1---
2###
3### Tap
4###
5kind: Service
6apiVersion: v1
7metadata:
8 name: tap
9 namespace: {{ .Release.Namespace }}
10 labels:
11 linkerd.io/extension: viz
12 component: tap
13 namespace: {{.Release.Namespace}}
14 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
15 annotations:
16 {{ include "partials.annotations.created-by" . }}
17 {{- with .Values.tap.service.annotations }}{{ toYaml . | trim | nindent 4 }}{{- end }}
18 linkerd.io/inject: enabled
19spec:
20 type: ClusterIP
21 selector:
22 linkerd.io/extension: viz
23 component: tap
24 ports:
25 - name: grpc
26 port: 8088
27 targetPort: 8088
28 - name: apiserver
29 port: 443
30 targetPort: apiserver
31---
32{{- $tree := deepCopy . }}
33kind: Deployment
34apiVersion: apps/v1
35metadata:
36 annotations:
37 {{ include "partials.annotations.created-by" . }}
38 linkerd.io/inject: enabled
39 config.linkerd.io/proxy-await: "enabled"
40 labels:
41 linkerd.io/extension: viz
42 app.kubernetes.io/name: tap
43 app.kubernetes.io/part-of: Linkerd
44 app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}}
45 component: tap
46 namespace: {{.Release.Namespace}}
47 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
48 name: tap
49 namespace: {{ .Release.Namespace }}
50spec:
51 replicas: {{.Values.tap.replicas}}
52 revisionHistoryLimit: {{.Values.revisionHistoryLimit}}
53 selector:
54 matchLabels:
55 linkerd.io/extension: viz
56 component: tap
57 namespace: {{.Release.Namespace}}
58 {{- if .Values.enablePodAntiAffinity }}
59 strategy:
60 rollingUpdate:
61 maxUnavailable: 1
62 {{- end }}
63 template:
64 metadata:
65 annotations:
66 {{- if empty .Values.cliVersion }}
67 checksum/config: {{ include (print $.Template.BasePath "/tap-rbac.yaml") . | sha256sum }}
68 {{- end }}
69 {{ include "partials.annotations.created-by" . }}
70 {{- with .Values.tap.proxy }}
71 {{- include "partials.proxy.config.annotations" .resources | nindent 8 }}
72 {{- end }}
73 {{- with .Values.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
74 linkerd.io/inject: enabled
75 config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0"
76 cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
77 labels:
78 linkerd.io/extension: viz
79 component: tap
80 namespace: {{.Release.Namespace}}
81 {{- with .Values.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
82 spec:
83 {{- if .Values.tolerations -}}
84 {{- include "linkerd.tolerations" . | nindent 6 }}
85 {{- end -}}
86 {{- include "linkerd.node-selector" . | nindent 6 }}
87 {{- $_ := set $tree "component" "tap" -}}
88 {{- $_ := set $tree "label" "component" -}}
89 {{- include "linkerd.affinity" $tree | nindent 6 }}
90 containers:
91 - args:
92 - api
93 - -api-namespace={{.Values.linkerdNamespace}}
94 - -log-level={{.Values.tap.logLevel | default .Values.defaultLogLevel}}
95 - -log-format={{.Values.tap.logFormat | default .Values.defaultLogFormat}}
96 - -identity-trust-domain={{.Values.identityTrustDomain | default .Values.clusterDomain}}
97 - -enable-pprof={{.Values.enablePprof | default false}}
98 {{- if .Values.tap.ignoreHeaders }}
99 - -ignore-headers={{ .Values.tap.ignoreHeaders | join "," }}
100 {{- end }}
101 image: {{.Values.tap.image.registry | default .Values.defaultRegistry}}/{{.Values.tap.image.name}}:{{.Values.tap.image.tag | default .Values.linkerdVersion}}
102 imagePullPolicy: {{.Values.tap.image.pullPolicy | default .Values.defaultImagePullPolicy}}
103 livenessProbe:
104 httpGet:
105 path: /ping
106 port: 9998
107 initialDelaySeconds: 10
108 name: tap
109 ports:
110 - containerPort: 8088
111 name: grpc
112 - containerPort: 8089
113 name: apiserver
114 - containerPort: 9998
115 name: admin-http
116 readinessProbe:
117 failureThreshold: 7
118 httpGet:
119 path: /ready
120 port: 9998
121 {{- if .Values.tap.resources -}}
122 {{- include "partials.resources" .Values.tap.resources | nindent 8 }}
123 {{- end }}
124 securityContext:
125 allowPrivilegeEscalation: false
126 capabilities:
127 drop:
128 - ALL
129 readOnlyRootFilesystem: true
130 runAsNonRoot: true
131 runAsUser: {{.Values.tap.UID | default .Values.defaultUID}}
132 runAsGroup: {{.Values.tap.GID | default .Values.defaultGID}}
133 seccompProfile:
134 type: RuntimeDefault
135 volumeMounts:
136 - mountPath: /var/run/linkerd/tls
137 name: tls
138 readOnly: true
139 securityContext:
140 seccompProfile:
141 type: RuntimeDefault
142 serviceAccountName: tap
143 volumes:
144 - name: tls
145 secret:
146 secretName: tap-k8s-tls
147{{- if and .Values.enablePodDisruptionBudget (gt (int .Values.tap.replicas) 1) }}
148---
149kind: PodDisruptionBudget
150apiVersion: policy/v1
151metadata:
152 name: tap
153 namespace: {{ .Release.Namespace }}
154 labels:
155 linkerd.io/extension: viz
156 component: tap
157 namespace: {{.Release.Namespace}}
158 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
159 annotations:
160 {{ include "partials.annotations.created-by" . }}
161spec:
162 maxUnavailable: 1
163 selector:
164 matchLabels:
165 linkerd.io/extension: viz
166 component: tap
167{{- end }}
View as plain text