viz: move some components into linkerd-viz (#5340)

* viz: move some components into linkerd-viz

This branch moves the grafana,prometheus,web, tap components
into a new viz chart, following the same extension model that
multi-cluster and jaeger follow.

The components in viz are not injected during install time, and
will go through the injector. The `viz install` does not have any
cli flags to customize the install directly but instead follow the Helm
way of customization by using flags such as 
`set`, `set-string`, `values`, `set-files`.

**Changes Include**
- Move `grafana`, `prometheus`, `web`, `tap` templates into viz extension.
- Remove all add-on related charts, logic and tests w.r.t CLI & Helm.
- Clean up `linkerd2/values.go` & `linkerd2/values.yaml` to not contain
 fields related to viz components.
- Update `linkerd check` Healthchecks to not check for viz components.
- Create a new top level `viz` directory with CLI logic and Helm charts.
- Clean fields in the `viz/Values.yaml` to be in the `<component>.<property>`
model. Ex: `prometheus.resources`, `dashboard.image.tag`, etc so that it is
consistent everywhere.

**Testing**

```bash
# Install the Core Linkerd Installation
./bin/linkerd install | k apply -f -

# Wait for the proxy-injector to be ready
# Install the Viz Extension
./bin/linkerd cli viz install | k apply -f -

# Customized Install
./bin/linkerd cli viz install --set prometheus.enabled=false | k apply -f -
```

What is not included in this PR:
- Move of Controller from core install into the viz extension.
- Simplification and refactoring of the core chart i.e removing `.global`, etc.

Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>

bin/_test-helpers.sh

@@ -389,8 +389,9 @@ run_helm-upgrade_test() {
   fi
 
   setup_helm
+  helm_viz_chart="$( cd "$bindir"/.. && pwd )"/viz/charts/linkerd-viz
   run_test "$test_directory/install_test.go" --helm-path="$helm_path" --helm-chart="$helm_chart" \
-  --helm-stable-chart='linkerd/linkerd2' --helm-release="$helm_release_name" --upgrade-helm-from-version="$stable_version"
+  --viz-helm-chart="$helm_viz_chart" --helm-stable-chart='linkerd/linkerd2' --helm-release="$helm_release_name" --upgrade-helm-from-version="$stable_version"
   helm_cleanup
 }
 
@@ -440,9 +441,10 @@ run_helm-deep_test() {
   local tests=()
   setup_helm
   helm_multicluster_chart="$( cd "$bindir"/.. && pwd )"/multicluster/charts/linkerd2-multicluster
+  helm_viz_chart="$( cd "$bindir"/.. && pwd )"/viz/charts/linkerd-viz
   run_test "$test_directory/install_test.go" --helm-path="$helm_path" --helm-chart="$helm_chart" \
   --helm-release="$helm_release_name" --multicluster-helm-chart="$helm_multicluster_chart" \
-  --multicluster-helm-release="$helm_multicluster_release_name"
+  --viz-helm-chart="$helm_viz_chart" --multicluster-helm-release="$helm_multicluster_release_name"
   while IFS= read -r line; do tests+=("$line"); done <<< "$(go list "$test_directory"/.../...)"
   for test in "${tests[@]}"; do
     run_test "$test"

bin/build-cli-bin

@@ -21,6 +21,8 @@ rootdir=$( cd "$bindir"/.. && pwd )
     GO111MODULE=on go generate -mod=readonly ./pkg/charts/static
     GO111MODULE=on go generate -mod=readonly ./jaeger/static
     GO111MODULE=on go generate -mod=readonly ./multicluster/static
+    GO111MODULE=on go generate -mod=readonly ./viz/static
+    
     root_tag=$("$bindir"/root-tag)
     GO111MODULE=on CGO_ENABLED=0 go build -o "$target" -tags prod -mod=readonly -ldflags "-s -w -X github.com/linkerd/linkerd2/pkg/version.Version=$root_tag" ./cli
     echo "$target"

bin/helm-build

@@ -7,6 +7,7 @@ setValues() {
     sed -i "s/$1/$2/" charts/linkerd2-cni/values.yaml
     sed -i "s/$1/$2/" multicluster/charts/linkerd2-multicluster/values.yaml
     sed -i "s/$1/$2/" jaeger/charts/jaeger/values.yaml
+    sed -i "s/$1/$2/" viz/charts/linkerd-viz/values.yaml
 }
 
 showErr() {
@@ -31,6 +32,8 @@ rootdir=$( cd "$bindir"/.. && pwd )
 "$bindir"/helm lint "$rootdir"/charts/linkerd2-cni
 "$bindir"/helm dep up "$rootdir"/jaeger/charts/jaeger
 "$bindir"/helm lint "$rootdir"/jaeger/charts/jaeger
+"$bindir"/helm dep up "$rootdir"/viz/charts/linkerd-viz
+"$bindir"/helm lint "$rootdir"/viz/charts/linkerd-viz
 
 # `bin/helm-build package` assumes the presence of "$rootdir"/target/helm/index-pre.yaml which is downloaded in the chart_deploy CI job
 if [ "$1" = package ]; then
@@ -55,6 +58,8 @@ if [ "$1" = package ]; then
     "$bindir"/helm --version "$version" --app-version "$tag" -d "$rootdir"/target/helm package "$rootdir"/charts/linkerd2-cni
     "$bindir"/helm --version "$version" --app-version "$tag" -d "$rootdir"/target/helm package "$rootdir"/multicluster/charts/linkerd2-multicluster
     "$bindir"/helm --version "$version" --app-version "$tag" -d "$rootdir"/target/helm package "$rootdir"/jaeger/charts/jaeger
+    "$bindir"/helm --version "$version" --app-version "$tag" -d "$rootdir"/target/helm package "$rootdir"/viz/charts/linkerd-viz
+
     mv "$rootdir"/target/helm/index-pre.yaml "$rootdir"/target/helm/index-pre-"$version".yaml
     "$bindir"/helm repo index --url "https://helm.linkerd.io/$repo/" --merge "$rootdir"/target/helm/index-pre-"$version".yaml "$rootdir"/target/helm
 

charts/add-ons/grafana/Chart.yaml

@@ -1,9 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: A Helm chart for the grafana add-on in Linkerd
-name: grafana
-version: 0.1.0
-maintainers:
-  - name: Linkerd authors
-    email: cncf-linkerd-dev@lists.cncf.io
-    url: https://linkerd.io/

charts/add-ons/grafana/README.md

@@ -1,28 +0,0 @@
-# grafana
-
-A Helm chart for the grafana add-on in Linkerd
-
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
-
-![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
-
-## Requirements
-
-| Repository | Name | Version |
-|------------|------|---------|
-| file://../../partials | partials | 0.1.0 |
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| image.name | string | `"ghcr.io/linkerd/grafana"` | Docker image name for the grafana instance |
-| image.tag | string | `nil` | Docker image tag for the grafana instance |
-| proxy.resources | string | `nil` | Structure analog to the resources fields above, but overriding the resources of the linkerd proxy injected into the grafana pod. |
-| resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the grafana container can use |
-| resources.cpu.request | string | `nil` | Amount of CPU units that the grafana container requests |
-| resources.memory.limit | string | `nil` | Maximum amount of memory that grafana container can use |
-| resources.memory.request | string | `nil` | Amount of memory that the grafana container requests |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

charts/add-ons/grafana/README.md.gotmpl

@@ -1,14 +0,0 @@
-{{ template "chart.header" . }}
-{{ template "chart.description" . }}
-
-{{ template "chart.versionBadge" . }}
-{{ template "chart.typeBadge" . }}
-{{ template "chart.appVersionBadge" . }}
-
-{{ template "chart.homepageLine" . }}
-
-{{ template "chart.requirementsSection" . }}
-
-{{ template "chart.valuesSection" . }}
-
-{{ template "helm-docs.versionFooter" . }}

charts/add-ons/grafana/requirements.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: partials
-  repository: file://../../partials
-  version: 0.1.0
-digest: sha256:2202cf6f3783f79e78414e7a94b651589f322f3724ab220f0ea3bf8f31954de4
-generated: "2020-05-01T17:24:16.918227568+05:30"

charts/add-ons/grafana/requirements.yaml

@@ -1,4 +0,0 @@
-dependencies:
-  - name: partials
-    version: 0.1.0
-    repository: file://../../partials

charts/add-ons/grafana/templates/grafana-rbac.yaml

@@ -1,14 +0,0 @@
----
-###
-### Grafana RBAC
-###
----
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: linkerd-grafana
-  namespace: {{.Values.global.namespace}}
-  labels:
-    {{.Values.global.controllerComponentLabel}}: grafana
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-{{- include "partials.image-pull-secrets" . }}

charts/add-ons/grafana/templates/grafana.yaml

@@ -1,192 +0,0 @@
----
-###
-### Grafana
-###
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: linkerd-grafana-config
-  namespace: {{.Values.global.namespace}}
-  labels:
-    {{.Values.global.controllerComponentLabel}}: grafana
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-  annotations:
-    {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-data:
-  grafana.ini: |-
-    instance_name = linkerd-grafana
-
-    [server]
-    root_url = %(protocol)s://%(domain)s:/grafana/
-
-    [auth]
-    disable_login_form = true
-
-    [auth.anonymous]
-    enabled = true
-    org_role = Editor
-
-    [auth.basic]
-    enabled = false
-
-    [analytics]
-    check_for_updates = false
-
-    [panels]
-    disable_sanitize_html = true
-
-  datasources.yaml: |-
-    apiVersion: 1
-    datasources:
-    - name: prometheus
-      type: prometheus
-      access: proxy
-      orgId: 1
-      {{- if .Values.global.prometheusUrl }}
-      url: {{.Values.global.prometheusUrl}}
-      {{- else }}
-      url: http://linkerd-prometheus.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:9090
-      {{- end }}
-      isDefault: true
-      jsonData:
-        timeInterval: "5s"
-      version: 1
-      editable: true
-
-  dashboards.yaml: |-
-    apiVersion: 1
-    providers:
-    - name: 'default'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: true
-      editable: true
-      options:
-        path: /var/lib/grafana/dashboards
-        homeDashboardId: linkerd-top-line
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: linkerd-grafana
-  namespace: {{.Values.global.namespace}}
-  labels:
-    {{.Values.global.controllerComponentLabel}}: grafana
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-  annotations:
-    {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-spec:
-  type: ClusterIP
-  selector:
-    {{.Values.global.controllerComponentLabel}}: grafana
-  ports:
-  - name: http
-    port: 3000
-    targetPort: 3000
----
-{{- $tree := deepCopy . }}
-{{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}}
-{{ $_ := set $tree.Values.global.proxy "component" "linkerd-grafana" -}}
-{{ include "linkerd.proxy.validation" .Values.global.proxy -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  annotations:
-    {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/part-of: Linkerd
-    app.kubernetes.io/version: {{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
-    {{.Values.global.controllerComponentLabel}}: grafana
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-  name: linkerd-grafana
-  namespace: {{.Values.global.namespace}}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      {{.Values.global.controllerComponentLabel}}: grafana
-      {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-      {{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 6}}
-  template:
-    metadata:
-      annotations:
-        {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-        {{- include "partials.proxy.annotations" .Values.global.proxy| nindent 8 }}
-        {{- with .Values.global.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
-      labels:
-        {{.Values.global.controllerComponentLabel}}: grafana
-        {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-        {{.Values.global.workloadNamespaceLabel}}: {{.Values.global.namespace}}
-        {{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 8 }}
-        {{- with .Values.global.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
-    spec:
-      {{- if .Values.tolerations -}}
-      {{- include "linkerd.tolerations" . | nindent 6 }}
-      {{- end -}}
-      {{- include "linkerd.node-selector" . | nindent 6 }}
-      containers:
-      - env:
-        - name: GF_PATHS_DATA
-          value: /data
-        # Force using the go-based DNS resolver instead of the OS' to avoid failures in some environments
-        # see https://github.com/grafana/grafana/issues/20096
-        - name: GODEBUG
-          value: netdns=go
-        image: {{.Values.image.name}}:{{ default (default .Values.global.linkerdVersion .Values.global.controllerImageVersion) .Values.image.tag}}
-        imagePullPolicy: {{.Values.global.imagePullPolicy}}
-        livenessProbe:
-          httpGet:
-            path: /api/health
-            port: 3000
-          initialDelaySeconds: 30
-        name: grafana
-        ports:
-        - containerPort: 3000
-          name: http
-        readinessProbe:
-          httpGet:
-            path: /api/health
-            port: 3000
-        {{- if .Values.resources -}}
-        {{- include "partials.resources" .Values.resources | nindent 8 }}
-        {{- end }}
-        securityContext:
-          runAsUser: 472
-        volumeMounts:
-        - mountPath: /data
-          name: data
-        - mountPath: /etc/grafana
-          name: grafana-config
-          readOnly: true
-      {{- if not (empty .Values.proxy) }}
-      {{- if not (empty .Values.proxy.resources) }}
-      {{- $r := merge .Values.proxy.resources .Values.global.proxy.resources }}
-      {{- $_ := set $tree.Values.global.proxy "resources" $r }}
-      {{- end }}
-      {{- end }}
-      - {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
-      {{ if not .Values.global.cniEnabled -}}
-      initContainers:
-      - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
-      {{ end -}}
-      serviceAccountName: linkerd-grafana
-      volumes:
-      - emptyDir: {}
-        name: data
-      - configMap:
-          items:
-          - key: grafana.ini
-            path: grafana.ini
-          - key: datasources.yaml
-            path: provisioning/datasources/datasources.yaml
-          - key: dashboards.yaml
-            path: provisioning/dashboards/dashboards.yaml
-          name: linkerd-grafana-config
-        name: grafana-config
-      {{ if not .Values.global.cniEnabled -}}
-      - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
-      {{ end -}}
-      - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}

charts/add-ons/grafana/values.yaml

@@ -1,21 +0,0 @@
-image:
-  # -- Docker image name for the grafana instance
-  name: ghcr.io/linkerd/grafana
-  # -- Docker image tag for the grafana instance
-  tag:
-
-resources:
-  cpu:
-    # -- Maximum amount of CPU units that the grafana container can use
-    limit:
-    # -- Amount of CPU units that the grafana container requests
-    request:
-  memory:
-    # -- Maximum amount of memory that grafana container can use
-    limit:
-    # -- Amount of memory that the grafana container requests
-    request:
-proxy:
-  # -- Structure analog to the resources fields above, but overriding the
-  # resources of the linkerd proxy injected into the grafana pod.
-  resources:

charts/add-ons/prometheus/.helmignore

@@ -1,22 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

charts/add-ons/prometheus/Chart.yaml

@@ -1,9 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: A Helm chart for the prometheus add-on in Linkerd
-name: prometheus
-version: 0.1.0
-maintainers:
-  - name: Linkerd authors
-    email: cncf-linkerd-dev@lists.cncf.io
-    url: https://linkerd.io/

charts/add-ons/prometheus/README.md

@@ -1,35 +0,0 @@
-# prometheus
-
-A Helm chart for the prometheus add-on in Linkerd
-
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
-
-![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
-
-## Requirements
-
-| Repository | Name | Version |
-|------------|------|---------|
-| file://../../partials | partials | 0.1.0 |
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| alertManagers | string | `nil` | Alertmanager instances the Prometheus server sends alerts to configured via the static_configs parameter. |
-| alertRelabelConfigs | string | `nil` | Alert relabeling is applied to alerts before they are sent to the Alertmanager. |
-| args | object | `{"config.file":"/etc/prometheus/prometheus.yml","log.level":"info","storage.tsdb.path":"/data","storage.tsdb.retention.time":"6h"}` | Command line options for Prometheus binary |
-| globalConfig | object | `{"evaluation_interval":"10s","scrape_interval":"10s","scrape_timeout":"10s"}` | The global configuration specifies parameters that are valid in all other configuration contexts. |
-| image | string | `"prom/prometheus:v2.19.3"` | Docker image for the prometheus instance |
-| proxy.resources | string | `nil` | CPU and Memory resources required by proxy injected into prometheus pod (see global.proxy.resources for sub-fields) |
-| remoteWrite | string | `nil` | Allows transparently sending samples to an endpoint. Mostly used for long term storage. |
-| resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the prometheus container can use |
-| resources.cpu.request | string | `nil` | Amount of CPU units that the prometheus container requests |
-| resources.memory.limit | string | `nil` | Maximum amount of memory that prometheus container can use |
-| resources.memory.request | string | `nil` | Amount of memory that the prometheus container requests |
-| ruleConfigMapMounts | string | `nil` | Alerting/recording rule ConfigMap mounts (sub-path names must end in ´_rules.yml´ or ´_rules.yaml´) |
-| scrapeConfigs | string | `nil` | A scrapeConfigs section specifies a set of targets and parameters describing how to scrape them. |
-| sideCarContainers | string | `nil` | A sidecarContainers section specifies a list of secondary containers to run in the prometheus pod e.g. to export data to non-prometheus systems |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

charts/add-ons/prometheus/README.md.gotmpl

@@ -1,14 +0,0 @@
-{{ template "chart.header" . }}
-{{ template "chart.description" . }}
-
-{{ template "chart.versionBadge" . }}
-{{ template "chart.typeBadge" . }}
-{{ template "chart.appVersionBadge" . }}
-
-{{ template "chart.homepageLine" . }}
-
-{{ template "chart.requirementsSection" . }}
-
-{{ template "chart.valuesSection" . }}
-
-{{ template "helm-docs.versionFooter" . }}

charts/add-ons/prometheus/requirements.yaml

@@ -1,4 +0,0 @@
-dependencies:
-  - name: partials
-    version: 0.1.0
-    repository: file://../../partials

charts/add-ons/prometheus/templates/prometheus-rbac.yaml

@@ -1,42 +0,0 @@
----
-###
-### Prometheus RBAC
-###
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-{{.Values.global.namespace}}-prometheus
-  labels:
-    {{.Values.global.controllerComponentLabel}}: prometheus
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-rules:
-- apiGroups: [""]
-  resources: ["nodes", "nodes/proxy", "pods"]
-  verbs: ["get", "list", "watch"]
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-{{.Values.global.namespace}}-prometheus
-  labels:
-    {{.Values.global.controllerComponentLabel}}: prometheus
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: linkerd-{{.Values.global.namespace}}-prometheus
-subjects:
-- kind: ServiceAccount
-  name: linkerd-prometheus
-  namespace: {{.Values.global.namespace}}
----
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: linkerd-prometheus
-  namespace: {{.Values.global.namespace}}
-  labels:
-    {{.Values.global.controllerComponentLabel}}: prometheus
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-{{- include "partials.image-pull-secrets" . }}

charts/add-ons/prometheus/values.yaml

@@ -1,123 +0,0 @@
-# This add-on's default property values are declared in `charts/add-ons/prometheus/values.yaml`.
-# If installing/upgrading with Helm, you can override them through the usual `--set` or `-f` flags
-# when installing with the parent linkerd2 chart
-# Do not override them in this file!
-# If installing/upgrading with linkerd's CLI, use the `--config` flag.
-
-# -- Docker image for the prometheus instance
-image: prom/prometheus:v2.19.3
-# -- Command line options for Prometheus binary
-args:
-  storage.tsdb.path: /data
-  storage.tsdb.retention.time: 6h
-  config.file: /etc/prometheus/prometheus.yml
-  log.level: info
-# -- The global configuration specifies parameters that are valid in all other
-# configuration contexts.
-globalConfig:
-  scrape_interval: 10s
-  scrape_timeout: 10s
-  evaluation_interval: 10s
-
-# -- Alert relabeling is applied to alerts before they are sent to the
-# Alertmanager.
-alertRelabelConfigs:
-# Ex:
-# - action: labeldrop
-#   regex: prometheus_replica
-
-# -- Alertmanager instances the Prometheus server sends alerts to configured via
-# the static_configs parameter.
-alertManagers:
-# Ex:
-# - scheme: http
-#   static_configs:
-#   - targets:
-#     - "alertmanager.linkerd.svc:9093"
-
-# -- Allows transparently sending samples to an endpoint. Mostly used for long
-# term storage.
-remoteWrite:
-
-# -- Alerting/recording rule ConfigMap mounts (sub-path names must end in
-# ´_rules.yml´ or ´_rules.yaml´)
-ruleConfigMapMounts:
-# Ex:
-# - name: alerting-rules
-#   subPath: alerting_rules.yml
-#   configMap: linkerd-prometheus-rules
-# - name: recording-rules
-#   subPath: recording_rules.yml
-#   configMap: linkerd-prometheus-rules
-
-# -- A scrapeConfigs section specifies a set of targets and parameters
-# describing how to scrape them.
-scrapeConfigs:
-# Ex:
-# - job_name: 'kubernetes-nodes'
-#   scheme: https
-#   tls_config:
-#     ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-#   bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-#   kubernetes_sd_configs:
-#   - role: node
-#   relabel_configs:
-#   - action: labelmap
-#     regex: __meta_kubernetes_node_label_(.+)
-
-# -- A sidecarContainers section specifies a list of secondary containers to run
-# in the prometheus pod e.g. to export data to non-prometheus systems
-sideCarContainers:
-# Ex:
-# - name: sidecar
-#   image: gcr.io/myproject/stackdriver-prometheus-sidecar
-#   imagePullPolicy: Always
-#   command:
-#   - /bin/sh
-#   - -c
-#   - |
-#     exec /bin/stackdriver-prometheus-sidecar \
-#       --stackdriver.project-id=myproject \
-#       --stackdriver.kubernetes.location=us-central1 \
-#       --stackdriver.kubernetes.cluster-name=mycluster \
-#       --prometheus.wal-directory=/data/wal \
-#       --log.level=info
-#   volumeMounts:
-#   - mountPath: /data
-#     name: data
-#   ports:
-#   - name: foo
-#     containerPort: 9091
-#     protocol: TCP
-
-
-proxy:
-  # -- CPU and Memory resources required by proxy injected into prometheus pod
-  # (see global.proxy.resources for sub-fields)
-  resources:
-
-### WARNING: persistence is experimental and has not been tested/vetted by the Linkerd team.
-### As such, please refer to https://linkerd.io/2/tasks/exporting-metrics/ for the recommended approach to metrics data retention.
-# if enabled, creates a persistent volume claim for prometheus data
-# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims
-#persistence:
-# -- Storage class used to create prometheus data PV.
-#  storageClass:
-# -- PVC access mode.
-#  accessMode:
-# -- Prometheus data volume size.
-#  size:
-
-
-resources:
-  cpu:
-    # -- Maximum amount of CPU units that the prometheus container can use
-    limit:
-    # -- Amount of CPU units that the prometheus container requests
-    request:
-  memory:
-    # -- Maximum amount of memory that prometheus container can use
-    limit:
-    # -- Amount of memory that the prometheus container requests
-    request:
-

charts/linkerd2/README.md

@@ -118,8 +118,6 @@ Kubernetes: `>=1.13.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| file://../add-ons/grafana | grafana | 0.1.0 |
-| file://../add-ons/prometheus | prometheus | 0.1.0 |
 | file://../partials | partials | 0.1.0 |
 
 ## Values
@@ -129,13 +127,11 @@ Kubernetes: `>=1.13.0-0`
 | controllerImage | string | `"ghcr.io/linkerd/controller"` | Docker image for the controller, tap and identity components |
 | controllerReplicas | int | `1` | Number of replicas for each control plane pod |
 | controllerUID | int | `2103` | User ID for the control plane components |
-| dashboard.replicas | int | `1` | Number of replicas of dashboard |
 | debugContainer.image.name | string | `"ghcr.io/linkerd/debug"` | Docker image for the debug container |
 | debugContainer.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the debug container Docker image |
 | debugContainer.image.version | string | `"linkerdVersionValue"` | Tag for the debug container Docker image |
 | disableHeartBeat | bool | `false` | Set to true to not start the heartbeat cronjob  |
 | enableH2Upgrade | bool | `true` | Allow proxies to perform transparent HTTP/2 upgrading   |
-| enforcedHostRegexp | string | `""` | Host header validation regex for the dashboard. See the [Linkerd documentation](https://linkerd.io/2/tasks/exposing-dashboard) for more information |
 | global.clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use   |
 | global.clusterNetworks | string | `"10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"` | The cluster networks for which service discovery is performed. This should include the pod network but need not include the node network. By default, all private networks are specified so that resolution works in typical Kubernetes environments. |
 | global.cniEnabled | bool | `false` | enabling this omits the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed |
@@ -192,7 +188,6 @@ Kubernetes: `>=1.13.0-0`
 | global.proxyInjectAnnotation | string | `"linkerd.io/inject"` | Annotation label to signal injection. Do not edit. |
 | global.proxyInjectDisabled | string | `"disabled"` | Annotation value to disable injection. Do not edit.  |
 | global.workloadNamespaceLabel | string | `"linkerd.io/workload-ns"` |  |
-| grafana.enabled | bool | `true` |  |
 | heartbeatSchedule | string | `"0 0 * * *"` | Config for the heartbeat cronjob |
 | identity.issuer.clockSkewAllowance | string | `"20s"` | Amount of time to allow for clock skew within a Linkerd cluster |
 | identity.issuer.crtExpiry | string | `nil` | Expiration timestamp for the issuer certificate. It must be provided during install. Must match the expiry date in crtPEM |
@@ -210,17 +205,11 @@ Kubernetes: `>=1.13.0-0`
 | profileValidator.externalSecret | bool | `false` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `profileValidator.caBundle` must be set (see below). |
 | profileValidator.keyPEM | string | `""` | Certificate key for the service profile validator. If not provided then Helm will generate one. |
 | profileValidator.namespaceSelector | object | `{"matchExpressions":[{"key":"config.linkerd.io/admission-webhooks","operator":"NotIn","values":["disabled"]}]}` | Namespace selector used by admission webhook |
-| prometheus.enabled | bool | `true` |  |
 | proxyInjector.caBundle | string | `""` | Bundle of CA certificates for proxy injector. If not provided then Helm will use the certificate generated  for `proxyInjector.crtPEM`. If `proxyInjector.externalSecret` is set to true, this value must be set, as no certificate will be generated. |
 | proxyInjector.crtPEM | string | `""` | Certificate for the proxy injector. If not provided then Helm will generate one. |
 | proxyInjector.externalSecret | bool | `false` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `proxyInjector.caBundle` must be set (see below) |
 | proxyInjector.keyPEM | string | `""` | Certificate key for the proxy injector. If not provided then Helm will generate one.  |
 | proxyInjector.namespaceSelector | object | `{"matchExpressions":[{"key":"config.linkerd.io/admission-webhooks","operator":"NotIn","values":["disabled"]}]}` | Namespace selector used by admission webhook. If not set defaults to all namespaces without the annotation config.linkerd.io/admission-webhooks=disabled |
-| tap.caBundle | string | `""` | Bundle of CA certificates for Tap component. If not provided then Helm will use the certificate generated  for `tap.crtPEM`. If `tap.externalSecret` is set to true, this value must be set, as no certificate will be generated. |
-| tap.crtPEM | string | `""` | Certificate for the Tap component. If not provided then Helm will generate one. |
-| tap.externalSecret | bool | `false` | Do not create a secret resource for the Tap component. If this is set to `true`, the value `tap.caBundle` must be set (see below). |
-| tap.keyPEM | string | `""` | Certificate key for Tap component. If not provided then Helm will generate one.  |
-| webImage | string | `"ghcr.io/linkerd/web"` |  |
 | webhookFailurePolicy | string | `"Ignore"` | Failure policy for the proxy injector  |
 
 ----------------------------------------------

charts/linkerd2/requirements.lock

@@ -2,11 +2,5 @@ dependencies:
 - name: partials
   repository: file://../partials
   version: 0.1.0
-- name: prometheus
-  repository: file://../add-ons/prometheus
-  version: 0.1.0
-- name: grafana
-  repository: file://../add-ons/grafana
-  version: 0.1.0
-digest: sha256:2bbca4bf61028194ae6ee86763f21fa2488c9d141e3529bae642fa72b45fb34c
-generated: "2020-12-18T23:27:44.921336524Z"
+digest: sha256:8e42f9c9d4a2dc883f17f94d6044c97518ced19ad0922f47b8760e47135369ba
+generated: "2020-12-21T17:47:25.811707816Z"

charts/linkerd2/requirements.yaml

@@ -2,11 +2,3 @@ dependencies:
 - name: partials
   version: 0.1.0
   repository: file://../partials
-- name: prometheus
-  version: 0.1.0
-  repository: file://../add-ons/prometheus
-  condition: prometheus.enabled
-- name: grafana
-  version: 0.1.0
-  repository: file://../add-ons/grafana
-  condition: grafana.enabled

charts/linkerd2/templates/config.yaml

@@ -25,9 +25,6 @@ data:
   {{- if kindIs "map" $values.proxyInjector -}}
     {{- $_ := unset $values.proxyInjector "keyPEM"}}
   {{- end -}}
-  {{- if kindIs "map" $values.tap -}}
-    {{- $_ := unset $values.tap "keyPEM"}}
-  {{- end -}}
   {{- $_ := unset $values "partials"}}
   {{- $_ := unset $values "configs"}}
   {{- $_ := unset $values "stage"}}

charts/linkerd2/templates/controller-rbac.yaml

@@ -51,4 +51,4 @@ metadata:
   labels:
     {{.Values.global.controllerComponentLabel}}: controller
     {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-{{- include "partials.image-pull-secrets" . }}
+{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}

charts/linkerd2/templates/controller.yaml

@@ -81,8 +81,8 @@ spec:
         - -cluster-domain={{.Values.global.clusterDomain}}
         {{- if .Values.global.prometheusUrl }}
         - -prometheus-url={{.Values.global.prometheusUrl}}
-        {{- else if .Values.prometheus.enabled }}
-        - -prometheus-url=http://linkerd-prometheus.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:9090
+        {{- else }}
+        - -prometheus-url=http://linkerd-prometheus.linkerd-viz.svc.{{.Values.global.clusterDomain}}:9090
         {{- end }}
         {{- include "partials.linkerd.trace" . | nindent 8 -}}
         image: {{.Values.controllerImage}}:{{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}

charts/linkerd2/templates/destination-rbac.yaml

@@ -56,4 +56,4 @@ metadata:
   labels:
     {{.Values.global.controllerComponentLabel}}: destination
     {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-{{- include "partials.image-pull-secrets" . }}
+{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}

charts/linkerd2/templates/heartbeat-rbac.yaml

@@ -41,5 +41,5 @@ metadata:
   labels:
     {{.Values.global.controllerComponentLabel}}: heartbeat
     {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-{{- include "partials.image-pull-secrets" . }}
+{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}
 {{- end }}

charts/linkerd2/templates/heartbeat.yaml

@@ -48,8 +48,8 @@ spec:
             - "-log-level={{.Values.global.controllerLogLevel}}"
             {{- if .Values.global.prometheusUrl }}
             - "-prometheus-url={{.Values.global.prometheusUrl}}"
-            {{- else if .Values.prometheus.enabled }}
-            - "-prometheus-url=http://linkerd-prometheus.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:9090"
+            {{- else }}
+            - "-prometheus-url=http://linkerd-prometheus.linkerd-viz.svc.{{.Values.global.clusterDomain}}:9090"
             {{- end }}
             {{- if .Values.heartbeatResources -}}
             {{- include "partials.resources" .Values.heartbeatResources | nindent 12 }}

charts/linkerd2/templates/identity-rbac.yaml

@@ -46,5 +46,5 @@ metadata:
   labels:
     {{.Values.global.controllerComponentLabel}}: identity
     {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-{{- include "partials.image-pull-secrets" . }}
+{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}
 {{ end -}}

charts/linkerd2/templates/proxy-injector-rbac.yaml

@@ -52,7 +52,7 @@ metadata:
   labels:
     {{.Values.global.controllerComponentLabel}}: proxy-injector
     {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-{{- include "partials.image-pull-secrets" . }}
+{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}
 ---
 {{- $host := printf "linkerd-proxy-injector.%s.svc" .Values.global.namespace }}
 {{- $ca := genSelfSignedCert $host (list) (list $host) 365 }}

charts/linkerd2/templates/psp.yaml

@@ -90,11 +90,6 @@ subjects:
 - kind: ServiceAccount
   name: linkerd-destination
   namespace: {{.Values.global.namespace}}
-{{ if .Values.grafana.enabled -}}
-- kind: ServiceAccount
-  name: linkerd-grafana
-  namespace: {{.Values.global.namespace}}
-{{ end -}}
 {{ if not .Values.disableHeartBeat -}}
 - kind: ServiceAccount
   name: linkerd-heartbeat
@@ -103,20 +98,9 @@ subjects:
 - kind: ServiceAccount
   name: linkerd-identity
   namespace: {{.Values.global.namespace}}
-{{ if .Values.prometheus.enabled -}}
-- kind: ServiceAccount
-  name: linkerd-prometheus
-  namespace: {{.Values.global.namespace}}
-{{ end -}}
 - kind: ServiceAccount
   name: linkerd-proxy-injector
   namespace: {{.Values.global.namespace}}
 - kind: ServiceAccount
   name: linkerd-sp-validator
   namespace: {{.Values.global.namespace}}
-- kind: ServiceAccount
-  name: linkerd-tap
-  namespace: {{.Values.global.namespace}}
-- kind: ServiceAccount
-  name: linkerd-web
-  namespace: {{.Values.global.namespace}}

charts/linkerd2/templates/sp-validator-rbac.yaml

@@ -40,7 +40,7 @@ metadata:
   labels:
     {{.Values.global.controllerComponentLabel}}: sp-validator
     {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-{{- include "partials.image-pull-secrets" . }}
+{{- include "partials.image-pull-secrets" .Values.global.imagePullSecrets }}
 ---
 {{- $host := printf "linkerd-sp-validator.%s.svc" .Values.global.namespace }}
 {{- $ca := genSelfSignedCert $host (list) (list $host) 365 }}

charts/linkerd2/templates/tap.yaml

@@ -1,135 +0,0 @@
----
-###
-### Tap
-###
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: linkerd-tap
-  namespace: {{.Values.global.namespace}}
-  labels:
-    {{.Values.global.controllerComponentLabel}}: tap
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-  annotations:
-    {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-spec:
-  type: ClusterIP
-  selector:
-    {{.Values.global.controllerComponentLabel}}: tap
-  ports:
-  - name: grpc
-    port: 8088
-    targetPort: 8088
-  - name: apiserver
-    port: 443
-    targetPort: apiserver
----
-{{- $tree := deepCopy . }}
-{{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}}
-{{ $_ := set $tree.Values.global.proxy "component" "linkerd-tap" -}}
-{{ include "linkerd.proxy.validation" .Values.global.proxy -}}
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  annotations:
-    {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-  labels:
-    app.kubernetes.io/name: tap
-    app.kubernetes.io/part-of: Linkerd
-    app.kubernetes.io/version: {{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
-    {{.Values.global.controllerComponentLabel}}: tap
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-  name: linkerd-tap
-  namespace: {{.Values.global.namespace}}
-spec:
-  replicas: {{.Values.controllerReplicas}}
-  selector:
-    matchLabels:
-      {{.Values.global.controllerComponentLabel}}: tap
-      {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-      {{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 6}}
-  {{- if .Values.enablePodAntiAffinity }}
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 1
-  {{- end }}
-  template:
-    metadata:
-      annotations:
-        {{- if (or (empty .Values.global.cliVersion) (not (eq (.Values.stage | toString) "control-plane"))) }}
-        checksum/config: {{ include (print $.Template.BasePath "/tap-rbac.yaml") . | sha256sum }}
-        {{- end }}
-        {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-        {{- include "partials.proxy.annotations" .Values.global.proxy| nindent 8}}
-        {{- with .Values.global.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
-      labels:
-        {{.Values.global.controllerComponentLabel}}: tap
-        {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-        {{.Values.global.workloadNamespaceLabel}}: {{.Values.global.namespace}}
-        {{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 8}}
-        {{- with .Values.global.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
-    spec:
-      {{- if .Values.tolerations -}}
-      {{- include "linkerd.tolerations" . | nindent 6 }}
-      {{- end -}}
-      {{- include "linkerd.node-selector" . | nindent 6 }}
-      {{- if .Values.enablePodAntiAffinity -}}
-      {{- $local := dict "component" "tap" "label" .Values.global.controllerComponentLabel -}}
-      {{- include "linkerd.pod-affinity" $local | nindent 6 -}}
-      {{- end }}
-      containers:
-      - args:
-        - tap
-        - -controller-namespace={{.Values.global.namespace}}
-        - -log-level={{.Values.global.controllerLogLevel}}
-        - -identity-trust-domain={{.Values.global.identityTrustDomain }}
-        {{- include "partials.linkerd.trace" . | nindent 8 -}}
-        image: {{.Values.controllerImage}}:{{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
-        imagePullPolicy: {{.Values.global.imagePullPolicy}}
-        livenessProbe:
-          httpGet:
-            path: /ping
-            port: 9998
-          initialDelaySeconds: 10
-        name: tap
-        ports:
-        - containerPort: 8088
-          name: grpc
-        - containerPort: 8089
-          name: apiserver
-        - containerPort: 9998
-          name: admin-http
-        readinessProbe:
-          failureThreshold: 7
-          httpGet:
-            path: /ready
-            port: 9998
-        {{- if .Values.tapResources -}}
-        {{- include "partials.resources" .Values.tapResources | nindent 8 }}
-        {{- end }}
-        securityContext:
-          runAsUser: {{.Values.controllerUID}}
-        volumeMounts:
-        - mountPath: /var/run/linkerd/tls
-          name: tls
-          readOnly: true
-      {{- if not (empty .Values.tapProxyResources) }}
-      {{- $r := merge .Values.tapProxyResources .Values.global.proxy.resources }}
-      {{- $_ := set $tree.Values.global.proxy "resources" $r }}
-      {{- end }}
-      - {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
-      {{ if not .Values.global.cniEnabled -}}
-      initContainers:
-      - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
-      {{ end -}}
-      serviceAccountName: linkerd-tap
-      volumes:
-      {{ if not .Values.global.cniEnabled -}}
-      - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
-      {{ end -}}
-      - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}
-      - name: tls
-        secret:
-          secretName: linkerd-tap-k8s-tls
-

charts/linkerd2/templates/web.yaml

@@ -1,125 +0,0 @@
----
-###
-### Web
-###
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: linkerd-web
-  namespace: {{.Values.global.namespace}}
-  labels:
-    {{.Values.global.controllerComponentLabel}}: web
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-  annotations:
-    {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-spec:
-  type: ClusterIP
-  selector:
-    {{.Values.global.controllerComponentLabel}}: web
-  ports:
-  - name: http
-    port: 8084
-    targetPort: 8084
-  - name: admin-http
-    port: 9994
-    targetPort: 9994
----
-{{- $tree := deepCopy . }}
-{{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}}
-{{ $_ := set $tree.Values.global.proxy "component" "linkerd-web" -}}
-{{ include "linkerd.proxy.validation" .Values.global.proxy -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  annotations:
-    {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-  labels:
-    app.kubernetes.io/name: web
-    app.kubernetes.io/part-of: Linkerd
-    app.kubernetes.io/version: {{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
-    {{.Values.global.controllerComponentLabel}}: web
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-  name: linkerd-web
-  namespace: {{.Values.global.namespace}}
-spec:
-  replicas: {{.Values.dashboard.replicas}}
-  selector:
-    matchLabels:
-      {{.Values.global.controllerComponentLabel}}: web
-      {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-      {{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 6}}
-  template:
-    metadata:
-      annotations:
-        {{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
-        {{- include "partials.proxy.annotations" .Values.global.proxy| nindent 8}}
-        {{- with .Values.global.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
-      labels:
-        {{.Values.global.controllerComponentLabel}}: web
-        {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-        {{.Values.global.workloadNamespaceLabel}}: {{.Values.global.namespace}}
-        {{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 8}}
-        {{- with .Values.global.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
-    spec:
-      {{- if .Values.tolerations -}}
-      {{- include "linkerd.tolerations" . | nindent 6 }}
-      {{- end -}}
-      {{- include "linkerd.node-selector" . | nindent 6 }}
-      containers:
-      - args:
-        - -api-addr=linkerd-controller-api.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:8085
-        - -cluster-domain={{.Values.global.clusterDomain}}
-        {{- if .Values.global.grafanaUrl }}
-        - -grafana-addr={{.Values.global.grafanaUrl}}
-        {{- else if .Values.grafana.enabled }}
-        - -grafana-addr=linkerd-grafana.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:3000
-        {{- end}}
-        - -controller-namespace={{.Values.global.namespace}}
-        - -log-level={{.Values.global.controllerLogLevel}}
-        {{- if .Values.enforcedHostRegexp }}
-        - -enforced-host={{.Values.enforcedHostRegexp}}
-        {{- else -}}
-        {{- $hostFull := replace "." "\\." (printf "linkerd-web.%s.svc.%s" .Values.global.namespace .Values.global.clusterDomain) }}
-        {{- $hostAbbrev := replace "." "\\." (printf "linkerd-web.%s.svc" .Values.global.namespace) }}
-        - -enforced-host=^(localhost|127\.0\.0\.1|{{ $hostFull }}|{{ $hostAbbrev }}|\[::1\])(:\d+)?$
-        {{- end}}
-        {{- include "partials.linkerd.trace" . | nindent 8 -}}
-        image: {{.Values.webImage}}:{{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
-        imagePullPolicy: {{.Values.global.imagePullPolicy}}
-        livenessProbe:
-          httpGet:
-            path: /ping
-            port: 9994
-          initialDelaySeconds: 10
-        name: web
-        ports:
-        - containerPort: 8084
-          name: http
-        - containerPort: 9994
-          name: admin-http
-        readinessProbe:
-          failureThreshold: 7
-          httpGet:
-            path: /ready
-            port: 9994
-        {{- if .Values.webResources -}}
-        {{- include "partials.resources" .Values.webResources | nindent 8 }}
-        {{- end }}
-        securityContext:
-          runAsUser: {{.Values.controllerUID}}
-      {{- if not (empty .Values.webProxyResources) }}
-      {{- $r := merge .Values.webProxyResources .Values.global.proxy.resources }}
-      {{- $_ := set $tree.Values.global.proxy "resources" $r }}
-      {{- end }}
-      - {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
-      {{ if not .Values.global.cniEnabled -}}
-      initContainers:
-      - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
-      {{ end -}}
-      serviceAccountName: linkerd-web
-      volumes:
-      {{ if not .Values.global.cniEnabled -}}
-      - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
-      {{ end -}}
-      - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}

charts/linkerd2/values-ha.yaml

@@ -33,36 +33,12 @@ identityResources:
     limit: 250Mi
     request: 10Mi
 
-# grafana configuration
-grafana:
-  resources:
-    cpu: *controller_resources_cpu
-    memory:
-      limit: 1024Mi
-      request: 50Mi
-
 # heartbeat configuration
 heartbeatResources: *controller_resources
 
-# prometheus configuration
-prometheus:
-  resources:
-    cpu:
-      limit: ""
-      request: 300m
-    memory:
-      limit: 8192Mi
-      request: 300Mi
-
 # proxy injector configuration
 proxyInjectorResources: *controller_resources
 webhookFailurePolicy: Fail
 
 # service profile validator configuration
 spValidatorResources: *controller_resources
-
-# tap configuration
-tapResources: *controller_resources
-
-# web configuration
-webResources: *controller_resources

charts/linkerd2/values.yaml

@@ -165,11 +165,6 @@ global:
   imagePullSecrets: []
   # - name: my-private-docker-registry-login-secret
 
-# -- Host header validation regex for the dashboard. See the [Linkerd
-# documentation](https://linkerd.io/2/tasks/exposing-dashboard) for more
-# information
-enforcedHostRegexp: ""
-
 # -- Allow proxies to perform transparent HTTP/2 upgrading  
 enableH2Upgrade: true
 
@@ -197,12 +192,6 @@ controllerUID: 2103
 # injected into destination pod (see `global.proxy.resources` for sub-fields)
 #destinationProxyResources:
 
-
-# web dashboard configuration
-dashboard:
-  # -- Number of replicas of dashboard
-  replicas: 1
-
 # debug configuration
 debugContainer:
   image:
@@ -322,42 +311,6 @@ profileValidator:
 #`global.proxy.resources`
 #publicAPIProxyResources:
 
-# tap configuration
-tap:
-  # -- Do not create a secret resource for the Tap component. If this is set to
-  # `true`, the value `tap.caBundle` must be set (see below).
-  externalSecret: false
-  # -- Certificate for the Tap component. If not provided then Helm will
-  # generate one.
-  crtPEM: |
-
-  # -- Certificate key for Tap component. If not provided then Helm will
-  # generate one. 
-  keyPEM: |
-
-  # -- Bundle of CA certificates for Tap component. If not provided then Helm
-  # will use the certificate generated  for `tap.crtPEM`. If
-  # `tap.externalSecret` is set to true, this value must be set, as no
-  # certificate will be generated.
-  caBundle: |
-
-# -|- CPU and Memory resources required by tap (see `global.proxy.resources` for
-#sub-fields)
-#tapResources:
-# -|- CPU and Memory resources required by proxy injected into tap pod (see
-#`global.proxy.resources` for sub-fields)
-#tapProxyResources:
-
-# -- Docker image for the web container
-webImage: ghcr.io/linkerd/web
-# -<- CPU and Memory resources required by web UI (see `global.proxy.resources`
-#for sub-fields)
-#webResources:
-# -|- CPU and Memory resources required by proxy injected into web UI pod (see
-#`global.proxy.resources` for sub-fields)
-#webProxyResources:
-
-
 # If the namespace is controlled by an external tool or can't be installed with Helm
 # you can disable its installation. In this case:
 # - The namespace created by the external tool must match the namespace value above
@@ -378,88 +331,3 @@ nodeSelector:
 # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
 # for more information
 #tolerations:
-
-# Configuration for Add-ons
-# Full configuration fields https://github.com/linkerd/linkerd2/tree/master/charts/linkerd2#add-ons-configuration
-
-grafana:
-  enabled: true
-  # image:
-  #   name: ghcr.io/linkerd/grafana
-  #   tag: latest
-  # set resource requests and limits for grafana and its linkerd proxy respectively
-  # see global.proxy.resources in the linkerd2 chart for details.
-  # resources:
-  # proxy:
-  #   resources:
-
-prometheus:
-  enabled: true
-  # image: prom/prometheus:v2.15.3
-  # args:
-  #  storage.tsdb.retention.time: 6h
-  #  log.level: debug
-  # globalConfig:
-  #   scrape_interval: 10s
-  #   scrape_timeout: 10s
-  # scrapeConfigs:
-  # - job_name: 'kubernetes-nodes'
-  #   scheme: https
-  #   tls_config:
-  #     ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-  #   bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  #   kubernetes_sd_configs:
-  #   - role: node
-  #   relabel_configs:
-  #   - action: labelmap
-  #     regex: __meta_kubernetes_node_label_(.+)
-  # alertManagers:
-  # - scheme: http
-  #   static_configs:
-  #   - targets:
-  #     - "alertmanager.linkerd.svc:9093"
-  # alertRelabelConfigs:
-  # - action: labeldrop
-  #   regex: prometheus_replica
-  # ruleConfigMapMounts:
-  # - name: alerting-rules
-  #   subPath: alerting_rules.yml
-  #   configMap: linkerd-prometheus-rules
-  # - name: recording-rules
-  #   subPath: recording_rules.yml
-  #   configMap: linkerd-prometheus-rules
-  ###
-  ### Sidecar containers allow access to the prometheus data directory,
-  ### e.g. for exporting data to non-prometheus systems.
-  # sidecarContainers:
-  # - name: sidecar
-  #   image: gcr.io/myproject/stackdriver-prometheus-sidecar
-  #   imagePullPolicy: Always
-  #   command:
-  #   - /bin/sh
-  #   - -c
-  #   - |
-  #     exec /bin/stackdriver-prometheus-sidecar \
-  #       --stackdriver.project-id=myproject \
-  #       --stackdriver.kubernetes.location=us-central1 \
-  #       --stackdriver.kubernetes.cluster-name=mycluster \
-  #       --prometheus.wal-directory=/data/wal \
-  #       --log.level=info
-  #   volumeMounts:
-  #   - mountPath: /data
-  #     name: data
-  #   ports:
-  #   - name: foo
-  #     containerPort: 9091
-  #     protocol: TCP
-  ### WARNING: persistence is experimental and has not been tested/vetted by the Linkerd team.
-  ### As such, please refer to https://linkerd.io/2/tasks/exporting-metrics/ for the recommended approach to metrics data retention.
-  # if enabled, creates a persistent volume claim for prometheus data
-  # https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims
-  # persistence:
-  #   storageClass: ""
-  #   accessMode: ReadWriteOnce
-  #   size: 8Gi
-  # resources:
-  # proxy:
-  #   resources:

charts/partials/templates/_proxy.tpl

@@ -95,7 +95,7 @@ env:
   value: "true"
 {{ else if not .Values.global.proxy.disableIdentity -}}
 - name: LINKERD2_PROXY_TAP_SVC_NAME
-  value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+  value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
 {{ end -}}
 image: {{.Values.global.proxy.image.name}}:{{.Values.global.proxy.image.version}}
 imagePullPolicy: {{.Values.global.proxy.image.pullPolicy}}

charts/partials/templates/_pull-secrets.tpl

@@ -1,6 +1,6 @@
-{{- define "partials.image-pull-secrets" -}}
-{{- if .Values.global.imagePullSecrets }}
+{{- define "partials.image-pull-secrets"}}
+{{- if . }}
 imagePullSecrets:
-{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
+{{ toYaml . | indent 2 }}
 {{- end }}
 {{- end -}}

cli/Dockerfile-bin

@@ -16,6 +16,7 @@ COPY cli cli
 COPY charts charts
 COPY jaeger jaeger
 COPY multicluster multicluster
+COPY viz viz
 
 COPY controller/k8s controller/k8s
 COPY controller/api controller/api
@@ -28,6 +29,7 @@ RUN mkdir -p /out
 RUN go generate -mod=readonly ./pkg/charts/static
 RUN go generate -mod=readonly ./jaeger/static
 RUN go generate -mod=readonly ./multicluster/static
+RUN go generate -mod=readonly ./viz/static
 
 # Cache builds without version info
 RUN CGO_ENABLED=0 GOOS=darwin go build -o /out/linkerd-darwin -tags prod -mod=readonly -ldflags "-s -w" ./cli

cli/cmd/check.go

@@ -187,7 +187,6 @@ func configureAndRunChecks(ctx context.Context, wout io.Writer, werr io.Writer,
 			checks = append(checks, healthcheck.LinkerdCNIPluginChecks)
 			checks = append(checks, healthcheck.LinkerdHAChecks)
 
-			checks = append(checks, healthcheck.AddOnCategories...)
 		}
 	}
 

cli/cmd/dashboard.go

@@ -94,7 +94,7 @@ func newCmdDashboard() *cobra.Command {
 			portforward, err := k8s.NewPortForward(
 				cmd.Context(),
 				k8sAPI,
-				controlPlaneNamespace,
+				defaultLinkerdVizNamespace,
 				webDeployment,
 				options.host,
 				options.port,

cli/cmd/install.go

@@ -26,10 +26,6 @@ import (
 )
 
 const (
-
-	// addOnChartsPath is where the linkerd2 add-ons will be present
-	addOnChartsPath = "add-ons"
-
 	configStage       = "config"
 	controlPlaneStage = "control-plane"
 
@@ -64,12 +60,10 @@ var (
 		"templates/controller-rbac.yaml",
 		"templates/destination-rbac.yaml",
 		"templates/heartbeat-rbac.yaml",
-		"templates/web-rbac.yaml",
 		"templates/serviceprofile-crd.yaml",
 		"templates/trafficsplit-crd.yaml",
 		"templates/proxy-injector-rbac.yaml",
 		"templates/sp-validator-rbac.yaml",
-		"templates/tap-rbac.yaml",
 		"templates/psp.yaml",
 	}
 
@@ -80,10 +74,8 @@ var (
 		"templates/controller.yaml",
 		"templates/destination.yaml",
 		"templates/heartbeat.yaml",
-		"templates/web.yaml",
 		"templates/proxy-injector.yaml",
 		"templates/sp-validator.yaml",
-		"templates/tap.yaml",
 	}
 
 	ignoreCluster bool
@@ -312,42 +304,12 @@ func render(w io.Writer, values *l5dcharts.Values, stage string) error {
 		{Name: chartutil.ChartfileName},
 	}
 
-	addOns, err := l5dcharts.ParseAddOnValues(values)
-	if err != nil {
-		return err
-	}
-
-	// Initialize add-on sub-charts
-	addOnCharts := make(map[string]*charts.Chart)
-	for _, addOn := range addOns {
-		addOnCharts[addOn.Name()] = &charts.Chart{
-			Name:      addOn.Name(),
-			Dir:       addOnChartsPath + "/" + addOn.Name(),
-			Namespace: controlPlaneNamespace,
-			RawValues: append(addOn.Values(), rawValues...),
-			Files: []*loader.BufferedFile{
-				{
-					Name: chartutil.ChartfileName,
-				},
-				{
-					Name: chartutil.ValuesfileName,
-				},
-			},
-			Fs: static.Templates,
-		}
-	}
-
 	if stage == "" || stage == configStage {
 		for _, template := range templatesConfigStage {
 			files = append(files,
 				&loader.BufferedFile{Name: template},
 			)
 		}
-
-		// Fill add-on's sub-charts with config templates
-		for _, addOn := range addOns {
-			addOnCharts[addOn.Name()].Files = append(addOnCharts[addOn.Name()].Files, addOn.ConfigStageTemplates()...)
-		}
 	}
 
 	if stage == "" || stage == controlPlaneStage {
@@ -356,12 +318,6 @@ func render(w io.Writer, values *l5dcharts.Values, stage string) error {
 				&loader.BufferedFile{Name: template},
 			)
 		}
-
-		// Fill add-on's sub-charts with control-plane templates
-		for _, addOn := range addOns {
-			addOnCharts[addOn.Name()].Files = append(addOnCharts[addOn.Name()].Files, addOn.ControlPlaneStageTemplates()...)
-		}
-
 	}
 
 	// TODO refactor to use l5dcharts.LoadChart()
@@ -378,17 +334,6 @@ func render(w io.Writer, values *l5dcharts.Values, stage string) error {
 		return err
 	}
 
-	for _, addon := range addOns {
-		b, err := addOnCharts[addon.Name()].Render()
-		if err != nil {
-			return err
-		}
-
-		if _, err := buf.WriteString(b.String()); err != nil {
-			return err
-		}
-	}
-
 	if stage == "" || stage == controlPlaneStage {
 		overrides, err := renderOverrides(values, values.GetGlobal().Namespace)
 		if err != nil {

cli/cmd/install_addon_test.go

@@ -1,62 +0,0 @@
-package cmd
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"path/filepath"
-	"testing"
-
-	charts "github.com/linkerd/linkerd2/pkg/charts/linkerd2"
-	"sigs.k8s.io/yaml"
-)
-
-func TestAddOnRender(t *testing.T) {
-	withExistingGrafanaValues, err := testInstallOptions()
-	if err != nil {
-		t.Fatalf("Unexpected error: %v\n", err)
-	}
-	data, err := ioutil.ReadFile(filepath.Join("testdata", "existing-grafana-config.yaml"))
-	if err != nil {
-		t.Fatalf("Unexpected error: %v\n", err)
-	}
-	err = yaml.Unmarshal(data, withExistingGrafanaValues)
-	if err != nil {
-		t.Fatalf("Unexpected error: %v\n", err)
-	}
-	addFakeTLSSecrets(withExistingGrafanaValues)
-
-	withPrometheusAddOnOverwriteValues, err := testInstallOptions()
-	if err != nil {
-		t.Fatalf("Unexpected error: %v\n", err)
-	}
-	data, err = ioutil.ReadFile(filepath.Join("testdata", "prom-config.yaml"))
-	if err != nil {
-		t.Fatalf("Unexpected error: %v\n", err)
-	}
-	err = yaml.Unmarshal(data, withPrometheusAddOnOverwriteValues)
-	if err != nil {
-		t.Fatalf("Unexpected error: %v\n", err)
-	}
-	addFakeTLSSecrets(withPrometheusAddOnOverwriteValues)
-
-	testCases := []struct {
-		values         *charts.Values
-		goldenFileName string
-	}{
-
-		{withExistingGrafanaValues, "install_grafana_existing.golden"},
-		{withPrometheusAddOnOverwriteValues, "install_prometheus_overwrite.golden"},
-	}
-
-	for i, tc := range testCases {
-		tc := tc // pin
-		t.Run(fmt.Sprintf("%d: %s", i, tc.goldenFileName), func(t *testing.T) {
-			var buf bytes.Buffer
-			if err := render(&buf, tc.values, ""); err != nil {
-				t.Fatalf("Failed to render templates: %v", err)
-			}
-			diffTestdata(t, tc.goldenFileName, buf.String())
-		})
-	}
-}

cli/cmd/install_helm_test.go

@@ -6,12 +6,9 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/linkerd/linkerd2/pkg/charts"
 	l5dcharts "github.com/linkerd/linkerd2/pkg/charts/linkerd2"
-	"github.com/linkerd/linkerd2/pkg/charts/static"
 	"github.com/linkerd/linkerd2/pkg/k8s"
 	"helm.sh/helm/v3/pkg/chart"
-	"helm.sh/helm/v3/pkg/chart/loader"
 	"helm.sh/helm/v3/pkg/chartutil"
 	"helm.sh/helm/v3/pkg/engine"
 	"sigs.k8s.io/yaml"
@@ -36,16 +33,6 @@ func TestRenderHelm(t *testing.T) {
 		testRenderHelm(t, chartControlPlane, "install_helm_output_ha.golden")
 	})
 
-	t.Run("Non-HA with add-ons mode", func(t *testing.T) {
-		ha := false
-		additionalConfig := `
-tracing:
-  enabled: true
-`
-		chartControlPlane := chartControlPlane(t, ha, additionalConfig, "111", "222")
-		testRenderHelm(t, chartControlPlane, "install_helm_output_addons.golden")
-	})
-
 	t.Run("HA mode with podLabels and podAnnotations", func(t *testing.T) {
 		ha := true
 		additionalConfig := `
@@ -248,15 +235,6 @@ func chartControlPlane(t *testing.T, ha bool, additionalConfig string, ignoreOut
 
 	linkerd2Chart.AddDependency(chartPartials)
 
-	addons, err := l5dcharts.ParseAddOnValues(values)
-	if err != nil {
-		t.Fatal("Unexpected error", err)
-	}
-
-	for _, addon := range addons {
-		linkerd2Chart.AddDependency(buildAddOnChart(t, addon, chartPartials))
-	}
-
 	for _, filepath := range append(templatesConfigStage, templatesControlPlaneStage...) {
 		linkerd2Chart.Templates = append(linkerd2Chart.Templates, &chart.File{
 			Name: filepath,
@@ -271,41 +249,6 @@ func chartControlPlane(t *testing.T, ha bool, additionalConfig string, ignoreOut
 	return linkerd2Chart
 }
 
-func buildAddOnChart(t *testing.T, addon l5dcharts.AddOn, chartPartials *chart.Chart) *chart.Chart {
-	rawValues := readValuesFile(t, filepath.Join("add-ons", addon.Name()))
-
-	var values chartutil.Values
-	err := yaml.Unmarshal(rawValues, &values)
-	if err != nil {
-		t.Fatal("Unexpected error", err)
-	}
-
-	addOnChart := chart.Chart{
-		Metadata: &chart.Metadata{
-			Name: addon.Name(),
-			Sources: []string{
-				filepath.Join("..", "..", "..", "charts", "add-ons", addon.Name()),
-			},
-		},
-		Values: values,
-	}
-
-	addOnChart.AddDependency(chartPartials)
-
-	for _, filepath := range append(addon.ConfigStageTemplates(), addon.ControlPlaneStageTemplates()...) {
-		addOnChart.Templates = append(addOnChart.Templates, &chart.File{
-			Name: filepath.Name,
-		})
-	}
-
-	for _, template := range addOnChart.Templates {
-		filepath := filepath.Join(addOnChart.Metadata.Sources[0], template.Name)
-		template.Data = []byte(readTestdata(t, filepath))
-	}
-
-	return &addOnChart
-}
-
 func chartPartials(t *testing.T, paths []string) *chart.Chart {
 	var partialTemplates []*chart.File
 	for _, path := range paths {
@@ -346,17 +289,3 @@ func readTestValues(ha bool, ignoreOutboundPorts string, ignoreInboundPorts stri
 
 	return values, nil
 }
-
-// readValues reads values.yaml file from the given path
-func readValuesFile(t *testing.T, path string) []byte {
-
-	valuesFiles := []*loader.BufferedFile{
-		{Name: chartutil.ValuesfileName},
-	}
-
-	if err := charts.FilesReader(static.Templates, path+"/", valuesFiles); err != nil {
-		t.Fatal("Unexpected error", err)
-	}
-
-	return valuesFiles[0].Data
-}

cli/cmd/install_test.go

@@ -31,12 +31,10 @@ func TestRender(t *testing.T) {
 	// by `render()`.
 	metaValues := &charts.Values{
 		ControllerImage:        "ControllerImage",
-		WebImage:                    "WebImage",
 		ControllerUID:          2103,
 		EnableH2Upgrade:        true,
 		WebhookFailurePolicy:   "WebhookFailurePolicy",
 		OmitWebhookSideEffects: false,
-		RestrictDashboardPrivileges: false,
 		InstallNamespace:       true,
 		Identity:               defaultValues.Identity,
 		NodeSelector:           defaultValues.NodeSelector,
@@ -126,15 +124,6 @@ func TestRender(t *testing.T) {
 		ControllerReplicas: 1,
 		ProxyInjector:      defaultValues.ProxyInjector,
 		ProfileValidator:   defaultValues.ProfileValidator,
-		Tap:                defaultValues.Tap,
-		Dashboard: &charts.Dashboard{
-			Replicas: 1,
-		},
-		Prometheus: charts.Prometheus{
-			"enabled": true,
-			"image":   "PrometheusImage",
-		},
-		Grafana: defaultValues.Grafana,
 	}
 
 	haValues, err := testInstallOptionsHA(true)
@@ -177,13 +166,6 @@ func TestRender(t *testing.T) {
 	withHeartBeatDisabledValues.DisableHeartBeat = true
 	addFakeTLSSecrets(withHeartBeatDisabledValues)
 
-	withRestrictedDashboardPrivilegesValues, err := testInstallOptions()
-	if err != nil {
-		t.Fatalf("Unexpected error: %v\n", err)
-	}
-	withRestrictedDashboardPrivilegesValues.RestrictDashboardPrivileges = true
-	addFakeTLSSecrets(withRestrictedDashboardPrivilegesValues)
-
 	withControlPlaneTracingValues, err := testInstallOptions()
 	if err != nil {
 		t.Fatalf("Unexpected error: %v\n", err)
@@ -225,7 +207,6 @@ func TestRender(t *testing.T) {
 		{cniEnabledValues, "install_no_init_container.golden"},
 		{withProxyIgnoresValues, "install_proxy_ignores.golden"},
 		{withHeartBeatDisabledValues, "install_heartbeat_disabled_output.golden"},
-		{withRestrictedDashboardPrivilegesValues, "install_restricted_dashboard.golden"},
 		{withControlPlaneTracingValues, "install_controlplane_tracing_output.golden"},
 		{withCustomRegistryValues, "install_custom_registry.golden"},
 		{withCustomDestinationGetNetsValues, "install_default_override_dst_get_nets.golden"},
@@ -556,7 +537,4 @@ func addFakeTLSSecrets(values *charts.Values) {
 	values.ProfileValidator.CrtPEM = "profile validator crt"
 	values.ProfileValidator.KeyPEM = "profile validator key"
 	values.ProfileValidator.CaBundle = "profile validator CA bundle"
-	values.Tap.CrtPEM = "tap crt"
-	values.Tap.KeyPEM = "tap key"
-	values.Tap.CaBundle = "tap CA bundle"
 }

cli/cmd/options.go

@@ -229,13 +229,6 @@ func makeAllStageFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet)
 				return nil
 			}),
 
-		flag.NewBoolFlag(allStageFlags, "restrict-dashboard-privileges", defaults.RestrictDashboardPrivileges,
-			"Restrict the Linkerd Dashboard's default privileges to disallow Tap and Check",
-			func(values *l5dcharts.Values, value bool) error {
-				values.RestrictDashboardPrivileges = value
-				return nil
-			}),
-
 		flag.NewStringFlag(allStageFlags, "config", "",
 			"A path to a yaml configuration file. The fields in this file will override the values used to install or upgrade Linkerd.",
 			func(values *l5dcharts.Values, value string) error {
@@ -324,7 +317,6 @@ func makeProxyFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet) {
 
 		flag.NewStringFlag(proxyFlags, "registry", defaultDockerRegistry, "Docker registry to pull images from",
 			func(values *l5dcharts.Values, value string) error {
-				values.WebImage = registryOverride(values.WebImage, value)
 				values.ControllerImage = registryOverride(values.ControllerImage, value)
 				values.DebugContainer.Image.Name = registryOverride(values.DebugContainer.Image.Name, value)
 				values.GetGlobal().Proxy.Image.Name = registryOverride(values.GetGlobal().Proxy.Image.Name, value)

cli/cmd/root.go

@@ -12,6 +12,7 @@ import (
 	"github.com/linkerd/linkerd2/cli/flag"
 	jaeger "github.com/linkerd/linkerd2/jaeger/cmd"
 	multicluster "github.com/linkerd/linkerd2/multicluster/cmd"
+	viz "github.com/linkerd/linkerd2/viz/cmd"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@@ -21,6 +22,7 @@ import (
 const (
 	defaultLinkerdNamespace    = "linkerd"
 	defaultCNINamespace        = "linkerd-cni"
+	defaultLinkerdVizNamespace = "linkerd-viz"
 	defaultClusterDomain       = "cluster.local"
 	defaultDockerRegistry      = "ghcr.io/linkerd"
 
@@ -132,6 +134,7 @@ func init() {
 	// Extension Sub Commands
 	RootCmd.AddCommand(jaeger.NewCmdJaeger())
 	RootCmd.AddCommand(multicluster.NewCmdMulticluster())
+	RootCmd.AddCommand(viz.NewCmdViz())
 }
 
 type statOptionsBase struct {

cli/cmd/testdata/grafana_disabled.yaml

@@ -1,2 +0,0 @@
-grafana:
-  enabled: false

cli/cmd/testdata/grafana_enabled.yaml

@@ -1,2 +0,0 @@
-grafana:
-  enabled: true

cli/cmd/testdata/grafana_enabled_resources.yaml

@@ -1,9 +0,0 @@
-grafana:
-  enabled: true
-  resources:
-    cpu:
-      limit: "1"
-      request: 100m
-    memory:
-      limit: 250Mi
-      request: 50Mi

cli/cmd/testdata/grafana_overwrite.yaml

@@ -1,5 +0,0 @@
-grafana:
-  enabled: true
-  image:
-    name: linkerd-image-overwrite
-    tag: image-tag-overwrite

cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml

@@ -97,7 +97,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:install-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml

@@ -97,7 +97,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:install-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -266,7 +266,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:install-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml

@@ -97,7 +97,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:install-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_contour.golden.yml

@@ -126,7 +126,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml

@@ -108,7 +108,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -288,7 +288,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -468,7 +468,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -648,7 +648,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment.golden.yml

@@ -108,7 +108,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml

@@ -116,7 +116,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml

@@ -108,7 +108,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -288,7 +288,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml

@@ -113,7 +113,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml

@@ -108,7 +108,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml

@@ -109,7 +109,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml

@@ -108,7 +108,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml

@@ -109,7 +109,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml

@@ -110,7 +110,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml

@@ -110,7 +110,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_emojivoto_list.golden.yml

@@ -110,7 +110,7 @@ items:
           - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
             value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
           - name: LINKERD2_PROXY_TAP_SVC_NAME
-            value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+            value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
           image: ghcr.io/linkerd/proxy:test-inject-proxy-version
           imagePullPolicy: IfNotPresent
           livenessProbe:
@@ -284,7 +284,7 @@ items:
           - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
             value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
           - name: LINKERD2_PROXY_TAP_SVC_NAME
-            value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+            value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
           image: ghcr.io/linkerd/proxy:test-inject-proxy-version
           imagePullPolicy: IfNotPresent
           livenessProbe:

cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml

@@ -110,7 +110,7 @@ items:
           - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
             value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
           - name: LINKERD2_PROXY_TAP_SVC_NAME
-            value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+            value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
           image: ghcr.io/linkerd/proxy:test-inject-proxy-version
           imagePullPolicy: IfNotPresent
           livenessProbe:
@@ -284,7 +284,7 @@ items:
           - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
             value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
           - name: LINKERD2_PROXY_TAP_SVC_NAME
-            value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+            value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
           image: ghcr.io/linkerd/proxy:test-inject-proxy-version
           imagePullPolicy: IfNotPresent
           livenessProbe:

cli/cmd/testdata/inject_emojivoto_pod.golden.yml

@@ -93,7 +93,7 @@ spec:
     - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
       value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
     - name: LINKERD2_PROXY_TAP_SVC_NAME
-      value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+      value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
     image: ghcr.io/linkerd/proxy:test-inject-proxy-version
     imagePullPolicy: IfNotPresent
     livenessProbe:

cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml

@@ -95,7 +95,7 @@ spec:
     - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
       value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
     - name: LINKERD2_PROXY_TAP_SVC_NAME
-      value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+      value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
     image: ghcr.io/linkerd/proxy:test-inject-proxy-version
     imagePullPolicy: IfNotPresent
     livenessProbe:

cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml

@@ -97,7 +97,7 @@ spec:
     - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
       value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
     - name: LINKERD2_PROXY_TAP_SVC_NAME
-      value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+      value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
     image: ghcr.io/linkerd/proxy:test-inject-proxy-version
     imagePullPolicy: IfNotPresent
     livenessProbe:

cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml

@@ -109,7 +109,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_gettest_deployment.good.golden.yml

@@ -110,7 +110,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:testinjectversion
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -292,7 +292,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:testinjectversion
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/testdata/inject_tap_deployment_debug.golden.yml

@@ -161,7 +161,7 @@ spec:
         - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
           value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         - name: LINKERD2_PROXY_TAP_SVC_NAME
-          value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
+          value: linkerd-tap.linkerd-viz.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
         image: ghcr.io/linkerd/proxy:test-inject-proxy-version
         imagePullPolicy: IfNotPresent
         livenessProbe:

cli/cmd/upgrade.go

@@ -247,13 +247,6 @@ func upgrade(ctx context.Context, k *k8s.KubernetesAPI, flags []flag.Flag, stage
 		}
 	}
 
-	if addOnOverwrite {
-		err = clearAddonOverrides(values)
-		if err != nil {
-			return bytes.Buffer{}, err
-		}
-	}
-
 	err = flag.ApplySetFlags(values, flags)
 	if err != nil {
 		return bytes.Buffer{}, err
@@ -359,13 +352,3 @@ func ensureIssuerCertWorksWithAllProxies(ctx context.Context, k *k8s.KubernetesA
 	}
 	return nil
 }
-
-func clearAddonOverrides(values *l5dcharts.Values) error {
-	defaults, err := l5dcharts.NewValues()
-	if err != nil {
-		return err
-	}
-	values.Grafana = defaults.Grafana
-	values.Prometheus = defaults.Prometheus
-	return nil
-}

cli/cmd/upgrade_legacy.go

@@ -13,11 +13,9 @@ import (
 	"github.com/linkerd/linkerd2/pkg/issuercerts"
 	"github.com/linkerd/linkerd2/pkg/k8s"
 	"github.com/linkerd/linkerd2/pkg/version"
-	log "github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes"
-	"sigs.k8s.io/yaml"
 )
 
 func loadStoredValuesLegacy(ctx context.Context, k *k8s.KubernetesAPI) (*charts.Values, error) {
@@ -66,75 +64,9 @@ func loadStoredValuesLegacy(ctx context.Context, k *k8s.KubernetesAPI) (*charts.
 		}
 	}
 
-	if !addOnOverwrite {
-		// Update Add-Ons Configuration from the linkerd-value cm
-		cmRawValues, _ := k8s.GetAddOnsConfigMap(ctx, k, controlPlaneNamespace)
-		if cmRawValues != nil {
-			//Cm is present now get the data
-			cmData, ok := cmRawValues["values"]
-			if !ok {
-				return nil, fmt.Errorf("values subpath not found in %s configmap", k8s.AddOnsConfigMapName)
-			}
-
-			// repair Add-On configs
-			repairedCm, err := repairAddOnConfig([]byte(cmData))
-			if err == nil {
-				// Update only if there is no error
-				cmData = string(repairedCm)
-			} else {
-				log.Warnf("add-on config repair failed: %s", err)
-			}
-
-			if err = yaml.Unmarshal([]byte(cmData), &values); err != nil {
-				return nil, err
-			}
-		}
-	}
-
 	return values, nil
 }
 
-func repairAddOnConfig(rawValues []byte) ([]byte, error) {
-
-	var values map[string]interface{}
-	err := yaml.Unmarshal(rawValues, &values)
-	if err != nil {
-		return nil, err
-	}
-
-	// Grafana Depreciation Fix
-	// Convert into Map instead of Values, as the latter returns with empty values
-	if grafana, err := healthcheck.GetMap(values, "grafana"); err == nil {
-		image, err := healthcheck.GetMap(grafana, "image")
-		if err == nil {
-			// Remove image.name tag if only name is present and set to the older image tag
-			if val, err := healthcheck.GetString(image, "name"); err == nil && val == "gcr.io/linkerd-io/grafana" {
-				delete(image, "name")
-			}
-
-			// Remove image tag if its a empty map
-			if len(image) == 0 {
-				delete(grafana, "image")
-			}
-		}
-
-		// Handle removal of grafana.name field
-		name, err := healthcheck.GetString(grafana, "name")
-		if err == nil {
-			// If default, remove it as its no longer needed
-			if name == "linkerd-grafana" {
-				delete(grafana, "name")
-			}
-		}
-
-	}
-	rawValues, err = yaml.Marshal(values)
-	if err != nil {
-		return nil, err
-	}
-	return rawValues, nil
-}
-
 func setFlagsFromInstall(flags *pflag.FlagSet, installFlags []*pb.Install_Flag) {
 	for _, i := range installFlags {
 		if f := flags.Lookup(i.GetName()); f != nil && !f.Changed {

cli/cmd/upgrade_test.go

@@ -8,7 +8,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"path/filepath"
 	"strings"
 	"testing"
 
@@ -19,7 +18,6 @@ import (
 	"github.com/linkerd/linkerd2/pkg/tls"
 	"github.com/spf13/pflag"
 	corev1 "k8s.io/api/core/v1"
-	"sigs.k8s.io/yaml"
 )
 
 const (
@@ -288,13 +286,7 @@ func TestUpgradeWebhookCrtsNameChange(t *testing.T) {
 		CrtPEM:   injectorCerts.crt,
 		KeyPEM:   injectorCerts.key,
 	}
-	tapCerts := generateCerts(t, "linkerd-tap.linkerd.svc", false)
-	defer tapCerts.cleanup()
-	installOpts.Tap.TLS = &linkerd2.TLS{
-		CaBundle: tapCerts.ca,
-		CrtPEM:   tapCerts.crt,
-		KeyPEM:   tapCerts.key,
-	}
+
 	validatorCerts := generateCerts(t, "linkerd-sp-validator.linkerd.svc", false)
 	defer validatorCerts.cleanup()
 	installOpts.ProfileValidator.TLS = &linkerd2.TLS{
@@ -346,13 +338,7 @@ func TestUpgradeTwoLevelWebhookCrts(t *testing.T) {
 		CrtPEM:   injectorCerts.crt,
 		KeyPEM:   injectorCerts.key,
 	}
-	tapCerts := generateCerts(t, "linkerd-tap.linkerd.svc", false)
-	defer tapCerts.cleanup()
-	installOpts.Tap.TLS = &linkerd2.TLS{
-		CaBundle: tapCerts.ca,
-		CrtPEM:   tapCerts.crt,
-		KeyPEM:   tapCerts.key,
-	}
+
 	validatorCerts := generateCerts(t, "linkerd-sp-validator.linkerd.svc", false)
 	defer validatorCerts.cleanup()
 	installOpts.ProfileValidator.TLS = &linkerd2.TLS{
@@ -379,168 +365,6 @@ func TestUpgradeTwoLevelWebhookCrts(t *testing.T) {
 	}
 }
 
-func TestUpgradeWithAddonDisabled(t *testing.T) {
-	installOpts, upgradeOpts, _ := testOptions(t)
-
-	installAddons, err := ioutil.ReadFile(filepath.Join("testdata", "grafana_disabled.yaml"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = yaml.Unmarshal(installAddons, installOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	install := renderInstall(t, installOpts)
-	upgrade, err := renderUpgrade(install.String(), upgradeOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-	expected := replaceVersions(install.String())
-	expectedManifests := parseManifestList(expected)
-	upgradeManifests := parseManifestList(upgrade.String())
-	for id, diffs := range diffManifestLists(expectedManifests, upgradeManifests) {
-		for _, diff := range diffs {
-			if ignorableDiff(id, diff) {
-				continue
-			}
-			t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
-		}
-	}
-}
-
-func TestUpgradeEnableAddon(t *testing.T) {
-	installOpts, upgradeOpts, flagSet := testOptions(t)
-
-	installAddons, err := ioutil.ReadFile(filepath.Join("testdata", "grafana_disabled.yaml"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = yaml.Unmarshal(installAddons, installOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	install := renderInstall(t, installOpts)
-
-	flagSet.Set("config", filepath.Join("testdata", "grafana_enabled.yaml"))
-
-	upgrade, err := renderUpgrade(install.String(), upgradeOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-	expected := replaceVersions(install.String())
-	expectedManifests := parseManifestList(expected)
-	upgradeManifests := parseManifestList(upgrade.String())
-	diffMap := diffManifestLists(expectedManifests, upgradeManifests)
-	addonManifests := []string{
-		"ServiceAccount/linkerd-grafana", "Deployment/linkerd-grafana", "Service/linkerd-grafana",
-		"ConfigMap/linkerd-grafana-config",
-	}
-	for _, id := range addonManifests {
-		if _, ok := diffMap[id]; ok {
-			delete(diffMap, id)
-		} else {
-			t.Errorf("Expected %s in upgrade output but was absent", id)
-		}
-	}
-	for id, diffs := range diffMap {
-		for _, diff := range diffs {
-			if ignorableDiff(id, diff) {
-				continue
-			}
-			if id == "RoleBinding/linkerd-psp" && pathMatch(diff.path, []string{"subjects"}) {
-				continue
-			}
-			if id == "Deployment/linkerd-web" && pathMatch(diff.path, []string{"spec", "template", "spec", "containers", "*", "args"}) {
-				continue
-			}
-			t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
-		}
-	}
-}
-
-func TestUpgradeRemoveAddonKeys(t *testing.T) {
-	installOpts, upgradeOpts, flagSet := testOptions(t)
-
-	installAddons, err := ioutil.ReadFile(filepath.Join("testdata", "grafana_enabled_resources.yaml"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = yaml.Unmarshal(installAddons, installOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	install := renderInstall(t, installOpts)
-
-	flagSet.Set("config", filepath.Join("testdata", "grafana_enabled.yaml"))
-
-	upgrade, err := renderUpgrade(install.String(), upgradeOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-	expected := replaceVersions(install.String())
-	expectedManifests := parseManifestList(expected)
-	upgradeManifests := parseManifestList(upgrade.String())
-	for id, diffs := range diffManifestLists(expectedManifests, upgradeManifests) {
-		for _, diff := range diffs {
-			if ignorableDiff(id, diff) {
-				continue
-			}
-			t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
-		}
-	}
-}
-
-func TestUpgradeOverwriteRemoveAddonKeys(t *testing.T) {
-	installOpts, upgradeOpts, flagSet := testOptions(t)
-
-	installAddons, err := ioutil.ReadFile(filepath.Join("testdata", "grafana_enabled_resources.yaml"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = yaml.Unmarshal(installAddons, installOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	install := renderInstall(t, installOpts)
-
-	flagSet.Set("config", filepath.Join("testdata", "grafana_enabled.yaml"))
-	flagSet.Set("addon-overwrite", "true")
-
-	upgrade, err := renderUpgrade(install.String(), upgradeOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-	expected := replaceVersions(install.String())
-	expectedManifests := parseManifestList(expected)
-	upgradeManifests := parseManifestList(upgrade.String())
-	diffMap := diffManifestLists(expectedManifests, upgradeManifests)
-
-	resourceDiffFound := false
-	for id, diffs := range diffMap {
-		for _, diff := range diffs {
-			if ignorableDiff(id, diff) {
-				continue
-			}
-			if id == "Deployment/linkerd-grafana" && pathMatch(diff.path, []string{"spec", "template", "spec", "containers", "*", "resources"}) {
-				resourceDiffFound = true
-				continue
-			}
-			t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
-		}
-	}
-	if !resourceDiffFound {
-		t.Error("Expected grafana resources requirements to be removed, but were not")
-	}
-}
-
 /* Helpers */
 
 func testUpgradeOptions() ([]flag.Flag, *pflag.FlagSet, error) {

jaeger/cmd/install.go

@@ -2,7 +2,6 @@ package cmd
 
 import (
 	"bytes"
-	"context"
 	"fmt"
 	"io"
 	"os"
@@ -19,8 +18,6 @@ import (
 	"helm.sh/helm/v3/pkg/chartutil"
 	"helm.sh/helm/v3/pkg/cli/values"
 	"helm.sh/helm/v3/pkg/engine"
-	kerrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 var (
@@ -48,7 +45,12 @@ func newCmdInstall() *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			if !skipChecks {
 				// Ensure there is a Linkerd installation.
-				exists, err := checkIfLinkerdExists(cmd.Context())
+				kubeAPI, err := k8s.NewAPI(kubeconfigPath, kubeContext, impersonate, impersonateGroup, 0)
+				if err != nil {
+					return err
+				}
+
+				exists, err := healthcheck.CheckIfLinkerdExists(cmd.Context(), kubeAPI, controlPlaneNamespace)
 				if err != nil {
 					return fmt.Errorf("could not check for Linkerd existence: %s", err)
 				}
@@ -149,28 +151,3 @@ func render(w io.Writer, valuesOverrides map[string]interface{}) error {
 	_, err = w.Write(buf.Bytes())
 	return err
 }
-
-func checkIfLinkerdExists(ctx context.Context) (bool, error) {
-	kubeAPI, err := k8s.NewAPI(kubeconfigPath, kubeContext, impersonate, impersonateGroup, 0)
-	if err != nil {
-		return false, err
-	}
-
-	_, err = kubeAPI.CoreV1().Namespaces().Get(ctx, controlPlaneNamespace, metav1.GetOptions{})
-	if err != nil {
-		if kerrors.IsNotFound(err) {
-			return false, nil
-		}
-		return false, err
-	}
-
-	_, _, err = healthcheck.FetchCurrentConfiguration(ctx, kubeAPI, controlPlaneNamespace)
-	if err != nil {
-		if kerrors.IsNotFound(err) {
-			return false, nil
-		}
-		return false, err
-	}
-
-	return true, nil
-}

pkg/charts/linkerd2/addons.go

@@ -1,43 +0,0 @@
-package linkerd2
-
-import (
-	"fmt"
-
-	"helm.sh/helm/v3/pkg/chart/loader"
-)
-
-// AddOn includes the general functions required by add-on, provides
-// a common abstraction for install, etc
-type AddOn interface {
-	Name() string
-	ConfigStageTemplates() []*loader.BufferedFile
-	ControlPlaneStageTemplates() []*loader.BufferedFile
-	Values() []byte
-}
-
-// ParseAddOnValues takes a Values struct, and returns an array of the enabled add-ons
-func ParseAddOnValues(values *Values) ([]AddOn, error) {
-	var addOns []AddOn
-
-	if values.Grafana != nil {
-		if enabled, ok := values.Grafana["enabled"]; ok {
-			if enabled, ok := enabled.(bool); !ok {
-				return nil, fmt.Errorf("invalid value for 'grafana.enabled' (should be boolean): %s", values.Grafana["enabled"])
-			} else if enabled {
-				addOns = append(addOns, values.Grafana)
-			}
-		}
-	}
-
-	if values.Prometheus != nil {
-		if enabled, ok := values.Prometheus["enabled"]; ok {
-			if enabled, ok := enabled.(bool); !ok {
-				return nil, fmt.Errorf("invalid value for 'prometheus.enabled' (should be boolean): %s", values.Prometheus["enabled"])
-			} else if enabled {
-				addOns = append(addOns, values.Prometheus)
-			}
-		}
-	}
-
-	return addOns, nil
-}

pkg/charts/linkerd2/addons_test.go

@@ -1,34 +0,0 @@
-package linkerd2
-
-import (
-	"reflect"
-	"testing"
-
-	"sigs.k8s.io/yaml"
-)
-
-func TestParseAddOnValues(t *testing.T) {
-
-	addonConfig := `
-Grafana:
-  enabled: true
-`
-	var addOnValues Values
-	err := yaml.Unmarshal([]byte(addonConfig), &addOnValues)
-	if err != nil {
-		t.Fatalf("Unexpected error: %s", err)
-	}
-
-	addOns, err := ParseAddOnValues(&addOnValues)
-	if err != nil {
-		t.Fatalf("Unexpected error: %s", err)
-	}
-
-	// Check for Grafana addOn to be present
-	if len(addOns) != 1 {
-		t.Fatalf("expected 1 add-on to be present but found %d", len(addOns))
-	}
-	if !reflect.DeepEqual(addOns[0], Grafana{"enabled": true}) {
-		t.Fatal("expected grafana add-on to be present")
-	}
-}

pkg/charts/linkerd2/grafana.go

@@ -1,42 +0,0 @@
-package linkerd2
-
-import (
-	"helm.sh/helm/v3/pkg/chart/loader"
-	"sigs.k8s.io/yaml"
-)
-
-const (
-	// GrafanaAddOn is the name of the grafana add-on
-	GrafanaAddOn = "grafana"
-)
-
-// Grafana is an add-on that consists of the grafana components
-type Grafana map[string]interface{}
-
-// Name returns the name of the Grafana add-on
-func (g Grafana) Name() string {
-	return GrafanaAddOn
-}
-
-// Values returns the configuration values that were assigned for this add-on
-func (g Grafana) Values() []byte {
-	values, err := yaml.Marshal(g)
-	if err != nil {
-		return nil
-	}
-	return values
-}
-
-// ConfigStageTemplates returns the template files that are part of the config stage
-func (g Grafana) ConfigStageTemplates() []*loader.BufferedFile {
-	return []*loader.BufferedFile{
-		{Name: "templates/grafana-rbac.yaml"},
-	}
-}
-
-// ControlPlaneStageTemplates returns the template files that are part of the Control Plane Stage.
-func (g Grafana) ControlPlaneStageTemplates() []*loader.BufferedFile {
-	return []*loader.BufferedFile{
-		{Name: "templates/grafana.yaml"},
-	}
-}

pkg/charts/linkerd2/prometheus.go

@@ -1,42 +0,0 @@
-package linkerd2
-
-import (
-	"helm.sh/helm/v3/pkg/chart/loader"
-	"sigs.k8s.io/yaml"
-)
-
-var (
-	// PrometheusAddOn is the name of the prometheus add-on
-	PrometheusAddOn = "prometheus"
-)
-
-// Prometheus is an add-on that installs the prometheus component
-type Prometheus map[string]interface{}
-
-// Name returns the name of the Prometheus add-on
-func (p Prometheus) Name() string {
-	return PrometheusAddOn
-}
-
-// Values returns the configuration values that were assigned for this add-on
-func (p Prometheus) Values() []byte {
-	values, err := yaml.Marshal(p)
-	if err != nil {
-		return nil
-	}
-	return values
-}
-
-// ConfigStageTemplates returns the template files that are part of the config stage
-func (p Prometheus) ConfigStageTemplates() []*loader.BufferedFile {
-	return []*loader.BufferedFile{
-		{Name: "templates/prometheus-rbac.yaml"},
-	}
-}
-
-// ControlPlaneStageTemplates returns the template files that are part of the Control Plane Stage.
-func (p Prometheus) ControlPlaneStageTemplates() []*loader.BufferedFile {
-	return []*loader.BufferedFile{
-		{Name: "templates/prometheus.yaml"},
-	}
-}

pkg/charts/linkerd2/tracing.go

@@ -1,43 +0,0 @@
-package linkerd2
-
-import (
-	"helm.sh/helm/v3/pkg/chart/loader"
-	"sigs.k8s.io/yaml"
-)
-
-var (
-	// TracingAddOn represents the name of the tracing add-on
-	TracingAddOn = "tracing"
-)
-
-// Tracing is an add-on that installs the distributed tracing
-// related components like OpenCensus Collector and Jaeger
-type Tracing map[string]interface{}
-
-// Name returns the name of the Tracing add-on
-func (t Tracing) Name() string {
-	return TracingAddOn
-}
-
-// Values returns the configuration values that were assigned for this add-on
-func (t Tracing) Values() []byte {
-	values, err := yaml.Marshal(t)
-	if err != nil {
-		return nil
-	}
-	return values
-}
-
-// ConfigStageTemplates returns the template files that are part of the config stage
-func (t Tracing) ConfigStageTemplates() []*loader.BufferedFile {
-	return []*loader.BufferedFile{
-		{Name: "templates/tracing-rbac.yaml"},
-	}
-}
-
-// ControlPlaneStageTemplates returns the template files that are part of the Control Plane Stage.
-func (t Tracing) ControlPlaneStageTemplates() []*loader.BufferedFile {
-	return []*loader.BufferedFile{
-		{Name: "templates/tracing.yaml"},
-	}
-}