From 7eac2deed9fb32bdb03346e4b341db2f27a4d344 Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Thu, 12 Aug 2021 08:19:07 -0500 Subject: [PATCH] Remove namespace from multicluster charts Another part of #6584, branched off of #6635 (alpeb/no-ns-helm-core). Stop rendering the namespace in the `linkerd-multicluster` chart as we did in #6635. Also: - Got rid of the `namespace` values.yaml entry in the `linkerd-multicluster` and `linkerd-multicluster-link` charts, and also the `installNamespace` entry in the former. - Added a dependency on the `partials` chart to the `linkerd-multicluster-link` chart, so that we can tap on the `partials.namespace` helper. - Added the post-install hook resources to the `linkerd-multicluster` chart. - We don't have any more the restriction on having the muticluster objects live in a separate namespace than linkerd. It's still good practice, and that's the default for the CLI install, but I removed that validation. Finally, as a side-effect, the `allow` subcommand was fixed; it has been broken for a while apparently: ```console $ linkerd mc allow --service-account-name foobar Error: template: linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml:16:7: executing "linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml" at : error calling include: template: no template "partials.annotations.created-by" associated with template "gotpl" ``` --- bin/helm-build | 1 + bin/test-cleanup | 3 +- .../linkerd-multicluster-link/README.md | 5 +- .../requirements.lock | 6 +++ .../requirements.yaml | 4 ++ .../templates/gateway-mirror.yaml | 2 +- .../templates/psp.yaml | 6 +-- .../templates/service-mirror.yaml | 14 +++--- .../linkerd-multicluster-link/values.yaml | 2 - .../charts/linkerd-multicluster/README.md | 2 - .../templates/gateway.yaml | 8 ++-- .../templates/namespace-metadata-rbac.yaml | 42 +++++++++++++++++ .../templates/namespace-metadata.yaml | 46 +++++++++++++++++++ .../templates/namespace.yaml | 4 +- .../linkerd-multicluster/templates/psp.yaml | 8 ++-- .../remote-access-service-mirror-rbac.yaml | 8 ++-- .../charts/linkerd-multicluster/values.yaml | 4 -- multicluster/cmd/allow.go | 11 ++--- multicluster/cmd/install.go | 22 ++++----- multicluster/cmd/link.go | 32 +++++++++---- multicluster/values/values.go | 2 - pkg/charts/charts.go | 7 +-- test/integration/install_test.go | 1 - testutil/test_helper.go | 3 +- 24 files changed, 170 insertions(+), 73 deletions(-) create mode 100644 multicluster/charts/linkerd-multicluster-link/requirements.lock create mode 100644 multicluster/charts/linkerd-multicluster-link/requirements.yaml create mode 100644 multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml create mode 100644 multicluster/charts/linkerd-multicluster/templates/namespace-metadata.yaml diff --git a/bin/helm-build b/bin/helm-build index bfeb90dc8b7b6..7ab8976acd6a7 100755 --- a/bin/helm-build +++ b/bin/helm-build @@ -30,6 +30,7 @@ rm -f viz/charts/linkerd-viz/charts/* "$bindir"/helm dep up "$rootdir"/multicluster/charts/linkerd-multicluster "$bindir"/helm lint "$rootdir"/multicluster/charts/linkerd-multicluster +"$bindir"/helm dep up "$rootdir"/multicluster/charts/linkerd-multicluster-link "$bindir"/helm lint "$rootdir"/multicluster/charts/linkerd-multicluster-link "$bindir"/helm lint "$rootdir"/charts/partials "$bindir"/helm dep up "$rootdir"/charts/linkerd2-cni diff --git a/bin/test-cleanup b/bin/test-cleanup index ffef4d9b00ba9..54e23027512c8 100755 --- a/bin/test-cleanup +++ b/bin/test-cleanup @@ -37,6 +37,7 @@ if [[ "${releases[*]}" =~ 'helm-test' ]]; then "$bindir/helm" --kube-context="$k8s_context" --namespace linkerd delete helm-test fi if [[ "${releases[*]}" =~ 'multicluster-test' ]]; then - "$bindir/helm" --kube-context="$k8s_context" delete multicluster-test + "$bindir/helm" --kube-context="$k8s_context" --namespace linkerd-multicluster delete multicluster-test + kubectl delete ns linkerd-multicluster fi diff --git a/multicluster/charts/linkerd-multicluster-link/README.md b/multicluster/charts/linkerd-multicluster-link/README.md index b74c864b8677c..d215f57b08ddb 100644 --- a/multicluster/charts/linkerd-multicluster-link/README.md +++ b/multicluster/charts/linkerd-multicluster-link/README.md @@ -17,6 +17,10 @@ shouldn't be used as-is unless you really know what you're doing ;-) Kubernetes: `>=1.16.0-0` +| Repository | Name | Version | +|------------|------|---------| +| file://../../../charts/partials | partials | 0.1.0 | + ## Values | Key | Type | Default | Description | @@ -25,7 +29,6 @@ Kubernetes: `>=1.16.0-0` | controllerImageVersion | string | `"linkerdVersionValue"` | Tag for the Service Mirror container Docker image | | gateway.probe.port | int | `4191` | The port used for liveliness probing | | logLevel | string | `"info"` | Log level for the Multicluster components | -| namespace | string | `"linkerd-multicluster"` | Service Mirror component namespace | | serviceMirrorRetryLimit | int | `3` | Number of times update from the remote cluster is allowed to be requeued (retried) | | serviceMirrorUID | int | `2103` | User id under which the Service Mirror shall be ran | diff --git a/multicluster/charts/linkerd-multicluster-link/requirements.lock b/multicluster/charts/linkerd-multicluster-link/requirements.lock new file mode 100644 index 0000000000000..e899cc76e1339 --- /dev/null +++ b/multicluster/charts/linkerd-multicluster-link/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: partials + repository: file://../../../charts/partials + version: 0.1.0 +digest: sha256:e2c1d0d581afb33df46411df7a89fca2628328fc7bd0975167e7812bf128e27f +generated: "2021-08-11T14:34:45.712339546-05:00" diff --git a/multicluster/charts/linkerd-multicluster-link/requirements.yaml b/multicluster/charts/linkerd-multicluster-link/requirements.yaml new file mode 100644 index 0000000000000..761fd92ef675d --- /dev/null +++ b/multicluster/charts/linkerd-multicluster-link/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: partials + version: 0.1.0 + repository: file://../../../charts/partials diff --git a/multicluster/charts/linkerd-multicluster-link/templates/gateway-mirror.yaml b/multicluster/charts/linkerd-multicluster-link/templates/gateway-mirror.yaml index 3aa6b6f1ecbeb..83ca6779774d9 100644 --- a/multicluster/charts/linkerd-multicluster-link/templates/gateway-mirror.yaml +++ b/multicluster/charts/linkerd-multicluster-link/templates/gateway-mirror.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: probe-gateway-{{.Values.targetClusterName}} - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: mirror.linkerd.io/mirrored-gateway: "true" mirror.linkerd.io/cluster-name: {{.Values.targetClusterName}} diff --git a/multicluster/charts/linkerd-multicluster-link/templates/psp.yaml b/multicluster/charts/linkerd-multicluster-link/templates/psp.yaml index d18e8d1ed1745..12b5e754ec1c2 100644 --- a/multicluster/charts/linkerd-multicluster-link/templates/psp.yaml +++ b/multicluster/charts/linkerd-multicluster-link/templates/psp.yaml @@ -3,10 +3,10 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: multicluster-link-psp - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/extension: multicluster - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -14,4 +14,4 @@ roleRef: subjects: - kind: ServiceAccount name: linkerd-service-mirror-{{.Values.targetClusterName}} - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} diff --git a/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml b/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml index 32420020f4e79..808855398c051 100644 --- a/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml +++ b/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml @@ -28,13 +28,13 @@ roleRef: subjects: - kind: ServiceAccount name: linkerd-service-mirror-{{.Values.targetClusterName}} - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: linkerd-service-mirror-read-remote-creds-{{.Values.targetClusterName}} - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/control-plane-component: service-mirror mirror.linkerd.io/cluster-name: {{.Values.targetClusterName}} @@ -51,7 +51,7 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: linkerd-service-mirror-read-remote-creds-{{.Values.targetClusterName}} - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/control-plane-component: service-mirror mirror.linkerd.io/cluster-name: {{.Values.targetClusterName}} @@ -62,13 +62,13 @@ roleRef: subjects: - kind: ServiceAccount name: linkerd-service-mirror-{{.Values.targetClusterName}} - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} --- kind: ServiceAccount apiVersion: v1 metadata: name: linkerd-service-mirror-{{.Values.targetClusterName}} - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/control-plane-component: service-mirror mirror.linkerd.io/cluster-name: {{.Values.targetClusterName}} @@ -80,7 +80,7 @@ metadata: linkerd.io/control-plane-component: service-mirror mirror.linkerd.io/cluster-name: {{.Values.targetClusterName}} name: linkerd-service-mirror-{{.Values.targetClusterName}} - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} spec: replicas: 1 selector: @@ -100,7 +100,7 @@ spec: - service-mirror - -log-level={{.Values.logLevel}} - -event-requeue-limit={{.Values.serviceMirrorRetryLimit}} - - -namespace={{.Values.namespace}} + - -namespace={{.Release.Namespace}} - {{.Values.targetClusterName}} image: {{.Values.controllerImage}}:{{.Values.controllerImageVersion}} name: service-mirror diff --git a/multicluster/charts/linkerd-multicluster-link/values.yaml b/multicluster/charts/linkerd-multicluster-link/values.yaml index bb6b5e10594bd..45e8b7d325573 100644 --- a/multicluster/charts/linkerd-multicluster-link/values.yaml +++ b/multicluster/charts/linkerd-multicluster-link/values.yaml @@ -7,8 +7,6 @@ gateway: probe: # -- The port used for liveliness probing port: 4191 -# -- Service Mirror component namespace -namespace: linkerd-multicluster # -- Log level for the Multicluster components logLevel: info # -- Number of times update from the remote cluster is allowed to be requeued diff --git a/multicluster/charts/linkerd-multicluster/README.md b/multicluster/charts/linkerd-multicluster/README.md index 2143a449e6682..3ec4709fe92c2 100644 --- a/multicluster/charts/linkerd-multicluster/README.md +++ b/multicluster/charts/linkerd-multicluster/README.md @@ -90,10 +90,8 @@ Kubernetes: `>=1.16.0-0` | gateway.serviceAnnotations | object | `{}` | Annotations to add to the gateway service | | gateway.serviceType | string | `"LoadBalancer"` | Service Type of gateway Service | | identityTrustDomain | string | `"cluster.local"` | Identity Trust Domain of the certificate authority | -| installNamespace | bool | `true` | If the namespace should be installed | | linkerdNamespace | string | `"linkerd"` | Namespace of linkerd installation | | linkerdVersion | string | `"linkerdVersionValue"` | Control plane version | -| namespace | string | `"linkerd-multicluster"` | Service Mirror component namespace | | proxyOutboundPort | int | `4140` | The port on which the proxy accepts outbound traffic | | remoteMirrorServiceAccount | bool | `true` | If the remote mirror service account should be installed | | remoteMirrorServiceAccountName | string | `"linkerd-service-mirror-remote-access-default"` | The name of the service account used to allow remote clusters to mirror local services | diff --git a/multicluster/charts/linkerd-multicluster/templates/gateway.yaml b/multicluster/charts/linkerd-multicluster/templates/gateway.yaml index 17395d87f68f5..61032dbada01c 100644 --- a/multicluster/charts/linkerd-multicluster/templates/gateway.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/gateway.yaml @@ -13,7 +13,7 @@ metadata: app: {{.Values.gateway.name}} linkerd.io/extension: multicluster name: {{.Values.gateway.name}} - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} spec: replicas: 1 selector: @@ -38,11 +38,11 @@ apiVersion: v1 kind: Service metadata: name: {{.Values.gateway.name}} - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/extension: multicluster annotations: - mirror.linkerd.io/gateway-identity: {{.Values.gateway.name}}.{{.Values.namespace}}.serviceaccount.identity.{{.Values.linkerdNamespace}}.{{.Values.identityTrustDomain}} + mirror.linkerd.io/gateway-identity: {{.Values.gateway.name}}.{{.Release.Namespace}}.serviceaccount.identity.{{.Values.linkerdNamespace}}.{{.Values.identityTrustDomain}} mirror.linkerd.io/probe-period: "{{.Values.gateway.probe.seconds}}" mirror.linkerd.io/probe-path: {{.Values.gateway.probe.path}} mirror.linkerd.io/multicluster-gateway: "true" @@ -75,7 +75,7 @@ kind: ServiceAccount apiVersion: v1 metadata: name: {{.Values.gateway.name}} - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/extension: multicluster {{end -}} diff --git a/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml b/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml new file mode 100644 index 0000000000000..d27b7fb50d7be --- /dev/null +++ b/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml @@ -0,0 +1,42 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: namespace-metadata +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: namespace-metadata +rules: +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "patch"] + resourceNames: ["{{.Release.Namespace}}"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: namespace-metadata +roleRef: + kind: Role + name: namespace-metadata + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: namespace-metadata + namespace: {{.Release.Namespace}} diff --git a/multicluster/charts/linkerd-multicluster/templates/namespace-metadata.yaml b/multicluster/charts/linkerd-multicluster/templates/namespace-metadata.yaml new file mode 100644 index 0000000000000..de3cfa511a1dd --- /dev/null +++ b/multicluster/charts/linkerd-multicluster/templates/namespace-metadata.yaml @@ -0,0 +1,46 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: namespace-metadata + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}} + name: namespace-metadata +spec: + template: + metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + labels: + app.kubernetes.io/name: namespace-metadata + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}} + spec: + restartPolicy: Never + serviceAccountName: namespace-metadata + containers: + - name: namespace-metadata + image: curlimages/curl:7.78.0 + command: ["/bin/sh"] + args: + - -c + - | + ops='' + token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) + ns=$(curl -kfv -H "Authorization: Bearer $token" \ + "https://kubernetes.default.svc/api/v1/namespaces/{{.Release.Namespace}}") + + if echo "$ns" | grep -vq 'labels'; then + ops="$ops{\"op\": \"add\",\"path\": \"/metadata/labels\",\"value\": {}}," + fi + + ops="$ops{\"op\": \"add\", \"path\": \"/metadata/labels/linkerd.io~1extension\", \"value\": \"multicluster\"}" + + curl -kfv -XPATCH -H "Content-Type: application/json-patch+json" -H "Authorization: Bearer $token" \ + -d "[$ops]" \ + "https://kubernetes.default.svc/api/v1/namespaces/{{.Release.Namespace}}?fieldManager=kubectl-label" diff --git a/multicluster/charts/linkerd-multicluster/templates/namespace.yaml b/multicluster/charts/linkerd-multicluster/templates/namespace.yaml index 5a82ce424ee24..1357ba8276cd3 100644 --- a/multicluster/charts/linkerd-multicluster/templates/namespace.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/namespace.yaml @@ -1,8 +1,8 @@ -{{if .Values.installNamespace -}} +{{- if eq .Release.Service "CLI" -}} kind: Namespace apiVersion: v1 metadata: - name: {{ .Values.namespace }} + name: {{ .Release.Namespace }} labels: linkerd.io/extension: multicluster {{end -}} diff --git a/multicluster/charts/linkerd-multicluster/templates/psp.yaml b/multicluster/charts/linkerd-multicluster/templates/psp.yaml index c8bf3c5b70fd8..1dd6c6854bf78 100644 --- a/multicluster/charts/linkerd-multicluster/templates/psp.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/psp.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: psp - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/extension: multicluster rules: @@ -18,10 +18,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: multicluster-psp - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/extension: multicluster - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} roleRef: kind: Role name: psp @@ -29,5 +29,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{.Values.gateway.name}} - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} {{ end -}} diff --git a/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml b/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml index 39038c8eee2db..f25079574bf30 100644 --- a/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml @@ -9,7 +9,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{.}} - namespace: {{$.Values.namespace}} + {{ include "partials.namespace" $ }} labels: linkerd.io/extension: multicluster annotations: @@ -30,7 +30,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{.}} - namespace: {{$.Values.namespace}} + {{ include "partials.namespace" $ }} labels: linkerd.io/extension: multicluster annotations: @@ -40,7 +40,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{.}} - namespace: {{$.Values.namespace}} + {{ include "partials.namespace" $ }} labels: linkerd.io/extension: multicluster annotations: @@ -52,6 +52,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{.}} - namespace: {{$.Values.namespace}} + namespace: {{$.Release.Namespace}} {{end -}} {{end -}} diff --git a/multicluster/charts/linkerd-multicluster/values.yaml b/multicluster/charts/linkerd-multicluster/values.yaml index 3d0b4a04d56e7..25ad5c0fe2823 100644 --- a/multicluster/charts/linkerd-multicluster/values.yaml +++ b/multicluster/charts/linkerd-multicluster/values.yaml @@ -24,12 +24,8 @@ gateway: # -- Set loadBalancerIP on gateway service loadBalancerIP: "" -# -- If the namespace should be installed -installNamespace: true # -- Control plane version linkerdVersion: linkerdVersionValue -# -- Service Mirror component namespace -namespace: linkerd-multicluster # -- The port on which the proxy accepts outbound traffic proxyOutboundPort: 4140 # -- If the remote mirror service account should be installed diff --git a/multicluster/cmd/allow.go b/multicluster/cmd/allow.go index 4e342752b9fd6..bc04915a3f016 100644 --- a/multicluster/cmd/allow.go +++ b/multicluster/cmd/allow.go @@ -60,12 +60,12 @@ func newAllowCommand() *cobra.Command { chart := &charts.Chart{ Name: helmMulticlusterDefaultChartName, Dir: helmMulticlusterDefaultChartName, - Namespace: controlPlaneNamespace, + Namespace: opts.namespace, RawValues: rawValues, Files: files, Fs: static.Templates, } - buf, err := chart.RenderNoPartials() + buf, err := chart.Render() if err != nil { return err } @@ -102,16 +102,11 @@ func buildMulticlusterAllowValues(ctx context.Context, opts *allowOptions) (*mcc return nil, errors.New("you need to specify a service account name") } - if opts.namespace == controlPlaneNamespace { - return nil, errors.New("you need to setup the multicluster addons in a namespace different than the Linkerd one") - } - defaults, err := mccharts.NewInstallValues() if err != nil { return nil, err } - defaults.Namespace = opts.namespace defaults.LinkerdVersion = version.Version defaults.Gateway.Enabled = false defaults.ServiceMirror = false @@ -119,7 +114,7 @@ func buildMulticlusterAllowValues(ctx context.Context, opts *allowOptions) (*mcc defaults.RemoteMirrorServiceAccountName = opts.serviceAccountName if !opts.ignoreCluster { - acc, err := kubeAPI.CoreV1().ServiceAccounts(defaults.Namespace).Get(ctx, defaults.RemoteMirrorServiceAccountName, metav1.GetOptions{}) + acc, err := kubeAPI.CoreV1().ServiceAccounts(opts.namespace).Get(ctx, defaults.RemoteMirrorServiceAccountName, metav1.GetOptions{}) if err == nil && acc != nil { return nil, fmt.Errorf("Service account with name %s already exists, use --ignore-cluster for force operation", defaults.RemoteMirrorServiceAccountName) } diff --git a/multicluster/cmd/install.go b/multicluster/cmd/install.go index 2c65203917efc..0cce348ae1cd1 100644 --- a/multicluster/cmd/install.go +++ b/multicluster/cmd/install.go @@ -31,7 +31,6 @@ import ( type ( multiclusterInstallOptions struct { gateway multicluster.Gateway - namespace string remoteMirrorCredentials bool } ) @@ -130,8 +129,16 @@ A full list of configurable values can be found at https://github.com/linkerd/li return err } + fullValues := map[string]interface{}{ + "Values": vals, + "Release": map[string]interface{}{ + "Namespace": defaultMulticlusterNamespace, + "Service": "CLI", + }, + } + // Attach the final values into the `Values` field for rendering to work - renderedTemplates, err := engine.Render(chart, map[string]interface{}{"Values": vals}) + renderedTemplates, err := engine.Render(chart, fullValues) if err != nil { return err } @@ -152,7 +159,6 @@ A full list of configurable values can be found at https://github.com/linkerd/li } flags.AddValueOptionsFlags(cmd.Flags(), &valuesOptions) - cmd.Flags().StringVar(&options.namespace, "namespace", options.namespace, "The namespace in which the multicluster add-on is to be installed. Must not be the control plane namespace. ") cmd.Flags().BoolVar(&options.gateway.Enabled, "gateway", options.gateway.Enabled, "If the gateway component should be installed") cmd.Flags().Uint32Var(&options.gateway.Port, "gateway-port", options.gateway.Port, "The port on the gateway used for all incoming traffic") cmd.Flags().Uint32Var(&options.gateway.Probe.Seconds, "gateway-probe-seconds", options.gateway.Probe.Seconds, "The interval at which the gateway will be checked for being alive in seconds") @@ -183,7 +189,6 @@ func newMulticlusterInstallOptionsWithDefault() (*multiclusterInstallOptions, er return &multiclusterInstallOptions{ gateway: *defaults.Gateway, - namespace: defaults.Namespace, remoteMirrorCredentials: true, }, nil } @@ -198,20 +203,11 @@ func buildMulticlusterInstallValues(ctx context.Context, opts *multiclusterInsta return nil, err } - if opts.namespace == "" { - return nil, errors.New("you need to specify a namespace") - } - - if opts.namespace == controlPlaneNamespace { - return nil, errors.New("you need to setup the multicluster addons in a namespace different than the Linkerd one") - } - defaults, err := multicluster.NewInstallValues() if err != nil { return nil, err } - defaults.Namespace = opts.namespace defaults.Gateway.Enabled = opts.gateway.Enabled defaults.Gateway.Port = opts.gateway.Port defaults.Gateway.Probe.Seconds = opts.gateway.Probe.Seconds diff --git a/multicluster/cmd/link.go b/multicluster/cmd/link.go index 55edae8763434..e7e640d5a0c0d 100644 --- a/multicluster/cmd/link.go +++ b/multicluster/cmd/link.go @@ -11,6 +11,7 @@ import ( "github.com/linkerd/linkerd2/multicluster/static" multicluster "github.com/linkerd/linkerd2/multicluster/values" "github.com/linkerd/linkerd2/pkg/charts" + partials "github.com/linkerd/linkerd2/pkg/charts/static" pkgcmd "github.com/linkerd/linkerd2/pkg/cmd" "github.com/linkerd/linkerd2/pkg/flags" "github.com/linkerd/linkerd2/pkg/k8s" @@ -263,13 +264,25 @@ A full list of configurable values can be found at https://github.com/linkerd/li {Name: "templates/gateway-mirror.yaml"}, } + var partialFiles []*chartloader.BufferedFile + for _, template := range charts.L5dPartials { + partialFiles = append(partialFiles, + &chartloader.BufferedFile{Name: template}, + ) + } + // Load all multicluster link chart files into buffer if err := charts.FilesReader(static.Templates, helmMulticlusterLinkDefaultChartName+"/", files); err != nil { return err } + // Load all partial chart files into buffer + if err := charts.FilesReader(partials.Templates, "", partialFiles); err != nil { + return err + } + // Create a Chart obj from the files - chart, err := chartloader.LoadFiles(files) + chart, err := chartloader.LoadFiles(append(files, partialFiles...)) if err != nil { return err } @@ -291,8 +304,16 @@ A full list of configurable values can be found at https://github.com/linkerd/li return err } + fullValues := map[string]interface{}{ + "Values": vals, + "Release": map[string]interface{}{ + "Namespace": opts.namespace, + "Service": "CLI", + }, + } + // Attach the final values into the `Values` field for rendering to work - renderedTemplates, err := engine.Render(chart, map[string]interface{}{"Values": vals}) + renderedTemplates, err := engine.Render(chart, fullValues) if err != nil { return err } @@ -346,7 +367,7 @@ func newLinkOptionsWithDefault() (*linkOptions, error) { return &linkOptions{ controlPlaneVersion: version.Version, - namespace: defaults.Namespace, + namespace: defaultMulticlusterNamespace, dockerRegistry: defaultDockerRegistry, serviceMirrorRetryLimit: defaults.ServiceMirrorRetryLimit, logLevel: defaults.LogLevel, @@ -366,10 +387,6 @@ func buildServiceMirrorValues(opts *linkOptions) (*multicluster.Values, error) { return nil, errors.New("you need to specify a namespace") } - if opts.namespace == controlPlaneNamespace { - return nil, errors.New("you need to setup the multicluster addons in a namespace different than the Linkerd one") - } - if _, err := log.ParseLevel(opts.logLevel); err != nil { return nil, fmt.Errorf("--log-level must be one of: panic, fatal, error, warn, info, debug") } @@ -380,7 +397,6 @@ func buildServiceMirrorValues(opts *linkOptions) (*multicluster.Values, error) { } defaults.TargetClusterName = opts.clusterName - defaults.Namespace = opts.namespace defaults.ServiceMirrorRetryLimit = opts.serviceMirrorRetryLimit defaults.LogLevel = opts.logLevel defaults.ControllerImageVersion = opts.controlPlaneVersion diff --git a/multicluster/values/values.go b/multicluster/values/values.go index 151c17e1e2be2..a611c59016c05 100644 --- a/multicluster/values/values.go +++ b/multicluster/values/values.go @@ -23,10 +23,8 @@ type Values struct { ControllerImageVersion string `json:"controllerImageVersion"` Gateway *Gateway `json:"gateway"` IdentityTrustDomain string `json:"identityTrustDomain"` - InstallNamespace bool `json:"installNamespace"` LinkerdNamespace string `json:"linkerdNamespace"` LinkerdVersion string `json:"linkerdVersion"` - Namespace string `json:"namespace"` ProxyOutboundPort uint32 `json:"proxyOutboundPort"` ServiceMirror bool `json:"serviceMirror"` LogLevel string `json:"logLevel"` diff --git a/pkg/charts/charts.go b/pkg/charts/charts.go index 712a1cba76c34..932e14ec12243 100644 --- a/pkg/charts/charts.go +++ b/pkg/charts/charts.go @@ -82,6 +82,8 @@ func (c *Chart) render(partialsFiles []*loader.BufferedFile) (bytes.Buffer, erro if err != nil { return bytes.Buffer{}, err } + release, _ := valuesToRender["Release"].(map[string]interface{}) + release["Service"] = "CLI" renderedTemplates, err := engine.Render(chart, valuesToRender) if err != nil { @@ -124,11 +126,6 @@ func (c *Chart) RenderCNI() (bytes.Buffer, error) { return c.render(cniPartials) } -// RenderNoPartials returns a bytes buffer with the result of rendering a Helm chart with no partials -func (c *Chart) RenderNoPartials() (bytes.Buffer, error) { - return c.render([]*loader.BufferedFile{}) -} - // ReadFile updates the buffered file with the data read from disk func ReadFile(fs http.FileSystem, dir string, f *loader.BufferedFile) error { filename := dir + f.Name diff --git a/test/integration/install_test.go b/test/integration/install_test.go index ad55a3ded806c..5681403ba6546 100644 --- a/test/integration/install_test.go +++ b/test/integration/install_test.go @@ -583,7 +583,6 @@ func TestInstallMulticluster(t *testing.T) { } else if TestHelper.Multicluster() { exec := append([]string{"multicluster"}, []string{ "install", - "--namespace", TestHelper.GetMulticlusterNamespace(), }...) out, err := TestHelper.LinkerdRun(exec...) if err != nil { diff --git a/testutil/test_helper.go b/testutil/test_helper.go index 76426fded6cf2..5927128f8567e 100644 --- a/testutil/test_helper.go +++ b/testutil/test_helper.go @@ -527,7 +527,8 @@ func (h *TestHelper) HelmInstallMulticluster(chart string, arg ...string) (strin h.helm.multiclusterReleaseName, chart, "--kube-context", h.k8sContext, - "--set", "namespace=" + h.GetMulticlusterNamespace(), + "--namespace", h.GetMulticlusterNamespace(), + "--create-namespace", "--set", "linkerdNamespace=" + h.GetLinkerdNamespace(), }, arg...) return combinedOutput("", h.helm.path, withParams...)