Add validation conditions to ensure identity and tap aren't disabled for

control plane components Signed-off-by: ihcsim <ihcsim@gmail.com>
linkerd · Jul 30, 2019 · 1d22f4d · 1d22f4d
1 parent 87727c5
commit 1d22f4d
Show file tree

Hide file tree

Showing 9 changed files with 17 additions and 0 deletions.
diff --git a/charts/linkerd/templates/_validate.tpl b/charts/linkerd/templates/_validate.tpl
@@ -0,0 +1,9 @@
+{{- define "linkerd.proxy.validation" -}}
+{{- if .DisableIdentity -}}
+{{- fail (printf "Can't disable identity mTLS for %s. Set '.Values.Proxy.DisableIdentity' to 'false'" .Component) -}}
+{{- end -}}
+
+{{- if .DisableTap -}}
+{{- fail (printf "Can't disable tap for %s. Set '.Values.Proxy.DisableTap' to 'false'" .Component) -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/linkerd/templates/controller.yaml b/charts/linkerd/templates/controller.yaml
@@ -47,6 +47,7 @@ spec:
 {{ end -}}
 {{ $_ := set .Proxy "WorkloadKind" "deployment" -}}
 {{ $_ := set .Proxy "Component" "linkerd-controller" -}}
+{{ include "linkerd.proxy.validation" .Proxy -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/charts/linkerd/templates/grafana.yaml b/charts/linkerd/templates/grafana.yaml
@@ -88,6 +88,7 @@ spec:
 {{ end -}}
 {{ $_ := set .Proxy "WorkloadKind" "deployment" -}}
 {{ $_ := set .Proxy "Component" "linkerd-grafana" -}}
+{{ include "linkerd.proxy.validation" .Proxy -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/charts/linkerd/templates/identity.yaml b/charts/linkerd/templates/identity.yaml
@@ -48,6 +48,7 @@ spec:
 {{ end -}}
 {{ $_ := set .Proxy "WorkloadKind" "deployment" -}}
 {{ $_ := set .Proxy "Component" "linkerd-identity" -}}
+{{ include "linkerd.proxy.validation" .Proxy -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/charts/linkerd/templates/prometheus.yaml b/charts/linkerd/templates/prometheus.yaml
@@ -117,6 +117,7 @@ spec:
 {{ end -}}
 {{ $_ := set .Proxy "WorkloadKind" "deployment" -}}
 {{ $_ := set .Proxy "Component" "linkerd-prometheus" -}}
+{{ include "linkerd.proxy.validation" .Proxy -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/charts/linkerd/templates/proxy-injector.yaml b/charts/linkerd/templates/proxy-injector.yaml
@@ -9,6 +9,7 @@
 {{ end -}}
 {{ $_ := set .Proxy "WorkloadKind" "deployment" -}}
 {{ $_ := set .Proxy "Component" "linkerd-proxy-injector" -}}
+{{ include "linkerd.proxy.validation" .Proxy -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/charts/linkerd/templates/sp-validator.yaml b/charts/linkerd/templates/sp-validator.yaml
@@ -28,6 +28,7 @@ spec:
 {{ end -}}
 {{ $_ := set .Proxy "WorkloadKind" "deployment" -}}
 {{ $_ := set .Proxy "Component" "linkerd-sp-validator" -}}
+{{ include "linkerd.proxy.validation" .Proxy -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/charts/linkerd/templates/tap.yaml b/charts/linkerd/templates/tap.yaml
@@ -28,6 +28,7 @@ spec:
 {{ end -}}
 {{ $_ := set .Proxy "WorkloadKind" "deployment" -}}
 {{ $_ := set .Proxy "Component" "linkerd-tap" -}}
+{{ include "linkerd.proxy.validation" .Proxy -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/charts/linkerd/templates/web.yaml b/charts/linkerd/templates/web.yaml
@@ -31,6 +31,7 @@ spec:
 {{ end -}}
 {{ $_ := set .Proxy "WorkloadKind" "deployment" -}}
 {{ $_ := set .Proxy "Component" "linkerd-web" -}}
+{{ include "linkerd.proxy.validation" .Proxy -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata: