mirror of https://github.com/linkerd/linkerd2.git
Expose namespaceSelector for admission webhooks in helm chart (#5074)
Closes (#5026) Signed-off-by: Alex Leong <alex@buoyant.io> Co-authored-by: Raphael Taylor-Davies <r.taylordavies@googlemail.com>
This commit is contained in:
Alex Leong
GitHub
parent
f0493a085d
commit
500c1cc2d7
|
|
@ -156,13 +156,15 @@ their default values.
|
|||
| `identityPoxyResources` | CPU and Memory resources required by proxy injected into identity pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
|
||||
| `installNamespace` | Set to false when installing Linkerd in a custom namespace. See the [Linkerd documentation](https://linkerd.io/2/tasks/install-helm/#customizing-the-namespace) for more information. | `true` |
|
||||
| `omitWebhookSideEffects` | Omit the `sideEffects` flag in the webhook manifests | `false` |
|
||||
| `proxyInjector.externalSecret` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `proxyInjector.caBundle` must be set (see below). | false |
|
||||
| `proxyInjector.externalSecret` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `proxyInjector.caBundle` must be set (see below). | `false` |
|
||||
| `proxyInjector.namespaceSelector` | Namespace selector used by admission webhook. If not set defaults to all namespaces without the annotation `config.linkerd.io/admission-webhooks=disabled` | |
|
||||
| `proxyInjector.crtPEM` | Certificate for the proxy injector. If not provided then Helm will generate one. | |
|
||||
| `proxyInjector.keyPEM` | Certificate key for the proxy injector. If not provided then Helm will generate one. | |
|
||||
| `proxyInjector.caBundle` | Bundle of CA certificates for proxy injector. If not provided then Helm will use the certificate generated for `proxyInjector.crtPEM`. If `proxyInjector.externalSecret` is set to true, this value must be set, as no certificate will be generated. | |
|
||||
| `proxyInjectorResources` | CPU and Memory resources required by the proxy injector (see `global.proxy.resources` for sub-fields) | |
|
||||
| `proxyInjectorProxyResources` | CPU and Memory resources required by proxy injected into the proxy injector pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
|
||||
| `profileValidator.externalSecret` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `profileValidator.caBundle` must be set (see below). | false |
|
||||
| `profileValidator.namespaceSelector` | Namespace selector used by admission webhook. If not set defaults to all namespaces without the annotation `config.linkerd.io/admission-webhooks=disabled` | |
|
||||
| `profileValidator.crtPEM` | Certificate for the service profile validator. If not provided then Helm will generate one. | |
|
||||
| `profileValidator.keyPEM` | Certificate key for the service profile validator. If not provided then Helm will generate one. | |
|
||||
| `profileValidator.caBundle` | Bundle of CA certificates for service profile validator. If not provided then Helm will use the certificate generated for `profileValidator.crtPEM`. If `profileValidator.externalSecret` is set to true, this value must be set, as no certificate will be generated. | |
|
||||
|
|
|
|||
|
|
@ -83,11 +83,7 @@ metadata:
|
|||
webhooks:
|
||||
- name: linkerd-proxy-injector.linkerd.io
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
{{- toYaml .Values.proxyInjector.namespaceSelector | trim | nindent 4 }}
|
||||
clientConfig:
|
||||
service:
|
||||
name: linkerd-proxy-injector
|
||||
|
|
|
|||
|
|
@ -71,11 +71,7 @@ metadata:
|
|||
webhooks:
|
||||
- name: linkerd-sp-validator.linkerd.io
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
{{- toYaml .Values.profileValidator.namespaceSelector | trim | nindent 4 }}
|
||||
clientConfig:
|
||||
service:
|
||||
name: linkerd-sp-validator
|
||||
|
|
|
|||
|
|
@ -178,6 +178,15 @@ heartbeatSchedule: "0 0 * * *"
|
|||
# proxy injector configuration
|
||||
proxyInjector:
|
||||
externalSecret: false
|
||||
|
||||
# Namespace selector used by admission webhook
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
|
||||
# if empty, Helm will auto-generate these fields
|
||||
crtPEM: |
|
||||
|
||||
|
|
@ -194,6 +203,15 @@ proxyInjector:
|
|||
# service profile validator configuration
|
||||
profileValidator:
|
||||
externalSecret: false
|
||||
|
||||
# Namespace selector used by admission webhook
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
|
||||
# if empty, Helm will auto-generate these fields
|
||||
crtPEM: |
|
||||
|
||||
|
|
|
|||
|
|
@ -58,6 +58,28 @@ global:
|
|||
chartControlPlane := chartControlPlane(t, ha, additionalConfig, "333", "444")
|
||||
testRenderHelm(t, chartControlPlane, "install_helm_output_ha_labels.golden")
|
||||
})
|
||||
|
||||
t.Run("HA mode with custom namespaceSelector", func(t *testing.T) {
|
||||
ha := true
|
||||
additionalConfig := `
|
||||
proxyInjector:
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: In
|
||||
values:
|
||||
- enabled
|
||||
profileValidator:
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: In
|
||||
values:
|
||||
- enabled
|
||||
`
|
||||
chartControlPlane := chartControlPlane(t, ha, additionalConfig, "111", "222")
|
||||
testRenderHelm(t, chartControlPlane, "install_helm_output_ha_namespace_selector.golden")
|
||||
})
|
||||
}
|
||||
|
||||
func testRenderHelm(t *testing.T, chart *pb.Chart, goldenFileName string) {
|
||||
|
|
|
|||
|
|
@ -947,12 +947,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -165,12 +165,24 @@ data:
|
|||
caBundle: ""
|
||||
crtPEM: ""
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: ""
|
||||
crtPEM: ""
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -947,12 +947,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -947,12 +947,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -947,12 +947,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -947,12 +947,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -944,12 +944,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -972,6 +972,12 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
resources:
|
||||
|
|
@ -985,6 +991,12 @@ data:
|
|||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources:
|
||||
cpu:
|
||||
|
|
|
|||
|
|
@ -972,6 +972,12 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
resources:
|
||||
|
|
@ -985,6 +991,12 @@ data:
|
|||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources:
|
||||
cpu:
|
||||
|
|
|
|||
|
|
@ -903,12 +903,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -1122,6 +1122,12 @@ data:
|
|||
caBundle: test-profile-validator-ca-bundle
|
||||
crtPEM: test-profile-validator-crt-pem
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
args:
|
||||
config.file: /etc/prometheus/prometheus.yml
|
||||
|
|
@ -1309,6 +1315,12 @@ data:
|
|||
caBundle: test-proxy-injector-ca-bundle
|
||||
crtPEM: test-proxy-injector-crt-pem
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -1122,6 +1122,12 @@ data:
|
|||
caBundle: test-profile-validator-ca-bundle
|
||||
crtPEM: test-profile-validator-crt-pem
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
args:
|
||||
config.file: /etc/prometheus/prometheus.yml
|
||||
|
|
@ -1309,6 +1315,12 @@ data:
|
|||
caBundle: test-proxy-injector-ca-bundle
|
||||
crtPEM: test-proxy-injector-crt-pem
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -1145,6 +1145,12 @@ data:
|
|||
caBundle: test-profile-validator-ca-bundle
|
||||
crtPEM: test-profile-validator-crt-pem
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
args:
|
||||
config.file: /etc/prometheus/prometheus.yml
|
||||
|
|
@ -1337,6 +1343,12 @@ data:
|
|||
caBundle: test-proxy-injector-ca-bundle
|
||||
crtPEM: test-proxy-injector-crt-pem
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources:
|
||||
cpu:
|
||||
|
|
|
|||
|
|
@ -1157,6 +1157,12 @@ data:
|
|||
caBundle: test-profile-validator-ca-bundle
|
||||
crtPEM: test-profile-validator-crt-pem
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
args:
|
||||
config.file: /etc/prometheus/prometheus.yml
|
||||
|
|
@ -1357,6 +1363,12 @@ data:
|
|||
caBundle: test-proxy-injector-ca-bundle
|
||||
crtPEM: test-proxy-injector-crt-pem
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources:
|
||||
cpu:
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -944,12 +944,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -947,6 +947,12 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
image: PrometheusImage
|
||||
|
|
@ -954,6 +960,12 @@ data:
|
|||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -947,6 +947,12 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
alertManagers:
|
||||
- scheme: http
|
||||
|
|
@ -1010,6 +1016,12 @@ data:
|
|||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -947,12 +947,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -879,12 +879,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -947,12 +947,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -947,12 +947,24 @@ data:
|
|||
caBundle: profile validator CA bundle
|
||||
crtPEM: profile validator crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
prometheus:
|
||||
enabled: true
|
||||
proxyInjector:
|
||||
caBundle: proxy injector CA bundle
|
||||
crtPEM: proxy injector crt
|
||||
externalSecret: false
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: config.linkerd.io/admission-webhooks
|
||||
operator: NotIn
|
||||
values:
|
||||
- disabled
|
||||
proxyInjectorProxyResources: null
|
||||
proxyInjectorResources: null
|
||||
publicAPIProxyResources: null
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ import (
|
|||
"fmt"
|
||||
"time"
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
"github.com/imdario/mergo"
|
||||
"github.com/linkerd/linkerd2/pkg/charts"
|
||||
"github.com/linkerd/linkerd2/pkg/k8s"
|
||||
|
|
@ -214,11 +216,13 @@ type (
|
|||
// ProxyInjector has all the proxy injector's Helm variables
|
||||
ProxyInjector struct {
|
||||
*TLS
|
||||
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector"`
|
||||
}
|
||||
|
||||
// ProfileValidator has all the profile validator's Helm variables
|
||||
ProfileValidator struct {
|
||||
*TLS
|
||||
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector"`
|
||||
}
|
||||
|
||||
// Tap has all the Tap's Helm variables
|
||||
|
|
@ -262,8 +266,8 @@ func NewValues(ha bool) (*Values, error) {
|
|||
v.Global.Proxy.Image.Version = version.Version
|
||||
v.DebugContainer.Image.Version = version.Version
|
||||
v.Global.CliVersion = k8s.CreatedByAnnotationValue()
|
||||
v.ProfileValidator = &ProfileValidator{TLS: &TLS{}}
|
||||
v.ProxyInjector = &ProxyInjector{TLS: &TLS{}}
|
||||
v.ProfileValidator.TLS = &TLS{}
|
||||
v.ProxyInjector.TLS = &TLS{}
|
||||
v.Global.ProxyContainerName = k8s.ProxyContainerName
|
||||
v.Tap = &Tap{TLS: &TLS{}}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ import (
|
|||
"reflect"
|
||||
"testing"
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
"github.com/linkerd/linkerd2/pkg/version"
|
||||
)
|
||||
|
||||
|
|
@ -15,6 +17,16 @@ func TestNewValues(t *testing.T) {
|
|||
|
||||
testVersion := "linkerd-dev"
|
||||
|
||||
namespaceSelector := &metav1.LabelSelector{
|
||||
MatchExpressions: []metav1.LabelSelectorRequirement{
|
||||
{
|
||||
Key: "config.linkerd.io/admission-webhooks",
|
||||
Operator: "NotIn",
|
||||
Values: []string{"disabled"},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
expected := &Values{
|
||||
ControllerImage: "ghcr.io/linkerd/controller",
|
||||
ControllerImageVersion: testVersion,
|
||||
|
|
@ -134,8 +146,8 @@ func TestNewValues(t *testing.T) {
|
|||
},
|
||||
},
|
||||
|
||||
ProxyInjector: &ProxyInjector{TLS: &TLS{}},
|
||||
ProfileValidator: &ProfileValidator{TLS: &TLS{}},
|
||||
ProxyInjector: &ProxyInjector{TLS: &TLS{}, NamespaceSelector: namespaceSelector},
|
||||
ProfileValidator: &ProfileValidator{TLS: &TLS{}, NamespaceSelector: namespaceSelector},
|
||||
Tap: &Tap{TLS: &TLS{}},
|
||||
Grafana: Grafana{
|
||||
"enabled": true,
|
||||
|
|
|
|||
|
|
@ -152,20 +152,30 @@ func Diff(x interface{}, y interface{}) (Tree, error) {
|
|||
return xTree.Diff(yTree)
|
||||
}
|
||||
|
||||
// coerceTreeValue accepts a value and returns a value where all child values
|
||||
// have been coerced to a Tree where such a coercion is possible
|
||||
func coerceTreeValue(v interface{}) interface{} {
|
||||
if vt, ok := v.(Tree); ok {
|
||||
vt.coerceToTree()
|
||||
} else if vm, ok := v.(map[string]interface{}); ok {
|
||||
tree := Tree(vm)
|
||||
tree.coerceToTree()
|
||||
return tree
|
||||
} else if va, ok := v.([]interface{}); ok {
|
||||
for i, v := range va {
|
||||
va[i] = coerceTreeValue(v)
|
||||
}
|
||||
}
|
||||
return v
|
||||
}
|
||||
|
||||
// coerceToTree recursively casts all instances of map[string]interface{} into
|
||||
// Tree within this Tree. When a tree document is unmarshaled, the subtrees
|
||||
// will typically be unmarshaled as map[string]interface{} values. We cast
|
||||
// each of these into the Tree newtype so that the Tree type is used uniformly
|
||||
// throughout the tree.
|
||||
// throughout the tree. Will additionally recurse through arrays
|
||||
func (t Tree) coerceToTree() {
|
||||
for k, v := range t {
|
||||
if vt, ok := v.(Tree); ok {
|
||||
vt.coerceToTree()
|
||||
}
|
||||
if vm, ok := v.(map[string]interface{}); ok {
|
||||
vt := Tree(vm)
|
||||
vt.coerceToTree()
|
||||
t[k] = vt
|
||||
}
|
||||
t[k] = coerceTreeValue(v)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue