Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Control Plane Helm Templates And Proxy Partials #3146

Merged
merged 43 commits into from
Aug 6, 2019
Merged

Conversation

ihcsim
Copy link
Contributor

@ihcsim ihcsim commented Jul 25, 2019

This PR introduces the new Linkerd control plane Helm chart, named linkerd2. The goal is to enable Helm users to install and remove the Linkerd control plane by using the helm install and helm delete commands.

No changes are made to the existing linkerd install behaviour. Other Helm commands like upgrade and rollback will be evaluated in upcoming issues.

The mTLS assets must be provided for the Helm chart to work. You can use any ECDSA PEM-encoded keys and certs. See the example usage of the --set-file option below.

Installation steps:

# clone the linkerd repo
git clone git@github.com:linkerd/linkerd2.git

# install control plane
helm install --name=linkerd2 --dep-up \
   --set LinkerdVersion=edge-19.8.2 \             # default to edge-19.8.1
   --set Proxy.Image.Version=edge-19.8.2 \
   --set Identity.Issuer.CrtExpiry="<crt.pem.expiry.data>" \
   --set-file Identity.TrustAnchorsPEM=crt.pem \  # save your pem-encoded key and cert to these files
   --set-file Identity.Issuer.CrtPEM=crt.pem \
   --set-file Identity.Issuer.KeyPEM=key.pem \
   charts/linkerd2

# install control plane ha mode
helm install --name=linkerd2 --dep-up \
    --set LinkerdVersion=edge-19.8.2  \
    --set Proxy.Image.Version=edge-19.8.2 \
    --set Identity.Issuer.CrtExpiry="<crt.pem.expiry.date>" \
    --set-file Identity.TrustAnchorsPEM=crt.pem \
    --set-file Identity.Issuer.CrtPEM=crt.pem \
    --set-file Identity.Issuer.KeyPEM=key.pem \ 
    -f charts/linkerd2/values.yaml \
    -f charts/linkerd2/values-ha.yaml \
    charts/linkerd2

# delete the release
helm delete --purge linkerd2

For GKE development, additional RBAC is needed for tiller:

kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account=tiller

Fixes #3126.

@ihcsim ihcsim self-assigned this Jul 25, 2019
.gitignore Show resolved Hide resolved
@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 25, 2019

Integration test results for 07f1930: success 🎉
Log output: https://gist.github.com/c83368d1d73e7a2a1a8805bff2349ba8

charts/linkerd/Chart.yaml Outdated Show resolved Hide resolved
@ihcsim ihcsim force-pushed the isim/helm-charts branch from 07f1930 to 20bca76 Compare July 25, 2019 21:54
@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 25, 2019

Integration test results for 20bca76: success 🎉
Log output: https://gist.github.com/0c79454111f2f603d445dac129b43128

@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 26, 2019

Integration test results for 1006ea9: success 🎉
Log output: https://gist.github.com/42cbdc1cf633a673db7037cf100f4517

@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 26, 2019

Integration test results for 59a3eef: fail 😕
Log output: https://gist.github.com/a760eb6baee7ea2da60ceeaab48ff982

@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 26, 2019

Integration test results for 430a5d5: success 🎉
Log output: https://gist.github.com/d5c75ef9419ae81c2f459cd7e55c349c

@ihcsim
Copy link
Contributor Author

ihcsim commented Jul 26, 2019

@alpeb Appreciate the review 👍. Per slack convo, I will update the partial templates as I continue to add more control plane templates to the linkerd chart. So far, I've gotten to heartbeat, with identity and proxy-injector next on the list. I'll keep you posted.

@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 29, 2019

Integration test results for 11fd5db: success 🎉
Log output: https://gist.github.com/055e3dfa87cb1e2952b258f937f812c8

charts/linkerd/values.yaml Outdated Show resolved Hide resolved
@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 30, 2019

Integration test results for d2878d8: success 🎉
Log output: https://gist.github.com/a6274921735bf1df0f8dab4d5d03612a

@ihcsim ihcsim force-pushed the isim/helm-charts branch from d2878d8 to 1c824a2 Compare July 30, 2019 06:32
@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 30, 2019

Integration test results for 1c824a2: success 🎉
Log output: https://gist.github.com/ae9babedd26d141f27bbc2086b744004

@ihcsim ihcsim force-pushed the isim/helm-charts branch from 1c824a2 to 1d22f4d Compare July 30, 2019 16:18
@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 30, 2019

Integration test results for 1d22f4d: fail 😕
Log output: https://gist.github.com/10ae2acaf9dbe08aa6d69b783313b925

@ihcsim ihcsim force-pushed the isim/helm-charts branch from 197d41e to 70c1a61 Compare July 30, 2019 21:34
@l5d-bot
Copy link
Collaborator

l5d-bot commented Jul 30, 2019

Integration test results for 70c1a61: success 🎉
Log output: https://gist.github.com/2df56ac4ed9d60120f64935c9dc51b59

@ihcsim ihcsim force-pushed the isim/helm-charts branch from ae65005 to 7b31666 Compare July 30, 2019 22:50
@@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
Copy link
Contributor Author

@ihcsim ihcsim Jul 30, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't Can ignore; auto-generated by Helm.

Ivan Sim added 10 commits August 2, 2019 12:22
Also fixed some indentation issues.

Signed-off-by: Ivan Sim <ivan@buoyant.io>
Signed-off-by: Ivan Sim <ivan@buoyant.io>
Signed-off-by: Ivan Sim <ivan@buoyant.io>
Signed-off-by: Ivan Sim <ivan@buoyant.io>
Signed-off-by: Ivan Sim <ivan@buoyant.io>
Signed-off-by: Ivan Sim <ivan@buoyant.io>
Signed-off-by: Ivan Sim <ivan@buoyant.io>
Signed-off-by: Ivan Sim <ivan@buoyant.io>
Signed-off-by: Ivan Sim <ivan@buoyant.io>
@ihcsim ihcsim force-pushed the isim/helm-charts branch from da4f25d to a55fa00 Compare August 2, 2019 20:30
@l5d-bot
Copy link
Collaborator

l5d-bot commented Aug 2, 2019

Integration test results for a55fa00: success 🎉
Log output: https://gist.github.com/0e13270bc9734062787abb094d82ee8a

@ihcsim ihcsim force-pushed the isim/helm-charts branch from a55fa00 to 681a921 Compare August 2, 2019 21:03
@l5d-bot
Copy link
Collaborator

l5d-bot commented Aug 2, 2019

Integration test results for 681a921: success 🎉
Log output: https://gist.github.com/7c0cb035c77cb43f59d561230f908167

@ihcsim
Copy link
Contributor Author

ihcsim commented Aug 6, 2019

Received @grampelberg's approval to merge.

@ihcsim ihcsim merged commit 2bbf267 into master Aug 6, 2019
@ihcsim ihcsim deleted the isim/helm-charts branch August 6, 2019 16:20
@ihcsim ihcsim restored the isim/helm-charts branch August 6, 2019 16:57
@ihcsim ihcsim deleted the isim/helm-charts branch August 6, 2019 17:06
cpretzer pushed a commit that referenced this pull request Aug 6, 2019
* Updated controller template with proxy partials
* Declare dependency in requirements.yaml
* Add partial template for proxy's metadata
* Add proxy-init partial template
* Script to lint Helm charts and update their dependencies
* Update partials chart Chart.yaml
* Add proxy-init and resource partial templates
* Replace hard coded namespace variable in proxy env var
* Ignore chart dependencies .tgz files
* Add missing fields and re-order YAML elements to match CLI output
* Reuse control plane's resource partial template in 'partials' chart
* Set the proxy's destination service address env var
* Add Grafana's template
* Update api version of controller RBAC
* Add Heartbeat template
* Remove duplicated resources partial template
* Add remainder control plane components templates
* Add template for the 'linkerd-config' config map
* Add debug container template
* Update proxy partial with 'disable-identity' and 'disable-tap' variables

Note that these are inject-only variables.
Also added the LINKERD2_PROXY_TAP_SVC_NAME env var.

* Add validation conditions to ensure identity and tap aren't disabled for
control plane components
* Add partials for service account token mount path and security context capabilities
* Change proxy and proxy-init templates to use global scope

Some of the nested variables are removed from values.yaml to ensure changes
made to root-level variables are propagated directly into the partial
templates. The previous approach of using YAML anchors in the
values.yaml to share common values can get out-of-sync when values are
changed via the Helm's `--set` option.

* Update templates and values file to match #3161
* Perform a dry run installation if there is a local Tiller
* Reorder JSON elements in linkerd-config
* Re-adjust nested partials indentation to work with inject 'patch' chart

Previously, the partials will render their content as an element in the list.
While it works for installation, the toJson function in the 'inject' patch code
ends up converting it into a JSON list, instead of the expected JSON
object.

* Trap the last fail command in the Helm shell script
* Add the identity trust anchor
* Address Thomas' feedback on handling HA

All the HA-related variables are moved to values-ha.yaml

* Convert ignore ports string to JSON list in linkerd-config

Also fixed some indentation issues.

* Add values-ha.yaml
* Include the service account token mount path only if identity is enabled
* Fixed malformed JSON in linkerd-config config map
* Rename chart to 'linkerd2'
* Add NOTES.txt
* Fix incorrect variable path in proxy template
* Remove fake TLS assets
* Add 'required' constraint to identity trust anchors variable
* Update tap templates per #3167
* Bump default version to edge-19.8.1 due to dependency on RSA support

Signed-off-by: Ivan Sim <ivan@buoyant.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Include Partial Templates and Defaults In Existing Helm Chart
5 participants