admin_service_annotations |
Annotations for the admin service |
map(string) |
{ "prometheus.io/scrape": "true" } |
no |
affinity |
Pod Affinity |
any |
{} |
no |
allow_http |
Allow plaintext HTTP traffic. Needs to be enabled for redirection. |
bool |
true |
no |
ambassador_configurations |
Configuration options for Ambassador. See https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/ |
any |
{ "diagnostics": { "enabled": false } } |
no |
ambassador_id |
Ambassador ID |
string |
"default" |
no |
backend_config |
Name for the BackendConfig CRD. Defaults to chart release name |
string |
"" |
no |
cdn |
Enable Cloud CDN |
object({ enabled = bool # See https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_backendconfig_parameters policy = optional(object({ include_host = optional(bool) include_protocol = optional(bool) include_query_string = optional(bool) query_string_blacklist = optional(list(string)) query_string_whitelist = optional(list(string)) })) }) |
{ "enabled": false } |
no |
chart_namespace |
Namespace to run the chart in |
string |
"ambassador" |
no |
chart_version |
Version of Chart to install. Set to empty to install the latest version |
string |
"7.2.0" |
no |
cloud_armor_policy |
Name of the Cloud Armor Policy to use |
string |
"" |
no |
connection_draining_timeout_sec |
connection draining timeout is the time, in seconds, to wait for connections to drain |
number |
0 |
no |
container_security_context |
Container securityContext |
any |
{} |
no |
crd_manifest |
Provide a custom CRD Manifest to be created. Otherwise, the version corresponding to var.image_tag will be used |
string |
null |
no |
create_default_listeners |
Whether Emissary should be created with default listeners: HTTP on port 8080, HTTPS on port 8443. See https://www.getambassador.io/docs/emissary/latest/howtos/configure-communications/ |
bool |
false |
no |
custom_request_headers |
Map of Custom Request Headers |
map(string) |
{} |
no |
enable_l7_load_balancing |
Use L7 for load balancing. Otherwise, L4 is used |
bool |
true |
no |
env |
Environment variables for container |
map(string) |
{} |
no |
env_raw |
Raw environment variables for container in YAML |
string |
"" |
no |
external_traffic_policy |
External traffic policy for L4 Load balancing |
string |
"Local" |
no |
frontend_config |
Frontend Config CRD name |
string |
"" |
no |
health_check |
Health Check Configuration |
object({ interval = optional(number) timeout = optional(number) health_threshold = optional(number) unhealthy_threshold = optional(number) protocol = optional(string) path |
|
|
= optional(string) port = optional(number) }) |
{ "interval": 10, "path": "/ambassador/v0/check_alive", "port": 8877, "protocol": "HTTP", "timeout": 10 } |
no |
|
|
hpa_enabled |
Enable HPA |
bool |
true |
no |
hpa_max_replica |
Max Number of replica |
number |
3 |
no |
hpa_metrics |
Metrics for HPA Scaling |
any |
[ { "resource": { "name": "cpu", "target": { "averageUtilization": 80, "type": "Utilization" } }, "type": "Resource" }, { "resource": { "name": "memory", "target": { "averageUtilization": 80, "type": "Utilization" } }, "type": "Resource" } ] |
no |
hpa_min_replica |
Minimum Number of replica |
number |
2 |
no |
http2_enable |
Use HTTP/2. See https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-http2 |
bool |
true |
no |
iap |
Enable Identity-Aware Proxy by setting the secret name with the OAuth Client Credentials |
string |
"" |
no |
image_repository |
Image repository for Ambassador image |
string |
"quay.io/datawire/ambassador" |
no |
image_tag |
Image tag for Ambassador image |
string |
"1.13.9" |
no |
ingress_annotations |
Additional annotations for the ingress |
map(string) |
{} |
no |
ingress_name |
Name of the Kubernetes Ingress |
string |
"" |
no |
internet_facing |
Whether the Load Balancer, L7 or L4 is internet facing |
bool |
true |
no |
kubernetes_annotations |
Annotations for Kubernetes Resources |
map(string) |
{ "app.kubernetes.io/instance": "ambassador", "app.kubernetes.io/managed-by": "Terraform", "app.kubernetes.io/name": "ambassador", "app.kubernetes.io/part-of": "ambassador" } |
no |
kubernetes_labels |
Labels for the Kubernetes Resources |
map(string) |
{ "app.kubernetes.io/instance": "ambassador", "app.kubernetes.io/managed-by": "Terraform", "app.kubernetes.io/name": "ambassador", "app.kubernetes.io/part-of": "ambassador" } |
no |
labels |
Labels for resources |
map(string) |
{ "app.kubernetes.io/managed-by": "Terraform" } |
no |
load_balancer_source_ranges |
Load balancer source range for L4 Load balancing |
list(string) |
[ "0.0.0.0/0" ] |
no |
logging |
Logging configuration for the endpoint |
object({ enable = bool sample_rate = number }) |
{ "enable": false, "sample_rate": 0.5 } |
no |
manage_crd |
Manage the CRD for Emissary Ingress |
bool |
false |
no |
managed_certificates |
List of managed certificates to use or create. Key is the name |
map(object({ create = optional(bool) # False by default domains = optional(list(string)) })) |
{} |
no |
pod_disruption_budget |
PDB values |
any |
{ "minAvailable": 1 } |
no |
pod_security_context |
Pod securityContext |
any |
{} |
no |
pre_shared_certificates |
List of pre-shared certificates to use. See https://cloud.google.com/load-balancing/docs/ssl-certificates/self-managed-certs |
list(string) |
[] |
no |
priority_class_name |
Priority class names |
string |
"" |
no |
project_id |
Project ID for resources. Defaults to provider configured project |
string |
null |
no |
region |
Region for resources. Defaults to provider configured region |
string |
null |
no |
release_name |
Chart release name |
string |
"emissary-ingress" |
no |
replicas |
Number of replicas |
number |
3 |
no |
resources |
Pod resources |
any |
{ "limits": { "cpu": "1000m", "memory": "1500Mi" }, "requests": { "cpu": "200m", "memory": "1500Mi" } } |
no |
service_annotations |
Additional annotations for the service |
map(string) |
{} |
no |
service_name |
Name of Ambassador Service |
string |
"ambassador" |
no |
service_port |
Port of Ambaassador Service |
any |
443 |
no |
session_affinity |
Session affinity. Set type to empty to disable |
object({ type = string cookie_ttl_sec = optional(number) }) |
{ "type": "" } |
no |
ssl_policy |
SSL Policy. Set to null to not use any. |
object({ name = string create = bool }) |
{ "create": true, "name": "ambassador" } |
no |
ssl_policy_settings |
Settings for SSL policy to create |
object({ description = optional(string) profile = optional(string) min_tls_version = optional(string) custom_features = optional(list(string)) }) |
{ "min_tls_version": "TLS_1_2", "profile": "MODERN" } |
no |
ssl_redirect |
Redirect HTTP to HTTPS |
object({ enabled = bool response_code_name = optional(string) # One of MOVED_PERMANENTLY_DEFAULT FOUND , SEE_OTHER , TEMPORARY_REDIRECT , PERMANENT_REDIRECT }) |
{ "enabled": true, "response_code_name": "MOVED_PERMANENTLY_DEFAULT" } |
no |
static_ip |
Static IP configuration |
object({ name = string # Name to create or use create = bool
description = optional(string)
# Internal address only subnetwork = optional(string) # Required for internal network_tier = optional(string) address = optional(string) # IPv4 Address for an internal IP }) |
{ "create": true, "name": "ambassadaor" } |
no |
timeout_sec |
Configures the backend service timeout. See https://cloud.google.com/load-balancing/docs/backend-service#timeout-setting |
number |
30 |
no |
tls_secrets |
List of secrets to include in the ingress |
list(object({ hosts = optional(list(string)) secret_name = optional(string) })) |
[] |
no |
tolerations |
Pod Tolerations |
list(any) |
[] |
no |
volume_mounts |
Volumes mounts for container |
list(any) |
[] |
no |
volumes |
Volumes for containers |
list(any) |
[] |
no |
wait_for_load_balancer |
Wait for Load Balancer to be created successfully before returning |
bool |
true |
no |