Fixes#6584#6620#7405
# Namespace Removal
With this change, the `namespace.yaml` template is rendered only for CLI installs and not Helm, and likewise the `namespace:` entry in the namespace-level objects (using a new `partials.namespace` helper).
The `installNamespace` and `namespace` entries in `values.yaml` have been removed.
There in the templates where the namespace is required, we moved from `.Values.namespace` to `.Release.Namespace` which is filled-in automatically by Helm. For the CLI, `install.go` now explicitly defines the contents of the `Release` map alongside `Values`.
The proxy-injector has a new `linkerd-namespace` argument given the namespace is no longer persisted in the `linkerd-config` ConfigMap, so it has to be passed in. To pass it further down to `injector.Inject()` without modifying the `Handler` signature, a closure was used.
------------
Update: Merged-in #6638: Similar changes for the `linkerd-viz` chart:
Stop rendering `namespace.yaml` in the `linkerd-viz` chart.
The additional change here is the addition of the `namespace-metadata.yaml` template (and its RBAC), _not_ rendered in CLI installs, which is a Helm `post-install` hook, consisting on a Job that executes a script adding the required annotations and labels to the viz namespace using a PATCH request against kube-api. The script first checks if the namespace doesn't already have an annotations/labels entries, in which case it has to add extra ops in that patch.
---------
Update: Merged-in the approved #6643, #6665 and #6669 which address the `linkerd2-cni`, `linkerd-multicluster` and `linkerd-jaeger` charts.
Additional changes from what's already mentioned above:
- Removes the install-namespace option from `linkerd install-cni`, which isn't found in `linkerd install` nor `linkerd viz install` anyways, and it would add some complexity to support.
- Added a dependency on the `partials` chart to the `linkerd-multicluster-link` chart, so that we can tap on the `partials.namespace` helper.
- We don't have any more the restriction on having the muticluster objects live in a separate namespace than linkerd. It's still good practice, and that's the default for the CLI install, but I removed that validation.
Finally, as a side-effect, the `linkerd mc allow` subcommand was fixed; it has been broken for a while apparently:
```console
$ linkerd mc allow --service-account-name foobar
Error: template: linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml:16:7: executing "linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml" at <include "partials.annotations.created-by" $>: error calling include: template: no template "partials.annotations.created-by" associated with template "gotpl"
```
---------
Update: see helm/helm#5465 describing the current best-practice
# Core Helm Charts Split
This removes the `linkerd2` chart, and replaces it with the `linkerd-crds` and `linkerd-control-plane` charts. Note that the viz and other extension charts are not concerned by this change.
Also note the original `values.yaml` file has been split into both charts accordingly.
### UX
```console
$ helm install linkerd-crds --namespace linkerd --create-namespace linkerd/linkerd-crds
...
# certs.yaml should contain identityTrustAnchorsPEM and the identity issuer values
$ helm install linkerd-control-plane --namespace linkerd -f certs.yaml linkerd/linkerd-control-plane
```
### Upgrade
As explained in #6635, this is a breaking change. Users will have to uninstall the `linkerd2` chart and install these two, and eventually rollout the proxies (they should continue to work during the transition anyway).
### CLI
The CLI install/upgrade code was updated to be able to pick the templates from these new charts, but the CLI UX remains identical as before.
### Other changes
- The `linkerd-crds` and `linkerd-control-plane` charts now carry a version scheme independent of linkerd's own versioning, as explained in #7405.
- These charts are Helm v3, which is reflected in the `Chart.yaml` entries and in the removal of the `requirements.yaml` files.
- In the integration tests, replaced the `helm-chart` arg with `helm-charts` containing the path `./charts`, used to build the paths for both charts.
### Followups
- Now it's possible to add a `ServiceProfile` instance for Destination in the `linkerd-control-plane` chart.
This PR corrects misspellings identified by the [check-spelling action](https://github.com/marketplace/actions/check-spelling).
The misspellings have been reported at 0d56327e6f (commitcomment-51603624)
The action reports that the changes in this PR would make it happy: 03a9c310aa
Note: this PR does not include the action. If you're interested in running a spell check on every PR and push, that can be offered separately.
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Failing core checks weren't appropriately showing the hint anchor:
```console
control-plane-version
---------------------
‼ control plane is up-to-date
is running version 21.3.4 but the latest edge version is 21.4.3
see l5d-version-control for hints
```
This change replaces all the manually-created healthcheck categories and
instead uses the `NewCategory()` constructor that correctly sets the
hint anchor default. This constructor returns a reference instead of a
value, so other places had to be updated accordingly.
Pods can only participate in tracing if they have been injected by the jaeger-injector. Similarly, pods may only be tapped if they have been injected by the tap-injector. Since pods which were already running when the injector starts will not be injected until those pods are restarted, it can be difficult to know which pods in your cluster will participate in tracing or be valid tap targets.
We add the command `linkerd viz list` to list meshed pods and indicate which can be tapped, which need to be restarted before they can be tapped, and which have tap disabled.
```console
> linkerd viz list -A
Pods with tap enabled:
* collector-7f585dc68-z8vc8.linkerd-jaeger
* jaeger-69fc767648-mxtc4.linkerd-jaeger
* jaeger-injector-67fbccc487-sjh4c.linkerd-jaeger
* grafana-84c9b569b9-27qsj.linkerd-viz
* metrics-api-6c956b4b58-5xvz8.linkerd-viz
* prometheus-7fdb866467-s4q5m.linkerd-viz
* tap-768b5ddc6c-hdfb2.linkerd-viz
* tap-injector-ff446c479-4wtsm.linkerd-viz
* web-5f79854c4f-lpv5l.linkerd-viz
Pods missing tap configuration (restart these pods to enable tap):
* linkerd-gateway-777b7cb9bf-7fr2n.linkerd-multicluster
* linkerd-controller-6864cf5f8c-bxp7l.linkerd
* linkerd-destination-67499b8df7-fqqb9.linkerd
* linkerd-identity-7c577f7454-c2v7r.linkerd
* linkerd-proxy-injector-c7844b9f6-hwbsm.linkerd
* linkerd-sp-validator-f4c8cc6d6-658tb.linkerd
```
Similarly, we add the command `linkerd jaeger list` to list meshed pods and indicate which will participate in tracing.
```console
> linkerd jaeger list -A
Pods with tracing enabled:
* grafana-84c9b569b9-27qsj.linkerd-viz
* metrics-api-6c956b4b58-5xvz8.linkerd-viz
* prometheus-7fdb866467-s4q5m.linkerd-viz
* tap-768b5ddc6c-hdfb2.linkerd-viz
* tap-injector-ff446c479-4wtsm.linkerd-viz
* web-5f79854c4f-lpv5l.linkerd-viz
Pods missing tracing configuration (restart these pods to enable tracing):
* collector-7f585dc68-z8vc8.linkerd-jaeger
* jaeger-69fc767648-mxtc4.linkerd-jaeger
* jaeger-injector-67fbccc487-sjh4c.linkerd-jaeger
* linkerd-gateway-777b7cb9bf-7fr2n.linkerd-multicluster
* linkerd-controller-6864cf5f8c-bxp7l.linkerd
* linkerd-destination-67499b8df7-fqqb9.linkerd
* linkerd-identity-7c577f7454-c2v7r.linkerd
* linkerd-proxy-injector-c7844b9f6-hwbsm.linkerd
* linkerd-sp-validator-f4c8cc6d6-658tb.linkerd
```
This commands list pods in the context's default namespcae by default, but can be configured with the usual `-n` and `-A` flags.
This replaces the jaeger extension's data plane check which gave a warning if there were pods with tracing. That check has been removed here.
Signed-off-by: Alex Leong <alex@buoyant.io>
* Run extension checks when linkerd check is invoked
This change allows the linkerd check command to also run any known
linkerd extension commands that have been installed in the cluster. It
does this by first querying for any namespace that has the label
selector `linkerd.io/extension` and then runs the subcommands for either
`jaeger`, `multicluster` or `viz`. This change runs basic namespace
healthchecks for extensions that aren't part of the Linkerd extension suite.
Fixes#5233
* extensions: make subcmds check/wait for respective extensions
This commit updates the extension subcmds to check and wait
for the respective extensions to be up before running them.
The same healthcheck pkg and respective extension checks
are used to at the check/wait logic.
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
This branch cleans up some of the unnecessary logic that is not
needed and thus making the check logic similar to that of other
extensions, namely viz.
Includes the following cleanups:
- Remove `namespace` flag in jaeger CLI and make the fetching logic
dynamic and use it in check and dashboard.
- Use `hc.KubeAPIClient` instead of creating our own in jaeger check.
- Move injection checks up before we run the readiness checks
This change adds a new extension namespace exist check for
jaeger.
Also, Updates integration tests to run the check commands.
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
* jaeger: add check sub command
This adds a new `linkerd jaeger check` command to have checks w.r.t
jaeger extension. This is similar to that of the `linkerd check` cmd.
As jaeger is a separate package, It was a bit complex for this to work
as not all types and fields from healthcheck pkg are public, Helper
funcs were used to mitigate this.
This has the following changes:
- Adds a new `check.go` file under the jaeger extension pkg
- Moves some commonly needed funcs and types from `cli/cmd/check.go`
and `pkg/healthcheck/health.go` into
`pkg/healthcheck/healthcheck_output.go`.
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
Add a `linkerd jaeger uninstall` command which prints the linkerd-jaeger extension resources so that they can be deleted. This is similar to the `linkerd uninstall` command.
```
> bin/linkerd jaeger uninstall | k delete -f -
clusterrole.rbac.authorization.k8s.io "linkerd-jaeger-linkerd-jaeger-proxy-mutator" deleted
clusterrolebinding.rbac.authorization.k8s.io "linkerd-jaeger-linkerd-jaeger-proxy-mutator" deleted
mutatingwebhookconfiguration.admissionregistration.k8s.io "linkerd-proxy-mutator-webhook-config" deleted
namespace "linkerd-jaeger" deleted
```
Signed-off-by: Alex Leong <alex@buoyant.io>
This branch adds `jaeger dashboard` sub-command which is used
to view the jaeger dashboard. This follows the same logic/pattern
of that of `linkerd-dashboard`. Also, provides the same flags.
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
* extension: Add new jaeger binary
This branch adds a new jaeger binary project in the jaeger directory.
This follows the same logic as that of `linkerd install`. But as
`linkerd install` VFS logic expects charts to be present in `/charts`
directory, This command gets its own static pkg to generate its own
VFS for its chart.
This covers only the install part of the command
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
Alejandro Pedraza
Josh Soref
Dennis Adjei-Baah
Alex Leong
Tarun Pothulapati