1 package controllers 2 3 /* 4 Package controllers provides K8s controllers for managing a Linkerd installation 5 and service mesh. 6 7 It does this by reconciling the Linkerd CRD type defined in pkg/edge/linkerd/apis. 8 9 Examples 10 11 kind: Linkerd 12 apiVersion: linkerd.edge.ncr.com/v1alpha1 13 metadata: 14 name: linkerd.edge.ncr.com 15 spec: {} 16 17 Reconciliation 18 19 Befor rendering the Linkerd installation manifests and applying them to the 20 cluster, the controller attempts to reconcile the preconditions for installation, 21 based on the official documentation for automating TLS certificate renewal: https://linkerd.io/2.11/tasks/automatically-rotating-control-plane-tls-credentials/#save-the-signing-key-pair-as-a-secret 22 23 - Creating the trust anchor certificate keypair. Because the content of the 24 key is included in the Linkerd installation manifests, the controller will 25 prefer to read an existing secret and only create one if it does not exist. 26 This avoids churning the Linkerd installation more than necessary across 27 restarts. 28 - Creating the cert-manager Issuer & Certificate resources referencing the 29 generated trust anchor. 30 31 Once these preconditions are met, manifests will be rendered using the official 32 Linkerd Helm Chart using third_party/k8s/linkerd/helm and apply the appropriate 33 values based on the Spec of the Linkerd object and some required defaults. 34 */ 35