K
Q

How to deploy multiple ambassador daemon-set in the same namespace - kuberntes

5/14/2019

I have ran into an issue with ambassador (Envoy). Ambassador doesn't simultaneously support HTTP and HTTPS. So that, as a workaround I have to deploy two set of ambassadors (one for HTTP and other for HTTPS). I have deployed two set of ambassadors.

NAME                       READY   STATUS    RESTARTS   AGE
pod/ambassador-k7nlr       2/2     Running   0          55m
pod/ambassador-t2dbm       2/2     Running   0          55m
pod/ambassador-tls-7h6td   2/2     Running   0          107s

NAME                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
service/ambassador-admin       NodePort    10.233.58.170   <none>        8877:30857/TCP   18d
service/ambassador-admin-tls   NodePort    10.233.33.29    <none>        8878:32339/TCP   28m
service/ambassador-monitor     ClusterIP   None            <none>        9102/TCP         18d

NAME                            DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                      AGE
daemonset.apps/ambassador       2         2         2       2            2           node-role.kubernetes.io/node=      58m
daemonset.apps/ambassador-tls   1         1         1       1            1           node-role.kubernetes.io/node=tls   107s

Below two set of pods I wanted to use for http

pod/ambassador-k7nlr       2/2     Running   0          55m
pod/ambassador-t2dbm       2/2     Running   0          55m

And this one for https

pod/ambassador-tls-7h6td   2/2     Running   0          107s

below are my service annotation

getambassador.io/config: |
  ---
  apiVersion: ambassador/v0
  kind: Module
  name: tls
  config:
    server:
      secret: dashboard-certs
  ---
  apiVersion: ambassador/v0
  kind:  Mapping
  name:  dashboard_test_mapping
  host:  dashboard.example.com
  service: https://dashboard.test.svc.cluster.local
  prefix: /

Here the apiVersion: ambassador/v0 is referring to both the ambassador set, so whatever changes I made in the service annotation will be reflected in both the set of ambassadors.

I wanted to set this service annotation for a specific ambassador daemonset (HTTPS).

Any suggestions ??

-- rolz
annotations
envoyproxy
kubeadm
kubernetes
namespaces

Similar Questions

Why the core dns doesnt resolve any domain name when firewalld is enabled? It works when firewalld is stopped
kubectl exec "error: unable to upgrade connection: Unauthorized"
Kubernetes Dashboard Installation giving x509: certificate signed by unknown authority error
Gke - kubernetes / how to ensure deployment isolation on a given node
Unable to get raw TCP traffic through Istio Gateway
Nginx-ingress helm deployment - default backend only works with port 8080

1 Answer

5/14/2019

You can use AMBASSADOR_ID for that, like this:

getambassador.io/config: |
  ---
  ambassador_id: ambassador-1
  apiVersion: ambassador/v0
  kind: Module
  name: tls
  config:
    server:
      secret: dashboard-certs
  ---
  ambassador_id: ambassador-1
  apiVersion: ambassador/v0
  kind:  Mapping
  name:  dashboard_test_mapping
  host:  dashboard.example.com
  service: https://dashboard.test.svc.cluster.local
  prefix: /

and then specify this id in env variables of DaemonSet:

env:
- name: AMBASSADOR_ID
  value: ambassador-1

Refer to the documentation: https://www.getambassador.io/reference/running/#ambassador_id

-- Grigory Ignatyev
Source: StackOverflow