Skip to content

Commit

Permalink
Make the auto-injector required and removed proxy-auto-inject flag (l…
Browse files Browse the repository at this point in the history 
…inkerd#2733)

Make the auto-injector required and removed proxy-auto-inject flag

Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
  • Loading branch information
@alpeb
alpeb authored Apr 24, 2019
1 parent c062cf4 commit 53bb7c4
Show file tree
Hide file tree
Showing 25 changed files with 1,543 additions and 1,893 deletions.
2 changes: 1 addition & 1 deletion bin/test-run
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ function run_upgrade_test() {
install_edge $edge_namespace

printf "Upgrading release [%s] to [%s]\n" "$edge_version" "$linkerd_version"
run_test "$test_directory/install_test.go" --upgrade-from-version=$edge_version --linkerd-namespace=$edge_namespace --proxy-auto-inject || exit_code=$?
run_test "$test_directory/install_test.go" --upgrade-from-version=$edge_version --linkerd-namespace=$edge_namespace || exit_code=$?
}

linkerd_path=$1
Expand Down
2 changes: 0 additions & 2 deletions chart/templates/namespace.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ kind: Namespace
apiVersion: v1
metadata:
name: {{.Namespace}}
{{- if .ProxyAutoInjectEnabled }}
annotations:
{{.ProxyInjectAnnotation}}: {{.ProxyInjectDisabled}}
{{- end }}
{{end -}}
2 changes: 0 additions & 2 deletions chart/templates/proxy_injector-rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
{{with .Values -}}
{{if .ProxyAutoInjectEnabled -}}
---
###
### Proxy Injector RBAC
Expand Down Expand Up @@ -43,4 +42,3 @@ roleRef:
name: linkerd-{{.Namespace}}-proxy-injector
apiGroup: rbac.authorization.k8s.io
{{end -}}
{{end -}}
3 changes: 0 additions & 3 deletions chart/templates/proxy_injector.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
{{with .Values -}}
{{if .ProxyAutoInjectEnabled -}}
---
###
### Proxy Injector
Expand Down Expand Up @@ -78,6 +77,4 @@ spec:
- name: proxy-injector
port: 443
targetPort: proxy-injector
---
{{end -}}
{{end -}}
51 changes: 17 additions & 34 deletions cli/cmd/install.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"io/ioutil"
"os"
"path"
"strings"
"time"

"github.com/golang/protobuf/ptypes"
Expand Down Expand Up @@ -52,7 +53,6 @@ type (
ControllerComponentLabel string
CreatedByAnnotation string
ProxyContainerName string
ProxyAutoInjectEnabled bool
ProxyInjectAnnotation string
ProxyInjectDisabled string
ControllerUID int64
Expand Down Expand Up @@ -108,7 +108,6 @@ type (
controlPlaneVersion string
controllerReplicas uint
controllerLogLevel string
proxyAutoInject bool
highAvailability bool
controllerUID int64
disableH2Upgrade bool
Expand Down Expand Up @@ -158,7 +157,6 @@ func newInstallOptionsWithDefaults() *installOptions {
controlPlaneVersion: version.Version,
controllerReplicas: defaultControllerReplicas,
controllerLogLevel: "info",
proxyAutoInject: false,
highAvailability: false,
controllerUID: 2103,
disableH2Upgrade: false,
Expand Down Expand Up @@ -308,10 +306,6 @@ func (options *installOptions) recordableFlagSet() *pflag.FlagSet {
&options.controllerLogLevel, "controller-log-level", options.controllerLogLevel,
"Log level for the controller and web components",
)
flags.BoolVar(
&options.proxyAutoInject, "proxy-auto-inject", options.proxyAutoInject,
"Enable proxy sidecar auto-injection via a webhook (default false)",
)
flags.BoolVar(
&options.highAvailability, "ha", options.highAvailability,
"Experimental: Enable HA deployment config for the control plane (default false)",
Expand Down Expand Up @@ -456,15 +450,14 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*ins
ProxyInjectDisabled: k8s.ProxyInjectDisabled,

// Controller configuration:
Namespace: controlPlaneNamespace,
UUID: configs.GetInstall().GetUuid(),
ControllerReplicas: options.controllerReplicas,
ControllerLogLevel: options.controllerLogLevel,
ControllerUID: options.controllerUID,
EnableH2Upgrade: !options.disableH2Upgrade,
NoInitContainer: options.noInitContainer,
ProxyAutoInjectEnabled: options.proxyAutoInject,
PrometheusLogLevel: toPromLogLevel(options.controllerLogLevel),
Namespace: controlPlaneNamespace,
UUID: configs.GetInstall().GetUuid(),
ControllerReplicas: options.controllerReplicas,
ControllerLogLevel: options.controllerLogLevel,
ControllerUID: options.controllerUID,
EnableH2Upgrade: !options.disableH2Upgrade,
NoInitContainer: options.noInitContainer,
PrometheusLogLevel: toPromLogLevel(options.controllerLogLevel),

Configs: configJSONs{
Global: globalJSON,
Expand Down Expand Up @@ -635,17 +628,11 @@ func (options *installOptions) configs(identity *pb.IdentityContext) *pb.All {
}

func (options *installOptions) globalConfig(identity *pb.IdentityContext) *pb.Global {
var autoInjectContext *pb.AutoInjectContext
if options.proxyAutoInject {
autoInjectContext = &pb.AutoInjectContext{}
}

return &pb.Global{
LinkerdNamespace: controlPlaneNamespace,
AutoInjectContext: autoInjectContext,
CniEnabled: options.noInitContainer,
Version: options.controlPlaneVersion,
IdentityContext: identity,
LinkerdNamespace: controlPlaneNamespace,
CniEnabled: options.noInitContainer,
Version: options.controlPlaneVersion,
IdentityContext: identity,
}
}

Expand Down Expand Up @@ -933,18 +920,14 @@ func validateArgs(args []string, flags *pflag.FlagSet, installOnlyFlags *pflag.F
combinedFlags.AddFlagSet(flags)
combinedFlags.AddFlagSet(installOnlyFlags)

var err error
invalidFlags := make([]string, 0)
combinedFlags.VisitAll(func(f *pflag.Flag) {
if f.Changed {
switch f.Name {
// TODO: remove "proxy-auto-inject" when it becomes default
case "proxy-auto-inject":
default:
err = fmt.Errorf("flag not available for config stage: --%s", f.Name)
}
invalidFlags = append(invalidFlags, f.Name)
}
})
if err != nil {
if len(invalidFlags) > 0 {
err := fmt.Errorf("flags not available for config stage: --%s", strings.Join(invalidFlags, ", --"))
return "", err
}
}
Expand Down
11 changes: 0 additions & 11 deletions cli/cmd/install_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,6 @@ func TestRender(t *testing.T) {
ControllerComponentLabel: "ControllerComponentLabel",
CreatedByAnnotation: "CreatedByAnnotation",
ProxyContainerName: "ProxyContainerName",
ProxyAutoInjectEnabled: true,
ProxyInjectAnnotation: "ProxyInjectAnnotation",
ProxyInjectDisabled: "ProxyInjectDisabled",
ControllerUID: 2103,
Expand Down Expand Up @@ -83,15 +82,6 @@ func TestRender(t *testing.T) {
noInitContainerOptions.noInitContainer = true
noInitContainerValues, noInitContainerConfig, _ := noInitContainerOptions.validateAndBuild("", nil)

noInitContainerWithProxyAutoInjectOptions := testInstallOptions()
noInitContainerWithProxyAutoInjectOptions.recordedFlags = []*config.Install_Flag{
{Name: "linkerd-cni-enabled", Value: "true"},
{Name: "proxy-auto-inject", Value: "true"},
}
noInitContainerWithProxyAutoInjectOptions.noInitContainer = true
noInitContainerWithProxyAutoInjectOptions.proxyAutoInject = true
noInitContainerWithProxyAutoInjectValues, noInitContainerWithProxyAutoInjectConfig, _ := noInitContainerWithProxyAutoInjectOptions.validateAndBuild("", nil)

testCases := []struct {
values *installValues
configs *config.All
Expand All @@ -104,7 +94,6 @@ func TestRender(t *testing.T) {
{haValues, haConfig, "install_ha_output.golden"},
{haWithOverridesValues, haWithOverridesConfig, "install_ha_with_overrides_output.golden"},
{noInitContainerValues, noInitContainerConfig, "install_no_init_container.golden"},
{noInitContainerWithProxyAutoInjectValues, noInitContainerWithProxyAutoInjectConfig, "install_no_init_container_auto_inject.golden"},
}

for i, tc := range testCases {
Expand Down
44 changes: 44 additions & 0 deletions cli/cmd/testdata/install_config.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ kind: Namespace
apiVersion: v1
metadata:
name: linkerd
annotations:
linkerd.io/inject: disabled
---
###
### Identity Controller Service RBAC
Expand Down Expand Up @@ -135,6 +137,48 @@ subjects:
namespace: linkerd
---
###
### Proxy Injector RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create", "get", "delete"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["list", "get", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["list", "get", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
subjects:
- kind: ServiceAccount
name: linkerd-proxy-injector
namespace: linkerd
apiGroup: ""
roleRef:
kind: ClusterRole
name: linkerd-linkerd-proxy-injector
apiGroup: rbac.authorization.k8s.io
---
###
### Service Profile Validator RBAC
###
---
Expand Down
Loading

0 comments on commit 53bb7c4

Please sign in to comment.