linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

build(controller)!: eliminate policy-controller image (#14348) 

Long ago, the policy-controller image shipped with a distroless base image, but
we have since been able to remove all runtime dependencies and ship with a
scratch image. There's no reason to manage this binary seperately from the rest
of the controller.

This change moves the controller/Dockerfile to Dockerfile.controller, and it is
updated to subsume the policy-controller/Dockerfile.

This should *not* impact users, except to reduce the overhead of extra image
pulls.

BREAKING CHANGE: with this change, we no longer ship a seperate
policy-controller image.
This commit is contained in:
Oliver Gould 2025-08-13 14:35:41 -07:00 committed by GitHub
parent 2fb7bb01af
commit b71eba668c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
38 changed files with 109 additions and 235 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/integration.yml vendored
View File

@ -102,7 +102,6 @@ jobs:
matrix:
component:
- controller
- policy-controller
- proxy
timeout-minutes: 20
steps:
@ -216,7 +215,6 @@ jobs:
- run: just policy-test-build
- run: just k3d-k8s='${{ matrix.k8s }}' k3d-create
- run: docker load <image-archives/controller.tar
- run: docker load <image-archives/policy-controller.tar
- run: docker load <image-archives/proxy.tar
- run: docker image ls
- run: just linkerd-tag='${{ needs.meta.outputs.tag }}' linkerd-exec="$HOME/linkerd" linkerd-install
@ -368,7 +366,7 @@ jobs:
bin/scurl -v "https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh" | bash
- name: Load docker images
run: |
for img in controller policy-controller proxy; do
for img in controller proxy; do
docker load <"image-archives/${img}.tar"
done
- run: docker image ls

2
.github/workflows/release.yml vendored
View File

@ -42,14 +42,12 @@ jobs:
component:
- cli-bin
- controller
- policy-controller
- debug
- jaeger-webhook
- metrics-api
- proxy
- tap
- web
# policy-controller docker builds have occasionally hit a 30-minute timeout.
timeout-minutes: 45
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8

41
policy-controller/Dockerfile → Dockerfile.controller
View File

@ -1,4 +1,27 @@
FROM --platform=$BUILDPLATFORM ghcr.io/linkerd/dev:v47-rust-musl AS controller
# Precompile key slow-to-build dependencies
FROM --platform=$BUILDPLATFORM golang:1.24-alpine AS go-deps
WORKDIR /linkerd-build
COPY go.mod go.sum ./
COPY bin/install-deps bin/
RUN go mod download
ARG TARGETARCH
RUN ./bin/install-deps $TARGETARCH
## compile controller service
FROM go-deps AS golang
WORKDIR /linkerd-build
COPY controller/gen controller/gen
COPY pkg pkg
COPY charts charts
COPY controller controller
COPY charts/patch charts/patch
COPY charts/partials charts/partials
COPY multicluster multicluster
ARG TARGETARCH
RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build -o /out/controller -tags prod -mod=readonly -ldflags "-s -w" ./controller/cmd
FROM --platform=$BUILDPLATFORM ghcr.io/linkerd/dev:v47-rust-musl AS policy
ARG BUILD_TYPE="release"
WORKDIR /build
RUN mkdir -p target/bin
@ -24,9 +47,17 @@ RUN --mount=type=cache,target=target \
*) echo "unsupported architecture: $TARGETARCH" >&2; exit 1 ;; \
esac) && \
just-cargo CFLAGS_aarch64_unknown_linux_musl="" profile=$BUILD_TYPE target=$target build --package=linkerd-policy-controller && \
mv "target/$target/$BUILD_TYPE/linkerd-policy-controller" /tmp/
mkdir /out && mv "target/$target/$BUILD_TYPE/linkerd-policy-controller" /out/
FROM scratch AS runtime
## package runtime
FROM scratch
LABEL org.opencontainers.image.source=https://github.com/linkerd/linkerd2
COPY --from=controller /tmp/linkerd-policy-controller /bin/
ENTRYPOINT ["/bin/linkerd-policy-controller"]
COPY LICENSE /linkerd/LICENSE
COPY --from=golang /out/controller /controller
COPY --from=policy /out/linkerd-policy-controller /
# for heartbeat (https://versioncheck.linkerd.io/version.json)
COPY --from=golang /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
ARG LINKERD_VERSION
ENV LINKERD_CONTAINER_VERSION_OVERRIDE=${LINKERD_VERSION}
ENTRYPOINT ["/controller"]

1
bin/_docker.sh
View File

@ -33,7 +33,6 @@ export SUPPORTED_ARCHS=${SUPPORTED_ARCHS:-linux/amd64,linux/arm64}
export DOCKER_IMAGES=(${DOCKER_IMAGES:-
cli-bin
controller
policy-controller
metrics-api
debug
proxy

2
bin/_test-helpers.sh
View File

@ -17,7 +17,7 @@ export external_resource_test_names=(external-resources)
# TODO(alpeb): add test cni-calico-deep-dual-stack
export dual_stack_test_names=(deep-dual-stack)
export all_test_names=(cluster-domain cni-calico-deep multicluster "${default_test_names[*]}" "${external_resource_test_names[*]}" "${dual_stack_test_names[*]}")
images_load_default=(proxy controller policy-controller web metrics-api tap)
images_load_default=(proxy controller web metrics-api tap)
tests_usage() {
progname=${0##*/}

1
bin/docker-build
View File

@ -11,7 +11,6 @@ bindir=$( cd "${0%/*}" && pwd )
"$bindir"/docker-build-proxy
"$bindir"/docker-build-controller
"$bindir"/docker-build-policy-controller
"$bindir"/docker-build-web
"$bindir"/docker-build-debug
if [ -z "${LINKERD_LOCAL_BUILD_CLI:-}" ]; then

3
bin/docker-build-controller
View File

@ -15,5 +15,4 @@ rootdir=$( cd "$bindir"/.. && pwd )
# shellcheck source=_tag.sh
. "$bindir"/_tag.sh
dockerfile=$rootdir/controller/Dockerfile
docker_build controller "${TAG:-$(head_root_tag)}" "$dockerfile" --build-arg LINKERD_VERSION="${TAG:-$(head_root_tag)}"
docker_build controller "${TAG:-$(head_root_tag)}" "$rootdir/Dockerfile.controller" --build-arg LINKERD_VERSION="${TAG:-$(head_root_tag)}"

20
bin/docker-build-policy-controller
View File

@ -1,20 +0,0 @@
#!/usr/bin/env bash
set -eu
if [ $# -ne 0 ]; then
echo "no arguments allowed for ${0##*/}, given: $*" >&2
exit 64
fi
bindir=$( cd "${BASH_SOURCE[0]%/*}" && pwd )
# shellcheck source=_docker.sh
. "$bindir"/_docker.sh
# shellcheck source=_tag.sh
. "$bindir"/_tag.sh
# shellcheck source=_os.sh
. "$bindir"/_os.sh
dir=$( cd "$bindir"/../policy-controller && pwd )
docker_build policy-controller "${TAG:-$(head_root_tag)}" "$dir/Dockerfile"

7
charts/linkerd-control-plane/templates/destination.yaml
View File

@ -337,7 +337,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr={{ if .Values.disableIPv6 }}0.0.0.0{{ else }}[::]{{ end }}:9990
- --control-plane-namespace={{.Release.Namespace}}
- --grpc-addr={{ if .Values.disableIPv6 }}0.0.0.0{{ else }}[::]{{ end }}:8090
@ -361,8 +362,8 @@ spec:
{{- range .Values.policyController.experimentalArgs }}
- {{ . }}
{{- end }}
image: {{.Values.policyController.image.name}}:{{.Values.policyController.image.version | default .Values.linkerdVersion}}
imagePullPolicy: {{.Values.policyController.image.pullPolicy | default .Values.imagePullPolicy}}
image: {{ .Values.controllerImage }}:{{ .Values.controllerImageVersion | default .Values.linkerdVersion }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /live

10
charts/linkerd-control-plane/values.yaml
View File

@ -80,15 +80,7 @@ runtimeClassName: ""
# policy controller configuration
policyController:
image:
# -- Docker image for the policy controller
name: cr.l5d.io/linkerd/policy-controller
# -- Pull policy for the policy controller container image
# @default -- imagePullPolicy
pullPolicy: ""
# -- Tag for the policy controller container image
# @default -- linkerdVersion
version: ""
# `image` has been removed.
# -- Log level for the policy controller
logLevel: info

6
cli/cmd/install_test.go
View File

@ -68,11 +68,6 @@ func TestRender(t *testing.T) {
PodLabels: map[string]string{},
PriorityClassName: "PriorityClassName",
PolicyController: &charts.PolicyController{
Image: &charts.Image{
Name: "PolicyControllerImageName",
PullPolicy: "ImagePullPolicy",
Version: "PolicyControllerVersion",
},
LogLevel: "log-level",
Resources: &charts.Resources{
CPU: charts.Constraints{
@ -546,7 +541,6 @@ func testInstallValues() (*charts.Values, error) {
values.Proxy.Image.Version = installProxyVersion
values.DebugContainer.Image.Version = installDebugVersion
values.LinkerdVersion = installControlPlaneVersion
values.PolicyController.Image.Version = installControlPlaneVersion
values.HeartbeatSchedule = fakeHeartbeatSchedule()
identityCert, err := os.ReadFile(filepath.Join("testdata", "valid-crt.pem"))

1
cli/cmd/options.go
View File

@ -421,7 +421,6 @@ func makeProxyFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet) {
fmt.Sprintf("Docker registry to pull images from ($%s)", flagspkg.EnvOverrideDockerRegistry),
func(values *l5dcharts.Values, value string) error {
values.ControllerImage = cmd.RegistryOverride(values.ControllerImage, value)
values.PolicyController.Image.Name = cmd.RegistryOverride(values.PolicyController.Image.Name, value)
values.DebugContainer.Image.Name = cmd.RegistryOverride(values.DebugContainer.Image.Name, value)
values.Proxy.Image.Name = cmd.RegistryOverride(values.Proxy.Image.Name, value)
values.ProxyInit.Image.Name = cmd.RegistryOverride(values.ProxyInit.Image.Name, value)

9
cli/cmd/testdata/install_controlplane_tracing_output.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1657,7 +1653,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1673,7 +1670,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_custom_domain.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1655,7 +1651,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1671,7 +1668,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

11
cli/cmd/testdata/install_custom_registry.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: my.custom.registry/linkerd-io/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1655,7 +1651,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1671,7 +1668,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: my.custom.registry/linkerd-io/policy-controller:install-control-plane-version
image: my.custom.registry/linkerd-io/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@ -2245,7 +2242,7 @@ spec:
---
apiVersion: v1
data:
linkerd-config-overrides: Y29udHJvbGxlckltYWdlOiBteS5jdXN0b20ucmVnaXN0cnkvbGlua2VyZC1pby9jb250cm9sbGVyCmRlYnVnQ29udGFpbmVyOgogIGltYWdlOgogICAgbmFtZTogbXkuY3VzdG9tLnJlZ2lzdHJ5L2xpbmtlcmQtaW8vZGVidWcKICAgIHZlcnNpb246IGluc3RhbGwtZGVidWctdmVyc2lvbgpoZWFydGJlYXRTY2hlZHVsZTogMSAyIDMgNCA1CmlkZW50aXR5OgogIGlzc3VlcjoKICAgIHRsczoKICAgICAgY3J0UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICAgICAgTUlJQndEQ0NBV2VnQXdJQkFnSVJBSlJJZ1o4UnRPOEV3ZzFYZXBmOFQ0NHdDZ1lJS29aSXpqMEVBd0l3S1RFbgogICAgICAgIE1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQjRYRFRJd01EZ3kKICAgICAgICBPREEzTVRNME4xb1hEVE13TURneU5qQTNNVE0wTjFvd0tURW5NQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1CiAgICAgICAgYTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMS9GcAogICAgICAgIGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MmRRdlJhWWFudXhEMzZEdDEKICAgICAgICAyL0p4eWlTZ3hLV1Jkb2F5K2FOd01HNHdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCCiAgICAgICAgQWY4Q0FRQXdIUVlEVlIwT0JCWUVGSTFXbnJxTVlLYUhIT28renB5aWlEcTJwTzBLTUNrR0ExVWRFUVFpTUNDQwogICAgICAgIEhtbGtaVzUwYVhSNUxteHBibXRsY21RdVkyeDFjM1JsY2k1c2IyTmhiREFLQmdncWhrak9QUVFEQWdOSEFEQkUKICAgICAgICBBaUF0dW9JNVh1Q3RyR1ZSelNtUlRsMnJhMjhhVjlNeVRVN2Q1cW5UQUZIS1NnSWdSS0N2bHVPU2dBNU8yMXA1CiAgICAgICAgNTF0ZHJta0hFWlJyMHFsTFNKZEhZZ0VmTXprPQogICAgICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KICAgICAga2V5UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCiAgICAgICAgTUhjQ0FRRUVJQUFlOG5mYnpadTljL09CMis4eEpNMEZ6N05Vd1RRYXp1bGtGTnM0VEk1K29Bb0dDQ3FHU000OQogICAgICAgIEF3RUhvVVFEUWdBRTEvRnBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzIKICAgICAgICBkUXZSYVlhbnV4RDM2RHQxMi9KeHlpU2d4S1dSZG9heStRPT0KICAgICAgICAtLS0tLUVORCBFQyBQUklWQVRFIEtFWS0tLS0tCmlkZW50aXR5VHJ1c3RBbmNob3JzUEVNOiB8CiAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgTUlJQndUQ0NBV2FnQXdJQkFnSVFlRFpwNWxEYUl5Z1E1VWZNS1pyRkFUQUtCZ2dxaGtqT1BRUURBakFwTVNjdwogIEpRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXJaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dIaGNOTWpBd09ESTQKICBNRGN4TWpRM1doY05NekF3T0RJMk1EY3hNalEzV2pBcE1TY3dKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyCiAgWlhKa0xtTnNkWE4wWlhJdWJHOWpZV3d3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVJxYzcwWgogIGwxdmd3NzlyakI1dVNJVElDVUE2R3lmdlNGZmN1SWlzN0IvWEZTa2t3QUhVNVMvczFBQVArUjBUWDdIQldVQzQKICB1YUc0V1dzaXdKS05uN21nbzNBd2JqQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCCiAgL3dJQkFUQWRCZ05WSFE0RUZnUVU1WXRqVlZQZmQ3STdOTEhzbjJDMjZFQnlHVjB3S1FZRFZSMFJCQ0l3SUlJZQogIGFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUMKICBJUUNON2xCRkxERHZqeDZWMCtYa2pwS0VSUnNKWWY1YWRNdm5sb0ZsNDhpbEpnSWhBTnR4aG5kY3IrUUpQdUM4CiAgdmdVQzBkMi85Rk11ZUlWTWIrNDZXVENPanNxcgogIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KbGlua2VyZFZlcnNpb246IGluc3RhbGwtY29udHJvbC1wbGFuZS12ZXJzaW9uCnBvbGljeUNvbnRyb2xsZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBteS5jdXN0b20ucmVnaXN0cnkvbGlua2VyZC1pby9wb2xpY3ktY29udHJvbGxlcgpwb2xpY3lWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHBvbGljeSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJvZmlsZVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcHJvZmlsZSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJveHk6CiAgaW1hZ2U6CiAgICBuYW1lOiBteS5jdXN0b20ucmVnaXN0cnkvbGlua2VyZC1pby9wcm94eQogICAgdmVyc2lvbjogaW5zdGFsbC1wcm94eS12ZXJzaW9uCnByb3h5SW5pdDoKICBpbWFnZToKICAgIG5hbWU6IG15LmN1c3RvbS5yZWdpc3RyeS9saW5rZXJkLWlvL3Byb3h5LWluaXQKcHJveHlJbmplY3RvcjoKICBjYUJ1bmRsZTogcHJveHkgaW5qZWN0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUK
linkerd-config-overrides: Y29udHJvbGxlckltYWdlOiBteS5jdXN0b20ucmVnaXN0cnkvbGlua2VyZC1pby9jb250cm9sbGVyCmRlYnVnQ29udGFpbmVyOgogIGltYWdlOgogICAgbmFtZTogbXkuY3VzdG9tLnJlZ2lzdHJ5L2xpbmtlcmQtaW8vZGVidWcKICAgIHZlcnNpb246IGluc3RhbGwtZGVidWctdmVyc2lvbgpoZWFydGJlYXRTY2hlZHVsZTogMSAyIDMgNCA1CmlkZW50aXR5OgogIGlzc3VlcjoKICAgIHRsczoKICAgICAgY3J0UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICAgICAgTUlJQndEQ0NBV2VnQXdJQkFnSVJBSlJJZ1o4UnRPOEV3ZzFYZXBmOFQ0NHdDZ1lJS29aSXpqMEVBd0l3S1RFbgogICAgICAgIE1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQjRYRFRJd01EZ3kKICAgICAgICBPREEzTVRNME4xb1hEVE13TURneU5qQTNNVE0wTjFvd0tURW5NQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1CiAgICAgICAgYTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMS9GcAogICAgICAgIGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MmRRdlJhWWFudXhEMzZEdDEKICAgICAgICAyL0p4eWlTZ3hLV1Jkb2F5K2FOd01HNHdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCCiAgICAgICAgQWY4Q0FRQXdIUVlEVlIwT0JCWUVGSTFXbnJxTVlLYUhIT28renB5aWlEcTJwTzBLTUNrR0ExVWRFUVFpTUNDQwogICAgICAgIEhtbGtaVzUwYVhSNUxteHBibXRsY21RdVkyeDFjM1JsY2k1c2IyTmhiREFLQmdncWhrak9QUVFEQWdOSEFEQkUKICAgICAgICBBaUF0dW9JNVh1Q3RyR1ZSelNtUlRsMnJhMjhhVjlNeVRVN2Q1cW5UQUZIS1NnSWdSS0N2bHVPU2dBNU8yMXA1CiAgICAgICAgNTF0ZHJta0hFWlJyMHFsTFNKZEhZZ0VmTXprPQogICAgICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KICAgICAga2V5UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCiAgICAgICAgTUhjQ0FRRUVJQUFlOG5mYnpadTljL09CMis4eEpNMEZ6N05Vd1RRYXp1bGtGTnM0VEk1K29Bb0dDQ3FHU000OQogICAgICAgIEF3RUhvVVFEUWdBRTEvRnBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzIKICAgICAgICBkUXZSYVlhbnV4RDM2RHQxMi9KeHlpU2d4S1dSZG9heStRPT0KICAgICAgICAtLS0tLUVORCBFQyBQUklWQVRFIEtFWS0tLS0tCmlkZW50aXR5VHJ1c3RBbmNob3JzUEVNOiB8CiAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgTUlJQndUQ0NBV2FnQXdJQkFnSVFlRFpwNWxEYUl5Z1E1VWZNS1pyRkFUQUtCZ2dxaGtqT1BRUURBakFwTVNjdwogIEpRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXJaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dIaGNOTWpBd09ESTQKICBNRGN4TWpRM1doY05NekF3T0RJMk1EY3hNalEzV2pBcE1TY3dKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyCiAgWlhKa0xtTnNkWE4wWlhJdWJHOWpZV3d3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVJxYzcwWgogIGwxdmd3NzlyakI1dVNJVElDVUE2R3lmdlNGZmN1SWlzN0IvWEZTa2t3QUhVNVMvczFBQVArUjBUWDdIQldVQzQKICB1YUc0V1dzaXdKS05uN21nbzNBd2JqQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCCiAgL3dJQkFUQWRCZ05WSFE0RUZnUVU1WXRqVlZQZmQ3STdOTEhzbjJDMjZFQnlHVjB3S1FZRFZSMFJCQ0l3SUlJZQogIGFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUMKICBJUUNON2xCRkxERHZqeDZWMCtYa2pwS0VSUnNKWWY1YWRNdm5sb0ZsNDhpbEpnSWhBTnR4aG5kY3IrUUpQdUM4CiAgdmdVQzBkMi85Rk11ZUlWTWIrNDZXVENPanNxcgogIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KbGlua2VyZFZlcnNpb246IGluc3RhbGwtY29udHJvbC1wbGFuZS12ZXJzaW9uCnBvbGljeVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcG9saWN5IHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcm9maWxlVmFsaWRhdG9yOgogIGNhQnVuZGxlOiBwcm9maWxlIHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcm94eToKICBpbWFnZToKICAgIG5hbWU6IG15LmN1c3RvbS5yZWdpc3RyeS9saW5rZXJkLWlvL3Byb3h5CiAgICB2ZXJzaW9uOiBpbnN0YWxsLXByb3h5LXZlcnNpb24KcHJveHlJbml0OgogIGltYWdlOgogICAgbmFtZTogbXkuY3VzdG9tLnJlZ2lzdHJ5L2xpbmtlcmQtaW8vcHJveHktaW5pdApwcm94eUluamVjdG9yOgogIGNhQnVuZGxlOiBwcm94eSBpbmplY3RvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQo=
kind: Secret
metadata:
creationTimestamp: null

9
cli/cmd/testdata/install_default.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1655,7 +1651,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1671,7 +1668,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_default_override_dst_get_nets.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1655,7 +1651,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1671,7 +1668,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_default_token.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1644,7 +1640,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1660,7 +1657,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_gid_output.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1662,7 +1658,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1678,7 +1675,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_ha_output.golden generated vendored
View File

@ -654,10 +654,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1790,7 +1786,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1806,7 +1803,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_ha_with_overrides_output.golden generated vendored
View File

@ -654,10 +654,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1790,7 +1786,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1806,7 +1803,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_heartbeat_disabled_output.golden generated vendored
View File

@ -558,10 +558,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1586,7 +1582,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1602,7 +1599,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_helm_control_plane_output.golden generated vendored
View File

@ -604,10 +604,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1630,7 +1626,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd-dev
- --grpc-addr=0.0.0.0:8090
@ -1646,7 +1643,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:linkerd-version
image: cr.l5d.io/linkerd/controller:linkerd-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_helm_control_plane_output_ha.golden generated vendored
View File

@ -631,10 +631,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1765,7 +1761,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd-dev
- --grpc-addr=0.0.0.0:8090
@ -1781,7 +1778,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:linkerd-version
image: cr.l5d.io/linkerd/controller:linkerd-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_helm_control_plane_output_ha_with_gid.golden generated vendored
View File

@ -631,10 +631,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1772,7 +1768,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd-dev
- --grpc-addr=0.0.0.0:8090
@ -1788,7 +1785,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:linkerd-version
image: cr.l5d.io/linkerd/controller:linkerd-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_helm_output_ha_labels.golden generated vendored
View File

@ -635,10 +635,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1777,7 +1773,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd-dev
- --grpc-addr=0.0.0.0:8090
@ -1793,7 +1790,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:linkerd-version
image: cr.l5d.io/linkerd/controller:linkerd-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden generated vendored
View File

@ -626,10 +626,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1755,7 +1751,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd-dev
- --grpc-addr=0.0.0.0:8090
@ -1771,7 +1768,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:linkerd-version
image: cr.l5d.io/linkerd/controller:linkerd-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_no_init_container.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1644,7 +1640,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1660,7 +1657,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

11
cli/cmd/testdata/install_output.golden generated vendored
View File

File diff suppressed because one or more lines are too long

9
cli/cmd/testdata/install_proxy_ignores.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1655,7 +1651,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1671,7 +1668,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

9
cli/cmd/testdata/install_values_file.golden generated vendored
View File

@ -627,10 +627,6 @@ data:
serviceMirror:
enabled: true
policyController:
image:
name: cr.l5d.io/linkerd/policy-controller
pullPolicy: ""
version: ""
logLevel: info
probeNetworks:
- 0.0.0.0/0
@ -1655,7 +1651,8 @@ spec:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access
readOnly: true
- args:
- command: ["/linkerd-policy-controller"]
args:
- --admin-addr=0.0.0.0:9990
- --control-plane-namespace=linkerd
- --grpc-addr=0.0.0.0:8090
@ -1671,7 +1668,7 @@ spec:
- --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211
- --global-egress-network-namespace=linkerd-egress
- --probe-networks=0.0.0.0/0,::/0
image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version
image: cr.l5d.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

4
cli/cmd/upgrade_test.go
View File

@ -494,10 +494,10 @@ func testUpgradeOptions() (flagOptions, error) {
flagSet.AddFlagSet(proxyFlagSet)
flagSet.AddFlagSet(upgradeFlagSet)
// Explicitly set policy controller override to upgrade control plane version
// Explicitly set controller override to upgrade control plane version
templateOpts := &valuespkg.Options{}
flagspkg.AddValueOptionsFlags(flagSet, templateOpts)
flagSet.Set("set", fmt.Sprintf("policyController.image.version=%[1]s,linkerdVersion=%[1]s", upgradeControlPlaneVersion))
flagSet.Set("set", fmt.Sprintf("controllerImageVersion=%[1]s,linkerdVersion=%[1]s", upgradeControlPlaneVersion))
flagSet.Set("set", fmt.Sprintf("proxy.image.version=%s", upgradeProxyVersion))

36
controller/Dockerfile
View File

@ -1,36 +0,0 @@
ARG BUILDPLATFORM=linux/amd64
# Precompile key slow-to-build dependencies
FROM --platform=$BUILDPLATFORM golang:1.24-alpine AS go-deps
WORKDIR /linkerd-build
COPY go.mod go.sum ./
COPY bin/install-deps bin/
RUN go mod download
ARG TARGETARCH
RUN ./bin/install-deps $TARGETARCH
## compile controller service
FROM go-deps AS golang
WORKDIR /linkerd-build
COPY controller/gen controller/gen
COPY pkg pkg
COPY charts charts
COPY controller controller
COPY charts/patch charts/patch
COPY charts/partials charts/partials
COPY multicluster multicluster
ARG TARGETARCH
RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build -o /out/controller -tags prod -mod=readonly -ldflags "-s -w" ./controller/cmd
## package runtime
FROM scratch
LABEL org.opencontainers.image.source=https://github.com/linkerd/linkerd2
COPY LICENSE /linkerd/LICENSE
COPY --from=golang /out/controller /controller
# for heartbeat (https://versioncheck.linkerd.io/version.json)
COPY --from=golang /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
ARG LINKERD_VERSION
ENV LINKERD_CONTAINER_VERSION_OVERRIDE=${LINKERD_VERSION}
ENTRYPOINT ["/controller"]

16
justfile
View File

@ -287,7 +287,6 @@ _linkerd := linkerd-exec + " " + _context
controller-image := DOCKER_REGISTRY + "/controller"
proxy-image := DOCKER_REGISTRY + "/proxy"
policy-controller-image := DOCKER_REGISTRY + "/policy-controller"
# When GATEWAY_API_VERSION is 'linkerd' we use the CLI's vendored gateway API
# CRDs. Otherwise, we install the CRDs from the upstream release.
@ -329,9 +328,6 @@ linkerd-install *args='': linkerd-load linkerd-crds-install && _linkerd-ready
--set='imagePullPolicy=Never' \
--set='controllerImage={{ controller-image }}' \
--set='linkerdVersion={{ linkerd-tag }}' \
--set='policyController.image.name={{ policy-controller-image }}' \
--set='policyController.image.version={{ linkerd-tag }}' \
--set='policyController.loglevel=info\,linkerd=trace\,kubert=trace' \
--set='proxy.image.name={{ proxy-image }}' \
--set='proxy.image.version={{ linkerd-tag }}' \
--set='proxyInit.image.name=ghcr.io/linkerd/proxy-init' \
@ -346,7 +342,6 @@ linkerd-uninstall:
linkerd-load: _linkerd-images _k3d-init
for i in {1..3} ; do {{ _k3d-load }} \
'{{ controller-image }}:{{ linkerd-tag }}' \
'{{ policy-controller-image }}:{{ linkerd-tag }}' \
'{{ proxy-image }}:{{ linkerd-tag }}' \
$({{ _proxy-init-image-cmd }}) && exit || sleep 1 ; done
@ -354,8 +349,7 @@ linkerd-load-cni:
docker pull -q $({{ _cni-plugin-image-cmd }})
{{ _k3d-load }} $({{ _cni-plugin-image-cmd }})
linkerd-build: _policy-controller-build
TAG={{ linkerd-tag }} bin/docker-build-controller
linkerd-build: _controller-build
TAG={{ linkerd-tag }} bin/docker-build-proxy
_linkerd-images:
@ -364,26 +358,24 @@ _linkerd-images:
docker pull -q $({{ _proxy-init-image-cmd }})
for img in \
'{{ controller-image }}:{{ linkerd-tag }}' \
'{{ policy-controller-image }}:{{ linkerd-tag }}' \
'{{ proxy-image }}:{{ linkerd-tag }}'
do
if [ -z $(docker image ls -q "$img") ]; then
# Build images if any one of the images is missing.
exec {{ just_executable() }} \
controller-image='{{ controller-image }}' \
policy-controller-image='{{ policy-controller-image }}' \
linkerd-tag='{{ linkerd-tag }}' \
linkerd-build
fi
done
# Build the policy controller docker image for testing (on amd64).
_policy-controller-build:
_controller-build:
docker buildx build . \
--file='policy-controller/Dockerfile' \
--file='Dockerfile.controller' \
--platform={{ if docker-arch == '' { "amd64" } else { docker-arch} }} \
--build-arg='build_type={{ rs-build-type }}' \
--tag='{{ policy-controller-image }}:{{ linkerd-tag }}' \
--tag='{{ controller-image }}:{{ linkerd-tag }}' \
--progress=plain \
--load

1
pkg/charts/linkerd2/values.go
View File

@ -269,7 +269,6 @@ type (
// PolicyController contains the fields to configure the policy controller container
PolicyController struct {
Image *Image `json:"image"`
Resources *Resources `json:"resources"`
LogLevel string `json:"logLevel"`
ProbeNetworks []string `json:"probeNetworks"`

3
pkg/charts/linkerd2/values_test.go
View File

@ -106,9 +106,6 @@ func TestNewValues(t *testing.T) {
"readinessProbe": map[string]interface{}{"timeoutSeconds": 1.0},
},
PolicyController: &PolicyController{
Image: &Image{
Name: "cr.l5d.io/linkerd/policy-controller",
},
LogLevel: "info",
Resources: &Resources{
CPU: Constraints{

6
test/integration/install/install_test.go
View File

@ -359,7 +359,6 @@ func helmUpgradeFlags(root *tls.CA) ([]string, []string) {
if override := os.Getenv(flags.EnvOverrideDockerRegistry); override != "" {
coreArgs = append(coreArgs,
"--set", "policyController.image.name="+cmd.RegistryOverride("cr.l5d.io/linkerd/policy-controller", override),
"--set", "proxy.image.name="+cmd.RegistryOverride("cr.l5d.io/linkerd/proxy", override),
"--set", "proxyInit.image.name="+cmd.RegistryOverride("cr.l5d.io/linkerd/proxy-init", override),
"--set", "controllerImage="+cmd.RegistryOverride("cr.l5d.io/linkerd/controller", override),
@ -605,11 +604,6 @@ func TestOverridesSecret(t *testing.T) {
"name": reg + "/debug",
},
}
knownKeys["policyController"] = tree.Tree{
"image": tree.Tree{
"name": reg + "/policy-controller",
},
}
knownKeys["proxy"] = tree.Tree{
"image": tree.Tree{
"name": reg + "/proxy",

5
test/integration/upgrade-edge/upgrade_edge_test.go
View File

@ -375,11 +375,6 @@ func TestOverridesSecret(t *testing.T) {
"name": reg + "/debug",
},
}
knownKeys["policyController"] = tree.Tree{
"image": tree.Tree{
"name": reg + "/policy-controller",
},
}
knownKeys["proxy"] = tree.Tree{
"image": tree.Tree{
"name": reg + "/proxy",