mirror of https://github.com/linkerd/linkerd2.git
140 lines
5.4 KiB
YAML
140 lines
5.4 KiB
YAML
---
|
|
###
|
|
### Tap
|
|
###
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: linkerd-tap
|
|
namespace: {{.Values.global.namespace}}
|
|
labels:
|
|
{{.Values.global.controllerComponentLabel}}: tap
|
|
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
|
|
annotations:
|
|
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
{{.Values.global.controllerComponentLabel}}: tap
|
|
ports:
|
|
- name: grpc
|
|
port: 8088
|
|
targetPort: 8088
|
|
- name: apiserver
|
|
port: 443
|
|
targetPort: apiserver
|
|
---
|
|
{{- $tree := deepCopy . }}
|
|
{{ $_ := set $tree.Values.global.proxy "workloadKind" "deployment" -}}
|
|
{{ $_ := set $tree.Values.global.proxy "component" "linkerd-tap" -}}
|
|
{{ include "linkerd.proxy.validation" .Values.global.proxy -}}
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
annotations:
|
|
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
|
|
labels:
|
|
app.kubernetes.io/name: tap
|
|
app.kubernetes.io/part-of: Linkerd
|
|
app.kubernetes.io/version: {{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
|
|
{{.Values.global.controllerComponentLabel}}: tap
|
|
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
|
|
name: linkerd-tap
|
|
namespace: {{.Values.global.namespace}}
|
|
spec:
|
|
replicas: {{.Values.controllerReplicas}}
|
|
selector:
|
|
matchLabels:
|
|
{{.Values.global.controllerComponentLabel}}: tap
|
|
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
|
|
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 6}}
|
|
{{- if .Values.enablePodAntiAffinity }}
|
|
strategy:
|
|
rollingUpdate:
|
|
maxUnavailable: 1
|
|
{{- end }}
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
{{- if empty .Values.global.cliVersion }}
|
|
checksum/config: {{ include (print $.Template.BasePath "/tap-rbac.yaml") . | sha256sum }}
|
|
{{- end }}
|
|
{{.Values.global.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.global.linkerdVersion) .Values.global.cliVersion}}
|
|
{{- include "partials.proxy.annotations" .Values.global.proxy| nindent 8}}
|
|
{{- with .Values.global.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
|
|
labels:
|
|
{{.Values.global.controllerComponentLabel}}: tap
|
|
{{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
|
|
{{.Values.global.workloadNamespaceLabel}}: {{.Values.global.namespace}}
|
|
{{- include "partials.proxy.labels" $tree.Values.global.proxy | nindent 8}}
|
|
{{- with .Values.global.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
|
|
spec:
|
|
{{- if .Values.tolerations -}}
|
|
{{- include "linkerd.tolerations" . | nindent 6 }}
|
|
{{- end -}}
|
|
{{- include "linkerd.node-selector" . | nindent 6 }}
|
|
{{- if .Values.enablePodAntiAffinity -}}
|
|
{{- $local := dict "component" "tap" "label" .Values.global.controllerComponentLabel -}}
|
|
{{- include "linkerd.pod-affinity" $local | nindent 6 -}}
|
|
{{- end }}
|
|
containers:
|
|
- args:
|
|
- tap
|
|
- -controller-namespace={{.Values.global.namespace}}
|
|
- -log-level={{.Values.global.controllerLogLevel}}
|
|
- -identity-trust-domain={{.Values.global.identityTrustDomain }}
|
|
{{- include "partials.linkerd.trace" . | nindent 8 -}}
|
|
image: {{.Values.controllerImage}}:{{default .Values.global.linkerdVersion .Values.global.controllerImageVersion}}
|
|
imagePullPolicy: {{.Values.global.imagePullPolicy}}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /ping
|
|
port: 9998
|
|
initialDelaySeconds: 10
|
|
name: tap
|
|
ports:
|
|
- containerPort: 8088
|
|
name: grpc
|
|
- containerPort: 8089
|
|
name: apiserver
|
|
- containerPort: 9998
|
|
name: admin-http
|
|
readinessProbe:
|
|
failureThreshold: 7
|
|
httpGet:
|
|
path: /ready
|
|
port: 9998
|
|
{{- if .Values.tapResources -}}
|
|
{{- include "partials.resources" .Values.tapResources | nindent 8 }}
|
|
{{- end }}
|
|
securityContext:
|
|
runAsUser: {{.Values.controllerUID}}
|
|
volumeMounts:
|
|
- mountPath: /var/run/linkerd/tls
|
|
name: tls
|
|
readOnly: true
|
|
{{- if not (empty .Values.tapProxyResources) }}
|
|
{{- $r := merge .Values.tapProxyResources .Values.global.proxy.resources }}
|
|
{{- $_ := set $tree.Values.global.proxy "resources" $r }}
|
|
{{- end }}
|
|
{{- include "partials.setControlPlaneTracing.proxy" $tree }}
|
|
- {{- include "partials.proxy" $tree | indent 8 | trimPrefix (repeat 7 " ") }}
|
|
{{ if not .Values.global.cniEnabled -}}
|
|
initContainers:
|
|
- {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
|
{{ end -}}
|
|
serviceAccountName: linkerd-tap
|
|
volumes:
|
|
{{ if .Values.global.controlPlaneTracing -}}
|
|
- {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
|
{{ end -}}
|
|
{{ if not .Values.global.cniEnabled -}}
|
|
- {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
|
{{ end -}}
|
|
- {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}
|
|
- name: tls
|
|
secret:
|
|
secretName: linkerd-tap-k8s-tls
|
|
|