Remove namespace from linkerd2-cni chart (#6643)

* Remove namespace from linkerd2-cni chart Third part of #6584, followup of #6635 (and based off of alpeb/no-ns-helm-core) Stop rendering the namespace in the `linkerd2-cni` chart, same as we did in #6635. This also removes the `install-namespace` option from `linkerd install-cni`, which isn't found in `linkerd install` nor `linkerd viz install` anyways, and it would add some complexity to support.
linkerd · Aug 17, 2021 · 22d4a86 · 22d4a86
1 parent c9cf389
commit 22d4a86
Show file tree

Hide file tree

Showing 12 changed files with 50 additions and 87 deletions.
diff --git a/charts/linkerd2-cni/README.md b/charts/linkerd2-cni/README.md
@@ -32,9 +32,7 @@ Kubernetes: `>=1.16.0-0`
 | ignoreOutboundPorts | string | `""` | Default set of outbound ports to skip via iptables |
 | imagePullSecrets | string | `nil` |  |
 | inboundProxyPort | int | `4143` | Inbound port for the proxy container |
-| installNamespace | bool | `true` | Whether to create the CNI plugin plane namespace or not |
 | logLevel | string | `"info"` | Log level for the CNI plugin |
-| namespace | string | `"linkerd-cni"` | CNI plugin plane namespace |
 | outboundProxyPort | int | `4140` | Outbound port for the proxy container |
 | portsToRedirect | string | `""` | Ports to redirect to proxy |
 | priorityClassName | string | `""` | Kubernetes priorityClassName for the CNI plugin's Pods |

diff --git a/charts/linkerd2-cni/templates/cni-plugin.yaml b/charts/linkerd2-cni/templates/cni-plugin.yaml
@@ -17,11 +17,11 @@ limitations under the License.
 This file was inspired by
 1) https://github.com/istio/cni/blob/c63a509539b5ed165a6617548c31b686f13c2133/deployments/kubernetes/install/manifests/istio-cni.yaml
 */ -}}
-{{- if .Values.installNamespace -}}
+{{- if eq .Release.Service "CLI" -}}
 kind: Namespace
 apiVersion: v1
 metadata:
-  name: {{.Values.namespace}}
+  name: {{.Release.Namespace}}
   annotations:
     linkerd.io/inject: disabled
   labels:
@@ -33,7 +33,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: linkerd-cni
-  namespace: {{.Values.namespace}}
+  {{ include "partials.namespace" . }}
   labels:
     linkerd.io/cni-resource: "true"
 {{- if .Values.imagePullSecrets }}
@@ -45,7 +45,7 @@ imagePullSecrets:
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
-  name: linkerd-{{.Values.namespace}}-cni
+  name: linkerd-{{.Release.Namespace}}-cni
   labels:
     linkerd.io/cni-resource: "true"
 spec:
@@ -68,21 +68,21 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: linkerd-cni
-  namespace: {{.Values.namespace}}
+  {{ include "partials.namespace" . }}
   labels:
     linkerd.io/cni-resource: "true"
 rules:
 - apiGroups: ['extensions', 'policy']
   resources: ['podsecuritypolicies']
   resourceNames:
-  - linkerd-{{.Values.namespace}}-cni
+  - linkerd-{{.Release.Namespace}}-cni
   verbs: ['use']
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: linkerd-cni
-  namespace: {{.Values.namespace}}
+  {{ include "partials.namespace" . }}
   labels:
     linkerd.io/cni-resource: "true"
 roleRef:
@@ -92,7 +92,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: linkerd-cni
-  namespace: {{.Values.namespace}}
+  namespace: {{.Release.Namespace}}
 {{ end -}}
 ---
 kind: ClusterRole
@@ -119,13 +119,13 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: linkerd-cni
-  namespace: {{.Values.namespace}}
+  namespace: {{.Release.Namespace}}
 ---
 kind: ConfigMap
 apiVersion: v1
 metadata:
   name: linkerd-cni-config
-  namespace: {{.Values.namespace}}
+  {{ include "partials.namespace" . }}
   labels:
     linkerd.io/cni-resource: "true"
 data:
@@ -167,7 +167,7 @@ kind: DaemonSet
 apiVersion: apps/v1
 metadata:
   name: linkerd-cni
-  namespace: {{.Values.namespace}}
+  {{ include "partials.namespace" . }}
   labels:
     k8s-app: linkerd-cni
     linkerd.io/cni-resource: "true"

diff --git a/charts/linkerd2-cni/values.yaml b/charts/linkerd2-cni/values.yaml
@@ -1,7 +1,3 @@
-# -- CNI plugin plane namespace
-namespace: linkerd-cni
-# -- Whether to create the CNI plugin plane namespace or not
-installNamespace: true
 # -- Inbound port for the proxy container
 inboundProxyPort: 4143
 # -- Outbound port for the proxy container

diff --git a/cli/cmd/install-cni-plugin.go b/cli/cmd/install-cni-plugin.go
@@ -39,7 +39,6 @@ type cniPluginOptions struct {
 	destCNIBinDir       string
 	useWaitFlag         bool
 	priorityClassName   string
-	installNamespace    bool
 }
 
 func (options *cniPluginOptions) validate() error {
@@ -109,7 +108,6 @@ assumes that the 'linkerd install' command will be executed with the
 	cmd.PersistentFlags().StringVar(&options.destCNINetDir, "dest-cni-net-dir", options.destCNINetDir, "Directory on the host where the CNI configuration will be placed")
 	cmd.PersistentFlags().StringVar(&options.destCNIBinDir, "dest-cni-bin-dir", options.destCNIBinDir, "Directory on the host where the CNI binary will be placed")
 	cmd.PersistentFlags().StringVar(&options.priorityClassName, "priority-class-name", options.priorityClassName, "Pod priorityClassName for CNI daemonset's pods")
-	cmd.PersistentFlags().BoolVar(&options.installNamespace, "install-namespace", options.installNamespace, "Whether to create the CNI namespace or not")
 	cmd.PersistentFlags().BoolVar(
 		&options.useWaitFlag,
 		"use-wait-flag",
@@ -140,7 +138,6 @@ func newCNIInstallOptionsWithDefaults() (*cniPluginOptions, error) {
 		destCNIBinDir:       defaults.DestCNIBinDir,
 		useWaitFlag:         defaults.UseWaitFlag,
 		priorityClassName:   defaults.PriorityClassName,
-		installNamespace:    defaults.InstallNamespace,
 	}
 
 	if defaults.IgnoreInboundPorts != "" {
@@ -177,9 +174,7 @@ func (options *cniPluginOptions) buildValues() (*cnicharts.Values, error) {
 	installValues.DestCNINetDir = options.destCNINetDir
 	installValues.DestCNIBinDir = options.destCNIBinDir
 	installValues.UseWaitFlag = options.useWaitFlag
-	installValues.Namespace = cniNamespace
 	installValues.PriorityClassName = options.priorityClassName
-	installValues.InstallNamespace = options.installNamespace
 	return installValues, nil
 }
 
@@ -208,7 +203,7 @@ func renderCNIPlugin(w io.Writer, config *cniPluginOptions) error {
 	chart := &charts.Chart{
 		Name:      helmCNIDefaultChartName,
 		Dir:       helmCNIDefaultChartDir,
-		Namespace: controlPlaneNamespace,
+		Namespace: defaultCNINamespace,
 		RawValues: rawValues,
 		Files:     files,
 		Fs:        static.Templates,

diff --git a/cli/cmd/install-cni-plugin_test.go b/cli/cmd/install-cni-plugin_test.go
@@ -7,7 +7,6 @@ import (
 )
 
 func TestRenderCNIPlugin(t *testing.T) {
-	defaultCniNamespace := cniNamespace
 	defaultOptions, err := newCNIInstallOptionsWithDefaults()
 	if err != nil {
 		t.Fatalf("Unexpected error from newCNIInstallOptionsWithDefaults(): %v", err)
@@ -28,11 +27,8 @@ func TestRenderCNIPlugin(t *testing.T) {
 		destCNINetDir:       "/etc/kubernetes/cni/net.d",
 		destCNIBinDir:       "/opt/my-cni/bin",
 		priorityClassName:   "system-node-critical",
-		installNamespace:    true,
 	}
 
-	otherNamespace := "other"
-
 	fullyConfiguredOptionsEqualDsts := &cniPluginOptions{
 		linkerdVersion:      "awesome-linkerd-version.1",
 		dockerRegistry:      "cr.l5d.io/linkerd",
@@ -48,7 +44,6 @@ func TestRenderCNIPlugin(t *testing.T) {
 		destCNINetDir:       "/etc/kubernetes/cni/net.d",
 		destCNIBinDir:       "/etc/kubernetes/cni/net.d",
 		priorityClassName:   "system-node-critical",
-		installNamespace:    true,
 	}
 
 	fullyConfiguredOptionsNoNamespace := &cniPluginOptions{
@@ -66,7 +61,6 @@ func TestRenderCNIPlugin(t *testing.T) {
 		destCNINetDir:       "/etc/kubernetes/cni/net.d",
 		destCNIBinDir:       "/opt/my-cni/bin",
 		priorityClassName:   "system-node-critical",
-		installNamespace:    false,
 	}
 
 	defaultOptionsWithSkipPorts, err := newCNIInstallOptionsWithDefaults()
@@ -79,22 +73,18 @@ func TestRenderCNIPlugin(t *testing.T) {
 
 	testCases := []struct {
 		*cniPluginOptions
-		namespace      string
 		goldenFileName string
 	}{
-		{defaultOptions, defaultCniNamespace, "install-cni-plugin_default.golden"},
-		{fullyConfiguredOptions, otherNamespace, "install-cni-plugin_fully_configured.golden"},
-		{fullyConfiguredOptionsEqualDsts, otherNamespace, "install-cni-plugin_fully_configured_equal_dsts.golden"},
-		{fullyConfiguredOptionsNoNamespace, otherNamespace, "install-cni-plugin_fully_configured_no_namespace.golden"},
-		{defaultOptionsWithSkipPorts, defaultCniNamespace, "install-cni-plugin_skip_ports.golden"},
+		{defaultOptions, "install-cni-plugin_default.golden"},
+		{fullyConfiguredOptions, "install-cni-plugin_fully_configured.golden"},
+		{fullyConfiguredOptionsEqualDsts, "install-cni-plugin_fully_configured_equal_dsts.golden"},
+		{fullyConfiguredOptionsNoNamespace, "install-cni-plugin_fully_configured_no_namespace.golden"},
+		{defaultOptionsWithSkipPorts, "install-cni-plugin_skip_ports.golden"},
 	}
 
 	for i, tc := range testCases {
 		tc := tc // pin
 		t.Run(fmt.Sprintf("%d: %s", i, tc.goldenFileName), func(t *testing.T) {
-			defer teardown(defaultCniNamespace)
-			cniNamespace = tc.namespace
-
 			var buf bytes.Buffer
 			err := renderCNIPlugin(&buf, tc.cniPluginOptions)
 			if err != nil {
@@ -103,10 +93,4 @@ func TestRenderCNIPlugin(t *testing.T) {
 			testDataDiffer.DiffTestdata(t, tc.goldenFileName, buf.String())
 		})
 	}
-
-	cniNamespace = defaultCniNamespace
-}
-
-func teardown(originalNamespace string) {
-	cniNamespace = originalNamespace
 }
diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured.golden
diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden
diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden