You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -148,14 +155,42 @@ style resources and are not needed in an installation which uses the new
148
155
|`tunnel.auditor.inboundRulesLuaScript`| All inbound traffic (from cluster to workstation) will pass thru this script (if defined) in the Envoy auditor, check [HTTP Lua filter](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/lua_filter#stream-handle-api) documentation for details |`""`|
149
156
|`tunnel.auditor.outboundRulesLuaScript`| All outbound traffic (from workstation to cluster) will pass thru this script (if defined) in the Envoy auditor, check [HTTP Lua filter](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/lua_filter#stream-handle-api) documentation for details |`""`|
150
157
||||
151
-
### Istio Parameters
158
+
### Istio parameters
152
159
153
160
When Istio is enabled (`istio.enabled: true`), the Signadot Operator manipulates Istio VirtualServices by applying new HTTPRoutes where appropriate to direct traffic to sandboxed workloads. You can configure the operator to add labels and annotations to these objects when they are in use by the operator. Note that these labels and annotations are only added when the object comes into use. This can be useful for temporarily disabling CI sync, amongst other possibilities.
154
161
162
+
Enabling Istio will activate the Istio proxy in the following components: in Signadot `agent` (for control-plane access to the cluster), in `tunnel-proxy` (to allow workstation access to the cluster via `signadot local connect`), and in the managed job runner group (for executing in-cluster smart tests).
|`istio.additionalAnnotations`| Annotations to add to istio VirtualServices if not present |`{}`|
159
168
|`istio.additionalLabels`| Labels to add to istio VirtualServices if not present |`{}`|
160
169
|`istio.enableDeprecatedHostRouting`| Enable sandbox routing by matching the `VirtualService.host` field. **This feature has been deprecated**. |`false`|
161
170
171
+
172
+
### Linkerd parameters
173
+
174
+
Enabling Linkerd will activate the Linkerd proxy in the following components: in Signadot `agent` (for control-plane access to the cluster), in `tunnel-proxy` (to allow workstation access to the cluster via `signadot local connect`), and in the managed job runner group (for executing in-cluster smart tests).
175
+
176
+
Note that, unlike with Istio, routing in Linkerd is not expressed via Linkerd CRDs, but by using the DevMesh sidecars in the relevant workloads.
customHeaders: {{ with .Values }}{{ with .routing }}{{ with .customHeaders }}{{ printf "\n"}}{{ toYaml . | indent 4}}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}
requestHeadersElide: {{ with .Values }}{{ with .trafficCapture }}{{ with .requestHeadersElide }}{{ printf "\n"}}{{ toYaml . | indent 4}}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}
20
+
responseHeadersElide: {{ with .Values }}{{ with .trafficCapture }}{{ with .responseHeadersElide }}{{ printf "\n"}}{{ toYaml . | indent 4}}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}
Copy file name to clipboardexpand all lines: signadot/operator/templates/agent-deployment.yaml
+13-2
Original file line number
Diff line number
Diff line change
@@ -1,4 +1,8 @@
1
1
# This file is generated. Do not edit.
2
+
{{- $istioEnabled := false -}}
3
+
{{- with .Values }}{{ with .istio }}{{- if hasKey . "enabled" }}{{ $istioEnabled = .enabled }}{{- end }}{{- end }}{{- end }}
4
+
{{- $linkerdEnabled := false -}}
5
+
{{- with .Values }}{{ with .linkerd }}{{- if hasKey . "enabled" }}{{ $linkerdEnabled = .enabled }}{{- end }}{{- end }}{{- end }}
2
6
{{ if not .Values.disableAgent }}
3
7
apiVersion: apps/v1
4
8
kind: Deployment
@@ -27,15 +31,22 @@ spec:
27
31
{{- range $key, $val := .Values.podAnnotations }}
28
32
{{ $key | quote }}: {{ $val | quote }}
29
33
{{- end }}
34
+
cluster-config-checksum: '{{ include (print $.Template.BasePath "/signadot-cluster-config-configmap.yaml")
35
+
. | sha256sum }}'
36
+
{{- if $linkerdEnabled }}
37
+
linkerd.io/inject: enabled
38
+
{{- end }}
30
39
labels:
31
40
app: signadot-agent
32
-
sidecar.istio.io/inject: "true"
33
41
{{- range $key, $val := .Values.commonLabels }}
34
42
{{ $key | quote }}: {{ $val | quote }}
35
43
{{- end }}
36
44
{{- range $key, $val := .Values.podLabels }}
37
45
{{ $key | quote }}: {{ $val | quote }}
38
46
{{- end }}
47
+
{{- if $istioEnabled }}
48
+
sidecar.istio.io/inject: "true"
49
+
{{- end }}
39
50
spec:
40
51
containers:
41
52
- args:
@@ -48,7 +59,7 @@ spec:
48
59
secretKeyRef:
49
60
key: token
50
61
name: cluster-agent
51
-
image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v0.19.0{{- end }}{{- else -}}signadot/agent:v0.19.0{{- end }}{{- else -}}signadot/agent:v0.19.0{{- end }}
62
+
image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v0.19.1{{- end }}{{- else -}}signadot/agent:v0.19.1{{- end }}{{- else -}}signadot/agent:v0.19.1{{- end }}
52
63
imagePullPolicy: {{ with .Values }}{{ with .agent }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
Copy file name to clipboardexpand all lines: signadot/operator/templates/io-context-server-deployment.yaml
+1-1
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ spec:
40
40
- /app/io-context-server
41
41
- -tls=secretns=signadot
42
42
- -port=8443
43
-
image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v0.19.0{{- end }}{{- else -}}signadot/io-context-server:v0.19.0{{- end }}{{- else -}}signadot/io-context-server:v0.19.0{{- end }}
43
+
image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v0.19.1{{- end }}{{- else -}}signadot/io-context-server:v0.19.1{{- end }}{{- else -}}signadot/io-context-server:v0.19.1{{- end }}
44
44
imagePullPolicy: {{ with .Values }}{{ with .ioContextServer }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
Copy file name to clipboardexpand all lines: signadot/operator/templates/routeserver-deployment.yaml
+1-1
Original file line number
Diff line number
Diff line change
@@ -36,7 +36,7 @@ spec:
36
36
{{- end }}
37
37
spec:
38
38
containers:
39
-
- image: {{ with .Values }}{{ with .routeServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-server:v0.19.0{{- end }}{{- else -}}signadot/route-server:v0.19.0{{- end }}{{- else -}}signadot/route-server:v0.19.0{{- end }}
39
+
- image: {{ with .Values }}{{ with .routeServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-server:v0.19.1{{- end }}{{- else -}}signadot/route-server:v0.19.1{{- end }}{{- else -}}signadot/route-server:v0.19.1{{- end }}
40
40
imagePullPolicy: {{ with .Values }}{{ with .routeServer }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
0 commit comments