mirror of https://github.com/linkerd/linkerd2.git
439 lines
9.6 KiB
Plaintext
439 lines
9.6 KiB
Plaintext
---
|
|
kind: Namespace
|
|
apiVersion: v1
|
|
metadata:
|
|
name: linkerd-jaeger
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: Server
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: proxy-admin
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
linkerd.io/extension: jaeger
|
|
port: linkerd-admin
|
|
proxyProtocol: HTTP/1
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: ServerAuthorization
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: proxy-admin
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
server:
|
|
name: proxy-admin
|
|
client:
|
|
# for kubelet probes
|
|
unauthenticated: true
|
|
|
|
---
|
|
###
|
|
### Jaeger Injector
|
|
###
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
app.kubernetes.io/name: jaeger-injector
|
|
app.kubernetes.io/part-of: Linkerd
|
|
app.kubernetes.io/version: dev-undefined
|
|
component: jaeger-injector
|
|
name: jaeger-injector
|
|
namespace: linkerd-jaeger
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
checksum/config: c7e6fd0e7aad8fbcdf4f47b4d05c8e6b7e0e489cf9afc2026d4b6accd590ea71
|
|
linkerd.io/inject: enabled
|
|
config.linkerd.io/proxy-await: "enabled"
|
|
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
containers:
|
|
- args:
|
|
- -collector-svc-addr=collector.linkerd-jaeger:55678
|
|
- -collector-svc-account=collector
|
|
- -log-level=info
|
|
- -cluster-domain=cluster.local
|
|
- -linkerd-namespace=linkerd
|
|
- -enable-pprof=false
|
|
image: cr.l5d.io/linkerd/jaeger-webhook:dev-undefined
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /ping
|
|
port: 9995
|
|
initialDelaySeconds: 10
|
|
name: jaeger-injector
|
|
ports:
|
|
- containerPort: 8443
|
|
name: jaeger-injector
|
|
- containerPort: 9995
|
|
name: admin-http
|
|
readinessProbe:
|
|
failureThreshold: 7
|
|
httpGet:
|
|
path: /ready
|
|
port: 9995
|
|
securityContext:
|
|
runAsUser: 2103
|
|
volumeMounts:
|
|
- mountPath: /var/run/linkerd/tls
|
|
name: tls
|
|
readOnly: true
|
|
resources:
|
|
serviceAccountName: jaeger-injector
|
|
volumes:
|
|
- name: tls
|
|
secret:
|
|
secretName: jaeger-injector-k8s-tls
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: jaeger-injector
|
|
namespace: linkerd-jaeger
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
ports:
|
|
- name: jaeger-injector
|
|
port: 443
|
|
targetPort: jaeger-injector
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: Server
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: jaeger-injector-webhook
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
port: jaeger-injector
|
|
proxyProtocol: TLS
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: Server
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: jaeger-injector-admin
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
port: admin-http
|
|
proxyProtocol: HTTP/1
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: ServerAuthorization
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: jaeger-injector
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
server:
|
|
selector:
|
|
matchLabels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger-injector
|
|
client:
|
|
# traffic coming from the kubelet and from kube-api
|
|
unauthenticated: true
|
|
---
|
|
###
|
|
### Jaeger Injector RBAC
|
|
###
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: linkerd-jaeger-injector
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["namespaces"]
|
|
verbs: ["get", "list", "watch"]
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: linkerd-jaeger-injector
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: jaeger-injector
|
|
namespace: linkerd-jaeger
|
|
apiGroup: ""
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: linkerd-jaeger-injector
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
kind: ServiceAccount
|
|
apiVersion: v1
|
|
metadata:
|
|
name: jaeger-injector
|
|
namespace: linkerd-jaeger
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: MutatingWebhookConfiguration
|
|
metadata:
|
|
name: linkerd-jaeger-injector-webhook-config
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
webhooks:
|
|
- name: jaeger-injector.linkerd.io
|
|
clientConfig:
|
|
service:
|
|
name: jaeger-injector
|
|
namespace: linkerd-jaeger
|
|
path: "/"
|
|
caBundle: dGVzdC13ZWJob29rLWNhLWJ1bmRsZQ==
|
|
failurePolicy: Ignore
|
|
admissionReviewVersions: ["v1", "v1beta1"]
|
|
reinvocationPolicy: IfNeeded
|
|
rules:
|
|
- operations: [ "CREATE" ]
|
|
apiGroups: [""]
|
|
apiVersions: ["v1"]
|
|
resources: ["pods"]
|
|
sideEffects: None
|
|
---
|
|
###
|
|
### jaeger RBAC
|
|
###
|
|
kind: ServiceAccount
|
|
apiVersion: v1
|
|
metadata:
|
|
name: jaeger
|
|
namespace: linkerd-jaeger
|
|
---
|
|
###
|
|
### Tracing Jaeger Service
|
|
###
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: jaeger
|
|
namespace: linkerd-jaeger
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
component: jaeger
|
|
ports:
|
|
- name: collection
|
|
port: 14268
|
|
- name: grpc
|
|
port: 14250
|
|
- name: ui
|
|
port: 16686
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
app.kubernetes.io/name: jaeger
|
|
app.kubernetes.io/part-of: Linkerd
|
|
component: jaeger
|
|
name: jaeger
|
|
namespace: linkerd-jaeger
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
component: jaeger
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
linkerd.io/inject: enabled
|
|
config.linkerd.io/proxy-await: "enabled"
|
|
prometheus.io/path: /metrics
|
|
prometheus.io/port: "14269"
|
|
prometheus.io/scrape: "true"
|
|
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
containers:
|
|
- args:
|
|
- --query.base-path=/jaeger
|
|
image: jaegertracing/all-in-one:1.31
|
|
imagePullPolicy: Always
|
|
name: jaeger
|
|
ports:
|
|
- containerPort: 14269
|
|
name: admin
|
|
- containerPort: 14268
|
|
name: collection
|
|
- containerPort: 14250
|
|
name: grpc
|
|
- containerPort: 16686
|
|
name: ui
|
|
resources:
|
|
securityContext:
|
|
runAsUser: 2103
|
|
dnsPolicy: ClusterFirst
|
|
serviceAccountName: jaeger
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: Server
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: jaeger-grpc
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
component: jaeger
|
|
port: grpc
|
|
proxyProtocol: gRPC
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: ServerAuthorization
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: jaeger-grpc
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
server:
|
|
name: jaeger-grpc
|
|
client:
|
|
meshTLS:
|
|
serviceAccounts:
|
|
- name: collector
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: Server
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: jaeger-admin
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
component: jaeger
|
|
port: admin
|
|
proxyProtocol: HTTP/1
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: ServerAuthorization
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: jaeger-admin
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
server:
|
|
name: jaeger-admin
|
|
client:
|
|
meshTLS:
|
|
serviceAccounts:
|
|
# if not using linkerd-viz' prometheus, replace its SA here
|
|
- name: prometheus
|
|
namespace: linkerd-viz
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: Server
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: jaeger-ui
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
component: jaeger
|
|
port: ui
|
|
proxyProtocol: HTTP/1
|
|
---
|
|
apiVersion: policy.linkerd.io/v1beta1
|
|
kind: ServerAuthorization
|
|
metadata:
|
|
namespace: linkerd-jaeger
|
|
name: jaeger-ui
|
|
labels:
|
|
linkerd.io/extension: jaeger
|
|
component: jaeger
|
|
annotations:
|
|
linkerd.io/created-by: linkerd/helm dev-undefined
|
|
spec:
|
|
server:
|
|
name: jaeger-ui
|
|
client:
|
|
meshTLS:
|
|
serviceAccounts:
|
|
# for the optional dashboard integration
|
|
- name: web
|
|
namespace: linkerd-viz
|