallations
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AmbassadorInstallationSpec defines the desired state of AmbassadorInstallation
properties:
baseImage:
description: An (optional) image to use instead of the image specified
in the Helm chart.
type: string
helmRepo:
description: An (optional) Helm repository.
type: string
installOSS:
description: 'Installs [Ambassador OSS](https://www.getambassador.io/docs/latest/topics/install/install-ambassador-oss/)
instead of [AES](https://www.getambassador.io/docs/latest/topics/install/).
Default is false which means it installs AES by default. TODO: 1.
AES/AOSS is not installed and the user installs using `installOSS:
true`, then we straightaway install AOSS. 2. AOSS is installed via
operator and the user sets `installOSS: false`, then we perform the
migration as detailed here - https://www.getambassador.io/docs/latest/topics/install/upgrade-to-edge-stack/
3. AES is installed and the user sets `installOSS: true`, then we
point users to the docs which gives them pointers on how to do
that themselves.'
type: boolean
logLevel:
description: 'An (optional) log level: debug, info...'
enum:
- info
- debug
- warn
- warning
- error
- critical
- fatal
type: string
updateWindow:
description: "`updateWindow` is an optional item that will control when
the updates can take place. This is used to force system updates to
happen late at night if thats what the sysadmins want. \n * There
can be any number of `updateWindow` entries (separated by commas).
\ * `Never` turns off automatic updates even if there are other entries
in the comma-separated list. `Never` is used by sysadmins to disable
all updates during blackout periods by doing a `kubectl apply`
or using our Edge Policy Console to set this. * Each `updateWindow`
is in crontab format (see https://crontab.guru/) Some examples of
`updateWindows` are: - `* 0-6 * * * SUN`: every Sunday, from _0am_
to _6am_ - `* 5 1 * * *`: every first day of the month, at _5am_
* The Operator cannot guarantee minute time granularity, so specifying
\ a minute in the crontab expression can lead to some updates happening
\ sooner/later than expected."
type: string
version:
description: "We are using SemVer for the version number and it can
be specified with any level of precision and can optionally end in
`*`. These are interpreted as: \n * `1.0` = exactly version 1.0 *
`1.1` = exactly version 1.1 * `1.1.*` = version 1.1 and any bug fix
versions `1.1.1`, `1.1.2`, `1.1.3`, etc. * `2.*` = version 2.0 and
any incremental and bug fix versions `2.0`, `2.0.1`, `2.0.2`, `2.1`,
`2.2`, `2.2.1`, etc. * `*` = all versions. * `3.0-ea` = version `3.0-ea1`
and any subsequent EA releases on `3.0`. Also selects the final
3.0 once the final GA version is released. * `4.*-ea` = version `4.0-ea1`
and any subsequent EA release on `4.0`. Also selects the final GA
`4.0`. Also selects any incremental and bug fix versions `4.*` and
`4.*.*`. Also selects the most recent `4.*` EA release i.e., if
`4.0.5` is the last GA version and there is a `4.1-EA3`, then this
\ selects `4.1-EA3` over the `4.0.5` GA. \n You can find the reference
docs about the SemVer syntax accepted [here](https://github.com/Masterminds/semver#basic-comparisons)."
type: string
type: object
status:
description: AmbassadorInstallationStatus defines the observed state of
AmbassadorInstallation
properties:
conditions:
description: List of conditions the installation has experienced.
items:
description: AmbInsCondition defines an Ambassador installation condition,
as well as the last time there was a transition to this condition..
properties:
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
required:
- status
- type
type: object
type: array
deployedRelease:
description: the currently deployed Helm chart
nullable: true
properties:
appVersion:
type: string
flavor:
type: string
manifest:
type: string
name:
type: string
version:
type: string
type: object
lastCheckTime:
description: Last time a successful update check was performed.
format: date-time
nullable: true
type: string
required:
- conditions
type: object
type: object
version: v2
versions:
- name: v2
served: true
storage: true

View file

@ -1,47 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ambassador-operator
namespace: {{ ingress_ambassador_namespace }}
labels:
app.kubernetes.io/name: ambassador-operator
app.kubernetes.io/part-of: ambassador-operator
getambassador.io/installer: operator
spec:
replicas: 1
selector:
matchLabels:
name: ambassador-operator
app.kubernetes.io/name: ambassador-operator
app.kubernetes.io/part-of: ambassador-operator
template:
metadata:
labels:
name: ambassador-operator
getambassador.io/installer: operator
app.kubernetes.io/name: ambassador-operator
app.kubernetes.io/part-of: ambassador-operator
spec:
serviceAccountName: ambassador-operator
containers:
- name: ambassador-operator
image: {{ ingress_ambassador_image_repo }}:{{ ingress_ambassador_image_tag }}
command:
- ambassador-operator
imagePullPolicy: {{ k8s_image_pull_policy }}
env:
- name: WATCH_NAMESPACE
{% if ingress_ambassador_multi_namespaces %}
value: ''
{% else %}
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{% endif %}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "ambassador-operator"

View file

@ -1,82 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: ambassador-operator
rules:
- apiGroups:
- ""
resources:
- pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- customresourcedefinitions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- ambassador-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- apiGroups:
- getambassador.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

View file

@ -1,12 +0,0 @@
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ambassador-operator
subjects:
- kind: ServiceAccount
name: ambassador-operator
roleRef:
kind: Role
name: ambassador-operator
apiGroup: rbac.authorization.k8s.io

View file

@ -1,9 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ambassador-operator
namespace: {{ ingress_ambassador_namespace }}
labels:
app.kubernetes.io/name: ambassador-operator
app.kubernetes.io/part-of: ambassador-operator

View file

@ -7,13 +7,6 @@ dependencies:
- ingress-controller
- ingress-nginx
- role: kubernetes-apps/ingress_controller/ambassador
when: ingress_ambassador_enabled
tags:
- apps
- ingress-controller
- ambassador
- role: kubernetes-apps/ingress_controller/cert_manager
when: cert_manager_enabled
tags:

View file

@ -373,7 +373,6 @@ persistent_volumes_enabled: false
cephfs_provisioner_enabled: false
rbd_provisioner_enabled: false
ingress_nginx_enabled: false
ingress_ambassador_enabled: false
ingress_alb_enabled: false
cert_manager_enabled: false
expand_persistent_volumes: false

View file

@ -9,7 +9,4 @@ kube_network_plugin: canal
deploy_netchecker: true
dns_min_replicas: 1
# test Ambassador
ingress_ambassador_enabled: true
auto_renew_certificates: true