@ihcsim feedback and:

- I moved `Identity` from `Proxy` to `InjectValues`, according to `values.yaml` - In both `Proxy` and `ProxyInit` I replaced `MountPaths []*MountPath` with `SAMountPath *SAMountPath` given we're only adding a mount for the ServiceAccount so no need of a slice here - I created a separate `Issuer` struct to be able to instantiate that piece Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
linkerd · Jul 31, 2019 · 273eef1 · 273eef1
1 parent 241c4d3
commit 273eef1
Showing 1 changed file with 60 additions and 32 deletions.
diff --git a/pkg/inject/template-values.go b/pkg/inject/template-values.go
@@ -1,21 +1,55 @@
 package inject
 
 type (
+	// InjectValues contains the top-level elements in the Helm charts
+	InjectValues struct {
+		Namespace        string
+		ClusterDomain    string
+		HighAvailability bool
+		Identity         *Identity
+
+		Proxy     *Proxy
+		ProxyInit *ProxyInit
+	}
+
+	// Proxy contains the fields to set the proxy sidecar container
+	Proxy struct {
+		Capabilities          *Capabilities
+		Component             string
+		DisableIdentity       bool
+		DisableTap            bool
+		EnableExternalProfile bool
+		Image                 *Image
+		LogLevel              string
+		SAMountPath           *SAMountPath
+		Ports                 *Ports
+		Resources             *Resources
+		UID                   int64
+	}
+
+	// ProxyInit contains the fields to set the proxy-init container
+	ProxyInit struct {
+		Capabilities        *Capabilities
+		IgnoreInboundPorts  string
+		IgnoreOutboundPorts string
+		Image               Image
+		SAMountPath         *SAMountPath
+		Resources           *Resources
+	}
+
 	// Image contains the details to define a container image
 	Image struct {
 		Name       string
 		PullPolicy string
 		Version    string
 	}
 
-	// Port contains all the port-related setups
-	Port struct {
-		Admin               int32
-		Control             int32
-		Inbound             int32
-		Outbound            int32
-		IgnoreInboundPorts  string
-		IgnoreOutboundPorts string
+	// Ports contains all the port-related setups
+	Ports struct {
+		Admin    int32
+		Control  int32
+		Inbound  int32
+		Outbound int32
 	}
 
 	// Constraints wraps the Limit and Request settings for computational resources
@@ -24,6 +58,19 @@ type (
 		Request string
 	}
 
+	// Capabilities contains the SecurityContext capabilities to add/drop into the injected
+	// containers
+	Capabilities struct {
+		Add  []string
+		Drop []string
+	}
+
+	// SAMountPath contains the details for ServiceAccount volume mount
+	SAMountPath struct {
+		Name      string
+		MountPath string
+	}
+
 	// Resources represents the computational resources setup for a given container
 	Resources struct {
 		CPU    Constraints
@@ -33,31 +80,12 @@ type (
 	// Identity contains the fields to set the identity variables in the proxy
 	// sidecar container
 	Identity struct {
-		TrustDomain  string
-		TrustAnchors string
+		Issuer      Issuer
+		TrustDomain string
 	}
 
-	// Proxy contains the fields to set the proxy sidecar container
-	Proxy struct {
-		Component             string
-		ClusterDomain         string
-		DisableIdentity       bool
-		EnableExternalProfile bool
-		HighAvailability      bool
-		Identity              *Identity
-		Image                 Image
-		LogLevel              string
-		ControlPlaneNamespace string
-		Port                  Port
-		UID                   int64
-		ResourceRequirements  *Resources
-	}
-
-	// ProxyInit contains the fields to set the proxy-init container
-	ProxyInit struct {
-		Image                Image
-		Port                 Port
-		UID                  int64
-		ResourceRequirements *Resources
+	// Issuer contains the trust root certificate for Identity
+	Issuer struct {
+		CrtPEM string
 	}
 )