mirror of https://github.com/linkerd/linkerd2.git
Expose namespaceSelector for admission webhooks in helm chart (#5074)
Closes (#5026) Signed-off-by: Alex Leong <alex@buoyant.io> Co-authored-by: Raphael Taylor-Davies <r.taylordavies@googlemail.com>
This commit is contained in:
Alex Leong
GitHub
parent
f0493a085d
commit
500c1cc2d7
|
|
@ -156,13 +156,15 @@ their default values.
|
||||||
| `identityPoxyResources` | CPU and Memory resources required by proxy injected into identity pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
|
| `identityPoxyResources` | CPU and Memory resources required by proxy injected into identity pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
|
||||||
| `installNamespace` | Set to false when installing Linkerd in a custom namespace. See the [Linkerd documentation](https://linkerd.io/2/tasks/install-helm/#customizing-the-namespace) for more information. | `true` |
|
| `installNamespace` | Set to false when installing Linkerd in a custom namespace. See the [Linkerd documentation](https://linkerd.io/2/tasks/install-helm/#customizing-the-namespace) for more information. | `true` |
|
||||||
| `omitWebhookSideEffects` | Omit the `sideEffects` flag in the webhook manifests | `false` |
|
| `omitWebhookSideEffects` | Omit the `sideEffects` flag in the webhook manifests | `false` |
|
||||||
| `proxyInjector.externalSecret` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `proxyInjector.caBundle` must be set (see below). | false |
|
| `proxyInjector.externalSecret` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `proxyInjector.caBundle` must be set (see below). | `false` |
|
||||||
|
| `proxyInjector.namespaceSelector` | Namespace selector used by admission webhook. If not set defaults to all namespaces without the annotation `config.linkerd.io/admission-webhooks=disabled` | |
|
||||||
| `proxyInjector.crtPEM` | Certificate for the proxy injector. If not provided then Helm will generate one. | |
|
| `proxyInjector.crtPEM` | Certificate for the proxy injector. If not provided then Helm will generate one. | |
|
||||||
| `proxyInjector.keyPEM` | Certificate key for the proxy injector. If not provided then Helm will generate one. | |
|
| `proxyInjector.keyPEM` | Certificate key for the proxy injector. If not provided then Helm will generate one. | |
|
||||||
| `proxyInjector.caBundle` | Bundle of CA certificates for proxy injector. If not provided then Helm will use the certificate generated for `proxyInjector.crtPEM`. If `proxyInjector.externalSecret` is set to true, this value must be set, as no certificate will be generated. | |
|
| `proxyInjector.caBundle` | Bundle of CA certificates for proxy injector. If not provided then Helm will use the certificate generated for `proxyInjector.crtPEM`. If `proxyInjector.externalSecret` is set to true, this value must be set, as no certificate will be generated. | |
|
||||||
| `proxyInjectorResources` | CPU and Memory resources required by the proxy injector (see `global.proxy.resources` for sub-fields) | |
|
| `proxyInjectorResources` | CPU and Memory resources required by the proxy injector (see `global.proxy.resources` for sub-fields) | |
|
||||||
| `proxyInjectorProxyResources` | CPU and Memory resources required by proxy injected into the proxy injector pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
|
| `proxyInjectorProxyResources` | CPU and Memory resources required by proxy injected into the proxy injector pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
|
||||||
| `profileValidator.externalSecret` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `profileValidator.caBundle` must be set (see below). | false |
|
| `profileValidator.externalSecret` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `profileValidator.caBundle` must be set (see below). | false |
|
||||||
|
| `profileValidator.namespaceSelector` | Namespace selector used by admission webhook. If not set defaults to all namespaces without the annotation `config.linkerd.io/admission-webhooks=disabled` | |
|
||||||
| `profileValidator.crtPEM` | Certificate for the service profile validator. If not provided then Helm will generate one. | |
|
| `profileValidator.crtPEM` | Certificate for the service profile validator. If not provided then Helm will generate one. | |
|
||||||
| `profileValidator.keyPEM` | Certificate key for the service profile validator. If not provided then Helm will generate one. | |
|
| `profileValidator.keyPEM` | Certificate key for the service profile validator. If not provided then Helm will generate one. | |
|
||||||
| `profileValidator.caBundle` | Bundle of CA certificates for service profile validator. If not provided then Helm will use the certificate generated for `profileValidator.crtPEM`. If `profileValidator.externalSecret` is set to true, this value must be set, as no certificate will be generated. | |
|
| `profileValidator.caBundle` | Bundle of CA certificates for service profile validator. If not provided then Helm will use the certificate generated for `profileValidator.crtPEM`. If `profileValidator.externalSecret` is set to true, this value must be set, as no certificate will be generated. | |
|
||||||
|
|
|
||||||
|
|
@ -83,11 +83,7 @@ metadata:
|
||||||
webhooks:
|
webhooks:
|
||||||
- name: linkerd-proxy-injector.linkerd.io
|
- name: linkerd-proxy-injector.linkerd.io
|
||||||
namespaceSelector:
|
namespaceSelector:
|
||||||
matchExpressions:
|
{{- toYaml .Values.proxyInjector.namespaceSelector | trim | nindent 4 }}
|
||||||
- key: config.linkerd.io/admission-webhooks
|
|
||||||
operator: NotIn
|
|
||||||
values:
|
|
||||||
- disabled
|
|
||||||
clientConfig:
|
clientConfig:
|
||||||
service:
|
service:
|
||||||
name: linkerd-proxy-injector
|
name: linkerd-proxy-injector
|
||||||
|
|
|
||||||
|
|
@ -71,11 +71,7 @@ metadata:
|
||||||
webhooks:
|
webhooks:
|
||||||
- name: linkerd-sp-validator.linkerd.io
|
- name: linkerd-sp-validator.linkerd.io
|
||||||
namespaceSelector:
|
namespaceSelector:
|
||||||
matchExpressions:
|
{{- toYaml .Values.profileValidator.namespaceSelector | trim | nindent 4 }}
|
||||||
- key: config.linkerd.io/admission-webhooks
|
|
||||||
operator: NotIn
|
|
||||||
values:
|
|
||||||
- disabled
|
|
||||||
clientConfig:
|
clientConfig:
|
||||||
service:
|
service:
|
||||||
name: linkerd-sp-validator
|
name: linkerd-sp-validator
|
||||||
|
|
|
||||||
|
|
@ -178,6 +178,15 @@ heartbeatSchedule: "0 0 * * *"
|
||||||
# proxy injector configuration
|
# proxy injector configuration
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
|
||||||
|
# Namespace selector used by admission webhook
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
|
|
||||||
# if empty, Helm will auto-generate these fields
|
# if empty, Helm will auto-generate these fields
|
||||||
crtPEM: |
|
crtPEM: |
|
||||||
|
|
||||||
|
|
@ -194,6 +203,15 @@ proxyInjector:
|
||||||
# service profile validator configuration
|
# service profile validator configuration
|
||||||
profileValidator:
|
profileValidator:
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
|
||||||
|
# Namespace selector used by admission webhook
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
|
|
||||||
# if empty, Helm will auto-generate these fields
|
# if empty, Helm will auto-generate these fields
|
||||||
crtPEM: |
|
crtPEM: |
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,28 @@ global:
|
||||||
chartControlPlane := chartControlPlane(t, ha, additionalConfig, "333", "444")
|
chartControlPlane := chartControlPlane(t, ha, additionalConfig, "333", "444")
|
||||||
testRenderHelm(t, chartControlPlane, "install_helm_output_ha_labels.golden")
|
testRenderHelm(t, chartControlPlane, "install_helm_output_ha_labels.golden")
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("HA mode with custom namespaceSelector", func(t *testing.T) {
|
||||||
|
ha := true
|
||||||
|
additionalConfig := `
|
||||||
|
proxyInjector:
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- enabled
|
||||||
|
profileValidator:
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- enabled
|
||||||
|
`
|
||||||
|
chartControlPlane := chartControlPlane(t, ha, additionalConfig, "111", "222")
|
||||||
|
testRenderHelm(t, chartControlPlane, "install_helm_output_ha_namespace_selector.golden")
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func testRenderHelm(t *testing.T, chart *pb.Chart, goldenFileName string) {
|
func testRenderHelm(t *testing.T, chart *pb.Chart, goldenFileName string) {
|
||||||
|
|
|
||||||
|
|
@ -947,12 +947,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -165,12 +165,24 @@ data:
|
||||||
caBundle: ""
|
caBundle: ""
|
||||||
crtPEM: ""
|
crtPEM: ""
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: ""
|
caBundle: ""
|
||||||
crtPEM: ""
|
crtPEM: ""
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -947,12 +947,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -947,12 +947,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -947,12 +947,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -947,12 +947,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -944,12 +944,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -972,6 +972,12 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
resources:
|
resources:
|
||||||
|
|
@ -985,6 +991,12 @@ data:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources:
|
proxyInjectorResources:
|
||||||
cpu:
|
cpu:
|
||||||
|
|
|
||||||
|
|
@ -972,6 +972,12 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
resources:
|
resources:
|
||||||
|
|
@ -985,6 +991,12 @@ data:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources:
|
proxyInjectorResources:
|
||||||
cpu:
|
cpu:
|
||||||
|
|
|
||||||
|
|
@ -903,12 +903,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -1122,6 +1122,12 @@ data:
|
||||||
caBundle: test-profile-validator-ca-bundle
|
caBundle: test-profile-validator-ca-bundle
|
||||||
crtPEM: test-profile-validator-crt-pem
|
crtPEM: test-profile-validator-crt-pem
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
args:
|
args:
|
||||||
config.file: /etc/prometheus/prometheus.yml
|
config.file: /etc/prometheus/prometheus.yml
|
||||||
|
|
@ -1309,6 +1315,12 @@ data:
|
||||||
caBundle: test-proxy-injector-ca-bundle
|
caBundle: test-proxy-injector-ca-bundle
|
||||||
crtPEM: test-proxy-injector-crt-pem
|
crtPEM: test-proxy-injector-crt-pem
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -1122,6 +1122,12 @@ data:
|
||||||
caBundle: test-profile-validator-ca-bundle
|
caBundle: test-profile-validator-ca-bundle
|
||||||
crtPEM: test-profile-validator-crt-pem
|
crtPEM: test-profile-validator-crt-pem
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
args:
|
args:
|
||||||
config.file: /etc/prometheus/prometheus.yml
|
config.file: /etc/prometheus/prometheus.yml
|
||||||
|
|
@ -1309,6 +1315,12 @@ data:
|
||||||
caBundle: test-proxy-injector-ca-bundle
|
caBundle: test-proxy-injector-ca-bundle
|
||||||
crtPEM: test-proxy-injector-crt-pem
|
crtPEM: test-proxy-injector-crt-pem
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -1145,6 +1145,12 @@ data:
|
||||||
caBundle: test-profile-validator-ca-bundle
|
caBundle: test-profile-validator-ca-bundle
|
||||||
crtPEM: test-profile-validator-crt-pem
|
crtPEM: test-profile-validator-crt-pem
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
args:
|
args:
|
||||||
config.file: /etc/prometheus/prometheus.yml
|
config.file: /etc/prometheus/prometheus.yml
|
||||||
|
|
@ -1337,6 +1343,12 @@ data:
|
||||||
caBundle: test-proxy-injector-ca-bundle
|
caBundle: test-proxy-injector-ca-bundle
|
||||||
crtPEM: test-proxy-injector-crt-pem
|
crtPEM: test-proxy-injector-crt-pem
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources:
|
proxyInjectorResources:
|
||||||
cpu:
|
cpu:
|
||||||
|
|
|
||||||
|
|
@ -1157,6 +1157,12 @@ data:
|
||||||
caBundle: test-profile-validator-ca-bundle
|
caBundle: test-profile-validator-ca-bundle
|
||||||
crtPEM: test-profile-validator-crt-pem
|
crtPEM: test-profile-validator-crt-pem
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
args:
|
args:
|
||||||
config.file: /etc/prometheus/prometheus.yml
|
config.file: /etc/prometheus/prometheus.yml
|
||||||
|
|
@ -1357,6 +1363,12 @@ data:
|
||||||
caBundle: test-proxy-injector-ca-bundle
|
caBundle: test-proxy-injector-ca-bundle
|
||||||
crtPEM: test-proxy-injector-crt-pem
|
crtPEM: test-proxy-injector-crt-pem
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources:
|
proxyInjectorResources:
|
||||||
cpu:
|
cpu:
|
||||||
|
|
|
||||||
File diff suppressed because it is too large
Load Diff
|
|
@ -944,12 +944,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -947,6 +947,12 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
image: PrometheusImage
|
image: PrometheusImage
|
||||||
|
|
@ -954,6 +960,12 @@ data:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -947,6 +947,12 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
alertManagers:
|
alertManagers:
|
||||||
- scheme: http
|
- scheme: http
|
||||||
|
|
@ -1010,6 +1016,12 @@ data:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -947,12 +947,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -879,12 +879,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -947,12 +947,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -947,12 +947,24 @@ data:
|
||||||
caBundle: profile validator CA bundle
|
caBundle: profile validator CA bundle
|
||||||
crtPEM: profile validator crt
|
crtPEM: profile validator crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
proxyInjector:
|
proxyInjector:
|
||||||
caBundle: proxy injector CA bundle
|
caBundle: proxy injector CA bundle
|
||||||
crtPEM: proxy injector crt
|
crtPEM: proxy injector crt
|
||||||
externalSecret: false
|
externalSecret: false
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: config.linkerd.io/admission-webhooks
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
- disabled
|
||||||
proxyInjectorProxyResources: null
|
proxyInjectorProxyResources: null
|
||||||
proxyInjectorResources: null
|
proxyInjectorResources: null
|
||||||
publicAPIProxyResources: null
|
publicAPIProxyResources: null
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,8 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
"github.com/imdario/mergo"
|
"github.com/imdario/mergo"
|
||||||
"github.com/linkerd/linkerd2/pkg/charts"
|
"github.com/linkerd/linkerd2/pkg/charts"
|
||||||
"github.com/linkerd/linkerd2/pkg/k8s"
|
"github.com/linkerd/linkerd2/pkg/k8s"
|
||||||
|
|
@ -214,11 +216,13 @@ type (
|
||||||
// ProxyInjector has all the proxy injector's Helm variables
|
// ProxyInjector has all the proxy injector's Helm variables
|
||||||
ProxyInjector struct {
|
ProxyInjector struct {
|
||||||
*TLS
|
*TLS
|
||||||
|
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ProfileValidator has all the profile validator's Helm variables
|
// ProfileValidator has all the profile validator's Helm variables
|
||||||
ProfileValidator struct {
|
ProfileValidator struct {
|
||||||
*TLS
|
*TLS
|
||||||
|
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Tap has all the Tap's Helm variables
|
// Tap has all the Tap's Helm variables
|
||||||
|
|
@ -262,8 +266,8 @@ func NewValues(ha bool) (*Values, error) {
|
||||||
v.Global.Proxy.Image.Version = version.Version
|
v.Global.Proxy.Image.Version = version.Version
|
||||||
v.DebugContainer.Image.Version = version.Version
|
v.DebugContainer.Image.Version = version.Version
|
||||||
v.Global.CliVersion = k8s.CreatedByAnnotationValue()
|
v.Global.CliVersion = k8s.CreatedByAnnotationValue()
|
||||||
v.ProfileValidator = &ProfileValidator{TLS: &TLS{}}
|
v.ProfileValidator.TLS = &TLS{}
|
||||||
v.ProxyInjector = &ProxyInjector{TLS: &TLS{}}
|
v.ProxyInjector.TLS = &TLS{}
|
||||||
v.Global.ProxyContainerName = k8s.ProxyContainerName
|
v.Global.ProxyContainerName = k8s.ProxyContainerName
|
||||||
v.Tap = &Tap{TLS: &TLS{}}
|
v.Tap = &Tap{TLS: &TLS{}}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,8 @@ import (
|
||||||
"reflect"
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
"github.com/linkerd/linkerd2/pkg/version"
|
"github.com/linkerd/linkerd2/pkg/version"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -15,6 +17,16 @@ func TestNewValues(t *testing.T) {
|
||||||
|
|
||||||
testVersion := "linkerd-dev"
|
testVersion := "linkerd-dev"
|
||||||
|
|
||||||
|
namespaceSelector := &metav1.LabelSelector{
|
||||||
|
MatchExpressions: []metav1.LabelSelectorRequirement{
|
||||||
|
{
|
||||||
|
Key: "config.linkerd.io/admission-webhooks",
|
||||||
|
Operator: "NotIn",
|
||||||
|
Values: []string{"disabled"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
expected := &Values{
|
expected := &Values{
|
||||||
ControllerImage: "ghcr.io/linkerd/controller",
|
ControllerImage: "ghcr.io/linkerd/controller",
|
||||||
ControllerImageVersion: testVersion,
|
ControllerImageVersion: testVersion,
|
||||||
|
|
@ -134,8 +146,8 @@ func TestNewValues(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
ProxyInjector: &ProxyInjector{TLS: &TLS{}},
|
ProxyInjector: &ProxyInjector{TLS: &TLS{}, NamespaceSelector: namespaceSelector},
|
||||||
ProfileValidator: &ProfileValidator{TLS: &TLS{}},
|
ProfileValidator: &ProfileValidator{TLS: &TLS{}, NamespaceSelector: namespaceSelector},
|
||||||
Tap: &Tap{TLS: &TLS{}},
|
Tap: &Tap{TLS: &TLS{}},
|
||||||
Grafana: Grafana{
|
Grafana: Grafana{
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
|
|
|
||||||
|
|
@ -152,20 +152,30 @@ func Diff(x interface{}, y interface{}) (Tree, error) {
|
||||||
return xTree.Diff(yTree)
|
return xTree.Diff(yTree)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// coerceTreeValue accepts a value and returns a value where all child values
|
||||||
|
// have been coerced to a Tree where such a coercion is possible
|
||||||
|
func coerceTreeValue(v interface{}) interface{} {
|
||||||
|
if vt, ok := v.(Tree); ok {
|
||||||
|
vt.coerceToTree()
|
||||||
|
} else if vm, ok := v.(map[string]interface{}); ok {
|
||||||
|
tree := Tree(vm)
|
||||||
|
tree.coerceToTree()
|
||||||
|
return tree
|
||||||
|
} else if va, ok := v.([]interface{}); ok {
|
||||||
|
for i, v := range va {
|
||||||
|
va[i] = coerceTreeValue(v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
|
||||||
// coerceToTree recursively casts all instances of map[string]interface{} into
|
// coerceToTree recursively casts all instances of map[string]interface{} into
|
||||||
// Tree within this Tree. When a tree document is unmarshaled, the subtrees
|
// Tree within this Tree. When a tree document is unmarshaled, the subtrees
|
||||||
// will typically be unmarshaled as map[string]interface{} values. We cast
|
// will typically be unmarshaled as map[string]interface{} values. We cast
|
||||||
// each of these into the Tree newtype so that the Tree type is used uniformly
|
// each of these into the Tree newtype so that the Tree type is used uniformly
|
||||||
// throughout the tree.
|
// throughout the tree. Will additionally recurse through arrays
|
||||||
func (t Tree) coerceToTree() {
|
func (t Tree) coerceToTree() {
|
||||||
for k, v := range t {
|
for k, v := range t {
|
||||||
if vt, ok := v.(Tree); ok {
|
t[k] = coerceTreeValue(v)
|
||||||
vt.coerceToTree()
|
|
||||||
}
|
|
||||||
if vm, ok := v.(map[string]interface{}); ok {
|
|
||||||
vt := Tree(vm)
|
|
||||||
vt.coerceToTree()
|
|
||||||
t[k] = vt
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue