linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add automatic readme generation for charts (#5316) 

* Add automatic readme generation for charts

The current readmes for each chart is generated
manually and doesn't contain all the information available.

Utilize helm-docs to automatically fill out readme.mds
for the helm charts by pulling metadata from values.yml.

Fixes #4156

Co-authored-by: GMarkfjard <gabma047@student.liu.se>
This commit is contained in:
Alejandro Pedraza 2020-12-02 14:37:45 -05:00 committed by GitHub
parent f5f5da0e7e
commit 94574d4003
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
55 changed files with 1243 additions and 349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/static_checks.yml vendored
View File

@ -83,3 +83,12 @@ jobs:
uses: actions/checkout@722adc6
- name: Markdown lint
run: bin/markdownlint-all
chart_docs_diff:
name: Chart readme diff check
runs-on: ubuntu-18.04
steps:
- name: Checkout code
# actions/checkout@v2
uses: actions/checkout@722adc6
- name: Check docs for diff
run: bin/helm-docs-diff

1
.helmdocsignore Normal file
View File

@ -0,0 +1 @@
# Add potential chart ignores here

40
BUILD.md
View File

@ -296,6 +296,46 @@ automatically regenerated with the command:
go test ./cli/cmd/... --update
```
#### Generating helm charts docs
Whenever a new chart is created, or updated a readme should be generated from
the chart's values.yml. This can be done by utilizing the bundled
[helm-docs](https://github.com/norwoodj/helm-docs) binary. For adding additional
information, such as specific installation instructions a readme template is
required to be created. Check existing charts for example.
##### Annotating values.yml
To allow helm-docs to properly document the values in values.yml a descriptive
comment is required. This can be done in two ways.
Either comment the value directly above with
`# -- This is a really nice value` where the double dashes automatically
annotates the value. Another explicit usage is to type out the value name.
`# global.MyNiceValue -- I really like this value`
##### Using helm-docs
Example usage:
```sh
bin/helm-docs
bin/helm-docs --dry-run #Prints to cli instead
bin/helm-docs --chart-search-root=./charts #Sets search root for charts
bin/helm-docs --template-files=README.md.gotmpl #Sets the template file used
```
Note:
The tool searches through the current directory and sub-directories by default.
For additional information checkout their repo above.
##### Markdown templates
In order to accommodate for extra data that might not have a proper place in the
´values.yaml´ file the corresponding ´README.md.gotmpl´ can be modified for each
chart. This template allows the standard markdown syntax as well as the go
templating functions. Checkout
[helm-docs](https://github.com/norwoodj/helm-docs) for more info.
##### Pretty-printed diffs for templated text
When running `go test`, mismatched text is usually displayed as a compact diff.

57
bin/helm-docs Executable file
View File

@ -0,0 +1,57 @@
#!/usr/bin/env sh
set -eu
helmdocsv=1.4.0
bindir=$( cd "${0%/*}" && pwd ) # Change to script dir and set bin dir to this
targetbin=$( cd "$bindir"/.. && pwd )/target/bin
helmdocsbin=$targetbin/helm-docs-$helmdocsv
os=""
arch=""
if [ ! -f "$helmdocsbin" ]; then
case $(uname | tr '[:upper:]' '[:lower:]') in
darwin*)
os=darwin
arch=x86_64
;;
linux*)
os=linux
case $(uname -m) in
x86_64) arch=x86_64 ;;
amd64) arch=amd64 ;;
arm)
tmp=$(dpkg --print-architecture)
if echo "$tmp" | grep -q arm64; then
arch=arm64
elif echo "$tmp" | grep -q armv7; then
arch=armv7
elif echo "$tmp" | grep -q armv6; then
arch=armv6
fi
;;
esac
;;
msys*)
os=windows
arch=x86_64
;;
esac
if [ -z "$os" ]; then
echo "Couldn't find a matching binary"
exit 126
fi
helmdocscurl="https://github.com/norwoodj/helm-docs/releases/download/v$helmdocsv/helm-docs_${helmdocsv}_${os}_${arch}.tar.gz"
tmp=$(mktemp -d -t helm-docs.XXX)
mkdir -p "$targetbin"
(
cd "$tmp"
curl -Lsf -o "./helm-docs.tar.gz" "$helmdocscurl"
tar zf "./helm-docs.tar.gz" -x "helm-docs"
chmod +x "helm-docs"
)
mv "$tmp/helm-docs" "$helmdocsbin"
fi
"$helmdocsbin" "$@"

15
bin/helm-docs-diff Executable file
View File

@ -0,0 +1,15 @@
#!/usr/bin/env sh
set -eu
bin/helm-docs
dir_dirty=$(git diff HEAD)
if [ -z "$dir_dirty" ]; then
echo "Helm-docs generated readmes match chart readmes."
exit 0
else
echo "Helm-docs generated readmes diverge from current chart readmes:"
echo "$(git status)"
exit 64
fi

28
charts/add-ons/grafana/README.md Normal file
View File

@ -0,0 +1,28 @@
# grafana
A Helm chart for the grafana add-on in Linkerd
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| file://../../partials | partials | 0.1.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| image.name | string | `"ghcr.io/linkerd/grafana"` | Docker image name for the grafana instance |
| image.tag | string | `nil` | Docker image tag for the grafana instance |
| proxy.resources | string | `nil` | Structure analog to the resources fields above, but overriding the resources of the linkerd proxy injected into the grafana pod. |
| resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the grafana container can use |
| resources.cpu.request | string | `nil` | Amount of CPU units that the grafana container requests |
| resources.memory.limit | string | `nil` | Maximum amount of memory that grafana container can use |
| resources.memory.request | string | `nil` | Amount of memory that the grafana container requests |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/add-ons/grafana/README.md.gotmpl Normal file
View File

@ -0,0 +1,14 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

19
charts/add-ons/grafana/values.yaml
View File

@ -1,2 +1,21 @@
image:
# -- Docker image name for the grafana instance
name: ghcr.io/linkerd/grafana
# -- Docker image tag for the grafana instance
tag:
resources:
cpu:
# -- Maximum amount of CPU units that the grafana container can use
limit:
# -- Amount of CPU units that the grafana container requests
request:
memory:
# -- Maximum amount of memory that grafana container can use
limit:
# -- Amount of memory that the grafana container requests
request:
proxy:
# -- Structure analog to the resources fields above, but overriding the
# resources of the linkerd proxy injected into the grafana pod.
resources:

35
charts/add-ons/prometheus/README.md Normal file
View File

@ -0,0 +1,35 @@
# prometheus
A Helm chart for the prometheus add-on in Linkerd
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| file://../../partials | partials | 0.1.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alertManagers | string | `nil` | Alertmanager instances the Prometheus server sends alerts to configured via the static_configs parameter. |
| alertRelabelConfigs | string | `nil` | Alert relabeling is applied to alerts before they are sent to the Alertmanager. |
| args | object | `{"config.file":"/etc/prometheus/prometheus.yml","log.level":"info","storage.tsdb.path":"/data","storage.tsdb.retention.time":"6h"}` | Command line options for Prometheus binary |
| globalConfig | object | `{"evaluation_interval":"10s","scrape_interval":"10s","scrape_timeout":"10s"}` | The global configuration specifies parameters that are valid in all other configuration contexts. |
| image | string | `"prom/prometheus:v2.19.3"` | Docker image for the prometheus instance |
| proxy.resources | string | `nil` | CPU and Memory resources required by proxy injected into prometheus pod (see global.proxy.resources for sub-fields) |
| remoteWrite | string | `nil` | Allows transparently sending samples to an endpoint. Mostly used for long term storage. |
| resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the prometheus container can use |
| resources.cpu.request | string | `nil` | Amount of CPU units that the prometheus container requests |
| resources.memory.limit | string | `nil` | Maximum amount of memory that prometheus container can use |
| resources.memory.request | string | `nil` | Amount of memory that the prometheus container requests |
| ruleConfigMapMounts | string | `nil` | Alerting/recording rule ConfigMap mounts (sub-path names must end in ´_rules.yml´ or ´_rules.yaml´) |
| scrapeConfigs | string | `nil` | A scrapeConfigs section specifies a set of targets and parameters describing how to scrape them. |
| sideCarContainers | string | `nil` | A sidecarContainers section specifies a list of secondary containers to run in the prometheus pod e.g. to export data to non-prometheus systems |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/add-ons/prometheus/README.md.gotmpl Normal file
View File

@ -0,0 +1,14 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

108
charts/add-ons/prometheus/values.yaml
View File

@ -3,13 +3,121 @@
# when installing with the parent linkerd2 chart
# Do not override them in this file!
# If installing/upgrading with linkerd's CLI, use the `--config` flag.
# -- Docker image for the prometheus instance
image: prom/prometheus:v2.19.3
# -- Command line options for Prometheus binary
args:
storage.tsdb.path: /data
storage.tsdb.retention.time: 6h
config.file: /etc/prometheus/prometheus.yml
log.level: info
# -- The global configuration specifies parameters that are valid in all other
# configuration contexts.
globalConfig:
scrape_interval: 10s
scrape_timeout: 10s
evaluation_interval: 10s
# -- Alert relabeling is applied to alerts before they are sent to the
# Alertmanager.
alertRelabelConfigs:
# Ex:
# - action: labeldrop
# regex: prometheus_replica
# -- Alertmanager instances the Prometheus server sends alerts to configured via
# the static_configs parameter.
alertManagers:
# Ex:
# - scheme: http
# static_configs:
# - targets:
# - "alertmanager.linkerd.svc:9093"
# -- Allows transparently sending samples to an endpoint. Mostly used for long
# term storage.
remoteWrite:
# -- Alerting/recording rule ConfigMap mounts (sub-path names must end in
# ´_rules.yml´ or ´_rules.yaml´)
ruleConfigMapMounts:
# Ex:
# - name: alerting-rules
# subPath: alerting_rules.yml
# configMap: linkerd-prometheus-rules
# - name: recording-rules
# subPath: recording_rules.yml
# configMap: linkerd-prometheus-rules
# -- A scrapeConfigs section specifies a set of targets and parameters
# describing how to scrape them.
scrapeConfigs:
# Ex:
# - job_name: 'kubernetes-nodes'
# scheme: https
# tls_config:
# ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
# bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
# kubernetes_sd_configs:
# - role: node
# relabel_configs:
# - action: labelmap
# regex: __meta_kubernetes_node_label_(.+)
# -- A sidecarContainers section specifies a list of secondary containers to run
# in the prometheus pod e.g. to export data to non-prometheus systems
sideCarContainers:
# Ex:
# - name: sidecar
# image: gcr.io/myproject/stackdriver-prometheus-sidecar
# imagePullPolicy: Always
# command:
# - /bin/sh
# - -c
# - |
# exec /bin/stackdriver-prometheus-sidecar \
# --stackdriver.project-id=myproject \
# --stackdriver.kubernetes.location=us-central1 \
# --stackdriver.kubernetes.cluster-name=mycluster \
# --prometheus.wal-directory=/data/wal \
# --log.level=info
# volumeMounts:
# - mountPath: /data
# name: data
# ports:
# - name: foo
# containerPort: 9091
# protocol: TCP
proxy:
# -- CPU and Memory resources required by proxy injected into prometheus pod
# (see global.proxy.resources for sub-fields)
resources:
### WARNING: persistence is experimental and has not been tested/vetted by the Linkerd team.
### As such, please refer to https://linkerd.io/2/tasks/exporting-metrics/ for the recommended approach to metrics data retention.
# if enabled, creates a persistent volume claim for prometheus data
# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims
#persistence:
# -- Storage class used to create prometheus data PV.
# storageClass:
# -- PVC access mode.
# accessMode:
# -- Prometheus data volume size.
# size:
resources:
cpu:
# -- Maximum amount of CPU units that the prometheus container can use
limit:
# -- Amount of CPU units that the prometheus container requests
request:
memory:
# -- Maximum amount of memory that prometheus container can use
limit:
# -- Amount of memory that the prometheus container requests
request:

31
charts/add-ons/tracing/README.md Normal file
View File

@ -0,0 +1,31 @@
# tracing
A Helm chart for the tracing add-on in Linkerd
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| file://../../partials | partials | 0.1.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| collector.image | string | `"omnition/opencensus-collector:0.1.11"` | |
| collector.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the trace collector container can use |
| collector.resources.cpu.request | string | `nil` | Amount of CPU units that the trace collector container requests |
| collector.resources.memory.limit | string | `nil` | Maximum amount of memory that trace collector container can use |
| collector.resources.memory.request | string | `nil` | Amount of memory that the trace collector container requests |
| jaeger.image | string | `"jaegertracing/all-in-one:1.19.2"` | Docker image for the jaeger instance |
| jaeger.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the jaeger container can use |
| jaeger.resources.cpu.request | string | `nil` | Amount of CPU units that the jaeger container requests |
| jaeger.resources.memory.limit | string | `nil` | Maximum amount of memory that jaeger container can use |
| jaeger.resources.memory.request | string | `nil` | Amount of memory that the jaeger container requests |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/add-ons/tracing/README.md.gotmpl Normal file
View File

@ -0,0 +1,14 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

26
charts/add-ons/tracing/values.yaml
View File

@ -1,6 +1,28 @@
# Default values for tracing.
collector:
image: omnition/opencensus-collector:0.1.11
# resources:
resources:
cpu:
# -- Maximum amount of CPU units that the trace collector container can use
limit:
# -- Amount of CPU units that the trace collector container requests
request:
memory:
# -- Maximum amount of memory that trace collector container can use
limit:
# -- Amount of memory that the trace collector container requests
request:
jaeger:
image: jaegertracing/all-in-one:1.19.2
# -- Docker image for the jaeger instance
image: jaegertracing/all-in-one:1.19.2
resources:
cpu:
# -- Maximum amount of CPU units that the jaeger container can use
limit:
# -- Amount of CPU units that the jaeger container requests
request:
memory:
# -- Maximum amount of memory that jaeger container can use
limit:
# -- Amount of memory that the jaeger container requests
request:

7
charts/linkerd2-cni/Chart.yaml
View File

@ -1,6 +1,11 @@
apiVersion: v1
appVersion: edge-XX.X.X
description: A helm chart containing the resources needed by the Linkerd CNI plugin.
description: |
Linkerd is a *service mesh*, designed to give platform-wide observability,
reliability, and security without requiring configuration or code changes. The
Linkerd [CNI plugin](https://linkerd.io/2/features/cni/) takes care of setting
up your pod's network so incoming and outgoing traffic is proxied through the
data plane.
kubeVersion: ">=1.13.0-0"
icon: https://linkerd.io/images/logo-only-200h.png
name: "linkerd2-cni"

63
charts/linkerd2-cni/README.md
View File

@ -1,5 +1,4 @@
# Linkerd2-cni Helm Chart
# linkerd2-cni
Linkerd is a *service mesh*, designed to give platform-wide observability,
reliability, and security without requiring configuration or code changes. The
@ -7,28 +6,42 @@ Linkerd [CNI plugin](https://linkerd.io/2/features/cni/) takes care of setting
up your pod's network so incoming and outgoing traffic is proxied through the
data plane.
## Configuration
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
The following table lists the configurable parameters of the Linkerd2-cni chart
and their default values.
![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square)
| Parameter | Description | Default |
|--------------------------------------|-----------------------------------------------------------------------|-------------------------------|
|`cniPluginImage` | Docker image for the CNI plugin |`ghcr.io/linkerd/cni-plugin`|
|`cniPluginVersion` | Tag for the CNI container Docker image |latest version|
|`cniResourceAnnotation` | CNI resource annotation. Do not edit |`linkerd.io/cni-resource`
|`controllerNamespaceLabel` | Control plane label. Do not edit |`linkerd.io/control-plane-ns`|
|`createdByAnnotation` | Annotation label for the proxy create. Do not edit. |`linkerd.io/created-by`|
|`destCNIBinDir` | Directory on the host where the CNI plugin binaries reside |`/opt/cni/bin`|
|`destCNINetDir` | Directory on the host where the CNI configuration will be placed |`/etc/cni/net.d`|
|`ignoreInboundPorts` | Inbound ports the proxy should ignore ||
|`ignoreOutboundPorts` | Outbound ports the proxy should ignore ||
|`inboundProxyPort` | Inbound port for the proxy container |`4143`|
|`logLevel` | Log level for the CNI plugin |`info`|
|`namespace` | CNI plugin plane namespace |`linkerd-cni`|
|`outboundProxyPort` | Outbound port for the proxy container |`4140`|
|`portsToRedirect` | Ports to redirect to proxy ||
|`proxyUID` | User id under which the proxy shall be ran |`2102`|
|`useWaitFlag` | Configures the CNI plugin to use the -w flag for the iptables command |`false`|
|`installNamespace` | Whether to create the CNI plugin plane namespace or not |`true`|
|`priorityClassName` | Kubernetes priorityClassName for the CNI plugin's Pods ||
## Requirements
Kubernetes: `>=1.13.0-0`
| Repository | Name | Version |
|------------|------|---------|
| file://../partials | partials | 0.1.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| cniPluginImage | string | `"ghcr.io/linkerd/cni-plugin"` | Docker image for the CNI plugin |
| cniPluginVersion | string | `"linkerdVersionValue"` | Tag for the CNI container Docker image |
| cniResourceLabel | string | `"linkerd.io/cni-resource"` | CNI resource annotation. Do not edit |
| createdByAnnotation | string | `"linkerd.io/created-by"` | Annotation label for the proxy create. Do not edit. |
| destCNIBinDir | string | `"/opt/cni/bin"` | Directory on the host where the CNI configuration will be placed |
| destCNINetDir | string | `"/etc/cni/net.d"` | Directory on the host where the CNI plugin binaries reside |
| ignoreInboundPorts | string | `"25,443,587,3306,11211"` | Inbound ports the proxy should ignore - SMTP (25,587) server-first - HTTPS (443) opaque TLS - MYSQL (3306) server-first - Memcached (11211) clients do not issue any preamble, which breaks detection |
| ignoreOutboundPorts | string | `"25,443,587,3306,11211"` | Outbound ports the proxy should ignore |
| imagePullSecrets | string | `nil` | |
| inboundProxyPort | int | `4143` | Inbound port for the proxy container |
| installNamespace | bool | `true` | Whether to create the CNI plugin plane namespace or not |
| logLevel | string | `"info"` | Log level for the CNI plugin |
| namespace | string | `"linkerd-cni"` | CNI plugin plane namespace |
| outboundProxyPort | int | `4140` | Outbound port for the proxy container |
| portsToRedirect | string | `""` | Ports to redirect to proxy |
| priorityClassName | string | `""` | Kubernetes priorityClassName for the CNI plugin's Pods |
| proxyInjectAnnotation | string | `"linkerd.io/inject"` | |
| proxyInjectDisabled | string | `"disabled"` | |
| proxyUID | int | `2102` | User id under which the proxy shall be ran |
| useWaitFlag | bool | `false` | Configures the CNI plugin to use the -w flag for the iptables command |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/linkerd2-cni/README.md.gotmpl Normal file
View File

@ -0,0 +1,14 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

34
charts/linkerd2-cni/values.yaml
View File

@ -1,26 +1,40 @@
# -- CNI plugin plane namespace
namespace: linkerd-cni
# -- Whether to create the CNI plugin plane namespace or not
installNamespace: true
# -- CNI resource annotation. Do not edit
cniResourceLabel: linkerd.io/cni-resource
# -- Inbound port for the proxy container
inboundProxyPort: 4143
# -- Outbound port for the proxy container
outboundProxyPort: 4140
# Default set of ports to skip via itpables:
# -- Inbound ports the proxy should ignore
# - SMTP (25,587) server-first
# - HTTPS (443) opaque TLS
# - MYSQL (3306) server-first
# - Memcached (11211) clients do not issue any preamble, which breaks detection
ignoreInboundPorts: "25,443,587,3306,11211"
# -- Outbound ports the proxy should ignore
ignoreOutboundPorts: "25,443,587,3306,11211"
# -- Annotation label for the proxy create. Do not edit.
createdByAnnotation: linkerd.io/created-by
cniPluginImage: "ghcr.io/linkerd/cni-plugin"
# -- Docker image for the CNI plugin
cniPluginImage: "ghcr.io/linkerd/cni-plugin"
# -- Tag for the CNI container Docker image
cniPluginVersion: linkerdVersionValue
logLevel: info
portsToRedirect: ""
proxyUID: 2102
destCNINetDir: "/etc/cni/net.d"
destCNIBinDir: "/opt/cni/bin"
useWaitFlag: false
# -- Log level for the CNI plugin
logLevel: info
# -- Ports to redirect to proxy
portsToRedirect: ""
# -- User id under which the proxy shall be ran
proxyUID: 2102
# -- Directory on the host where the CNI plugin binaries reside
destCNINetDir: "/etc/cni/net.d"
# -- Directory on the host where the CNI configuration will be placed
destCNIBinDir: "/opt/cni/bin"
# -- Configures the CNI plugin to use the -w flag for the iptables command
useWaitFlag: false
# -- Kubernetes priorityClassName for the CNI plugin's Pods
priorityClassName: ""
# namespace annotation and labels - do not edit

4
charts/linkerd2-multicluster-link/Chart.yaml
View File

@ -1,6 +1,8 @@
apiVersion: v1
appVersion: edge-XX.X.X
description: A helm chart containing the resources to enable mirroring of services from a remote cluster
description: |
A helm chart containing the resources to enable mirroring
of services from a remote cluster
kubeVersion: ">=1.13.0-0"
icon: https://linkerd.io/images/logo-only-200h.png
name: "linkerd2-multicluster-link"

59
charts/linkerd2-multicluster-link/README.md
View File

@ -1,40 +1,29 @@
# linkerd2-multicluster-link
# Linkerd2-multicluster-link Helm Chart
A helm chart containing the resources to enable mirroring
of services from a remote cluster
Linkerd is a *service mesh*, designed to give platform-wide observability,
reliability, and security without requiring configuration or code changes. This
chart provides the components needed to enable communication between clusters.
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
## Configuration
![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square)
The following table lists the configurable parameters of the
linkerd2-multicluster chart and their default values.
## Requirements
| Parameter | Description | Default |
|---------------------------------|---------------------------------------------------------------------------------------------|----------------------------------------------|
|`controllerComponentLabel` | Control plane label. Do not edit |`linkerd.io/control-plane-component` |
|`controllerImage` | Docker image for the Service mirror component (uses the Linkerd controller image) |`ghcr.io/linkerd/controller` |
|`controllerImageVersion` | Tag for the Service Mirror container Docker image |`latest version` |
|`createdByAnnotation` | Annotation label for the proxy create. Do not edit. |`linkerd.io/created-by` |
|`gateway` | If the gateway component should be installed |`true` |
|`gatewayLocalProbePath` | The path that will be used by the local liveness checks to ensure the gateway is alive |`/health-local` |
|`gatewayLocalProbePort` | The port that will be used by the local liveness checks to ensure the gateway is alive |`8888` |
|`gatewayName` | The name of the gateway that will be installed |`linkerd-gateway` |
|`gatewayNginxImage` | The Nginx image |`nginx` |
|`gatewayNginxImageVersion` | The version of the Nginx image |`1.17` |
|`gatewayPort` | The port on which all the gateway will accept incoming traffic |`4143` |
|`gatewayProbePath` | The path that will be used by remote clusters for determining whether the gateway is alive |`/health` |
|`gatewayProbePort` | The port used for liveliness probing |`4181` |
|`gatewayProbeSeconds` | The interval (in seconds) between liveness probes |`3` |
|`identityTrustDomain` | Trust domain used for identity of the existing linkerd installation |`cluster.local` |
|`installNamespace` | If the namespace should be installed |`true` |
|`linkerdNamespace` | The namespace of the existing Linkerd installation |`linkerd` |
|`linkerdVersion` | Control plane version | latest version |
|`namespace` | Service Mirror component namespace |`linkerd-multicluster` |
|`proxyOutboundPort` | The port on which the proxy accepts outbound traffic |`4140` |
|`remoteMirrorServiceAccountName` | The name of the service account used to allow remote clusters to mirror local services |`linkerd-service-mirror-remote-access-default`|
|`remoteMirrorServiceAccount` | If the remote mirror service account should be installed |`true` |
|`serviceMirror` | If the service mirror component should be installed |`true` |
|`logLevel` | Log level for the Multicluster components |`info` |
|`serviceMirrorRetryLimit` | Number of times update from the remote cluster is allowed to be requeued (retried) |`3` |
|`serviceMirrorUID` | User id under which the Service Mirror shall be ran |`2103` |
Kubernetes: `>=1.13.0-0`
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| controllerComponentLabel | string | `"linkerd.io/control-plane-component"` | Control plane label. Do not edit |
| controllerImage | string | `"ghcr.io/linkerd/controller"` | Docker image for the Service mirror component (uses the Linkerd controller image) |
| controllerImageVersion | string | `"linkerdVersionValue"` | Tag for the Service Mirror container Docker image |
| createdByAnnotation | string | `"linkerd.io/created-by"` | Annotation label for the proxy create. Do not edit. |
| gatewayProbePort | int | `4181` | The port used for liveliness probing |
| logLevel | string | `"info"` | Log level for the Multicluster components |
| namespace | string | `"linkerd-multicluster"` | Service Mirror component namespace |
| serviceMirrorRetryLimit | int | `3` | Number of times update from the remote cluster is allowed to be requeued (retried) |
| serviceMirrorUID | int | `2103` | User id under which the Service Mirror shall be ran |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/linkerd2-multicluster-link/README.md.gotmpl Normal file
View File

@ -0,0 +1,14 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

11
charts/linkerd2-multicluster-link/values.yaml
View File

@ -1,9 +1,20 @@
# -- Control plane label. Do not edit
controllerComponentLabel: linkerd.io/control-plane-component
# -- Docker image for the Service mirror component (uses the Linkerd controller
# image)
controllerImage: ghcr.io/linkerd/controller
# -- Tag for the Service Mirror container Docker image
controllerImageVersion: linkerdVersionValue
# -- Annotation label for the proxy create. Do not edit.
createdByAnnotation: linkerd.io/created-by
# -- The port used for liveliness probing
gatewayProbePort: 4181
# -- Service Mirror component namespace
namespace: linkerd-multicluster
# -- Log level for the Multicluster components
logLevel: info
# -- Number of times update from the remote cluster is allowed to be requeued
# (retried)
serviceMirrorRetryLimit: 3
# -- User id under which the Service Mirror shall be ran
serviceMirrorUID: 2103

4
charts/linkerd2-multicluster/Chart.yaml
View File

@ -1,6 +1,8 @@
apiVersion: v1
appVersion: edge-XX.X.X
description: A helm chart containing the resources to support multicluster linking to remote clusters
description: |
A helm chart containing the resources to support multicluster
linking to remote clusters
kubeVersion: ">=1.13.0-0"
icon: https://linkerd.io/images/logo-only-200h.png
name: "linkerd2-multicluster"

70
charts/linkerd2-multicluster/README.md
View File

@ -1,42 +1,38 @@
# linkerd2-multicluster
# Linkerd2-multicluster Helm Chart
A helm chart containing the resources to support multicluster
linking to remote clusters
Linkerd is a *service mesh*, designed to give platform-wide observability,
reliability, and security without requiring configuration or code changes. This
chart provides the components needed to enable communication between clusters.
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
## Configuration
![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square)
The following table lists the configurable parameters of the
linkerd2-multicluster chart and their default values.
## Requirements
| Parameter | Description | Default |
|---------------------------------|---------------------------------------------------------------------------------------------|----------------------------------------------|
|`controllerComponentLabel` | Control plane label. Do not edit |`linkerd.io/control-plane-component` |
|`controllerImage` | Docker image for the Service mirror component (uses the Linkerd controller image) |`ghcr.io/linkerd/controller` |
|`controllerImageVersion` | Tag for the Service Mirror container Docker image |`latest version` |
|`createdByAnnotation` | Annotation label for the proxy create. Do not edit. |`linkerd.io/created-by` |
|`gateway` | If the gateway component should be installed |`true` |
|`gatewayLocalProbePath` | The path that will be used by the local liveness checks to ensure the gateway is alive |`/health-local` |
|`gatewayLocalProbePort` | The port that will be used by the local liveness checks to ensure the gateway is alive |`8888` |
|`gatewayName` | The name of the gateway that will be installed |`linkerd-gateway` |
|`gatewayNginxImage` | The Nginx image |`nginx` |
|`gatewayNginxImageVersion` | The version of the Nginx image |`1.17` |
|`gatewayPort` | The port on which all the gateway will accept incoming traffic |`4143` |
|`gatewayProbePath` | The path that will be used by remote clusters for determining whether the gateway is alive |`/health` |
|`gatewayProbePort` | The port used for liveliness probing |`4181` |
|`gatewayProbeSeconds` | The interval (in seconds) between liveness probes |`3` |
|`gatewayServiceAnnotations` | Additional annotations to add to the gateway service |`{}` |
|`identityTrustDomain` | Trust domain used for identity of the existing linkerd installation |`cluster.local` |
|`installNamespace` | If the namespace should be installed |`true` |
|`linkerdNamespace` | The namespace of the existing Linkerd installation |`linkerd` |
|`linkerdVersion` | Control plane version | latest version |
|`namespace` | Service Mirror component namespace |`linkerd-multicluster` |
|`proxyOutboundPort` | The port on which the proxy accepts outbound traffic |`4140` |
|`remoteMirrorServiceAccountName` | The name (or list of names) of the service account(s) used to allow remote clusters to mirror local services |`linkerd-service-mirror-remote-access-default`|
|`remoteMirrorServiceAccount` | If the remote mirror service account should be installed |`true` |
|`serviceMirror` | If the service mirror component should be installed |`true` |
|`logLevel` | Log level for the Multicluster components |`info` |
|`serviceMirrorRetryLimit` | Number of times update from the remote cluster is allowed to be requeued (retried) |`3` |
|`serviceMirrorUID` | User id under which the Service Mirror shall be ran |`2103` |
|`loadBalancerIP` | Request a specific IP address for the gateway service (e.g. use an IP address you have reserved) |emptyString |
Kubernetes: `>=1.13.0-0`
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| controllerComponentLabel | string | `"linkerd.io/control-plane-component"` | Control plane label. Do not edit |
| createdByAnnotation | string | `"linkerd.io/created-by"` | Annotation label for the proxy create. Do not edit. |
| gateway | bool | `true` | If the gateway component should be installed |
| gatewayLocalProbePath | string | `"/health-local"` | The path that will be used by the local liveness checks to ensure the gateway is alive |
| gatewayLocalProbePort | int | `8888` | The port that will be used by the local liveness checks to ensure the gateway is alive |
| gatewayName | string | `"linkerd-gateway"` | The name of the gateway that will be installed |
| gatewayNginxImage | string | `"nginx"` | The Nginx image |
| gatewayNginxImageVersion | float | `1.17` | The version of the Nginx image |
| gatewayPort | int | `4143` | The port on which all the gateway will accept incoming traffic |
| gatewayProbePath | string | `"/health"` | The path that will be used by remote clusters for determining whether the gateway is alive |
| gatewayProbePort | int | `4181` | The port used for liveliness probing |
| gatewayProbeSeconds | int | `3` | The interval (in seconds) between liveness probes |
| installNamespace | bool | `true` | If the namespace should be installed |
| linkerdVersion | string | `"linkerdVersionValue"` | Control plane version |
| namespace | string | `"linkerd-multicluster"` | Service Mirror component namespace |
| proxyOutboundPort | int | `4140` | The port on which the proxy accepts outbound traffic |
| remoteMirrorServiceAccount | bool | `true` | If the remote mirror service account should be installed |
| remoteMirrorServiceAccountName | string | `"linkerd-service-mirror-remote-access-default"` | The name of the service account used to allow remote clusters to mirror local services |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/linkerd2-multicluster/README.md.gotmpl Normal file
View File

@ -0,0 +1,14 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

22
charts/linkerd2-multicluster/values.yaml
View File

@ -1,18 +1,40 @@
# -- Control plane label. Do not edit
controllerComponentLabel: linkerd.io/control-plane-component
# -- Annotation label for the proxy create. Do not edit.
createdByAnnotation: linkerd.io/created-by
# -- If the gateway component should be installed
gateway: true
# -- The path that will be used by the local liveness checks to ensure the
# gateway is alive
gatewayLocalProbePath: /health-local
# -- The port that will be used by the local liveness checks to ensure the
# gateway is alive
gatewayLocalProbePort: 8888
# -- The name of the gateway that will be installed
gatewayName: linkerd-gateway
# -- The Nginx image
gatewayNginxImage: nginx
# -- The version of the Nginx image
gatewayNginxImageVersion: 1.17
# -- The port on which all the gateway will accept incoming traffic
gatewayPort: 4143
# -- The path that will be used by remote clusters for determining whether the
# gateway is alive
gatewayProbePath: /health
# -- The port used for liveliness probing
gatewayProbePort: 4181
# -- The interval (in seconds) between liveness probes
gatewayProbeSeconds: 3
# -- If the namespace should be installed
installNamespace: true
# -- Control plane version
linkerdVersion: linkerdVersionValue
# -- Service Mirror component namespace
namespace: linkerd-multicluster
# -- The port on which the proxy accepts outbound traffic
proxyOutboundPort: 4140
# -- If the remote mirror service account should be installed
remoteMirrorServiceAccount: true
# -- The name of the service account used to allow remote clusters to mirror
# local services
remoteMirrorServiceAccountName: linkerd-service-mirror-remote-access-default

4
charts/linkerd2/Chart.yaml
View File

@ -1,7 +1,9 @@
apiVersion: "v1"
# this version will be updated by the CI before publishing the Helm tarball
appVersion: edge-XX.X.X
description: Linkerd gives you observability, reliability, and security for your microservices — with no code change required.
description: |
Linkerd gives you observability, reliability, and security
for your microservices — with no code change required.
home: https://linkerd.io
keywords:
- service-mesh

315
charts/linkerd2/README.md
View File

@ -1,9 +1,13 @@
# Linkerd2 Helm Chart
# linkerd2
Linkerd is a *service mesh*, designed to give platform-wide observability,
reliability, and security without requiring configuration or code changes.
Linkerd gives you observability, reliability, and security
for your microservices — with no code change required.
Linkerd is a Cloud Native Computing Foundation ([CNCF][cncf]) project.
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square)
**Homepage:** <https://linkerd.io>
## Quickstart and documentation
@ -29,7 +33,6 @@ Note that the provided certificates must be ECDSA certificates.
```bash
# To add the repo for Linkerd2 stable releases:
helm repo add linkerd https://helm.linkerd.io/stable
# To add the repo for Linkerd2 edge releases:
helm repo add linkerd-edge https://helm.linkerd.io/edge
```
@ -79,179 +82,6 @@ helm install \
linkerd/linkerd2
```
## Configuration
The following table lists the configurable parameters of the Linkerd2 chart and
their default values.
| Parameter | Description | Default |
|:--------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------|
| `controllerImage` | Docker image for the controller, tap and identity components | `ghcr.io/linkerd/controller` |
| `controllerReplicas` | Number of replicas for each control plane pod | `1` |
| `controllerUID` | User ID for the control plane components | `2103` |
| `dashboard.replicas` | Number of replicas of dashboard | `1` |
| `debugContainer.image.name` | Docker image for the debug container | `ghcr.io/linkerd/debug` |
| `debugContainer.image.pullPolicy` | Pull policy for the debug container Docker image | `IfNotPresent` |
| `debugContainer.image.version` | Tag for the debug container Docker image | latest version |
| `destinationResources` | CPU and Memory resources required by destination (see `global.proxy.resources` for sub-fields) | |
| `destinationProxyResources` | CPU and Memory resources required by proxy injected into destination pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
| `disableHeartBeat` | Set to true to not start the heartbeat cronjob | `false` |
| `enableH2Upgrade` | Allow proxies to perform transparent HTTP/2 upgrading | `true` |
| `global.clusterDomain` | Kubernetes DNS Domain name to use | `cluster.local` |
| `global.clusterNetworks` | The networks that may include pods & services in this cluscter | `10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16` |
| `global.cniEnabled` | Omit the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed | `false` |
| `global.controllerComponentLabel` | Control plane label. Do not edit | `linkerd.io/control-plane-component` |
| `global.controllerImageVersion` | Tag for the controller container docker image | latest version |
| `global.controllerLogLevel` | Log level for the control plane components | `info` |
| `global.controllerNamespaceLabel` | Control plane label. Do not edit | `linkerd.io/control-plane-ns` |
| `global.grafanaUrl` | URL of external grafana instance configured with reverse proxy, used by the dashboard | |
| `global.podLabels` | Additional labels to add to all pods | `{}` |
| `global.podAnnotations` | Additional annotations to add to all pods | `{}` |
| `global.createdByAnnotation` | Annotation label for the proxy create. Do not edit. | `linkerd.io/created-by` |
| `global.identityTrustAnchorsPEM` | Trust root certificate (ECDSA). It must be provided during install. | |
| `global.identityTrustDomain` | Trust domain used for identity | `cluster.local` |
| `global.imagePullPolicy` | Docker image pull policy | `IfNotPresent` |
| `global.linkerdNamespaceLabel` | Control plane label. Do not edit | `linkerd.io/is-control-plane` |
| `global.linkerdVersion` | Control plane version | latest version |
| `global.namespace` | Control plane namespace | `linkerd` |
| `global.prometheusUrl` | URL of external prometheus instance to perform queries, used by the `public-api` | |
| `global.proxy.cores` | The number of proxy threads to be allocated for each proxy. Must be a whole number, and should be kept in sync with `global.proxy.resources.cpu.limit`, if set. | |
| `global.proxy.enableExternalProfiles` | Enable service profiles for non-Kubernetes services | `false` |
| `global.proxy.image.name` | Docker image for the proxy | `ghcr.io/linkerd/proxy` |
| `global.proxy.image.pullPolicy` | Pull policy for the proxy container Docker image | `IfNotPresent` |
| `global.proxy.image.version` | Tag for the proxy container Docker image | latest version |
| `global.proxy.logLevel` | Log level for the proxy | `warn,linkerd=info` |
| `global.proxy.logFormat` | Log format (`plain` or `json`) for the proxy | `plain` |
| `global.proxy.ports.admin` | Admin port for the proxy container | `4191` |
| `global.proxy.ports.control` | Control port for the proxy container | `4190` |
| `global.proxy.ports.inbound` | Inbound port for the proxy container | `4143` |
| `global.proxy.ports.outbound` | Outbound port for the proxy container | `4140` |
| `global.proxy.resources.cpu.limit` | Maximum amount of CPU units that the proxy can use | |
| `global.proxy.resources.cpu.request` | Amount of CPU units that the proxy requests | |
| `global.proxy.resources.memory.limit` | Maximum amount of memory that the proxy can use | |
| `global.proxy.resources.memory.request` | Amount of memory that the proxy requests | |
| `global.proxy.trace.collectorSvcAccount` | Service account associated with the Trace collector instance | `default` |
| `global.proxy.trace.collectorSvcAddr` | Collector Service address for the proxies to send Trace Data | |
| `global.proxy.uid` | User id under which the proxy runs | `2102` |
| `global.proxy.waitBeforeExitSeconds` | The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. | `0` |
| `global.proxy.outboundConnectTimeout` | Maximum time allowed for the proxy to establish an outbound TCP connection | `1000ms` |
| `global.proxy.inboundConnectTimeout` | Maximum time allowed for the proxy to establish an inbound TCP connection | `100ms` |
| `global.proxyInit.ignoreInboundPorts` | Inbound ports the proxy should ignore | `25,443,587,3306,11211` |
| `global.proxyInit.ignoreOutboundPorts` | Outbound ports the proxy should ignore | `25,443,587,3306,11211` |
| `global.proxyInit.image.name` | Docker image for the proxy-init container | `ghcr.io/linkerd/proxy-init` |
| `global.proxyInit.image.pullPolicy` | Pull policy for the proxy-init container Docker image | `IfNotPresent` |
| `global.proxyInit.image.version` | Tag for the proxy-init container Docker image | latest version |
| `global.proxyInit.resources.cpu.limit` | Maximum amount of CPU units that the proxy-init container can use | `100m` |
| `global.proxyInit.resources.cpu.request` | Amount of CPU units that the proxy-init container requests | `10m` |
| `global.ProxyInit.resources.memory.limit` | Maximum amount of memory that the proxy-init container can use | `50Mi` |
| `global.proxyInit.resources.memory.request` | Amount of memory that the proxy-init container requests | `10Mi` |
| `global.proxyInjectAnnotation` | Annotation label to signal injection. Do not edit. | `linkerd.io/inject` |
| `global.proxyInjectDisabled` | Annotation value to disable injection. Do not edit. | `disabled` |
| `heartbeatSchedule` | Config for the heartbeat cronjob | `0 0 * * *` |
| `identity.issuer.clockSkewAllowance` | Amount of time to allow for clock skew within a Linkerd cluster | `20s` |
| `identity.issuer.crtExpiry` | Expiration timestamp for the issuer certificate. It must be provided during install | |
| `identity.issuer.crtExpiryAnnotation` | Annotation used to identity the issuer certificate expiration timestamp. Do not edit. | `linkerd.io/identity-issuer-expiry` |
| `identity.issuer.issuanceLifetime` | Amount of time for which the Identity issuer should certify identity | `24h0m0s` |
| `identity.issuer.scheme` | Which scheme is used for the identity issuer secret format | `linkerd.io/tls` |
| `identity.issuer.tls.crtPEM` | Issuer certificate (ECDSA). It must be provided during install. | |
| `identity.issuer.tls.keyPEM` | Key for the issuer certificate (ECDSA). It must be provided during install. | |
| `identityResources` | CPU and Memory resources required by the identity controller (see `global.proxy.resources` for sub-fields) | |
| `identityProxyResources` | CPU and Memory resources required by proxy injected into identity pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
| `installNamespace` | Set to false when installing Linkerd in a custom namespace. See the [Linkerd documentation](https://linkerd.io/2/tasks/install-helm/#customizing-the-namespace) for more information. | `true` |
| `omitWebhookSideEffects` | Omit the `sideEffects` flag in the webhook manifests | `false` |
| `proxyInjector.externalSecret` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `proxyInjector.caBundle` must be set (see below). | `false` |
| `proxyInjector.namespaceSelector` | Namespace selector used by admission webhook. If not set defaults to all namespaces without the annotation `config.linkerd.io/admission-webhooks=disabled` | |
| `proxyInjector.crtPEM` | Certificate for the proxy injector. If not provided then Helm will generate one. | |
| `proxyInjector.keyPEM` | Certificate key for the proxy injector. If not provided then Helm will generate one. | |
| `proxyInjector.caBundle` | Bundle of CA certificates for proxy injector. If not provided then Helm will use the certificate generated for `proxyInjector.crtPEM`. If `proxyInjector.externalSecret` is set to true, this value must be set, as no certificate will be generated. | |
| `proxyInjectorResources` | CPU and Memory resources required by the proxy injector (see `global.proxy.resources` for sub-fields) | |
| `proxyInjectorProxyResources` | CPU and Memory resources required by proxy injected into the proxy injector pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
| `profileValidator.externalSecret` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `profileValidator.caBundle` must be set (see below). | false |
| `profileValidator.namespaceSelector` | Namespace selector used by admission webhook. If not set defaults to all namespaces without the annotation `config.linkerd.io/admission-webhooks=disabled` | |
| `profileValidator.crtPEM` | Certificate for the service profile validator. If not provided then Helm will generate one. | |
| `profileValidator.keyPEM` | Certificate key for the service profile validator. If not provided then Helm will generate one. | |
| `profileValidator.caBundle` | Bundle of CA certificates for service profile validator. If not provided then Helm will use the certificate generated for `profileValidator.crtPEM`. If `profileValidator.externalSecret` is set to true, this value must be set, as no certificate will be generated. | |
| `publicAPIResources` | CPU and Memory resources required by controllers publicAPI (see `global.proxy.resources` for sub-fields) | |
| `publicAPIProxyResources` | CPU and Memory resources required by proxy injected into controllers public API pod (see `global.proxy.resources` for sub-fields) | values `global.proxy.resources` |
| `spValidatorResources` | CPU and Memory resources required by the SP validator (see `global.proxy.resources` for sub-fields) | |
| `spValidatorProxyResources` | CPU and Memory resources required by proxy injected into the SP validator pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
| `tap.externalSecret` | Do not create a secret resource for the Tap component. If this is set to `true`, the value `tap.caBundle` must be set (see below). | false |
| `tap.crtPEM` | Certificate for the Tap component. If not provided then Helm will generate one. | |
| `tap.keyPEM` | Certificate key for Tap component. If not provided then Helm will generate one. | |
| `tap.caBundle` | Bundle of CA certificates for Tap component. If not provided then Helm will use the certificate generated for `tap.crtPEM`. If `tap.externalSecret` is set to true, this value must be set, as no certificate will be generated. ||
| `tapResources` | CPU and Memory resources required by tap (see `global.proxy.resources` for sub-fields) | |
| `tapProxyResources` | CPU and Memory resources required by proxy injected into tap pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
| `webhookFailurePolicy` | Failure policy for the proxy injector | `Ignore` |
| `webImage` | Docker image for the web container | `ghcr.io/linkerd/web` |
| `webResources` | CPU and Memory resources required by web UI (see `global.proxy.resources` for sub-fields) | |
| `webProxyResources` | CPU and Memory resources required by proxy injected into web UI pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
| `enforcedHostRegexp` | Host header validation regex for the dashboard. See the [Linkerd documentation](https://linkerd.io/2/tasks/exposing-dashboard) for more information | `""` |
| `nodeSelector` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information | `beta.kubernetes.io/os: linux` |
| `tolerations` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information | |
## Add-Ons Configuration
### Grafana Add-On
The following table lists the configurable parameters for the Grafana Add-On.
| Parameter | Description | Default |
|:--------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------|
| `grafana.enabled` | Flag to enable grafana instance to be installed | `true`
| `grafana.image.name` | Docker image name for the grafana instance | `ghcr.io/linkerd/grafana` |
| `grafana.image.tag` | Docker image tag for the grafana instance | latest version |
| `grafana.resources.cpu.limit` | Maximum amount of CPU units that the grafana container can use ||
| `grafana.resources.cpu.request` | Amount of CPU units that the grafana container requests ||
| `grafana.resources.memory.limit` | Maximum amount of memory that grafana container can use ||
| `grafana.resources.memory.request` | Amount of memory that the grafana container requests ||
| `grafana.proxy.resources` | Structure analog to the `resources` fields above, but overriding the resources of the linkerd proxy injected into the grafana pod. | values in `global.proxy.resources` of the linkerd2 chart. |
### Prometheus Add-On
The following table lists the configurable parameters for the Prometheus Add-On.
| Parameter | Description | Default |
|:--------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------|
| `prometheus.enabled` | Flag to enable prometheus instance to be installed | `true` |
| `prometheus.alert_relabel_configs` | Alert relabeling is applied to alerts before they are sent to the Alertmanager. | `[]` |
| `prometheus.alertManagers` | Alertmanager instances the Prometheus server sends alerts to configured via the static_configs parameter. | `[]` |
| `prometheus.args` | Command line options for Prometheus binary | `storage.tsdb.path: /data, storage.tsdb.retention.time: 6h, config.file: /etc/prometheus/prometheus.yml, log.level: info` |
| `prometheus.globalConfig` | The global configuration specifies parameters that are valid in all other configuration contexts. | `scrape_interval: 10s, scrape_timeout: 10s, evaluation_interval: 10s` |
| `prometheus.image` | Docker image for the prometheus instance | `prom/prometheus:v2.19.3` |
| `prometheus.proxy.resources` | CPU and Memory resources required by proxy injected into prometheus pod (see `global.proxy.resources` for sub-fields) | values in `global.proxy.resources` |
| `prometheus.persistence.storageClass` | Storage class used to create prometheus data PV. | `nil` |
| `prometheus.persistence.accessMode` | PVC access mode. | `ReadWriteOnce` |
| `prometheus.persistence.size` | Prometheus data volume size. | `8Gi` |
| `prometheus.remoteWrite` | Allows transparently sending samples to an endpoint. Mostly used for long term storage. ||
| `prometheus.resources.cpu.limit` | Maximum amount of CPU units that the prometheus container can use ||
| `prometheus.resources.cpu.request` | Amount of CPU units that the prometheus container requests ||
| `prometheus.resources.memory.limit` | Maximum amount of memory that prometheus container can use ||
| `prometheus.resources.memory.request` | Amount of memory that the prometheus container requests ||
| `prometheus.ruleConfigMapMounts` | Alerting/recording rule ConfigMap mounts (sub-path names must end in `_rules.yml` or `_rules.yaml`) | `[]` |
| `prometheus.scrapeConfigs` | A scrape_config section specifies a set of targets and parameters describing how to scrape them. | `[]` |
| `prometheus.sidecarContainers` | A sidecarContainers section specifies a list of secondary containers to run in the prometheus pod e.g. to export data to non-prometheus systems | `[]` |
Most of the above configuration match directly with the official Prometheus
configuration which can be found [here](https://prometheus.io/docs/prometheus/latest/configuration/configuration)
### Tracing Add-On
The following table lists the configurable parameters for the Tracing Add-On.
| Parameter | Description | Default |
|:---------------------------------------------|:-----------------------------------------------------------------------|:---------------------------------------|
| `tracing.enabled` | Flag to enable tracing components to be installed | `false` |
| `tracing.collector.image` | Docker image for the trace collector | `omnition/opencensus-collector:0.1.10` |
| `tracing.collector.resources.cpu.limit` | Maximum amount of CPU units that the trace collector container can use | |
| `tracing.collector.resources.cpu.request` | Amount of CPU units that the trace collector container requests | |
| `tracing.collector.resources.memory.limit` | Maximum amount of memory that the trace collector container can use | |
| `tracing.collector.resources.memory.request` | Amount of memory that the trace collector container requests | |
| `tracing.jaeger.image` | Docker image for the jaeger instance | `jaegertracing/all-in-one:1.19.2` |
| `tracing.jaeger.resources.cpu.limit` | Maximum amount of CPU units that the jaeger container can use | |
| `tracing.jaeger.resources.cpu.request` | Amount of CPU units that the jaeger container requests | |
| `tracing.jaeger.resources.memory.limit` | Maximum amount of memory that the jaeger container can use | |
| `tracing.jaeger.resources.memory.request` | Amount of memory that the jaeger container requests | |
## Get involved
* Check out Linkerd's source code at [Github][linkerd2].
@ -269,3 +99,132 @@ The following table lists the configurable parameters for the Tracing Add-On.
[linkerd-users]: https://lists.cncf.io/g/cncf-linkerd-users
[slack]: http://slack.linkerd.io
[twitter]: https://twitter.com/linkerd
## Addons for linkerd
For the linkerd application there are some addons that can be configured. The
documentation for the configurations of the addons can be found in their
respective readme.md
[Prometheus](https://github.com/linkerd/linkerd2/blob/main/charts/add-ons/prometheus/README.md)
[Grafana](https://github.com/linkerd/linkerd2/blob/main/charts/add-ons/grafana/README.md)
[Tracing](https://github.com/linkerd/linkerd2/blob/main/charts/add-ons/tracing/README.md)
## Requirements
Kubernetes: `>=1.13.0-0`
| Repository | Name | Version |
|------------|------|---------|
| file://../add-ons/grafana | grafana | 0.1.0 |
| file://../add-ons/prometheus | prometheus | 0.1.0 |
| file://../add-ons/tracing | tracing | 0.1.0 |
| file://../partials | partials | 0.1.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| controllerImage | string | `"ghcr.io/linkerd/controller"` | Docker image for the controller, tap and identity components |
| controllerReplicas | int | `1` | Number of replicas for each control plane pod |
| controllerUID | int | `2103` | User ID for the control plane components |
| dashboard.replicas | int | `1` | Number of replicas of dashboard |
| debugContainer.image.name | string | `"ghcr.io/linkerd/debug"` | Docker image for the debug container |
| debugContainer.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the debug container Docker image |
| debugContainer.image.version | string | `"linkerdVersionValue"` | Tag for the debug container Docker image |
| disableHeartBeat | bool | `false` | Set to true to not start the heartbeat cronjob |
| enableH2Upgrade | bool | `true` | Allow proxies to perform transparent HTTP/2 upgrading |
| enforcedHostRegexp | string | `""` | Host header validation regex for the dashboard. See the [Linkerd documentation](https://linkerd.io/2/tasks/exposing-dashboard) for more information |
| global.clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use |
| global.clusterNetworks | string | `"10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"` | The cluster networks for which service discovery is performed. This should include the pod network but need not include the node network. By default, all private networks are specified so that resolution works in typical Kubernetes environments. |
| global.cniEnabled | bool | `false` | enabling this omits the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed |
| global.controlPlaneTracing | bool | `false` | control plane trace configuration |
| global.controllerComponentLabel | string | `"linkerd.io/control-plane-component"` | Control plane label. Do not edit |
| global.controllerLogLevel | string | `"info"` | Log level for the control plane components |
| global.controllerNamespaceLabel | string | `"linkerd.io/control-plane-ns"` | Control plane label. Do not edit |
| global.createdByAnnotation | string | `"linkerd.io/created-by"` | Annotation label for the proxy create. Do not edit. |
| global.enableEndpointSlices | bool | `false` | enables the use of EndpointSlice informers for the destination service; enableEndpointSlices should be set to true only if EndpointSlice K8s feature gate is on; the feature is still experimental. |
| global.grafanaUrl | string | `""` | url of external grafana instance with reverse proxy configured. |
| global.identityTrustAnchorsPEM | string | `""` | Trust root certificate (ECDSA). It must be provided during install. |
| global.identityTrustDomain | string | `"cluster.local"` | Trust domain used for identity |
| global.imagePullPolicy | string | `"IfNotPresent"` | Docker image pull policy |
| global.imagePullSecrets | list | `[]` | For Private docker registries, authentication is needed. Registry secrets are applied to the respective service accounts |
| global.linkerdNamespaceLabel | string | `"linkerd.io/is-control-plane"` | Control plane label. Do not edit |
| global.linkerdVersion | string | `"linkerdVersionValue"` | control plane version. See Proxy section for proxy version |
| global.namespace | string | `"linkerd"` | Control plane namespace |
| global.podAnnotations | object | `{}` | Additional annotations to add to all pods |
| global.podLabels | object | `{}` | Additional labels to add to all pods |
| global.prometheusUrl | string | `""` | url of existing prometheus |
| global.proxy.cores | int | `0` | The `cpu.limit` and `cores` should be kept in sync. The value of `cores` must be an integer and should typically be set by rounding up from the limit. E.g. if cpu.limit is '1500m', cores should be 2. |
| global.proxy.enableExternalProfiles | bool | `false` | Enable service profiles for non-Kubernetes services |
| global.proxy.image.name | string | `"ghcr.io/linkerd/proxy"` | Docker image for the proxy |
| global.proxy.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the proxy container Docker image |
| global.proxy.image.version | string | `"linkerdVersionValue"` | Tag for the proxy container Docker image |
| global.proxy.inboundConnectTimeout | string | `"100ms"` | Maximum time allowed for the proxy to establish an inbound TCP connection |
| global.proxy.logFormat | string | `"plain"` | Log format (`plain` or `json`) for the proxy |
| global.proxy.logLevel | string | `"warn,linkerd=info"` | Log level for the proxy |
| global.proxy.outboundConnectTimeout | string | `"1000ms"` | Maximum time allowed for the proxy to establish an outbound TCP connection |
| global.proxy.ports.admin | int | `4191` | Admin port for the proxy container |
| global.proxy.ports.control | int | `4190` | Control port for the proxy container |
| global.proxy.ports.inbound | int | `4143` | Inbound port for the proxy container |
| global.proxy.ports.outbound | int | `4140` | Outbound port for the proxy container |
| global.proxy.requireIdentityOnInboundPorts | string | `""` | |
| global.proxy.resources.cpu.limit | string | `""` | Maximum amount of CPU units that the proxy can use |
| global.proxy.resources.cpu.request | string | `""` | Amount of CPU units that the proxy requests |
| global.proxy.resources.memory.limit | string | `""` | Maximum amount of memory that the proxy can use |
| global.proxy.resources.memory.request | string | `""` | Maximum amount of memory that the proxy requests |
| global.proxy.trace.collectorSvcAccount | string | `"default"` | Service account associated with the Trace collector instance |
| global.proxy.trace.collectorSvcAddr | string | `""` | Collector Service address for the proxies to send Trace Data |
| global.proxy.uid | int | `2102` | User id under which the proxy runs |
| global.proxy.waitBeforeExitSeconds | int | `0` | If set the proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. See [Lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks) for more info on container lifecycle hooks. |
| global.proxyInit.closeWaitTimeoutSecs | int | `0` | |
| global.proxyInit.ignoreInboundPorts | string | `"25,443,587,3306,11211"` | Default set of ports to skip via itpables: - SMTP (25,587) server-first - HTTPS (443) opaque TLS - MYSQL (3306) server-first - Memcached (11211) clients do not issue any preamble, which breaks detection |
| global.proxyInit.ignoreOutboundPorts | string | `"25,443,587,3306,11211"` | Default set of ports to skip via itpables, same defaults as InboudPorts |
| global.proxyInit.image.name | string | `"ghcr.io/linkerd/proxy-init"` | Docker image for the proxy-init container |
| global.proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the proxy-init container Docker image |
| global.proxyInit.image.version | string | `"v1.3.8"` | Tag for the proxy-init container Docker image |
| global.proxyInit.resources.cpu.limit | string | `"100m"` | Maximum amount of CPU units that the proxy-init container can use |
| global.proxyInit.resources.cpu.request | string | `"10m"` | Amount of CPU units that the proxy-init container requests |
| global.proxyInit.resources.memory.limit | string | `"50Mi"` | Maximum amount of memory that the proxy-init container can use |
| global.proxyInit.resources.memory.request | string | `"10Mi"` | Amount of memory that the proxy-init container requests |
| global.proxyInit.xtMountPath.mountPath | string | `"/run"` | |
| global.proxyInit.xtMountPath.name | string | `"linkerd-proxy-init-xtables-lock"` | |
| global.proxyInjectAnnotation | string | `"linkerd.io/inject"` | Annotation label to signal injection. Do not edit. |
| global.proxyInjectDisabled | string | `"disabled"` | Annotation value to disable injection. Do not edit. |
| global.workloadNamespaceLabel | string | `"linkerd.io/workload-ns"` | |
| grafana.enabled | bool | `true` | |
| heartbeatSchedule | string | `"0 0 * * *"` | Config for the heartbeat cronjob |
| identity.issuer.clockSkewAllowance | string | `"20s"` | Amount of time to allow for clock skew within a Linkerd cluster |
| identity.issuer.crtExpiry | string | `nil` | Expiration timestamp for the issuer certificate. It must be provided during install. Must match the expiry date in crtPEM |
| identity.issuer.crtExpiryAnnotation | string | `"linkerd.io/identity-issuer-expiry"` | Annotation used to identity the issuer certificate expiration timestamp. Do not edit. |
| identity.issuer.issuanceLifetime | string | `"24h0m0s"` | Amount of time for which the Identity issuer should certify identity |
| identity.issuer.scheme | string | `"linkerd.io/tls"` | |
| identity.issuer.tls | object | `{"crtPEM":"","keyPEM":""}` | Which scheme is used for the identity issuer secret format |
| identity.issuer.tls.crtPEM | string | `""` | Issuer certificate (ECDSA). It must be provided during install. |
| identity.issuer.tls.keyPEM | string | `""` | Key for the issuer certificate (ECDSA). It must be provided during install |
| installNamespace | bool | `true` | Set to false when installing Linkerd in a custom namespace. See the [Linkerd documentation](https://linkerd.io/2/tasks/install-helmcustomizing-the-namespace) for more information. |
| nodeSelector | object | `{"beta.kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
| omitWebhookSideEffects | bool | `false` | Omit the `sideEffects` flag in the webhook manifests |
| profileValidator.caBundle | string | `""` | Bundle of CA certificates for service profile validator. If not provided then Helm will use the certificate generated for `profileValidator.crtPEM`. If `profileValidator.externalSecret` is set to true, this value must be set, as no certificate will be generated. |
| profileValidator.crtPEM | string | `""` | Certificate for the service profile validator. If not provided then Helm will generate one. |
| profileValidator.externalSecret | bool | `false` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `profileValidator.caBundle` must be set (see below). |
| profileValidator.keyPEM | string | `""` | Certificate key for the service profile validator. If not provided then Helm will generate one. |
| profileValidator.namespaceSelector | object | `{"matchExpressions":[{"key":"config.linkerd.io/admission-webhooks","operator":"NotIn","values":["disabled"]}]}` | Namespace selector used by admission webhook |
| prometheus.enabled | bool | `true` | |
| proxyInjector.caBundle | string | `""` | Bundle of CA certificates for proxy injector. If not provided then Helm will use the certificate generated for `proxyInjector.crtPEM`. If `proxyInjector.externalSecret` is set to true, this value must be set, as no certificate will be generated. |
| proxyInjector.crtPEM | string | `""` | Certificate for the proxy injector. If not provided then Helm will generate one. |
| proxyInjector.externalSecret | bool | `false` | Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `proxyInjector.caBundle` must be set (see below) |
| proxyInjector.keyPEM | string | `""` | Certificate key for the proxy injector. If not provided then Helm will generate one. |
| proxyInjector.namespaceSelector | object | `{"matchExpressions":[{"key":"config.linkerd.io/admission-webhooks","operator":"NotIn","values":["disabled"]}]}` | Namespace selector used by admission webhook. If not set defaults to all namespaces without the annotation config.linkerd.io/admission-webhooks=disabled |
| tap.caBundle | string | `""` | Bundle of CA certificates for Tap component. If not provided then Helm will use the certificate generated for `tap.crtPEM`. If `tap.externalSecret` is set to true, this value must be set, as no certificate will be generated. |
| tap.crtPEM | string | `""` | Certificate for the Tap component. If not provided then Helm will generate one. |
| tap.externalSecret | bool | `false` | Do not create a secret resource for the Tap component. If this is set to `true`, the value `tap.caBundle` must be set (see below). |
| tap.keyPEM | string | `""` | Certificate key for Tap component. If not provided then Helm will generate one. |
| tracing.enabled | bool | `false` | |
| webImage | string | `"ghcr.io/linkerd/web"` | |
| webhookFailurePolicy | string | `"Ignore"` | Failure policy for the proxy injector |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

118
charts/linkerd2/README.md.gotmpl Normal file
View File

@ -0,0 +1,118 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
## Quickstart and documentation
You can run Linkerd on any Kubernetes 1.13+ cluster in a matter of seconds. See
the [Linkerd Getting Started Guide][getting-started] for how.
For more comprehensive documentation, start with the [Linkerd
docs][linkerd-docs].
## Prerequisite: identity certificates
The identity component of Linkerd requires setting up a trust anchor
certificate, and an issuer certificate with its key. These need to be provided
to Helm by the user (unlike when using the `linkerd install` CLI which can
generate these automatically). You can provide your own, or follow [these
instructions](https://linkerd.io/2/tasks/generate-certificates/) to generate new
ones.
Note that the provided certificates must be ECDSA certificates.
## Adding Linkerd's Helm repository
```bash
# To add the repo for Linkerd2 stable releases:
helm repo add linkerd https://helm.linkerd.io/stable
# To add the repo for Linkerd2 edge releases:
helm repo add linkerd-edge https://helm.linkerd.io/edge
```
The following instructions use the `linkerd` repo. For installing an edge
release, just replace with `linkerd-edge`.
## Installing the chart
You must provide the certificates and keys described in the preceding section,
and the same expiration date you used to generate the Issuer certificate.
In this example we set the expiration date to one year ahead:
```bash
helm install \
--set-file global.identityTrustAnchorsPEM=ca.crt \
--set-file identity.issuer.tls.crtPEM=issuer.crt \
--set-file identity.issuer.tls.keyPEM=issuer.key \
--set identity.issuer.crtExpiry=$(date -d '+8760 hour' +"%Y-%m-%dT%H:%M:%SZ") \
linkerd/linkerd2
```
## Setting High-Availability
Besides the default `values.yaml` file, the chart provides a `values-ha.yaml`
file that overrides some default values as to set things up under a
high-availability scenario, analogous to the `--ha` option in `linkerd install`.
Values such as higher number of replicas, higher memory/cpu limits and
affinities are specified in that file.
You can get ahold of `values-ha.yaml` by fetching the chart files:
```bash
helm fetch --untar linkerd/linkerd2
```
Then use the `-f` flag to provide the override file, for example:
```bash
helm install \
--set-file global.identityTrustAnchorsPEM=ca.crt \
--set-file identity.issuer.tls.crtPEM=issuer.crt \
--set-file identity.issuer.tls.keyPEM=issuer.key \
--set identity.issuer.crtExpiry=$(date -d '+8760 hour' +"%Y-%m-%dT%H:%M:%SZ") \
-f linkerd2/values-ha.yaml
linkerd/linkerd2
```
## Get involved
* Check out Linkerd's source code at [Github][linkerd2].
* Join Linkerd's [user mailing list][linkerd-users], [developer mailing
list][linkerd-dev], and [announcements mailing list][linkerd-announce].
* Follow [@linkerd][twitter] on Twitter.
* Join the [Linkerd Slack][slack].
[cncf]: https://www.cncf.io/
[getting-started]: https://linkerd.io/2/getting-started/
[linkerd2]: https://github.com/linkerd/linkerd2
[linkerd-announce]: https://lists.cncf.io/g/cncf-linkerd-announce
[linkerd-dev]: https://lists.cncf.io/g/cncf-linkerd-dev
[linkerd-docs]: https://linkerd.io/2/overview/
[linkerd-users]: https://lists.cncf.io/g/cncf-linkerd-users
[slack]: http://slack.linkerd.io
[twitter]: https://twitter.com/linkerd
## Addons for linkerd
For the linkerd application there are some addons that can be configured. The
documentation for the configurations of the addons can be found in their
respective readme.md
[Prometheus](https://github.com/linkerd/linkerd2/blob/main/charts/add-ons/prometheus/README.md)
[Grafana](https://github.com/linkerd/linkerd2/blob/main/charts/add-ons/grafana/README.md)
[Tracing](https://github.com/linkerd/linkerd2/blob/main/charts/add-ons/tracing/README.md)
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

205
charts/linkerd2/values.yaml
View File

@ -4,199 +4,262 @@
# Values that are passed along to sub-charts
global:
# The kubernetes cluster domain.
# -- Kubernetes DNS Domain name to use
clusterDomain: &cluster_domain cluster.local
# The cluster networks for which service discovery is performed. This should
# -- The cluster networks for which service discovery is performed. This should
# include the pod network but need not include the node network.
#
# By default, all private networks are specified so that resolution works in
# typical Kubernetes environments.
clusterNetworks: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"
# -- Docker image pull policy
imagePullPolicy: &image_pull_policy IfNotPresent
# -- Log level for the control plane components
controllerLogLevel: &controller_log_level info
# control plane trace configuration
# -- control plane trace configuration
controlPlaneTracing: false
# control plane version. See Proxy section for proxy version
# -- control plane version. See Proxy section for proxy version
linkerdVersion: &linkerd_version linkerdVersionValue
# -- Control plane namespace
namespace: linkerd
# enables the use of EndpointSlice informers for the destination service;
# enableEndpointSlices should be set to true only if EndpointSlice K8s feature gate is on;
# the feature is still experimental.
# -- enables the use of EndpointSlice informers for the destination service;
# enableEndpointSlices should be set to true only if EndpointSlice K8s feature
# gate is on; the feature is still experimental.
enableEndpointSlices: false
# enabling this omits the NET_ADMIN capability in the PSP
# -- enabling this omits the NET_ADMIN capability in the PSP
# and the proxy-init container when injecting the proxy;
# requires the linkerd-cni plugin to already be installed
cniEnabled: false
# -- Trust root certificate (ECDSA). It must be provided during install.
identityTrustAnchorsPEM: |
# -- Trust domain used for identity
identityTrustDomain: *cluster_domain
# url of existing prometheus
# -- url of existing prometheus
prometheusUrl: ""
# url of external grafana instance with reverse proxy configured
# -- url of external grafana instance with reverse proxy configured.
grafanaUrl: ""
# Additional annotations to add to all pods
# -- Additional annotations to add to all pods
podAnnotations: {}
# Additional labels to add to all pods
# -- Additional labels to add to all pods
podLabels: {}
# proxy configuration
proxy:
# -- Enable service profiles for non-Kubernetes services
enableExternalProfiles: false
# -- Maximum time allowed for the proxy to establish an outbound TCP
# connection
outboundConnectTimeout: 1000ms
# -- Maximum time allowed for the proxy to establish an inbound TCP
# connection
inboundConnectTimeout: 100ms
image:
# -- Docker image for the proxy
name: ghcr.io/linkerd/proxy
# -- Pull policy for the proxy container Docker image
pullPolicy: *image_pull_policy
# -- Tag for the proxy container Docker image
version: *linkerd_version
# -- Log level for the proxy
logLevel: warn,linkerd=info
# -- Log format (`plain` or `json`) for the proxy
logFormat: plain
ports:
# -- Admin port for the proxy container
admin: 4191
# -- Control port for the proxy container
control: 4190
# -- Inbound port for the proxy container
inbound: 4143
# -- Outbound port for the proxy container
outbound: 4140
# The `cpu.limit` and `cores` should be kept in sync. The value of `cores`
# -- The `cpu.limit` and `cores` should be kept in sync. The value of `cores`
# must be an integer and should typically be set by rounding up from the
# limit. E.g. if cpu.limit is '1500m', cores should be 2.
cores: 0
resources:
cpu:
# -- Maximum amount of CPU units that the proxy can use
limit: ""
# -- Amount of CPU units that the proxy requests
request: ""
memory:
# -- Maximum amount of memory that the proxy can use
limit: ""
# -- Maximum amount of memory that the proxy requests
request: ""
trace:
# -- Collector Service address for the proxies to send Trace Data
collectorSvcAddr: ""
# -- Service account associated with the Trace collector instance
collectorSvcAccount: default
# -- User id under which the proxy runs
uid: 2102
# If set, the proxy's pre-stop hook will postpone the Kubernetes's SIGTERM signal
# and wait for this duration before letting the proxy process the SIGTERM signal.
# See https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
# -- If set the proxy sidecar will stay alive for at
# least the given period before receiving SIGTERM signal from Kubernetes but
# no longer than pod's `terminationGracePeriodSeconds`. See [Lifecycle
# hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
# for more info on container lifecycle hooks.
waitBeforeExitSeconds: 0
requireIdentityOnInboundPorts: ""
# proxy-init configuration
proxyInit:
# Default set of ports to skip via itpables:
# -- Default set of ports to skip via itpables:
# - SMTP (25,587) server-first
# - HTTPS (443) opaque TLS
# - MYSQL (3306) server-first
# - Memcached (11211) clients do not issue any preamble, which breaks detection
ignoreInboundPorts: "25,443,587,3306,11211"
# -- Default set of ports to skip via itpables, same defaults as InboudPorts
ignoreOutboundPorts: "25,443,587,3306,11211"
image:
# -- Docker image for the proxy-init container
name: ghcr.io/linkerd/proxy-init
# -- Pull policy for the proxy-init container Docker image
pullPolicy: *image_pull_policy
# -- Tag for the proxy-init container Docker image
version: v1.3.8
resources:
cpu:
# -- Maximum amount of CPU units that the proxy-init container can use
limit: 100m
# -- Amount of CPU units that the proxy-init container requests
request: 10m
memory:
# -- Maximum amount of memory that the proxy-init container can use
limit: 50Mi
# -- Amount of memory that the proxy-init container requests
request: 10Mi
closeWaitTimeoutSecs: 0
xtMountPath:
mountPath: /run
name: linkerd-proxy-init-xtables-lock
# control plane annotations - do not edit
# -- Annotation label for the proxy create. Do not edit.
createdByAnnotation: linkerd.io/created-by
# -- Annotation label to signal injection. Do not edit.
proxyInjectAnnotation: linkerd.io/inject
# -- Annotation value to disable injection. Do not edit.
proxyInjectDisabled: disabled
# control plane labels - do not edit
# -- Control plane label. Do not edit
controllerComponentLabel: linkerd.io/control-plane-component
# -- Control plane label. Do not edit
controllerNamespaceLabel: linkerd.io/control-plane-ns
# -- Control plane label. Do not edit
linkerdNamespaceLabel: linkerd.io/is-control-plane
workloadNamespaceLabel: linkerd.io/workload-ns
# For Private docker registries, authentication is needed.
# -- For Private docker registries, authentication is needed.
# Registry secrets are applied to the respective service accounts
imagePullSecrets: []
# - name: my-private-docker-registry-login-secret
# enforced host validation regular expression
# -- Host header validation regex for the dashboard. See the [Linkerd
# documentation](https://linkerd.io/2/tasks/exposing-dashboard) for more
# information
enforcedHostRegexp: ""
# -- Allow proxies to perform transparent HTTP/2 upgrading
enableH2Upgrade: true
# -- Omit the `sideEffects` flag in the webhook manifests
omitWebhookSideEffects: false
# -- Failure policy for the proxy injector
webhookFailurePolicy: Ignore
# controller configuration
# controllerImage -- Docker image for the controller, tap and identity
# components
controllerImage: ghcr.io/linkerd/controller
# -- Number of replicas for each control plane pod
controllerReplicas: 1
# -- User ID for the control plane components
controllerUID: 2103
# destination configuration
# set resources for the sp-validator and its linkerd proxy respectively
# see global.proxy.resources for details.
# destinationResources -- CPU and Memory resources required by destination (see `global.proxy.resources` for sub-fields)
#destinationResources:
#destinationProxyResources -- CPU and Memory resources required by proxy
# injected into destination pod (see `global.proxy.resources` for sub-fields)
#destinationProxyResources:
# web dashboard configuration
dashboard:
# -- Number of replicas of dashboard
replicas: 1
# debug configuration
debugContainer:
image:
# -- Docker image for the debug container
name: ghcr.io/linkerd/debug
# -- Pull policy for the debug container Docker image
pullPolicy: *image_pull_policy
# -- Tag for the debug container Docker image
version: *linkerd_version
# identity configuration
identity:
issuer:
scheme: linkerd.io/tls
# -- Amount of time to allow for clock skew within a Linkerd cluster
clockSkewAllowance: 20s
# must match the expiry date in crtPEM
# -- Expiration timestamp for the issuer certificate. It must be provided during install. Must match the expiry date in crtPEM
crtExpiry:
# control plane annotation - do not edit
# -- Annotation used to identity the issuer certificate expiration timestamp. Do not edit.
crtExpiryAnnotation: linkerd.io/identity-issuer-expiry
# -- Amount of time for which the Identity issuer should certify identity
issuanceLifetime: 24h0m0s
# -- Which scheme is used for the identity issuer secret format
tls:
# PEM-encoded certificate
# -- Issuer certificate (ECDSA). It must be provided during install.
crtPEM: |
# PEM-encoded ECDSA private key
# -- Key for the issuer certificate (ECDSA). It must be provided during
# install
keyPEM: |
# set resources for identity and its linkerd proxy respectively
# see global.proxy.resources for details.
# -|- CPU and Memory resources required by the identity controller (see `global.proxy.resources` for sub-fields)
#identityResources:
# -|- CPU and Memory resources required by proxy injected into identity pod (see `global.proxy.resources` for sub-fields)
#identityProxyResources:
# heartbeat configuration
# disableHeartBeat -- Set to true to not start the heartbeat cronjob
disableHeartBeat: false
# -- Config for the heartbeat cronjob
heartbeatSchedule: "0 0 * * *"
# proxy injector configuration
proxyInjector:
# -- Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `proxyInjector.caBundle` must be set (see below)
externalSecret: false
# Namespace selector used by admission webhook
# -- Namespace selector used by admission webhook. If not set defaults to all
# namespaces without the annotation
# config.linkerd.io/admission-webhooks=disabled
namespaceSelector:
matchExpressions:
- key: config.linkerd.io/admission-webhooks
@ -204,24 +267,28 @@ proxyInjector:
values:
- disabled
# if empty, Helm will auto-generate these fields
# -- Certificate for the proxy injector. If not provided then Helm will generate one.
crtPEM: |
# -- Certificate key for the proxy injector. If not provided then Helm will generate one.
keyPEM: |
# if empty, Helm will auto-generate this field, unless externalSecret is set to true.
# -- Bundle of CA certificates for proxy injector. If not provided then Helm will use the certificate generated for `proxyInjector.crtPEM`. If `proxyInjector.externalSecret` is set to true, this value must be set, as no certificate will be generated.
caBundle: |
# set resources for proxy injector and its linkerd proxy respectively
# see global.proxy.resources for details.
# -|- CPU and Memory resources required by the proxy injector (see
#`global.proxy.resources` for sub-fields)
#proxyInjectorResources:
#-|- CPU and Memory resources required by proxy injected into the proxy injector
#pod (see `global.proxy.resources` for sub-fields)
#proxyInjectorProxyResources:
# service profile validator configuration
profileValidator:
# -- Do not create a secret resource for the profileValidator webhook. If this is set to `true`, the value `profileValidator.caBundle` must be set (see below).
externalSecret: false
# Namespace selector used by admission webhook
# -- Namespace selector used by admission webhook
namespaceSelector:
matchExpressions:
- key: config.linkerd.io/admission-webhooks
@ -229,45 +296,68 @@ profileValidator:
values:
- disabled
# if empty, Helm will auto-generate these fields
# -- Certificate for the service profile validator. If not provided then Helm
# will generate one.
crtPEM: |
# -- Certificate key for the service profile validator. If not provided then
# Helm will generate one.
keyPEM: |
# if empty, Helm will auto-generate this field, unless externalSecret is set to true.
# -- Bundle of CA certificates for service profile validator. If not provided
# then Helm will use the certificate generated for `profileValidator.crtPEM`.
# If `profileValidator.externalSecret` is set to true, this value must be set,
# as no certificate will be generated.
caBundle: |
# set resources for the sp-validator and its linkerd proxy respectively
# see global.proxy.resources for details.
# -|- CPU and Memory resources required by the SP validator (see
#`global.proxy.resources` for sub-fields)
#spValidatorResources:
# -|- CPU and Memory resources required by proxy injected into the SP validator
#pod (see `global.proxy.resources` for sub-fields)
#spValidatorProxyResources:
# set resources for controllers public API and its linkerd proxy respectively
# see global.proxy.resources for details.
# -|- CPU and Memory resources required by controllers publicAPI (see
#`global.proxy.resources` for sub-fields)
#publicAPIResources:
#-|- CPU and Memory resources required by proxy injected into controllers public
#API pod (see `global.proxy.resources` for sub-fields) values
#`global.proxy.resources`
#publicAPIProxyResources:
# tap configuration
tap:
# -- Do not create a secret resource for the Tap component. If this is set to
# `true`, the value `tap.caBundle` must be set (see below).
externalSecret: false
# if empty, Helm will auto-generate these fields
# -- Certificate for the Tap component. If not provided then Helm will
# generate one.
crtPEM: |
# -- Certificate key for Tap component. If not provided then Helm will
# generate one.
keyPEM: |
# if empty, Helm will auto-generate this field, unless externalSecret is set to true.
# -- Bundle of CA certificates for Tap component. If not provided then Helm
# will use the certificate generated for `tap.crtPEM`. If
# `tap.externalSecret` is set to true, this value must be set, as no
# certificate will be generated.
caBundle: |
# set resources for tap and its linkerd proxy respectively
# see global.proxy.resources for details.
# -|- CPU and Memory resources required by tap (see `global.proxy.resources` for
#sub-fields)
#tapResources:
# -|- CPU and Memory resources required by proxy injected into tap pod (see
#`global.proxy.resources` for sub-fields)
#tapProxyResources:
# web configuration
# -- Docker image for the web container
webImage: ghcr.io/linkerd/web
# set resources for web UI and its linkerd proxy respectively
# see global.proxy.resources for details.
# -<- CPU and Memory resources required by web UI (see `global.proxy.resources`
#for sub-fields)
#webResources:
# -|- CPU and Memory resources required by proxy injected into web UI pod (see
#`global.proxy.resources` for sub-fields)
#webProxyResources:
@ -276,15 +366,20 @@ webImage: ghcr.io/linkerd/web
# - The namespace created by the external tool must match the namespace value above
# - The external tool needs to create the namespace with the label:
# config.linkerd.io/admission-webhooks: disabled
# installNamespace -- Set to false when installing Linkerd in a custom namespace. See the
# [Linkerd documentation](https://linkerd.io/2/tasks/install-helmcustomizing-the-namespace) for more information.
installNamespace: true
# Node selection constraints for control-plane components
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector.
# -- NodeSelector section, See the [K8S
# documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
# for more information
nodeSelector:
beta.kubernetes.io/os: linux
# Tolerations constraints for control-plane components
# https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
# -|- Tolerations section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
# for more information
#tolerations:
# Configuration for Add-ons

4
charts/partials/Chart.yaml
View File

@ -1,4 +1,6 @@
apiVersion: v1
description: A Helm chart containing Linkerd partial templates, depended by the 'linkerd' and 'patch' charts.
description: |
A Helm chart containing Linkerd partial templates,
depended by the 'linkerd' and 'patch' charts.
name: partials
version: 0.1.0

9
charts/partials/README.md Normal file
View File

@ -0,0 +1,9 @@
# partials
A Helm chart containing Linkerd partial templates,
depended by the 'linkerd' and 'patch' charts.
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/partials/README.md.gotmpl Normal file
View File

@ -0,0 +1,14 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

4
cli/cmd/testdata/install_addon.golden vendored
View File

@ -2884,6 +2884,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3316,6 +3317,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534
@ -3623,6 +3625,7 @@ spec:
httpGet:
path: /
port: 13133
resources:
volumeMounts:
- mountPath: /conf
name: linkerd-collector-config-val
@ -3847,6 +3850,7 @@ spec:
name: collection
- containerPort: 16686
name: ui
resources:
- env:
- name: LINKERD2_PROXY_LOG
value: "warn,linkerd=info"

2
cli/cmd/testdata/install_controlplane_tracing_output.golden vendored
View File

@ -2980,6 +2980,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3426,6 +3427,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

2
cli/cmd/testdata/install_custom_registry.golden vendored
View File

@ -2877,6 +2877,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3309,6 +3310,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

2
cli/cmd/testdata/install_default.golden vendored
View File

@ -2877,6 +2877,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3309,6 +3310,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

2
cli/cmd/testdata/install_default_override_dst_get_nets.golden vendored
View File

@ -2877,6 +2877,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3309,6 +3310,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

1
cli/cmd/testdata/install_grafana_existing.golden vendored
View File

@ -2988,6 +2988,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

2
cli/cmd/testdata/install_heartbeat_disabled_output.golden vendored
View File

@ -2788,6 +2788,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3220,6 +3221,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

27
cli/cmd/testdata/install_helm_output.golden vendored
View File

@ -1012,6 +1012,7 @@ data:
workloadNamespaceLabel: linkerd.io/workload-ns
image:
name: ghcr.io/linkerd/grafana
tag: null
partials:
global:
cliVersion: ""
@ -1097,6 +1098,15 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
resources:
cpu:
limit: null
request: null
memory:
limit: null
request: null
heartbeatResources: null
heartbeatSchedule: 0 0 * * *
identity:
@ -1125,6 +1135,8 @@ data:
values:
- disabled
prometheus:
alertManagers: null
alertRelabelConfigs: null
args:
config.file: /etc/prometheus/prometheus.yml
log.level: info
@ -1305,6 +1317,19 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
remoteWrite: null
resources:
cpu:
limit: null
request: null
memory:
limit: null
request: null
ruleConfigMapMounts: null
scrapeConfigs: null
sideCarContainers: null
proxyInjector:
caBundle: test-proxy-injector-ca-bundle
crtPEM: test-proxy-injector-crt-pem
@ -3175,6 +3200,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3600,6 +3626,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

43
cli/cmd/testdata/install_helm_output_addons.golden vendored
View File

@ -1018,6 +1018,7 @@ data:
workloadNamespaceLabel: linkerd.io/workload-ns
image:
name: ghcr.io/linkerd/grafana
tag: null
partials:
global:
cliVersion: ""
@ -1103,6 +1104,15 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
resources:
cpu:
limit: null
request: null
memory:
limit: null
request: null
heartbeatResources: null
heartbeatSchedule: 0 0 * * *
identity:
@ -1131,6 +1141,8 @@ data:
values:
- disabled
prometheus:
alertManagers: null
alertRelabelConfigs: null
args:
config.file: /etc/prometheus/prometheus.yml
log.level: info
@ -1311,6 +1323,19 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
remoteWrite: null
resources:
cpu:
limit: null
request: null
memory:
limit: null
request: null
ruleConfigMapMounts: null
scrapeConfigs: null
sideCarContainers: null
proxyInjector:
caBundle: test-proxy-injector-ca-bundle
crtPEM: test-proxy-injector-crt-pem
@ -1338,6 +1363,13 @@ data:
tracing:
collector:
image: omnition/opencensus-collector:0.1.11
resources:
cpu:
limit: null
request: null
memory:
limit: null
request: null
enabled: true
global:
cliVersion: ""
@ -1425,6 +1457,13 @@ data:
workloadNamespaceLabel: linkerd.io/workload-ns
jaeger:
image: jaegertracing/all-in-one:1.19.2
resources:
cpu:
limit: null
request: null
memory:
limit: null
request: null
partials:
global:
cliVersion: ""
@ -3355,6 +3394,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3780,6 +3820,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534
@ -4080,6 +4121,7 @@ spec:
httpGet:
path: /
port: 13133
resources:
volumeMounts:
- mountPath: /conf
name: linkerd-collector-config-val
@ -4293,6 +4335,7 @@ spec:
name: collection
- containerPort: 16686
name: ui
resources:
- env:
- name: LINKERD2_PROXY_LOG
value: "warn,linkerd=info"

11
cli/cmd/testdata/install_helm_output_ha.golden vendored
View File

@ -1018,6 +1018,7 @@ data:
workloadNamespaceLabel: linkerd.io/workload-ns
image:
name: ghcr.io/linkerd/grafana
tag: null
partials:
global:
cliVersion: ""
@ -1103,6 +1104,8 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
resources:
cpu:
limit: ""
@ -1150,6 +1153,8 @@ data:
values:
- disabled
prometheus:
alertManagers: null
alertRelabelConfigs: null
args:
config.file: /etc/prometheus/prometheus.yml
log.level: info
@ -1330,6 +1335,9 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
remoteWrite: null
resources:
cpu:
limit: ""
@ -1337,6 +1345,9 @@ data:
memory:
limit: 8192Mi
request: 300Mi
ruleConfigMapMounts: null
scrapeConfigs: null
sideCarContainers: null
proxyInjector:
caBundle: test-proxy-injector-ca-bundle
crtPEM: test-proxy-injector-crt-pem

11
cli/cmd/testdata/install_helm_output_ha_labels.golden vendored
View File

@ -1026,6 +1026,7 @@ data:
workloadNamespaceLabel: linkerd.io/workload-ns
image:
name: ghcr.io/linkerd/grafana
tag: null
partials:
global:
cliVersion: ""
@ -1115,6 +1116,8 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
resources:
cpu:
limit: ""
@ -1162,6 +1165,8 @@ data:
values:
- disabled
prometheus:
alertManagers: null
alertRelabelConfigs: null
args:
config.file: /etc/prometheus/prometheus.yml
log.level: info
@ -1350,6 +1355,9 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
remoteWrite: null
resources:
cpu:
limit: ""
@ -1357,6 +1365,9 @@ data:
memory:
limit: 8192Mi
request: 300Mi
ruleConfigMapMounts: null
scrapeConfigs: null
sideCarContainers: null
proxyInjector:
caBundle: test-proxy-injector-ca-bundle
crtPEM: test-proxy-injector-crt-pem

11
cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden vendored
View File

@ -1018,6 +1018,7 @@ data:
workloadNamespaceLabel: linkerd.io/workload-ns
image:
name: ghcr.io/linkerd/grafana
tag: null
partials:
global:
cliVersion: ""
@ -1103,6 +1104,8 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
resources:
cpu:
limit: ""
@ -1150,6 +1153,8 @@ data:
values:
- enabled
prometheus:
alertManagers: null
alertRelabelConfigs: null
args:
config.file: /etc/prometheus/prometheus.yml
log.level: info
@ -1330,6 +1335,9 @@ data:
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
proxy:
resources: null
remoteWrite: null
resources:
cpu:
limit: ""
@ -1337,6 +1345,9 @@ data:
memory:
limit: 8192Mi
request: 300Mi
ruleConfigMapMounts: null
scrapeConfigs: null
sideCarContainers: null
proxyInjector:
caBundle: test-proxy-injector-ca-bundle
crtPEM: test-proxy-injector-crt-pem

2
cli/cmd/testdata/install_no_init_container.golden vendored
View File

@ -2608,6 +2608,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3002,6 +3003,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

2
cli/cmd/testdata/install_output.golden vendored
View File

@ -2892,6 +2892,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3326,6 +3327,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

2
cli/cmd/testdata/install_prometheus_overwrite.golden vendored
View File

@ -2934,6 +2934,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3411,6 +3412,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

2
cli/cmd/testdata/install_proxy_ignores.golden vendored
View File

@ -2877,6 +2877,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3309,6 +3310,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

2
cli/cmd/testdata/install_restricted_dashboard.golden vendored
View File

@ -2809,6 +2809,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3241,6 +3242,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534

4
cli/cmd/testdata/install_tracing.golden vendored
View File

@ -2884,6 +2884,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3316,6 +3317,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534
@ -3623,6 +3625,7 @@ spec:
httpGet:
path: /
port: 13133
resources:
volumeMounts:
- mountPath: /conf
name: linkerd-collector-config-val
@ -3847,6 +3850,7 @@ spec:
name: collection
- containerPort: 16686
name: ui
resources:
- env:
- name: LINKERD2_PROXY_LOG
value: "warn,linkerd=info"

4
cli/cmd/testdata/install_tracing_overwrite.golden vendored
View File

@ -2886,6 +2886,7 @@ spec:
httpGet:
path: /api/health
port: 3000
resources:
securityContext:
runAsUser: 472
volumeMounts:
@ -3318,6 +3319,7 @@ spec:
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
securityContext:
runAsNonRoot: true
runAsUser: 65534
@ -3625,6 +3627,7 @@ spec:
httpGet:
path: /
port: 13133
resources:
volumeMounts:
- mountPath: /conf
name: linkerd-collector-config-val
@ -3849,6 +3852,7 @@ spec:
name: collection
- containerPort: 16686
name: ui
resources:
- env:
- name: LINKERD2_PROXY_LOG
value: "warn,linkerd=info"

42
jaeger/charts/jaeger/README.md Normal file
View File

@ -0,0 +1,42 @@
# jaeger
A Helm chart for the jaeger add-on in Linkerd
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| file://../../../charts/partials | partials | 0.1.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| collector.image.name | string | `"omnition/opencensus-collector"` | |
| collector.image.pullPolicy | string | `"Always"` | |
| collector.image.version | string | `"0.1.11"` | |
| collectorSvcAccount | string | `"collector"` | |
| collectorSvcAddr | string | `"collector.linkerd-jaeger:55678"` | |
| jaeger.image.name | string | `"jaegertracing/all-in-one"` | |
| jaeger.image.pullPolicy | string | `"Always"` | |
| jaeger.image.version | string | `"1.19.2"` | |
| linkerdVersion | string | `"linkerdVersionValue"` | |
| namespace | string | `"linkerd-jaeger"` | |
| webhook.caBundle | string | `""` | if empty, Helm will auto-generate this field, unless externalSecret is set to true. |
| webhook.crtPEM | string | `""` | if empty, Helm will auto-generate these fields |
| webhook.externalSecret | bool | `false` | |
| webhook.failurePolicy | string | `"Ignore"` | |
| webhook.image.name | string | `"ghcr.io/linkerd/jaeger-webhook"` | |
| webhook.image.pullPolicy | string | `"IfNotPresent"` | |
| webhook.image.version | string | `"linkerdVersionValue"` | |
| webhook.keyPEM | string | `""` | |
| webhook.logLevel | string | `"info"` | |
| webhook.namespaceSelector | string | `nil` | |
| webhook.objectSelector | string | `nil` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
jaeger/charts/jaeger/README.md.gotmpl Normal file
View File

@ -0,0 +1,14 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

4
jaeger/charts/jaeger/values.yaml
View File

@ -22,12 +22,12 @@ linkerdVersion: &linkerd_version linkerdVersionValue
webhook:
externalSecret: false
# if empty, Helm will auto-generate these fields
# -- if empty, Helm will auto-generate these fields
crtPEM: |
keyPEM: |
# if empty, Helm will auto-generate this field, unless externalSecret is set to true.
# -- if empty, Helm will auto-generate this field, unless externalSecret is set to true.
caBundle: |
failurePolicy: Ignore