--- ### ### Jaeger Injector ### {{- $tree := deepCopy . }} apiVersion: apps/v1 kind: Deployment metadata: labels: linkerd.io/extension: jaeger app.kubernetes.io/name: jaeger-injector app.kubernetes.io/part-of: Linkerd app.kubernetes.io/version: {{default .Values.webhook.image.version .Values.linkerdVersion}} component: jaeger-injector {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} name: jaeger-injector namespace: {{ .Release.Namespace }} spec: replicas: {{ .Values.webhook.replicas }} revisionHistoryLimit: {{.Values.revisionHistoryLimit}} selector: matchLabels: linkerd.io/extension: jaeger component: jaeger-injector {{- if .Values.enablePodAntiAffinity }} strategy: rollingUpdate: maxUnavailable: 1 {{- end }} template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/rbac.yaml") . | sha256sum }} linkerd.io/inject: enabled config.linkerd.io/proxy-await: "enabled" config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0" cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: linkerd.io/extension: jaeger component: jaeger-injector {{- with .Values.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }} spec: {{- if .Values.webhook.tolerations -}} {{- include "linkerd.tolerations" (dict "Values" .Values.webhook) | nindent 6 }} {{- end -}} {{- include "linkerd.node-selector" (dict "Values" .Values.webhook) | nindent 6 }} {{- $_ := set $tree "component" "jaeger-injector" -}} {{- $_ := set $tree "label" "component" -}} {{- include "linkerd.affinity" $tree | nindent 6 }} containers: - args: - -collector-svc-addr={{.Values.webhook.collectorSvcAddr}} - -collector-svc-account={{.Values.webhook.collectorSvcAccount}} - -log-level={{.Values.webhook.logLevel}} - -cluster-domain={{.Values.clusterDomain}} - -linkerd-namespace={{.Values.linkerdNamespace}} - -enable-pprof={{.Values.enablePprof | default false}} image: {{.Values.webhook.image.name}}:{{default .Values.webhook.image.version .Values.linkerdVersion}} {{- with .Values.webhook.image.pullPolicy }} imagePullPolicy: {{.}} {{- end }} livenessProbe: httpGet: path: /ping port: 9995 initialDelaySeconds: 10 name: jaeger-injector ports: - containerPort: 8443 name: jaeger-injector - containerPort: 9995 name: admin-http readinessProbe: failureThreshold: 7 httpGet: path: /ready port: 9995 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: {{.Values.webhook.UID | default .Values.defaultUID}} runAsGroup: {{.Values.webhook.GID | default .Values.defaultGID}} seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /var/run/linkerd/tls name: tls readOnly: true {{- if .Values.webhook.resources -}} {{- include "partials.resources" .Values.webhook.resources | nindent 8 }} {{- end }} securityContext: seccompProfile: type: RuntimeDefault serviceAccountName: jaeger-injector volumes: - name: tls secret: secretName: jaeger-injector-k8s-tls --- kind: Service apiVersion: v1 metadata: name: jaeger-injector namespace: {{ .Release.Namespace }} labels: linkerd.io/extension: jaeger component: jaeger-injector {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} spec: type: ClusterIP selector: linkerd.io/extension: jaeger component: jaeger-injector ports: - name: jaeger-injector port: 443 targetPort: jaeger-injector