mirror of https://github.com/linkerd/linkerd2.git
5b77ae5259
Fixes #5098 When setting up multicluster, a target cluster may wish to create multiple service accounts to be used by source clusters' service mirrors. This allows the target cluster to individually revoke access to each of the source clusters. When using the Linkerd CLI, this can be accomplished by running the `linkerd multicluster allow` command multiple times to create multiple service accounts. However, there is no analogous workflow when installing with Helm. We update the Helm templates to support interpreting the `remoteMirrorServiceAccountName` value as either a single string or a list of strings. In the case where it is a list, we create a service account and associated RBAC for each entry in the list. Signed-off-by: Alex Leong <alex@buoyant.io> |
||
|---|---|---|
| .. | ||
| templates | ||
| .helmignore | ||
| Chart.yaml | ||
| README.md | ||
| values.yaml | ||
README.md
Linkerd2-multicluster Helm Chart
Linkerd is a service mesh, designed to give platform-wide observability, reliability, and security without requiring configuration or code changes. This chart provides the components needed to enable communication between clusters.
Configuration
The following table lists the configurable parameters of the linkerd2-multicluster chart and their default values.
| Parameter | Description | Default |
|---|---|---|
controllerComponentLabel |
Control plane label. Do not edit | linkerd.io/control-plane-component |
controllerImage |
Docker image for the Service mirror component (uses the Linkerd controller image) | ghcr.io/linkerd/controller |
controllerImageVersion |
Tag for the Service Mirror container Docker image | latest version |
createdByAnnotation |
Annotation label for the proxy create. Do not edit. | linkerd.io/created-by |
gateway |
If the gateway component should be installed | true |
gatewayLocalProbePath |
The path that will be used by the local liveness checks to ensure the gateway is alive | /health-local |
gatewayLocalProbePort |
The port that will be used by the local liveness checks to ensure the gateway is alive | 8888 |
gatewayName |
The name of the gateway that will be installed | linkerd-gateway |
gatewayNginxImage |
The Nginx image | nginx |
gatewayNginxImageVersion |
The version of the Nginx image | 1.17 |
gatewayPort |
The port on which all the gateway will accept incoming traffic | 4143 |
gatewayProbePath |
The path that will be used by remote clusters for determining whether the gateway is alive | /health |
gatewayProbePort |
The port used for liveliness probing | 4181 |
gatewayProbeSeconds |
The interval (in seconds) between liveness probes | 3 |
identityTrustDomain |
Trust domain used for identity of the existing linkerd installation | cluster.local |
installNamespace |
If the namespace should be installed | true |
linkerdNamespace |
The namespace of the existing Linkerd installation | linkerd |
linkerdVersion |
Control plane version | latest version |
namespace |
Service Mirror component namespace | linkerd-multicluster |
proxyOutboundPort |
The port on which the proxy accepts outbound traffic | 4140 |
remoteMirrorServiceAccountName |
The name (or list of names) of the service account(s) used to allow remote clusters to mirror local services | linkerd-service-mirror-remote-access-default |
remoteMirrorServiceAccount |
If the remote mirror service account should be installed | true |
serviceMirror |
If the service mirror component should be installed | true |
logLevel |
Log level for the Multicluster components | info |
serviceMirrorRetryLimit |
Number of times update from the remote cluster is allowed to be requeued (retried) | 3 |
serviceMirrorUID |
User id under which the Service Mirror shall be ran | 2103 |
loadBalancerIP |
Request a specific IP address for the gateway service (e.g. use an IP address you have reserved) | emptyString |