Add missing fields and re-order YAML elements to match CLI output

Signed-off-by: ihcsim <ihcsim@gmail.com>

charts/linkerd/templates/_affinity.tpl

@@ -2,15 +2,15 @@
 affinity:
   podAntiAffinity:
     preferredDuringSchedulingIgnoredDuringExecution:
-    - weight: 100
-      podAffinityTerm:
+    - podAffinityTerm:
         labelSelector:
           matchExpressions:
           - key: {{ .Label }}
             operator: In
             values:
             - {{ .Component }}
-      topologyKey: failure-domain.beta.kubernetes.io/zone
+        topologyKey: failure-domain.beta.kubernetes.io/zone
+      weight: 100
     requiredDuringSchedulingIgnoredDuringExecution:
     - labelSelector:
         matchExpressions:

charts/linkerd/templates/controller-rbac.yaml

@@ -52,4 +52,4 @@ metadata:
   labels:
     {{.ControllerComponentLabel}}: controller
     {{.ControllerNamespaceLabel}}: {{.Namespace}}
-{{end -}}
+{{- end -}}

charts/linkerd/templates/controller.yaml

@@ -47,16 +47,16 @@ spec:
 {{ end -}}
 {{ $_ := set .Proxy "WorkloadKind" "deployment" -}}
 {{ $_ := set .Proxy "Component" "controller" -}}
-kind: Deployment
 apiVersion: apps/v1
+kind: Deployment
 metadata:
-  name: linkerd-controller
-  namespace: {{.Namespace}}
+  annotations:
+    {{.CreatedByAnnotation}}: {{default (printf "linkerd/helm %s" $.Chart.Version) .CliVersion}}
   labels:
     {{.ControllerComponentLabel}}: controller
     {{.ControllerNamespaceLabel}}: {{.Namespace}}
-  annotations:
-    {{.CreatedByAnnotation}}: {{default (printf "linkerd/helm %s" $.Chart.Version) .CliVersion}}
+  name: linkerd-controller
+  namespace: {{.Namespace}}
 spec:
   replicas: {{ternary .ControllerReplicas 1 (eq .HighAvailability true)}}
   selector:
@@ -66,86 +66,90 @@ spec:
       {{- include "partials.proxy.labels" .Proxy | nindent 6}}
   template:
     metadata:
+      annotations:
+        {{.CreatedByAnnotation}}: {{default (printf "linkerd/helm %s" $.Chart.Version) .CliVersion}}
+        {{- include "partials.proxy.annotations" .Proxy| nindent 8}}
       labels:
         {{.ControllerComponentLabel}}: controller
         {{.ControllerNamespaceLabel}}: {{.Namespace}}
         {{- include "partials.proxy.labels" .Proxy | nindent 8}}
-      annotations:
-        {{.CreatedByAnnotation}}: {{default (printf "linkerd/helm %s" $.Chart.Version) .CliVersion}}
-        {{- include "partials.proxy.annotations" .Proxy| nindent 8}}
     spec:
-      serviceAccountName: linkerd-controller
+      {{- if eq .HighAvailability true -}}
+      {{- $local := dict "Component" "controller" "Label" .ControllerComponentLabel -}}
+      {{- include "linkerd.pod-affinity" $local | nindent 6 -}}
+      {{- end }}
       containers:
-      - name: public-api
-        ports:
-        - name: http
-          containerPort: 8085
-        - name: admin-http
-          containerPort: 9995
-        volumeMounts:
-        - name: config
-          mountPath: /var/run/linkerd/config
-        image: {{.ControllerImage}}:{{default $.Chart.AppVersion .ControllerImageVersion}}
-        imagePullPolicy: {{.ImagePullPolicy}}
-        args:
+      - args:
         - "public-api"
         - "-prometheus-url=http://linkerd-prometheus.{{.Namespace}}.svc.cluster.local:9090"
-        - "-tap-addr=linkerd-tap.{{.Namespace}}.svc.cluster.local:8088"
+        - "-tap-addr=linkerd-tap.{{.Namespace}}.svc.{{.ClusterDomain}}:8088"
         - "-controller-namespace={{.Namespace}}"
         - "-log-level={{.ControllerLogLevel}}"
+        image: {{.ControllerImage}}:{{default $.Chart.AppVersion .ControllerImageVersion}}
+        imagePullPolicy: {{.ImagePullPolicy}}
         livenessProbe:
           httpGet:
             path: /ping
             port: 9995
           initialDelaySeconds: 10
+        name: public-api
+        ports:
+        - containerPort: 8085
+          name: http
+        - containerPort: 9995
+          name: admin-http
         readinessProbe:
+          failureThreshold: 7
           httpGet:
             path: /ready
             port: 9995
-          failureThreshold: 7
+        {{- if eq .HighAvailability true -}}
         {{- include "linkerd.resources" .PublicAPIResources | nindent 8 }}
+        {{- end }}
         securityContext:
           runAsUser: {{.ControllerUID}}
-      - name: destination
-        ports:
-        - name: grpc
-          containerPort: 8086
-        - name: admin-http
-          containerPort: 9996
         volumeMounts:
-        - name: config
-          mountPath: /var/run/linkerd/config
-        image: {{.ControllerImage}}:{{default $.Chart.AppVersion .ControllerImageVersion}}
-        imagePullPolicy: {{.ImagePullPolicy}}
-        args:
+        - mountPath: /var/run/linkerd/config
+          name: config
+      - args:
         - "destination"
         - "-addr=:8086"
         - "-controller-namespace={{.Namespace}}"
         - "-enable-h2-upgrade={{.EnableH2Upgrade}}"
         - "-log-level={{.ControllerLogLevel}}"
+        image: {{.ControllerImage}}:{{default $.Chart.AppVersion .ControllerImageVersion}}
+        imagePullPolicy: {{.ImagePullPolicy}}
         livenessProbe:
           httpGet:
             path: /ping
             port: 9996
           initialDelaySeconds: 10
+        name: destination
+        ports:
+        - containerPort: 8086
+          name: grpc
+        - containerPort: 9996
+          name: admin-http
         readinessProbe:
+          failureThreshold: 7
           httpGet:
             path: /ready
             port: 9996
-          failureThreshold: 7
+        {{- if eq .HighAvailability true -}}
         {{- include "linkerd.resources" .DestinationResources | nindent 8 }}
+        {{- end }}
         securityContext:
           runAsUser: {{.ControllerUID}}
+        volumeMounts:
+        - mountPath: /var/run/linkerd/config
+          name: config
       {{- include "partials.proxy" .Proxy | nindent 6 -}}
       initContainers:
       {{- include "partials.proxy-init" .ProxyInit | nindent 6 -}}
+      serviceAccountName: linkerd-controller
       volumes:
       - name: config
         configMap:
           name: linkerd-config
       {{- include "partials.proxy-identity-volume" . | nindent 6 -}}
-      {{- if eq .HighAvailability true -}}
-      {{- $local := dict "Kind" "deployment" "Label" .ControllerComponentLabel -}}
-      {{- include "linkerd.pod-affinity" $local | nindent 6 -}}
-      {{- end -}}
 {{end -}}

charts/linkerd/templates/namespace.yaml

@@ -12,4 +12,4 @@ metadata:
     {{.ProxyInjectAnnotation}}: {{.ProxyInjectDisabled}}
   labels:
     {{.LinkerdNamespaceLabel}}: "true"
-{{end -}}
+{{- end -}}

charts/linkerd/values.yaml

@@ -4,15 +4,28 @@
 
 ClusterDomain: &cluster_domain cluster.local
 EnableH2Upgrade: true
-HighAvailability: &high_availability false
+HighAvailability: &high_availability true
 ImagePullPolicy: IfNotPresent
 Namespace: &namespace linkerd
 
 # controller configuration
-ControllerReplicas: 2
+ControllerReplicas: 3
 ControllerImage: gcr.io/linkerd-io/controller
 ControllerLogLevel: info
 ControllerUID: 2103
+ControllerResources: &controller_resources
+  CPU:
+    Limit: "1"
+    Request: 100m
+  Memory:
+    Limit: 250Mi
+    Request: 50Mi
+
+PublicAPIResources:
+  <<: *controller_resources
+
+DestinationResources:
+  <<: *controller_resources
 
 # proxy configuration
 Proxy:

charts/partials/templates/_proxy.tpl

@@ -30,7 +30,7 @@
     value: /var/run/linkerd/identity/end-entity
   - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
     value: |
-    {{- .IdentityTrustAnchors | nindent 6 -}}
+    {{- .IdentityTrustAnchors | trim | nindent 6 }}
   - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
     value: /var/run/secrets/kubernetes.io/serviceaccount/token
   - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
@@ -56,6 +56,7 @@
     httpGet:
       path: /metrics
       port: {{.Port.Admin}}
+    initialDelaySeconds: 10
   name: linkerd-proxy
   ports:
   - containerPort: {{.Port.Inbound}}
@@ -68,7 +69,8 @@
     httpGet:
       path: /ready
       port: {{.Port.Admin}}
-  {{ if eq .HighAvailability true -}}
+    initialDelaySeconds: 2
+  {{- if eq .HighAvailability true -}}
   resources:
   {{- if .ResourceRequirements -}}
   {{- toYaml .ResourceRequirements | trim | nindent 4 -}}
@@ -81,6 +83,6 @@
     readOnlyRootFilesystem: true
     runAsUser: {{.UID}}
   volumeMounts:
-  - name: linkerd-identity-end-entity
-    mountPath: /var/run/linkerd/identity/end-entity
+  - mountPath: /var/run/linkerd/identity/end-entity
+    name: linkerd-identity-end-entity
 {{ end -}}

charts/partials/templates/_volumes.tpl

@@ -1,5 +1,5 @@
 {{ define "partials.proxy-identity-volume" -}}
-- name: linkerd-identity-end-entity
-  emptyDir:
+- emptyDir:
     medium: Memory
+  name: linkerd-identity-end-entity
 {{- end -}}