diff --git a/charts/linkerd2/templates/controller.yaml b/charts/linkerd2/templates/controller.yaml index a763d7c2f..67fe4294f 100644 --- a/charts/linkerd2/templates/controller.yaml +++ b/charts/linkerd2/templates/controller.yaml @@ -95,7 +95,7 @@ spec: - mountPath: /var/run/linkerd/config name: config - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.noInitContainer -}} + {{ if not .Values.global.noInitContainer -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} diff --git a/charts/linkerd2/templates/destination.yaml b/charts/linkerd2/templates/destination.yaml index 87e995257..1facfe8f9 100644 --- a/charts/linkerd2/templates/destination.yaml +++ b/charts/linkerd2/templates/destination.yaml @@ -95,7 +95,7 @@ spec: - mountPath: /var/run/linkerd/config name: config - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.noInitContainer -}} + {{ if not .Values.global.noInitContainer -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} diff --git a/charts/linkerd2/templates/grafana.yaml b/charts/linkerd2/templates/grafana.yaml index e00ce9694..5773a02d6 100644 --- a/charts/linkerd2/templates/grafana.yaml +++ b/charts/linkerd2/templates/grafana.yaml @@ -147,7 +147,7 @@ spec: name: grafana-config readOnly: true - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.noInitContainer -}} + {{ if not .Values.global.noInitContainer -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} diff --git a/charts/linkerd2/templates/identity.yaml b/charts/linkerd2/templates/identity.yaml index 8d7ca4336..553410798 100644 --- a/charts/linkerd2/templates/identity.yaml +++ b/charts/linkerd2/templates/identity.yaml @@ -114,7 +114,7 @@ spec: - mountPath: /var/run/linkerd/identity/issuer name: identity-issuer - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.noInitContainer -}} + {{ if not .Values.global.noInitContainer -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} diff --git a/charts/linkerd2/templates/prometheus.yaml b/charts/linkerd2/templates/prometheus.yaml index a1c0290c5..c8ba18b33 100644 --- a/charts/linkerd2/templates/prometheus.yaml +++ b/charts/linkerd2/templates/prometheus.yaml @@ -211,7 +211,7 @@ spec: name: prometheus-config readOnly: true - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.noInitContainer -}} + {{ if not .Values.global.noInitContainer -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} diff --git a/charts/linkerd2/templates/proxy-injector.yaml b/charts/linkerd2/templates/proxy-injector.yaml index f98a7614d..93ed9c5ff 100644 --- a/charts/linkerd2/templates/proxy-injector.yaml +++ b/charts/linkerd2/templates/proxy-injector.yaml @@ -76,7 +76,7 @@ spec: name: tls readOnly: true - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.noInitContainer -}} + {{ if not .Values.global.noInitContainer -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} diff --git a/charts/linkerd2/templates/psp.yaml b/charts/linkerd2/templates/psp.yaml index e4a8a04c3..95f2c9cda 100644 --- a/charts/linkerd2/templates/psp.yaml +++ b/charts/linkerd2/templates/psp.yaml @@ -12,7 +12,7 @@ metadata: spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - {{- if empty .Values.noInitContainer }} + {{- if empty .Values.global.noInitContainer }} allowedCapabilities: - NET_ADMIN - NET_RAW @@ -25,7 +25,7 @@ spec: seLinux: rule: RunAsAny runAsUser: - {{- if .Values.noInitContainer }} + {{- if .Values.global.noInitContainer }} rule: MustRunAsNonRoot {{- else }} rule: RunAsAny @@ -33,7 +33,7 @@ spec: supplementalGroups: rule: MustRunAs ranges: - {{- if .Values.noInitContainer }} + {{- if .Values.global.noInitContainer }} - min: 10001 max: 65535 {{- else }} @@ -43,7 +43,7 @@ spec: fsGroup: rule: MustRunAs ranges: - {{- if .Values.noInitContainer }} + {{- if .Values.global.noInitContainer }} - min: 10001 max: 65535 {{- else }} diff --git a/charts/linkerd2/templates/sp-validator.yaml b/charts/linkerd2/templates/sp-validator.yaml index 685494a21..0212ec9d8 100644 --- a/charts/linkerd2/templates/sp-validator.yaml +++ b/charts/linkerd2/templates/sp-validator.yaml @@ -93,7 +93,7 @@ spec: name: tls readOnly: true - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.noInitContainer -}} + {{ if not .Values.global.noInitContainer -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} diff --git a/charts/linkerd2/templates/tap.yaml b/charts/linkerd2/templates/tap.yaml index 6665d3a12..fbf753129 100644 --- a/charts/linkerd2/templates/tap.yaml +++ b/charts/linkerd2/templates/tap.yaml @@ -104,7 +104,7 @@ spec: - mountPath: /var/run/linkerd/config name: config - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.noInitContainer -}} + {{ if not .Values.global.noInitContainer -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} diff --git a/charts/linkerd2/templates/web.yaml b/charts/linkerd2/templates/web.yaml index f4bceb9c5..6d2fc52c0 100644 --- a/charts/linkerd2/templates/web.yaml +++ b/charts/linkerd2/templates/web.yaml @@ -96,7 +96,7 @@ spec: - mountPath: /var/run/linkerd/config name: config - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.noInitContainer -}} + {{ if not .Values.global.noInitContainer -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} diff --git a/charts/partials/templates/_proxy.tpl b/charts/partials/templates/_proxy.tpl index 7a4a1ae6c..368ffce6b 100644 --- a/charts/partials/templates/_proxy.tpl +++ b/charts/partials/templates/_proxy.tpl @@ -68,7 +68,7 @@ env: - name: LINKERD2_PROXY_TAP_SVC_NAME value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) {{ end -}} -{{ if .Values.controlPlaneTracing -}} +{{ if .Values.global.controlPlaneTracing -}} - name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR value: linkerd-collector.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:55678 - name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME diff --git a/charts/partials/templates/_trace.tpl b/charts/partials/templates/_trace.tpl index 65d1e9f35..8e60ff886 100644 --- a/charts/partials/templates/_trace.tpl +++ b/charts/partials/templates/_trace.tpl @@ -1,5 +1,5 @@ {{ define "partials.linkerd.trace" -}} -{{ if .Values.controlPlaneTracing -}} +{{ if .Values.global.controlPlaneTracing -}} - -trace-collector=linkerd-collector.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:55678 {{ end -}} {{- end }} diff --git a/cli/cmd/install.go b/cli/cmd/install.go index 33cc7bc40..8cd67d211 100644 --- a/cli/cmd/install.go +++ b/cli/cmd/install.go @@ -179,10 +179,10 @@ func newInstallOptionsWithDefaults() (*installOptions, error) { controllerUID: defaults.ControllerUID, disableH2Upgrade: !defaults.EnableH2Upgrade, disableHeartbeat: defaults.DisableHeartBeat, - noInitContainer: defaults.NoInitContainer, + noInitContainer: defaults.Global.NoInitContainer, omitWebhookSideEffects: defaults.OmitWebhookSideEffects, restrictDashboardPrivileges: defaults.RestrictDashboardPrivileges, - controlPlaneTracing: defaults.ControlPlaneTracing, + controlPlaneTracing: defaults.Global.ControlPlaneTracing, proxyConfigOptions: &proxyConfigOptions{ proxyVersion: version.Version, ignoreCluster: false, @@ -654,14 +654,14 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*l5d installValues.ControllerLogLevel = options.controllerLogLevel installValues.ControllerReplicas = options.controllerReplicas installValues.ControllerUID = options.controllerUID - installValues.ControlPlaneTracing = options.controlPlaneTracing + installValues.Global.ControlPlaneTracing = options.controlPlaneTracing installValues.EnableH2Upgrade = !options.disableH2Upgrade installValues.EnablePodAntiAffinity = options.highAvailability installValues.Global.HighAvailability = options.highAvailability installValues.Global.ImagePullPolicy = options.imagePullPolicy installValues.GrafanaImage = fmt.Sprintf("%s/grafana", options.dockerRegistry) installValues.Global.Namespace = controlPlaneNamespace - installValues.NoInitContainer = options.noInitContainer + installValues.Global.NoInitContainer = options.noInitContainer installValues.OmitWebhookSideEffects = options.omitWebhookSideEffects installValues.PrometheusLogLevel = toPromLogLevel(strings.ToLower(options.controllerLogLevel)) installValues.HeartbeatSchedule = options.heartbeatSchedule() diff --git a/cli/cmd/install_test.go b/cli/cmd/install_test.go index d468f9dcd..7b943126d 100644 --- a/cli/cmd/install_test.go +++ b/cli/cmd/install_test.go @@ -60,10 +60,8 @@ func TestRender(t *testing.T) { GrafanaImage: "GrafanaImage", ControllerLogLevel: "ControllerLogLevel", PrometheusLogLevel: "PrometheusLogLevel", - ProxyContainerName: "ProxyContainerName", ControllerUID: 2103, EnableH2Upgrade: true, - NoInitContainer: false, WebhookFailurePolicy: "WebhookFailurePolicy", OmitWebhookSideEffects: false, RestrictDashboardPrivileges: false, @@ -81,6 +79,8 @@ func TestRender(t *testing.T) { ProxyInjectAnnotation: "ProxyInjectAnnotation", ProxyInjectDisabled: "ProxyInjectDisabled", LinkerdNamespaceLabel: "LinkerdNamespaceLabel", + ProxyContainerName: "ProxyContainerName", + NoInitContainer: false, IdentityTrustDomain: defaultValues.Global.IdentityTrustDomain, IdentityTrustAnchorsPEM: defaultValues.Global.IdentityTrustAnchorsPEM, Proxy: &charts.Proxy{ diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index 8e8fcf0e4..3a3f73281 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -29,18 +29,15 @@ type ( ControllerReplicas uint `json:"controllerReplicas"` ControllerLogLevel string `json:"controllerLogLevel"` PrometheusLogLevel string `json:"prometheusLogLevel"` - ProxyContainerName string `json:"proxyContainerName"` ControllerUID int64 `json:"controllerUID"` EnableH2Upgrade bool `json:"enableH2Upgrade"` EnablePodAntiAffinity bool `json:"enablePodAntiAffinity"` - NoInitContainer bool `json:"noInitContainer"` WebhookFailurePolicy string `json:"webhookFailurePolicy"` OmitWebhookSideEffects bool `json:"omitWebhookSideEffects"` RestrictDashboardPrivileges bool `json:"restrictDashboardPrivileges"` DisableHeartBeat bool `json:"disableHeartBeat"` HeartbeatSchedule string `json:"heartbeatSchedule"` InstallNamespace bool `json:"installNamespace"` - ControlPlaneTracing bool `json:"controlPlaneTracing"` Configs ConfigJSONs `json:"configs"` Global *Global `json:"global"` Identity *Identity `json:"identity"` @@ -74,7 +71,10 @@ type ( ProxyInjectAnnotation string `json:"proxyInjectAnnotation"` ProxyInjectDisabled string `json:"proxyInjectDisabled"` LinkerdNamespaceLabel string `json:"linkerdNamespaceLabel"` + ProxyContainerName string `json:"proxyContainerName"` HighAvailability bool `json:"highAvailability"` + NoInitContainer bool `json:"noInitContainer"` + ControlPlaneTracing bool `json:"controlPlaneTracing"` IdentityTrustAnchorsPEM string `json:"identityTrustAnchorsPEM"` IdentityTrustDomain string `json:"identityTrustDomain"` @@ -223,7 +223,7 @@ func NewValues(ha bool) (*Values, error) { v.Global.CliVersion = k8s.CreatedByAnnotationValue() v.ProfileValidator = &ProfileValidator{TLS: &TLS{}} v.ProxyInjector = &ProxyInjector{TLS: &TLS{}} - v.ProxyContainerName = k8s.ProxyContainerName + v.Global.ProxyContainerName = k8s.ProxyContainerName v.Tap = &Tap{TLS: &TLS{}} return v, nil diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index afe41b506..c3368be5c 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -23,11 +23,9 @@ func TestNewValues(t *testing.T) { ControllerReplicas: 1, ControllerLogLevel: "info", PrometheusLogLevel: "info", - ProxyContainerName: "linkerd-proxy", ControllerUID: 2103, EnableH2Upgrade: true, EnablePodAntiAffinity: false, - NoInitContainer: false, WebhookFailurePolicy: "Ignore", OmitWebhookSideEffects: false, RestrictDashboardPrivileges: false, @@ -45,6 +43,9 @@ func TestNewValues(t *testing.T) { ProxyInjectAnnotation: "linkerd.io/inject", ProxyInjectDisabled: "disabled", LinkerdNamespaceLabel: "linkerd.io/is-control-plane", + ProxyContainerName: "linkerd-proxy", + NoInitContainer: false, + ControlPlaneTracing: false, HighAvailability: false, IdentityTrustDomain: "cluster.local", Proxy: &Proxy{ @@ -116,8 +117,6 @@ func TestNewValues(t *testing.T) { ProxyInjector: &ProxyInjector{TLS: &TLS{}}, ProfileValidator: &ProfileValidator{TLS: &TLS{}}, Tap: &Tap{TLS: &TLS{}}, - - ControlPlaneTracing: false, } // pin the versions to ensure consistent test result.