Skip to content

Commit

Permalink
Remove namespace from linkerd-jaeger chart
Browse files Browse the repository at this point in the history
Another part of #6584 based off of #6635 (alpeb/no-ns-helm-core)

Stop rendering `namespace.yaml` in the `linkerd-jaeger` chart, same as
we did in #6635.

This makes use of a Helm `post-install` hook to add the
`linkerd.io/extension: jaeger` label to the namespace created by Helm.

The `linkerd.io/inject: enabled` and `config.linkerd.io/proxy-await:
enabled` annotations have been moved down from the namespace and into
each workload.
  • Loading branch information
alpeb committed Aug 12, 2021
1 parent 898e722 commit b2e2e74
Show file tree
Hide file tree
Showing 14 changed files with 137 additions and 42 deletions.
2 changes: 0 additions & 2 deletions jaeger/charts/linkerd-jaeger/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,6 @@ Kubernetes: `>=1.16.0-0`
| collector.nodeSelector | object | `{"beta.kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
| collector.tolerations | string | `nil` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
| enablePSP | bool | `false` | Create Roles and RoleBindings to associate this extension's ServiceAccounts to the control plane PSP resource. This requires that `enabledPSP` is set to true on the control plane install. Note PSP has been deprecated since k8s v1.21 |
| installNamespace | bool | `true` | Set to false when installing in a custom namespace. |
| jaeger.enabled | bool | `true` | Set to false to exclude all-in-one Jaeger installation |
| jaeger.image.name | string | `"jaegertracing/all-in-one"` | |
| jaeger.image.pullPolicy | string | `"Always"` | |
Expand All @@ -96,7 +95,6 @@ Kubernetes: `>=1.16.0-0`
| jaeger.tolerations | string | `nil` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
| linkerdNamespace | string | `"linkerd"` | Namespace of the Linkerd core control-plane install |
| linkerdVersion | string | `"linkerdVersionValue"` | |
| namespace | string | `"linkerd-jaeger"` | |
| nodeSelector | object | `{"beta.kubernetes.io/os":"linux"}` | Default nodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
| tolerations | string | `nil` | Default tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
| webhook.caBundle | string | `""` | if empty, Helm will auto-generate this field, unless externalSecret is set to true. |
Expand Down
6 changes: 4 additions & 2 deletions jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ metadata:
app.kubernetes.io/version: {{default .Values.webhook.image.version .Values.cliVersion}}
component: jaeger-injector
name: jaeger-injector
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
spec:
replicas: 1
selector:
Expand All @@ -23,6 +23,8 @@ spec:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/rbac.yaml") . | sha256sum }}
linkerd.io/inject: enabled
config.linkerd.io/proxy-await: "enabled"
labels:
linkerd.io/extension: jaeger
component: jaeger-injector
Expand Down Expand Up @@ -68,7 +70,7 @@ kind: Service
apiVersion: v1
metadata:
name: jaeger-injector
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
labels:
linkerd.io/extension: jaeger
component: jaeger-injector
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
kind: ServiceAccount
apiVersion: v1
metadata:
annotations:
{{ include "partials.annotations.created-by" . }}
"helm.sh/hook": post-install
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
name: namespace-metadata
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
{{ include "partials.annotations.created-by" . }}
"helm.sh/hook": post-install
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
name: namespace-metadata
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "patch"]
resourceNames: ["{{.Release.Namespace}}"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
{{ include "partials.annotations.created-by" . }}
"helm.sh/hook": post-install
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
name: namespace-metadata
roleRef:
kind: Role
name: namespace-metadata
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: namespace-metadata
namespace: {{.Release.Namespace}}
46 changes: 46 additions & 0 deletions jaeger/charts/linkerd-jaeger/templates/namespace-metadata.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
apiVersion: batch/v1
kind: Job
metadata:
annotations:
{{ include "partials.annotations.created-by" . }}
"helm.sh/hook": post-install
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app.kubernetes.io/name: namespace-metadata
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}}
name: namespace-metadata
spec:
template:
metadata:
annotations:
{{ include "partials.annotations.created-by" . }}
labels:
app.kubernetes.io/name: namespace-metadata
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}}
spec:
restartPolicy: Never
serviceAccountName: namespace-metadata
containers:
- name: namespace-metadata
image: curlimages/curl:7.78.0
command: ["/bin/sh"]
args:
- -c
- |
ops=''
token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
ns=$(curl -kfv -H "Authorization: Bearer $token" \
"https://kubernetes.default.svc/api/v1/namespaces/{{.Release.Namespace}}")
if echo "$ns" | grep -vq 'labels'; then
ops="$ops{\"op\": \"add\",\"path\": \"/metadata/labels\",\"value\": {}},"
fi
ops="$ops{\"op\": \"add\", \"path\": \"/metadata/labels/linkerd.io~1extension\", \"value\": \"jaeger\"}"
curl -kfv -XPATCH -H "Content-Type: application/json-patch+json" -H "Authorization: Bearer $token" \
-d "[$ops]" \
"https://kubernetes.default.svc/api/v1/namespaces/{{.Release.Namespace}}?fieldManager=kubectl-label"
7 changes: 2 additions & 5 deletions jaeger/charts/linkerd-jaeger/templates/namespace.yaml
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
{{- if (.Values.installNamespace) -}}
{{- if eq .Release.Service "CLI" -}}
---
kind: Namespace
apiVersion: v1
metadata:
name: {{.Values.namespace}}
name: {{.Release.Namespace}}
labels:
linkerd.io/extension: jaeger
annotations:
linkerd.io/inject: enabled
config.linkerd.io/proxy-await: "enabled"
{{ end -}}
10 changes: 5 additions & 5 deletions jaeger/charts/linkerd-jaeger/templates/psp.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: psp
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
labels:
linkerd.io/extension: jaeger
rules:
Expand All @@ -18,7 +18,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jaeger-psp
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
labels:
linkerd.io/extension: jaeger
roleRef:
Expand All @@ -29,14 +29,14 @@ subjects:
{{ if .Values.collector.enabled -}}
- kind: ServiceAccount
name: collector
namespace: {{.Values.namespace}}
namespace: {{.Release.Namespace}}
{{ end -}}
- kind: ServiceAccount
name: jaeger-injector
namespace: {{.Values.namespace}}
namespace: {{.Release.Namespace}}
{{ if .Values.jaeger.enabled -}}
- kind: ServiceAccount
name: jaeger
namespace: {{.Values.namespace}}
namespace: {{.Release.Namespace}}
{{ end -}}
{{ end -}}
14 changes: 7 additions & 7 deletions jaeger/charts/linkerd-jaeger/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ kind: ServiceAccount
apiVersion: v1
metadata:
name: collector
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
{{ end -}}
---
###
Expand All @@ -33,7 +33,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: jaeger-injector
namespace: {{.Values.namespace}}
namespace: {{.Release.Namespace}}
apiGroup: ""
roleRef:
kind: ClusterRole
Expand All @@ -44,16 +44,16 @@ kind: ServiceAccount
apiVersion: v1
metadata:
name: jaeger-injector
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
---
{{- $host := printf "jaeger-injector.%s.svc" .Values.namespace }}
{{- $host := printf "jaeger-injector.%s.svc" .Release.Namespace }}
{{- $ca := genSelfSignedCert $host (list) (list $host) 365 }}
{{- if (not .Values.webhook.externalSecret) }}
kind: Secret
apiVersion: v1
metadata:
name: jaeger-injector-k8s-tls
namespace: {{ .Values.namespace }}
{{ include "partials.namespace" . }}
type: kubernetes.io/tls
data:
tls.crt: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.webhook.crtPEM)) (empty .Values.webhook.crtPEM) }}
Expand All @@ -79,7 +79,7 @@ webhooks:
clientConfig:
service:
name: jaeger-injector
namespace: {{ .Values.namespace }}
namespace: {{ .Release.Namespace }}
path: "/"
{{- if and (.Values.webhook.externalSecret) (empty .Values.webhook.caBundle) }}
{{- fail "If webhook.externalSecret is true then you need to provide webhook.caBundle" }}
Expand All @@ -103,5 +103,5 @@ kind: ServiceAccount
apiVersion: v1
metadata:
name: jaeger
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
{{ end -}}
13 changes: 8 additions & 5 deletions jaeger/charts/linkerd-jaeger/templates/tracing.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: collector-config
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
labels:
component: collector
data:
Expand All @@ -18,7 +18,7 @@ apiVersion: v1
kind: Service
metadata:
name: collector
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
labels:
component: collector
spec:
Expand Down Expand Up @@ -55,7 +55,7 @@ metadata:
app.kubernetes.io/part-of: Linkerd
component: collector
name: collector
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
spec:
replicas: 1
selector:
Expand All @@ -66,6 +66,8 @@ spec:
template:
metadata:
annotations:
linkerd.io/inject: enabled
config.linkerd.io/proxy-await: "enabled"
prometheus.io/path: /metrics
prometheus.io/port: "8888"
prometheus.io/scrape: "true"
Expand Down Expand Up @@ -130,7 +132,7 @@ apiVersion: v1
kind: Service
metadata:
name: jaeger
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
labels:
component: jaeger
spec:
Expand All @@ -153,7 +155,7 @@ metadata:
app.kubernetes.io/part-of: Linkerd
component: jaeger
name: jaeger
namespace: {{.Values.namespace}}
{{ include "partials.namespace" . }}
spec:
replicas: 1
selector:
Expand All @@ -162,6 +164,7 @@ spec:
template:
metadata:
annotations:
linkerd.io/inject: enabled
config.linkerd.io/proxy-await: "enabled"
prometheus.io/path: /metrics
prometheus.io/port: "14269"
Expand Down
6 changes: 0 additions & 6 deletions jaeger/charts/linkerd-jaeger/values.yaml
Original file line number Diff line number Diff line change
@@ -1,9 +1,3 @@
# -- Set to false when installing in a custom namespace.
installNamespace: true
# Default values for tracing.

namespace: linkerd-jaeger

# -- Namespace of the Linkerd core control-plane install
linkerdNamespace: linkerd

Expand Down
11 changes: 10 additions & 1 deletion jaeger/cmd/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
)

var (
// this doesn't include the namespace-metadata.* templates, which are Helm-only
templatesJaeger = []string{
"templates/namespace.yaml",
"templates/jaeger-injector.yaml",
Expand Down Expand Up @@ -133,8 +134,16 @@ func render(w io.Writer, valuesOverrides map[string]interface{}) error {
return err
}

fullValues := map[string]interface{}{
"Values": vals,
"Release": map[string]interface{}{
"Namespace": defaultJaegerNamespace,
"Service": "CLI",
},
}

// Attach the final values into the `Values` field for rendering to work
renderedTemplates, err := engine.Render(chart, map[string]interface{}{"Values": vals})
renderedTemplates, err := engine.Render(chart, fullValues)
if err != nil {
return err
}
Expand Down
1 change: 1 addition & 0 deletions jaeger/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (

const (
defaultLinkerdNamespace = "linkerd"
defaultJaegerNamespace = "linkerd-jaeger"
)

var (
Expand Down
6 changes: 3 additions & 3 deletions jaeger/cmd/testdata/install_collector_disabled.golden
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@ metadata:
name: linkerd-jaeger
labels:
linkerd.io/extension: jaeger
annotations:
linkerd.io/inject: enabled
config.linkerd.io/proxy-await: "enabled"
---
###
### Jaeger Injector
Expand All @@ -33,6 +30,8 @@ spec:
metadata:
annotations:
checksum/config: 7cd13a5efac387ff6fffe14bdce45a64b0b462af3e55e8b0532c65a3140914d7
linkerd.io/inject: enabled
config.linkerd.io/proxy-await: "enabled"
labels:
linkerd.io/extension: jaeger
component: jaeger-injector
Expand Down Expand Up @@ -208,6 +207,7 @@ spec:
template:
metadata:
annotations:
linkerd.io/inject: enabled
config.linkerd.io/proxy-await: "enabled"
prometheus.io/path: /metrics
prometheus.io/port: "14269"
Expand Down
Loading

0 comments on commit b2e2e74

Please sign in to comment.