diff --git a/charts/linkerd-smi/README.md b/charts/linkerd-smi/README.md index 6d599da..fa09cf2 100644 --- a/charts/linkerd-smi/README.md +++ b/charts/linkerd-smi/README.md @@ -69,8 +69,6 @@ Kubernetes: `>=1.16.0-0` | adaptor.image.registry | string | `"cr.l5d.io/linkerd"` | Docker registry for the adaptor instance | | adaptor.image.tag | string | `"linkerdSMIVersionValue"` | Docker image tag for the adaptor instance | | clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use | -| installNamespace | bool | `true` | Set to false when installing in a custom namespace | -| namespace | string | `"linkerd-smi"` | Namespace in which to install the SMI extension | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0) diff --git a/charts/linkerd-smi/templates/_metadata.tpl b/charts/linkerd-smi/templates/_metadata.tpl new file mode 100644 index 0000000..d8dc783 --- /dev/null +++ b/charts/linkerd-smi/templates/_metadata.tpl @@ -0,0 +1,3 @@ +{{- define "partials.namespace" -}} +{{ if eq .Release.Service "CLI" }}namespace: {{.Release.Namespace}}{{ end }} +{{- end -}} diff --git a/charts/linkerd-smi/templates/adaptor.yaml b/charts/linkerd-smi/templates/adaptor.yaml index 0512ffa..53ed63a 100644 --- a/charts/linkerd-smi/templates/adaptor.yaml +++ b/charts/linkerd-smi/templates/adaptor.yaml @@ -6,7 +6,7 @@ metadata: linkerd.io/extension: smi component: smi-adaptor name: smi-adaptor - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} spec: replicas: 1 selector: diff --git a/charts/linkerd-smi/templates/namespace-metadata-rbac.yaml b/charts/linkerd-smi/templates/namespace-metadata-rbac.yaml new file mode 100644 index 0000000..dd0a153 --- /dev/null +++ b/charts/linkerd-smi/templates/namespace-metadata-rbac.yaml @@ -0,0 +1,40 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: namespace-metadata +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: namespace-metadata +rules: +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "patch"] + resourceNames: ["{{.Release.Namespace}}"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: namespace-metadata +roleRef: + kind: Role + name: namespace-metadata + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: namespace-metadata + namespace: {{.Release.Namespace}} + \ No newline at end of file diff --git a/charts/linkerd-smi/templates/namespace-metadata.yaml b/charts/linkerd-smi/templates/namespace-metadata.yaml new file mode 100644 index 0000000..268020e --- /dev/null +++ b/charts/linkerd-smi/templates/namespace-metadata.yaml @@ -0,0 +1,40 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: namespace-metadata + app.kubernetes.io/part-of: linkerd-smi + app.kubernetes.io/version: {{.Values.adaptor.image.tag}} + name: namespace-metadata +spec: + template: + metadata: + labels: + app.kubernetes.io/name: namespace-metadata + app.kubernetes.io/part-of: linkerd-smi + app.kubernetes.io/version: {{.Values.adaptor.image.tag}} + spec: + restartPolicy: Never + serviceAccountName: namespace-metadata + containers: + - name: namespace-metadata + image: curlimages/curl:7.78.0 + command: ["/bin/sh"] + args: + - -c + - | + ops='' + token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) + ns=$(curl -kfv -H "Authorization: Bearer $token" \ + "https://kubernetes.default.svc/api/v1/namespaces/{{.Release.Namespace}}") + if echo "$ns" | grep -vq 'labels'; then + ops="$ops{\"op\": \"add\",\"path\": \"/metadata/labels\",\"value\": {}}," + fi + ops="$ops{\"op\": \"add\", \"path\": \"/metadata/labels/linkerd.io~1extension\", \"value\": \"smi\"}" + curl -kfv -XPATCH -H "Content-Type: application/json-patch+json" -H "Authorization: Bearer $token" \ + -d "[$ops]" \ + "https://kubernetes.default.svc/api/v1/namespaces/{{.Release.Namespace}}?fieldManager=kubectl-label" diff --git a/charts/linkerd-smi/templates/namespace.yaml b/charts/linkerd-smi/templates/namespace.yaml index 6ab67c4..55cedb2 100644 --- a/charts/linkerd-smi/templates/namespace.yaml +++ b/charts/linkerd-smi/templates/namespace.yaml @@ -1,11 +1,9 @@ -{{- if (.Values.installNamespace) -}} +{{- if eq .Release.Service "CLI" -}} --- kind: Namespace apiVersion: v1 metadata: - name: {{.Values.namespace}} + name: {{.Release.Namespace}} labels: linkerd.io/extension: smi - annotations: - linkerd.io/inject: enabled {{ end -}} diff --git a/charts/linkerd-smi/templates/rbac.yaml b/charts/linkerd-smi/templates/rbac.yaml index cdf799d..b440b9a 100644 --- a/charts/linkerd-smi/templates/rbac.yaml +++ b/charts/linkerd-smi/templates/rbac.yaml @@ -34,13 +34,13 @@ roleRef: subjects: - kind: ServiceAccount name: smi-adaptor - namespace: {{.Values.namespace}} + namespace: {{.Release.Namespace}} --- kind: ServiceAccount apiVersion: v1 metadata: name: smi-adaptor - namespace: {{.Values.namespace}} + {{ include "partials.namespace" . }} labels: linkerd.io/extension: smi component: smi-adaptor diff --git a/charts/linkerd-smi/values.yaml b/charts/linkerd-smi/values.yaml index 21d35b4..19f3760 100644 --- a/charts/linkerd-smi/values.yaml +++ b/charts/linkerd-smi/values.yaml @@ -1,9 +1,3 @@ -# -- Set to false when installing in a custom namespace -installNamespace: true - -# -- Namespace in which to install the SMI extension -namespace: linkerd-smi - # -- Kubernetes DNS Domain name to use clusterDomain: cluster.local diff --git a/cli/cmd/install.go b/cli/cmd/install.go index 7a29304..15cefb8 100644 --- a/cli/cmd/install.go +++ b/cli/cmd/install.go @@ -26,6 +26,7 @@ var ( "templates/namespace.yaml", "templates/adaptor.yaml", "templates/rbac.yaml", + "templates/_metadata.tpl", "templates/trafficsplit-crd.yaml", } ) @@ -121,8 +122,16 @@ func render(w io.Writer, valuesOverrides map[string]interface{}) error { return err } + fullValues := map[string]interface{}{ + "Values": vals, + "Release": map[string]interface{}{ + "Namespace": defaultSMINamespace, + "Service": "CLI", + }, + } + // Attach the final values into the `Values` field for rendering to work - renderedTemplates, err := engine.Render(chart, map[string]interface{}{"Values": vals}) + renderedTemplates, err := engine.Render(chart, fullValues) if err != nil { return err } diff --git a/cli/cmd/install_test.go b/cli/cmd/install_test.go index 4296983..ca3acc9 100644 --- a/cli/cmd/install_test.go +++ b/cli/cmd/install_test.go @@ -16,12 +16,6 @@ func TestRender(t *testing.T) { nil, "install_default.golden", }, - { - map[string]interface{}{ - "namespace": "linkerd-smi-2", - }, - "install_override_namespace.golden", - }, } for i, tc := range testCases { diff --git a/cli/cmd/root.go b/cli/cmd/root.go index 82a88f1..de4cab6 100644 --- a/cli/cmd/root.go +++ b/cli/cmd/root.go @@ -12,6 +12,7 @@ import ( const ( defaultLinkerdNamespace = "linkerd" + defaultSMINamespace = "linkerd-smi" smiExtensionName = "smi" ) diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index 173178f..567712d 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -5,8 +5,6 @@ metadata: name: linkerd-smi labels: linkerd.io/extension: smi - annotations: - linkerd.io/inject: enabled --- apiVersion: apps/v1 kind: Deployment diff --git a/test/install_test.go b/test/install_test.go index 04a9fea..2a7f769 100644 --- a/test/install_test.go +++ b/test/install_test.go @@ -135,9 +135,17 @@ func TestSMIAdaptorWithHelm(t *testing.T) { // Use the version if it is passed var smiArgs []string if TestHelper.GetSMIHelmVersion() != "" { - smiArgs = append(smiArgs, []string{"--set", "adaptor.image.tag=" + TestHelper.GetSMIHelmVersion()}...) + smiArgs = append(smiArgs, []string{ + "--set", "adaptor.image.tag=" + TestHelper.GetSMIHelmVersion(), + }...) } + // Set namespace creation flags + smiArgs = append(smiArgs, []string{ + "--namespace", TestHelper.GetSMINamespace(), + "--create-namespace", + }...) + if stdout, stderr, err := TestHelper.HelmInstall(TestHelper.GetSMIHelmChart(), "linkerd-smi", smiArgs...); err != nil { linkerdtestutil.AnnotatedFatalf(t, "'helm install' command failed\n%s\n%s\n%v", stdout, stderr, err) } diff --git a/testutil/test_helper.go b/testutil/test_helper.go index 8f3f8bd..7ad2e03 100644 --- a/testutil/test_helper.go +++ b/testutil/test_helper.go @@ -122,6 +122,11 @@ func (h *TestHelper) GetSMIHelmVersion() string { return h.helm.smiVersion } +// GetSMINamespace returns the namespace in which linkerd-smi is installed +func (h *TestHelper) GetSMINamespace() string { + return "linkerd-smi" +} + // IsHelm returns true if Helm path is passed func (h *TestHelper) IsHelm() bool { return h.helm.path != ""