linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use cniPluginVersion with Helm for linkerd2-cni (#4693) 

use `cniPluginVersion` as the fall-back version with Helm
This commit is contained in:
Tarun Pothulapati 2020-07-02 15:15:13 +00:00 committed by GitHub
parent 361d35bb6a
commit c3131cde0e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 223 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/linkerd2-cni/templates/cni-plugin.yaml
View File

@ -163,7 +163,7 @@ metadata:
k8s-app: linkerd-cni
{{.Values.cniResourceLabel}}: "true"
annotations:
{{.Values.createdByAnnotation}}: {{.Values.cliVersion}}
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.cniPluginVersion) .Values.cliVersion}}
spec:
selector:
matchLabels:
@ -177,7 +177,7 @@ spec:
labels:
k8s-app: linkerd-cni
annotations:
{{.Values.createdByAnnotation}}: {{.Values.cliVersion}}
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.cniPluginVersion) .Values.cliVersion}}
spec:
nodeSelector:
beta.kubernetes.io/os: linux

29
cli/cmd/install_cni_helm_test.go
View File

@ -19,20 +19,15 @@ func TestRenderCniHelm(t *testing.T) {
// the golden file is generated using the following `helm template` command:
// bin/helm template --set namespace="linkerd-test" --set controllerNamespaceLabel="linkerd.io/control-plane-ns-test" --set cniResourceAnnotation="linkerd.io/cni-resource-test" --set inboundProxyPort=1234 --set outboundProxyPort=5678 --set createdByAnnotation="linkerd.io/created-by-test" --set cniPluginImage="gcr.io/linkerd-io/cni-plugin-test" --set cniPluginVersion="test-version" --set logLevel="debug" --set proxyUID=1111 --set destCNINetDir="/etc/cni/net.d-test" --set destCNIBinDir="/opt/cni/bin-test" --set useWaitFlag=true --set cliVersion=test-version charts/linkerd2-cni
t.Run("Cni Install", func(t *testing.T) {
t.Run("Cni Install with defaults", func(t *testing.T) {
chartCni := chartCniPlugin(t)
testRenderCniHelm(t, chartCni, "install_cni_helm_output.golden")
testRenderCniHelm(t, chartCni, &pb.Config{}, "install_cni_helm_default_output.golden")
})
}
func testRenderCniHelm(t *testing.T, chart *pb.Chart, goldenFileName string) {
var (
chartName = "linkerd2-cni"
namespace = "linkerd-test"
)
overrideJSON :=
`{
t.Run("Cni Install with overridden values", func(t *testing.T) {
chartCni := chartCniPlugin(t)
overrideJSON :=
`{
"namespace": "linkerd-test",
"cniResourceLabel": "linkerd.io/cni-resource-test",
"inboundProxyPort": 1234,
@ -48,7 +43,17 @@ func testRenderCniHelm(t *testing.T, chart *pb.Chart, goldenFileName string) {
"cliVersion": "test-version"
}`
overrideConfig := &pb.Config{Raw: overrideJSON}
overrideConfig := &pb.Config{Raw: overrideJSON}
testRenderCniHelm(t, chartCni, overrideConfig, "install_cni_helm_override_output.golden")
})
}
func testRenderCniHelm(t *testing.T, chart *pb.Chart, overrideConfig *pb.Config, goldenFileName string) {
var (
chartName = "linkerd2-cni"
namespace = "linkerd-test"
)
releaseOptions := renderutil.Options{
ReleaseOptions: chartutil.ReleaseOptions{

204
cli/cmd/testdata/install_cni_helm_default_output.golden vendored Normal file
View File

@ -0,0 +1,204 @@
---
# Source: linkerd2-cni/templates/cni-plugin.yaml
kind: Namespace
apiVersion: v1
metadata:
name: linkerd-cni
annotations:
linkerd.io/inject: disabled
labels:
linkerd.io/cni-resource: "true"
config.linkerd.io/admission-webhooks: disabled
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: linkerd-linkerd-cni-cni
labels:
linkerd.io/cni-resource: "true"
spec:
allowPrivilegeEscalation: false
fsGroup:
rule: RunAsAny
hostNetwork: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- hostPath
- secret
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: linkerd-cni
namespace: linkerd-cni
labels:
linkerd.io/cni-resource: "true"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: linkerd-cni
namespace: linkerd-cni
labels:
linkerd.io/cni-resource: "true"
rules:
- apiGroups: ['extensions', 'policy']
resources: ['podsecuritypolicies']
resourceNames:
- linkerd-linkerd-cni-cni
verbs: ['use']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: linkerd-cni
namespace: linkerd-cni
labels:
linkerd.io/cni-resource: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: linkerd-cni
subjects:
- kind: ServiceAccount
name: linkerd-cni
namespace: linkerd-cni
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: linkerd-cni
labels:
linkerd.io/cni-resource: "true"
rules:
- apiGroups: [""]
resources: ["pods", "nodes", "namespaces"]
verbs: ["list", "get", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: linkerd-cni
labels:
linkerd.io/cni-resource: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: linkerd-cni
subjects:
- kind: ServiceAccount
name: linkerd-cni
namespace: linkerd-cni
---
kind: ConfigMap
apiVersion: v1
metadata:
name: linkerd-cni-config
namespace: linkerd-cni
labels:
linkerd.io/cni-resource: "true"
data:
dest_cni_net_dir: "/etc/cni/net.d"
dest_cni_bin_dir: "/opt/cni/bin"
# The CNI network configuration to install on each node. The special
# values in this config will be automatically populated.
cni_network_config: |-
{
"name": "linkerd-cni",
"type": "linkerd-cni",
"log_level": "info",
"policy": {
"type": "k8s",
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
},
"linkerd": {
"incoming-proxy-port": 4143,
"outgoing-proxy-port": 4140,
"proxy-uid": 2102,
"ports-to-redirect": [],
"inbound-ports-to-ignore": [],
"outbound-ports-to-ignore": [],
"simulate": false,
"use-wait-flag": false
}
}
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: linkerd-cni
namespace: linkerd-cni
labels:
k8s-app: linkerd-cni
linkerd.io/cni-resource: "true"
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
spec:
selector:
matchLabels:
k8s-app: linkerd-cni
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
k8s-app: linkerd-cni
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
serviceAccountName: linkerd-cni
containers:
# This container installs the linkerd CNI binaries
# and CNI network config file on each node. The install
# script copies the files into place and then sleeps so
# that Kubernetes doesn't keep trying to restart it.
- name: install-cni
image: gcr.io/linkerd-io/cni-plugin:linkerdVersionValue
env:
- name: DEST_CNI_NET_DIR
valueFrom:
configMapKeyRef:
name: linkerd-cni-config
key: dest_cni_net_dir
- name: DEST_CNI_BIN_DIR
valueFrom:
configMapKeyRef:
name: linkerd-cni-config
key: dest_cni_bin_dir
- name: CNI_NETWORK_CONFIG
valueFrom:
configMapKeyRef:
name: linkerd-cni-config
key: cni_network_config
- name: SLEEP
value: "true"
lifecycle:
preStop:
exec:
command: ["kill","-15","1"]
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
volumes:
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d

0
cli/cmd/testdata/install_cni_helm_output.golden → cli/cmd/testdata/install_cni_helm_override_output.golden vendored
View File