forked from joeholley/supergloo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
helm_values.go
347 lines (314 loc) · 13 KB
/
helm_values.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
package linkerd
import (
"fmt"
"regexp"
"strings"
"github.com/ghodss/yaml"
"github.com/linkerd/linkerd2/pkg/k8s"
uuid "github.com/satori/go.uuid"
log "github.com/sirupsen/logrus"
"github.com/solo-io/go-utils/errors"
k8sResource "k8s.io/apimachinery/pkg/api/resource"
)
const chartPath_stable221 = "https://storage.googleapis.com/supergloo-charts/linkerd-stable-2.2.1.tgz"
func (o *installOpts) chartURI() (string, error) {
switch o.installVersion {
case Version_stable221:
return chartPath_stable221, nil
}
return "", errors.Errorf("version %v is not a supported linkerd version. supported: %v", o.installVersion, supportedVersions)
}
func (o *installOpts) values() (string, error) {
opts := newCliInstallOptions()
opts.proxyAutoInject = o.enableAutoInject
if o.enableMtls {
opts.tls = optionalTLS
}
valuesCfg, err := validateAndBuildConfig(opts, o.installNamespace)
if err != nil {
return "", err
}
rawYaml, err := yaml.Marshal(valuesCfg)
if err != nil {
return "", err
}
return string(rawYaml), nil
}
// the code below mostly based on https://github.com/linkerd/linkerd2/blob/release/stable-2.2/cli/cmd/install.go#L24
// with some modifications
// defaults are fine for most of this,
// we can open this up to more configuration in the future
// currently only autoinjection and mtls support are
// exposed
type helmValues struct {
Namespace string
ControllerImage string
WebImage string
PrometheusImage string
PrometheusVolumeName string
GrafanaImage string
GrafanaVolumeName string
ControllerReplicas uint
ImagePullPolicy string
UUID string
CliVersion string
ControllerLogLevel string
ControllerComponentLabel string
CreatedByAnnotation string
ProxyAPIPort uint
EnableTLS bool
TLSTrustAnchorVolumeName string
TLSSecretsVolumeName string
TLSTrustAnchorConfigMapName string
ProxyContainerName string
TLSTrustAnchorFileName string
TLSCertFileName string
TLSPrivateKeyFileName string
TLSTrustAnchorVolumeSpecFileName string
TLSIdentityVolumeSpecFileName string
InboundPort uint
OutboundPort uint
IgnoreInboundPorts string
IgnoreOutboundPorts string
InboundAcceptKeepaliveMs uint
OutboundConnectKeepaliveMs uint
ProxyAutoInjectEnabled bool
ProxyInjectAnnotation string
ProxyInjectDisabled string
ProxyLogLevel string
ProxyUID int64
ProxyMetricsPort uint
ProxyControlPort uint
ProxySpecFileName string
ProxyInitSpecFileName string
ProxyInitImage string
ProxyImage string
ProxyResourceRequestCPU string
ProxyResourceRequestMemory string
SingleNamespace bool
EnableHA bool
ControllerUID int64
ProfileSuffixes string
EnableH2Upgrade bool
NoInitContainer bool
}
const (
defaultControllerReplicas = 1
defaultHAControllerReplicas = 3
)
func newCliInstallOptions() *cliInstallOptions {
return &cliInstallOptions{
controllerReplicas: defaultControllerReplicas,
controllerLogLevel: "info",
proxyAutoInject: false,
singleNamespace: false,
highAvailability: false,
controllerUID: 2103,
disableH2Upgrade: false,
proxyConfigOptions: newProxyConfigOptions(),
}
}
func validateAndBuildConfig(options *cliInstallOptions, installNamespace string) (*helmValues, error) {
if err := options.validate(); err != nil {
return nil, err
}
ignoreInboundPorts := []string{
fmt.Sprintf("%d", options.proxyControlPort),
fmt.Sprintf("%d", options.proxyMetricsPort),
}
for _, p := range options.ignoreInboundPorts {
ignoreInboundPorts = append(ignoreInboundPorts, fmt.Sprintf("%d", p))
}
ignoreOutboundPorts := []string{}
for _, p := range options.ignoreOutboundPorts {
ignoreOutboundPorts = append(ignoreOutboundPorts, fmt.Sprintf("%d", p))
}
if options.highAvailability && options.controllerReplicas == defaultControllerReplicas {
options.controllerReplicas = defaultHAControllerReplicas
}
if options.highAvailability && options.proxyCPURequest == "" {
options.proxyCPURequest = "10m"
}
if options.highAvailability && options.proxyMemoryRequest == "" {
options.proxyMemoryRequest = "20Mi"
}
profileSuffixes := "."
if options.proxyConfigOptions.disableExternalProfiles {
profileSuffixes = "svc.cluster.local."
}
return &helmValues{
Namespace: installNamespace,
ControllerImage: fmt.Sprintf("%s/controller:%s", options.dockerRegistry, options.linkerdVersion),
WebImage: fmt.Sprintf("%s/web:%s", options.dockerRegistry, options.linkerdVersion),
PrometheusImage: "prom/prometheus:v2.4.0",
PrometheusVolumeName: "data",
GrafanaImage: fmt.Sprintf("%s/grafana:%s", options.dockerRegistry, options.linkerdVersion),
GrafanaVolumeName: "data",
ControllerReplicas: options.controllerReplicas,
ImagePullPolicy: options.imagePullPolicy,
UUID: uuid.NewV4().String(),
CliVersion: k8s.CreatedByAnnotationValue(),
ControllerLogLevel: options.controllerLogLevel,
ControllerComponentLabel: k8s.ControllerComponentLabel,
ControllerUID: options.controllerUID,
CreatedByAnnotation: k8s.CreatedByAnnotation,
ProxyAPIPort: options.proxyAPIPort,
EnableTLS: options.enableTLS(),
TLSTrustAnchorVolumeName: k8s.TLSTrustAnchorVolumeName,
TLSSecretsVolumeName: k8s.TLSSecretsVolumeName,
TLSTrustAnchorConfigMapName: k8s.TLSTrustAnchorConfigMapName,
ProxyContainerName: k8s.ProxyContainerName,
TLSTrustAnchorFileName: k8s.TLSTrustAnchorFileName,
TLSCertFileName: k8s.TLSCertFileName,
TLSPrivateKeyFileName: k8s.TLSPrivateKeyFileName,
TLSTrustAnchorVolumeSpecFileName: k8s.TLSTrustAnchorVolumeSpecFileName,
TLSIdentityVolumeSpecFileName: k8s.TLSIdentityVolumeSpecFileName,
InboundPort: options.inboundPort,
OutboundPort: options.outboundPort,
IgnoreInboundPorts: strings.Join(ignoreInboundPorts, ","),
IgnoreOutboundPorts: strings.Join(ignoreOutboundPorts, ","),
InboundAcceptKeepaliveMs: defaultKeepaliveMs,
OutboundConnectKeepaliveMs: defaultKeepaliveMs,
ProxyAutoInjectEnabled: options.proxyAutoInject,
ProxyInjectAnnotation: k8s.ProxyInjectAnnotation,
ProxyInjectDisabled: k8s.ProxyInjectDisabled,
ProxyLogLevel: options.proxyLogLevel,
ProxyUID: options.proxyUID,
ProxyMetricsPort: options.proxyMetricsPort,
ProxyControlPort: options.proxyControlPort,
ProxySpecFileName: k8s.ProxySpecFileName,
ProxyInitSpecFileName: k8s.ProxyInitSpecFileName,
ProxyInitImage: options.taggedProxyInitImage(),
ProxyImage: options.taggedProxyImage(),
ProxyResourceRequestCPU: options.proxyCPURequest,
ProxyResourceRequestMemory: options.proxyMemoryRequest,
SingleNamespace: options.singleNamespace,
EnableHA: options.highAvailability,
ProfileSuffixes: profileSuffixes,
EnableH2Upgrade: !options.disableH2Upgrade,
NoInitContainer: options.noInitContainer,
}, nil
}
// cliInstallOptions holds values for command line flags that apply to the install
// command. All fields in this struct should have corresponding flags added in
// the newCmdInstall func later in this file. It also embeds proxyConfigOptions
// in order to hold values for command line flags that apply to both inject and
// install.
type cliInstallOptions struct {
controllerReplicas uint
controllerLogLevel string
proxyAutoInject bool
singleNamespace bool
highAvailability bool
controllerUID int64
disableH2Upgrade bool
*proxyConfigOptions
}
func (options *cliInstallOptions) validate() error {
if _, err := log.ParseLevel(options.controllerLogLevel); err != nil {
return fmt.Errorf("--controller-log-level must be one of: panic, fatal, error, warn, info, debug")
}
if options.proxyAutoInject && options.singleNamespace {
return fmt.Errorf("The --proxy-auto-inject and --single-namespace flags cannot both be specified together")
}
return options.proxyConfigOptions.validate()
}
// proxyConfigOptions holds values for command line flags that apply to both the
// install and inject commands. All fields in this struct should have
// corresponding flags added in the addProxyConfigFlags func later in this file.
type proxyConfigOptions struct {
linkerdVersion string
proxyImage string
initImage string
dockerRegistry string
imagePullPolicy string
inboundPort uint
outboundPort uint
ignoreInboundPorts []uint
ignoreOutboundPorts []uint
proxyUID int64
proxyLogLevel string
proxyAPIPort uint
proxyControlPort uint
proxyMetricsPort uint
proxyCPURequest string
proxyMemoryRequest string
tls string
disableExternalProfiles bool
noInitContainer bool
// proxyOutboundCapacity is a special case that's only used for injecting the
// proxy into the control plane install, and as such it does not have a
// corresponding command line flag.
proxyOutboundCapacity map[string]uint
}
func (options *proxyConfigOptions) enableTLS() bool {
return options.tls == optionalTLS
}
func (options *proxyConfigOptions) taggedProxyImage() string {
image := strings.Replace(options.proxyImage, defaultDockerRegistry, options.dockerRegistry, 1)
return fmt.Sprintf("%s:%s", image, options.linkerdVersion)
}
func (options *proxyConfigOptions) taggedProxyInitImage() string {
image := strings.Replace(options.initImage, defaultDockerRegistry, options.dockerRegistry, 1)
return fmt.Sprintf("%s:%s", image, options.linkerdVersion)
}
var (
// These regexs are not as strict as they could be, but are a quick and dirty
// sanity check against illegal characters.
alphaNumDashDot = regexp.MustCompile("^[\\.a-zA-Z0-9-]+$")
alphaNumDashDotSlashColon = regexp.MustCompile("^[\\./a-zA-Z0-9-:]+$")
)
func (options *proxyConfigOptions) validate() error {
if !alphaNumDashDot.MatchString(options.linkerdVersion) {
return fmt.Errorf("%s is not a valid version", options.linkerdVersion)
}
if !alphaNumDashDotSlashColon.MatchString(options.dockerRegistry) {
return fmt.Errorf("%s is not a valid Docker registry. The url can contain only letters, numbers, dash, dot, slash and colon", options.dockerRegistry)
}
if options.imagePullPolicy != "Always" && options.imagePullPolicy != "IfNotPresent" && options.imagePullPolicy != "Never" {
return fmt.Errorf("--image-pull-policy must be one of: Always, IfNotPresent, Never")
}
if options.proxyCPURequest != "" {
if _, err := k8sResource.ParseQuantity(options.proxyCPURequest); err != nil {
return fmt.Errorf("Invalid cpu request '%s' for --proxy-cpu flag", options.proxyCPURequest)
}
}
if options.proxyMemoryRequest != "" {
if _, err := k8sResource.ParseQuantity(options.proxyMemoryRequest); err != nil {
return fmt.Errorf("Invalid memory request '%s' for --proxy-memory flag", options.proxyMemoryRequest)
}
}
if options.tls != "" && options.tls != optionalTLS {
return fmt.Errorf("--tls must be blank or set to \"%s\"", optionalTLS)
}
return nil
}
const (
optionalTLS = "optional"
defaultDockerRegistry = "gcr.io/linkerd-io"
defaultKeepaliveMs = 10000
)
func newProxyConfigOptions() *proxyConfigOptions {
return &proxyConfigOptions{
linkerdVersion: "stable-2.2.1",
proxyImage: defaultDockerRegistry + "/proxy",
initImage: defaultDockerRegistry + "/proxy-init",
dockerRegistry: defaultDockerRegistry,
imagePullPolicy: "IfNotPresent",
inboundPort: 4143,
outboundPort: 4140,
ignoreInboundPorts: nil,
ignoreOutboundPorts: nil,
proxyUID: 2102,
proxyLogLevel: "warn,linkerd2_proxy=info",
proxyAPIPort: 8086,
proxyControlPort: 4190,
proxyMetricsPort: 4191,
proxyCPURequest: "",
proxyMemoryRequest: "",
tls: "",
disableExternalProfiles: false,
noInitContainer: false,
proxyOutboundCapacity: map[string]uint{},
}
}