platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

feat: Add helmfile for linkerd

Browse Source
This commit is contained in:
Moritz Jörg
2025-06-24 16:51:57 +02:00
parent 18b52e8a7d
commit 8f6723a299
5 changed files with 193 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
helmfile.d/linkerd.yaml.gotmpl
+47
View File
@@ -0,0 +1,47 @@
bases:
- ../envs/environments.yaml.gotmpl
repositories:
- name: linkerd
url: 'https://helm.linkerd.io/stable'
commonLabels:
tier: system
apiVersions:
- monitoring.coreos.com/v1
releases:
- name: linkerd
namespace: linkerd
chart: linkerd/linkerd-control-plane
version: 1.9.3
condition: linkerd.enabled
values:
- ../values/linkerd/values/linkerd.yaml.gotmpl
- ../values/linkerd/values/linkerd-{{ .Environment.Name }}.yaml.gotmpl
postRenderer: ../bin/kustomizer
postRendererArgs:
- ../values/linkerd/kustomize/{{ .Environment.Name }}
missingFileHandler: Info
- name: manifests
namespace: linkerd
chart: manifests
condition: linkerd.enabled
missingFileHandler: Info
values:
- ../values/env.yaml
- ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
- ../values/linkerd/env.yaml.gotmpl
- ../values/linkerd/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
hooks:
- events: [ prepare, cleanup ]
showlogs: true
command: ../bin/helmify
args:
- '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
- '{{`{{ .Release.Chart }}`}}'
- '{{`{{ .Environment.Name }}`}}'
- ../values/linkerd/manifests
- manifests
values/ingress-nginx/values/ingress-nginx.yaml.gotmpl
+5
View File
@@ -13,6 +13,11 @@ controller:
cpu: {{ .Values.nginx.resources.controller.cpu }} cpu: {{ .Values.nginx.resources.controller.cpu }}
memory: {{ .Values.nginx.resources.controller.memory }} memory: {{ .Values.nginx.resources.controller.memory }}
{{if eq .Values.clusterConfig.cluster "ekman"}}
config:
worker-prcesses: 32
{{end }}
ingressClassResource: ingressClassResource:
default: true default: true
values/linkerd/env.yaml.gotmpl
+39
View File
@@ -0,0 +1,39 @@
linkerd:
enabled: true
autosync: true
trustAnchorPEM: |
-----BEGIN CERTIFICATE-----
MIIBtDCCAVqgAwIBAgIQRlhbOLj9zw+QTGHqbOBaozAKBggqhkjOPQQDAjAlMSMw
IQYDVQQDExpyb290LmxpbmtlcmQuY2x1c3Rlci5sb2NhbDAeFw0yMTA0MDkxNDAy
NTFaFw0zMTA0MDcxNDAyNTFaMCUxIzAhBgNVBAMTGnJvb3QubGlua2VyZC5jbHVz
dGVyLmxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEljOLtSPSi6XIEdFP
VCGa4BKoQ0X5dBSZvHRLt/IzHRzAbIVIjgjvyRQc7EQlRKvZ8P9um/WG1ypyyA2l
C9MWz6NsMGowDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYD
VR0OBBYEFHz4UuVKCNX8/hsZCcdTlmWnSCGXMCUGA1UdEQQeMByCGnJvb3QubGlu
a2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0gAMEUCIGAiz3yNhboVdze1
sNFcFL2GF5WwW9z53u03UkPkiuBTAiEA4ZHWZJVGV5VAQArL5v32HeH/IjC1ssGl
7Y8D0rQqkis=
-----END CERTIFICATE-----
webhookPEM: |
-----BEGIN CERTIFICATE-----
MIIBlDCCATqgAwIBAgIRAP9aY0pRwkDnXqi3FwKmfZowCgYIKoZIzj0EAwIwKDEm
MCQGA1UEAxMdd2ViaG9vay5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjIxMDI3
MDUxNTE0WhcNMjQxMDI1MDkxNTE0WjAoMSYwJAYDVQQDEx13ZWJob29rLmxpbmtl
cmQuY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIGSt6Th
62wgjM5dRbZLa9YwPQAm/T2QnTzzrAUm+GeqvKfBhpPMGX6+91/x20X0uV26LvKz
YV1wVMs7tuPZioijRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/
AgEBMB0GA1UdDgQWBBQWV6+eqRWOPyLWz9s0HT96MOr01zAKBggqhkjOPQQDAgNI
ADBFAiBTBFuIJUBEI5T2unrnFhM+Bj0rZFfuxQqEwD6+z2YRzwIhAOINkH5u7Z8M
zIVl06Biq2N+MO4TJ+CSS1C1w/22CDru
-----END CERTIFICATE-----
identityIssuerPEM: ""
secretScheme: kubernetes.io/tls
crds:
version: 1.4.0
multicluster:
version: 30.2.0
enabled: false
viz:
enabled: false
jaeger:
enabled: false
values/linkerd/manifests/linkerd.yaml
+85
View File
@@ -0,0 +1,85 @@
{{- if .Values.clusterConfig.argo.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: linkerd
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "5"
spec:
destination:
namespace: linkerd
server: 'https://kubernetes.default.svc'
sources:
- repoURL: {{ .Values.clusterConfig.manifests }}
targetRevision: HEAD
path: helmfile.d
plugin:
name: helmfile-cmp
env:
- name: CLUSTER_NAME
value: {{ .Values.clusterConfig.cluster }}
- name: HELMFILE_ENVIRONMENT
value: default
- name: HELMFILE_FILE_PATH
value: linkerd.yaml.gotmpl
project: sys
syncPolicy:
managedNamespaceMetadata:
labels:
component: sys
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
{{- if .Values.linkerd.autosync }}
automated:
prune: true
# selfHeal: false
{{- end }}
ignoreDifferences:
- group: batch
kind: CronJob
jsonPointers:
- /spec/schedule
- kind: Secret
name: linkerd-proxy-injector-k8s-tls
jsonPointers:
- /data/tls.crt
- /data/tls.key
- kind: Secret
name: linkerd-sp-validator-k8s-tls
jsonPointers:
- /data/tls.crt
- /data/tls.key
- kind: Secret
name: linkerd-tap-k8s-tls
jsonPointers:
- /data/tls.crt
- /data/tls.key
- kind: Secret
name: linkerd-policy-validator-k8s-tls
jsonPointers:
- /data/tls.crt
- /data/tls.key
- group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration
name: linkerd-proxy-injector-webhook-config
jqPathExpressions:
- '.webhooks[0].clientConfig.caBundle'
- group: admissionregistration.k8s.io
kind: ValidatingWebhookConfiguration
name: linkerd-sp-validator-webhook-config
jqPathExpressions:
- '.webhooks[0].clientConfig.caBundle'
- group: admissionregistration.k8s.io
kind: ValidatingWebhookConfiguration
name: linkerd-policy-validator-webhook-config
jqPathExpressions:
- '.webhooks[0].clientConfig.caBundle'
- group: apiregistration.k8s.io/v1
kind: APIService
name: v1alpha1.tap.linkerd.io
jsonPointers:
- /spec/caBundle
{{- end }}
values/linkerd/values/linkerd.yaml.gotmpl
+17
View File
@@ -0,0 +1,17 @@
identityTrustAnchorsPEM: {{- .Values.linkerd.trustAnchorPEM | toYaml | indent 7 }}
identity:
issuer:
scheme: {{ .Values.linkerd.secretScheme }}
{{- if .Values.linkerd.identityIssuerPEM }}
tls:
crtPEM: {{- .Values.linkerd.identityIssuerPEM | toYaml | indent 14 }}
{{- end }}
policyValidator:
externalSecret: true
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
proxyInjector:
externalSecret: true
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
profileValidator:
externalSecret: true
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}