Add Control Plane Helm Templates And Proxy Partials

.gitignore

@@ -14,3 +14,4 @@ web/app/yarn-error.log
 .golangci-lint*
 **/*.gogen*
 **/*.swp
+charts/*/charts/

bin/helm.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -e
+
+# trap the last failed command
+trap 'printf "Error on exit:\n  Exit code: $?\n  Failed command: \"$BASH_COMMAND\"\n"' ERR
+
+bindir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+rootdir="$( cd $bindir/.. && pwd )"
+
+helm lint $rootdir/charts/partials
+
+helm dep up $rootdir/charts/linkerd2
+helm lint --set Identity.TrustAnchorsPEM="fake-trust" --set Identity.Issuer.CrtPEM="fake-cert" --set Identity.Issuer.KeyPEM="fake-key" --set Identity.Issuer.CrtExpiry="fake-expiry-date" $rootdir/charts/linkerd2
+
+# if tiller is deployed, perform a dry run installation to check for errors
+if tiller=`kubectl get po -l app=helm,name=tiller --all-namespaces`; then
+  echo "Performing dry run installation"
+  helm install --name=linkerd --dry-run --set Identity.TrustAnchorsPEM="fake-trust" --set Identity.Issuer.CrtPEM="fake-cert" --set Identity.Issuer.KeyPEM="fake-key" --set Identity.Issuer.CrtExpiry="fake-expiry-date" $rootdir/charts/linkerd2 2> /dev/null
+
+  echo "Performing dry run installation (HA mode)"
+  helm install --name=linkerd --dry-run  --set Identity.TrustAnchorsPEM="fake-trust" --set Identity.Issuer.CrtPEM="fake-cert" --set Identity.Issuer.KeyPEM="fake-key" --set Identity.Issuer.CrtExpiry="fake-expiry-date" -f $rootdir/charts/linkerd2/values.yaml -f $rootdir/charts/linkerd2/values-ha.yaml charts/linkerd2 2> /dev/null
+fi

charts/linkerd2/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/linkerd2/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: "v1"
+appVersion: edge-19.8.1
+description: Linkerd gives you observability, reliability, and security for your microservices — with no code change required.
+home: https://linkerd.io
+keywords:
+- service-mesh
+kubeVersion: ">=1.12.0-0"
+name: "linkerd2"
+sources:
+- https://github.com/linkerd/linkerd2/
+version: 0.1.0

charts/linkerd2/requirements.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: partials
+  repository: file://../partials
+  version: 0.1.0
+digest: sha256:3a86b96a2966f03ba04518723838b49719a3277dfb9bea0b3f067e83d370e0b3
+generated: 2019-07-24T19:51:15.04322926-07:00

charts/linkerd2/requirements.yaml

@@ -0,0 +1,4 @@
+dependencies:
+- name: partials
+  version: 0.1.0
+  repository: file://../partials

charts/linkerd2/templates/NOTES.txt

@@ -0,0 +1,14 @@
+Linkerd was successfully installed 🎉
+
+Add the linkerd CLI to your path with:
+
+  export PATH=\$PATH:\$HOME/.linkerd2/bin
+
+Now run:
+
+  linkerd check --pre                     # validate that Linkerd can be installed
+  linkerd install | kubectl apply -f -    # install the control plane into the 'linkerd' namespace
+  linkerd check                           # validate everything worked!
+  linkerd dashboard                       # launch the dashboard
+
+Looking for more? Visit https://linkerd.io/2/next-steps

charts/linkerd2/templates/_affinity.tpl

@@ -0,0 +1,22 @@
+{{ define "linkerd.pod-affinity" -}}
+affinity:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+    - podAffinityTerm:
+        labelSelector:
+          matchExpressions:
+          - key: {{ .Label }}
+            operator: In
+            values:
+            - {{ .Component }}
+        topologyKey: failure-domain.beta.kubernetes.io/zone
+      weight: 100
+    requiredDuringSchedulingIgnoredDuringExecution:
+    - labelSelector:
+        matchExpressions:
+        - key: {{ .Label }}
+          operator: In
+          values:
+          - {{ .Component }}
+      topologyKey: kubernetes.io/hostname
+{{- end }}

charts/linkerd2/templates/_config.tpl

@@ -0,0 +1,80 @@
+{{- define "linkerd.configs.global" -}}
+{
+  "linkerdNamespace": "{{.Namespace}}",
+  "cniEnabled": false,
+  "version": "{{.LinkerdVersion}}",
+  "identityContext":{
+    "trustDomain": "{{.Identity.TrustDomain}}",
+    "trustAnchorsPem": "{{required "Please provide the identity trust anchors" .Identity.TrustAnchorsPEM | replace "\n" "\\n"}}",
+    "issuanceLifeTime": "{{.Identity.Issuer.IssuanceLifeTime}}",
+    "clockSkewAllowance": "{{.Identity.Issuer.ClockSkewAllowance}}"
+  },
+  "autoInjectContext": null,
+  "omitWebhookSideEffects": {{.OmitWebhookSideEffects}},
+  "clusterDomain": "{{.ClusterDomain}}"
+}
+{{- end -}}
+
+{{- define "linkerd.configs.proxy" -}}
+{
+  "proxyImage":{
+    "imageName":"{{.Proxy.Image.Name}}",
+    "pullPolicy":"{{.Proxy.Image.PullPolicy}}"
+  },
+  "proxyInitImage":{
+    "imageName":"{{.ProxyInit.Image.Name}}",
+    "pullPolicy":"{{.ProxyInit.Image.PullPolicy}}"
+  },
+  "controlPort":{
+    "port": {{.Proxy.Ports.Control}}
+  },
+  "ignoreInboundPorts":[
+    {{- $ports := splitList "," .ProxyInit.IgnoreInboundPorts -}}
+    {{- if gt (len $ports) 1}}
+    {{- $last := sub (len $ports) 1 -}}
+    {{- range $i,$port := $ports -}}
+    {"port":{{$port}}}{{ternary "," "" (ne $i $last)}}
+    {{- end -}}
+    {{- end -}}
+  ],
+  "ignoreOutboundPorts":[
+    {{- $ports := splitList "," .ProxyInit.IgnoreOutboundPorts -}}
+    {{- if gt (len $ports) 1}}
+    {{- $last := sub (len $ports) 1 -}}
+    {{- range $i,$port := $ports -}}
+    {"port":{{$port}}}{{ternary "," "" (ne $i $last)}}
+    {{- end -}}
+    {{- end -}}
+  ],
+  "inboundPort":{
+    "port": {{.Proxy.Ports.Inbound}}
+  },
+  "adminPort":{
+    "port": {{.Proxy.Ports.Admin}}
+  },
+  "outboundPort":{
+    "port": {{.Proxy.Ports.Outbound}}
+  },
+  "resource":{
+    "requestCpu": "{{.Proxy.Resources.CPU.Request}}",
+    "limitCpu": "{{.Proxy.Resources.CPU.Limit}}",
+    "requestMemory": "{{.Proxy.Resources.Memory.Request}}",
+    "limitMemory": "{{.Proxy.Resources.Memory.Limit}}"
+  },
+  "proxyUid": {{.Proxy.UID}},
+  "logLevel":{
+    "level": "{{.Proxy.LogLevel}}"
+  },
+  "disableExternalProfiles": {{not .Proxy.EnableExternalProfile}},
+  "proxyVersion": "{{.Proxy.Image.Version}}",
+  "proxyInitImageVersion": "{{.ProxyInit.Image.Version}}"
+}
+{{- end -}}
+
+{{- define "linkerd.configs.install" -}}
+{
+  "uuid":"{{ uuidv4 }}",
+  "cliVersion":"{{ .LinkerdVersion }}",
+  "flags":[]
+}
+{{- end -}}

charts/linkerd2/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "linkerd.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "linkerd.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "linkerd.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

charts/linkerd2/templates/_validate.tpl

@@ -0,0 +1,9 @@
+{{- define "linkerd.proxy.validation" -}}
+{{- if .DisableIdentity -}}
+{{- fail (printf "Can't disable identity mTLS for %s. Set '.Values.Proxy.DisableIdentity' to 'false'" .Component) -}}
+{{- end -}}
+
+{{- if .DisableTap -}}
+{{- fail (printf "Can't disable tap for %s. Set '.Values.Proxy.DisableTap' to 'false'" .Component) -}}
+{{- end -}}
+{{- end -}}

charts/linkerd2/templates/config.yaml

@@ -0,0 +1,38 @@
+{{with .Values -}}
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: linkerd-config
+  namespace: {{.Namespace}}
+  labels:
+    {{.ControllerComponentLabel}}: controller
+    {{.ControllerNamespaceLabel}}: {{.Namespace}}
+  annotations:
+    {{.CreatedByAnnotation}}: {{default (printf "linkerd/helm %s" .LinkerdVersion) .CliVersion}}
+data:
+  global: |
+  {{- if .Configs -}}
+  {{- if .Configs.Global -}}
+  {{.Configs.Global}}
+  {{- end }}
+  {{- else -}}
+  {{- include "linkerd.configs.global" . | nindent 4}}
+  {{- end }}
+  proxy: |
+  {{- if .Configs -}}
+  {{- if .Configs.Proxy -}}
+  {{.Configs.Proxy}}
+  {{- end }}
+  {{- else -}}
+  {{- include "linkerd.configs.proxy" . | nindent 4}}
+  {{- end }}
+  install: |
+  {{- if .Configs -}}
+  {{- if .Configs.Install -}}
+  {{.Configs.Instal}}
+  {{- end }}
+  {{- else -}}
+  {{- include "linkerd.configs.install" . | nindent 4}}
+  {{- end }}
+{{- end -}}

charts/linkerd2/templates/controller-rbac.yaml

@@ -0,0 +1,55 @@
+{{with .Values -}}
+---
+###
+### Controller RBAC
+###
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: linkerd-{{.Namespace}}-controller
+  labels:
+    {{.ControllerComponentLabel}}: controller
+    {{.ControllerNamespaceLabel}}: {{.Namespace}}
+rules:
+- apiGroups: ["extensions", "apps"]
+  resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
+  verbs: ["list", "get", "watch"]
+- apiGroups: ["extensions", "batch"]
+  resources: ["jobs"]
+  verbs: ["list" , "get", "watch"]
+- apiGroups: [""]
+  resources: ["pods", "endpoints", "services", "replicationcontrollers", "namespaces"]
+  verbs: ["list", "get", "watch"]
+- apiGroups: ["linkerd.io"]
+  resources: ["serviceprofiles"]
+  verbs: ["list", "get", "watch"]
+- apiGroups: ["split.smi-spec.io"]
+  resources: ["trafficsplits"]
+  verbs: ["list", "get", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: linkerd-{{.Namespace}}-controller
+  labels:
+    {{.ControllerComponentLabel}}: controller
+    {{.ControllerNamespaceLabel}}: {{.Namespace}}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: linkerd-{{.Namespace}}-controller
+subjects:
+- kind: ServiceAccount
+  name: linkerd-controller
+  namespace: {{.Namespace}}
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: linkerd-controller
+  namespace: {{.Namespace}}
+  labels:
+    {{.ControllerComponentLabel}}: controller
+    {{.ControllerNamespaceLabel}}: {{.Namespace}}
+{{- end -}}