linkerd2

History

Max Goltzsche a8e5bff21f Provide CA cert as env var to identity controller. (#5690 ) Currently the identity controller is the only component that receives the CA certificate / trust anchors as option `-identity-trust-anchors-pem` instead of an env var. This stops one from letting it read the trust anchors from a Secret that is managed by e.g. cert-manager. This PR uses an env var instead of the option to provide the trust anchors. For most helm chart users this doesn't change anything. However using kustomize the helm output manifest can now be adjusted (again) so that the certificate is loaded from a ConfigMap or Secret like in [this example](https://github.com/mgoltzsche/khelm/tree/master/example/kpt/linkerd) which aims to produce a static manifest to make the installation/update more declarative and support GitOps workflows. This PR does not provide chart options/values to specify Secrets upfront - it would introduce dependencies to other operators. Relates to #3843, see https://github.com/linkerd/linkerd2/issues/3843#issuecomment-775516217 Fixes #3321 Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>	2021-02-22 10:30:43 -05:00
..
main.go	Provide CA cert as env var to identity controller. (#5690 )	2021-02-22 10:30:43 -05:00

Provide CA cert as env var to identity controller. (#5690 )

Currently the identity controller is the only component that receives the CA certificate / trust anchors as option `-identity-trust-anchors-pem` instead of an env var.
This stops one from letting it read the trust anchors from a Secret that is managed by e.g. cert-manager.

This PR uses an env var instead of the option to provide the trust anchors. For most helm chart users this doesn't change anything. However using kustomize the helm output manifest can now be adjusted (again) so that the certificate is loaded from a ConfigMap or Secret like in [this example](https://github.com/mgoltzsche/khelm/tree/master/example/kpt/linkerd) which aims to produce a static manifest to make the installation/update more declarative and support GitOps workflows.

This PR does not provide chart options/values to specify Secrets upfront - it would introduce dependencies to other operators.

Relates to #3843, see https://github.com/linkerd/linkerd2/issues/3843#issuecomment-775516217

Fixes #3321

Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>

2021-02-22 10:30:43 -05:00

main.go

Provide CA cert as env var to identity controller. (#5690 )

2021-02-22 10:30:43 -05:00