...
1# -- Namespace of the Linkerd core control-plane install
2linkerdNamespace: linkerd
3
4# -- Additional labels to add to all pods
5podLabels: {}
6
7# -- Labels to apply to all resources
8commonLabels: {}
9
10# -- Default nodeSelector section, See the
11# [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
12nodeSelector: &default_node_selector
13 kubernetes.io/os: linux
14
15# -- For Private docker registries, authentication is needed.
16# Registry secrets are applied to the respective service accounts
17imagePullSecrets: []
18# - name: my-private-docker-registry-login-secret
19
20# -- Default tolerations section, See the
21# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
22# for more information
23tolerations: &default_tolerations
24
25# -- Enables Pod Anti Affinity logic to balance the placement of replicas
26# across hosts and zones for High Availability.
27# Enable this only when you have multiple replicas of components.
28enablePodAntiAffinity: false
29
30# -- NodeAffinity section, See the
31# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)
32# for more information
33#nodeAffinity:
34
35# -- Creates a Job that adds necessary metadata to the extension's namespace
36# during install; disable if lack of privileges require doing this manually
37createNamespaceMetadataJob: true
38
39# -- Create Roles and RoleBindings to associate this extension's
40# ServiceAccounts to the control plane PSP resource. This requires that
41# `enabledPSP` is set to true on the control plane install. Note PSP has been
42# deprecated since k8s v1.21
43enablePSP: false
44
45# -- Default UID for all the jaeger components
46defaultUID: 2103
47
48# -- Default GID for all the jaeger components
49defaultGID: 2103
50
51# -- Specifies the number of old ReplicaSets to retain to allow rollback.
52revisionHistoryLimit: 10
53
54# -- Kubernetes DNS Domain name to use
55clusterDomain: cluster.local
56collector:
57 # -- Set to false to exclude collector installation
58 enabled: true
59 # -- Number of replicas of the collector component
60 replicas: 1
61 image:
62 name: otel/opentelemetry-collector-contrib
63 version: 0.83.0
64 pullPolicy: ""
65 command: /otelcol-contrib
66
67 resources:
68 cpu:
69 # -- Maximum amount of CPU units that the collector container can use
70 limit:
71 # -- Amount of CPU units that the collector container requests
72 request:
73 memory:
74 # -- Maximum amount of memory that collector container can use
75 limit:
76 # -- Amount of memory that the collector container requests
77 request:
78 ephemeral-storage:
79 # -- Maximum amount of ephemeral storage that the collector container can use
80 limit: ""
81 # -- Amount of ephemeral storage that the collector container requests
82 request: ""
83
84 # -- NodeSelector section, See the
85 # [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
86 nodeSelector: *default_node_selector
87 # -- Tolerations section, See the
88 # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
89 # for more information
90 tolerations: *default_tolerations
91
92 # -- UID for the collector resource
93 UID:
94
95 # -- GID for the collector resource
96 GID:
97
98 # -- OpenTelemetry Collector config, See the
99 # [Configuration docs](https://opentelemetry.io/docs/collector/configuration/)
100 # for more information
101 # @default -- see `value.yaml` for actual configuration
102 config:
103 receivers:
104 opencensus:
105 processors:
106 batch:
107 resource:
108 attributes:
109 - key: k8s.pod.name
110 from_attribute: host.name
111 action: insert
112 - key: k8s.namespace.name
113 from_attribute: linkerd.io/workload-ns
114 action: insert
115 k8sattributes:
116 auth_type: serviceAccount
117 pod_association:
118 - sources:
119 # - from: resource_attribute
120 # name: k8s.pod.ip
121 - from: resource_attribute
122 name: k8s.pod.name
123 - from: resource_attribute
124 name: k8s.namespace.name
125 extract:
126 metadata:
127 - k8s.pod.name
128 - k8s.pod.uid
129 - k8s.deployment.name
130 - k8s.node.name
131 - k8s.namespace.name
132 - k8s.pod.start_time
133 - k8s.replicaset.name
134 - k8s.replicaset.uid
135 - k8s.daemonset.name
136 - k8s.daemonset.uid
137 - k8s.job.name
138 - k8s.job.uid
139 - k8s.cronjob.name
140 - k8s.statefulset.name
141 - k8s.statefulset.uid
142 - container.image.name
143 - container.image.tag
144 - container.id
145 - k8s.container.name
146 - container.image.name
147 - container.image.tag
148 - container.id
149
150 labels:
151 - tag_name: kube_app_name
152 key: app.kubernetes.io/name
153 from: pod
154 - tag_name: kube_app_instance
155 key: app.kubernetes.io/instance
156 from: pod
157 - tag_name: kube_app_version
158 key: app.kubernetes.io/version
159 from: pod
160 - tag_name: kube_app_component
161 key: app.kubernetes.io/component
162 from: pod
163 - tag_name: kube_app_part_of
164 key: app.kubernetes.io/part-of
165 from: pod
166 - tag_name: kube_app_managed_by
167 key: app.kubernetes.io/managed-by
168 from: pod
169 extensions:
170 health_check:
171 exporters:
172 jaeger:
173 endpoint: jaeger.${POD_NAMESPACE}:14250
174 tls:
175 insecure: true
176 service:
177 extensions: [health_check]
178 pipelines:
179 traces:
180 receivers: [opencensus]
181 processors: [resource, k8sattributes, batch]
182 exporters: [jaeger]
183
184 # -- Collector Deployment env
185 env: []
186
187jaeger:
188 # -- Set to false to exclude all-in-one Jaeger installation
189 enabled: true
190 image:
191 name: jaegertracing/all-in-one
192 version: 1.31
193 pullPolicy: ""
194
195 # -- CLI arguments for Jaeger, See [Jaeger AIO Memory CLI reference](https://www.jaegertracing.io/docs/1.24/cli/#jaeger-all-in-one-memory)
196 args:
197 - --query.base-path=/jaeger
198
199 resources:
200 cpu:
201 # -- Maximum amount of CPU units that the jaeger container can use
202 limit:
203 # -- Amount of CPU units that the jaeger container requests
204 request:
205 memory:
206 # -- Maximum amount of memory that jaeger container can use
207 limit:
208 # -- Amount of memory that the jaeger container requests
209 request:
210 ephemeral-storage:
211 # -- Maximum amount of ephemeral storage that the jaeger container can use
212 limit: ""
213 # -- Amount of ephemeral storage that the jaeger container requests
214 request: ""
215
216 # -- NodeSelector section, See the
217 # [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
218 nodeSelector: *default_node_selector
219 # -- Tolerations section, See the
220 # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
221 # for more information
222 tolerations: *default_tolerations
223
224 # -- UID for the jaeger resource
225 UID:
226
227 # -- GID for the jaeger resource
228 GID:
229
230linkerdVersion: &linkerd_version linkerdVersionValue
231
232namespaceMetadata:
233 image:
234 # -- Docker registry for the namespace-metadata instance
235 registry: cr.l5d.io/linkerd
236 # -- Docker image name for the namespace-metadata instance
237 name: extension-init
238 # -- Docker image tag for the namespace-metadata instance
239 tag: v0.1.0
240 # -- Pull policy for the namespace-metadata instance
241 # @default -- imagePullPolicy
242 pullPolicy: ""
243
244 # -- NodeSelector section, See the
245 # [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
246 nodeSelector: *default_node_selector
247 # -- Tolerations section, See the
248 # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
249 # for more information
250 tolerations: *default_tolerations
251
252webhook:
253 # -- Number of replicas of the jaeger-injector component
254 replicas: 1
255 # -- Do not create a secret resource for the webhook.
256 # If this is set to `true`, the value `webhook.caBundle` must be set
257 # or the ca bundle must injected with cert-manager ca injector using
258 # `webhook.injectCaFrom` or `webhook.injectCaFromSecret` (see below).
259 externalSecret: false
260
261 # -- Certificate for the webhook. If not provided and not using an external secret
262 # then Helm will generate one.
263 crtPEM: |
264
265 # -- Certificate key for the webhook. If not provided and not using an external secret
266 # then Helm will generate one.
267 keyPEM: |
268
269 # -- Bundle of CA certificates for webhook.
270 # If not provided nor injected with cert-manager,
271 # then Helm will use the certificate generated for `webhook.crtPEM`.
272 # If `webhook.externalSecret` is set to true, this value, injectCaFrom, or
273 # injectCaFromSecret must be set, as no certificate will be generated.
274 # See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector) for more information.
275 caBundle: |
276
277 # -- Inject the CA bundle from a cert-manager Certificate.
278 # See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-certificate-resource)
279 # for more information.
280 injectCaFrom: ""
281
282 # -- Inject the CA bundle from a Secret.
283 # If set, the `cert-manager.io/inject-ca-from-secret` annotation will be added to the webhook.
284 # The Secret must have the CA Bundle stored in the `ca.crt` key and have
285 # the `cert-manager.io/allow-direct-injection` annotation set to `true`.
286 # See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-secret-resource)
287 # for more information.
288 injectCaFromSecret: ""
289
290 # -- collector service address for the proxies to send trace data.
291 # Points by default to the linkerd-jaeger collector
292 collectorSvcAddr: collector.linkerd-jaeger:55678
293 # -- service account associated with the collector instance
294 collectorSvcAccount: collector
295
296 failurePolicy: Ignore
297 image:
298 name: cr.l5d.io/linkerd/jaeger-webhook
299 version: *linkerd_version
300 pullPolicy: ""
301 logLevel: info
302
303 # -- Namespace selector used by admission webhook.
304 namespaceSelector:
305 matchExpressions:
306 - key: kubernetes.io/metadata.name
307 operator: NotIn
308 values:
309 - kube-system
310 objectSelector:
311 #matchLabels:
312 # foo: bar
313
314 resources:
315 cpu:
316 # -- Maximum amount of CPU units that the jaeger-injector container can use
317 limit:
318 # -- Amount of CPU units that the jaeger-injector container requests
319 request:
320 memory:
321 # -- Maximum amount of memory that jaeger-injector container can use
322 limit:
323 # -- Amount of memory that the jaeger-injector container requests
324 request:
325
326 # -- NodeSelector section, See the
327 # [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
328 nodeSelector: *default_node_selector
329 # -- Tolerations section, See the
330 # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
331 # for more information
332 tolerations: *default_tolerations
333
334 # -- UID for the webhook resource
335 UID:
336
337 # -- GID for the webhook resource
338 GID:
View as plain text