| admin_service_annotations |
Annotations for the admin service |
map(string) |
{
"prometheus.io/scrape": "true"
} |
no |
| affinity |
Pod Affinity |
any |
{} |
no |
| allow_http |
Allow plaintext HTTP traffic. Needs to be enabled for redirection. |
bool |
true |
no |
| ambassador_configurations |
Configuration options for Ambassador. See https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/ |
any |
{
"diagnostics": {
"enabled": false
}
} |
no |
| ambassador_id |
Ambassador ID |
string |
"default" |
no |
| backend_config |
Name for the BackendConfig CRD. Defaults to chart release name |
string |
"" |
no |
| cdn |
Enable Cloud CDN |
object({
enabled = bool
# See https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_backendconfig_parameters
policy = optional(object({
include_host = optional(bool)
include_protocol = optional(bool)
include_query_string = optional(bool)
query_string_blacklist = optional(list(string))
query_string_whitelist = optional(list(string))
}))
}) |
{
"enabled": false
} |
no |
| chart_namespace |
Namespace to run the chart in |
string |
"ambassador" |
no |
| chart_version |
Version of Chart to install. Set to empty to install the latest version |
string |
"7.2.0" |
no |
| cloud_armor_policy |
Name of the Cloud Armor Policy to use |
string |
"" |
no |
| connection_draining_timeout_sec |
connection draining timeout is the time, in seconds, to wait for connections to drain |
number |
0 |
no |
| container_security_context |
Container securityContext |
any |
{} |
no |
| crd_manifest |
Provide a custom CRD Manifest to be created. Otherwise, the version corresponding to var.image_tag will be used |
string |
null |
no |
| create_default_listeners |
Whether Emissary should be created with default listeners: HTTP on port 8080, HTTPS on port 8443. See https://www.getambassador.io/docs/emissary/latest/howtos/configure-communications/ |
bool |
false |
no |
| custom_request_headers |
Map of Custom Request Headers |
map(string) |
{} |
no |
| enable_l7_load_balancing |
Use L7 for load balancing. Otherwise, L4 is used |
bool |
true |
no |
| env |
Environment variables for container |
map(string) |
{} |
no |
| env_raw |
Raw environment variables for container in YAML |
string |
"" |
no |
| external_traffic_policy |
External traffic policy for L4 Load balancing |
string |
"Local" |
no |
| frontend_config |
Frontend Config CRD name |
string |
"" |
no |
| health_check |
Health Check Configuration |
object({
interval = optional(number)
timeout = optional(number)
health_threshold = optional(number)
unhealthy_threshold = optional(number)
protocol = optional(string)
path |
|
|
= optional(string)
port = optional(number)
}) |
{
"interval": 10,
"path": "/ambassador/v0/check_alive",
"port": 8877,
"protocol": "HTTP",
"timeout": 10
} |
no |
|
|
| hpa_enabled |
Enable HPA |
bool |
true |
no |
| hpa_max_replica |
Max Number of replica |
number |
3 |
no |
| hpa_metrics |
Metrics for HPA Scaling |
any |
[
{
"resource": {
"name": "cpu",
"target": {
"averageUtilization": 80,
"type": "Utilization"
}
},
"type": "Resource"
},
{
"resource": {
"name": "memory",
"target": {
"averageUtilization": 80,
"type": "Utilization"
}
},
"type": "Resource"
}
] |
no |
| hpa_min_replica |
Minimum Number of replica |
number |
2 |
no |
| http2_enable |
Use HTTP/2. See https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-http2 |
bool |
true |
no |
| iap |
Enable Identity-Aware Proxy by setting the secret name with the OAuth Client Credentials |
string |
"" |
no |
| image_repository |
Image repository for Ambassador image |
string |
"quay.io/datawire/ambassador" |
no |
| image_tag |
Image tag for Ambassador image |
string |
"1.13.9" |
no |
| ingress_annotations |
Additional annotations for the ingress |
map(string) |
{} |
no |
| ingress_name |
Name of the Kubernetes Ingress |
string |
"" |
no |
| internet_facing |
Whether the Load Balancer, L7 or L4 is internet facing |
bool |
true |
no |
| kubernetes_annotations |
Annotations for Kubernetes Resources |
map(string) |
{
"app.kubernetes.io/instance": "ambassador",
"app.kubernetes.io/managed-by": "Terraform",
"app.kubernetes.io/name": "ambassador",
"app.kubernetes.io/part-of": "ambassador"
} |
no |
| kubernetes_labels |
Labels for the Kubernetes Resources |
map(string) |
{
"app.kubernetes.io/instance": "ambassador",
"app.kubernetes.io/managed-by": "Terraform",
"app.kubernetes.io/name": "ambassador",
"app.kubernetes.io/part-of": "ambassador"
} |
no |
| labels |
Labels for resources |
map(string) |
{
"app.kubernetes.io/managed-by": "Terraform"
} |
no |
| load_balancer_source_ranges |
Load balancer source range for L4 Load balancing |
list(string) |
[
"0.0.0.0/0"
] |
no |
| logging |
Logging configuration for the endpoint |
object({
enable = bool
sample_rate = number
}) |
{
"enable": false,
"sample_rate": 0.5
} |
no |
| manage_crd |
Manage the CRD for Emissary Ingress |
bool |
false |
no |
| managed_certificates |
List of managed certificates to use or create. Key is the name |
map(object({
create = optional(bool) # False by default
domains = optional(list(string))
})) |
{} |
no |
| pod_disruption_budget |
PDB values |
any |
{
"minAvailable": 1
} |
no |
| pod_security_context |
Pod securityContext |
any |
{} |
no |
| pre_shared_certificates |
List of pre-shared certificates to use. See https://cloud.google.com/load-balancing/docs/ssl-certificates/self-managed-certs |
list(string) |
[] |
no |
| priority_class_name |
Priority class names |
string |
"" |
no |
| project_id |
Project ID for resources. Defaults to provider configured project |
string |
null |
no |
| region |
Region for resources. Defaults to provider configured region |
string |
null |
no |
| release_name |
Chart release name |
string |
"emissary-ingress" |
no |
| replicas |
Number of replicas |
number |
3 |
no |
| resources |
Pod resources |
any |
{
"limits": {
"cpu": "1000m",
"memory": "1500Mi"
},
"requests": {
"cpu": "200m",
"memory": "1500Mi"
}
} |
no |
| service_annotations |
Additional annotations for the service |
map(string) |
{} |
no |
| service_name |
Name of Ambassador Service |
string |
"ambassador" |
no |
| service_port |
Port of Ambaassador Service |
any |
443 |
no |
| session_affinity |
Session affinity. Set type to empty to disable |
object({
type = string
cookie_ttl_sec = optional(number)
}) |
{
"type": ""
} |
no |
| ssl_policy |
SSL Policy. Set to null to not use any. |
object({
name = string
create = bool
}) |
{
"create": true,
"name": "ambassador"
} |
no |
| ssl_policy_settings |
Settings for SSL policy to create |
object({
description = optional(string)
profile = optional(string)
min_tls_version = optional(string)
custom_features = optional(list(string))
}) |
{
"min_tls_version": "TLS_1_2",
"profile": "MODERN"
} |
no |
| ssl_redirect |
Redirect HTTP to HTTPS |
object({
enabled = bool
response_code_name = optional(string) # One of MOVED_PERMANENTLY_DEFAULT FOUND, SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT
}) |
{
"enabled": true,
"response_code_name": "MOVED_PERMANENTLY_DEFAULT"
} |
no |
| static_ip |
Static IP configuration |
object({
name = string # Name to create or use
create = bool
description = optional(string)
# Internal address only
subnetwork = optional(string) # Required for internal
network_tier = optional(string)
address = optional(string) # IPv4 Address for an internal IP
}) |
{
"create": true,
"name": "ambassadaor"
} |
no |
| timeout_sec |
Configures the backend service timeout. See https://cloud.google.com/load-balancing/docs/backend-service#timeout-setting |
number |
30 |
no |
| tls_secrets |
List of secrets to include in the ingress |
list(object({
hosts = optional(list(string))
secret_name = optional(string)
})) |
[] |
no |
| tolerations |
Pod Tolerations |
list(any) |
[] |
no |
| volume_mounts |
Volumes mounts for container |
list(any) |
[] |
no |
| volumes |
Volumes for containers |
list(any) |
[] |
no |
| wait_for_load_balancer |
Wait for Load Balancer to be created successfully before returning |
bool |
true |
no |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent