diff --git a/jaeger/charts/linkerd-jaeger/README.md b/jaeger/charts/linkerd-jaeger/README.md index 4cb3db3353f18..6bb10edf201c5 100644 --- a/jaeger/charts/linkerd-jaeger/README.md +++ b/jaeger/charts/linkerd-jaeger/README.md @@ -87,7 +87,6 @@ Kubernetes: `>=1.16.0-0` | collector.nodeSelector | object | `{"beta.kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information | | collector.tolerations | string | `nil` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information | | enablePSP | bool | `false` | Create Roles and RoleBindings to associate this extension's ServiceAccounts to the control plane PSP resource. This requires that `enabledPSP` is set to true on the control plane install. Note PSP has been deprecated since k8s v1.21 | -| installNamespace | bool | `true` | Set to false when installing in a custom namespace. | | jaeger.enabled | bool | `true` | Set to false to exclude all-in-one Jaeger installation | | jaeger.image.name | string | `"jaegertracing/all-in-one"` | | | jaeger.image.pullPolicy | string | `"Always"` | | @@ -96,7 +95,6 @@ Kubernetes: `>=1.16.0-0` | jaeger.tolerations | string | `nil` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information | | linkerdNamespace | string | `"linkerd"` | Namespace of the Linkerd core control-plane install | | linkerdVersion | string | `"linkerdVersionValue"` | | -| namespace | string | `"linkerd-jaeger"` | | | nodeSelector | object | `{"beta.kubernetes.io/os":"linux"}` | Default nodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information | | tolerations | string | `nil` | Default tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information | | webhook.caBundle | string | `""` | if empty, Helm will auto-generate this field, unless externalSecret is set to true. | diff --git a/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml b/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml index 9f9e0f3934c16..fa10c15f0b320 100644 --- a/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml @@ -12,7 +12,7 @@ metadata: app.kubernetes.io/version: {{default .Values.webhook.image.version .Values.cliVersion}} component: jaeger-injector name: jaeger-injector - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} spec: replicas: 1 selector: @@ -23,6 +23,8 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/rbac.yaml") . | sha256sum }} + linkerd.io/inject: enabled + config.linkerd.io/proxy-await: "enabled" labels: linkerd.io/extension: jaeger component: jaeger-injector @@ -68,7 +70,7 @@ kind: Service apiVersion: v1 metadata: name: jaeger-injector - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/extension: jaeger component: jaeger-injector diff --git a/jaeger/charts/linkerd-jaeger/templates/namespace-metadata-rbac.yaml b/jaeger/charts/linkerd-jaeger/templates/namespace-metadata-rbac.yaml new file mode 100644 index 0000000000000..d27b7fb50d7be --- /dev/null +++ b/jaeger/charts/linkerd-jaeger/templates/namespace-metadata-rbac.yaml @@ -0,0 +1,42 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: namespace-metadata +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: namespace-metadata +rules: +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "patch"] + resourceNames: ["{{.Release.Namespace}}"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: namespace-metadata +roleRef: + kind: Role + name: namespace-metadata + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: namespace-metadata + namespace: {{.Release.Namespace}} diff --git a/jaeger/charts/linkerd-jaeger/templates/namespace-metadata.yaml b/jaeger/charts/linkerd-jaeger/templates/namespace-metadata.yaml new file mode 100644 index 0000000000000..37be31f6801a8 --- /dev/null +++ b/jaeger/charts/linkerd-jaeger/templates/namespace-metadata.yaml @@ -0,0 +1,46 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: namespace-metadata + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}} + name: namespace-metadata +spec: + template: + metadata: + annotations: + {{ include "partials.annotations.created-by" . }} + labels: + app.kubernetes.io/name: namespace-metadata + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}} + spec: + restartPolicy: Never + serviceAccountName: namespace-metadata + containers: + - name: namespace-metadata + image: curlimages/curl:7.78.0 + command: ["/bin/sh"] + args: + - -c + - | + ops='' + token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) + ns=$(curl -kfv -H "Authorization: Bearer $token" \ + "https://kubernetes.default.svc/api/v1/namespaces/{{.Release.Namespace}}") + + if echo "$ns" | grep -vq 'labels'; then + ops="$ops{\"op\": \"add\",\"path\": \"/metadata/labels\",\"value\": {}}," + fi + + ops="$ops{\"op\": \"add\", \"path\": \"/metadata/labels/linkerd.io~1extension\", \"value\": \"jaeger\"}" + + curl -kfv -XPATCH -H "Content-Type: application/json-patch+json" -H "Authorization: Bearer $token" \ + -d "[$ops]" \ + "https://kubernetes.default.svc/api/v1/namespaces/{{.Release.Namespace}}?fieldManager=kubectl-label" diff --git a/jaeger/charts/linkerd-jaeger/templates/namespace.yaml b/jaeger/charts/linkerd-jaeger/templates/namespace.yaml index 4b4edc74d4735..93e3bfe1f536c 100644 --- a/jaeger/charts/linkerd-jaeger/templates/namespace.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/namespace.yaml @@ -1,12 +1,9 @@ -{{- if (.Values.installNamespace) -}} +{{- if eq .Release.Service "CLI" -}} --- kind: Namespace apiVersion: v1 metadata: - name: {{.Values.namespace}} + name: {{.Release.Namespace}} labels: linkerd.io/extension: jaeger - annotations: - linkerd.io/inject: enabled - config.linkerd.io/proxy-await: "enabled" {{ end -}} diff --git a/jaeger/charts/linkerd-jaeger/templates/psp.yaml b/jaeger/charts/linkerd-jaeger/templates/psp.yaml index 908a386f40546..b6e696ddd36ef 100644 --- a/jaeger/charts/linkerd-jaeger/templates/psp.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/psp.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: psp - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/extension: jaeger rules: @@ -18,7 +18,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: jaeger-psp - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/extension: jaeger roleRef: @@ -29,14 +29,14 @@ subjects: {{ if .Values.collector.enabled -}} - kind: ServiceAccount name: collector - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} {{ end -}} - kind: ServiceAccount name: jaeger-injector - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} {{ if .Values.jaeger.enabled -}} - kind: ServiceAccount name: jaeger - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} {{ end -}} {{ end -}} diff --git a/jaeger/charts/linkerd-jaeger/templates/rbac.yaml b/jaeger/charts/linkerd-jaeger/templates/rbac.yaml index 98a0d5c5d3ee7..115e5be48b964 100644 --- a/jaeger/charts/linkerd-jaeger/templates/rbac.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/rbac.yaml @@ -7,7 +7,7 @@ kind: ServiceAccount apiVersion: v1 metadata: name: collector - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} {{ end -}} --- ### @@ -33,7 +33,7 @@ metadata: subjects: - kind: ServiceAccount name: jaeger-injector - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} apiGroup: "" roleRef: kind: ClusterRole @@ -44,16 +44,16 @@ kind: ServiceAccount apiVersion: v1 metadata: name: jaeger-injector - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} --- -{{- $host := printf "jaeger-injector.%s.svc" .Values.namespace }} +{{- $host := printf "jaeger-injector.%s.svc" .Release.Namespace }} {{- $ca := genSelfSignedCert $host (list) (list $host) 365 }} {{- if (not .Values.webhook.externalSecret) }} kind: Secret apiVersion: v1 metadata: name: jaeger-injector-k8s-tls - namespace: {{ .Values.namespace }} + {{ include "partials.namespace" . }} type: kubernetes.io/tls data: tls.crt: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.webhook.crtPEM)) (empty .Values.webhook.crtPEM) }} @@ -79,7 +79,7 @@ webhooks: clientConfig: service: name: jaeger-injector - namespace: {{ .Values.namespace }} + namespace: {{ .Release.Namespace }} path: "/" {{- if and (.Values.webhook.externalSecret) (empty .Values.webhook.caBundle) }} {{- fail "If webhook.externalSecret is true then you need to provide webhook.caBundle" }} @@ -103,5 +103,5 @@ kind: ServiceAccount apiVersion: v1 metadata: name: jaeger - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} {{ end -}} diff --git a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml index 5a5a322265ca8..cc86bdaf053af 100644 --- a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml @@ -7,7 +7,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: collector-config - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: component: collector data: @@ -18,7 +18,7 @@ apiVersion: v1 kind: Service metadata: name: collector - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: component: collector spec: @@ -55,7 +55,7 @@ metadata: app.kubernetes.io/part-of: Linkerd component: collector name: collector - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} spec: replicas: 1 selector: @@ -66,6 +66,8 @@ spec: template: metadata: annotations: + linkerd.io/inject: enabled + config.linkerd.io/proxy-await: "enabled" prometheus.io/path: /metrics prometheus.io/port: "8888" prometheus.io/scrape: "true" @@ -130,7 +132,7 @@ apiVersion: v1 kind: Service metadata: name: jaeger - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: component: jaeger spec: @@ -153,7 +155,7 @@ metadata: app.kubernetes.io/part-of: Linkerd component: jaeger name: jaeger - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} spec: replicas: 1 selector: @@ -162,6 +164,7 @@ spec: template: metadata: annotations: + linkerd.io/inject: enabled config.linkerd.io/proxy-await: "enabled" prometheus.io/path: /metrics prometheus.io/port: "14269" diff --git a/jaeger/charts/linkerd-jaeger/values.yaml b/jaeger/charts/linkerd-jaeger/values.yaml index 735377d45eff6..4c4f033c627ff 100644 --- a/jaeger/charts/linkerd-jaeger/values.yaml +++ b/jaeger/charts/linkerd-jaeger/values.yaml @@ -1,9 +1,3 @@ -# -- Set to false when installing in a custom namespace. -installNamespace: true -# Default values for tracing. - -namespace: linkerd-jaeger - # -- Namespace of the Linkerd core control-plane install linkerdNamespace: linkerd diff --git a/jaeger/cmd/install.go b/jaeger/cmd/install.go index 231d4ddb25f0f..b64ce5c329071 100644 --- a/jaeger/cmd/install.go +++ b/jaeger/cmd/install.go @@ -21,6 +21,7 @@ import ( ) var ( + // this doesn't include the namespace-metadata.* templates, which are Helm-only templatesJaeger = []string{ "templates/namespace.yaml", "templates/jaeger-injector.yaml", @@ -133,8 +134,16 @@ func render(w io.Writer, valuesOverrides map[string]interface{}) error { return err } + fullValues := map[string]interface{}{ + "Values": vals, + "Release": map[string]interface{}{ + "Namespace": defaultJaegerNamespace, + "Service": "CLI", + }, + } + // Attach the final values into the `Values` field for rendering to work - renderedTemplates, err := engine.Render(chart, map[string]interface{}{"Values": vals}) + renderedTemplates, err := engine.Render(chart, fullValues) if err != nil { return err } diff --git a/jaeger/cmd/root.go b/jaeger/cmd/root.go index ebfb4b5513170..0d6339db0455e 100644 --- a/jaeger/cmd/root.go +++ b/jaeger/cmd/root.go @@ -14,6 +14,7 @@ import ( const ( defaultLinkerdNamespace = "linkerd" + defaultJaegerNamespace = "linkerd-jaeger" ) var ( diff --git a/jaeger/cmd/testdata/install_collector_disabled.golden b/jaeger/cmd/testdata/install_collector_disabled.golden index 8ee21f00c5072..3000aac0ba9d3 100644 --- a/jaeger/cmd/testdata/install_collector_disabled.golden +++ b/jaeger/cmd/testdata/install_collector_disabled.golden @@ -5,9 +5,6 @@ metadata: name: linkerd-jaeger labels: linkerd.io/extension: jaeger - annotations: - linkerd.io/inject: enabled - config.linkerd.io/proxy-await: "enabled" --- ### ### Jaeger Injector @@ -33,6 +30,8 @@ spec: metadata: annotations: checksum/config: 7cd13a5efac387ff6fffe14bdce45a64b0b462af3e55e8b0532c65a3140914d7 + linkerd.io/inject: enabled + config.linkerd.io/proxy-await: "enabled" labels: linkerd.io/extension: jaeger component: jaeger-injector @@ -208,6 +207,7 @@ spec: template: metadata: annotations: + linkerd.io/inject: enabled config.linkerd.io/proxy-await: "enabled" prometheus.io/path: /metrics prometheus.io/port: "14269" diff --git a/jaeger/cmd/testdata/install_default.golden b/jaeger/cmd/testdata/install_default.golden index a3c1788782c16..7dda0818bd98a 100644 --- a/jaeger/cmd/testdata/install_default.golden +++ b/jaeger/cmd/testdata/install_default.golden @@ -5,9 +5,6 @@ metadata: name: linkerd-jaeger labels: linkerd.io/extension: jaeger - annotations: - linkerd.io/inject: enabled - config.linkerd.io/proxy-await: "enabled" --- ### ### Jaeger Injector @@ -33,6 +30,8 @@ spec: metadata: annotations: checksum/config: 1388bf30cdbc3236d7a52e0a115ee8ae1095140cb5b89c7b97fd30fdffad07f9 + linkerd.io/inject: enabled + config.linkerd.io/proxy-await: "enabled" labels: linkerd.io/extension: jaeger component: jaeger-injector @@ -271,6 +270,8 @@ spec: template: metadata: annotations: + linkerd.io/inject: enabled + config.linkerd.io/proxy-await: "enabled" prometheus.io/path: /metrics prometheus.io/port: "8888" prometheus.io/scrape: "true" @@ -360,6 +361,7 @@ spec: template: metadata: annotations: + linkerd.io/inject: enabled config.linkerd.io/proxy-await: "enabled" prometheus.io/path: /metrics prometheus.io/port: "14269" diff --git a/jaeger/cmd/testdata/install_jaeger_disabled.golden b/jaeger/cmd/testdata/install_jaeger_disabled.golden index 922ef38ea63c4..eada41ad9f83f 100644 --- a/jaeger/cmd/testdata/install_jaeger_disabled.golden +++ b/jaeger/cmd/testdata/install_jaeger_disabled.golden @@ -5,9 +5,6 @@ metadata: name: linkerd-jaeger labels: linkerd.io/extension: jaeger - annotations: - linkerd.io/inject: enabled - config.linkerd.io/proxy-await: "enabled" --- ### ### Jaeger Injector @@ -33,6 +30,8 @@ spec: metadata: annotations: checksum/config: 0cf88aabfdb59ab401cb17b59e26b57277ca6c039ec4837e2523759802565c1b + linkerd.io/inject: enabled + config.linkerd.io/proxy-await: "enabled" labels: linkerd.io/extension: jaeger component: jaeger-injector @@ -262,6 +261,8 @@ spec: template: metadata: annotations: + linkerd.io/inject: enabled + config.linkerd.io/proxy-await: "enabled" prometheus.io/path: /metrics prometheus.io/port: "8888" prometheus.io/scrape: "true"