Skip to content
This repository has been archived by the owner on Jul 9, 2024. It is now read-only.

Automated update from upstream #62

Merged
merged 4 commits into from
Nov 14, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Changed

- Upgrade to Linkerd v2.14.3.

## [1.3.2] - 2023-10-12

### Fixed
Expand Down
2 changes: 1 addition & 1 deletion helm/linkerd-viz/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: stable-2.13.6
appVersion: stable-2.14.3
description: |
The Linkerd-Viz extension contains observability and visualization
components for Linkerd.
Expand Down
22 changes: 13 additions & 9 deletions helm/linkerd-viz/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
The Linkerd-Viz extension contains observability and visualization
components for Linkerd.

![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square)
![Version: 1.3.2](https://img.shields.io/badge/Version-1.3.2-informational?style=flat-square)

![AppVersion: stable-2.13.4](https://img.shields.io/badge/AppVersion-stable--2.13.4-informational?style=flat-square)
![AppVersion: stable-2.13.6](https://img.shields.io/badge/AppVersion-stable--2.13.6-informational?style=flat-square)

**Homepage:** <https://linkerd.io>

Expand Down Expand Up @@ -107,6 +107,7 @@ Kubernetes: `>=1.16.0-0`
| enablePSP | bool | `true` | Create Roles and RoleBindings to associate this extension's ServiceAccounts to the control plane PSP resource. This requires that `enabledPSP` is set to true on the control plane install. Note PSP has been deprecated since k8s v1.21 |
| enablePodAntiAffinity | bool | `true` | Enables Pod Anti Affinity logic to balance the placement of replicas across hosts and zones for High Availability. Enable this only when you have multiple replicas of components. |
| enablePodDisruptionBudget | bool | `true` | enables the creation of pod disruption budgets for tap and tap-injector components |
| global.podSecurityStandards.enforced | bool | `false` | |
| grafana.externalUrl | string | `nil` | url of a Grafana instance hosted off-cluster. Cannot be set if grafana.url is set. The reverse proxy will not be used for this URL. |
| grafana.uidPrefix | string | `nil` | prefix for Grafana dashboard UID's, used when grafana.externalUrl is set. |
| grafana.url | string | `nil` | url of an in-cluster Grafana instance with reverse proxy configured, used by the Linkerd viz web dashboard to provide direct links to specific Grafana dashboards. Cannot be set if grafana.externalUrl is set. See the [Linkerd documentation](https://linkerd.io/2/tasks/grafana) for more information |
Expand All @@ -115,7 +116,7 @@ Kubernetes: `>=1.16.0-0`
| imagePullSecrets | list | `[]` | For Private docker registries, authentication is needed. Registry secrets are applied to the respective service accounts |
| jaegerUrl | string | `""` | url of external jaeger instance Set this to `jaeger.linkerd-jaeger.svc.<clusterDomain>:16686` if you plan to use jaeger extension |
| linkerdNamespace | string | `"linkerd"` | Namespace of the Linkerd core control-plane install |
| linkerdVersion | string | `"stable-2.13.4"` | control plane version. See Proxy section for proxy version |
| linkerdVersion | string | `"stable-2.14.3"` | control plane version. See Proxy section for proxy version |
| metricsAPI.UID | string | `nil` | UID for the metrics-api resource |
| metricsAPI.image.name | string | `"giantswarm/linkerd-metrics-api"` | Docker image name for the metrics-api component |
| metricsAPI.image.pullPolicy | string | defaultImagePullPolicy | Pull policy for the metrics-api component |
Expand All @@ -139,6 +140,8 @@ Kubernetes: `>=1.16.0-0`
| namespaceMetadata.image.pullPolicy | string | defaultImagePullPolicy | Pull policy for the namespace-metadata instance |
| namespaceMetadata.image.registry | string | defaultRegistry | Docker registry for the namespace-metadata instance |
| namespaceMetadata.image.tag | string | `"v0.1.0"` | Docker image tag for the namespace-metadata instance |
| namespaceMetadata.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
| namespaceMetadata.tolerations | string | `nil` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default nodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
| podLabels | object | `{}` | Additional labels to add to all pods |
| prometheus.alertRelabelConfigs | string | `nil` | Alert relabeling is applied to alerts before they are sent to the Alertmanager. |
Expand All @@ -149,7 +152,7 @@ Kubernetes: `>=1.16.0-0`
| prometheus.image.name | string | `"giantswarm/prometheus"` | Docker image name for the prometheus instance |
| prometheus.image.pullPolicy | string | defaultImagePullPolicy | Pull policy for the prometheus instance |
| prometheus.image.registry | string | `""` | Docker registry for the prometheus instance |
| prometheus.image.tag | string | `"v2.43.0"` | Docker image tag for the prometheus instance |
| prometheus.image.tag | string | `"v2.47.0"` | Docker image tag for the prometheus instance |
| prometheus.logFormat | string | defaultLogLevel | log format (plain, json) of the prometheus instance |
| prometheus.logLevel | string | defaultLogLevel | log level of the prometheus instance |
| prometheus.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
Expand Down Expand Up @@ -204,11 +207,12 @@ Kubernetes: `>=1.16.0-0`
| tapInjector.keyPEM | string | `""` | Certificate key for the tapInjector. If not provided and not using an external secret then Helm will generate one. |
| tapInjector.logFormat | string | defaultLogFormat | log format of the tapInjector component |
| tapInjector.logLevel | string | defaultLogLevel | log level of the tapInjector |
| tapInjector.namespaceSelector[0].key | string | `"kubernetes.io/metadata.name"` | |
| tapInjector.namespaceSelector[0].operator | string | `"NotIn"` | |
| tapInjector.namespaceSelector[0].values[0] | string | `"kube-system"` | |
| tapInjector.namespaceSelector[0].values[1] | string | `"cert-manager"` | |
| tapInjector.namespaceSelector[0].values[2] | string | `"giantswarm"` | |
| tapInjector.namespaceSelector.matchExpressions[0].key | string | `"kubernetes.io/metadata.name"` | |
| tapInjector.namespaceSelector.matchExpressions[0].operator | string | `"NotIn"` | |
| tapInjector.namespaceSelector.matchExpressions[0].values[0] | string | `"kube-system"` | |
| tapInjector.namespaceSelector.matchExpressions[0].values[1] | string | `"cert-manager"` | |
| tapInjector.namespaceSelector.matchExpressions[0].values[2] | string | `"giantswarm"` | |
| tapInjector.namespaceSelector.matchExpressions[0].values[3] | string | `"kyverno"` | |
| tapInjector.objectSelector | string | `nil` | |
| tapInjector.proxy | string | `nil` | |
| tapInjector.replicas | int | `2` | Number of replicas of tapInjector |
Expand Down
2 changes: 1 addition & 1 deletion helm/linkerd-viz/charts/partials/templates/_affinity.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ podAntiAffinity:
operator: In
values:
- {{ .component }}
topologyKey: failure-domain.beta.kubernetes.io/zone
topologyKey: topology.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,18 @@ name: linkerd-network-validator
image: {{.Values.image.registry}}/{{.Values.proxy.image.name}}:{{.Values.proxy.image.version | default .Values.linkerdVersion }}
imagePullPolicy: {{.Values.proxy.image.pullPolicy | default .Values.imagePullPolicy}}
{{ include "partials.resources" .Values.proxyInit.resources }}
{{- if or .Values.networkValidator.enableSecurityContext }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
{{- end }}
command:
- /usr/lib/linkerd/linkerd2-network-validator
args:
Expand Down
1 change: 1 addition & 0 deletions helm/linkerd-viz/charts/partials/templates/_proxy.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,7 @@ lifecycle:
command:
- /usr/lib/linkerd/linkerd-await
- --timeout=2m
- --port={{.Values.proxy.ports.admin}}
{{- end }}
{{- if .Values.proxy.waitBeforeExitSeconds }}
preStop:
Expand Down
24 changes: 12 additions & 12 deletions helm/linkerd-viz/templates/namespace-metadata-rbac.yaml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
kind: ServiceAccount
apiVersion: v1
metadata:
{{- with .Values.commonLabels }}
labels: {{ toYaml . | trim | nindent 4 }}
{{- end }}
labels:
linkerd.io/extension: viz
{{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
annotations:
{{ include "partials.annotations.created-by" . }}
"helm.sh/hook": post-install
Expand All @@ -16,9 +16,9 @@ metadata:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
{{- with .Values.commonLabels }}
labels: {{ toYaml . | trim | nindent 4 }}
{{- end }}
labels:
linkerd.io/extension: viz
{{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
annotations:
{{ include "partials.annotations.created-by" . }}
"helm.sh/hook": post-install
Expand All @@ -35,9 +35,9 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
{{- with .Values.commonLabels }}
labels: {{ toYaml . | trim | nindent 4 }}
{{- end }}
labels:
linkerd.io/extension: viz
{{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
annotations:
{{ include "partials.annotations.created-by" . }}
"helm.sh/hook": post-install
Expand All @@ -58,9 +58,9 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: {{ .Values.linkerdNamespace }}
{{- with .Values.commonLabels }}
labels: {{ toYaml . | trim | nindent 4 }}
{{- end }}
labels:
linkerd.io/extension: viz
{{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
annotations:
{{ include "partials.annotations.created-by" . }}
"helm.sh/hook": post-install
Expand Down
6 changes: 6 additions & 0 deletions helm/linkerd-viz/templates/namespace-metadata.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ metadata:
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
linkerd.io/extension: viz
app.kubernetes.io/name: namespace-metadata
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}}
Expand All @@ -20,11 +21,16 @@ spec:
{{ include "partials.annotations.created-by" . }}
linkerd.io/inject: disabled
labels:
linkerd.io/extension: viz
app.kubernetes.io/name: namespace-metadata
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}}
{{- with .Values.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
spec:
{{- if .Values.namespaceMetadata.tolerations -}}
{{- include "linkerd.tolerations" (dict "Values" .Values.namespaceMetadata) | nindent 6 }}
{{- end -}}
{{- include "linkerd.node-selector" (dict "Values" .Values.namespaceMetadata) | nindent 6 }}
restartPolicy: Never
securityContext:
seccompProfile:
Expand Down
2 changes: 1 addition & 1 deletion helm/linkerd-viz/templates/prometheus.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ data:

{{- if .Values.prometheus.remoteWrite }}
remote_write:
{{- toYaml .Values.prometheus.remoteWrite | trim | nindent 4 }}
{{- toYaml .Values.prometheus.remoteWrite | trim | nindent 6 }}
{{- end }}
---
kind: Service
Expand Down
13 changes: 11 additions & 2 deletions helm/linkerd-viz/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# Fields that should be common with the core control plane

# -- control plane version. See Proxy section for proxy version
linkerdVersion: stable-2.13.6
linkerdVersion: stable-2.14.3
# -- Kubernetes DNS Domain name to use
clusterDomain: cluster.local
# -- Additional labels to add to all pods
Expand Down Expand Up @@ -262,6 +262,7 @@ tapInjector:
- kube-system
- cert-manager
- giantswarm
- kyverno
objectSelector:
# matchLabels:
# foo: bar
Expand Down Expand Up @@ -402,6 +403,14 @@ namespaceMetadata:
# @default -- defaultImagePullPolicy
pullPolicy: ""

# -- NodeSelector section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
nodeSelector: *default_node_selector
# -- Tolerations section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
# for more information
tolerations: *default_tolerations

grafana:
# -- url of an in-cluster Grafana instance with reverse proxy configured, used by the
# Linkerd viz web dashboard to provide direct links to specific Grafana
Expand All @@ -424,7 +433,7 @@ prometheus:
# -- Docker image name for the prometheus instance
name: giantswarm/prometheus
# -- Docker image tag for the prometheus instance
tag: v2.43.0
tag: v2.47.0
# -- Pull policy for the prometheus instance
# @default -- defaultImagePullPolicy
pullPolicy: ""
Expand Down
6 changes: 3 additions & 3 deletions vendir.lock.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ apiVersion: vendir.k14s.io/v1alpha1
directories:
- contents:
- git:
commitTitle: add PSS flag for PSP->PSS migration (#559)...
sha: 81d4bbad3f3b9c4628b62134b014859c4e80ad15
commitTitle: add nodetaint remover container...
sha: 05a70b5ffc1de5df36af2f4d447bad30c096dca6
tags:
- stable-2.10.1-2950-g81d4bbad3
- stable-2.10.1-3185-g05a70b5ff
path: linkerd
path: vendor
- contents:
Expand Down
2 changes: 1 addition & 1 deletion vendir.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ directories:
- path: linkerd
git:
url: https://github.com/giantswarm/linkerd2-upstream
ref: stable-2.13.x
ref: stable-2.14.x
includePaths:
- viz/charts/linkerd-viz/**/*
- charts/partials/**/*
Expand Down