The Ambassador Agent is an optional compenent included with Telepresence and Ambassador Edge Stack. The Ambassador Agent securely reports snapshots of your cluster to Ambassador Cloud, which populate the service catalog giving you a birds-eye-view of your cluster and its services. The Ambassador Agent provides a gRPC API to allow Telepresence to ask questions related to ingress resolution.
The Ambassador Agent can be installed via Helm (note: this will not install any other Ambassador products):
helm repo add datawire https://getambassador.io/If you already have an account with Ambassador and a valid cloud token, the Ambassador Agent can be installed with the token in a single command:
helm install ambassador-agent datawire/ambassador-agent --namespace ambassador --create-namespace --set cloudConnectToken=<TOKEN>If you would rather install the Ambassador Agent now and provide a token at a later time:
helm install ambassador-agent datawire/ambassador-agent --namespace ambassador --create-namespace
By default, the Ambassador Agent is installed with cluster-wide RBAC permissions.
If you would like to do a namespace-scoped installation, the namespaces that you would like the Ambassador Agent to snapshot can be passed in by adding them to rbac.namespaces in the values.yaml file.
helm install ambassador-agent datawire/ambassador-agent --namespace ambassador --create-namespace --set "rbac.namespace={<NAMESPACE_1>[,...]}"In order to populate the and provided functionality when integrating with other Ambassador products, the Ambassador Agent requires the following permissions:
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "apps", "extensions" ]
resources: [ "deployments" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "endpoints", "services" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "configmaps" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "namespaces" ]
resourceName: [ "default" ]
verbs: [ "get" ]
- apiGroups: [ "" ]
resources: [ "endpoints", "services" ]
verbs: [ "get", "list", "watch" ]To show information regarding argo, the following additional permissions are needed:
- apiGroups: [ "argoproj.io" ]
resources: [ "rollouts", "rollouts/status" ]
verbs: [ "get", "list", "watch", "patch" ]
- apiGroups: [ "argoproj.io" ]
resources: [ "application" ]
verbs: [ "get", "list", "watch" ]We use the publish action to publish new versions of the extensions whenever a new tag is added to the repo.
Images are pushed to ambassador/ambassador-agent. We use multi-arch docker builds since the images need to be supported on amd64 and arm64 machines, for more information on multi-arch docker builds you can take a look at this dockerpage
To trigger the publish workflow, run the following commands:
git tag --annotate --message='Releasing version vSEMVER' vSEMVER
git push origin vSEMVER
You can then follow along in the actions tab