forked from linkerd/linkerd2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
323 lines (286 loc) · 11 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
# -- Namespace of the Linkerd core control-plane install
linkerdNamespace: linkerd
# -- Additional labels to add to all pods
podLabels: {}
# -- Labels to apply to all resources
commonLabels: {}
# -- Default nodeSelector section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
nodeSelector: &default_node_selector
kubernetes.io/os: linux
# -- For Private docker registries, authentication is needed.
# Registry secrets are applied to the respective service accounts
imagePullSecrets: []
# - name: my-private-docker-registry-login-secret
# -- Default tolerations section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
# for more information
tolerations: &default_tolerations
# -- Enables Pod Anti Affinity logic to balance the placement of replicas
# across hosts and zones for High Availability.
# Enable this only when you have multiple replicas of components.
enablePodAntiAffinity: false
# -- NodeAffinity section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)
# for more information
#nodeAffinity:
# -- Creates a Job that adds necessary metadata to the extension's namespace
# during install; disable if lack of privileges require doing this manually
createNamespaceMetadataJob: true
# -- Create Roles and RoleBindings to associate this extension's
# ServiceAccounts to the control plane PSP resource. This requires that
# `enabledPSP` is set to true on the control plane install. Note PSP has been
# deprecated since k8s v1.21
enablePSP: false
# -- Default UID for all the jaeger components
defaultUID: 2103
# -- Kubernetes DNS Domain name to use
clusterDomain: cluster.local
collector:
# -- Set to false to exclude collector installation
enabled: true
# -- Number of replicas of the collector component
replicas: 1
image:
name: otel/opentelemetry-collector-contrib
version: 0.83.0
pullPolicy: ""
command: /otelcol-contrib
resources:
cpu:
# -- Maximum amount of CPU units that the collector container can use
limit:
# -- Amount of CPU units that the collector container requests
request:
memory:
# -- Maximum amount of memory that collector container can use
limit:
# -- Amount of memory that the collector container requests
request:
ephemeral-storage:
# -- Maximum amount of ephemeral storage that the collector container can use
limit: ""
# -- Amount of ephemeral storage that the collector container requests
request: ""
# -- NodeSelector section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
nodeSelector: *default_node_selector
# -- Tolerations section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
# for more information
tolerations: *default_tolerations
# -- UID for the collector resource
UID:
# -- OpenTelemetry Collector config, See the
# [Configuration docs](https://opentelemetry.io/docs/collector/configuration/)
# for more information
# @default -- see `value.yaml` for actual configuration
config:
receivers:
opencensus:
processors:
batch:
resource:
attributes:
- key: k8s.pod.name
from_attribute: host.name
action: insert
- key: k8s.namespace.name
from_attribute: linkerd.io/workload-ns
action: insert
k8sattributes:
auth_type: serviceAccount
pod_association:
- sources:
# - from: resource_attribute
# name: k8s.pod.ip
- from: resource_attribute
name: k8s.pod.name
- from: resource_attribute
name: k8s.namespace.name
extract:
metadata:
- k8s.pod.name
- k8s.pod.uid
- k8s.deployment.name
- k8s.node.name
- k8s.namespace.name
- k8s.pod.start_time
- k8s.replicaset.name
- k8s.replicaset.uid
- k8s.daemonset.name
- k8s.daemonset.uid
- k8s.job.name
- k8s.job.uid
- k8s.cronjob.name
- k8s.statefulset.name
- k8s.statefulset.uid
- container.image.name
- container.image.tag
- container.id
- k8s.container.name
- container.image.name
- container.image.tag
- container.id
labels:
- tag_name: kube_app_name
key: app.kubernetes.io/name
from: pod
- tag_name: kube_app_instance
key: app.kubernetes.io/instance
from: pod
- tag_name: kube_app_version
key: app.kubernetes.io/version
from: pod
- tag_name: kube_app_component
key: app.kubernetes.io/component
from: pod
- tag_name: kube_app_part_of
key: app.kubernetes.io/part-of
from: pod
- tag_name: kube_app_managed_by
key: app.kubernetes.io/managed-by
from: pod
extensions:
health_check:
exporters:
jaeger:
endpoint: jaeger.${POD_NAMESPACE}:14250
tls:
insecure: true
service:
extensions: [health_check]
pipelines:
traces:
receivers: [opencensus]
processors: [resource, k8sattributes, batch]
exporters: [jaeger]
# -- Collector Deployment env
env: []
jaeger:
# -- Set to false to exclude all-in-one Jaeger installation
enabled: true
image:
name: jaegertracing/all-in-one
version: 1.31
pullPolicy: ""
# -- CLI arguments for Jaeger, See [Jaeger AIO Memory CLI reference](https://www.jaegertracing.io/docs/1.24/cli/#jaeger-all-in-one-memory)
args:
- --query.base-path=/jaeger
resources:
cpu:
# -- Maximum amount of CPU units that the jaeger container can use
limit:
# -- Amount of CPU units that the jaeger container requests
request:
memory:
# -- Maximum amount of memory that jaeger container can use
limit:
# -- Amount of memory that the jaeger container requests
request:
ephemeral-storage:
# -- Maximum amount of ephemeral storage that the jaeger container can use
limit: ""
# -- Amount of ephemeral storage that the jaeger container requests
request: ""
# -- NodeSelector section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
nodeSelector: *default_node_selector
# -- Tolerations section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
# for more information
tolerations: *default_tolerations
# -- UID for the jaeger resource
UID:
linkerdVersion: &linkerd_version linkerdVersionValue
namespaceMetadata:
image:
# -- Docker registry for the namespace-metadata instance
registry: cr.l5d.io/linkerd
# -- Docker image name for the namespace-metadata instance
name: extension-init
# -- Docker image tag for the namespace-metadata instance
tag: v0.1.0
# -- Pull policy for the namespace-metadata instance
# @default -- imagePullPolicy
pullPolicy: ""
# -- NodeSelector section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
nodeSelector: *default_node_selector
# -- Tolerations section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
# for more information
tolerations: *default_tolerations
webhook:
# -- Number of replicas of the jaeger-injector component
replicas: 1
# -- Do not create a secret resource for the webhook.
# If this is set to `true`, the value `webhook.caBundle` must be set
# or the ca bundle must injected with cert-manager ca injector using
# `webhook.injectCaFrom` or `webhook.injectCaFromSecret` (see below).
externalSecret: false
# -- Certificate for the webhook. If not provided and not using an external secret
# then Helm will generate one.
crtPEM: |
# -- Certificate key for the webhook. If not provided and not using an external secret
# then Helm will generate one.
keyPEM: |
# -- Bundle of CA certificates for webhook.
# If not provided nor injected with cert-manager,
# then Helm will use the certificate generated for `webhook.crtPEM`.
# If `webhook.externalSecret` is set to true, this value, injectCaFrom, or
# injectCaFromSecret must be set, as no certificate will be generated.
# See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector) for more information.
caBundle: |
# -- Inject the CA bundle from a cert-manager Certificate.
# See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-certificate-resource)
# for more information.
injectCaFrom: ""
# -- Inject the CA bundle from a Secret.
# If set, the `cert-manager.io/inject-ca-from-secret` annotation will be added to the webhook.
# The Secret must have the CA Bundle stored in the `ca.crt` key and have
# the `cert-manager.io/allow-direct-injection` annotation set to `true`.
# See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-secret-resource)
# for more information.
injectCaFromSecret: ""
# -- collector service address for the proxies to send trace data.
# Points by default to the the linkerd-jaeger collector
collectorSvcAddr: collector.linkerd-jaeger:55678
# -- service account associated with the collector instance
collectorSvcAccount: collector
failurePolicy: Ignore
image:
name: cr.l5d.io/linkerd/jaeger-webhook
version: *linkerd_version
pullPolicy: ""
logLevel: info
# -- Namespace selector used by admission webhook.
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
objectSelector:
#matchLabels:
# foo: bar
resources:
cpu:
# -- Maximum amount of CPU units that the jaeger-injector container can use
limit:
# -- Amount of CPU units that the jaeger-injector container requests
request:
memory:
# -- Maximum amount of memory that jaeger-injector container can use
limit:
# -- Amount of memory that the jaeger-injector container requests
request:
# -- NodeSelector section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
nodeSelector: *default_node_selector
# -- Tolerations section, See the
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
# for more information
tolerations: *default_tolerations
# -- UID for the webhook resource
UID: