linkerd2/charts/linkerd2-multicluster-remot...
Zahari Dichev 6574f124a7
Restrict Service mirror RBACs (#4426)
This PR introduces a few changes that were requested after a bit of service mirror reviewing.

- we restrict the RBACs so the service mirror controller cannot read secrets in all namespaces but only in the one that it is installed in
- we unify the namespace namings so all multicluster resources are installedi n `linkerd-multicluster` on both clusters
- fixed checks to account for changes

Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>
2020-05-20 17:08:01 +03:00
..
templates Restrict Service mirror RBACs (#4426) 2020-05-20 17:08:01 +03:00
.helmignore Multicluster gateway and remote setup command (#4265) 2020-04-29 20:33:23 +03:00
Chart.yaml Multicluster gateway and remote setup command (#4265) 2020-04-29 20:33:23 +03:00
README.md Restrict Service mirror RBACs (#4426) 2020-05-20 17:08:01 +03:00
values.yaml Restrict Service mirror RBACs (#4426) 2020-05-20 17:08:01 +03:00

README.md

Linkerd2-multicluster-remote-setup Helm Chart

Linkerd is a service mesh, designed to give platform-wide observability, reliability, and security without requiring configuration or code changes. This chart provides a reference cluster gateway implementation, which coupled with Linkerd and the Service Mirror component can enable multicluster communication and service discovery

Configuration

The following table lists the configurable parameters of the linkerd2-multicluster-remote-setup chart and their default values.

Parameter Description Default
gatewayName The name of the gateway that will be installed linkerd-gateway
namespace The namespace in which the gateway and SA will be created linkerd-multicluster
identityTrustDomain Trust domain used for identity of the existing linkerd installation cluster.local
incomingPort The port on which all the gateway will accept incoming traffic 4180
linkerdNamespace The namespace of the existing Linkerd installation linkerd
nginxImage The Nginx image nginx
nginxImageVersion The version of the Nginx image 1.17
probePath The path that will be used by remote clusters for determining whether the gateway is alive /health
probePeriodSeconds The interval (in seconds) between liveness probes 3
probePort The port used for liveliness probing 4181
serviceAccountName The name of the service account that will be created and used by remote clusters, attempting to mirror services linkerd-service-mirror