1---
2###
3### Jaeger Injector
4###
5{{- $tree := deepCopy . }}
6apiVersion: apps/v1
7kind: Deployment
8metadata:
9 labels:
10 linkerd.io/extension: jaeger
11 app.kubernetes.io/name: jaeger-injector
12 app.kubernetes.io/part-of: Linkerd
13 app.kubernetes.io/version: {{default .Values.webhook.image.version .Values.linkerdVersion}}
14 component: jaeger-injector
15 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
16 name: jaeger-injector
17 namespace: {{ .Release.Namespace }}
18spec:
19 replicas: {{ .Values.webhook.replicas }}
20 revisionHistoryLimit: {{.Values.revisionHistoryLimit}}
21 selector:
22 matchLabels:
23 linkerd.io/extension: jaeger
24 component: jaeger-injector
25 {{- if .Values.enablePodAntiAffinity }}
26 strategy:
27 rollingUpdate:
28 maxUnavailable: 1
29 {{- end }}
30 template:
31 metadata:
32 annotations:
33 checksum/config: {{ include (print $.Template.BasePath "/rbac.yaml") . | sha256sum }}
34 linkerd.io/inject: enabled
35 config.linkerd.io/proxy-await: "enabled"
36 config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0"
37 cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
38 labels:
39 linkerd.io/extension: jaeger
40 component: jaeger-injector
41 {{- with .Values.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
42 spec:
43 {{- if .Values.webhook.tolerations -}}
44 {{- include "linkerd.tolerations" (dict "Values" .Values.webhook) | nindent 6 }}
45 {{- end -}}
46 {{- include "linkerd.node-selector" (dict "Values" .Values.webhook) | nindent 6 }}
47 {{- $_ := set $tree "component" "jaeger-injector" -}}
48 {{- $_ := set $tree "label" "component" -}}
49 {{- include "linkerd.affinity" $tree | nindent 6 }}
50 containers:
51 - args:
52 - -collector-svc-addr={{.Values.webhook.collectorSvcAddr}}
53 - -collector-svc-account={{.Values.webhook.collectorSvcAccount}}
54 - -log-level={{.Values.webhook.logLevel}}
55 - -cluster-domain={{.Values.clusterDomain}}
56 - -linkerd-namespace={{.Values.linkerdNamespace}}
57 - -enable-pprof={{.Values.enablePprof | default false}}
58 image: {{.Values.webhook.image.name}}:{{default .Values.webhook.image.version .Values.linkerdVersion}}
59 {{- with .Values.webhook.image.pullPolicy }}
60 imagePullPolicy: {{.}}
61 {{- end }}
62 livenessProbe:
63 httpGet:
64 path: /ping
65 port: 9995
66 initialDelaySeconds: 10
67 name: jaeger-injector
68 ports:
69 - containerPort: 8443
70 name: jaeger-injector
71 - containerPort: 9995
72 name: admin-http
73 readinessProbe:
74 failureThreshold: 7
75 httpGet:
76 path: /ready
77 port: 9995
78 securityContext:
79 allowPrivilegeEscalation: false
80 capabilities:
81 drop:
82 - ALL
83 readOnlyRootFilesystem: true
84 runAsNonRoot: true
85 runAsUser: {{.Values.webhook.UID | default .Values.defaultUID}}
86 runAsGroup: {{.Values.webhook.GID | default .Values.defaultGID}}
87 seccompProfile:
88 type: RuntimeDefault
89 volumeMounts:
90 - mountPath: /var/run/linkerd/tls
91 name: tls
92 readOnly: true
93 {{- if .Values.webhook.resources -}}
94 {{- include "partials.resources" .Values.webhook.resources | nindent 8 }}
95 {{- end }}
96 securityContext:
97 seccompProfile:
98 type: RuntimeDefault
99 serviceAccountName: jaeger-injector
100 volumes:
101 - name: tls
102 secret:
103 secretName: jaeger-injector-k8s-tls
104---
105kind: Service
106apiVersion: v1
107metadata:
108 name: jaeger-injector
109 namespace: {{ .Release.Namespace }}
110 labels:
111 linkerd.io/extension: jaeger
112 component: jaeger-injector
113 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
114spec:
115 type: ClusterIP
116 selector:
117 linkerd.io/extension: jaeger
118 component: jaeger-injector
119 ports:
120 - name: jaeger-injector
121 port: 443
122 targetPort: jaeger-injector
View as plain text