1# linkerd-viz
2
3The Linkerd-Viz extension contains observability and visualization
4components for Linkerd.
5
6
7
8
9
10**Homepage:** <https://linkerd.io>
11
12## Quickstart and documentation
13
14You can run Linkerd on any Kubernetes cluster in a matter of seconds. See the
15[Linkerd Getting Started Guide][getting-started] for how.
16
17For more comprehensive documentation, start with the [Linkerd
18docs][linkerd-docs].
19
20## Prerequisite: Linkerd Core Control-Plane
21
22Before installing the Linkerd Viz extension, The core control-plane has to
23be installed first by following the [Linkerd Install
24Guide](https://linkerd.io/2/tasks/install/).
25
26## Adding Linkerd's Helm repository
27
28```bash
29# To add the repo for Linkerd edge releases:
30helm repo add linkerd https://helm.linkerd.io/edge
31```
32
33## Installing the Viz Extension Chart
34
35```bash
36helm install linkerd-viz -n linkerd-viz --create-namespace linkerd/linkerd-viz
37```
38
39## Get involved
40
41* Check out Linkerd's source code at [GitHub][linkerd2].
42* Join Linkerd's [user mailing list][linkerd-users], [developer mailing
43 list][linkerd-dev], and [announcements mailing list][linkerd-announce].
44* Follow [@linkerd][twitter] on Twitter.
45* Join the [Linkerd Slack][slack].
46
47[getting-started]: https://linkerd.io/2/getting-started/
48[linkerd2]: https://github.com/linkerd/linkerd2
49[linkerd-announce]: https://lists.cncf.io/g/cncf-linkerd-announce
50[linkerd-dev]: https://lists.cncf.io/g/cncf-linkerd-dev
51[linkerd-docs]: https://linkerd.io/2/overview/
52[linkerd-users]: https://lists.cncf.io/g/cncf-linkerd-users
53[slack]: http://slack.linkerd.io
54[twitter]: https://twitter.com/linkerd
55
56## Requirements
57
58Kubernetes: `>=1.22.0-0`
59
60| Repository | Name | Version |
61|------------|------|---------|
62| file://../../../charts/partials | partials | 0.1.0 |
63
64## Values
65
66| Key | Type | Default | Description |
67|-----|------|---------|-------------|
68| clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use |
69| commonLabels | object | `{}` | Labels to apply to all resources |
70| createNamespaceMetadataJob | bool | `true` | Creates a Job that adds necessary metadata to the extension's namespace during install; disable if lack of privileges require doing this manually |
71| dashboard.GID | string | `nil` | GID for the dashboard resource |
72| dashboard.UID | string | `nil` | UID for the dashboard resource |
73| dashboard.enforcedHostRegexp | string | `""` | Host header validation regex for the dashboard. See the [Linkerd documentation](https://linkerd.io/2/tasks/exposing-dashboard) for more information |
74| dashboard.image.name | string | `"web"` | Docker image name for the web instance |
75| dashboard.image.pullPolicy | string | defaultImagePullPolicy | Pull policy for the web component |
76| dashboard.image.registry | string | defaultRegistry | Docker registry for the web instance |
77| dashboard.image.tag | string | linkerdVersion | Docker image tag for the web instance |
78| dashboard.logFormat | string | defaultLogFormat | log format of the dashboard component |
79| dashboard.logLevel | string | defaultLogLevel | log level of the dashboard component |
80| dashboard.proxy | string | `nil` | |
81| dashboard.replicas | int | `1` | Number of replicas of dashboard |
82| dashboard.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the web container can use |
83| dashboard.resources.cpu.request | string | `nil` | Amount of CPU units that the web container requests |
84| dashboard.resources.ephemeral-storage.limit | string | `""` | Maximum amount of ephemeral storage that the web container can use |
85| dashboard.resources.ephemeral-storage.request | string | `""` | Amount of ephemeral storage that the web container requests |
86| dashboard.resources.memory.limit | string | `nil` | Maximum amount of memory that web container can use |
87| dashboard.resources.memory.request | string | `nil` | Amount of memory that the web container requests |
88| dashboard.restrictPrivileges | bool | `false` | Restrict the Linkerd Dashboard's default privileges to disallow Tap and Check |
89| dashboard.service | object | `{"annotations":{}}` | dashboard service configuration |
90| dashboard.service.annotations | object | `{}` | Additional annotations to add to dashboard service |
91| defaultGID | int | `2103` | GID for all the viz components |
92| defaultImagePullPolicy | string | `"IfNotPresent"` | Docker imagePullPolicy for all viz components |
93| defaultLogFormat | string | `"plain"` | Log format (`plain` or `json`) for all the viz components. |
94| defaultLogLevel | string | `"info"` | Log level for all the viz components |
95| defaultRegistry | string | `"cr.l5d.io/linkerd"` | Docker registry for all viz components |
96| defaultUID | int | `2103` | UID for all the viz components |
97| enablePSP | bool | `false` | Create Roles and RoleBindings to associate this extension's ServiceAccounts to the control plane PSP resource. This requires that `enabledPSP` is set to true on the control plane install. Note PSP has been deprecated since k8s v1.21 |
98| enablePodAntiAffinity | bool | `false` | Enables Pod Anti Affinity logic to balance the placement of replicas across hosts and zones for High Availability. Enable this only when you have multiple replicas of components. |
99| enablePodDisruptionBudget | bool | `false` | enables the creation of pod disruption budgets for tap, tap-injector, web and metrics-api components |
100| grafana.externalUrl | string | `nil` | url of a Grafana instance hosted off-cluster. Cannot be set if grafana.url is set. The reverse proxy will not be used for this URL. |
101| grafana.uidPrefix | string | `nil` | prefix for Grafana dashboard UID's, used when grafana.externalUrl is set. |
102| grafana.url | string | `nil` | url of an in-cluster Grafana instance with reverse proxy configured, used by the Linkerd viz web dashboard to provide direct links to specific Grafana dashboards. Cannot be set if grafana.externalUrl is set. See the [Linkerd documentation](https://linkerd.io/2/tasks/grafana) for more information |
103| identityTrustDomain | string | clusterDomain | Trust domain used for identity |
104| imagePullSecrets | list | `[]` | For Private docker registries, authentication is needed. Registry secrets are applied to the respective service accounts |
105| jaegerUrl | string | `""` | url of external jaeger instance Set this to `jaeger.linkerd-jaeger.svc.<clusterDomain>:16686` if you plan to use jaeger extension |
106| linkerdNamespace | string | `"linkerd"` | Namespace of the Linkerd core control-plane install |
107| linkerdVersion | string | `"linkerdVersionValue"` | control plane version. See Proxy section for proxy version |
108| metricsAPI.GID | string | `nil` | GID for the metrics-api resource |
109| metricsAPI.UID | string | `nil` | UID for the metrics-api resource |
110| metricsAPI.image.name | string | `"metrics-api"` | Docker image name for the metrics-api component |
111| metricsAPI.image.pullPolicy | string | defaultImagePullPolicy | Pull policy for the metrics-api component |
112| metricsAPI.image.registry | string | defaultRegistry | Docker registry for the metrics-api component |
113| metricsAPI.image.tag | string | linkerdVersion | Docker image tag for the metrics-api component |
114| metricsAPI.logFormat | string | defaultLogFormat | log format of the metrics-api component |
115| metricsAPI.logLevel | string | defaultLogLevel | log level of the metrics-api component |
116| metricsAPI.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
117| metricsAPI.proxy | string | `nil` | |
118| metricsAPI.replicas | int | `1` | Number of replicas of the metrics-api component |
119| metricsAPI.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the metrics-api container can use |
120| metricsAPI.resources.cpu.request | string | `nil` | Amount of CPU units that the metrics-api container requests |
121| metricsAPI.resources.ephemeral-storage.limit | string | `""` | Maximum amount of ephemeral storage that the metrics-api container can use |
122| metricsAPI.resources.ephemeral-storage.request | string | `""` | Amount of ephemeral storage that the metrics-api container requests |
123| metricsAPI.resources.memory.limit | string | `nil` | Maximum amount of memory that metrics-api container can use |
124| metricsAPI.resources.memory.request | string | `nil` | Amount of memory that the metrics-api container requests |
125| metricsAPI.service | object | `{"annotations":{}}` | metrics-api service configuration |
126| metricsAPI.service.annotations | object | `{}` | Additional annotations to add to metrics-api service |
127| metricsAPI.tolerations | string | `nil` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
128| namespaceMetadata.image.name | string | `"extension-init"` | Docker image name for the namespace-metadata instance |
129| namespaceMetadata.image.pullPolicy | string | defaultImagePullPolicy | Pull policy for the namespace-metadata instance |
130| namespaceMetadata.image.registry | string | defaultRegistry | Docker registry for the namespace-metadata instance |
131| namespaceMetadata.image.tag | string | `"v0.1.0"` | Docker image tag for the namespace-metadata instance |
132| namespaceMetadata.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
133| namespaceMetadata.tolerations | string | `nil` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
134| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default nodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
135| podLabels | object | `{}` | Additional labels to add to all pods |
136| prometheus.alertRelabelConfigs | string | `nil` | Alert relabeling is applied to alerts before they are sent to the Alertmanager. |
137| prometheus.alertmanagers | string | `nil` | Alertmanager instances the Prometheus server sends alerts to configured via the static_configs parameter. |
138| prometheus.args | object | `{"config.file":"/etc/prometheus/prometheus.yml","storage.tsdb.path":"/data","storage.tsdb.retention.time":"6h"}` | Command line options for Prometheus binary |
139| prometheus.enabled | bool | `true` | toggle field to enable or disable prometheus |
140| prometheus.globalConfig | object | `{"evaluation_interval":"10s","scrape_interval":"10s","scrape_timeout":"10s"}` | The global configuration specifies parameters that are valid in all other configuration contexts. |
141| prometheus.image.name | string | `"prometheus"` | Docker image name for the prometheus instance |
142| prometheus.image.pullPolicy | string | defaultImagePullPolicy | Pull policy for the prometheus instance |
143| prometheus.image.registry | string | `"prom"` | Docker registry for the prometheus instance |
144| prometheus.image.tag | string | `"v2.48.1"` | Docker image tag for the prometheus instance |
145| prometheus.logFormat | string | defaultLogLevel | log format (plain, json) of the prometheus instance |
146| prometheus.logLevel | string | defaultLogLevel | log level of the prometheus instance |
147| prometheus.metricRelabelConfigs | string | `nil` | A metricRelabelConfigs section allows to drop high cardinality metrics. *NOTE:* Please use with caution. Some metrics are needed for linkerd-viz to function properly. |
148| prometheus.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
149| prometheus.podAnnotations | object | `{}` | annotations for the prometheus pod |
150| prometheus.proxy | string | `nil` | |
151| prometheus.remoteWrite | string | `nil` | Allows transparently sending samples to an endpoint. Mostly used for long term storage. |
152| prometheus.resources | object | `{"cpu":{"limit":null,"request":null},"ephemeral-storage":{"limit":"","request":""},"memory":{"limit":null,"request":null}}` | Prometheus data volume size. size: |
153| prometheus.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the prometheus container can use |
154| prometheus.resources.cpu.request | string | `nil` | Amount of CPU units that the prometheus container requests |
155| prometheus.resources.ephemeral-storage.limit | string | `""` | Maximum amount of ephemeral storage that the prometheus container can use |
156| prometheus.resources.ephemeral-storage.request | string | `""` | Amount of ephemeral storage that the prometheus container requests |
157| prometheus.resources.memory.limit | string | `nil` | Maximum amount of memory that prometheus container can use |
158| prometheus.resources.memory.request | string | `nil` | Amount of memory that the prometheus container requests |
159| prometheus.ruleConfigMapMounts | string | `nil` | Alerting/recording rule ConfigMap mounts (sub-path names must end in ´_rules.yml´ or ´_rules.yaml´) |
160| prometheus.scrapeConfigs | string | `nil` | A scrapeConfigs section specifies a set of targets and parameters describing how to scrape them. |
161| prometheus.sidecarContainers | string | `nil` | A sidecarContainers section specifies a list of secondary containers to run in the prometheus pod e.g. to export data to non-prometheus systems |
162| prometheus.tolerations | string | `nil` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
163| prometheusUrl | string | `""` | url of external prometheus instance |
164| revisionHistoryLimit | int | `10` | Specifies the number of old ReplicaSets to retain to allow rollback. |
165| tap.GID | string | `nil` | GID for the tap component |
166| tap.UID | string | `nil` | UID for the tap component |
167| tap.caBundle | string | `""` | Bundle of CA certificates for tap. If not provided nor injected with cert-manager, then Helm will use the certificate generated for `tap.crtPEM`. If `tap.externalSecret` is set to true, this value, injectCaFrom, or injectCaFromSecret must be set, as no certificate will be generated. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector) for more information. |
168| tap.crtPEM | string | `""` | Certificate for the Tap component. If not provided and not using an external secret then Helm will generate one. |
169| tap.externalSecret | bool | `false` | Do not create a secret resource for the Tap component. If this is set to `true`, the value `tap.caBundle` must be set or the ca bundle must injected with cert-manager ca injector using `tap.injectCaFrom` or `tap.injectCaFromSecret` (see below). |
170| tap.ignoreHeaders | list | `[]` | List of headers that will be ignored for Linkerd Tap |
171| tap.image.name | string | `"tap"` | Docker image name for the tap instance |
172| tap.image.pullPolicy | string | defaultImagePullPolicy | Pull policy for the tap component |
173| tap.image.registry | string | defaultRegistry | Docker registry for the tap instance |
174| tap.image.tag | string | linkerdVersion | Docker image tag for the tap instance |
175| tap.injectCaFrom | string | `""` | Inject the CA bundle from a cert-manager Certificate. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-certificate-resource) for more information. |
176| tap.injectCaFromSecret | string | `""` | Inject the CA bundle from a Secret. If set, the `cert-manager.io/inject-ca-from-secret` annotation will be added to the webhook. The Secret must have the CA Bundle stored in the `ca.crt` key and have the `cert-manager.io/allow-direct-injection` annotation set to `true`. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-secret-resource) for more information. |
177| tap.keyPEM | string | `""` | Certificate key for Tap component. If not provided and not using an external secret then Helm will generate one. |
178| tap.logFormat | string | defaultLogFormat | log format of the tap component |
179| tap.logLevel | string | defaultLogLevel | log level of the tap component |
180| tap.proxy | string | `nil` | |
181| tap.replicas | int | `1` | Number of tap component replicas |
182| tap.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the tap container can use |
183| tap.resources.cpu.request | string | `nil` | Amount of CPU units that the tap container requests |
184| tap.resources.ephemeral-storage.limit | string | `""` | Maximum amount of ephemeral storage that the tap container can use |
185| tap.resources.ephemeral-storage.request | string | `""` | Amount of ephemeral storage that the tap container requests |
186| tap.resources.memory.limit | string | `nil` | Maximum amount of memory that tap container can use |
187| tap.resources.memory.request | string | `nil` | Amount of memory that the tap container requests |
188| tap.service | object | `{"annotations":{}}` | tap service configuration |
189| tap.service.annotations | object | `{}` | Additional annotations to add to tap service |
190| tapInjector.GID | string | `nil` | GID for the tapInjector resource |
191| tapInjector.UID | string | `nil` | UID for the tapInjector resource |
192| tapInjector.caBundle | string | `""` | Bundle of CA certificates for the tapInjector. If not provided nor injected with cert-manager, then Helm will use the certificate generated for `tapInjector.crtPEM`. If `tapInjector.externalSecret` is set to true, this value, injectCaFrom, or injectCaFromSecret must be set, as no certificate will be generated. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector) for more information. |
193| tapInjector.crtPEM | string | `""` | Certificate for the tapInjector. If not provided and not using an external secret then Helm will generate one. |
194| tapInjector.externalSecret | bool | `false` | Do not create a secret resource for the tapInjector webhook. If this is set to `true`, the value `tapInjector.caBundle` must be set or the ca bundle must injected with cert-manager ca injector using `tapInjector.injectCaFrom` or `tapInjector.injectCaFromSecret` (see below). |
195| tapInjector.failurePolicy | string | `"Ignore"` | |
196| tapInjector.image.name | string | `"tap"` | Docker image name for the tapInjector instance |
197| tapInjector.image.pullPolicy | string | defaultImagePullPolicy | Pull policy for the tapInjector component |
198| tapInjector.image.registry | string | defaultRegistry | Docker registry for the tapInjector instance |
199| tapInjector.image.tag | string | linkerdVersion | Docker image tag for the tapInjector instance |
200| tapInjector.injectCaFrom | string | `""` | Inject the CA bundle from a cert-manager Certificate. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-certificate-resource) for more information. |
201| tapInjector.injectCaFromSecret | string | `""` | Inject the CA bundle from a Secret. If set, the `cert-manager.io/inject-ca-from-secret` annotation will be added to the webhook. The Secret must have the CA Bundle stored in the `ca.crt` key and have the `cert-manager.io/allow-direct-injection` annotation set to `true`. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-secret-resource) for more information. |
202| tapInjector.keyPEM | string | `""` | Certificate key for the tapInjector. If not provided and not using an external secret then Helm will generate one. |
203| tapInjector.logFormat | string | defaultLogFormat | log format of the tapInjector component |
204| tapInjector.logLevel | string | defaultLogLevel | log level of the tapInjector |
205| tapInjector.namespaceSelector | object | `{"matchExpressions":[{"key":"kubernetes.io/metadata.name","operator":"NotIn","values":["kube-system"]}]}` | Namespace selector used by admission webhook. |
206| tapInjector.objectSelector | string | `nil` | |
207| tapInjector.proxy | string | `nil` | |
208| tapInjector.replicas | int | `1` | Number of replicas of tapInjector |
209| tapInjector.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the tapInjector container can use |
210| tapInjector.resources.cpu.request | string | `nil` | Amount of CPU units that the tapInjector container requests |
211| tapInjector.resources.ephemeral-storage.limit | string | `""` | Maximum amount of ephemeral storage that the tapInjector container can use |
212| tapInjector.resources.ephemeral-storage.request | string | `""` | Amount of ephemeral storage that the tapInjector container requests |
213| tapInjector.resources.memory.limit | string | `nil` | Maximum amount of memory that tapInjector container can use |
214| tapInjector.resources.memory.request | string | `nil` | Amount of memory that the tapInjector container requests |
215| tapInjector.service | object | `{"annotations":{}}` | tap service configuration |
216| tapInjector.service.annotations | object | `{}` | Additional annotations to add to tapInjector service |
217| tolerations | string | `nil` | Default tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
218
219----------------------------------------------
220Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
View as plain text