New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix auto-inject config when TLS is disabled #2246
Conversation
Signed-off-by: Kevin Lingerfelt <kl@buoyant.io>
@@ -1,94 +0,0 @@ | |||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This text fixture file was not being used anywhere, so I'm removing it.
} | ||
|
||
// NewWebhookConfig returns a new instance of initiator. | ||
func NewWebhookConfig(client kubernetes.Interface, controllerNamespace, webhookServiceName string, noInitContainer bool, rootCA *tls.CA) (*WebhookConfig, error) { | ||
func NewWebhookConfig(client kubernetes.Interface, controllerNamespace, webhookServiceName string, rootCA *tls.CA) (*WebhookConfig, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The webhook config template does not use the value of noInitContainer
when rendering the template, so it doesn't need to be passed into this func or set on the WebhookConfig
struct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. Good catch on no-init-container
non-usage 👍
FYI, I tried reproducing the failed healthcheck, but couldn't. I first thought the recently introduced change in the proxy for disabling TLS-to-plaintext fallback would make this fail, but it doesn't:
linkerd/linkerd2-proxy@3336918
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
As of #2163, TLS is no longer required when installing linkerd with automatic proxy injection, but the injected linkerd configs were still referencing TLS volumes. This change updates the proxy-injector to only include those volumes when the control plane is installed with auto-inject and TLS enabled.
Fixes #2236.