Skip to content

Commit 265da96

Browse files
foxishfoxish
authored
Merge pull request #78 from signadot/cluster-config-control-plane-proxy
preparation for v1.0
2 parents f26fd96 + 3f405e4 commit 265da96

17 files changed

+361
-85
lines changed

signadot/operator/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,10 @@ type: application
66
# This is the chart version. This version number should be incremented each time you make changes
77
# to the chart and its templates, including the app version.
88
# Versions are expected to follow Semantic Versioning (https://semver.org/)
9-
version: "0.19.3"
9+
version: "1.0.0"
1010

1111
# This is the version number of the application being deployed. This version number should be
1212
# incremented each time you make changes to the application. Versions are not expected to
1313
# follow Semantic Versioning. They should reflect the version the application is using.
1414
# It is recommended to use it with quotes.
15-
appVersion: "0.19.3"
15+
appVersion: "1.0.0"

signadot/operator/README.md

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -73,12 +73,12 @@ kubectl delete ns signadot
7373
| Name | Description | Default |
7474
| ------------------------------- | --------------------------------------------------------------------------------------------------------- | ------- |
7575
| `allowedNamespaces` | Restrict the namespaces in which `signadot-controller-manager` will operate | `[]` |
76-
| `operator.replicas` | Number of replicas for `signadot-controller-manager` deployment | `2` |
76+
| `controllerManager.replicas` | Number of replicas for `signadot-controller-manager` deployment | `2` |
7777
| `sandboxTrafficManager.enabled` | Whether to enable the Sandbox Traffic Manager Sidecar on forked workloads | `true` |
7878
| `allowOrphanedResources` | Allow Signadot Custom Resources to exist in the cluster when not created or managed via the control plane | `false` |
7979

8080
ℹ️ For development clusters (such as Minikube, MicroK8s, or K3s), we recommend
81-
running the controller manager with `operator.replicas = 1` to minimize resource
81+
running the controller manager with `controllerManager.replicas = 1` to minimize resource
8282
usage. Note that increasing replicas (`replicas > 1`) does not replicate most
8383
controller functionality in parallel; only one replica is active at a time, and
8484
high availability operates in an active-passive manner, primarily benefiting
@@ -97,8 +97,8 @@ style resources and are not needed in an installation which uses the new
9797

9898
| Name | Description | Default |
9999
| ----------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------- |
100-
| `operator.image` | Operator image override | `signadot/operator:vX.Y.Z` |
101-
| `operator.imagePullPolicy` | Operator image pull policy | `IfNotPresent` |
100+
| `controllerManager.image` | Controller Manager image override | `signadot/controller-manager:vX.Y.Z` |
101+
| `controllerManager.imagePullPolicy` | Controller Manager image pull policy | `IfNotPresent` |
102102
| `agent.image` | Agent image override | `signadot/agent:vX.Y.Z` |
103103
| `agent.imagePullPolicy` | Agent image pull policy | `IfNotPresent` |
104104
| `routeServer.image` | Route Server image override | `signadot/route-server:vX.Y.Z` |
@@ -163,11 +163,11 @@ Default
163163
<tr>
164164
<td>
165165

166-
`operator.resources`
166+
`controllerManager.resources`
167167

168168
</td>
169169
<td>
170-
Operator resources
170+
Controller Manager resources
171171
</td>
172172
<td>
173173

@@ -529,6 +529,7 @@ Enabling Istio will activate the Istio proxy in the following components: in Sig
529529
| Name | Description | Default |
530530
| ----------------------------------- | --------------------------------------------------------------------------------------------------------- | ------- |
531531
| `istio.enabled` | Enable Istio integration | `false` |
532+
| `istio.operator.podLabels` | Pod Labels to add to signadot components which should use Istio | `{"sidecar.istio.io/inject": "true"}` |
532533
| `istio.additionalAnnotations` | Annotations to add to istio VirtualServices if not present | `{}` |
533534
| `istio.additionalLabels` | Labels to add to istio VirtualServices if not present | `{}` |
534535
| `istio.enableDeprecatedHostRouting` | Enable sandbox routing by matching the `VirtualService.host` field. **This feature has been deprecated**. | `false` |
@@ -543,6 +544,7 @@ Note that, unlike with Istio, routing in Linkerd is not expressed via Linkerd CR
543544
| Name | Description | Default |
544545
| ----------------- | ------------------------ | ------- |
545546
| `linkerd.enabled` | Enable Linkerd integration | `false` |
547+
| `linkerd.operator.podAnnotations` | Pod Annotations to add to signadot components which should use Linkerd |`{"linkerd.io/inject": "enabled"}` |
546548

547549

548550
### Routing parameters
@@ -561,3 +563,9 @@ Note that, unlike with Istio, routing in Linkerd is not expressed via Linkerd CR
561563
| `trafficCapture.enabled` | Enable traffic capture | `true` |
562564
| `trafficCapture.requestHeadersElide` | List of request headers to be elided from traffic captures | `[]` |
563565
| `trafficCapture.responseHeadersElide` | List of response headers to be elided from traffic captures | `[]` |
566+
567+
### Control plane parameters
568+
569+
| Name | Description | Default |
570+
| ------------------------------------- | ----------------------------------------------------------- | ------- |
571+
| `controlPlane.proxy` | Enable [control plane proxy](https://www.signadot.com/docs/concepts/architecture/control-plane#proxy-server) | `enabled` |

signadot/operator/templates/_helpers.tpl

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,25 @@ cluster config template
55
{{- define "compileClusterConfig" -}}
66
{{- $allowedNamespaces := (include "getAllowedNamespaces" . | fromJsonArray) -}}
77
allowedNamespaces: {{ if gt (len $allowedNamespaces) 0 }}{{ printf "\n" }}{{ toYaml $allowedNamespaces | indent 2}}{{- else -}}[]{{- end }}
8+
controlPlane:
9+
proxy: {{ if and (hasKey .Values "controlPlane") (hasKey .Values.controlPlane "proxy") -}}{{ .Values.controlPlane.proxy }}{{- else -}}enabled{{- end }}
810
allowOrphanedResources: {{ if hasKey .Values "allowOrphanedResources" -}}{{ toString .Values.allowOrphanedResources }}{{- else -}}false{{- end }}
911
routing:
1012
istio:
11-
enabled: {{ if and (hasKey .Values "istio") (hasKey .Values.istio "enabled") -}}{{ toString .Values.istio.enabled }}{{- else -}}false{{- end }}
12-
enableHostRouting: {{ if and (hasKey .Values "istio") (hasKey .Values.istio "enableDeprecatedHostRouting") -}}{{ toString .Values.istio.enableDeprecatedHostRouting }}{{- else -}}false{{- end }}
13+
enabled: {{ if and (hasKey .Values "istio") (hasKey .Values.istio "enabled") -}}{{ toString .Values.istio.enabled }}{{- else }}false{{- end }}
14+
operator:
15+
podLabels:{{- if and (hasKey .Values "istio") (hasKey .Values.istio "operator") (hasKey .Values.istio.operator "podLabels") (.Values.istio.operator.podLabels) }}
16+
{{ toYaml .Values.istio.operator.podLabels | indent 8}}{{- else }}
17+
{{"sidecar.istio.io/inject"}}: {{"true"}}
18+
{{- end}}
19+
enableHostRouting: {{ if and (hasKey .Values "istio") (hasKey .Values.istio "enableDeprecatedHostRouting") -}}{{ toString .Values.istio.enableDeprecatedHostRouting }}{{- else }} false{{- end }}
1320
linkerd:
14-
enabled: {{ if and (hasKey .Values "linkerd") (hasKey .Values.linkerd "enabled") -}}{{ toString .Values.linkerd.enabled }}{{- else -}}false{{- end }}
21+
enabled: {{ if and (hasKey .Values "linkerd") (hasKey .Values.linkerd "enabled") -}}{{ toString .Values.linkerd.enabled }}{{- else }}false{{- end }}
22+
operator:
23+
podAnnotations:{{- if and (hasKey .Values "linkerd") (hasKey .Values.linkerd "operator") (hasKey .Values.linkerd.operator "podAnnotations") (.Values.linkerd.operator.podAnnotations) }}
24+
{{ toYaml .Values.linkerd.operator.podAnnotations | indent 8}}{{- else }}
25+
{{"linkerd.io/inject"}}: {{"enabled"}}
26+
{{- end}}
1527
iptablesMode: {{ if and (hasKey .Values "routing") (hasKey .Values.routing "iptablesMode") -}}{{ .Values.routing.iptablesMode }}{{- else -}}legacy{{- end }}
1628
customHeaders: {{ with .Values }}{{ with .routing }}{{ with .customHeaders }}{{ printf "\n" }}{{ toYaml . | indent 4}}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}
1729
sandboxTrafficManager:
@@ -36,4 +48,4 @@ get allowed namespaces
3648
{{- else -}}
3749
[]
3850
{{- end }}
39-
{{- end }}
51+
{{- end }}

signadot/operator/templates/agent-deployment.yaml

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,13 @@ spec:
3636
cluster-config-checksum: '{{ include (print $.Template.BasePath "/signadot-cluster-config-configmap.yaml")
3737
. | sha256sum }}'
3838
{{- if $linkerdEnabled }}
39-
linkerd.io/inject: enabled
39+
{{- if and (hasKey .Values.linkerd "operator") (hasKey .Values.linkerd.operator "podAnnotations") (.Values.linkerd.operator.podAnnotations)}}
40+
{{- range $key, $val := .Values.linkerd.operator.podAnnotations }}
41+
{{ $key | quote }}: {{ $val | quote }}
42+
{{- end }}
43+
{{- else }}
44+
linkerd.io/inject: "enabled"
45+
{{- end }}
4046
{{- end }}
4147
labels:
4248
app: signadot-agent
@@ -47,12 +53,17 @@ spec:
4753
{{ $key | quote }}: {{ $val | quote }}
4854
{{- end }}
4955
{{- if $istioEnabled }}
56+
{{- if and (hasKey .Values.istio "operator") (hasKey .Values.istio.operator "podLabels") (.Values.istio.operator.podLabels) }}
57+
{{- range $key, $val := .Values.istio.operator.podLabels }}
58+
{{ $key | quote }}: {{ $val | quote }}
59+
{{- end }}
60+
{{- else }}
5061
sidecar.istio.io/inject: "true"
5162
{{- end }}
63+
{{- end }}
5264
spec:
5365
containers:
5466
- args:
55-
- --agent-token=$(AGENT_TOKEN)
5667
- --api-url=https://api.signadot.com
5768
- --tunnel-addr=tunnel.signadot.com:443
5869
env:
@@ -61,7 +72,7 @@ spec:
6172
secretKeyRef:
6273
key: token
6374
name: cluster-agent
64-
image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v0.19.3{{- end }}{{- else -}}signadot/agent:v0.19.3{{- end }}{{- else -}}signadot/agent:v0.19.3{{- end }}
75+
image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v1.0.0{{- end }}{{- else -}}signadot/agent:v1.0.0{{- end }}{{- else -}}signadot/agent:v1.0.0{{- end }}
6576
imagePullPolicy: {{ with .Values }}{{ with .agent }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
6677
livenessProbe:
6778
httpGet:

signadot/operator/templates/io-context-server-deployment.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ spec:
4040
- /app/io-context-server
4141
- -tls=secretns=signadot
4242
- -port=8443
43-
image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v0.19.3{{- end }}{{- else -}}signadot/io-context-server:v0.19.3{{- end }}{{- else -}}signadot/io-context-server:v0.19.3{{- end }}
43+
image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v1.0.0{{- end }}{{- else -}}signadot/io-context-server:v1.0.0{{- end }}{{- else -}}signadot/io-context-server:v1.0.0{{- end }}
4444
imagePullPolicy: {{ with .Values }}{{ with .ioContextServer }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
4545
name: io-context-server
4646
ports:

signadot/operator/templates/jobrunnergroups.signadot.com-customresourcedefinition.yaml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2700,6 +2700,39 @@ spec:
27002700
x-kubernetes-list-map-keys:
27012701
- name
27022702
x-kubernetes-list-type: map
2703+
resources:
2704+
properties:
2705+
claims:
2706+
items:
2707+
properties:
2708+
name:
2709+
type: string
2710+
request:
2711+
type: string
2712+
required:
2713+
- name
2714+
type: object
2715+
type: array
2716+
x-kubernetes-list-map-keys:
2717+
- name
2718+
x-kubernetes-list-type: map
2719+
limits:
2720+
additionalProperties:
2721+
anyOf:
2722+
- type: integer
2723+
- type: string
2724+
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2725+
x-kubernetes-int-or-string: true
2726+
type: object
2727+
requests:
2728+
additionalProperties:
2729+
anyOf:
2730+
- type: integer
2731+
- type: string
2732+
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2733+
x-kubernetes-int-or-string: true
2734+
type: object
2735+
type: object
27032736
restartPolicy:
27042737
type: string
27052738
runtimeClassName:
@@ -2742,6 +2775,8 @@ spec:
27422775
runAsUser:
27432776
format: int64
27442777
type: integer
2778+
seLinuxChangePolicy:
2779+
type: string
27452780
seLinuxOptions:
27462781
properties:
27472782
level:

0 commit comments

Comments
 (0)