linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use linkerd-jaeger extension for control plane tracing (#5299) 

Now that tracing has been split out of the main control plane and into the linkerd-jaeger extension, we remove references to tracing from the main control plane including:

* removing the tracing components from the main control plane chart
* removing the tracing injection logic from the main proxy injector and inject CLI (these will be added back into the new injector in the linkerd-jaeger extension)
* removing tracing related checks (these will be added back into `linkerd jaeger check`)
* removing related tests

We also update the `--control-plane-tracing` flag to configure the control plane components to send traces to the linkerd-jaeger extension.  To make sure this works even when the linkerd-jaeger extension is installed in a non-default namespace, we also add a `--control-plane-tracing-namespace` flag which can be used to change the namespace that the control plane components send traces to.

Note that for now, only the control plane components send traces; the proxies in the control plane do not.  This is because the linkerd-jaeger injector is not yet available.  However, this change adds the appropriate namespace annotations to the control plane namespace to configure the proxies to send traces to the linkerd-jaeger extension once the linkerd-jaeger injector is available.

I tested this by doing the following:

1. bin/linkerd install | kubectl apply -f -
1. bin/helm install jaeger jaeger/charts/jaeger
1. bin/linkerd upgrade --control-plane-tracing=true | kubectl apply -f -
1. kubectl -n linkerd-jaeger port-forward svc/jaeger 16686
1. open http://localhost:16686
1. see traces from the linkerd control plane

Signed-off-by: Alex Leong <alex@buoyant.io>
This commit is contained in:
Alex Leong 2020-12-08 14:34:26 -08:00 committed by GitHub
parent 15dc97c70e
commit cdc57d1af0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
80 changed files with 268 additions and 10529 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/integration_tests.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-18.04
strategy:
matrix:
target: [proxy, controller, web, cni-plugin, debug, cli-bin, grafana]
target: [proxy, controller, web, cni-plugin, debug, cli-bin, grafana, jaeger-webhook]
name: Docker build (${{ matrix.target }})
timeout-minutes: 30
steps:

4
charts/add-ons/grafana/templates/grafana.yaml
View File

@ -167,7 +167,6 @@ spec:
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- end }}
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
@ -187,9 +186,6 @@ spec:
path: provisioning/dashboards/dashboards.yaml
name: linkerd-grafana-config
name: grafana-config
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}

4
charts/add-ons/prometheus/templates/prometheus.yaml
View File

@ -285,7 +285,6 @@ spec:
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- end }}
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
@ -308,9 +307,6 @@ spec:
- configMap:
name: linkerd-prometheus-config
name: prometheus-config
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}

22
charts/add-ons/tracing/.helmignore
View File

@ -1,22 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

9
charts/add-ons/tracing/Chart.yaml
View File

@ -1,9 +0,0 @@
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for the tracing add-on in Linkerd
name: tracing
version: 0.1.0
maintainers:
- name: Linkerd authors
email: cncf-linkerd-dev@lists.cncf.io
url: https://linkerd.io/

31
charts/add-ons/tracing/README.md
View File

@ -1,31 +0,0 @@
# tracing
A Helm chart for the tracing add-on in Linkerd
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| file://../../partials | partials | 0.1.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| collector.image | string | `"omnition/opencensus-collector:0.1.11"` | |
| collector.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the trace collector container can use |
| collector.resources.cpu.request | string | `nil` | Amount of CPU units that the trace collector container requests |
| collector.resources.memory.limit | string | `nil` | Maximum amount of memory that trace collector container can use |
| collector.resources.memory.request | string | `nil` | Amount of memory that the trace collector container requests |
| jaeger.image | string | `"jaegertracing/all-in-one:1.19.2"` | Docker image for the jaeger instance |
| jaeger.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the jaeger container can use |
| jaeger.resources.cpu.request | string | `nil` | Amount of CPU units that the jaeger container requests |
| jaeger.resources.memory.limit | string | `nil` | Maximum amount of memory that jaeger container can use |
| jaeger.resources.memory.request | string | `nil` | Amount of memory that the jaeger container requests |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)

14
charts/add-ons/tracing/README.md.gotmpl
View File

@ -1,14 +0,0 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}
{{ template "chart.typeBadge" . }}
{{ template "chart.appVersionBadge" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

6
charts/add-ons/tracing/requirements.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: partials
repository: file://../../partials
version: 0.1.0
digest: sha256:2202cf6f3783f79e78414e7a94b651589f322f3724ab220f0ea3bf8f31954de4
generated: "2020-01-30T00:01:30.861787731+05:30"

4
charts/add-ons/tracing/requirements.yaml
View File

@ -1,4 +0,0 @@
dependencies:
- name: partials
version: 0.1.0
repository: file://../../partials

28
charts/add-ons/tracing/templates/tracing-rbac.yaml
View File

@ -1,28 +0,0 @@
---
###
### linkerd-collector RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-collector
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: linkerd-collector
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}
---
###
### linkerd-jaeger RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-jaeger
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: linkerd-jaeger
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.image-pull-secrets" . }}

246
charts/add-ons/tracing/templates/tracing.yaml
View File

@ -1,246 +0,0 @@
---
###
### Tracing Collector Service
###
---
apiVersion: v1
kind: ConfigMap
metadata:
name: linkerd-collector-config
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: linkerd-collector
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
data:
linkerd-collector-config: |
receivers:
opencensus:
port: 55678
zipkin:
port: 9411
jaeger:
jaeger-thrift-http-port: 14268
queued-exporters:
jaeger-all-in-one:
num-workers: 4
queue-size: 100
retry-on-failure: true
sender-type: jaeger-thrift-http
jaeger-thrift-http:
collector-endpoint: {{printf "http://%s.%s:14268/api/traces" "linkerd-jaeger" .Values.global.namespace }}
timeout: 5s
---
apiVersion: v1
kind: Service
metadata:
name: linkerd-collector
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: linkerd-collector
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
spec:
type: ClusterIP
ports:
- name: opencensus
port: 55678
protocol: TCP
targetPort: 55678
- name: zipkin
port: 9411
protocol: TCP
targetPort: 9411
- name: jaeger
port: 14268
protocol: TCP
targetPort: 14268
selector:
{{.Values.global.controllerComponentLabel}}: linkerd-collector
---
{{- $tree := deepCopy . }}
{{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}}
{{ $_ := set $tree.Values.global.proxy "component" "linkerd-collector" -}}
{{ include "linkerd.proxy.validation" $tree.Values.global.proxy -}}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
labels:
app.kubernetes.io/name: linkerd-collector
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
{{.Values.global.controllerComponentLabel}}: linkerd-collector
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
name: linkerd-collector
namespace: {{.Values.global.namespace}}
spec:
replicas: 1
selector:
matchLabels:
{{.Values.global.controllerComponentLabel}}: linkerd-collector
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 6}}
minReadySeconds: 5
progressDeadlineSeconds: 120
template:
metadata:
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
{{- include "partials.proxy.annotations" .Values.global.proxy| nindent 8}}
{{- with .Values.global.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
prometheus.io/path: /metrics
prometheus.io/port: "8888"
prometheus.io/scrape: "true"
labels:
{{.Values.global.controllerComponentLabel}}: linkerd-collector
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{.Values.global.workloadNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 8}}
{{- with .Values.global.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
spec:
containers:
- command:
- /occollector_linux
- --config=/conf/linkerd-collector-config.yaml
env:
- name: GOGC
value: "80"
image: {{.Values.collector.image}}
imagePullPolicy: {{.Values.global.imagePullPolicy}}
livenessProbe:
httpGet:
path: /
port: 13133
name: oc-collector
ports:
- containerPort: 55678
- containerPort: 9411
- containerPort: 14268
readinessProbe:
httpGet:
path: /
port: 13133
{{- if .Values.collector.resources -}}
{{- include "partials.resources" .Values.collector.resources | nindent 8 }}
{{- end }}
volumeMounts:
- mountPath: /conf
name: linkerd-collector-config-val
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
serviceAccountName: linkerd-collector
volumes:
- configMap:
items:
- key: linkerd-collector-config
path: linkerd-collector-config.yaml
name: linkerd-collector-config
name: linkerd-collector-config-val
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
- {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}
---
###
### Tracing Jaeger Service
###
---
apiVersion: v1
kind: Service
metadata:
name: linkerd-jaeger
namespace: {{.Values.global.namespace}}
labels:
{{.Values.global.controllerComponentLabel}}: linkerd-jaeger
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
spec:
type: ClusterIP
selector:
{{.Values.global.controllerComponentLabel}}: linkerd-jaeger
ports:
- name: collection
port: 14268
- name: ui
port: 16686
---
{{- $tree := deepCopy . }}
{{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}}
{{ $_ := set $tree.Values.global.proxy "component" "linkerd-jaeger" -}}
{{ include "linkerd.proxy.validation" $tree.Values.global.proxy -}}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
labels:
app.kubernetes.io/name: linkerd-jaeger
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
{{.Values.global.controllerComponentLabel}}: linkerd-jaeger
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
name: linkerd-jaeger
namespace: {{.Values.global.namespace}}
spec:
replicas: 1
selector:
matchLabels:
{{.Values.global.controllerComponentLabel}}: linkerd-jaeger
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 6}}
template:
metadata:
annotations:
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
{{- include "partials.proxy.annotations" .Values.global.proxy| nindent 8}}
{{- with .Values.global.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
prometheus.io/path: /metrics
prometheus.io/port: "8888"
prometheus.io/scrape: "true"
labels:
{{.Values.global.controllerComponentLabel}}: linkerd-jaeger
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
{{.Values.global.workloadNamespaceLabel}}: {{.Values.global.namespace}}
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 8}}
{{- with .Values.global.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
spec:
containers:
- args:
- --query.base-path=/jaeger
image: {{.Values.jaeger.image}}
imagePullPolicy: {{.Values.global.imagePullPolicy}}
name: jaeger
ports:
- containerPort: 14268
name: collection
- containerPort: 16686
name: ui
{{- if .Values.jaeger.resources -}}
{{- include "partials.resources" .Values.jaeger.resources | nindent 8 }}
{{- end }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
dnsPolicy: ClusterFirst
serviceAccountName: linkerd-jaeger
volumes:
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
- {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}

28
charts/add-ons/tracing/values.yaml
View File

@ -1,28 +0,0 @@
# Default values for tracing.
collector:
image: omnition/opencensus-collector:0.1.11
resources:
cpu:
# -- Maximum amount of CPU units that the trace collector container can use
limit:
# -- Amount of CPU units that the trace collector container requests
request:
memory:
# -- Maximum amount of memory that trace collector container can use
limit:
# -- Amount of memory that the trace collector container requests
request:
jaeger:
# -- Docker image for the jaeger instance
image: jaegertracing/all-in-one:1.19.2
resources:
cpu:
# -- Maximum amount of CPU units that the jaeger container can use
limit:
# -- Amount of CPU units that the jaeger container requests
request:
memory:
# -- Maximum amount of memory that jaeger container can use
limit:
# -- Amount of memory that the jaeger container requests
request:

7
charts/linkerd2/README.md
View File

@ -120,7 +120,6 @@ Kubernetes: `>=1.13.0-0`
|------------|------|---------|
| file://../add-ons/grafana | grafana | 0.1.0 |
| file://../add-ons/prometheus | prometheus | 0.1.0 |
| file://../add-ons/tracing | tracing | 0.1.0 |
| file://../partials | partials | 0.1.0 |
## Values
@ -140,7 +139,8 @@ Kubernetes: `>=1.13.0-0`
| global.clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use |
| global.clusterNetworks | string | `"10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"` | The cluster networks for which service discovery is performed. This should include the pod network but need not include the node network. By default, all private networks are specified so that resolution works in typical Kubernetes environments. |
| global.cniEnabled | bool | `false` | enabling this omits the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed |
| global.controlPlaneTracing | bool | `false` | control plane trace configuration |
| global.controlPlaneTracing | bool | `false` | enables control plane tracing |
| global.controlPlaneTracingNamespace | string | `"linkerd-jaeger"` | namespace to send control plane traces to |
| global.controllerComponentLabel | string | `"linkerd.io/control-plane-component"` | Control plane label. Do not edit |
| global.controllerLogLevel | string | `"info"` | Log level for the control plane components |
| global.controllerNamespaceLabel | string | `"linkerd.io/control-plane-ns"` | Control plane label. Do not edit |
@ -175,8 +175,6 @@ Kubernetes: `>=1.13.0-0`
| global.proxy.resources.cpu.request | string | `""` | Amount of CPU units that the proxy requests |
| global.proxy.resources.memory.limit | string | `""` | Maximum amount of memory that the proxy can use |
| global.proxy.resources.memory.request | string | `""` | Maximum amount of memory that the proxy requests |
| global.proxy.trace.collectorSvcAccount | string | `"default"` | Service account associated with the Trace collector instance |
| global.proxy.trace.collectorSvcAddr | string | `""` | Collector Service address for the proxies to send Trace Data |
| global.proxy.uid | int | `2102` | User id under which the proxy runs |
| global.proxy.waitBeforeExitSeconds | int | `0` | If set the proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. See [Lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks) for more info on container lifecycle hooks. |
| global.proxyInit.closeWaitTimeoutSecs | int | `0` | |
@ -222,7 +220,6 @@ Kubernetes: `>=1.13.0-0`
| tap.crtPEM | string | `""` | Certificate for the Tap component. If not provided then Helm will generate one. |
| tap.externalSecret | bool | `false` | Do not create a secret resource for the Tap component. If this is set to `true`, the value `tap.caBundle` must be set (see below). |
| tap.keyPEM | string | `""` | Certificate key for Tap component. If not provided then Helm will generate one. |
| tracing.enabled | bool | `false` | |
| webImage | string | `"ghcr.io/linkerd/web"` | |
| webhookFailurePolicy | string | `"Ignore"` | Failure policy for the proxy injector |

4
charts/linkerd2/requirements.yaml
View File

@ -10,7 +10,3 @@ dependencies:
version: 0.1.0
repository: file://../add-ons/grafana
condition: grafana.enabled
- name: tracing
version: 0.1.0
repository: file://../add-ons/tracing
condition: tracing.enabled

4
charts/linkerd2/templates/controller.yaml
View File

@ -112,7 +112,6 @@ spec:
{{- $r := merge .Values.publicAPIProxyResources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
@ -120,9 +119,6 @@ spec:
{{ end -}}
serviceAccountName: linkerd-controller
volumes:
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}

4
charts/linkerd2/templates/destination.yaml
View File

@ -129,7 +129,6 @@ spec:
{{- $r := merge .Values.destinationProxyResources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
@ -137,9 +136,6 @@ spec:
{{ end -}}
serviceAccountName: linkerd-destination
volumes:
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}

4
charts/linkerd2/templates/identity.yaml
View File

@ -152,7 +152,6 @@ spec:
{{- $r := merge .Values.identityProxyResources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
@ -163,9 +162,6 @@ spec:
- name: identity-issuer
secret:
secretName: linkerd-identity-issuer
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}

4
charts/linkerd2/templates/proxy-injector.yaml
View File

@ -91,7 +91,6 @@ spec:
{{- $r := merge .Values.proxyInjectorProxyResources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
@ -105,9 +104,6 @@ spec:
- name: tls
secret:
secretName: linkerd-proxy-injector-k8s-tls
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}

10
charts/linkerd2/templates/psp.yaml
View File

@ -84,11 +84,6 @@ roleRef:
name: linkerd-psp
apiGroup: rbac.authorization.k8s.io
subjects:
{{ if .Values.tracing.enabled -}}
- kind: ServiceAccount
name: linkerd-collector
namespace: {{.Values.global.namespace}}
{{ end -}}
- kind: ServiceAccount
name: linkerd-controller
namespace: {{.Values.global.namespace}}
@ -108,11 +103,6 @@ subjects:
- kind: ServiceAccount
name: linkerd-identity
namespace: {{.Values.global.namespace}}
{{ if .Values.tracing.enabled -}}
- kind: ServiceAccount
name: linkerd-jaeger
namespace: {{.Values.global.namespace}}
{{ end -}}
{{ if .Values.prometheus.enabled -}}
- kind: ServiceAccount
name: linkerd-prometheus

4
charts/linkerd2/templates/sp-validator.yaml
View File

@ -108,7 +108,6 @@ spec:
{{- $r := merge .Values.spValidatorProxyResources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
@ -119,9 +118,6 @@ spec:
- name: tls
secret:
secretName: linkerd-sp-validator-k8s-tls
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}

4
charts/linkerd2/templates/tap.yaml
View File

@ -118,7 +118,6 @@ spec:
{{- $r := merge .Values.tapProxyResources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
@ -126,9 +125,6 @@ spec:
{{ end -}}
serviceAccountName: linkerd-tap
volumes:
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}

7
charts/linkerd2/templates/web.yaml
View File

@ -75,9 +75,6 @@ spec:
{{- else if .Values.grafana.enabled }}
- -grafana-addr=linkerd-grafana.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:3000
{{- end}}
{{- if .Values.tracing.enabled }}
- -jaeger-addr=linkerd-jaeger.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:16686
{{- end}}
- -controller-namespace={{.Values.global.namespace}}
- -log-level={{.Values.global.controllerLogLevel}}
{{- if .Values.enforcedHostRegexp }}
@ -115,7 +112,6 @@ spec:
{{- $r := merge .Values.webProxyResources .Values.global.proxy.resources }}
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
{{- end }}
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
{{ if not .Values.global.cniEnabled -}}
initContainers:
@ -123,9 +119,6 @@ spec:
{{ end -}}
serviceAccountName: linkerd-web
volumes:
{{ if .Values.global.controlPlaneTracing -}}
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}
{{ if not .Values.global.cniEnabled -}}
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
{{ end -}}

18
charts/linkerd2/values.yaml
View File

@ -18,8 +18,10 @@ global:
# -- Log level for the control plane components
controllerLogLevel: &controller_log_level info
# -- control plane trace configuration
# -- enables control plane tracing
controlPlaneTracing: false
# -- namespace to send control plane traces to
controlPlaneTracingNamespace: linkerd-jaeger
# -- control plane version. See Proxy section for proxy version
linkerdVersion: &linkerd_version linkerdVersionValue
@ -99,11 +101,6 @@ global:
limit: ""
# -- Maximum amount of memory that the proxy requests
request: ""
trace:
# -- Collector Service address for the proxies to send Trace Data
collectorSvcAddr: ""
# -- Service account associated with the Trace collector instance
collectorSvcAccount: default
# -- User id under which the proxy runs
uid: 2102
@ -466,12 +463,3 @@ prometheus:
# resources:
# proxy:
# resources:
tracing:
enabled: false
# collector:
# image: omnition/opencensus-collector:0.1.11
# resources:
# jaeger:
# image: jaegertracing/all-in-one:1.19.2
# resources:

16
charts/partials/templates/_proxy.tpl
View File

@ -47,10 +47,6 @@ env:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
{{ if .Values.global.proxy.trace.collectorSvcAddr -}}
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
{{ end -}}
{{ if .Values.global.proxy.opaquePorts -}}
- name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
value: {{.Values.global.proxy.opaquePorts | quote}}
@ -101,12 +97,6 @@ env:
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
{{ end -}}
{{ if .Values.global.proxy.trace.collectorSvcAddr -}}
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: {{ .Values.global.proxy.trace.collectorSvcAddr }}
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: {{ .Values.global.proxy.trace.collectorSvcAccount }}.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
{{ end -}}
image: {{.Values.global.proxy.image.name}}:{{.Values.global.proxy.image.version}}
imagePullPolicy: {{.Values.global.proxy.image.pullPolicy}}
livenessProbe:
@ -145,12 +135,8 @@ lifecycle:
- -c
- sleep {{.Values.global.proxy.waitBeforeExitSeconds}}
{{- end }}
{{- if or (.Values.global.proxy.trace.collectorSvcAddr) (not .Values.global.proxy.disableIdentity) (.Values.global.proxy.saMountPath) }}
{{- if or (not .Values.global.proxy.disableIdentity) (.Values.global.proxy.saMountPath) }}
volumeMounts:
{{- if .Values.global.proxy.trace.collectorSvcAddr }}
- mountPath: var/run/linkerd/podinfo
name: podinfo
{{- end -}}
{{- if not .Values.global.proxy.disableIdentity }}
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity

9
charts/partials/templates/_trace.tpl
View File

@ -1,12 +1,5 @@
{{ define "partials.linkerd.trace" -}}
{{ if .Values.global.controlPlaneTracing -}}
- -trace-collector=linkerd-collector.{{.Values.global.namespace}}.svc.{{.Values.global.clusterDomain}}:55678
{{ end -}}
{{- end }}
{{ define "partials.setControlPlaneTracing.proxy" -}}
{{ if .Values.global.controlPlaneTracing -}}
{{ $_ := set .Values.global.proxy.trace "collectorSvcAddr" (printf "linkerd-collector.%s.svc.%s:55678" .Values.global.namespace .Values.global.clusterDomain) -}}
{{ $_ := set .Values.global.proxy.trace "collectorSvcAccount" (printf "linkerd-collector.%s" .Values.global.namespace) -}}
- -trace-collector=collector.{{.Values.global.controlPlaneTracingNamespace}}.svc.{{.Values.global.clusterDomain}}:55678
{{ end -}}
{{- end }}

21
charts/partials/templates/_volumes.tpl
View File

@ -4,27 +4,6 @@ emptyDir:
name: linkerd-identity-end-entity
{{- end -}}
{{/*
This volume is attached to the proxy when distributed tracing is enabled, thus allowing the proxy to attach pod's labels as span attributes.
This is done to attach more context to traces in order to allow filtering based on workload type, name, namespace, etc.
The above information already exists as pod labels except for namespace, which is fixed by adding a `linkerd.io/workload-ns` label.
instead of using downwardAPI to attach `metadata.namespace` as ENV and making the proxy add the ENV as a span attribute,
this way is chosen, to keep the proxy unaware of k8s namespace and only have a single way to add attributes to spans i.e
through a file.
For control-plane components, `linkerd.io/workload-ns` label is only added to `spec.template.metadata.labels` but not label-selectors
as they are immutable and would fail upgrades.
*/}}
{{ define "partials.proxy.volumes.labels" -}}
downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
{{- end -}}
{{ define "partials.proxyInit.volumes.xtables" -}}
emptyDir: {}
name: {{ .Values.global.proxyInit.xtMountPath.name }}

8
charts/patch/templates/patch.json
View File

@ -76,14 +76,6 @@
},
{{- end }}
{{- if .Values.global.proxy }}
{{- if (.Values.global.proxy.trace.collectorSvcAddr) }}
{
"op": "add",
"path": "{{$prefix}}/spec/volumes/-",
"value":
{{- include "partials.proxy.volumes.labels" . | fromYaml | toPrettyJson | nindent 6 }}
},
{{- end }}
{{- if not .Values.global.proxy.disableIdentity -}}
{
"op": "add",

8
cli/cmd/doc.go
View File

@ -215,14 +215,6 @@ func generateAnnotationsDocs() []annotationDoc {
Name: k8s.ProxyEnableDebugAnnotation,
Description: "Inject a debug sidecar for data plane debugging",
},
{
Name: k8s.ProxyTraceCollectorSvcAddrAnnotation,
Description: "Service name of the trace collector. E.g. `oc-collector.tracing:55678`",
},
{
Name: k8s.ProxyTraceCollectorSvcAccountAnnotation,
Description: "The trace collector's service account name. E.g., `tracing-service-account`. If not provided, it will be defaulted to `default`.",
},
{
Name: k8s.ProxyWaitBeforeExitSecondsAnnotation,
Description: "The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. If not provided, it will be defaulted to `0`",

8
cli/cmd/inject.go
View File

@ -442,14 +442,6 @@ func getOverrideAnnotations(values *charts.Values, base *charts.Values) map[stri
if proxy.Resources.Memory.Limit != baseProxy.Resources.Memory.Limit {
overrideAnnotations[k8s.ProxyMemoryLimitAnnotation] = proxy.Resources.Memory.Limit
}
if proxy.Trace.CollectorSvcAddr != baseProxy.Trace.CollectorSvcAddr {
overrideAnnotations[k8s.ProxyTraceCollectorSvcAddrAnnotation] = proxy.Trace.CollectorSvcAddr
}
if proxy.Trace.CollectorSvcAccount != baseProxy.Trace.CollectorSvcAccount {
overrideAnnotations[k8s.ProxyTraceCollectorSvcAccountAnnotation] = proxy.Trace.CollectorSvcAccount
}
if proxy.WaitBeforeExitSeconds != baseProxy.WaitBeforeExitSeconds {
overrideAnnotations[k8s.ProxyWaitBeforeExitSecondsAnnotation] = uintToString(proxy.WaitBeforeExitSeconds)
}

50
cli/cmd/inject_test.go
View File

@ -288,18 +288,6 @@ func TestUninjectAndInject(t *testing.T) {
injectProxy: true,
testInjectConfig: proxyIgnorePortsConfig,
},
{
inputFileName: "inject_emojivoto_deployment.input.yml",
goldenFileName: "inject_emojivoto_deployment_trace.golden.yml",
reportFileName: "inject_emojivoto_deployment_trace.report",
injectProxy: true,
testInjectConfig: func() *linkerd2.Values {
values := defaultConfig()
values.GetGlobal().Proxy.Trace.CollectorSvcAddr = "linkerd-collector"
values.GetGlobal().Proxy.Trace.CollectorSvcAccount = "linkerd-collector.linkerd"
return values
}(),
},
}
for i, tc := range testCases {
@ -611,30 +599,26 @@ func TestProxyConfigurationAnnotations(t *testing.T) {
values.GetGlobal().Proxy.Resources.CPU.Limit = "100m"
values.GetGlobal().Proxy.Resources.Memory.Request = "10Mi"
values.GetGlobal().Proxy.Resources.Memory.Limit = "50Mi"
values.GetGlobal().Proxy.Trace.CollectorSvcAddr = "oc-collector.tracing:55678"
values.GetGlobal().Proxy.Trace.CollectorSvcAccount = "svcAccount"
values.GetGlobal().Proxy.WaitBeforeExitSeconds = 10
expectedOverrides := map[string]string{
k8s.ProxyIgnoreInboundPortsAnnotation: "8500-8505",
k8s.ProxyIgnoreOutboundPortsAnnotation: "3306",
k8s.ProxyAdminPortAnnotation: "1234",
k8s.ProxyControlPortAnnotation: "4191",
k8s.ProxyInboundPortAnnotation: "4144",
k8s.ProxyOutboundPortAnnotation: "4141",
k8s.ProxyUIDAnnotation: "999",
k8s.ProxyLogLevelAnnotation: "debug",
k8s.ProxyLogFormatAnnotation: "cool",
k8s.ProxyDisableIdentityAnnotation: "true",
k8s.ProxyDisableTapAnnotation: "true",
k8s.ProxyEnableExternalProfilesAnnotation: "true",
k8s.ProxyCPURequestAnnotation: "10m",
k8s.ProxyCPULimitAnnotation: "100m",
k8s.ProxyMemoryRequestAnnotation: "10Mi",
k8s.ProxyMemoryLimitAnnotation: "50Mi",
k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678",
k8s.ProxyTraceCollectorSvcAccountAnnotation: "svcAccount",
k8s.ProxyWaitBeforeExitSecondsAnnotation: "10",
k8s.ProxyIgnoreInboundPortsAnnotation: "8500-8505",
k8s.ProxyIgnoreOutboundPortsAnnotation: "3306",
k8s.ProxyAdminPortAnnotation: "1234",
k8s.ProxyControlPortAnnotation: "4191",
k8s.ProxyInboundPortAnnotation: "4144",
k8s.ProxyOutboundPortAnnotation: "4141",
k8s.ProxyUIDAnnotation: "999",
k8s.ProxyLogLevelAnnotation: "debug",
k8s.ProxyLogFormatAnnotation: "cool",
k8s.ProxyDisableIdentityAnnotation: "true",
k8s.ProxyDisableTapAnnotation: "true",
k8s.ProxyEnableExternalProfilesAnnotation: "true",
k8s.ProxyCPURequestAnnotation: "10m",
k8s.ProxyCPULimitAnnotation: "100m",
k8s.ProxyMemoryRequestAnnotation: "10Mi",
k8s.ProxyMemoryLimitAnnotation: "50Mi",
k8s.ProxyWaitBeforeExitSecondsAnnotation: "10",
}
overrides := getOverrideAnnotations(values, baseValues)

26
cli/cmd/install_addon_test.go
View File

@ -12,32 +12,11 @@ import (
)
func TestAddOnRender(t *testing.T) {
withTracingAddonValues, err := testInstallOptions()
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
withTracingAddonValues.Tracing["enabled"] = true
addFakeTLSSecrets(withTracingAddonValues)
withTracingOverwriteValues, err := testInstallOptions()
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
data, err := ioutil.ReadFile(filepath.Join("testdata", "addon_config_overwrite.yaml"))
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
err = yaml.Unmarshal(data, withTracingOverwriteValues)
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
addFakeTLSSecrets(withTracingOverwriteValues)
withExistingGrafanaValues, err := testInstallOptions()
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
data, err = ioutil.ReadFile(filepath.Join("testdata", "existing-grafana-config.yaml"))
data, err := ioutil.ReadFile(filepath.Join("testdata", "existing-grafana-config.yaml"))
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
@ -65,8 +44,7 @@ func TestAddOnRender(t *testing.T) {
values *charts.Values
goldenFileName string
}{
{withTracingAddonValues, "install_tracing.golden"},
{withTracingOverwriteValues, "install_tracing_overwrite.golden"},
{withExistingGrafanaValues, "install_grafana_existing.golden"},
{withPrometheusAddOnOverwriteValues, "install_prometheus_overwrite.golden"},
}

14
cli/cmd/install_test.go
View File

@ -86,8 +86,7 @@ func TestRender(t *testing.T) {
Inbound: 4143,
Outbound: 4140,
},
UID: 2102,
Trace: &charts.Trace{},
UID: 2102,
},
ProxyInit: &charts.ProxyInit{
Image: &charts.Image{
@ -135,9 +134,6 @@ func TestRender(t *testing.T) {
"enabled": true,
"image": "PrometheusImage",
},
Tracing: map[string]interface{}{
"enabled": false,
},
Grafana: defaultValues.Grafana,
}
@ -211,13 +207,6 @@ func TestRender(t *testing.T) {
}
addFakeTLSSecrets(withCustomRegistryValues)
withAddOnValues, err := testInstallOptions()
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
}
withAddOnValues.Tracing["enabled"] = true
addFakeTLSSecrets(withAddOnValues)
withCustomDestinationGetNetsValues, err := testInstallOptions()
if err != nil {
t.Fatalf("Unexpected error: %v\n", err)
@ -239,7 +228,6 @@ func TestRender(t *testing.T) {
{withRestrictedDashboardPrivilegesValues, "install_restricted_dashboard.golden"},
{withControlPlaneTracingValues, "install_controlplane_tracing_output.golden"},
{withCustomRegistryValues, "install_custom_registry.golden"},
{withAddOnValues, "install_addon.golden"},
{withCustomDestinationGetNetsValues, "install_default_override_dst_get_nets.golden"},
}

21
cli/cmd/options.go
View File

@ -118,7 +118,13 @@ func makeInstallUpgradeFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.Fl
flag.NewBoolFlag(installUpgradeFlags, "control-plane-tracing", defaults.GetGlobal().ControlPlaneTracing,
"Enables Control Plane Tracing with the defaults", func(values *l5dcharts.Values, value bool) error {
defaults.GetGlobal().ControlPlaneTracing = value
values.GetGlobal().ControlPlaneTracing = value
return nil
}),
flag.NewStringFlag(installUpgradeFlags, "control-plane-tracing-namespace", defaults.GetGlobal().ControlPlaneTracingNamespace,
"Send control plane traces to Linkerd-Jaeger extension in this namespace", func(values *l5dcharts.Values, value string) error {
values.GetGlobal().ControlPlaneTracingNamespace = value
return nil
}),
@ -185,6 +191,7 @@ func makeInstallUpgradeFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.Fl
installUpgradeFlags.MarkHidden("control-plane-version")
}
installUpgradeFlags.MarkHidden("control-plane-tracing")
installUpgradeFlags.MarkHidden("control-plane-tracing-namespace")
return flags, installUpgradeFlags, nil
}
@ -493,18 +500,6 @@ func makeInjectFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet) {
return nil
}),
flag.NewStringFlag(injectFlags, "trace-collector", defaults.GetGlobal().Proxy.Trace.CollectorSvcAddr,
"Collector Service address for the proxies to send Trace Data", func(values *l5dcharts.Values, value string) error {
values.GetGlobal().Proxy.Trace.CollectorSvcAddr = value
return nil
}),
flag.NewStringFlag(injectFlags, "trace-collector-svc-account", defaults.GetGlobal().Proxy.Trace.CollectorSvcAccount,
"Service account associated with the Trace collector instance", func(values *l5dcharts.Values, value string) error {
values.GetGlobal().Proxy.Trace.CollectorSvcAccount = value
return nil
}),
flag.NewStringSliceFlag(injectFlags, "require-identity-on-inbound-ports", strings.Split(defaults.GetGlobal().Proxy.RequireIdentityOnInboundPorts, ","),
"Inbound ports on which the proxy should require identity", func(values *l5dcharts.Values, value []string) error {
values.GetGlobal().Proxy.RequireIdentityOnInboundPorts = strings.Join(value, ",")

196
cli/cmd/testdata/inject_emojivoto_deployment_trace.golden.yml vendored
View File

@ -1,196 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
namespace: emojivoto
spec:
replicas: 1
selector:
matchLabels:
app: web-svc
template:
metadata:
annotations:
config.alpha.linkerd.io/trace-collector-service-account: linkerd-collector.linkerd
config.linkerd.io/trace-collector: linkerd-collector
linkerd.io/created-by: linkerd/cli dev-undefined
linkerd.io/identity-mode: default
linkerd.io/proxy-version: test-inject-proxy-version
labels:
app: web-svc
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: web
linkerd.io/workload-ns: emojivoto
spec:
containers:
- env:
- name: WEB_PORT
value: "80"
- name: EMOJISVC_HOST
value: emoji-svc.emojivoto:8080
- name: VOTINGSVC_HOST
value: voting-svc.emojivoto:8080
- name: INDEX_BUNDLE
value: dist/index_bundle.js
image: buoyantio/emojivoto-web:v10
name: web-svc
ports:
- containerPort: 80
name: http
- env:
- name: LINKERD2_PROXY_LOG
value: warn,linkerd=info
- name: LINKERD2_PROXY_LOG_FORMAT
value: plain
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
value: linkerd-dst-headless.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
- name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
value: 100ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
value: 1000ms
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: svc.cluster.local.
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: _pod_nodeName
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: LINKERD2_PROXY_DESTINATION_CONTEXT
value: |
{"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)"}
- name: LINKERD2_PROXY_IDENTITY_DIR
value: /var/run/linkerd/identity/end-entity
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
value: |
-----BEGIN CERTIFICATE-----
MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
/wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
vgUC0d2/9FMueIVMb+46WTCOjsqr
-----END CERTIFICATE-----
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
value: linkerd-identity-headless.linkerd.svc.cluster.local:8080
- name: _pod_sa
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: _l5d_ns
value: linkerd
- name: _l5d_trustdomain
value: cluster.local
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd..serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-inject-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /live
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-admin
readinessProbe:
httpGet:
path: /ready
port: 4191
initialDelaySeconds: 2
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- 4190,4191,25,443,587,3306,11211
- --outbound-ports-to-ignore
- 25,443,587,3306,11211
image: ghcr.io/linkerd/proxy-init:v1.3.8
imagePullPolicy: IfNotPresent
name: linkerd-init
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 10m
memory: 10Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: false
runAsUser: 0
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /run
name: linkerd-proxy-init-xtables-lock
volumes:
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: labels
name: podinfo
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity
---

3
cli/cmd/testdata/inject_emojivoto_deployment_trace.report vendored
View File

@ -1,3 +0,0 @@
deployment "web" injected

10
cli/cmd/testdata/inject_emojivoto_deployment_trace.report.verbose vendored
View File

@ -1,10 +0,0 @@
√ pods do not use host networking
√ pods do not have a 3rd party proxy or initContainer already injected
√ pods are not annotated to disable injection
√ at least one resource injected
√ pod specs do not include UDP ports
√ pods do not have automountServiceAccountToken set to "false"
deployment "web" injected

4007
cli/cmd/testdata/install_addon.golden vendored
View File

File diff suppressed because it is too large Load Diff

3
cli/cmd/testdata/install_control-plane.golden vendored
View File

@ -99,9 +99,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
workloadKind: deployment

142
cli/cmd/testdata/install_controlplane_tracing_output.golden vendored
View File

@ -820,6 +820,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: true
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -880,9 +881,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -977,8 +975,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null
@ -1085,7 +1081,7 @@ spec:
- -identity-clock-skew-allowance=20s
- -identity-trust-anchors-pem=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ3VENDQVdhZ0F3SUJBZ0lRZURacDVsRGFJeWdRNVVmTUtackZBVEFLQmdncWhrak9QUVFEQWpBcE1TY3cKSlFZRFZRUURFeDVwWkdWdWRHbDBlUzVzYVc1clpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d0hoY05NakF3T0RJNApNRGN4TWpRM1doY05NekF3T0RJMk1EY3hNalEzV2pBcE1TY3dKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyClpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFScWM3MFoKbDF2Z3c3OXJqQjV1U0lUSUNVQTZHeWZ2U0ZmY3VJaXM3Qi9YRlNra3dBSFU1Uy9zMUFBUCtSMFRYN0hCV1VDNAp1YUc0V1dzaXdKS05uN21nbzNBd2JqQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCCi93SUJBVEFkQmdOVkhRNEVGZ1FVNVl0alZWUGZkN0k3TkxIc24yQzI2RUJ5R1Ywd0tRWURWUjBSQkNJd0lJSWUKYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Bb0dDQ3FHU000OUJBTUNBMGtBTUVZQwpJUUNON2xCRkxERHZqeDZWMCtYa2pwS0VSUnNKWWY1YWRNdm5sb0ZsNDhpbEpnSWhBTnR4aG5kY3IrUUpQdUM4CnZnVUMwZDIvOUZNdWVJVk1iKzQ2V1RDT2pzcXIKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- -identity-scheme=linkerd.io/tls
- -trace-collector=linkerd-collector.linkerd.svc.cluster.local:55678
- -trace-collector=collector.linkerd-jaeger.svc.cluster.local:55678
image: ghcr.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -1136,8 +1132,6 @@ spec:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
@ -1185,10 +1179,6 @@ spec:
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector.linkerd.svc.cluster.local:55678
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -1214,8 +1204,6 @@ spec:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
@ -1259,12 +1247,6 @@ spec:
- name: identity-issuer
secret:
secretName: linkerd-identity-issuer
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
@ -1336,7 +1318,7 @@ spec:
- -log-level=info
- -cluster-domain=cluster.local
- -prometheus-url=http://linkerd-prometheus.linkerd.svc.cluster.local:9090
- -trace-collector=linkerd-collector.linkerd.svc.cluster.local:55678
- -trace-collector=collector.linkerd-jaeger.svc.cluster.local:55678
image: ghcr.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -1384,8 +1366,6 @@ spec:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
@ -1433,10 +1413,6 @@ spec:
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector.linkerd.svc.cluster.local:55678
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -1462,8 +1438,6 @@ spec:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
@ -1504,12 +1478,6 @@ spec:
name: linkerd-proxy-init-xtables-lock
serviceAccountName: linkerd-controller
volumes:
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
@ -1602,7 +1570,7 @@ spec:
- -enable-endpoint-slices=false
- -cluster-domain=cluster.local
- -identity-trust-domain=cluster.local
- -trace-collector=linkerd-collector.linkerd.svc.cluster.local:55678
- -trace-collector=collector.linkerd-jaeger.svc.cluster.local:55678
image: ghcr.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -1650,8 +1618,6 @@ spec:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
@ -1699,10 +1665,6 @@ spec:
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector.linkerd.svc.cluster.local:55678
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -1728,8 +1690,6 @@ spec:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
@ -1770,12 +1730,6 @@ spec:
name: linkerd-proxy-init-xtables-lock
serviceAccountName: linkerd-destination
volumes:
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
@ -1896,7 +1850,7 @@ spec:
- -controller-namespace=linkerd
- -log-level=info
- -enforced-host=^(localhost|127\.0\.0\.1|linkerd-web\.linkerd\.svc\.cluster\.local|linkerd-web\.linkerd\.svc|\[::1\])(:\d+)?$
- -trace-collector=linkerd-collector.linkerd.svc.cluster.local:55678
- -trace-collector=collector.linkerd-jaeger.svc.cluster.local:55678
image: ghcr.io/linkerd/web:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -1944,8 +1898,6 @@ spec:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
@ -1993,10 +1945,6 @@ spec:
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector.linkerd.svc.cluster.local:55678
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -2022,8 +1970,6 @@ spec:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
@ -2064,12 +2010,6 @@ spec:
name: linkerd-proxy-init-xtables-lock
serviceAccountName: linkerd-web
volumes:
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
@ -2169,8 +2109,6 @@ spec:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
@ -2218,10 +2156,6 @@ spec:
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector.linkerd.svc.cluster.local:55678
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -2247,8 +2181,6 @@ spec:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
@ -2295,12 +2227,6 @@ spec:
- name: tls
secret:
secretName: linkerd-proxy-injector-k8s-tls
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
@ -2436,8 +2362,6 @@ spec:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
@ -2485,10 +2409,6 @@ spec:
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector.linkerd.svc.cluster.local:55678
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -2514,8 +2434,6 @@ spec:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
@ -2559,12 +2477,6 @@ spec:
- name: tls
secret:
secretName: linkerd-sp-validator-k8s-tls
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
@ -2637,7 +2549,7 @@ spec:
- -controller-namespace=linkerd
- -log-level=info
- -identity-trust-domain=cluster.local
- -trace-collector=linkerd-collector.linkerd.svc.cluster.local:55678
- -trace-collector=collector.linkerd-jaeger.svc.cluster.local:55678
image: ghcr.io/linkerd/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -2691,8 +2603,6 @@ spec:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
@ -2740,10 +2650,6 @@ spec:
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector.linkerd.svc.cluster.local:55678
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -2769,8 +2675,6 @@ spec:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
@ -2811,12 +2715,6 @@ spec:
name: linkerd-proxy-init-xtables-lock
serviceAccountName: linkerd-tap
volumes:
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
@ -3016,8 +2914,6 @@ spec:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
@ -3065,10 +2961,6 @@ spec:
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector.linkerd.svc.cluster.local:55678
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -3094,8 +2986,6 @@ spec:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
@ -3148,12 +3038,6 @@ spec:
path: provisioning/dashboards/dashboards.yaml
name: linkerd-grafana-config
name: grafana-config
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
@ -3466,8 +3350,6 @@ spec:
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
value: /var/run/linkerd/podinfo/labels
- name: _pod_ns
valueFrom:
fieldRef:
@ -3515,10 +3397,6 @@ spec:
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
value: linkerd-collector.linkerd.svc.cluster.local:55678
- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
value: linkerd-collector.linkerd.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
@ -3544,8 +3422,6 @@ spec:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: var/run/linkerd/podinfo
name: podinfo
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
@ -3591,12 +3467,6 @@ spec:
- configMap:
name: linkerd-prometheus-config
name: prometheus-config
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: "labels"
name: podinfo
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:

6
cli/cmd/testdata/install_custom_registry.golden vendored
View File

@ -820,6 +820,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -880,9 +881,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -977,8 +975,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: my.custom.registry/linkerd-io/web
webProxyResources: null
webResources: null

6
cli/cmd/testdata/install_default.golden vendored
View File

@ -820,6 +820,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -880,9 +881,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -977,8 +975,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null

6
cli/cmd/testdata/install_default_override_dst_get_nets.golden vendored
View File

@ -820,6 +820,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.0.0.0/8
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -880,9 +881,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -977,8 +975,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null

6
cli/cmd/testdata/install_grafana_existing.golden vendored
View File

@ -817,6 +817,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -877,9 +878,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -974,8 +972,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null

6
cli/cmd/testdata/install_ha_output.golden vendored
View File

@ -826,6 +826,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -886,9 +887,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1033,8 +1031,6 @@ data:
limit: 250Mi
request: 50Mi
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources:

6
cli/cmd/testdata/install_ha_with_overrides_output.golden vendored
View File

@ -826,6 +826,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -886,9 +887,6 @@ data:
limit: 250Mi
request: 300Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1033,8 +1031,6 @@ data:
limit: 250Mi
request: 50Mi
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources:

6
cli/cmd/testdata/install_heartbeat_disabled_output.golden vendored
View File

@ -776,6 +776,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -836,9 +837,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -933,8 +931,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null

22
cli/cmd/testdata/install_helm_output.golden vendored
View File

@ -846,6 +846,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -894,9 +895,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -932,6 +930,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -980,9 +979,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1020,6 +1016,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1068,9 +1065,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1149,6 +1143,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1197,9 +1192,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1239,6 +1231,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1287,9 +1280,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1354,8 +1344,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null

716
cli/cmd/testdata/install_helm_output_addons.golden vendored
View File

@ -780,9 +780,6 @@ roleRef:
name: linkerd-psp
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: linkerd-collector
namespace: linkerd
- kind: ServiceAccount
name: linkerd-controller
namespace: linkerd
@ -798,9 +795,6 @@ subjects:
- kind: ServiceAccount
name: linkerd-identity
namespace: linkerd
- kind: ServiceAccount
name: linkerd-jaeger
namespace: linkerd
- kind: ServiceAccount
name: linkerd-prometheus
namespace: linkerd
@ -852,6 +846,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -900,9 +895,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -938,6 +930,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -986,9 +979,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1026,6 +1016,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1074,9 +1065,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1155,6 +1143,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1203,9 +1192,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1245,6 +1231,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1293,9 +1280,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1360,195 +1344,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
collector:
image: omnition/opencensus-collector:0.1.11
resources:
cpu:
limit: null
request: null
memory:
limit: null
request: null
enabled: true
global:
cliVersion: ""
clusterDomain: cluster.local
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
controllerNamespaceLabel: linkerd.io/control-plane-ns
createdByAnnotation: linkerd.io/created-by
enableEndpointSlices: false
grafanaUrl: ""
highAvailability: false
identityTrustAnchorsPEM: test-trust-anchor
identityTrustDomain: test.trust.domain
imagePullPolicy: IfNotPresent
imagePullSecrets: []
linkerdNamespaceLabel: linkerd.io/is-control-plane
linkerdVersion: linkerd-version
namespace: linkerd
podAnnotations: {}
podLabels: {}
prometheusUrl: ""
proxy:
capabilities: null
disableIdentity: false
disableTap: false
enableExternalProfiles: false
image:
name: ghcr.io/linkerd/proxy
pullPolicy: IfNotPresent
version: test-proxy-version
inboundConnectTimeout: 100ms
isGateway: false
isIngress: false
logFormat: plain
logLevel: warn,linkerd=info
opaquePorts: ""
outboundConnectTimeout: 1000ms
ports:
admin: 4191
control: 4190
inbound: 4143
outbound: 4140
requireIdentityOnInboundPorts: ""
resources:
cpu:
limit: ""
request: ""
memory:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
proxyInit:
capabilities: null
closeWaitTimeoutSecs: 0
ignoreInboundPorts: "222"
ignoreOutboundPorts: "111"
image:
name: ghcr.io/linkerd/proxy-init
pullPolicy: IfNotPresent
version: test-proxy-init-version
resources:
cpu:
limit: 100m
request: 10m
memory:
limit: 50Mi
request: 10Mi
saMountPath: null
xtMountPath:
mountPath: /run
name: linkerd-proxy-init-xtables-lock
readOnly: false
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
jaeger:
image: jaegertracing/all-in-one:1.19.2
resources:
cpu:
limit: null
request: null
memory:
limit: null
request: null
partials:
global:
cliVersion: ""
clusterDomain: cluster.local
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
controllerNamespaceLabel: linkerd.io/control-plane-ns
createdByAnnotation: linkerd.io/created-by
enableEndpointSlices: false
grafanaUrl: ""
highAvailability: false
identityTrustAnchorsPEM: test-trust-anchor
identityTrustDomain: test.trust.domain
imagePullPolicy: IfNotPresent
imagePullSecrets: []
linkerdNamespaceLabel: linkerd.io/is-control-plane
linkerdVersion: linkerd-version
namespace: linkerd
podAnnotations: {}
podLabels: {}
prometheusUrl: ""
proxy:
capabilities: null
disableIdentity: false
disableTap: false
enableExternalProfiles: false
image:
name: ghcr.io/linkerd/proxy
pullPolicy: IfNotPresent
version: test-proxy-version
inboundConnectTimeout: 100ms
isGateway: false
isIngress: false
logFormat: plain
logLevel: warn,linkerd=info
opaquePorts: ""
outboundConnectTimeout: 1000ms
ports:
admin: 4191
control: 4190
inbound: 4143
outbound: 4140
requireIdentityOnInboundPorts: ""
resources:
cpu:
limit: ""
request: ""
memory:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
proxyInit:
capabilities: null
closeWaitTimeoutSecs: 0
ignoreInboundPorts: "222"
ignoreOutboundPorts: "111"
image:
name: ghcr.io/linkerd/proxy-init
pullPolicy: IfNotPresent
version: test-proxy-init-version
resources:
cpu:
limit: 100m
request: 10m
memory:
limit: 50Mi
request: 10Mi
saMountPath: null
xtMountPath:
mountPath: /run
name: linkerd-proxy-init-xtables-lock
readOnly: false
proxyInjectAnnotation: linkerd.io/inject
proxyInjectDisabled: disabled
workloadNamespaceLabel: linkerd.io/workload-ns
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null
@ -2395,7 +2190,6 @@ spec:
- -api-addr=linkerd-controller-api.linkerd.svc.cluster.local:8085
- -cluster-domain=cluster.local
- -grafana-addr=linkerd-grafana.linkerd.svc.cluster.local:3000
- -jaeger-addr=linkerd-jaeger.linkerd.svc.cluster.local:16686
- -controller-namespace=linkerd
- -log-level=info
- -enforced-host=^(localhost|127\.0\.0\.1|linkerd-web\.linkerd\.svc\.cluster\.local|linkerd-web\.linkerd\.svc|\[::1\])(:\d+)?$
@ -3970,503 +3764,3 @@ spec:
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity
---
# Source: linkerd2/charts/tracing/templates/tracing-rbac.yaml
---
###
### linkerd-collector RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-collector
namespace: linkerd
labels:
linkerd.io/control-plane-component: linkerd-collector
linkerd.io/control-plane-ns: linkerd
---
###
### linkerd-jaeger RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-jaeger
namespace: linkerd
labels:
linkerd.io/control-plane-component: linkerd-jaeger
linkerd.io/control-plane-ns: linkerd
---
# Source: linkerd2/charts/tracing/templates/tracing.yaml
---
###
### Tracing Collector Service
###
---
apiVersion: v1
kind: ConfigMap
metadata:
name: linkerd-collector-config
namespace: linkerd
labels:
linkerd.io/control-plane-component: linkerd-collector
linkerd.io/control-plane-ns: linkerd
annotations:
linkerd.io/created-by: linkerd/helm linkerd-version
data:
linkerd-collector-config: |
receivers:
opencensus:
port: 55678
zipkin:
port: 9411
jaeger:
jaeger-thrift-http-port: 14268
queued-exporters:
jaeger-all-in-one:
num-workers: 4
queue-size: 100
retry-on-failure: true
sender-type: jaeger-thrift-http
jaeger-thrift-http:
collector-endpoint: http://linkerd-jaeger.linkerd:14268/api/traces
timeout: 5s
---
apiVersion: v1
kind: Service
metadata:
name: linkerd-collector
namespace: linkerd
labels:
linkerd.io/control-plane-component: linkerd-collector
linkerd.io/control-plane-ns: linkerd
annotations:
linkerd.io/created-by: linkerd/helm linkerd-version
spec:
type: ClusterIP
ports:
- name: opencensus
port: 55678
protocol: TCP
targetPort: 55678
- name: zipkin
port: 9411
protocol: TCP
targetPort: 9411
- name: jaeger
port: 14268
protocol: TCP
targetPort: 14268
selector:
linkerd.io/control-plane-component: linkerd-collector
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/helm linkerd-version
labels:
app.kubernetes.io/name: linkerd-collector
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: linkerd-version
linkerd.io/control-plane-component: linkerd-collector
linkerd.io/control-plane-ns: linkerd
name: linkerd-collector
namespace: linkerd
spec:
replicas: 1
selector:
matchLabels:
linkerd.io/control-plane-component: linkerd-collector
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-collector
minReadySeconds: 5
progressDeadlineSeconds: 120
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/helm linkerd-version
linkerd.io/identity-mode: default
linkerd.io/proxy-version: test-proxy-version
prometheus.io/path: /metrics
prometheus.io/port: "8888"
prometheus.io/scrape: "true"
labels:
linkerd.io/control-plane-component: linkerd-collector
linkerd.io/control-plane-ns: linkerd
linkerd.io/workload-ns: linkerd
linkerd.io/proxy-deployment: linkerd-collector
spec:
containers:
- command:
- /occollector_linux
- --config=/conf/linkerd-collector-config.yaml
env:
- name: GOGC
value: "80"
image: omnition/opencensus-collector:0.1.11
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /
port: 13133
name: oc-collector
ports:
- containerPort: 55678
- containerPort: 9411
- containerPort: 14268
readinessProbe:
httpGet:
path: /
port: 13133
resources:
volumeMounts:
- mountPath: /conf
name: linkerd-collector-config-val
- env:
- name: LINKERD2_PROXY_LOG
value: "warn,linkerd=info"
- name: LINKERD2_PROXY_LOG_FORMAT
value: "plain"
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
value: linkerd-dst-headless.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"
- name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
value: "100ms"
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
value: "1000ms"
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: svc.cluster.local.
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: _pod_ns
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: _pod_nodeName
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: LINKERD2_PROXY_DESTINATION_CONTEXT
value: |
{"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)"}
- name: LINKERD2_PROXY_IDENTITY_DIR
value: /var/run/linkerd/identity/end-entity
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
value: |
test-trust-anchor
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
value: linkerd-identity-headless.linkerd.svc.cluster.local:8080
- name: _pod_sa
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: _l5d_ns
value: linkerd
- name: _l5d_trustdomain
value: test.trust.domain
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /live
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-admin
readinessProbe:
httpGet:
path: /ready
port: 4191
initialDelaySeconds: 2
resources:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- "4190,4191,222"
- --outbound-ports-to-ignore
- "111"
image: ghcr.io/linkerd/proxy-init:test-proxy-init-version
imagePullPolicy: IfNotPresent
name: linkerd-init
resources:
limits:
cpu: "100m"
memory: "50Mi"
requests:
cpu: "10m"
memory: "10Mi"
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: false
runAsUser: 0
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /run
name: linkerd-proxy-init-xtables-lock
serviceAccountName: linkerd-collector
volumes:
- configMap:
items:
- key: linkerd-collector-config
path: linkerd-collector-config.yaml
name: linkerd-collector-config
name: linkerd-collector-config-val
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity
---
###
### Tracing Jaeger Service
###
---
apiVersion: v1
kind: Service
metadata:
name: linkerd-jaeger
namespace: linkerd
labels:
linkerd.io/control-plane-component: linkerd-jaeger
linkerd.io/control-plane-ns: linkerd
annotations:
linkerd.io/created-by: linkerd/helm linkerd-version
spec:
type: ClusterIP
selector:
linkerd.io/control-plane-component: linkerd-jaeger
ports:
- name: collection
port: 14268
- name: ui
port: 16686
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/helm linkerd-version
labels:
app.kubernetes.io/name: linkerd-jaeger
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: linkerd-version
linkerd.io/control-plane-component: linkerd-jaeger
linkerd.io/control-plane-ns: linkerd
name: linkerd-jaeger
namespace: linkerd
spec:
replicas: 1
selector:
matchLabels:
linkerd.io/control-plane-component: linkerd-jaeger
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-jaeger
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/helm linkerd-version
linkerd.io/identity-mode: default
linkerd.io/proxy-version: test-proxy-version
prometheus.io/path: /metrics
prometheus.io/port: "8888"
prometheus.io/scrape: "true"
labels:
linkerd.io/control-plane-component: linkerd-jaeger
linkerd.io/control-plane-ns: linkerd
linkerd.io/workload-ns: linkerd
linkerd.io/proxy-deployment: linkerd-jaeger
spec:
containers:
- args:
- --query.base-path=/jaeger
image: jaegertracing/all-in-one:1.19.2
imagePullPolicy: IfNotPresent
name: jaeger
ports:
- containerPort: 14268
name: collection
- containerPort: 16686
name: ui
resources:
- env:
- name: LINKERD2_PROXY_LOG
value: "warn,linkerd=info"
- name: LINKERD2_PROXY_LOG_FORMAT
value: "plain"
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
value: linkerd-dst-headless.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"
- name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
value: "100ms"
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
value: "1000ms"
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: svc.cluster.local.
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: _pod_ns
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: _pod_nodeName
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: LINKERD2_PROXY_DESTINATION_CONTEXT
value: |
{"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)"}
- name: LINKERD2_PROXY_IDENTITY_DIR
value: /var/run/linkerd/identity/end-entity
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
value: |
test-trust-anchor
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
value: linkerd-identity-headless.linkerd.svc.cluster.local:8080
- name: _pod_sa
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: _l5d_ns
value: linkerd
- name: _l5d_trustdomain
value: test.trust.domain
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_TAP_SVC_NAME
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: ghcr.io/linkerd/proxy:test-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /live
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-admin
readinessProbe:
httpGet:
path: /ready
port: 4191
initialDelaySeconds: 2
resources:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- "4190,4191,222"
- --outbound-ports-to-ignore
- "111"
image: ghcr.io/linkerd/proxy-init:test-proxy-init-version
imagePullPolicy: IfNotPresent
name: linkerd-init
resources:
limits:
cpu: "100m"
memory: "50Mi"
requests:
cpu: "10m"
memory: "10Mi"
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: false
runAsUser: 0
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /run
name: linkerd-proxy-init-xtables-lock
dnsPolicy: ClusterFirst
serviceAccountName: linkerd-jaeger
volumes:
- emptyDir: {}
name: linkerd-proxy-init-xtables-lock
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity

22
cli/cmd/testdata/install_helm_output_ha.golden vendored
View File

@ -852,6 +852,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -900,9 +901,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -938,6 +936,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -986,9 +985,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1026,6 +1022,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1074,9 +1071,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1167,6 +1161,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1215,9 +1210,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1257,6 +1249,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1305,9 +1298,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1396,8 +1386,6 @@ data:
limit: 250Mi
request: 50Mi
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources:

22
cli/cmd/testdata/install_helm_output_ha_labels.golden vendored
View File

@ -852,6 +852,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -904,9 +905,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -942,6 +940,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -994,9 +993,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1034,6 +1030,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1086,9 +1083,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1179,6 +1173,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1231,9 +1226,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1273,6 +1265,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1325,9 +1318,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1416,8 +1406,6 @@ data:
limit: 250Mi
request: 50Mi
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources:

22
cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden vendored
View File

@ -852,6 +852,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -900,9 +901,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -938,6 +936,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -986,9 +985,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1026,6 +1022,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1074,9 +1071,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1167,6 +1161,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1215,9 +1210,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1257,6 +1249,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: linkerd-version
controllerLogLevel: info
@ -1305,9 +1298,6 @@ data:
limit: 250Mi
request: 20Mi
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1396,8 +1386,6 @@ data:
limit: 250Mi
request: 50Mi
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources:

6
cli/cmd/testdata/install_no_init_container.golden vendored
View File

@ -817,6 +817,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: true
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -877,9 +878,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -974,8 +972,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null

8
cli/cmd/testdata/install_output.golden vendored
View File

@ -820,6 +820,7 @@ data:
clusterNetworks: ClusterNetworks
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: ""
controllerComponentLabel: ControllerComponentLabel
controllerImageVersion: ControllerImageVersion
controllerLogLevel: ControllerLogLevel
@ -880,9 +881,6 @@ data:
limit: memory-limit
request: memory-request
saMountPath: null
trace:
collectorSvcAccount: ""
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: ProxyContainerName
@ -978,8 +976,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: WebImage
webProxyResources: null
webResources: null
@ -3493,7 +3489,7 @@ spec:
---
apiVersion: v1
data:
linkerd-config-overrides: Y29udHJvbGxlckltYWdlOiBDb250cm9sbGVySW1hZ2UKZGVidWdDb250YWluZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBEZWJ1Z0ltYWdlTmFtZQogICAgcHVsbFBvbGljeTogRGVidWdJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IERlYnVnVmVyc2lvbgpnbG9iYWw6CiAgY2xpVmVyc2lvbjogQ2xpVmVyc2lvbgogIGNsdXN0ZXJOZXR3b3JrczogQ2x1c3Rlck5ldHdvcmtzCiAgY29udHJvbGxlckNvbXBvbmVudExhYmVsOiBDb250cm9sbGVyQ29tcG9uZW50TGFiZWwKICBjb250cm9sbGVySW1hZ2VWZXJzaW9uOiBDb250cm9sbGVySW1hZ2VWZXJzaW9uCiAgY29udHJvbGxlckxvZ0xldmVsOiBDb250cm9sbGVyTG9nTGV2ZWwKICBjb250cm9sbGVyTmFtZXNwYWNlTGFiZWw6IENvbnRyb2xsZXJOYW1lc3BhY2VMYWJlbAogIGNyZWF0ZWRCeUFubm90YXRpb246IENyZWF0ZWRCeUFubm90YXRpb24KICBpZGVudGl0eVRydXN0QW5jaG9yc1BFTTogfAogICAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlCd1RDQ0FXYWdBd0lCQWdJUWVEWnA1bERhSXlnUTVVZk1LWnJGQVRBS0JnZ3Foa2pPUFFRREFqQXBNU2N3CiAgICBKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyWlhKa0xtTnNkWE4wWlhJdWJHOWpZV3d3SGhjTk1qQXdPREk0CiAgICBNRGN4TWpRM1doY05NekF3T0RJMk1EY3hNalEzV2pBcE1TY3dKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyCiAgICBaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBUnFjNzBaCiAgICBsMXZndzc5cmpCNXVTSVRJQ1VBNkd5ZnZTRmZjdUlpczdCL1hGU2trd0FIVTVTL3MxQUFQK1IwVFg3SEJXVUM0CiAgICB1YUc0V1dzaXdKS05uN21nbzNBd2JqQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCCiAgICAvd0lCQVRBZEJnTlZIUTRFRmdRVTVZdGpWVlBmZDdJN05MSHNuMkMyNkVCeUdWMHdLUVlEVlIwUkJDSXdJSUllCiAgICBhV1JsYm5ScGRIa3ViR2x1YTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUFvR0NDcUdTTTQ5QkFNQ0Ewa0FNRVlDCiAgICBJUUNON2xCRkxERHZqeDZWMCtYa2pwS0VSUnNKWWY1YWRNdm5sb0ZsNDhpbEpnSWhBTnR4aG5kY3IrUUpQdUM4CiAgICB2Z1VDMGQyLzlGTXVlSVZNYis0NldUQ09qc3FyCiAgICAtLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiAgaW1hZ2VQdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICBpbWFnZVB1bGxTZWNyZXRzOiBudWxsCiAgbGlua2VyZE5hbWVzcGFjZUxhYmVsOiBMaW5rZXJkTmFtZXNwYWNlTGFiZWwKICBsaW5rZXJkVmVyc2lvbjogIiIKICBwcm94eToKICAgIGltYWdlOgogICAgICBuYW1lOiBQcm94eUltYWdlTmFtZQogICAgICBwdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICAgICAgdmVyc2lvbjogUHJveHlWZXJzaW9uCiAgICBpbmJvdW5kQ29ubmVjdFRpbWVvdXQ6ICIiCiAgICBvdXRib3VuZENvbm5lY3RUaW1lb3V0OiAiIgogICAgcmVzb3VyY2VzOgogICAgICBjcHU6CiAgICAgICAgbGltaXQ6IGNwdS1saW1pdAogICAgICAgIHJlcXVlc3Q6IGNwdS1yZXF1ZXN0CiAgICAgIG1lbW9yeToKICAgICAgICBsaW1pdDogbWVtb3J5LWxpbWl0CiAgICAgICAgcmVxdWVzdDogbWVtb3J5LXJlcXVlc3QKICAgIHRyYWNlOgogICAgICBjb2xsZWN0b3JTdmNBY2NvdW50OiAiIgogIHByb3h5Q29udGFpbmVyTmFtZTogUHJveHlDb250YWluZXJOYW1lCiAgcHJveHlJbml0OgogICAgaWdub3JlSW5ib3VuZFBvcnRzOiAiIgogICAgaWdub3JlT3V0Ym91bmRQb3J0czogIjQ0MyIKICAgIGltYWdlOgogICAgICBuYW1lOiBQcm94eUluaXRJbWFnZU5hbWUKICAgICAgcHVsbFBvbGljeTogSW1hZ2VQdWxsUG9saWN5CiAgICAgIHZlcnNpb246IFByb3h5SW5pdFZlcnNpb24KICBwcm94eUluamVjdEFubm90YXRpb246IFByb3h5SW5qZWN0QW5ub3RhdGlvbgogIHByb3h5SW5qZWN0RGlzYWJsZWQ6IFByb3h5SW5qZWN0RGlzYWJsZWQKICB3b3JrbG9hZE5hbWVzcGFjZUxhYmVsOiBXb3JrbG9hZE5hbWVzcGFjZUxhYmVsCmhlYXJ0YmVhdFNjaGVkdWxlOiAiIgppZGVudGl0eToKICBpc3N1ZXI6CiAgICBjcnRFeHBpcnk6ICIyMDMwLTA4LTI2VDA3OjEzOjQ3WiIKICAgIHRsczoKICAgICAgY3J0UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICAgICAgTUlJQndEQ0NBV2VnQXdJQkFnSVJBSlJJZ1o4UnRPOEV3ZzFYZXBmOFQ0NHdDZ1lJS29aSXpqMEVBd0l3S1RFbgogICAgICAgIE1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQjRYRFRJd01EZ3kKICAgICAgICBPREEzTVRNME4xb1hEVE13TURneU5qQTNNVE0wTjFvd0tURW5NQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1CiAgICAgICAgYTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMS9GcAogICAgICAgIGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MmRRdlJhWWFudXhEMzZEdDEKICAgICAgICAyL0p4eWlTZ3hLV1Jkb2F5K2FOd01HNHdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCCiAgICAgICAgQWY4Q0FRQXdIUVlEVlIwT0JCWUVGSTFXbnJxTVlLYUhIT28renB5aWlEcTJwTzBLTUNrR0ExVWRFUVFpTUNDQwogICAgICAgIEhtbGtaVzUwYVhSNUxteHBibXRsY21RdVkyeDFjM1JsY2k1c2IyTmhiREFLQmdncWhrak9QUVFEQWdOSEFEQkUKICAgICAgICBBaUF0dW9JNVh1Q3RyR1ZSelNtUlRsMnJhMjhhVjlNeVRVN2Q1cW5UQUZIS1NnSWdSS0N2bHVPU2dBNU8yMXA1CiAgICAgICAgNTF0ZHJta0hFWlJyMHFsTFNKZEhZZ0VmTXprPQogICAgICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KICAgICAga2V5UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCiAgICAgICAgTUhjQ0FRRUVJQUFlOG5mYnpadTljL09CMis4eEpNMEZ6N05Vd1RRYXp1bGtGTnM0VEk1K29Bb0dDQ3FHU000OQogICAgICAgIEF3RUhvVVFEUWdBRTEvRnBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzIKICAgICAgICBkUXZSYVlhbnV4RDM2RHQxMi9KeHlpU2d4S1dSZG9heStRPT0KICAgICAgICAtLS0tLUVORCBFQyBQUklWQVRFIEtFWS0tLS0tCnByb2ZpbGVWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHByb2ZpbGUgdmFsaWRhdG9yIENBIGJ1bmRsZQogIGNydFBFTTogcHJvZmlsZSB2YWxpZGF0b3IgY3J0CiAga2V5UEVNOiBwcm9maWxlIHZhbGlkYXRvciBrZXkKcHJvbWV0aGV1czoKICBpbWFnZTogUHJvbWV0aGV1c0ltYWdlCnByb3h5SW5qZWN0b3I6CiAgY2FCdW5kbGU6IHByb3h5IGluamVjdG9yIENBIGJ1bmRsZQogIGNydFBFTTogcHJveHkgaW5qZWN0b3IgY3J0CiAga2V5UEVNOiBwcm94eSBpbmplY3RvciBrZXkKdGFwOgogIGNhQnVuZGxlOiB0YXAgQ0EgYnVuZGxlCiAgY3J0UEVNOiB0YXAgY3J0CiAga2V5UEVNOiB0YXAga2V5CndlYkltYWdlOiBXZWJJbWFnZQp3ZWJob29rRmFpbHVyZVBvbGljeTogV2ViaG9va0ZhaWx1cmVQb2xpY3kK
linkerd-config-overrides: Y29udHJvbGxlckltYWdlOiBDb250cm9sbGVySW1hZ2UKZGVidWdDb250YWluZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBEZWJ1Z0ltYWdlTmFtZQogICAgcHVsbFBvbGljeTogRGVidWdJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IERlYnVnVmVyc2lvbgpnbG9iYWw6CiAgY2xpVmVyc2lvbjogQ2xpVmVyc2lvbgogIGNsdXN0ZXJOZXR3b3JrczogQ2x1c3Rlck5ldHdvcmtzCiAgY29udHJvbFBsYW5lVHJhY2luZ05hbWVzcGFjZTogIiIKICBjb250cm9sbGVyQ29tcG9uZW50TGFiZWw6IENvbnRyb2xsZXJDb21wb25lbnRMYWJlbAogIGNvbnRyb2xsZXJJbWFnZVZlcnNpb246IENvbnRyb2xsZXJJbWFnZVZlcnNpb24KICBjb250cm9sbGVyTG9nTGV2ZWw6IENvbnRyb2xsZXJMb2dMZXZlbAogIGNvbnRyb2xsZXJOYW1lc3BhY2VMYWJlbDogQ29udHJvbGxlck5hbWVzcGFjZUxhYmVsCiAgY3JlYXRlZEJ5QW5ub3RhdGlvbjogQ3JlYXRlZEJ5QW5ub3RhdGlvbgogIGlkZW50aXR5VHJ1c3RBbmNob3JzUEVNOiB8CiAgICAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KICAgIE1JSUJ3VENDQVdhZ0F3SUJBZ0lRZURacDVsRGFJeWdRNVVmTUtackZBVEFLQmdncWhrak9QUVFEQWpBcE1TY3cKICAgIEpRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXJaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dIaGNOTWpBd09ESTQKICAgIE1EY3hNalEzV2hjTk16QXdPREkyTURjeE1qUTNXakFwTVNjd0pRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXIKICAgIFpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFScWM3MFoKICAgIGwxdmd3NzlyakI1dVNJVElDVUE2R3lmdlNGZmN1SWlzN0IvWEZTa2t3QUhVNVMvczFBQVArUjBUWDdIQldVQzQKICAgIHVhRzRXV3Npd0pLTm43bWdvM0F3YmpBT0JnTlZIUThCQWY4RUJBTUNBUVl3RWdZRFZSMFRBUUgvQkFnd0JnRUIKICAgIC93SUJBVEFkQmdOVkhRNEVGZ1FVNVl0alZWUGZkN0k3TkxIc24yQzI2RUJ5R1Ywd0tRWURWUjBSQkNJd0lJSWUKICAgIGFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUMKICAgIElRQ043bEJGTEREdmp4NlYwK1hranBLRVJSc0pZZjVhZE12bmxvRmw0OGlsSmdJaEFOdHhobmRjcitRSlB1QzgKICAgIHZnVUMwZDIvOUZNdWVJVk1iKzQ2V1RDT2pzcXIKICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KICBpbWFnZVB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogIGltYWdlUHVsbFNlY3JldHM6IG51bGwKICBsaW5rZXJkTmFtZXNwYWNlTGFiZWw6IExpbmtlcmROYW1lc3BhY2VMYWJlbAogIGxpbmtlcmRWZXJzaW9uOiAiIgogIHByb3h5OgogICAgaW1hZ2U6CiAgICAgIG5hbWU6IFByb3h5SW1hZ2VOYW1lCiAgICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgICB2ZXJzaW9uOiBQcm94eVZlcnNpb24KICAgIGluYm91bmRDb25uZWN0VGltZW91dDogIiIKICAgIG91dGJvdW5kQ29ubmVjdFRpbWVvdXQ6ICIiCiAgICByZXNvdXJjZXM6CiAgICAgIGNwdToKICAgICAgICBsaW1pdDogY3B1LWxpbWl0CiAgICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgICAgbWVtb3J5OgogICAgICAgIGxpbWl0OiBtZW1vcnktbGltaXQKICAgICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdAogIHByb3h5Q29udGFpbmVyTmFtZTogUHJveHlDb250YWluZXJOYW1lCiAgcHJveHlJbml0OgogICAgaWdub3JlSW5ib3VuZFBvcnRzOiAiIgogICAgaWdub3JlT3V0Ym91bmRQb3J0czogIjQ0MyIKICAgIGltYWdlOgogICAgICBuYW1lOiBQcm94eUluaXRJbWFnZU5hbWUKICAgICAgcHVsbFBvbGljeTogSW1hZ2VQdWxsUG9saWN5CiAgICAgIHZlcnNpb246IFByb3h5SW5pdFZlcnNpb24KICBwcm94eUluamVjdEFubm90YXRpb246IFByb3h5SW5qZWN0QW5ub3RhdGlvbgogIHByb3h5SW5qZWN0RGlzYWJsZWQ6IFByb3h5SW5qZWN0RGlzYWJsZWQKICB3b3JrbG9hZE5hbWVzcGFjZUxhYmVsOiBXb3JrbG9hZE5hbWVzcGFjZUxhYmVsCmhlYXJ0YmVhdFNjaGVkdWxlOiAiIgppZGVudGl0eToKICBpc3N1ZXI6CiAgICBjcnRFeHBpcnk6ICIyMDMwLTA4LTI2VDA3OjEzOjQ3WiIKICAgIHRsczoKICAgICAgY3J0UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICAgICAgTUlJQndEQ0NBV2VnQXdJQkFnSVJBSlJJZ1o4UnRPOEV3ZzFYZXBmOFQ0NHdDZ1lJS29aSXpqMEVBd0l3S1RFbgogICAgICAgIE1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQjRYRFRJd01EZ3kKICAgICAgICBPREEzTVRNME4xb1hEVE13TURneU5qQTNNVE0wTjFvd0tURW5NQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1CiAgICAgICAgYTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMS9GcAogICAgICAgIGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MmRRdlJhWWFudXhEMzZEdDEKICAgICAgICAyL0p4eWlTZ3hLV1Jkb2F5K2FOd01HNHdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCCiAgICAgICAgQWY4Q0FRQXdIUVlEVlIwT0JCWUVGSTFXbnJxTVlLYUhIT28renB5aWlEcTJwTzBLTUNrR0ExVWRFUVFpTUNDQwogICAgICAgIEhtbGtaVzUwYVhSNUxteHBibXRsY21RdVkyeDFjM1JsY2k1c2IyTmhiREFLQmdncWhrak9QUVFEQWdOSEFEQkUKICAgICAgICBBaUF0dW9JNVh1Q3RyR1ZSelNtUlRsMnJhMjhhVjlNeVRVN2Q1cW5UQUZIS1NnSWdSS0N2bHVPU2dBNU8yMXA1CiAgICAgICAgNTF0ZHJta0hFWlJyMHFsTFNKZEhZZ0VmTXprPQogICAgICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KICAgICAga2V5UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCiAgICAgICAgTUhjQ0FRRUVJQUFlOG5mYnpadTljL09CMis4eEpNMEZ6N05Vd1RRYXp1bGtGTnM0VEk1K29Bb0dDQ3FHU000OQogICAgICAgIEF3RUhvVVFEUWdBRTEvRnBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzIKICAgICAgICBkUXZSYVlhbnV4RDM2RHQxMi9KeHlpU2d4S1dSZG9heStRPT0KICAgICAgICAtLS0tLUVORCBFQyBQUklWQVRFIEtFWS0tLS0tCnByb2ZpbGVWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHByb2ZpbGUgdmFsaWRhdG9yIENBIGJ1bmRsZQogIGNydFBFTTogcHJvZmlsZSB2YWxpZGF0b3IgY3J0CiAga2V5UEVNOiBwcm9maWxlIHZhbGlkYXRvciBrZXkKcHJvbWV0aGV1czoKICBpbWFnZTogUHJvbWV0aGV1c0ltYWdlCnByb3h5SW5qZWN0b3I6CiAgY2FCdW5kbGU6IHByb3h5IGluamVjdG9yIENBIGJ1bmRsZQogIGNydFBFTTogcHJveHkgaW5qZWN0b3IgY3J0CiAga2V5UEVNOiBwcm94eSBpbmplY3RvciBrZXkKdGFwOgogIGNhQnVuZGxlOiB0YXAgQ0EgYnVuZGxlCiAgY3J0UEVNOiB0YXAgY3J0CiAga2V5UEVNOiB0YXAga2V5CndlYkltYWdlOiBXZWJJbWFnZQp3ZWJob29rRmFpbHVyZVBvbGljeTogV2ViaG9va0ZhaWx1cmVQb2xpY3kK
kind: Secret
metadata:
creationTimestamp: null

6
cli/cmd/testdata/install_prometheus_overwrite.golden vendored
View File

@ -820,6 +820,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -880,9 +881,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -1034,8 +1032,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null

6
cli/cmd/testdata/install_proxy_ignores.golden vendored
View File

@ -820,6 +820,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -880,9 +881,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -977,8 +975,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null

6
cli/cmd/testdata/install_restricted_dashboard.golden vendored
View File

@ -752,6 +752,7 @@ data:
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerComponentLabel: linkerd.io/control-plane-component
controllerImageVersion: install-control-plane-version
controllerLogLevel: info
@ -812,9 +813,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy
@ -909,8 +907,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: ghcr.io/linkerd/web
webProxyResources: null
webResources: null

4007
cli/cmd/testdata/install_tracing.golden vendored
View File

File diff suppressed because it is too large Load Diff

3
cli/cmd/testdata/install_tracing_overwrite.golden vendored
View File

@ -886,9 +886,6 @@ data:
limit: ""
request: ""
saMountPath: null
trace:
collectorSvcAccount: default
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
proxyContainerName: linkerd-proxy

1
cli/cmd/upgrade.go
View File

@ -367,6 +367,5 @@ func clearAddonOverrides(values *l5dcharts.Values) error {
}
values.Grafana = defaults.Grafana
values.Prometheus = defaults.Prometheus
values.Tracing = defaults.Tracing
return nil
}

84
cli/cmd/upgrade_test.go
View File

@ -277,90 +277,6 @@ func TestUpgradeRootFailsWithOldPods(t *testing.T) {
}
}
func TestUpgradeTracingAddon(t *testing.T) {
installOpts, upgradeOpts, flagSet := testOptions(t)
install := renderInstall(t, installOpts)
flagSet.Set("config", filepath.Join("testdata", "addon_config.yaml"))
upgrade, err := renderUpgrade(install.String(), upgradeOpts)
if err != nil {
t.Fatal(err)
}
expected := replaceVersions(install.String())
expectedManifests := parseManifestList(expected)
upgradeManifests := parseManifestList(upgrade.String())
diffMap := diffManifestLists(expectedManifests, upgradeManifests)
tracingManifests := []string{
"Service/linkerd-jaeger", "Deployment/linkerd-jaeger",
"ServiceAccount/linkerd-jaeger", "Service/linkerd-collector", "ConfigMap/linkerd-collector-config",
"ServiceAccount/linkerd-collector", "Deployment/linkerd-collector", "RoleBinding/linkerd-psp",
}
for _, id := range tracingManifests {
if _, ok := diffMap[id]; ok {
delete(diffMap, id)
} else {
t.Errorf("Expected %s in upgrade output but was absent", id)
}
}
for id, diffs := range diffMap {
for _, diff := range diffs {
if ignorableDiff(id, diff) {
continue
}
if id == "Deployment/linkerd-web" && pathMatch(diff.path, []string{"spec", "template", "spec", "containers", "*", "args"}) {
continue
}
t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
}
}
}
func TestUpgradeOverwriteTracingAddon(t *testing.T) {
installOpts, upgradeOpts, flagSet := testOptions(t)
installAddons, err := ioutil.ReadFile(filepath.Join("testdata", "addon_config.yaml"))
if err != nil {
t.Fatal(err)
}
err = yaml.Unmarshal(installAddons, installOpts)
if err != nil {
t.Fatal(err)
}
install := renderInstall(t, installOpts)
flagSet.Set("config", filepath.Join("testdata", "addon_config_overwrite.yaml"))
flagSet.Set("trace-collector", "overwrite-collector")
flagSet.Set("trace-collector-svc-account", "overwrite-collector.default")
upgrade, err := renderUpgrade(install.String(), upgradeOpts)
if err != nil {
t.Fatal(err)
}
expected := replaceVersions(install.String())
expectedManifests := parseManifestList(expected)
upgradeManifests := parseManifestList(upgrade.String())
diffMap := diffManifestLists(expectedManifests, upgradeManifests)
tracingManifests := []string{"Deployment/linkerd-collector"}
for _, id := range tracingManifests {
if _, ok := diffMap[id]; ok {
delete(diffMap, id)
} else {
t.Errorf("Expected %s in upgrade output diff but was absent", id)
}
}
for id, diffs := range diffMap {
for _, diff := range diffs {
if ignorableDiff(id, diff) {
continue
}
t.Errorf("Unexpected diff in %s:\n%s", id, diff.String())
}
}
}
// this test constructs a set of secrets resources
func TestUpgradeWebhookCrtsNameChange(t *testing.T) {
installOpts, upgradeOpts, _ := testOptions(t)

4
controller/proxy-injector/webhook.go
View File

@ -22,7 +22,6 @@ import (
const (
eventTypeSkipped = "InjectionSkipped"
eventTypeInjected = "Injected"
eventTypeTracing = "Tracing"
)
// Inject returns an AdmissionResponse containing the patch, if any, to apply
@ -107,9 +106,6 @@ func Inject(
if parent != nil {
recorder.Event(*parent, v1.EventTypeNormal, eventTypeInjected, "Linkerd sidecar proxy injected")
if report.TracingEnabled {
recorder.Event(*parent, v1.EventTypeNormal, eventTypeTracing, "Tracing Enabled")
}
}
log.Infof("patch generated for: %s", report.ResName())
log.Debugf("patch: %s", patchJSON)

5
jaeger/cmd/install.go
View File

@ -126,6 +126,11 @@ func render(w io.Writer, valuesOverrides map[string]interface{}) error {
return err
}
vals, err = charts.InsertVersionValues(vals)
if err != nil {
return err
}
// Attach the final values into the `Values` field for rendering to work
renderedTemplates, err := engine.Render(chart, map[string]interface{}{"Values": vals})
if err != nil {

12
pkg/charts/charts.go
View File

@ -162,6 +162,16 @@ func FilesReader(fs http.FileSystem, dir string, files []*loader.BufferedFile) e
// InsertVersion returns the chart values file contents passed in
// with the version placeholder replaced with the current version
func InsertVersion(data []byte) []byte {
dataWithVersion := strings.Replace(string(data), versionPlaceholder, version.Version, 1)
dataWithVersion := strings.Replace(string(data), versionPlaceholder, version.Version, -1)
return []byte(dataWithVersion)
}
// InsertVersionValues returns the chart values with the version placeholder
// replaced with the current version.
func InsertVersionValues(values chartutil.Values) (chartutil.Values, error) {
raw, err := values.YAML()
if err != nil {
return nil, err
}
return chartutil.ReadValues(InsertVersion([]byte(raw)))
}

10
pkg/charts/linkerd2/addons.go
View File

@ -39,15 +39,5 @@ func ParseAddOnValues(values *Values) ([]AddOn, error) {
}
}
if values.Tracing != nil {
if enabled, ok := values.Tracing["enabled"]; ok {
if enabled, ok := enabled.(bool); !ok {
return nil, fmt.Errorf("invalid value for 'tracing.enabled' (should be boolean): %s", values.Tracing["enabled"])
} else if enabled {
addOns = append(addOns, values.Tracing)
}
}
}
return addOns, nil
}

8
pkg/charts/linkerd2/addons_test.go
View File

@ -10,7 +10,7 @@ import (
func TestParseAddOnValues(t *testing.T) {
addonConfig := `
Tracing:
Grafana:
enabled: true
`
var addOnValues Values
@ -24,11 +24,11 @@ Tracing:
t.Fatalf("Unexpected error: %s", err)
}
// Check for Tracing addOn to be present
// Check for Grafana addOn to be present
if len(addOns) != 1 {
t.Fatalf("expected 1 add-on to be present but found %d", len(addOns))
}
if !reflect.DeepEqual(addOns[0], Tracing{"enabled": true}) {
t.Fatal("expected tracing add-on to be present")
if !reflect.DeepEqual(addOns[0], Grafana{"enabled": true}) {
t.Fatal("expected grafana add-on to be present")
}
}

59
pkg/charts/linkerd2/values.go
View File

@ -66,36 +66,36 @@ type (
// Addon Structures
Grafana Grafana `json:"grafana"`
Prometheus Prometheus `json:"prometheus"`
Tracing Tracing `json:"tracing"`
}
// Global values common across all charts
Global struct {
Namespace string `json:"namespace"`
ClusterDomain string `json:"clusterDomain"`
ClusterNetworks string `json:"clusterNetworks"`
ImagePullPolicy string `json:"imagePullPolicy"`
CliVersion string `json:"cliVersion"`
ControllerComponentLabel string `json:"controllerComponentLabel"`
ControllerImageVersion string `json:"controllerImageVersion"`
ControllerLogLevel string `json:"controllerLogLevel"`
ControllerNamespaceLabel string `json:"controllerNamespaceLabel"`
WorkloadNamespaceLabel string `json:"workloadNamespaceLabel"`
CreatedByAnnotation string `json:"createdByAnnotation"`
ProxyInjectAnnotation string `json:"proxyInjectAnnotation"`
ProxyInjectDisabled string `json:"proxyInjectDisabled"`
LinkerdNamespaceLabel string `json:"linkerdNamespaceLabel"`
ProxyContainerName string `json:"proxyContainerName"`
HighAvailability bool `json:"highAvailability"`
CNIEnabled bool `json:"cniEnabled"`
EnableEndpointSlices bool `json:"enableEndpointSlices"`
ControlPlaneTracing bool `json:"controlPlaneTracing"`
IdentityTrustAnchorsPEM string `json:"identityTrustAnchorsPEM"`
IdentityTrustDomain string `json:"identityTrustDomain"`
PrometheusURL string `json:"prometheusUrl"`
GrafanaURL string `json:"grafanaUrl"`
ImagePullSecrets []map[string]string `json:"imagePullSecrets"`
LinkerdVersion string `json:"linkerdVersion"`
Namespace string `json:"namespace"`
ClusterDomain string `json:"clusterDomain"`
ClusterNetworks string `json:"clusterNetworks"`
ImagePullPolicy string `json:"imagePullPolicy"`
CliVersion string `json:"cliVersion"`
ControllerComponentLabel string `json:"controllerComponentLabel"`
ControllerImageVersion string `json:"controllerImageVersion"`
ControllerLogLevel string `json:"controllerLogLevel"`
ControllerNamespaceLabel string `json:"controllerNamespaceLabel"`
WorkloadNamespaceLabel string `json:"workloadNamespaceLabel"`
CreatedByAnnotation string `json:"createdByAnnotation"`
ProxyInjectAnnotation string `json:"proxyInjectAnnotation"`
ProxyInjectDisabled string `json:"proxyInjectDisabled"`
LinkerdNamespaceLabel string `json:"linkerdNamespaceLabel"`
ProxyContainerName string `json:"proxyContainerName"`
HighAvailability bool `json:"highAvailability"`
CNIEnabled bool `json:"cniEnabled"`
EnableEndpointSlices bool `json:"enableEndpointSlices"`
ControlPlaneTracing bool `json:"controlPlaneTracing"`
ControlPlaneTracingNamespace string `json:"controlPlaneTracingNamespace"`
IdentityTrustAnchorsPEM string `json:"identityTrustAnchorsPEM"`
IdentityTrustDomain string `json:"identityTrustDomain"`
PrometheusURL string `json:"prometheusUrl"`
GrafanaURL string `json:"grafanaUrl"`
ImagePullSecrets []map[string]string `json:"imagePullSecrets"`
LinkerdVersion string `json:"linkerdVersion"`
PodAnnotations map[string]string `json:"podAnnotations"`
PodLabels map[string]string `json:"podLabels"`
@ -125,7 +125,6 @@ type (
SAMountPath *VolumeMountPath `json:"saMountPath"`
Ports *Ports `json:"ports"`
Resources *Resources `json:"resources"`
Trace *Trace `json:"trace"`
UID int64 `json:"uid"`
WaitBeforeExitSeconds uint64 `json:"waitBeforeExitSeconds"`
IsGateway bool `json:"isGateway"`
@ -247,12 +246,6 @@ type (
KeyPEM string `json:"keyPEM"`
CrtPEM string `json:"crtPEM"`
}
// Trace has all the tracing-related Helm variables
Trace struct {
CollectorSvcAddr string `json:"collectorSvcAddr"`
CollectorSvcAccount string `json:"collectorSvcAccount"`
}
)
// NewValues returns a new instance of the Values type.

52
pkg/charts/linkerd2/values_test.go
View File

@ -44,28 +44,29 @@ func TestNewValues(t *testing.T) {
"enabled": true,
},
Global: &Global{
Namespace: "linkerd",
ClusterDomain: "cluster.local",
ClusterNetworks: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16",
ImagePullPolicy: "IfNotPresent",
CliVersion: "linkerd/cli dev-undefined",
ControllerComponentLabel: "linkerd.io/control-plane-component",
ControllerLogLevel: "info",
ControllerImageVersion: testVersion,
LinkerdVersion: version.Version,
ControllerNamespaceLabel: "linkerd.io/control-plane-ns",
WorkloadNamespaceLabel: "linkerd.io/workload-ns",
CreatedByAnnotation: "linkerd.io/created-by",
ProxyInjectAnnotation: "linkerd.io/inject",
ProxyInjectDisabled: "disabled",
LinkerdNamespaceLabel: "linkerd.io/is-control-plane",
ProxyContainerName: "linkerd-proxy",
CNIEnabled: false,
ControlPlaneTracing: false,
HighAvailability: false,
IdentityTrustDomain: "cluster.local",
PodAnnotations: map[string]string{},
PodLabels: map[string]string{},
Namespace: "linkerd",
ClusterDomain: "cluster.local",
ClusterNetworks: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16",
ImagePullPolicy: "IfNotPresent",
CliVersion: "linkerd/cli dev-undefined",
ControllerComponentLabel: "linkerd.io/control-plane-component",
ControllerLogLevel: "info",
ControllerImageVersion: testVersion,
LinkerdVersion: version.Version,
ControllerNamespaceLabel: "linkerd.io/control-plane-ns",
WorkloadNamespaceLabel: "linkerd.io/workload-ns",
CreatedByAnnotation: "linkerd.io/created-by",
ProxyInjectAnnotation: "linkerd.io/inject",
ProxyInjectDisabled: "disabled",
LinkerdNamespaceLabel: "linkerd.io/is-control-plane",
ProxyContainerName: "linkerd-proxy",
CNIEnabled: false,
ControlPlaneTracing: false,
ControlPlaneTracingNamespace: "linkerd-jaeger",
HighAvailability: false,
IdentityTrustDomain: "cluster.local",
PodAnnotations: map[string]string{},
PodLabels: map[string]string{},
Proxy: &Proxy{
EnableExternalProfiles: false,
Image: &Image{
@ -91,10 +92,6 @@ func TestNewValues(t *testing.T) {
Request: "",
},
},
Trace: &Trace{
CollectorSvcAddr: "",
CollectorSvcAccount: "default",
},
UID: 2102,
WaitBeforeExitSeconds: 0,
OutboundConnectTimeout: "1000ms",
@ -164,7 +161,6 @@ func TestNewValues(t *testing.T) {
actual.DebugContainer.Image.Version = testVersion
// Make Add-On Values nil to not have to check for their defaults
actual.Tracing = nil
actual.Global.ImagePullSecrets = nil
if !reflect.DeepEqual(expected, actual) {
@ -256,8 +252,6 @@ func TestNewValues(t *testing.T) {
actual.Global.Proxy.Image.Version = testVersion
actual.Global.ProxyInit.Image.Version = testVersion
actual.DebugContainer.Image.Version = testVersion
// Make Add-On Values nil to not have to check for their defaults
actual.Tracing = nil
if !reflect.DeepEqual(expected, actual) {
t.Errorf("Mismatch Helm HA defaults.\nExpected: %+v\nActual: %+v", expected, actual)

156
pkg/healthcheck/healthcheck_addons.go
View File

@ -15,9 +15,6 @@ const (
// LinkerdPrometheusAddOnChecks adds checks related to Prometheus add-on components
LinkerdPrometheusAddOnChecks CategoryID = "linkerd-prometheus"
// LinkerdTracingAddOnChecks adds checks related to tracing add-on components
LinkerdTracingAddOnChecks CategoryID = "linkerd-tracing"
)
var (
@ -25,7 +22,7 @@ var (
errorKeyNotFound error = errors.New("key not found")
// AddOnCategories is the list of add-on category checks
AddOnCategories = []CategoryID{LinkerdPrometheusAddOnChecks, LinkerdGrafanaAddOnChecks, LinkerdTracingAddOnChecks}
AddOnCategories = []CategoryID{LinkerdPrometheusAddOnChecks, LinkerdGrafanaAddOnChecks}
)
// addOnCategories contain all the checks w.r.t add-ons. It is strongly advised to
@ -176,157 +173,6 @@ func (hc *HealthChecker) addOnCategories() []category {
},
},
},
{
id: LinkerdTracingAddOnChecks,
checkers: []checker{
{
description: "collector service account exists",
warning: true,
check: func(ctx context.Context) error {
tracing := make(map[string]interface{})
err := yaml.Unmarshal(hc.linkerdConfig.Tracing.Values(), &tracing)
if err != nil {
return err
}
if GetBool(tracing, "enabled") {
collector, mapError := GetMap(tracing, "collector")
collectorName, keyError := GetString(collector, "name")
if errors.Is(mapError, errorKeyNotFound) || errors.Is(keyError, errorKeyNotFound) {
// default name of collector instance
collectorName = "linkerd-collector"
} else {
if mapError != nil {
return mapError
}
if keyError != nil {
return keyError
}
}
return hc.checkServiceAccounts(ctx, []string{collectorName}, hc.ControlPlaneNamespace, "")
}
return &SkipError{Reason: "tracing add-on not enabled"}
},
},
{
description: "jaeger service account exists",
warning: true,
check: func(ctx context.Context) error {
tracing := make(map[string]interface{})
err := yaml.Unmarshal(hc.linkerdConfig.Tracing.Values(), &tracing)
if err != nil {
return err
}
if GetBool(tracing, "enabled") {
jaeger, mapError := GetMap(tracing, "jaeger")
jaegerName, keyError := GetString(jaeger, "name")
if errors.Is(mapError, errorKeyNotFound) || errors.Is(keyError, errorKeyNotFound) {
// default name of jaeger instance
jaegerName = "linkerd-jaeger"
} else {
if mapError != nil {
return mapError
}
if keyError != nil {
return keyError
}
}
return hc.checkServiceAccounts(ctx, []string{jaegerName}, hc.ControlPlaneNamespace, "")
}
return &SkipError{Reason: "tracing add-on not enabled"}
},
},
{
description: "collector config map exists",
warning: true,
check: func(ctx context.Context) error {
tracing := make(map[string]interface{})
err := yaml.Unmarshal(hc.linkerdConfig.Tracing.Values(), &tracing)
if err != nil {
return err
}
if GetBool(tracing, "enabled") {
collector, mapError := GetMap(tracing, "collector")
collectorName, keyError := GetString(collector, "name")
if errors.Is(mapError, errorKeyNotFound) || errors.Is(keyError, errorKeyNotFound) {
// default name of collector instance
collectorName = "linkerd-collector"
} else {
if mapError != nil {
return mapError
}
if keyError != nil {
return keyError
}
}
_, err := hc.kubeAPI.CoreV1().ConfigMaps(hc.ControlPlaneNamespace).Get(ctx, fmt.Sprintf("%s-config", collectorName), metav1.GetOptions{})
if err != nil {
return err
}
return nil
}
return &SkipError{Reason: "tracing add-on not enabled"}
},
},
{
description: "collector pod is running",
warning: true,
retryDeadline: hc.RetryDeadline,
surfaceErrorOnRetry: true,
check: func(ctx context.Context) error {
tracing := make(map[string]interface{})
err := yaml.Unmarshal(hc.linkerdConfig.Tracing.Values(), &tracing)
if err != nil {
return err
}
if GetBool(tracing, "enabled") {
// populate controlPlanePods to get the latest status, during retries
var err error
hc.controlPlanePods, err = hc.kubeAPI.GetPodsByNamespace(ctx, hc.ControlPlaneNamespace)
if err != nil {
return err
}
return checkContainerRunning(hc.controlPlanePods, "collector")
}
return &SkipError{Reason: "tracing add-on not enabled"}
},
},
{
description: "jaeger pod is running",
warning: true,
retryDeadline: hc.RetryDeadline,
surfaceErrorOnRetry: true,
check: func(ctx context.Context) error {
tracing := make(map[string]interface{})
err := yaml.Unmarshal(hc.linkerdConfig.Tracing.Values(), &tracing)
if err != nil {
return err
}
if GetBool(tracing, "enabled") {
// populate controlPlanePods to get the latest status, during retries
var err error
hc.controlPlanePods, err = hc.kubeAPI.GetPodsByNamespace(ctx, hc.ControlPlaneNamespace)
if err != nil {
return err
}
return checkContainerRunning(hc.controlPlanePods, "jaeger")
}
return &SkipError{Reason: "tracing add-on not enabled"}
},
},
},
},
}
}

18
pkg/healthcheck/healthcheck_test.go
View File

@ -1808,13 +1808,6 @@ metadata:
namespace: test-ns
data:
values: |-
tracing:
collector:
name: linkerd-collector
enabled: false
jaeger:
name: linkerd-jaeger
enabled: true
`,
},
expected: []string{
@ -2628,9 +2621,6 @@ data:
requireIdentityOnInboundPorts: ""
resources: null
saMountPath: null
trace:
collectorSvcAccount: ""
collectorSvcAddr: ""
uid: 2102
waitBeforeExitSeconds: 0
workloadKind: deployment
@ -2683,8 +2673,6 @@ data:
tapProxyResources: null
tapResources: null
tolerations: null
tracing:
enabled: false
webImage: WebImage
webProxyResources: null
webResources: null
@ -2734,8 +2722,7 @@ data:
Inbound: 4143,
Outbound: 4140,
},
UID: 2102,
Trace: &linkerd2.Trace{},
UID: 2102,
},
ProxyInit: &linkerd2.ProxyInit{
Image: &linkerd2.Image{
@ -2767,9 +2754,6 @@ data:
"enabled": true,
"image": "PrometheusImage",
},
Tracing: map[string]interface{}{
"enabled": false,
},
Grafana: defaultValues.Grafana,
},
nil,

50
pkg/inject/inject.go
View File

@ -33,10 +33,6 @@ import (
"sigs.k8s.io/yaml"
)
const (
traceDefaultSvcAccount = "default"
)
var (
rTrail = regexp.MustCompile(`\},\s*\]`)
@ -65,7 +61,6 @@ var (
k8s.ProxyIgnoreInboundPortsAnnotation,
k8s.ProxyOpaquePortsAnnotation,
k8s.ProxyIgnoreOutboundPortsAnnotation,
k8s.ProxyTraceCollectorSvcAddrAnnotation,
k8s.ProxyOutboundConnectTimeout,
k8s.ProxyInboundConnectTimeout,
}
@ -567,11 +562,6 @@ func (conf *ResourceConfig) injectPodSpec(values *patch) {
conf.injectProxyInit(values)
values.AddRootVolumes = len(conf.pod.spec.Volumes) == 0
// Configure Tracing values based on svcAddr, as it is the main toggle for tracing
if conf.values.GetGlobal().Proxy.Trace.CollectorSvcAddr != "" {
values.GetGlobal().Proxy.Trace = conf.trace(conf.values.GetGlobal().Proxy.Trace.CollectorSvcAddr, conf.values.GetGlobal().Proxy.Trace.CollectorSvcAccount)
}
}
func (conf *ResourceConfig) injectProxyInit(values *patch) {
@ -606,31 +596,6 @@ func (conf *ResourceConfig) serviceAccountVolumeMount() *corev1.VolumeMount {
return nil
}
func (conf *ResourceConfig) trace(svcAddr, svcAccount string) *l5dcharts.Trace {
if svcAddr == "" {
return nil
}
if svcAccount == "" {
svcAccount = traceDefaultSvcAccount
}
hostAndPort := strings.Split(svcAddr, ":")
hostname := strings.Split(hostAndPort[0], ".")
var ns string
if len(hostname) == 1 {
ns = conf.pod.meta.Namespace
} else {
ns = hostname[1]
}
return &l5dcharts.Trace{
CollectorSvcAddr: svcAddr,
CollectorSvcAccount: fmt.Sprintf("%s.%s", svcAccount, ns),
}
}
// Given a ObjectMeta, update ObjectMeta in place with the new labels and
// annotations.
func (conf *ResourceConfig) injectObjectMeta(values *patch) {
@ -908,21 +873,6 @@ func (conf *ResourceConfig) applyAnnotationOverrides(values *l5dcharts.Values) {
if override, ok := annotations[k8s.DebugImagePullPolicyAnnotation]; ok {
values.DebugContainer.Image.PullPolicy = override
}
// Get Trace Overrides
var svcAddr, svcAccount string
if override, ok := annotations[k8s.ProxyTraceCollectorSvcAddrAnnotation]; ok {
svcAddr = override
}
if override, ok := annotations[k8s.ProxyTraceCollectorSvcAccountAnnotation]; ok {
svcAccount = override
}
// Configure Tracing values based on svcAddr, as it is the main toggle for tracing
if svcAddr != "" {
values.GetGlobal().Proxy.Trace = conf.trace(svcAddr, svcAccount)
}
}
// GetOverriddenConfiguration returns a map of the overridden proxy annotations

58
pkg/inject/inject_test.go
View File

@ -59,8 +59,6 @@ func TestGetOverriddenValues(t *testing.T) {
k8s.ProxyLogFormatAnnotation: "json",
k8s.ProxyEnableExternalProfilesAnnotation: "false",
k8s.ProxyVersionOverrideAnnotation: proxyVersionOverride,
k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678",
k8s.ProxyTraceCollectorSvcAccountAnnotation: "default",
k8s.ProxyWaitBeforeExitSecondsAnnotation: "123",
k8s.ProxyRequireIdentityOnInboundPortsAnnotation: "8888,9999",
k8s.ProxyOutboundConnectTimeout: "6000ms",
@ -102,10 +100,6 @@ func TestGetOverriddenValues(t *testing.T) {
values.GetGlobal().ProxyInit.Image.Version = version.ProxyInitVersion
values.GetGlobal().ProxyInit.IgnoreInboundPorts = "4222,6222"
values.GetGlobal().ProxyInit.IgnoreOutboundPorts = "8079,8080"
values.GetGlobal().Proxy.Trace = &l5dcharts.Trace{
CollectorSvcAddr: "oc-collector.tracing:55678",
CollectorSvcAccount: "default.tracing",
}
values.GetGlobal().Proxy.RequireIdentityOnInboundPorts = "8888,9999"
values.GetGlobal().Proxy.OutboundConnectTimeout = "6000ms"
values.GetGlobal().Proxy.InboundConnectTimeout = "600ms"
@ -128,31 +122,29 @@ func TestGetOverriddenValues(t *testing.T) {
},
{id: "use namespace overrides",
nsAnnotations: map[string]string{
k8s.ProxyDisableIdentityAnnotation: "true",
k8s.ProxyImageAnnotation: "ghcr.io/linkerd/proxy",
k8s.ProxyImagePullPolicyAnnotation: pullPolicy,
k8s.ProxyInitImageAnnotation: "ghcr.io/linkerd/proxy-init",
k8s.ProxyControlPortAnnotation: "4000",
k8s.ProxyInboundPortAnnotation: "5000",
k8s.ProxyAdminPortAnnotation: "5001",
k8s.ProxyOutboundPortAnnotation: "5002",
k8s.ProxyIgnoreInboundPortsAnnotation: "4222,6222",
k8s.ProxyIgnoreOutboundPortsAnnotation: "8079,8080",
k8s.ProxyCPURequestAnnotation: "0.15",
k8s.ProxyMemoryRequestAnnotation: "120",
k8s.ProxyCPULimitAnnotation: "1.5",
k8s.ProxyMemoryLimitAnnotation: "256",
k8s.ProxyUIDAnnotation: "8500",
k8s.ProxyLogLevelAnnotation: "debug,linkerd=debug",
k8s.ProxyLogFormatAnnotation: "json",
k8s.ProxyEnableExternalProfilesAnnotation: "false",
k8s.ProxyVersionOverrideAnnotation: proxyVersionOverride,
k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678",
k8s.ProxyTraceCollectorSvcAccountAnnotation: "default",
k8s.ProxyWaitBeforeExitSecondsAnnotation: "123",
k8s.ProxyOutboundConnectTimeout: "6000ms",
k8s.ProxyInboundConnectTimeout: "600ms",
k8s.ProxyOpaquePortsAnnotation: "4320-4325,3306",
k8s.ProxyDisableIdentityAnnotation: "true",
k8s.ProxyImageAnnotation: "ghcr.io/linkerd/proxy",
k8s.ProxyImagePullPolicyAnnotation: pullPolicy,
k8s.ProxyInitImageAnnotation: "ghcr.io/linkerd/proxy-init",
k8s.ProxyControlPortAnnotation: "4000",
k8s.ProxyInboundPortAnnotation: "5000",
k8s.ProxyAdminPortAnnotation: "5001",
k8s.ProxyOutboundPortAnnotation: "5002",
k8s.ProxyIgnoreInboundPortsAnnotation: "4222,6222",
k8s.ProxyIgnoreOutboundPortsAnnotation: "8079,8080",
k8s.ProxyCPURequestAnnotation: "0.15",
k8s.ProxyMemoryRequestAnnotation: "120",
k8s.ProxyCPULimitAnnotation: "1.5",
k8s.ProxyMemoryLimitAnnotation: "256",
k8s.ProxyUIDAnnotation: "8500",
k8s.ProxyLogLevelAnnotation: "debug,linkerd=debug",
k8s.ProxyLogFormatAnnotation: "json",
k8s.ProxyEnableExternalProfilesAnnotation: "false",
k8s.ProxyVersionOverrideAnnotation: proxyVersionOverride,
k8s.ProxyWaitBeforeExitSecondsAnnotation: "123",
k8s.ProxyOutboundConnectTimeout: "6000ms",
k8s.ProxyInboundConnectTimeout: "600ms",
k8s.ProxyOpaquePortsAnnotation: "4320-4325,3306",
},
spec: appsv1.DeploymentSpec{
Template: corev1.PodTemplateSpec{
@ -190,10 +182,6 @@ func TestGetOverriddenValues(t *testing.T) {
values.GetGlobal().ProxyInit.Image.Version = version.ProxyInitVersion
values.GetGlobal().ProxyInit.IgnoreInboundPorts = "4222,6222"
values.GetGlobal().ProxyInit.IgnoreOutboundPorts = "8079,8080"
values.GetGlobal().Proxy.Trace = &l5dcharts.Trace{
CollectorSvcAddr: "oc-collector.tracing:55678",
CollectorSvcAccount: "default.tracing",
}
values.GetGlobal().Proxy.OutboundConnectTimeout = "6000ms"
values.GetGlobal().Proxy.InboundConnectTimeout = "600ms"
values.GetGlobal().Proxy.OpaquePorts = "4320,4321,4322,4323,4324,4325,3306"

2
pkg/inject/report.go
View File

@ -51,7 +51,6 @@ type Report struct {
InjectDisabled bool
InjectDisabledReason string
InjectAnnotationAt string
TracingEnabled bool
AutomountServiceAccountToken bool
// Uninjected consists of two boolean flags to indicate if a proxy and
@ -89,7 +88,6 @@ func newReport(conf *ResourceConfig) *Report {
report.HostNetwork = conf.pod.spec.HostNetwork
report.Sidecar = healthcheck.HasExistingSidecars(conf.pod.spec)
report.UDP = checkUDPPorts(conf.pod.spec)
report.TracingEnabled = conf.pod.meta.Annotations[k8s.ProxyTraceCollectorSvcAddrAnnotation] != "" || conf.nsAnnotations[k8s.ProxyTraceCollectorSvcAddrAnnotation] != ""
if conf.pod.spec.AutomountServiceAccountToken != nil {
report.AutomountServiceAccountToken = *conf.pod.spec.AutomountServiceAccountToken
}

2
pkg/inject/uninject.go
View File

@ -56,7 +56,7 @@ func (conf *ResourceConfig) uninjectPodSpec(report *Report) {
volumes := []v1.Volume{}
for _, volume := range t.Volumes {
if volume.Name != k8s.IdentityEndEntityVolumeName && volume.Name != k8s.PodInfoVolumeName && volume.Name != k8s.InitXtablesLockVolumeMountName {
if volume.Name != k8s.IdentityEndEntityVolumeName && volume.Name != k8s.InitXtablesLockVolumeMountName {
volumes = append(volumes, volume)
}
}

14
pkg/k8s/labels.go
View File

@ -231,21 +231,11 @@ const (
// CloseWaitTimeoutAnnotation configures nf_conntrack_tcp_timeout_close_wait.
CloseWaitTimeoutAnnotation = ProxyConfigAnnotationsPrefix + "/close-wait-timeout"
// ProxyTraceCollectorSvcAddrAnnotation can be used to enable tracing on a proxy.
// It takes the collector service name (e.g. oc-collector.tracing:55678) as
// its value.
ProxyTraceCollectorSvcAddrAnnotation = ProxyConfigAnnotationsPrefix + "/trace-collector"
// ProxyWaitBeforeExitSecondsAnnotation makes the proxy container to wait for the given period before exiting
// after the Pod entered the Terminating state. Must be smaller than terminationGracePeriodSeconds
// configured for the Pod
ProxyWaitBeforeExitSecondsAnnotation = ProxyConfigAnnotationsPrefixAlpha + "/proxy-wait-before-exit-seconds"
// ProxyTraceCollectorSvcAccountAnnotation is used to specify the service account
// associated with the trace collector. It is used to create the service's
// mTLS identity.
ProxyTraceCollectorSvcAccountAnnotation = ProxyConfigAnnotationsPrefixAlpha + "/trace-collector-service-account"
// IdentityModeDefault is assigned to IdentityModeAnnotation to
// use the control plane's default identity scheme.
IdentityModeDefault = "default"
@ -284,10 +274,6 @@ const (
// volume mounted into each proxy to store identity credentials.
IdentityEndEntityVolumeName = "linkerd-identity-end-entity"
// PodInfoVolumeName is the name assigned to the
// volume mounted into each proxy to store pod labels.
PodInfoVolumeName = "podinfo"
// IdentityIssuerSecretName is the name of the Secret that stores issuer credentials.
IdentityIssuerSecretName = "linkerd-identity-issuer"

56
test/integration/inject/inject_test.go
View File

@ -109,35 +109,33 @@ func TestInjectAutoParams(t *testing.T) {
TestHelper.WithDataPlaneNamespace(ctx, injectNS, map[string]string{}, t, func(t *testing.T, ns string) {
injectionValidator := testutil.InjectValidator{
NoInitContainer: TestHelper.CNI() || TestHelper.Calico(),
AutoInject: true,
AdminPort: 8888,
ControlPort: 8881,
DisableTap: true,
EnableExternalProfiles: true,
EnableDebug: true,
ImagePullPolicy: "Never",
InboundPort: 8882,
InitImage: "init-image",
InitImageVersion: "init-image-version",
OutboundPort: 8883,
CPULimit: "160m",
CPURequest: "150m",
MemoryLimit: "150Mi",
MemoryRequest: "100Mi",
Image: "proxy-image",
LogLevel: "proxy-log-level",
UID: 10,
Version: "proxy-version",
RequireIdentityOnPorts: "8884,8885",
OpaquePorts: "8888,8889",
TraceCollector: "oc-collector.tracing:55671",
TraceCollectorSvcAccount: "collector-svc-acc",
OutboundConnectTimeout: "888ms",
InboundConnectTimeout: "999ms",
SkipOutboundPorts: "1111,2222,3333",
SkipInboundPorts: "4444,5555,6666",
WaitBeforeExitSeconds: 10,
NoInitContainer: TestHelper.CNI() || TestHelper.Calico(),
AutoInject: true,
AdminPort: 8888,
ControlPort: 8881,
DisableTap: true,
EnableExternalProfiles: true,
EnableDebug: true,
ImagePullPolicy: "Never",
InboundPort: 8882,
InitImage: "init-image",
InitImageVersion: "init-image-version",
OutboundPort: 8883,
CPULimit: "160m",
CPURequest: "150m",
MemoryLimit: "150Mi",
MemoryRequest: "100Mi",
Image: "proxy-image",
LogLevel: "proxy-log-level",
UID: 10,
Version: "proxy-version",
RequireIdentityOnPorts: "8884,8885",
OpaquePorts: "8888,8889",
OutboundConnectTimeout: "888ms",
InboundConnectTimeout: "999ms",
SkipOutboundPorts: "1111,2222,3333",
SkipInboundPorts: "4444,5555,6666",
WaitBeforeExitSeconds: 10,
}
_, annotations := injectionValidator.GetFlagsAndAnnotations()

14
test/integration/tracing/testdata/emojivoto.yaml vendored
View File

@ -30,8 +30,6 @@ spec:
creationTimestamp: null
labels:
app: emoji-svc
annotations:
config.linkerd.io/trace-collector: "oc-collector.___TRACING_NS___:55678"
spec:
serviceAccountName: emoji
containers:
@ -39,7 +37,7 @@ spec:
- name: GRPC_PORT
value: "8080"
- name: OC_AGENT_HOST
value: "oc-collector.___TRACING_NS___:55678"
value: "collector.___TRACING_NS___:55678"
image: buoyantio/emojivoto-emoji-svc:v8-tracing
name: emoji-svc
ports:
@ -79,8 +77,6 @@ spec:
creationTimestamp: null
labels:
app: voting-svc
annotations:
config.linkerd.io/trace-collector: "oc-collector.___TRACING_NS___:55678"
spec:
serviceAccountName: voting
containers:
@ -88,7 +84,7 @@ spec:
- name: GRPC_PORT
value: "8080"
- name: OC_AGENT_HOST
value: "oc-collector.___TRACING_NS___:55678"
value: "collector.___TRACING_NS___:55678"
image: buoyantio/emojivoto-voting-svc:v8-tracing
name: voting-svc
ports:
@ -128,8 +124,6 @@ spec:
creationTimestamp: null
labels:
app: web-svc
annotations:
config.linkerd.io/trace-collector: "oc-collector.___TRACING_NS___:55678"
spec:
serviceAccountName: web
containers:
@ -137,7 +131,7 @@ spec:
- name: WEB_PORT
value: "80"
- name: OC_AGENT_HOST
value: "oc-collector.___TRACING_NS___:55678"
value: "collector.___TRACING_NS___:55678"
- name: EMOJISVC_HOST
value: emoji-svc:8080
- name: VOTINGSVC_HOST
@ -183,8 +177,6 @@ spec:
creationTimestamp: null
labels:
app: vote-bot
annotations:
config.linkerd.io/trace-collector: "oc-collector.___TRACING_NS___:55678"
spec:
containers:
- command:

4
test/integration/tracing/testdata/ingress.yaml vendored
View File

@ -97,7 +97,7 @@ data:
ssl-redirect: "false"
enable-opentracing: "true"
enable-vts-status: "false"
zipkin-collector-host: oc-collector.___TRACING_NS___
zipkin-collector-host: collector.___TRACING_NS___
zipkin-sample-rate: "0.5"
---
apiVersion: apps/v1
@ -115,8 +115,6 @@ spec:
metadata:
labels:
app: nginx-ingress
annotations:
config.linkerd.io/trace-collector: "oc-collector.___TRACING_NS___:55678"
spec:
containers:
- args:

154
test/integration/tracing/testdata/tracing.yaml vendored
View File

@ -1,154 +0,0 @@
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: jaeger
labels:
app: jaeger
spec:
replicas: 1
selector:
matchLabels:
app: jaeger
template:
metadata:
labels:
app: jaeger
spec:
dnsPolicy: ClusterFirst
containers:
- name: jaeger
image: jaegertracing/all-in-one:1.8
ports:
- name: collection
containerPort: 14268
- name: ui
containerPort: 16686
---
apiVersion: v1
kind: Service
metadata:
name: jaeger
labels:
app: jaeger
spec:
selector:
app: jaeger
ports:
- name: collection
port: 14268
- name: ui
port: 16686
---
apiVersion: v1
kind: ConfigMap
metadata:
name: oc-collector-conf
labels:
app: opencensus
component: oc-collector-conf
data:
oc-collector-config: |
receivers:
opencensus:
port: 55678
zipkin:
port: 9411
jaeger:
jaeger-thrift-http-port: 14268
queued-exporters:
jaeger-all-in-one:
num-workers: 4
queue-size: 100
retry-on-failure: true
sender-type: jaeger-thrift-http
jaeger-thrift-http:
collector-endpoint: http://jaeger:14268/api/traces
timeout: 5s
---
apiVersion: v1
kind: Service
metadata:
name: oc-collector
labels:
app: opencesus
component: oc-collector
spec:
ports:
- name: opencensus
port: 55678
protocol: TCP
targetPort: 55678
- name: zipkin
port: 9411
protocol: TCP
targetPort: 9411
- name: jaeger
port: 14268
protocol: TCP
targetPort: 14268
selector:
component: oc-collector
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: oc-collector
labels:
app: opencensus
component: oc-collector
spec:
minReadySeconds: 5
progressDeadlineSeconds: 120
replicas: 1
selector:
matchLabels:
app: opencensus
template:
metadata:
annotations:
prometheus.io/path: "/metrics"
prometheus.io/port: "8888"
prometheus.io/scrape: "true"
labels:
app: opencensus
component: oc-collector
spec:
containers:
- command:
- "/occollector_linux"
- "--config=/conf/oc-collector-config.yaml"
env:
- name: GOGC
value: "80"
image: omnition/opencensus-collector:0.1.10
name: oc-collector
resources:
limits:
cpu: 1
memory: 2Gi
requests:
cpu: 200m
memory: 400Mi
ports:
- containerPort: 55678
- containerPort: 9411
- containerPort: 14268
volumeMounts:
- name: oc-collector-config-vol
mountPath: /conf
livenessProbe:
httpGet:
path: /
port: 13133
readinessProbe:
httpGet:
path: /
port: 13133
volumes:
- configMap:
name: oc-collector-conf
items:
- key: oc-collector-config
path: oc-collector-config.yaml
name: oc-collector-config-vol

55
test/integration/tracing/tracing_test.go
View File

@ -48,24 +48,32 @@ func TestTracing(t *testing.T) {
t.Skip("Skipped. Jaeger & Open Census images does not support ARM yet")
}
// Tracing Components
out, err := TestHelper.LinkerdRun("inject", "testdata/tracing.yaml")
// linkerd-jaeger extension
tracingNs := "linkerd-jaeger"
out, err := TestHelper.LinkerdRun("jaeger", "install")
if err != nil {
testutil.AnnotatedFatal(t, "'linkerd inject' command failed", err)
testutil.AnnotatedFatal(t, "'linkerd jaeger install' command failed", err)
}
tracingNs := TestHelper.GetTestNamespace("tracing")
err = TestHelper.CreateDataPlaneNamespaceIfNotExists(ctx, tracingNs, nil)
if err != nil {
testutil.AnnotatedFatalf(t, fmt.Sprintf("failed to create %s namespace", tracingNs),
"failed to create %s namespace: %s", tracingNs, err)
}
out, err = TestHelper.KubectlApply(out, tracingNs)
out, err = TestHelper.KubectlApply(out, "")
if err != nil {
testutil.AnnotatedFatalf(t, "'kubectl apply' command failed",
"'kubectl apply' command failed\n%s", out)
}
// wait for jaeger proxy mutator to start
if err := TestHelper.CheckPods(ctx, tracingNs, "proxy-mutator", 1); err != nil {
if rce, ok := err.(*testutil.RestartCountError); ok {
testutil.AnnotatedWarn(t, "CheckPods timed-out", rce)
} else {
testutil.AnnotatedError(t, "CheckPods timed-out", err)
}
}
if err := TestHelper.CheckDeployment(ctx, tracingNs, "proxy-mutator", 1); err != nil {
testutil.AnnotatedErrorf(t, "CheckDeployment timed-out", "Error validating deployment [%s]:\n%s", "proxy-mutator", err)
}
// Emojivoto components
emojivotoNs := TestHelper.GetTestNamespace("emojivoto")
err = TestHelper.CreateDataPlaneNamespaceIfNotExists(ctx, emojivotoNs, nil)
@ -121,16 +129,19 @@ func TestTracing(t *testing.T) {
}
// wait for deployments to start
for ns, deploy := range map[string]string{
emojivotoNs: "vote-bot",
emojivotoNs: "web",
emojivotoNs: "emoji",
emojivotoNs: "voting",
ingressNs: "nginx-ingress",
tracingNs: "oc-collector",
tracingNs: "jaeger",
for _, deploy := range []struct {
ns string
name string
}{
{ns: emojivotoNs, name: "vote-bot"},
{ns: emojivotoNs, name: "web"},
{ns: emojivotoNs, name: "emoji"},
{ns: emojivotoNs, name: "voting"},
{ns: ingressNs, name: "nginx-ingress"},
{ns: tracingNs, name: "collector"},
{ns: tracingNs, name: "jaeger"},
} {
if err := TestHelper.CheckPods(ctx, ns, deploy, 1); err != nil {
if err := TestHelper.CheckPods(ctx, deploy.ns, deploy.name, 1); err != nil {
if rce, ok := err.(*testutil.RestartCountError); ok {
testutil.AnnotatedWarn(t, "CheckPods timed-out", rce)
} else {
@ -138,8 +149,8 @@ func TestTracing(t *testing.T) {
}
}
if err := TestHelper.CheckDeployment(ctx, ns, deploy, 1); err != nil {
testutil.AnnotatedErrorf(t, "CheckDeployment timed-out", "Error validating deployment [%s]:\n%s", deploy, err)
if err := TestHelper.CheckDeployment(ctx, deploy.ns, deploy.name, 1); err != nil {
testutil.AnnotatedErrorf(t, "CheckDeployment timed-out", "Error validating deployment [%s]:\n%s", deploy.name, err)
}
}
@ -151,7 +162,7 @@ func TestTracing(t *testing.T) {
}
timeout := 120 * time.Second
err = TestHelper.RetryFor(timeout, func() error {
tracesJSON, err := TestHelper.HTTPGetURL(url + "/api/traces?lookback=1h&service=nginx")
tracesJSON, err := TestHelper.HTTPGetURL(url + "/jaeger/api/traces?lookback=1h&service=nginx")
if err != nil {
return err
}

81
testutil/inject_validator.go
View File

@ -20,37 +20,35 @@ const debugContainerName = "linkerd-debug"
// correct injector flags and annotations and verify
// injected pods
type InjectValidator struct {
NoInitContainer bool
DisableIdentity bool
AutoInject bool
AdminPort int
ControlPort int
DisableTap bool
EnableDebug bool
EnableExternalProfiles bool
ImagePullPolicy string
InboundPort int
InitImage string
InitImageVersion string
OutboundPort int
CPULimit string
CPURequest string
MemoryLimit string
MemoryRequest string
Image string
LogLevel string
LogFormat string
UID int
Version string
RequireIdentityOnPorts string
SkipOutboundPorts string
OpaquePorts string
SkipInboundPorts string
TraceCollector string
TraceCollectorSvcAccount string
OutboundConnectTimeout string
InboundConnectTimeout string
WaitBeforeExitSeconds int
NoInitContainer bool
DisableIdentity bool
AutoInject bool
AdminPort int
ControlPort int
DisableTap bool
EnableDebug bool
EnableExternalProfiles bool
ImagePullPolicy string
InboundPort int
InitImage string
InitImageVersion string
OutboundPort int
CPULimit string
CPURequest string
MemoryLimit string
MemoryRequest string
Image string
LogLevel string
LogFormat string
UID int
Version string
RequireIdentityOnPorts string
SkipOutboundPorts string
OpaquePorts string
SkipInboundPorts string
OutboundConnectTimeout string
InboundConnectTimeout string
WaitBeforeExitSeconds int
}
func (iv *InjectValidator) getContainer(pod *v1.PodSpec, name string, isInit bool) *v1.Container {
@ -267,19 +265,6 @@ func (iv *InjectValidator) validateProxyContainer(pod *v1.PodSpec) error {
}
}
if iv.TraceCollector != "" {
if err := iv.validateEnvVar(proxyContainer, "LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR", iv.TraceCollector); err != nil {
return err
}
}
if iv.TraceCollectorSvcAccount != "" {
expectedAccount := fmt.Sprintf("%s.tracing.serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)", iv.TraceCollectorSvcAccount)
if err := iv.validateEnvVar(proxyContainer, "LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME", expectedAccount); err != nil {
return err
}
}
if iv.OutboundConnectTimeout != "" {
if err := iv.validateEnvVar(proxyContainer, "LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT", iv.OutboundConnectTimeout); err != nil {
return err
@ -531,14 +516,6 @@ func (iv *InjectValidator) GetFlagsAndAnnotations() ([]string, map[string]string
flags = append(flags, fmt.Sprintf("--skip-outbound-ports=%s", iv.SkipOutboundPorts))
}
if iv.TraceCollector != "" {
annotations[k8s.ProxyTraceCollectorSvcAddrAnnotation] = iv.TraceCollector
}
if iv.TraceCollectorSvcAccount != "" {
annotations[k8s.ProxyTraceCollectorSvcAccountAnnotation] = iv.TraceCollectorSvcAccount
}
if iv.OutboundConnectTimeout != "" {
annotations[k8s.ProxyOutboundConnectTimeout] = iv.OutboundConnectTimeout
}