mirror of https://github.com/linkerd/linkerd2.git
move more values to global (#3892)
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
This commit is contained in:
Tarun Pothulapati
Alejandro Pedraza
parent
72667653e8
commit
03982d8837
|
|
@ -95,7 +95,7 @@ spec:
|
|||
- mountPath: /var/run/linkerd/config
|
||||
name: config
|
||||
- {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ if not .Values.noInitContainer -}}
|
||||
{{ if not .Values.global.noInitContainer -}}
|
||||
initContainers:
|
||||
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ end -}}
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ spec:
|
|||
- mountPath: /var/run/linkerd/config
|
||||
name: config
|
||||
- {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ if not .Values.noInitContainer -}}
|
||||
{{ if not .Values.global.noInitContainer -}}
|
||||
initContainers:
|
||||
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ end -}}
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ spec:
|
|||
name: grafana-config
|
||||
readOnly: true
|
||||
- {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ if not .Values.noInitContainer -}}
|
||||
{{ if not .Values.global.noInitContainer -}}
|
||||
initContainers:
|
||||
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ end -}}
|
||||
|
|
|
|||
|
|
@ -114,7 +114,7 @@ spec:
|
|||
- mountPath: /var/run/linkerd/identity/issuer
|
||||
name: identity-issuer
|
||||
- {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ if not .Values.noInitContainer -}}
|
||||
{{ if not .Values.global.noInitContainer -}}
|
||||
initContainers:
|
||||
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ end -}}
|
||||
|
|
|
|||
|
|
@ -211,7 +211,7 @@ spec:
|
|||
name: prometheus-config
|
||||
readOnly: true
|
||||
- {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ if not .Values.noInitContainer -}}
|
||||
{{ if not .Values.global.noInitContainer -}}
|
||||
initContainers:
|
||||
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ end -}}
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ spec:
|
|||
name: tls
|
||||
readOnly: true
|
||||
- {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ if not .Values.noInitContainer -}}
|
||||
{{ if not .Values.global.noInitContainer -}}
|
||||
initContainers:
|
||||
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ end -}}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ metadata:
|
|||
spec:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
{{- if empty .Values.noInitContainer }}
|
||||
{{- if empty .Values.global.noInitContainer }}
|
||||
allowedCapabilities:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
|
|
@ -25,7 +25,7 @@ spec:
|
|||
seLinux:
|
||||
rule: RunAsAny
|
||||
runAsUser:
|
||||
{{- if .Values.noInitContainer }}
|
||||
{{- if .Values.global.noInitContainer }}
|
||||
rule: MustRunAsNonRoot
|
||||
{{- else }}
|
||||
rule: RunAsAny
|
||||
|
|
@ -33,7 +33,7 @@ spec:
|
|||
supplementalGroups:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
{{- if .Values.noInitContainer }}
|
||||
{{- if .Values.global.noInitContainer }}
|
||||
- min: 10001
|
||||
max: 65535
|
||||
{{- else }}
|
||||
|
|
@ -43,7 +43,7 @@ spec:
|
|||
fsGroup:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
{{- if .Values.noInitContainer }}
|
||||
{{- if .Values.global.noInitContainer }}
|
||||
- min: 10001
|
||||
max: 65535
|
||||
{{- else }}
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ spec:
|
|||
name: tls
|
||||
readOnly: true
|
||||
- {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ if not .Values.noInitContainer -}}
|
||||
{{ if not .Values.global.noInitContainer -}}
|
||||
initContainers:
|
||||
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ end -}}
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ spec:
|
|||
- mountPath: /var/run/linkerd/config
|
||||
name: config
|
||||
- {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ if not .Values.noInitContainer -}}
|
||||
{{ if not .Values.global.noInitContainer -}}
|
||||
initContainers:
|
||||
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ end -}}
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ spec:
|
|||
- mountPath: /var/run/linkerd/config
|
||||
name: config
|
||||
- {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ if not .Values.noInitContainer -}}
|
||||
{{ if not .Values.global.noInitContainer -}}
|
||||
initContainers:
|
||||
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
||||
{{ end -}}
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ env:
|
|||
- name: LINKERD2_PROXY_TAP_SVC_NAME
|
||||
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
|
||||
{{ end -}}
|
||||
{{ if .Values.controlPlaneTracing -}}
|
||||
{{ if .Values.global.controlPlaneTracing -}}
|
||||
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
|
||||
value: linkerd-collector.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:55678
|
||||
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
{{ define "partials.linkerd.trace" -}}
|
||||
{{ if .Values.controlPlaneTracing -}}
|
||||
{{ if .Values.global.controlPlaneTracing -}}
|
||||
- -trace-collector=linkerd-collector.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:55678
|
||||
{{ end -}}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -179,10 +179,10 @@ func newInstallOptionsWithDefaults() (*installOptions, error) {
|
|||
controllerUID: defaults.ControllerUID,
|
||||
disableH2Upgrade: !defaults.EnableH2Upgrade,
|
||||
disableHeartbeat: defaults.DisableHeartBeat,
|
||||
noInitContainer: defaults.NoInitContainer,
|
||||
noInitContainer: defaults.Global.NoInitContainer,
|
||||
omitWebhookSideEffects: defaults.OmitWebhookSideEffects,
|
||||
restrictDashboardPrivileges: defaults.RestrictDashboardPrivileges,
|
||||
controlPlaneTracing: defaults.ControlPlaneTracing,
|
||||
controlPlaneTracing: defaults.Global.ControlPlaneTracing,
|
||||
proxyConfigOptions: &proxyConfigOptions{
|
||||
proxyVersion: version.Version,
|
||||
ignoreCluster: false,
|
||||
|
|
@ -654,14 +654,14 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*l5d
|
|||
installValues.ControllerLogLevel = options.controllerLogLevel
|
||||
installValues.ControllerReplicas = options.controllerReplicas
|
||||
installValues.ControllerUID = options.controllerUID
|
||||
installValues.ControlPlaneTracing = options.controlPlaneTracing
|
||||
installValues.Global.ControlPlaneTracing = options.controlPlaneTracing
|
||||
installValues.EnableH2Upgrade = !options.disableH2Upgrade
|
||||
installValues.EnablePodAntiAffinity = options.highAvailability
|
||||
installValues.Global.HighAvailability = options.highAvailability
|
||||
installValues.Global.ImagePullPolicy = options.imagePullPolicy
|
||||
installValues.GrafanaImage = fmt.Sprintf("%s/grafana", options.dockerRegistry)
|
||||
installValues.Global.Namespace = controlPlaneNamespace
|
||||
installValues.NoInitContainer = options.noInitContainer
|
||||
installValues.Global.NoInitContainer = options.noInitContainer
|
||||
installValues.OmitWebhookSideEffects = options.omitWebhookSideEffects
|
||||
installValues.PrometheusLogLevel = toPromLogLevel(strings.ToLower(options.controllerLogLevel))
|
||||
installValues.HeartbeatSchedule = options.heartbeatSchedule()
|
||||
|
|
|
|||
|
|
@ -60,10 +60,8 @@ func TestRender(t *testing.T) {
|
|||
GrafanaImage: "GrafanaImage",
|
||||
ControllerLogLevel: "ControllerLogLevel",
|
||||
PrometheusLogLevel: "PrometheusLogLevel",
|
||||
ProxyContainerName: "ProxyContainerName",
|
||||
ControllerUID: 2103,
|
||||
EnableH2Upgrade: true,
|
||||
NoInitContainer: false,
|
||||
WebhookFailurePolicy: "WebhookFailurePolicy",
|
||||
OmitWebhookSideEffects: false,
|
||||
RestrictDashboardPrivileges: false,
|
||||
|
|
@ -81,6 +79,8 @@ func TestRender(t *testing.T) {
|
|||
ProxyInjectAnnotation: "ProxyInjectAnnotation",
|
||||
ProxyInjectDisabled: "ProxyInjectDisabled",
|
||||
LinkerdNamespaceLabel: "LinkerdNamespaceLabel",
|
||||
ProxyContainerName: "ProxyContainerName",
|
||||
NoInitContainer: false,
|
||||
IdentityTrustDomain: defaultValues.Global.IdentityTrustDomain,
|
||||
IdentityTrustAnchorsPEM: defaultValues.Global.IdentityTrustAnchorsPEM,
|
||||
Proxy: &charts.Proxy{
|
||||
|
|
|
|||
|
|
@ -29,18 +29,15 @@ type (
|
|||
ControllerReplicas uint `json:"controllerReplicas"`
|
||||
ControllerLogLevel string `json:"controllerLogLevel"`
|
||||
PrometheusLogLevel string `json:"prometheusLogLevel"`
|
||||
ProxyContainerName string `json:"proxyContainerName"`
|
||||
ControllerUID int64 `json:"controllerUID"`
|
||||
EnableH2Upgrade bool `json:"enableH2Upgrade"`
|
||||
EnablePodAntiAffinity bool `json:"enablePodAntiAffinity"`
|
||||
NoInitContainer bool `json:"noInitContainer"`
|
||||
WebhookFailurePolicy string `json:"webhookFailurePolicy"`
|
||||
OmitWebhookSideEffects bool `json:"omitWebhookSideEffects"`
|
||||
RestrictDashboardPrivileges bool `json:"restrictDashboardPrivileges"`
|
||||
DisableHeartBeat bool `json:"disableHeartBeat"`
|
||||
HeartbeatSchedule string `json:"heartbeatSchedule"`
|
||||
InstallNamespace bool `json:"installNamespace"`
|
||||
ControlPlaneTracing bool `json:"controlPlaneTracing"`
|
||||
Configs ConfigJSONs `json:"configs"`
|
||||
Global *Global `json:"global"`
|
||||
Identity *Identity `json:"identity"`
|
||||
|
|
@ -74,7 +71,10 @@ type (
|
|||
ProxyInjectAnnotation string `json:"proxyInjectAnnotation"`
|
||||
ProxyInjectDisabled string `json:"proxyInjectDisabled"`
|
||||
LinkerdNamespaceLabel string `json:"linkerdNamespaceLabel"`
|
||||
ProxyContainerName string `json:"proxyContainerName"`
|
||||
HighAvailability bool `json:"highAvailability"`
|
||||
NoInitContainer bool `json:"noInitContainer"`
|
||||
ControlPlaneTracing bool `json:"controlPlaneTracing"`
|
||||
IdentityTrustAnchorsPEM string `json:"identityTrustAnchorsPEM"`
|
||||
IdentityTrustDomain string `json:"identityTrustDomain"`
|
||||
|
||||
|
|
@ -223,7 +223,7 @@ func NewValues(ha bool) (*Values, error) {
|
|||
v.Global.CliVersion = k8s.CreatedByAnnotationValue()
|
||||
v.ProfileValidator = &ProfileValidator{TLS: &TLS{}}
|
||||
v.ProxyInjector = &ProxyInjector{TLS: &TLS{}}
|
||||
v.ProxyContainerName = k8s.ProxyContainerName
|
||||
v.Global.ProxyContainerName = k8s.ProxyContainerName
|
||||
v.Tap = &Tap{TLS: &TLS{}}
|
||||
|
||||
return v, nil
|
||||
|
|
|
|||
|
|
@ -23,11 +23,9 @@ func TestNewValues(t *testing.T) {
|
|||
ControllerReplicas: 1,
|
||||
ControllerLogLevel: "info",
|
||||
PrometheusLogLevel: "info",
|
||||
ProxyContainerName: "linkerd-proxy",
|
||||
ControllerUID: 2103,
|
||||
EnableH2Upgrade: true,
|
||||
EnablePodAntiAffinity: false,
|
||||
NoInitContainer: false,
|
||||
WebhookFailurePolicy: "Ignore",
|
||||
OmitWebhookSideEffects: false,
|
||||
RestrictDashboardPrivileges: false,
|
||||
|
|
@ -45,6 +43,9 @@ func TestNewValues(t *testing.T) {
|
|||
ProxyInjectAnnotation: "linkerd.io/inject",
|
||||
ProxyInjectDisabled: "disabled",
|
||||
LinkerdNamespaceLabel: "linkerd.io/is-control-plane",
|
||||
ProxyContainerName: "linkerd-proxy",
|
||||
NoInitContainer: false,
|
||||
ControlPlaneTracing: false,
|
||||
HighAvailability: false,
|
||||
IdentityTrustDomain: "cluster.local",
|
||||
Proxy: &Proxy{
|
||||
|
|
@ -116,8 +117,6 @@ func TestNewValues(t *testing.T) {
|
|||
ProxyInjector: &ProxyInjector{TLS: &TLS{}},
|
||||
ProfileValidator: &ProfileValidator{TLS: &TLS{}},
|
||||
Tap: &Tap{TLS: &TLS{}},
|
||||
|
||||
ControlPlaneTracing: false,
|
||||
}
|
||||
|
||||
// pin the versions to ensure consistent test result.
|
||||
|
|
|
|||
Loading…
Reference in New Issue