linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

viz: move some components into linkerd-viz (#5340) 

* viz: move some components into linkerd-viz

This branch moves the grafana,prometheus,web, tap components
into a new viz chart, following the same extension model that
multi-cluster and jaeger follow.

The components in viz are not injected during install time, and
will go through the injector. The `viz install` does not have any
cli flags to customize the install directly but instead follow the Helm
way of customization by using flags such as 
`set`, `set-string`, `values`, `set-files`.

**Changes Include**
- Move `grafana`, `prometheus`, `web`, `tap` templates into viz extension.
- Remove all add-on related charts, logic and tests w.r.t CLI & Helm.
- Clean up `linkerd2/values.go` & `linkerd2/values.yaml` to not contain
 fields related to viz components.
- Update `linkerd check` Healthchecks to not check for viz components.
- Create a new top level `viz` directory with CLI logic and Helm charts.
- Clean fields in the `viz/Values.yaml` to be in the `<component>.<property>`
model. Ex: `prometheus.resources`, `dashboard.image.tag`, etc so that it is
consistent everywhere.

**Testing**

```bash
# Install the Core Linkerd Installation
./bin/linkerd install | k apply -f -

# Wait for the proxy-injector to be ready
# Install the Viz Extension
./bin/linkerd cli viz install | k apply -f -

# Customized Install
./bin/linkerd cli viz install --set prometheus.enabled=false | k apply -f -
```

What is not included in this PR:
- Move of Controller from core install into the viz extension.
- Simplification and refactoring of the core chart i.e removing `.global`, etc.

Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
This commit is contained in:
Tarun Pothulapati 2020-12-23 20:17:31 +05:30 committed by GitHub
parent 84a9fc9b53
commit 2087c95dd8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
144 changed files with 2018 additions and 35553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/_test-helpers.sh
View File

@ -389,8 +389,9 @@ run_helm-upgrade_test() {
fi
setup_helm
helm_viz_chart="$( cd "$bindir"/.. && pwd )"/viz/charts/linkerd-viz
run_test "$test_directory/install_test.go" --helm-path="$helm_path" --helm-chart="$helm_chart" \
--helm-stable-chart='linkerd/linkerd2' --helm-release="$helm_release_name" --upgrade-helm-from-version="$stable_version"
--viz-helm-chart="$helm_viz_chart" --helm-stable-chart='linkerd/linkerd2' --helm-release="$helm_release_name" --upgrade-helm-from-version="$stable_version"
helm_cleanup
}
@ -440,9 +441,10 @@ run_helm-deep_test() {
local tests=()
setup_helm
helm_multicluster_chart="$( cd "$bindir"/.. && pwd )"/multicluster/charts/linkerd2-multicluster
helm_viz_chart="$( cd "$bindir"/.. && pwd )"/viz/charts/linkerd-viz
run_test "$test_directory/install_test.go" --helm-path="$helm_path" --helm-chart="$helm_chart" \
--helm-release="$helm_release_name" --multicluster-helm-chart="$helm_multicluster_chart" \
--multicluster-helm-release="$helm_multicluster_release_name"
--viz-helm-chart="$helm_viz_chart" --multicluster-helm-release="$helm_multicluster_release_name"
while IFS= read -r line; do tests+=("$line"); done <<< "$(go list "$test_directory"/.../...)"
for test in "${tests[@]}"; do
run_test "$test"

2
bin/build-cli-bin
View File

@ -21,6 +21,8 @@ rootdir=$( cd "$bindir"/.. && pwd )
GO111MODULE=on go generate -mod=readonly ./pkg/charts/static
GO111MODULE=on go generate -mod=readonly ./jaeger/static
GO111MODULE=on go generate -mod=readonly ./multicluster/static
GO111MODULE=on go generate -mod=readonly ./viz/static
root_tag=$("$bindir"/root-tag)
GO111MODULE=on CGO_ENABLED=0 go build -o "$target" -tags prod -mod=readonly -ldflags "-s -w -X github.com/linkerd/linkerd2/pkg/version.Version=$root_tag" ./cli
echo "$target"

5
bin/helm-build
View File

@ -7,6 +7,7 @@ setValues() {
sed -i "s/$1/$2/" charts/linkerd2-cni/values.yaml
sed -i "s/$1/$2/" multicluster/charts/linkerd2-multicluster/values.yaml
sed -i "s/$1/$2/" jaeger/charts/jaeger/values.yaml
sed -i "s/$1/$2/" viz/charts/linkerd-viz/values.yaml
}
showErr() {
@ -31,6 +32,8 @@ rootdir=$( cd "$bindir"/.. && pwd )
"$bindir"/helm lint "$rootdir"/charts/linkerd2-cni
"$bindir"/helm dep up "$rootdir"/jaeger/charts/jaeger
"$bindir"/helm lint "$rootdir"/jaeger/charts/jaeger
"$bindir"/helm dep up "$rootdir"/viz/charts/linkerd-viz
"$bindir"/helm lint "$rootdir"/viz/charts/linkerd-viz
# `bin/helm-build package` assumes the presence of "$rootdir"/target/helm/index-pre.yaml which is downloaded in the chart_deploy CI job
if [ "$1" = package ]; then
@ -55,6 +58,8 @@ if [ "$1" = package ]; then
"$bindir"/helm --version "$version" --app-version "$tag" -d "$rootdir"/target/helm package "$rootdir"/charts/linkerd2-cni
"$bindir"/helm --version "$version" --app-version "$tag" -d "$rootdir"/target/helm package "$rootdir"/multicluster/charts/linkerd2-multicluster
"$bindir"/helm --version "$version" --app-version "$tag" -d "$rootdir"/target/helm package "$rootdir"/jaeger/charts/jaeger
"$bindir"/helm --version "$version" --app-version "$tag" -d "$rootdir"/target/helm package "$rootdir"/viz/charts/linkerd-viz
mv "$rootdir"/target/helm/index-pre.yaml "$rootdir"/target/helm/index-pre-"$version".yaml
"$bindir"/helm repo index --url "https://helm.linkerd.io/$repo/" --merge "$rootdir"/target/helm/index-pre-"$version".yaml "$rootdir"/target/helm

9
charts/add-ons/grafana/Chart.yaml
View File

@ -1,9 +0,0 @@
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for the grafana add-on in Linkerd
name: grafana
version: 0.1.0
maintainers:
- name: Linkerd authors
email: cncf-linkerd-dev@lists.cncf.io
url: https://linkerd.io/

28
charts/add-ons/grafana/README.md
View File

@ -1,28 +0,0 @@
# grafana
A Helm chart for the grafana add-on in Linkerd
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| file://../../partials | partials | 0.1.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| image.name | string | `"ghcr.io/linkerd/grafana"` | Docker image name for the grafana instance |
| image.tag | string | `nil` | Docker image tag for the grafana instance |
| proxy.resources | string | `nil` | Structure analog to the resources fields above, but overriding the resources of the linkerd proxy injected into the grafana pod. |
| resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the grafana container can use |
| resources.cpu.request | string | `nil` | Amount of CPU units that the grafana container requests |
| resources.memory.limit | string | `nil` | Maximum amount of memory that grafana container can use |
| resources.memory.request | string | `nil` | Amount of memory that the grafana container requests |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/add-ons/grafana/README.md.gotmpl
View File

@ -1,14 +0,0 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

6
charts/add-ons/grafana/requirements.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: partials
repository: file://../../partials
version: 0.1.0
digest: sha256:2202cf6f3783f79e78414e7a94b651589f322f3724ab220f0ea3bf8f31954de4
generated: "2020-05-01T17:24:16.918227568+05:30"

4
charts/add-ons/grafana/requirements.yaml
View File

@ -1,4 +0,0 @@
dependencies:
- name: partials
version: 0.1.0
repository: file://../../partials

14
charts/add-ons/grafana/templates/grafana-rbac.yaml
View File

@ -1,14 +0,0 @@
---
###
### Grafana RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-grafana
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: grafana
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}

192
charts/add-ons/grafana/templates/grafana.yaml
View File

@ -1,192 +0,0 @@
---
###
### Grafana
###
---
kind: ConfigMap
apiVersion: v1
metadata:
name: linkerd-grafana-config
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: grafana
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
data:
grafana.ini: |-
instance_name = linkerd-grafana
[server]
root_url = %(protocol)s://%(domain)s:/grafana/
[auth]
disable_login_form = true
[auth.anonymous]
enabled = true
org_role = Editor
[auth.basic]
enabled = false
[analytics]
check_for_updates = false
[panels]
disable_sanitize_html = true
datasources.yaml: |-
apiVersion: 1
datasources:
- name: prometheus
type: prometheus
access: proxy
orgId: 1
{{- if .Values.global.prometheusUrl }}
url: {{.Values.global.prometheusUrl}}
{{- else }}
url: http://linkerd-prometheus.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:9090
{{- end }}
isDefault: true
jsonData:
timeInterval: "5s"
version: 1
editable: true
dashboards.yaml: |-
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: true
editable: true
options:
path: /var/lib/grafana/dashboards
homeDashboardId: linkerd-top-line
---
kind: Service
apiVersion: v1
metadata:
name: linkerd-grafana
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: grafana
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
spec:
type: ClusterIP
selector:
{{.Values.global.controllerComponentLabel}}: grafana
ports:
- name: http
port: 3000
targetPort: 3000
---
{{- $tree := deepCopy . }}
{{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}}
{{ $_ := set $tree.Values.global.proxy "component" "linkerd-grafana" -}}
{{ include "linkerd.proxy.validation" .Values.global.proxy -}}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
labels:
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
{{.Values.global.controllerComponentLabel}}: grafana
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
name: linkerd-grafana
namespace: {{.Values.global.namespace}}
spec:
replicas: 1
selector:
matchLabels:
{{.Values.global.controllerComponentLabel}}: grafana
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 6}}
template:
metadata:
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
{{- include "partials.proxy.annotations" .Values.global.proxy| nindent 8 }}
{{- with .Values.global.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
labels:
{{.Values.global.controllerComponentLabel}}: grafana
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{.Values.global.workloadNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 8 }}
{{- with .Values.global.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
spec:
{{- if .Values.tolerations -}}
{{- include "linkerd.tolerations" . | nindent 6 }}
{{- end -}}
{{- include "linkerd.node-selector" . | nindent 6 }}
containers:
- env:
- name: GF_PATHS_DATA
value: /data
# Force using the go-based DNS resolver instead of the OS' to avoid failures in some environments
# see https://github.com/grafana/grafana/issues/20096
- name: GODEBUG
value: netdns=go
image: {{.Values.image.name}}:{{ default (default .Values.global.linkerdVersion .Values.global.controllerImageVersion) .Values.image.tag}}
imagePullPolicy: {{.Values.global.imagePullPolicy}}
livenessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 30
name: grafana
ports:
- containerPort: 3000
name: http
readinessProbe:
httpGet:
path: /api/health
port: 3000
{{- if .Values.resources -}}
{{- include "partials.resources" .Values.resources | nindent 8 }}
{{- end }}
securityContext:
runAsUser: 472
volumeMounts:
- mountPath: /data
name: data
- mountPath: /etc/grafana
name: grafana-config
readOnly: true
{{- if not (empty .Values.proxy) }}
{{- if not (empty .Values.proxy.resources) }}
{{- $r := merge .Values.proxy.resources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- end }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
serviceAccountName: linkerd-grafana
volumes:
- emptyDir: {}
name: data
- configMap:
items:
- key: grafana.ini
path: grafana.ini
- key: datasources.yaml
path: provisioning/datasources/datasources.yaml
- key: dashboards.yaml
path: provisioning/dashboards/dashboards.yaml
name: linkerd-grafana-config
name: grafana-config
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
- {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}

21
charts/add-ons/grafana/values.yaml
View File

@ -1,21 +0,0 @@
image:
# -- Docker image name for the grafana instance
name: ghcr.io/linkerd/grafana
# -- Docker image tag for the grafana instance
tag:
resources:
cpu:
# -- Maximum amount of CPU units that the grafana container can use
limit:
# -- Amount of CPU units that the grafana container requests
request:
memory:
# -- Maximum amount of memory that grafana container can use
limit:
# -- Amount of memory that the grafana container requests
request:
proxy:
# -- Structure analog to the resources fields above, but overriding the
# resources of the linkerd proxy injected into the grafana pod.
resources:

22
charts/add-ons/prometheus/.helmignore
View File

@ -1,22 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

9
charts/add-ons/prometheus/Chart.yaml
View File

@ -1,9 +0,0 @@
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for the prometheus add-on in Linkerd
name: prometheus
version: 0.1.0
maintainers:
- name: Linkerd authors
email: cncf-linkerd-dev@lists.cncf.io
url: https://linkerd.io/

35
charts/add-ons/prometheus/README.md
View File

@ -1,35 +0,0 @@
# prometheus
A Helm chart for the prometheus add-on in Linkerd
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| file://../../partials | partials | 0.1.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alertManagers | string | `nil` | Alertmanager instances the Prometheus server sends alerts to configured via the static_configs parameter. |
| alertRelabelConfigs | string | `nil` | Alert relabeling is applied to alerts before they are sent to the Alertmanager. |
| args | object | `{"config.file":"/etc/prometheus/prometheus.yml","log.level":"info","storage.tsdb.path":"/data","storage.tsdb.retention.time":"6h"}` | Command line options for Prometheus binary |
| globalConfig | object | `{"evaluation_interval":"10s","scrape_interval":"10s","scrape_timeout":"10s"}` | The global configuration specifies parameters that are valid in all other configuration contexts. |
| image | string | `"prom/prometheus:v2.19.3"` | Docker image for the prometheus instance |
| proxy.resources | string | `nil` | CPU and Memory resources required by proxy injected into prometheus pod (see global.proxy.resources for sub-fields) |
| remoteWrite | string | `nil` | Allows transparently sending samples to an endpoint. Mostly used for long term storage. |
| resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the prometheus container can use |
| resources.cpu.request | string | `nil` | Amount of CPU units that the prometheus container requests |
| resources.memory.limit | string | `nil` | Maximum amount of memory that prometheus container can use |
| resources.memory.request | string | `nil` | Amount of memory that the prometheus container requests |
| ruleConfigMapMounts | string | `nil` | Alerting/recording rule ConfigMap mounts (sub-path names must end in ´_rules.yml´ or ´_rules.yaml´) |
| scrapeConfigs | string | `nil` | A scrapeConfigs section specifies a set of targets and parameters describing how to scrape them. |
| sideCarContainers | string | `nil` | A sidecarContainers section specifies a list of secondary containers to run in the prometheus pod e.g. to export data to non-prometheus systems |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/add-ons/prometheus/README.md.gotmpl
View File

@ -1,14 +0,0 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

4
charts/add-ons/prometheus/requirements.yaml
View File

@ -1,4 +0,0 @@
dependencies:
- name: partials
version: 0.1.0
repository: file://../../partials

42
charts/add-ons/prometheus/templates/prometheus-rbac.yaml
View File

@ -1,42 +0,0 @@
---
###
### Prometheus RBAC
###
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-{{.Values.global.namespace}}-prometheus
labels:
{{.Values.global.controllerComponentLabel}}: prometheus
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
rules:
- apiGroups: [""]
resources: ["nodes", "nodes/proxy", "pods"]
verbs: ["get", "list", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-{{.Values.global.namespace}}-prometheus
labels:
{{.Values.global.controllerComponentLabel}}: prometheus
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: linkerd-{{.Values.global.namespace}}-prometheus
subjects:
- kind: ServiceAccount
name: linkerd-prometheus
namespace: {{.Values.global.namespace}}
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-prometheus
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: prometheus
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}

123
charts/add-ons/prometheus/values.yaml
View File

@ -1,123 +0,0 @@
# This add-on's default property values are declared in `charts/add-ons/prometheus/values.yaml`.
# If installing/upgrading with Helm, you can override them through the usual `--set` or `-f` flags
# when installing with the parent linkerd2 chart
# Do not override them in this file!
# If installing/upgrading with linkerd's CLI, use the `--config` flag.
# -- Docker image for the prometheus instance
image: prom/prometheus:v2.19.3
# -- Command line options for Prometheus binary
args:
storage.tsdb.path: /data
storage.tsdb.retention.time: 6h
config.file: /etc/prometheus/prometheus.yml
log.level: info
# -- The global configuration specifies parameters that are valid in all other
# configuration contexts.
globalConfig:
scrape_interval: 10s
scrape_timeout: 10s
evaluation_interval: 10s
# -- Alert relabeling is applied to alerts before they are sent to the
# Alertmanager.
alertRelabelConfigs:
# Ex:
# - action: labeldrop
# regex: prometheus_replica
# -- Alertmanager instances the Prometheus server sends alerts to configured via
# the static_configs parameter.
alertManagers:
# Ex:
# - scheme: http
# static_configs:
# - targets:
# - "alertmanager.linkerd.svc:9093"
# -- Allows transparently sending samples to an endpoint. Mostly used for long
# term storage.
remoteWrite:
# -- Alerting/recording rule ConfigMap mounts (sub-path names must end in
# ´_rules.yml´ or ´_rules.yaml´)
ruleConfigMapMounts:
# Ex:
# - name: alerting-rules
# subPath: alerting_rules.yml
# configMap: linkerd-prometheus-rules
# - name: recording-rules
# subPath: recording_rules.yml
# configMap: linkerd-prometheus-rules
# -- A scrapeConfigs section specifies a set of targets and parameters
# describing how to scrape them.
scrapeConfigs:
# Ex:
# - job_name: 'kubernetes-nodes'
# scheme: https
# tls_config:
# ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
# bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
# kubernetes_sd_configs:
# - role: node
# relabel_configs:
# - action: labelmap
# regex: __meta_kubernetes_node_label_(.+)
# -- A sidecarContainers section specifies a list of secondary containers to run
# in the prometheus pod e.g. to export data to non-prometheus systems
sideCarContainers:
# Ex:
# - name: sidecar
# image: gcr.io/myproject/stackdriver-prometheus-sidecar
# imagePullPolicy: Always
# command:
# - /bin/sh
# - -c
# - |
# exec /bin/stackdriver-prometheus-sidecar \
# --stackdriver.project-id=myproject \
# --stackdriver.kubernetes.location=us-central1 \
# --stackdriver.kubernetes.cluster-name=mycluster \
# --prometheus.wal-directory=/data/wal \
# --log.level=info
# volumeMounts:
# - mountPath: /data
# name: data
# ports:
# - name: foo
# containerPort: 9091
# protocol: TCP
proxy:
# -- CPU and Memory resources required by proxy injected into prometheus pod
# (see global.proxy.resources for sub-fields)
resources:
### WARNING: persistence is experimental and has not been tested/vetted by the Linkerd team.
### As such, please refer to https://linkerd.io/2/tasks/exporting-metrics/ for the recommended approach to metrics data retention.
# if enabled, creates a persistent volume claim for prometheus data
# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims
#persistence:
# -- Storage class used to create prometheus data PV.
# storageClass:
# -- PVC access mode.
# accessMode:
# -- Prometheus data volume size.
# size:
resources:
cpu:
# -- Maximum amount of CPU units that the prometheus container can use
limit:
# -- Amount of CPU units that the prometheus container requests
request:
memory:
# -- Maximum amount of memory that prometheus container can use
limit:
# -- Amount of memory that the prometheus container requests
request:

11
charts/linkerd2/README.md
View File

@ -118,8 +118,6 @@ Kubernetes: `>=1.13.0-0`
| Repository | Name | Version |
|------------|------|---------|
| file://../add-ons/grafana | grafana | 0.1.0 |
| file://../add-ons/prometheus | prometheus | 0.1.0 |
| file://../partials | partials | 0.1.0 |
## Values
@ -129,13 +127,11 @@ Kubernetes: `>=1.13.0-0`
| controllerImage | string | `"ghcr.io/linkerd/controller"` | Docker image for the controller, tap and identity components |
| controllerReplicas | int | `1` | Number of replicas for each control plane pod |
| controllerUID | int | `2103` | User ID for the control plane components |
| dashboard.replicas | int | `1` | Number of replicas of dashboard |
| debugContainer.image.name | string | `"ghcr.io/linkerd/debug"` | Docker image for the debug container |
| debugContainer.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the debug container Docker image |
| debugContainer.image.version | string | `"linkerdVersionValue"` | Tag for the debug container Docker image |
| disableHeartBeat | bool | `false` | Set to true to not start the heartbeat cronjob |
| enableH2Upgrade | bool | `true` | Allow proxies to perform transparent HTTP/2 upgrading |
| enforcedHostRegexp | string | `""` | Host header validation regex for the dashboard. See the [Linkerd documentation](https://linkerd.io/2/tasks/exposing-dashboard) for more information |
| global.clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use |
| global.clusterNetworks | string | `"10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"` | The cluster networks for which service discovery is performed. This should include the pod network but need not include the node network. By default, all private networks are specified so that resolution works in typical Kubernetes environments. |
| global.cniEnabled | bool | `false` | enabling this omits the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed |
@ -192,7 +188,6 @@ Kubernetes: `>=1.13.0-0`
| global.proxyInjectAnnotation | string | `"linkerd.io/inject"` | Annotation label to signal injection. Do not edit. |
| global.proxyInjectDisabled | string | `"disabled"` | Annotation value to disable injection. Do not edit. |
| global.workloadNamespaceLabel | string | `"linkerd.io/workload-ns"` | |
| grafana.enabled | bool | `true` | |
| heartbeatSchedule | string | `"0 0 * * *"` | Config for the heartbeat cronjob |
| identity.issuer.clockSkewAllowance | string | `"20s"` | Amount of time to allow for clock skew within a Linkerd cluster |
| identity.issuer.crtExpiry | string | `nil` | Expiration timestamp for the issuer certificate. It must be provided during install. Must match the expiry date in crtPEM |
@ -210,17 +205,11 @@ Kubernetes: `>=1.13.0-0`
| profileValidator.externalSecret | bool | `false` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `profileValidator.caBundle` must be set (see below). |
| profileValidator.keyPEM | string | `""` | Certificate key for the service profile validator. If not provided then Helm will generate one. |
| profileValidator.namespaceSelector | object | `{"matchExpressions":[{"key":"config.linkerd.io/admission-webhooks","operator":"NotIn","values":["disabled"]}]}` | Namespace selector used by admission webhook |
| prometheus.enabled | bool | `true` | |
| proxyInjector.caBundle | string | `""` | Bundle of CA certificates for proxy injector. If not provided then Helm will use the certificate generated for `proxyInjector.crtPEM`. If `proxyInjector.externalSecret` is set to true, this value must be set, as no certificate will be generated. |
| proxyInjector.crtPEM | string | `""` | Certificate for the proxy injector. If not provided then Helm will generate one. |
| proxyInjector.externalSecret | bool | `false` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `proxyInjector.caBundle` must be set (see below) |
| proxyInjector.keyPEM | string | `""` | Certificate key for the proxy injector. If not provided then Helm will generate one. |
| proxyInjector.namespaceSelector | object | `{"matchExpressions":[{"key":"config.linkerd.io/admission-webhooks","operator":"NotIn","values":["disabled"]}]}` | Namespace selector used by admission webhook. If not set defaults to all namespaces without the annotation config.linkerd.io/admission-webhooks=disabled |
| tap.caBundle | string | `""` | Bundle of CA certificates for Tap component. If not provided then Helm will use the certificate generated for `tap.crtPEM`. If `tap.externalSecret` is set to true, this value must be set, as no certificate will be generated. |
| tap.crtPEM | string | `""` | Certificate for the Tap component. If not provided then Helm will generate one. |
| tap.externalSecret | bool | `false` | Do not create a secret resource for the Tap component. If this is set to `true`, the value `tap.caBundle` must be set (see below). |
| tap.keyPEM | string | `""` | Certificate key for Tap component. If not provided then Helm will generate one. |
| webImage | string | `"ghcr.io/linkerd/web"` | |
| webhookFailurePolicy | string | `"Ignore"` | Failure policy for the proxy injector |
----------------------------------------------

10
charts/linkerd2/requirements.lock
View File

@ -2,11 +2,5 @@ dependencies:
- name: partials
repository: file://../partials
version: 0.1.0
- name: prometheus
repository: file://../add-ons/prometheus
version: 0.1.0
- name: grafana
repository: file://../add-ons/grafana
version: 0.1.0
digest: sha256:2bbca4bf61028194ae6ee86763f21fa2488c9d141e3529bae642fa72b45fb34c
generated: "2020-12-18T23:27:44.921336524Z"
digest: sha256:8e42f9c9d4a2dc883f17f94d6044c97518ced19ad0922f47b8760e47135369ba
generated: "2020-12-21T17:47:25.811707816Z"

8
charts/linkerd2/requirements.yaml
View File

@ -2,11 +2,3 @@ dependencies:
- name: partials
version: 0.1.0
repository: file://../partials
- name: prometheus
version: 0.1.0
repository: file://../add-ons/prometheus
condition: prometheus.enabled
- name: grafana
version: 0.1.0
repository: file://../add-ons/grafana
condition: grafana.enabled

3
charts/linkerd2/templates/config.yaml
View File

@ -25,9 +25,6 @@ data:
{{- if kindIs "map" $values.proxyInjector -}}
{{- $_ := unset $values.proxyInjector "keyPEM"}}
{{- end -}}
{{- if kindIs "map" $values.tap -}}
{{- $_ := unset $values.tap "keyPEM"}}
{{- end -}}
{{- $_ := unset $values "partials"}}
{{- $_ := unset $values "configs"}}
{{- $_ := unset $values "stage"}}

2
charts/linkerd2/templates/controller-rbac.yaml
View File

@ -51,4 +51,4 @@ metadata:
labels:
{{.Values.global.controllerComponentLabel}}: controller
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}
{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}

4
charts/linkerd2/templates/controller.yaml
View File

@ -81,8 +81,8 @@ spec:
- -cluster-domain={{.Values.global.clusterDomain}}
{{- if .Values.global.prometheusUrl }}
- -prometheus-url={{.Values.global.prometheusUrl}}
{{- else if .Values.prometheus.enabled }}
- -prometheus-url=http://linkerd-prometheus.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:9090
{{- else }}
- -prometheus-url=http://linkerd-prometheus.linkerd-viz.svc.{{.Values.global.clusterDomain}}:9090
{{- end }}
{{- include "partials.linkerd.trace" . | nindent 8 -}}
image: {{.Values.controllerImage}}:{{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}

2
charts/linkerd2/templates/destination-rbac.yaml
View File

@ -56,4 +56,4 @@ metadata:
labels:
{{.Values.global.controllerComponentLabel}}: destination
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}
{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}

2
charts/linkerd2/templates/heartbeat-rbac.yaml
View File

@ -41,5 +41,5 @@ metadata:
labels:
{{.Values.global.controllerComponentLabel}}: heartbeat
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}
{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}
{{- end }}

4
charts/linkerd2/templates/heartbeat.yaml
View File

@ -48,8 +48,8 @@ spec:
- "-log-level={{.Values.global.controllerLogLevel}}"
{{- if .Values.global.prometheusUrl }}
- "-prometheus-url={{.Values.global.prometheusUrl}}"
{{- else if .Values.prometheus.enabled }}
- "-prometheus-url=http://linkerd-prometheus.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:9090"
{{- else }}
- "-prometheus-url=http://linkerd-prometheus.linkerd-viz.svc.{{.Values.global.clusterDomain}}:9090"
{{- end }}
{{- if .Values.heartbeatResources -}}
{{- include "partials.resources" .Values.heartbeatResources | nindent 12 }}

2
charts/linkerd2/templates/identity-rbac.yaml
View File

@ -46,5 +46,5 @@ metadata:
labels:
{{.Values.global.controllerComponentLabel}}: identity
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}
{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}
{{ end -}}

2
charts/linkerd2/templates/proxy-injector-rbac.yaml
View File

@ -52,7 +52,7 @@ metadata:
labels:
{{.Values.global.controllerComponentLabel}}: proxy-injector
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}
{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}
---
{{- $host := printf "linkerd-proxy-injector.%s.svc" .Values.global.namespace }}
{{- $ca := genSelfSignedCert $host (list) (list $host) 365 }}

16
charts/linkerd2/templates/psp.yaml
View File

@ -90,11 +90,6 @@ subjects:
- kind: ServiceAccount
name: linkerd-destination
namespace: {{.Values.global.namespace}}
{{ if .Values.grafana.enabled -}}
- kind: ServiceAccount
name: linkerd-grafana
namespace: {{.Values.global.namespace}}
{{ end -}}
{{ if not .Values.disableHeartBeat -}}
- kind: ServiceAccount
name: linkerd-heartbeat
@ -103,20 +98,9 @@ subjects:
- kind: ServiceAccount
name: linkerd-identity
namespace: {{.Values.global.namespace}}
{{ if .Values.prometheus.enabled -}}
- kind: ServiceAccount
name: linkerd-prometheus
namespace: {{.Values.global.namespace}}
{{ end -}}
- kind: ServiceAccount
name: linkerd-proxy-injector
namespace: {{.Values.global.namespace}}
- kind: ServiceAccount
name: linkerd-sp-validator
namespace: {{.Values.global.namespace}}
- kind: ServiceAccount
name: linkerd-tap
namespace: {{.Values.global.namespace}}
- kind: ServiceAccount
name: linkerd-web
namespace: {{.Values.global.namespace}}

2
charts/linkerd2/templates/sp-validator-rbac.yaml
View File

@ -40,7 +40,7 @@ metadata:
labels:
{{.Values.global.controllerComponentLabel}}: sp-validator
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}
{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}
---
{{- $host := printf "linkerd-sp-validator.%s.svc" .Values.global.namespace }}
{{- $ca := genSelfSignedCert $host (list) (list $host) 365 }}

135
charts/linkerd2/templates/tap.yaml
View File

@ -1,135 +0,0 @@
---
###
### Tap
###
---
kind: Service
apiVersion: v1
metadata:
name: linkerd-tap
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: tap
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
spec:
type: ClusterIP
selector:
{{.Values.global.controllerComponentLabel}}: tap
ports:
- name: grpc
port: 8088
targetPort: 8088
- name: apiserver
port: 443
targetPort: apiserver
---
{{- $tree := deepCopy . }}
{{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}}
{{ $_ := set $tree.Values.global.proxy "component" "linkerd-tap" -}}
{{ include "linkerd.proxy.validation" .Values.global.proxy -}}
kind: Deployment
apiVersion: apps/v1
metadata:
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
labels:
app.kubernetes.io/name: tap
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
{{.Values.global.controllerComponentLabel}}: tap
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
name: linkerd-tap
namespace: {{.Values.global.namespace}}
spec:
replicas: {{.Values.controllerReplicas}}
selector:
matchLabels:
{{.Values.global.controllerComponentLabel}}: tap
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 6}}
{{- if .Values.enablePodAntiAffinity }}
strategy:
rollingUpdate:
maxUnavailable: 1
{{- end }}
template:
metadata:
annotations:
{{- if (or (empty .Values.global.cliVersion) (not (eq (.Values.stage | toString) "control-plane"))) }}
checksum/config: {{ include (print $.Template.BasePath "/tap-rbac.yaml") . | sha256sum }}
{{- end }}
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
{{- include "partials.proxy.annotations" .Values.global.proxy| nindent 8}}
{{- with .Values.global.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
labels:
{{.Values.global.controllerComponentLabel}}: tap
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{.Values.global.workloadNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 8}}
{{- with .Values.global.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
spec:
{{- if .Values.tolerations -}}
{{- include "linkerd.tolerations" . | nindent 6 }}
{{- end -}}
{{- include "linkerd.node-selector" . | nindent 6 }}
{{- if .Values.enablePodAntiAffinity -}}
{{- $local := dict "component" "tap" "label" .Values.global.controllerComponentLabel -}}
{{- include "linkerd.pod-affinity" $local | nindent 6 -}}
{{- end }}
containers:
- args:
- tap
- -controller-namespace={{.Values.global.namespace}}
- -log-level={{.Values.global.controllerLogLevel}}
- -identity-trust-domain={{.Values.global.identityTrustDomain }}
{{- include "partials.linkerd.trace" . | nindent 8 -}}
image: {{.Values.controllerImage}}:{{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
imagePullPolicy: {{.Values.global.imagePullPolicy}}
livenessProbe:
httpGet:
path: /ping
port: 9998
initialDelaySeconds: 10
name: tap
ports:
- containerPort: 8088
name: grpc
- containerPort: 8089
name: apiserver
- containerPort: 9998
name: admin-http
readinessProbe:
failureThreshold: 7
httpGet:
path: /ready
port: 9998
{{- if .Values.tapResources -}}
{{- include "partials.resources" .Values.tapResources | nindent 8 }}
{{- end }}
securityContext:
runAsUser: {{.Values.controllerUID}}
volumeMounts:
- mountPath: /var/run/linkerd/tls
name: tls
readOnly: true
{{- if not (empty .Values.tapProxyResources) }}
{{- $r := merge .Values.tapProxyResources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
serviceAccountName: linkerd-tap
volumes:
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
- {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}
- name: tls
secret:
secretName: linkerd-tap-k8s-tls

125
charts/linkerd2/templates/web.yaml
View File

@ -1,125 +0,0 @@
---
###
### Web
###
---
kind: Service
apiVersion: v1
metadata:
name: linkerd-web
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: web
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
spec:
type: ClusterIP
selector:
{{.Values.global.controllerComponentLabel}}: web
ports:
- name: http
port: 8084
targetPort: 8084
- name: admin-http
port: 9994
targetPort: 9994
---
{{- $tree := deepCopy . }}
{{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}}
{{ $_ := set $tree.Values.global.proxy "component" "linkerd-web" -}}
{{ include "linkerd.proxy.validation" .Values.global.proxy -}}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
labels:
app.kubernetes.io/name: web
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
{{.Values.global.controllerComponentLabel}}: web
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
name: linkerd-web
namespace: {{.Values.global.namespace}}
spec:
replicas: {{.Values.dashboard.replicas}}
selector:
matchLabels:
{{.Values.global.controllerComponentLabel}}: web
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 6}}
template:
metadata:
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
{{- include "partials.proxy.annotations" .Values.global.proxy| nindent 8}}
{{- with .Values.global.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
labels:
{{.Values.global.controllerComponentLabel}}: web
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{.Values.global.workloadNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 8}}
{{- with .Values.global.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
spec:
{{- if .Values.tolerations -}}
{{- include "linkerd.tolerations" . | nindent 6 }}
{{- end -}}
{{- include "linkerd.node-selector" . | nindent 6 }}
containers:
- args:
- -api-addr=linkerd-controller-api.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:8085
- -cluster-domain={{.Values.global.clusterDomain}}
{{- if .Values.global.grafanaUrl }}
- -grafana-addr={{.Values.global.grafanaUrl}}
{{- else if .Values.grafana.enabled }}
- -grafana-addr=linkerd-grafana.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:3000
{{- end}}
- -controller-namespace={{.Values.global.namespace}}
- -log-level={{.Values.global.controllerLogLevel}}
{{- if .Values.enforcedHostRegexp }}
- -enforced-host={{.Values.enforcedHostRegexp}}
{{- else -}}
{{- $hostFull := replace "." "\\." (printf "linkerd-web.%s.svc.%s" .Values.global.namespace .Values.global.clusterDomain) }}
{{- $hostAbbrev := replace "." "\\." (printf "linkerd-web.%s.svc" .Values.global.namespace) }}
- -enforced-host=^(localhost|127\.0\.0\.1|{{ $hostFull }}|{{ $hostAbbrev }}|\[::1\])(:\d+)?$
{{- end}}
{{- include "partials.linkerd.trace" . | nindent 8 -}}
image: {{.Values.webImage}}:{{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
imagePullPolicy: {{.Values.global.imagePullPolicy}}
livenessProbe:
httpGet:
path: /ping
port: 9994
initialDelaySeconds: 10
name: web
ports:
- containerPort: 8084
name: http
- containerPort: 9994
name: admin-http
readinessProbe:
failureThreshold: 7
httpGet:
path: /ready
port: 9994
{{- if .Values.webResources -}}
{{- include "partials.resources" .Values.webResources | nindent 8 }}
{{- end }}
securityContext:
runAsUser: {{.Values.controllerUID}}
{{- if not (empty .Values.webProxyResources) }}
{{- $r := merge .Values.webProxyResources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
serviceAccountName: linkerd-web
volumes:
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
- {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}

24
charts/linkerd2/values-ha.yaml
View File

@ -33,36 +33,12 @@ identityResources:
limit: 250Mi
request: 10Mi
# grafana configuration
grafana:
resources:
cpu: *controller_resources_cpu
memory:
limit: 1024Mi
request: 50Mi
# heartbeat configuration
heartbeatResources: *controller_resources
# prometheus configuration
prometheus:
resources:
cpu:
limit: ""
request: 300m
memory:
limit: 8192Mi
request: 300Mi
# proxy injector configuration
proxyInjectorResources: *controller_resources
webhookFailurePolicy: Fail
# service profile validator configuration
spValidatorResources: *controller_resources
# tap configuration
tapResources: *controller_resources
# web configuration
webResources: *controller_resources

132
charts/linkerd2/values.yaml
View File

@ -165,11 +165,6 @@ global:
imagePullSecrets: []
# - name: my-private-docker-registry-login-secret
# -- Host header validation regex for the dashboard. See the [Linkerd
# documentation](https://linkerd.io/2/tasks/exposing-dashboard) for more
# information
enforcedHostRegexp: ""
# -- Allow proxies to perform transparent HTTP/2 upgrading
enableH2Upgrade: true
@ -197,12 +192,6 @@ controllerUID: 2103
# injected into destination pod (see `global.proxy.resources` for sub-fields)
#destinationProxyResources:
# web dashboard configuration
dashboard:
# -- Number of replicas of dashboard
replicas: 1
# debug configuration
debugContainer:
image:
@ -322,42 +311,6 @@ profileValidator:
#`global.proxy.resources`
#publicAPIProxyResources:
# tap configuration
tap:
# -- Do not create a secret resource for the Tap component. If this is set to
# `true`, the value `tap.caBundle` must be set (see below).
externalSecret: false
# -- Certificate for the Tap component. If not provided then Helm will
# generate one.
crtPEM: |
# -- Certificate key for Tap component. If not provided then Helm will
# generate one.
keyPEM: |
# -- Bundle of CA certificates for Tap component. If not provided then Helm
# will use the certificate generated for `tap.crtPEM`. If
# `tap.externalSecret` is set to true, this value must be set, as no
# certificate will be generated.
caBundle: |
# -|- CPU and Memory resources required by tap (see `global.proxy.resources` for
#sub-fields)
#tapResources:
# -|- CPU and Memory resources required by proxy injected into tap pod (see
#`global.proxy.resources` for sub-fields)
#tapProxyResources:
# -- Docker image for the web container
webImage: ghcr.io/linkerd/web
# -<- CPU and Memory resources required by web UI (see `global.proxy.resources`
#for sub-fields)
#webResources:
# -|- CPU and Memory resources required by proxy injected into web UI pod (see
#`global.proxy.resources` for sub-fields)
#webProxyResources:
# If the namespace is controlled by an external tool or can't be installed with Helm
# you can disable its installation. In this case:
# - The namespace created by the external tool must match the namespace value above
@ -378,88 +331,3 @@ nodeSelector:
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
# for more information
#tolerations:
# Configuration for Add-ons
# Full configuration fields https://github.com/linkerd/linkerd2/tree/master/charts/linkerd2#add-ons-configuration
grafana:
enabled: true
# image:
# name: ghcr.io/linkerd/grafana
# tag: latest
# set resource requests and limits for grafana and its linkerd proxy respectively
# see global.proxy.resources in the linkerd2 chart for details.
# resources:
# proxy:
# resources:
prometheus:
enabled: true
# image: prom/prometheus:v2.15.3
# args:
# storage.tsdb.retention.time: 6h
# log.level: debug
# globalConfig:
# scrape_interval: 10s
# scrape_timeout: 10s
# scrapeConfigs:
# - job_name: 'kubernetes-nodes'
# scheme: https
# tls_config:
# ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
# bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
# kubernetes_sd_configs:
# - role: node
# relabel_configs:
# - action: labelmap
# regex: __meta_kubernetes_node_label_(.+)
# alertManagers:
# - scheme: http
# static_configs:
# - targets:
# - "alertmanager.linkerd.svc:9093"
# alertRelabelConfigs:
# - action: labeldrop
# regex: prometheus_replica
# ruleConfigMapMounts:
# - name: alerting-rules
# subPath: alerting_rules.yml
# configMap: linkerd-prometheus-rules
# - name: recording-rules
# subPath: recording_rules.yml
# configMap: linkerd-prometheus-rules
###
### Sidecar containers allow access to the prometheus data directory,
### e.g. for exporting data to non-prometheus systems.
# sidecarContainers:
# - name: sidecar
# image: gcr.io/myproject/stackdriver-prometheus-sidecar
# imagePullPolicy: Always
# command:
# - /bin/sh
# - -c
# - |
# exec /bin/stackdriver-prometheus-sidecar \
# --stackdriver.project-id=myproject \
# --stackdriver.kubernetes.location=us-central1 \
# --stackdriver.kubernetes.cluster-name=mycluster \
# --prometheus.wal-directory=/data/wal \
# --log.level=info
# volumeMounts:
# - mountPath: /data
# name: data
# ports:
# - name: foo
# containerPort: 9091
# protocol: TCP
### WARNING: persistence is experimental and has not been tested/vetted by the Linkerd team.
### As such, please refer to https://linkerd.io/2/tasks/exporting-metrics/ for the recommended approach to metrics data retention.
# if enabled, creates a persistent volume claim for prometheus data
# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims
# persistence:
# storageClass: ""
# accessMode: ReadWriteOnce
# size: 8Gi
# resources:
# proxy:
# resources:

2
charts/partials/templates/_proxy.tpl
View File

@ -95,7 +95,7 @@ env:
value: "true"
{{ else if not .Values.global.proxy.disableIdentity -}}
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
{{ end -}}
image: {{.Values.global.proxy.image.name}}:{{.Values.global.proxy.image.version}}
imagePullPolicy: {{.Values.global.proxy.image.pullPolicy}}

6
charts/partials/templates/_pull-secrets.tpl
View File

@ -1,6 +1,6 @@
{{- define "partials.image-pull-secrets" -}}
{{- if .Values.global.imagePullSecrets }}
{{- define "partials.image-pull-secrets"}}
{{- if . }}
imagePullSecrets:
{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
{{ toYaml . | indent 2 }}
{{- end }}
{{- end -}}

2
cli/Dockerfile-bin
View File

@ -16,6 +16,7 @@ COPY cli cli
COPY charts charts
COPY jaeger jaeger
COPY multicluster multicluster
COPY viz viz
COPY controller/k8s controller/k8s
COPY controller/api controller/api
@ -28,6 +29,7 @@ RUN mkdir -p /out
RUN go generate -mod=readonly ./pkg/charts/static
RUN go generate -mod=readonly ./jaeger/static
RUN go generate -mod=readonly ./multicluster/static
RUN go generate -mod=readonly ./viz/static
# Cache builds without version info
RUN CGO_ENABLED=0 GOOS=darwin go build -o /out/linkerd-darwin -tags prod -mod=readonly -ldflags "-s -w" ./cli

1
cli/cmd/check.go
View File

@ -187,7 +187,6 @@ func configureAndRunChecks(ctx context.Context, wout io.Writer, werr io.Writer,
checks = append(checks, healthcheck.LinkerdCNIPluginChecks)
checks = append(checks, healthcheck.LinkerdHAChecks)
checks = append(checks, healthcheck.AddOnCategories...)
}
}

2
cli/cmd/dashboard.go
View File

@ -94,7 +94,7 @@ func newCmdDashboard() *cobra.Command {
portforward, err := k8s.NewPortForward(
cmd.Context(),
k8sAPI,
controlPlaneNamespace,
defaultLinkerdVizNamespace,
webDeployment,
options.host,
options.port,

55
cli/cmd/install.go
View File

@ -26,10 +26,6 @@ import (
)
const (
// addOnChartsPath is where the linkerd2 add-ons will be present
addOnChartsPath = "add-ons"
configStage = "config"
controlPlaneStage = "control-plane"
@ -64,12 +60,10 @@ var (
"templates/controller-rbac.yaml",
"templates/destination-rbac.yaml",
"templates/heartbeat-rbac.yaml",
"templates/web-rbac.yaml",
"templates/serviceprofile-crd.yaml",
"templates/trafficsplit-crd.yaml",
"templates/proxy-injector-rbac.yaml",
"templates/sp-validator-rbac.yaml",
"templates/tap-rbac.yaml",
"templates/psp.yaml",
}
@ -80,10 +74,8 @@ var (
"templates/controller.yaml",
"templates/destination.yaml",
"templates/heartbeat.yaml",
"templates/web.yaml",
"templates/proxy-injector.yaml",
"templates/sp-validator.yaml",
"templates/tap.yaml",
}
ignoreCluster bool
@ -312,42 +304,12 @@ func render(w io.Writer, values *l5dcharts.Values, stage string) error {
{Name: chartutil.ChartfileName},
}
addOns, err := l5dcharts.ParseAddOnValues(values)
if err != nil {
return err
}
// Initialize add-on sub-charts
addOnCharts := make(map[string]*charts.Chart)
for _, addOn := range addOns {
addOnCharts[addOn.Name()] = &charts.Chart{
Name: addOn.Name(),
Dir: addOnChartsPath + "/" + addOn.Name(),
Namespace: controlPlaneNamespace,
RawValues: append(addOn.Values(), rawValues...),
Files: []*loader.BufferedFile{
{
Name: chartutil.ChartfileName,
},
{
Name: chartutil.ValuesfileName,
},
},
Fs: static.Templates,
}
}
if stage == "" || stage == configStage {
for _, template := range templatesConfigStage {
files = append(files,
&loader.BufferedFile{Name: template},
)
}
// Fill add-on's sub-charts with config templates
for _, addOn := range addOns {
addOnCharts[addOn.Name()].Files = append(addOnCharts[addOn.Name()].Files, addOn.ConfigStageTemplates()...)
}
}
if stage == "" || stage == controlPlaneStage {
@ -356,12 +318,6 @@ func render(w io.Writer, values *l5dcharts.Values, stage string) error {
&loader.BufferedFile{Name: template},
)
}
// Fill add-on's sub-charts with control-plane templates
for _, addOn := range addOns {
addOnCharts[addOn.Name()].Files = append(addOnCharts[addOn.Name()].Files, addOn.ControlPlaneStageTemplates()...)
}
}
// TODO refactor to use l5dcharts.LoadChart()
@ -378,17 +334,6 @@ func render(w io.Writer, values *l5dcharts.Values, stage string) error {
return err
}
for _, addon := range addOns {
b, err := addOnCharts[addon.Name()].Render()
if err != nil {
return err
}
if _, err := buf.WriteString(b.String()); err != nil {
return err
}
}
if stage == "" || stage == controlPlaneStage {
overrides, err := renderOverrides(values, values.GetGlobal().Namespace)
if err != nil {

62
cli/cmd/install_addon_test.go
View File

@ -1,62 +0,0 @@
package cmd
import (
"bytes"
"fmt"
"io/ioutil"
"path/filepath"
"testing"
charts "github.com/linkerd/linkerd2/pkg/charts/linkerd2"
"sigs.k8s.io/yaml"
)
func TestAddOnRender(t *testing.T) {
withExistingGrafanaValues, err := testInstallOptions()
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
data, err := ioutil.ReadFile(filepath.Join("testdata", "existing-grafana-config.yaml"))
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
err = yaml.Unmarshal(data, withExistingGrafanaValues)
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
addFakeTLSSecrets(withExistingGrafanaValues)
withPrometheusAddOnOverwriteValues, err := testInstallOptions()
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
data, err = ioutil.ReadFile(filepath.Join("testdata", "prom-config.yaml"))
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
err = yaml.Unmarshal(data, withPrometheusAddOnOverwriteValues)
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
addFakeTLSSecrets(withPrometheusAddOnOverwriteValues)
testCases := []struct {
values *charts.Values
goldenFileName string
}{
{withExistingGrafanaValues, "install_grafana_existing.golden"},
{withPrometheusAddOnOverwriteValues, "install_prometheus_overwrite.golden"},
}
for i, tc := range testCases {
tc := tc // pin
t.Run(fmt.Sprintf("%d: %s", i, tc.goldenFileName), func(t *testing.T) {
var buf bytes.Buffer
if err := render(&buf, tc.values, ""); err != nil {
t.Fatalf("Failed to render templates: %v", err)
}
diffTestdata(t, tc.goldenFileName, buf.String())
})
}
}

71
cli/cmd/install_helm_test.go
View File

@ -6,12 +6,9 @@ import (
"path/filepath"
"testing"
"github.com/linkerd/linkerd2/pkg/charts"
l5dcharts "github.com/linkerd/linkerd2/pkg/charts/linkerd2"
"github.com/linkerd/linkerd2/pkg/charts/static"
"github.com/linkerd/linkerd2/pkg/k8s"
"helm.sh/helm/v3/pkg/chart"
"helm.sh/helm/v3/pkg/chart/loader"
"helm.sh/helm/v3/pkg/chartutil"
"helm.sh/helm/v3/pkg/engine"
"sigs.k8s.io/yaml"
@ -36,16 +33,6 @@ func TestRenderHelm(t *testing.T) {
testRenderHelm(t, chartControlPlane, "install_helm_output_ha.golden")
})
t.Run("Non-HA with add-ons mode", func(t *testing.T) {
ha := false
additionalConfig := `
tracing:
enabled: true
`
chartControlPlane := chartControlPlane(t, ha, additionalConfig, "111", "222")
testRenderHelm(t, chartControlPlane, "install_helm_output_addons.golden")
})
t.Run("HA mode with podLabels and podAnnotations", func(t *testing.T) {
ha := true
additionalConfig := `
@ -248,15 +235,6 @@ func chartControlPlane(t *testing.T, ha bool, additionalConfig string, ignoreOut
linkerd2Chart.AddDependency(chartPartials)
addons, err := l5dcharts.ParseAddOnValues(values)
if err != nil {
t.Fatal("Unexpected error", err)
}
for _, addon := range addons {
linkerd2Chart.AddDependency(buildAddOnChart(t, addon, chartPartials))
}
for _, filepath := range append(templatesConfigStage, templatesControlPlaneStage...) {
linkerd2Chart.Templates = append(linkerd2Chart.Templates, &chart.File{
Name: filepath,
@ -271,41 +249,6 @@ func chartControlPlane(t *testing.T, ha bool, additionalConfig string, ignoreOut
return linkerd2Chart
}
func buildAddOnChart(t *testing.T, addon l5dcharts.AddOn, chartPartials *chart.Chart) *chart.Chart {
rawValues := readValuesFile(t, filepath.Join("add-ons", addon.Name()))
var values chartutil.Values
err := yaml.Unmarshal(rawValues, &values)
if err != nil {
t.Fatal("Unexpected error", err)
}
addOnChart := chart.Chart{
Metadata: &chart.Metadata{
Name: addon.Name(),
Sources: []string{
filepath.Join("..", "..", "..", "charts", "add-ons", addon.Name()),
},
},
Values: values,
}
addOnChart.AddDependency(chartPartials)
for _, filepath := range append(addon.ConfigStageTemplates(), addon.ControlPlaneStageTemplates()...) {
addOnChart.Templates = append(addOnChart.Templates, &chart.File{
Name: filepath.Name,
})
}
for _, template := range addOnChart.Templates {
filepath := filepath.Join(addOnChart.Metadata.Sources[0], template.Name)
template.Data = []byte(readTestdata(t, filepath))
}
return &addOnChart
}
func chartPartials(t *testing.T, paths []string) *chart.Chart {
var partialTemplates []*chart.File
for _, path := range paths {
@ -346,17 +289,3 @@ func readTestValues(ha bool, ignoreOutboundPorts string, ignoreInboundPorts stri
return values, nil
}
// readValues reads values.yaml file from the given path
func readValuesFile(t *testing.T, path string) []byte {
valuesFiles := []*loader.BufferedFile{
{Name: chartutil.ValuesfileName},
}
if err := charts.FilesReader(static.Templates, path+"/", valuesFiles); err != nil {
t.Fatal("Unexpected error", err)
}
return valuesFiles[0].Data
}

40
cli/cmd/install_test.go
View File

@ -30,17 +30,15 @@ func TestRender(t *testing.T) {
// A configuration that shows that all config setting strings are honored
// by `render()`.
metaValues := &charts.Values{
ControllerImage: "ControllerImage",
WebImage: "WebImage",
ControllerUID: 2103,
EnableH2Upgrade: true,
WebhookFailurePolicy: "WebhookFailurePolicy",
OmitWebhookSideEffects: false,
RestrictDashboardPrivileges: false,
InstallNamespace: true,
Identity: defaultValues.Identity,
NodeSelector: defaultValues.NodeSelector,
Tolerations: defaultValues.Tolerations,
ControllerImage: "ControllerImage",
ControllerUID: 2103,
EnableH2Upgrade: true,
WebhookFailurePolicy: "WebhookFailurePolicy",
OmitWebhookSideEffects: false,
InstallNamespace: true,
Identity: defaultValues.Identity,
NodeSelector: defaultValues.NodeSelector,
Tolerations: defaultValues.Tolerations,
Global: &charts.Global{
Namespace: "Namespace",
ClusterDomain: "cluster.local",
@ -126,15 +124,6 @@ func TestRender(t *testing.T) {
ControllerReplicas: 1,
ProxyInjector: defaultValues.ProxyInjector,
ProfileValidator: defaultValues.ProfileValidator,
Tap: defaultValues.Tap,
Dashboard: &charts.Dashboard{
Replicas: 1,
},
Prometheus: charts.Prometheus{
"enabled": true,
"image": "PrometheusImage",
},
Grafana: defaultValues.Grafana,
}
haValues, err := testInstallOptionsHA(true)
@ -177,13 +166,6 @@ func TestRender(t *testing.T) {
withHeartBeatDisabledValues.DisableHeartBeat = true
addFakeTLSSecrets(withHeartBeatDisabledValues)
withRestrictedDashboardPrivilegesValues, err := testInstallOptions()
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
withRestrictedDashboardPrivilegesValues.RestrictDashboardPrivileges = true
addFakeTLSSecrets(withRestrictedDashboardPrivilegesValues)
withControlPlaneTracingValues, err := testInstallOptions()
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
@ -225,7 +207,6 @@ func TestRender(t *testing.T) {
{cniEnabledValues, "install_no_init_container.golden"},
{withProxyIgnoresValues, "install_proxy_ignores.golden"},
{withHeartBeatDisabledValues, "install_heartbeat_disabled_output.golden"},
{withRestrictedDashboardPrivilegesValues, "install_restricted_dashboard.golden"},
{withControlPlaneTracingValues, "install_controlplane_tracing_output.golden"},
{withCustomRegistryValues, "install_custom_registry.golden"},
{withCustomDestinationGetNetsValues, "install_default_override_dst_get_nets.golden"},
@ -556,7 +537,4 @@ func addFakeTLSSecrets(values *charts.Values) {
values.ProfileValidator.CrtPEM = "profile validator crt"
values.ProfileValidator.KeyPEM = "profile validator key"
values.ProfileValidator.CaBundle = "profile validator CA bundle"
values.Tap.CrtPEM = "tap crt"
values.Tap.KeyPEM = "tap key"
values.Tap.CaBundle = "tap CA bundle"
}

8
cli/cmd/options.go
View File

@ -229,13 +229,6 @@ func makeAllStageFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet)
return nil
}),
flag.NewBoolFlag(allStageFlags, "restrict-dashboard-privileges", defaults.RestrictDashboardPrivileges,
"Restrict the Linkerd Dashboard's default privileges to disallow Tap and Check",
func(values *l5dcharts.Values, value bool) error {
values.RestrictDashboardPrivileges = value
return nil
}),
flag.NewStringFlag(allStageFlags, "config", "",
"A path to a yaml configuration file. The fields in this file will override the values used to install or upgrade Linkerd.",
func(values *l5dcharts.Values, value string) error {
@ -324,7 +317,6 @@ func makeProxyFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet) {
flag.NewStringFlag(proxyFlags, "registry", defaultDockerRegistry, "Docker registry to pull images from",
func(values *l5dcharts.Values, value string) error {
values.WebImage = registryOverride(values.WebImage, value)
values.ControllerImage = registryOverride(values.ControllerImage, value)
values.DebugContainer.Image.Name = registryOverride(values.DebugContainer.Image.Name, value)
values.GetGlobal().Proxy.Image.Name = registryOverride(values.GetGlobal().Proxy.Image.Name, value)

11
cli/cmd/root.go
View File

@ -12,6 +12,7 @@ import (
"github.com/linkerd/linkerd2/cli/flag"
jaeger "github.com/linkerd/linkerd2/jaeger/cmd"
multicluster "github.com/linkerd/linkerd2/multicluster/cmd"
viz "github.com/linkerd/linkerd2/viz/cmd"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
@ -19,10 +20,11 @@ import (
)
const (
defaultLinkerdNamespace = "linkerd"
defaultCNINamespace = "linkerd-cni"
defaultClusterDomain = "cluster.local"
defaultDockerRegistry = "ghcr.io/linkerd"
defaultLinkerdNamespace = "linkerd"
defaultCNINamespace = "linkerd-cni"
defaultLinkerdVizNamespace = "linkerd-viz"
defaultClusterDomain = "cluster.local"
defaultDockerRegistry = "ghcr.io/linkerd"
jsonOutput = "json"
tableOutput = "table"
@ -132,6 +134,7 @@ func init() {
// Extension Sub Commands
RootCmd.AddCommand(jaeger.NewCmdJaeger())
RootCmd.AddCommand(multicluster.NewCmdMulticluster())
RootCmd.AddCommand(viz.NewCmdViz())
}
type statOptionsBase struct {

2
cli/cmd/testdata/grafana_disabled.yaml vendored
View File

@ -1,2 +0,0 @@
grafana:
enabled: false

2
cli/cmd/testdata/grafana_enabled.yaml vendored
View File

@ -1,2 +0,0 @@
grafana:
enabled: true

9
cli/cmd/testdata/grafana_enabled_resources.yaml vendored
View File

@ -1,9 +0,0 @@
grafana:
enabled: true
resources:
cpu:
limit: "1"
request: 100m
memory:
limit: 250Mi
request: 50Mi

5
cli/cmd/testdata/grafana_overwrite.yaml vendored
View File

@ -1,5 +0,0 @@
grafana:
enabled: true
image:
name: linkerd-image-overwrite
tag: image-tag-overwrite

2
cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml vendored
View File

@ -97,7 +97,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

4
cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml vendored
View File

@ -97,7 +97,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -266,7 +266,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml vendored
View File

@ -97,7 +97,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_contour.golden.yml vendored
View File

@ -126,7 +126,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

8
cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml vendored
View File

@ -108,7 +108,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -288,7 +288,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -468,7 +468,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -648,7 +648,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_deployment.golden.yml vendored
View File

@ -108,7 +108,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml vendored
View File

@ -116,7 +116,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

4
cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml vendored
View File

@ -108,7 +108,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -288,7 +288,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml vendored
View File

@ -113,7 +113,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml vendored
View File

@ -108,7 +108,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml vendored
View File

@ -109,7 +109,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml vendored
View File

@ -108,7 +108,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml vendored
View File

@ -109,7 +109,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml vendored
View File

@ -110,7 +110,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml vendored
View File

@ -110,7 +110,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

4
cli/cmd/testdata/inject_emojivoto_list.golden.yml vendored
View File

@ -110,7 +110,7 @@ items:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -284,7 +284,7 @@ items:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

4
cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml vendored
View File

@ -110,7 +110,7 @@ items:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -284,7 +284,7 @@ items:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_pod.golden.yml vendored
View File

@ -93,7 +93,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml vendored
View File

@ -95,7 +95,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml vendored
View File

@ -97,7 +97,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml vendored
View File

@ -109,7 +109,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

4
cli/cmd/testdata/inject_gettest_deployment.good.golden.yml vendored
View File

@ -110,7 +110,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:testinjectversion
imagePullPolicy: IfNotPresent
livenessProbe:
@ -292,7 +292,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:testinjectversion
imagePullPolicy: IfNotPresent
livenessProbe:

2
cli/cmd/testdata/inject_tap_deployment_debug.golden.yml vendored
View File

@ -161,7 +161,7 @@ spec:
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:

1505
cli/cmd/testdata/install_controlplane_tracing_output.golden vendored
View File

File diff suppressed because it is too large Load Diff

1503
cli/cmd/testdata/install_custom_registry.golden vendored
View File

File diff suppressed because it is too large Load Diff

1503
cli/cmd/testdata/install_default.golden vendored
View File

File diff suppressed because it is too large Load Diff

1503
cli/cmd/testdata/install_default_override_dst_get_nets.golden vendored
View File

File diff suppressed because it is too large Load Diff

1231
cli/cmd/testdata/install_grafana_existing.golden vendored
View File

File diff suppressed because it is too large Load Diff

1594
cli/cmd/testdata/install_ha_output.golden vendored
View File

File diff suppressed because it is too large Load Diff

1594
cli/cmd/testdata/install_ha_with_overrides_output.golden vendored
View File

File diff suppressed because it is too large Load Diff

1501
cli/cmd/testdata/install_heartbeat_disabled_output.golden vendored
View File

File diff suppressed because it is too large Load Diff

1838
cli/cmd/testdata/install_helm_output.golden vendored
View File

File diff suppressed because it is too large Load Diff

3766
cli/cmd/testdata/install_helm_output_addons.golden vendored
View File

File diff suppressed because it is too large Load Diff

1915
cli/cmd/testdata/install_helm_output_ha.golden vendored
View File

File diff suppressed because it is too large Load Diff

1947
cli/cmd/testdata/install_helm_output_ha_labels.golden vendored
View File

File diff suppressed because it is too large Load Diff

1915
cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden vendored
View File

File diff suppressed because it is too large Load Diff

1351
cli/cmd/testdata/install_no_init_container.golden vendored
View File

File diff suppressed because it is too large Load Diff

1512
cli/cmd/testdata/install_output.golden vendored
View File

File diff suppressed because it is too large Load Diff

1613
cli/cmd/testdata/install_prometheus_overwrite.golden vendored
View File

File diff suppressed because one or more lines are too long

1503
cli/cmd/testdata/install_proxy_ignores.golden vendored
View File

File diff suppressed because it is too large Load Diff

3415
cli/cmd/testdata/install_restricted_dashboard.golden vendored
View File

File diff suppressed because it is too large Load Diff

17
cli/cmd/upgrade.go
View File

@ -247,13 +247,6 @@ func upgrade(ctx context.Context, k *k8s.KubernetesAPI, flags []flag.Flag, stage
}
}
if addOnOverwrite {
err = clearAddonOverrides(values)
if err != nil {
return bytes.Buffer{}, err
}
}
err = flag.ApplySetFlags(values, flags)
if err != nil {
return bytes.Buffer{}, err
@ -359,13 +352,3 @@ func ensureIssuerCertWorksWithAllProxies(ctx context.Context, k *k8s.KubernetesA
}
return nil
}
func clearAddonOverrides(values *l5dcharts.Values) error {
defaults, err := l5dcharts.NewValues()
if err != nil {
return err
}
values.Grafana = defaults.Grafana
values.Prometheus = defaults.Prometheus
return nil
}

68
cli/cmd/upgrade_legacy.go
View File

@ -13,11 +13,9 @@ import (
"github.com/linkerd/linkerd2/pkg/issuercerts"
"github.com/linkerd/linkerd2/pkg/k8s"
"github.com/linkerd/linkerd2/pkg/version"
log "github.com/sirupsen/logrus"
"github.com/spf13/pflag"
corev1 "k8s.io/api/core/v1"
"k8s.io/client-go/kubernetes"
"sigs.k8s.io/yaml"
)
func loadStoredValuesLegacy(ctx context.Context, k *k8s.KubernetesAPI) (*charts.Values, error) {
@ -66,75 +64,9 @@ func loadStoredValuesLegacy(ctx context.Context, k *k8s.KubernetesAPI) (*charts.
}
}
if !addOnOverwrite {
// Update Add-Ons Configuration from the linkerd-value cm
cmRawValues, _ := k8s.GetAddOnsConfigMap(ctx, k, controlPlaneNamespace)
if cmRawValues != nil {
//Cm is present now get the data
cmData, ok := cmRawValues["values"]
if !ok {
return nil, fmt.Errorf("values subpath not found in %s configmap", k8s.AddOnsConfigMapName)
}
// repair Add-On configs
repairedCm, err := repairAddOnConfig([]byte(cmData))
if err == nil {
// Update only if there is no error
cmData = string(repairedCm)
} else {
log.Warnf("add-on config repair failed: %s", err)
}
if err = yaml.Unmarshal([]byte(cmData), &values); err != nil {
return nil, err
}
}
}
return values, nil
}
func repairAddOnConfig(rawValues []byte) ([]byte, error) {
var values map[string]interface{}
err := yaml.Unmarshal(rawValues, &values)
if err != nil {
return nil, err
}
// Grafana Depreciation Fix
// Convert into Map instead of Values, as the latter returns with empty values
if grafana, err := healthcheck.GetMap(values, "grafana"); err == nil {
image, err := healthcheck.GetMap(grafana, "image")
if err == nil {
// Remove image.name tag if only name is present and set to the older image tag
if val, err := healthcheck.GetString(image, "name"); err == nil && val == "gcr.io/linkerd-io/grafana" {
delete(image, "name")
}
// Remove image tag if its a empty map
if len(image) == 0 {
delete(grafana, "image")
}
}
// Handle removal of grafana.name field
name, err := healthcheck.GetString(grafana, "name")
if err == nil {
// If default, remove it as its no longer needed
if name == "linkerd-grafana" {
delete(grafana, "name")
}
}
}
rawValues, err = yaml.Marshal(values)
if err != nil {
return nil, err
}
return rawValues, nil
}
func setFlagsFromInstall(flags *pflag.FlagSet, installFlags []*pb.Install_Flag) {
for _, i := range installFlags {
if f := flags.Lookup(i.GetName()); f != nil && !f.Changed {

180
cli/cmd/upgrade_test.go
View File

@ -8,7 +8,6 @@ import (
"io"
"io/ioutil"
"os"
"path/filepath"
"strings"
"testing"
@ -19,7 +18,6 @@ import (
"github.com/linkerd/linkerd2/pkg/tls"
"github.com/spf13/pflag"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/yaml"
)
const (
@ -288,13 +286,7 @@ func TestUpgradeWebhookCrtsNameChange(t *testing.T) {
CrtPEM: injectorCerts.crt,
KeyPEM: injectorCerts.key,
}
tapCerts := generateCerts(t, "linkerd-tap.linkerd.svc", false)
defer tapCerts.cleanup()
installOpts.Tap.TLS = &linkerd2.TLS{
CaBundle: tapCerts.ca,
CrtPEM: tapCerts.crt,
KeyPEM: tapCerts.key,
}
validatorCerts := generateCerts(t, "linkerd-sp-validator.linkerd.svc", false)
defer validatorCerts.cleanup()
installOpts.ProfileValidator.TLS = &linkerd2.TLS{
@ -346,13 +338,7 @@ func TestUpgradeTwoLevelWebhookCrts(t *testing.T) {
CrtPEM: injectorCerts.crt,
KeyPEM: injectorCerts.key,
}
tapCerts := generateCerts(t, "linkerd-tap.linkerd.svc", false)
defer tapCerts.cleanup()
installOpts.Tap.TLS = &linkerd2.TLS{
CaBundle: tapCerts.ca,
CrtPEM: tapCerts.crt,
KeyPEM: tapCerts.key,
}
validatorCerts := generateCerts(t, "linkerd-sp-validator.linkerd.svc", false)
defer validatorCerts.cleanup()
installOpts.ProfileValidator.TLS = &linkerd2.TLS{
@ -379,168 +365,6 @@ func TestUpgradeTwoLevelWebhookCrts(t *testing.T) {
}
}
func TestUpgradeWithAddonDisabled(t *testing.T) {
installOpts, upgradeOpts, _ := testOptions(t)
installAddons, err := ioutil.ReadFile(filepath.Join("testdata", "grafana_disabled.yaml"))
if err != nil {
t.Fatal(err)
}
err = yaml.Unmarshal(installAddons, installOpts)
if err != nil {
t.Fatal(err)
}
install := renderInstall(t, installOpts)
upgrade, err := renderUpgrade(install.String(), upgradeOpts)
if err != nil {
t.Fatal(err)
}
expected := replaceVersions(install.String())
expectedManifests := parseManifestList(expected)
upgradeManifests := parseManifestList(upgrade.String())
for id, diffs := range diffManifestLists(expectedManifests, upgradeManifests) {
for _, diff := range diffs {
if ignorableDiff(id, diff) {
continue
}
t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
}
}
}
func TestUpgradeEnableAddon(t *testing.T) {
installOpts, upgradeOpts, flagSet := testOptions(t)
installAddons, err := ioutil.ReadFile(filepath.Join("testdata", "grafana_disabled.yaml"))
if err != nil {
t.Fatal(err)
}
err = yaml.Unmarshal(installAddons, installOpts)
if err != nil {
t.Fatal(err)
}
install := renderInstall(t, installOpts)
flagSet.Set("config", filepath.Join("testdata", "grafana_enabled.yaml"))
upgrade, err := renderUpgrade(install.String(), upgradeOpts)
if err != nil {
t.Fatal(err)
}
expected := replaceVersions(install.String())
expectedManifests := parseManifestList(expected)
upgradeManifests := parseManifestList(upgrade.String())
diffMap := diffManifestLists(expectedManifests, upgradeManifests)
addonManifests := []string{
"ServiceAccount/linkerd-grafana", "Deployment/linkerd-grafana", "Service/linkerd-grafana",
"ConfigMap/linkerd-grafana-config",
}
for _, id := range addonManifests {
if _, ok := diffMap[id]; ok {
delete(diffMap, id)
} else {
t.Errorf("Expected %s in upgrade output but was absent", id)
}
}
for id, diffs := range diffMap {
for _, diff := range diffs {
if ignorableDiff(id, diff) {
continue
}
if id == "RoleBinding/linkerd-psp" && pathMatch(diff.path, []string{"subjects"}) {
continue
}
if id == "Deployment/linkerd-web" && pathMatch(diff.path, []string{"spec", "template", "spec", "containers", "*", "args"}) {
continue
}
t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
}
}
}
func TestUpgradeRemoveAddonKeys(t *testing.T) {
installOpts, upgradeOpts, flagSet := testOptions(t)
installAddons, err := ioutil.ReadFile(filepath.Join("testdata", "grafana_enabled_resources.yaml"))
if err != nil {
t.Fatal(err)
}
err = yaml.Unmarshal(installAddons, installOpts)
if err != nil {
t.Fatal(err)
}
install := renderInstall(t, installOpts)
flagSet.Set("config", filepath.Join("testdata", "grafana_enabled.yaml"))
upgrade, err := renderUpgrade(install.String(), upgradeOpts)
if err != nil {
t.Fatal(err)
}
expected := replaceVersions(install.String())
expectedManifests := parseManifestList(expected)
upgradeManifests := parseManifestList(upgrade.String())
for id, diffs := range diffManifestLists(expectedManifests, upgradeManifests) {
for _, diff := range diffs {
if ignorableDiff(id, diff) {
continue
}
t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
}
}
}
func TestUpgradeOverwriteRemoveAddonKeys(t *testing.T) {
installOpts, upgradeOpts, flagSet := testOptions(t)
installAddons, err := ioutil.ReadFile(filepath.Join("testdata", "grafana_enabled_resources.yaml"))
if err != nil {
t.Fatal(err)
}
err = yaml.Unmarshal(installAddons, installOpts)
if err != nil {
t.Fatal(err)
}
install := renderInstall(t, installOpts)
flagSet.Set("config", filepath.Join("testdata", "grafana_enabled.yaml"))
flagSet.Set("addon-overwrite", "true")
upgrade, err := renderUpgrade(install.String(), upgradeOpts)
if err != nil {
t.Fatal(err)
}
expected := replaceVersions(install.String())
expectedManifests := parseManifestList(expected)
upgradeManifests := parseManifestList(upgrade.String())
diffMap := diffManifestLists(expectedManifests, upgradeManifests)
resourceDiffFound := false
for id, diffs := range diffMap {
for _, diff := range diffs {
if ignorableDiff(id, diff) {
continue
}
if id == "Deployment/linkerd-grafana" && pathMatch(diff.path, []string{"spec", "template", "spec", "containers", "*", "resources"}) {
resourceDiffFound = true
continue
}
t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
}
}
if !resourceDiffFound {
t.Error("Expected grafana resources requirements to be removed, but were not")
}
}
/* Helpers */
func testUpgradeOptions() ([]flag.Flag, *pflag.FlagSet, error) {

35
jaeger/cmd/install.go
View File

@ -2,7 +2,6 @@ package cmd
import (
"bytes"
"context"
"fmt"
"io"
"os"
@ -19,8 +18,6 @@ import (
"helm.sh/helm/v3/pkg/chartutil"
"helm.sh/helm/v3/pkg/cli/values"
"helm.sh/helm/v3/pkg/engine"
kerrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
var (
@ -48,7 +45,12 @@ func newCmdInstall() *cobra.Command {
RunE: func(cmd *cobra.Command, args []string) error {
if !skipChecks {
// Ensure there is a Linkerd installation.
exists, err := checkIfLinkerdExists(cmd.Context())
kubeAPI, err := k8s.NewAPI(kubeconfigPath, kubeContext, impersonate, impersonateGroup, 0)
if err != nil {
return err
}
exists, err := healthcheck.CheckIfLinkerdExists(cmd.Context(), kubeAPI, controlPlaneNamespace)
if err != nil {
return fmt.Errorf("could not check for Linkerd existence: %s", err)
}
@ -149,28 +151,3 @@ func render(w io.Writer, valuesOverrides map[string]interface{}) error {
_, err = w.Write(buf.Bytes())
return err
}
func checkIfLinkerdExists(ctx context.Context) (bool, error) {
kubeAPI, err := k8s.NewAPI(kubeconfigPath, kubeContext, impersonate, impersonateGroup, 0)
if err != nil {
return false, err
}
_, err = kubeAPI.CoreV1().Namespaces().Get(ctx, controlPlaneNamespace, metav1.GetOptions{})
if err != nil {
if kerrors.IsNotFound(err) {
return false, nil
}
return false, err
}
_, _, err = healthcheck.FetchCurrentConfiguration(ctx, kubeAPI, controlPlaneNamespace)
if err != nil {
if kerrors.IsNotFound(err) {
return false, nil
}
return false, err
}
return true, nil
}

43
pkg/charts/linkerd2/addons.go
View File

@ -1,43 +0,0 @@
package linkerd2
import (
"fmt"
"helm.sh/helm/v3/pkg/chart/loader"
)
// AddOn includes the general functions required by add-on, provides
// a common abstraction for install, etc
type AddOn interface {
Name() string
ConfigStageTemplates() []*loader.BufferedFile
ControlPlaneStageTemplates() []*loader.BufferedFile
Values() []byte
}
// ParseAddOnValues takes a Values struct, and returns an array of the enabled add-ons
func ParseAddOnValues(values *Values) ([]AddOn, error) {
var addOns []AddOn
if values.Grafana != nil {
if enabled, ok := values.Grafana["enabled"]; ok {
if enabled, ok := enabled.(bool); !ok {
return nil, fmt.Errorf("invalid value for 'grafana.enabled' (should be boolean): %s", values.Grafana["enabled"])
} else if enabled {
addOns = append(addOns, values.Grafana)
}
}
}
if values.Prometheus != nil {
if enabled, ok := values.Prometheus["enabled"]; ok {
if enabled, ok := enabled.(bool); !ok {
return nil, fmt.Errorf("invalid value for 'prometheus.enabled' (should be boolean): %s", values.Prometheus["enabled"])
} else if enabled {
addOns = append(addOns, values.Prometheus)
}
}
}
return addOns, nil
}

34
pkg/charts/linkerd2/addons_test.go
View File

@ -1,34 +0,0 @@
package linkerd2
import (
"reflect"
"testing"
"sigs.k8s.io/yaml"
)
func TestParseAddOnValues(t *testing.T) {
addonConfig := `
Grafana:
enabled: true
`
var addOnValues Values
err := yaml.Unmarshal([]byte(addonConfig), &addOnValues)
if err != nil {
t.Fatalf("Unexpected error: %s", err)
}
addOns, err := ParseAddOnValues(&addOnValues)
if err != nil {
t.Fatalf("Unexpected error: %s", err)
}
// Check for Grafana addOn to be present
if len(addOns) != 1 {
t.Fatalf("expected 1 add-on to be present but found %d", len(addOns))
}
if !reflect.DeepEqual(addOns[0], Grafana{"enabled": true}) {
t.Fatal("expected grafana add-on to be present")
}
}

42
pkg/charts/linkerd2/grafana.go
View File

@ -1,42 +0,0 @@
package linkerd2
import (
"helm.sh/helm/v3/pkg/chart/loader"
"sigs.k8s.io/yaml"
)
const (
// GrafanaAddOn is the name of the grafana add-on
GrafanaAddOn = "grafana"
)
// Grafana is an add-on that consists of the grafana components
type Grafana map[string]interface{}
// Name returns the name of the Grafana add-on
func (g Grafana) Name() string {
return GrafanaAddOn
}
// Values returns the configuration values that were assigned for this add-on
func (g Grafana) Values() []byte {
values, err := yaml.Marshal(g)
if err != nil {
return nil
}
return values
}
// ConfigStageTemplates returns the template files that are part of the config stage
func (g Grafana) ConfigStageTemplates() []*loader.BufferedFile {
return []*loader.BufferedFile{
{Name: "templates/grafana-rbac.yaml"},
}
}
// ControlPlaneStageTemplates returns the template files that are part of the Control Plane Stage.
func (g Grafana) ControlPlaneStageTemplates() []*loader.BufferedFile {
return []*loader.BufferedFile{
{Name: "templates/grafana.yaml"},
}
}

42
pkg/charts/linkerd2/prometheus.go
View File

@ -1,42 +0,0 @@
package linkerd2
import (
"helm.sh/helm/v3/pkg/chart/loader"
"sigs.k8s.io/yaml"
)
var (
// PrometheusAddOn is the name of the prometheus add-on
PrometheusAddOn = "prometheus"
)
// Prometheus is an add-on that installs the prometheus component
type Prometheus map[string]interface{}
// Name returns the name of the Prometheus add-on
func (p Prometheus) Name() string {
return PrometheusAddOn
}
// Values returns the configuration values that were assigned for this add-on
func (p Prometheus) Values() []byte {
values, err := yaml.Marshal(p)
if err != nil {
return nil
}
return values
}
// ConfigStageTemplates returns the template files that are part of the config stage
func (p Prometheus) ConfigStageTemplates() []*loader.BufferedFile {
return []*loader.BufferedFile{
{Name: "templates/prometheus-rbac.yaml"},
}
}
// ControlPlaneStageTemplates returns the template files that are part of the Control Plane Stage.
func (p Prometheus) ControlPlaneStageTemplates() []*loader.BufferedFile {
return []*loader.BufferedFile{
{Name: "templates/prometheus.yaml"},
}
}

43
pkg/charts/linkerd2/tracing.go
View File

@ -1,43 +0,0 @@
package linkerd2
import (
"helm.sh/helm/v3/pkg/chart/loader"
"sigs.k8s.io/yaml"
)
var (
// TracingAddOn represents the name of the tracing add-on
TracingAddOn = "tracing"
)
// Tracing is an add-on that installs the distributed tracing
// related components like OpenCensus Collector and Jaeger
type Tracing map[string]interface{}
// Name returns the name of the Tracing add-on
func (t Tracing) Name() string {
return TracingAddOn
}
// Values returns the configuration values that were assigned for this add-on
func (t Tracing) Values() []byte {
values, err := yaml.Marshal(t)
if err != nil {
return nil
}
return values
}
// ConfigStageTemplates returns the template files that are part of the config stage
func (t Tracing) ConfigStageTemplates() []*loader.BufferedFile {
return []*loader.BufferedFile{
{Name: "templates/tracing-rbac.yaml"},
}
}
// ControlPlaneStageTemplates returns the template files that are part of the Control Plane Stage.
func (t Tracing) ControlPlaneStageTemplates() []*loader.BufferedFile {
return []*loader.BufferedFile{
{Name: "templates/tracing.yaml"},
}
}

Some files were not shown because too many files have changed in this diff Show More