diff --git a/charts/linkerd2-cni/templates/cni-plugin.yaml b/charts/linkerd2-cni/templates/cni-plugin.yaml index 4521750d1..86e36d441 100644 --- a/charts/linkerd2-cni/templates/cni-plugin.yaml +++ b/charts/linkerd2-cni/templates/cni-plugin.yaml @@ -163,7 +163,7 @@ metadata: k8s-app: linkerd-cni {{.Values.cniResourceLabel}}: "true" annotations: - {{.Values.createdByAnnotation}}: {{.Values.cliVersion}} + {{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.cniPluginVersion) .Values.cliVersion}} spec: selector: matchLabels: @@ -177,7 +177,7 @@ spec: labels: k8s-app: linkerd-cni annotations: - {{.Values.createdByAnnotation}}: {{.Values.cliVersion}} + {{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.cniPluginVersion) .Values.cliVersion}} spec: nodeSelector: beta.kubernetes.io/os: linux diff --git a/cli/cmd/install_cni_helm_test.go b/cli/cmd/install_cni_helm_test.go index 10a55c97b..9e8076821 100644 --- a/cli/cmd/install_cni_helm_test.go +++ b/cli/cmd/install_cni_helm_test.go @@ -19,20 +19,15 @@ func TestRenderCniHelm(t *testing.T) { // the golden file is generated using the following `helm template` command: // bin/helm template --set namespace="linkerd-test" --set controllerNamespaceLabel="linkerd.io/control-plane-ns-test" --set cniResourceAnnotation="linkerd.io/cni-resource-test" --set inboundProxyPort=1234 --set outboundProxyPort=5678 --set createdByAnnotation="linkerd.io/created-by-test" --set cniPluginImage="gcr.io/linkerd-io/cni-plugin-test" --set cniPluginVersion="test-version" --set logLevel="debug" --set proxyUID=1111 --set destCNINetDir="/etc/cni/net.d-test" --set destCNIBinDir="/opt/cni/bin-test" --set useWaitFlag=true --set cliVersion=test-version charts/linkerd2-cni - t.Run("Cni Install", func(t *testing.T) { + t.Run("Cni Install with defaults", func(t *testing.T) { chartCni := chartCniPlugin(t) - testRenderCniHelm(t, chartCni, "install_cni_helm_output.golden") + testRenderCniHelm(t, chartCni, &pb.Config{}, "install_cni_helm_default_output.golden") }) -} - -func testRenderCniHelm(t *testing.T, chart *pb.Chart, goldenFileName string) { - var ( - chartName = "linkerd2-cni" - namespace = "linkerd-test" - ) - overrideJSON := - `{ + t.Run("Cni Install with overridden values", func(t *testing.T) { + chartCni := chartCniPlugin(t) + overrideJSON := + `{ "namespace": "linkerd-test", "cniResourceLabel": "linkerd.io/cni-resource-test", "inboundProxyPort": 1234, @@ -48,7 +43,17 @@ func testRenderCniHelm(t *testing.T, chart *pb.Chart, goldenFileName string) { "cliVersion": "test-version" }` - overrideConfig := &pb.Config{Raw: overrideJSON} + overrideConfig := &pb.Config{Raw: overrideJSON} + testRenderCniHelm(t, chartCni, overrideConfig, "install_cni_helm_override_output.golden") + }) + +} + +func testRenderCniHelm(t *testing.T, chart *pb.Chart, overrideConfig *pb.Config, goldenFileName string) { + var ( + chartName = "linkerd2-cni" + namespace = "linkerd-test" + ) releaseOptions := renderutil.Options{ ReleaseOptions: chartutil.ReleaseOptions{ diff --git a/cli/cmd/testdata/install_cni_helm_default_output.golden b/cli/cmd/testdata/install_cni_helm_default_output.golden new file mode 100644 index 000000000..0d48d60d5 --- /dev/null +++ b/cli/cmd/testdata/install_cni_helm_default_output.golden @@ -0,0 +1,204 @@ +--- +# Source: linkerd2-cni/templates/cni-plugin.yaml +kind: Namespace +apiVersion: v1 +metadata: + name: linkerd-cni + annotations: + linkerd.io/inject: disabled + labels: + linkerd.io/cni-resource: "true" + config.linkerd.io/admission-webhooks: disabled +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: linkerd-linkerd-cni-cni + labels: + linkerd.io/cni-resource: "true" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - hostPath + - secret +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: linkerd-cni + namespace: linkerd-cni + labels: + linkerd.io/cni-resource: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: linkerd-cni + namespace: linkerd-cni + labels: + linkerd.io/cni-resource: "true" +rules: +- apiGroups: ['extensions', 'policy'] + resources: ['podsecuritypolicies'] + resourceNames: + - linkerd-linkerd-cni-cni + verbs: ['use'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: linkerd-cni + namespace: linkerd-cni + labels: + linkerd.io/cni-resource: "true" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: linkerd-cni +subjects: +- kind: ServiceAccount + name: linkerd-cni + namespace: linkerd-cni +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: linkerd-cni + labels: + linkerd.io/cni-resource: "true" +rules: +- apiGroups: [""] + resources: ["pods", "nodes", "namespaces"] + verbs: ["list", "get", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: linkerd-cni + labels: + linkerd.io/cni-resource: "true" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linkerd-cni +subjects: +- kind: ServiceAccount + name: linkerd-cni + namespace: linkerd-cni +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: linkerd-cni-config + namespace: linkerd-cni + labels: + linkerd.io/cni-resource: "true" +data: + dest_cni_net_dir: "/etc/cni/net.d" + dest_cni_bin_dir: "/opt/cni/bin" + # The CNI network configuration to install on each node. The special + # values in this config will be automatically populated. + cni_network_config: |- + { + "name": "linkerd-cni", + "type": "linkerd-cni", + "log_level": "info", + "policy": { + "type": "k8s", + "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__", + "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__" + }, + "kubernetes": { + "kubeconfig": "__KUBECONFIG_FILEPATH__" + }, + "linkerd": { + "incoming-proxy-port": 4143, + "outgoing-proxy-port": 4140, + "proxy-uid": 2102, + "ports-to-redirect": [], + "inbound-ports-to-ignore": [], + "outbound-ports-to-ignore": [], + "simulate": false, + "use-wait-flag": false + } + } +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: linkerd-cni + namespace: linkerd-cni + labels: + k8s-app: linkerd-cni + linkerd.io/cni-resource: "true" + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + selector: + matchLabels: + k8s-app: linkerd-cni + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + k8s-app: linkerd-cni + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + spec: + nodeSelector: + beta.kubernetes.io/os: linux + hostNetwork: true + serviceAccountName: linkerd-cni + containers: + # This container installs the linkerd CNI binaries + # and CNI network config file on each node. The install + # script copies the files into place and then sleeps so + # that Kubernetes doesn't keep trying to restart it. + - name: install-cni + image: gcr.io/linkerd-io/cni-plugin:linkerdVersionValue + env: + - name: DEST_CNI_NET_DIR + valueFrom: + configMapKeyRef: + name: linkerd-cni-config + key: dest_cni_net_dir + - name: DEST_CNI_BIN_DIR + valueFrom: + configMapKeyRef: + name: linkerd-cni-config + key: dest_cni_bin_dir + - name: CNI_NETWORK_CONFIG + valueFrom: + configMapKeyRef: + name: linkerd-cni-config + key: cni_network_config + - name: SLEEP + value: "true" + lifecycle: + preStop: + exec: + command: ["kill","-15","1"] + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + volumes: + - name: cni-bin-dir + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d diff --git a/cli/cmd/testdata/install_cni_helm_output.golden b/cli/cmd/testdata/install_cni_helm_override_output.golden similarity index 100% rename from cli/cmd/testdata/install_cni_helm_output.golden rename to cli/cmd/testdata/install_cni_helm_override_output.golden