From 8838a7cb2f2e43ac35754bf107caf2ee9ba9623b Mon Sep 17 00:00:00 2001 From: Luther Monson Date: Thu, 23 Jun 2022 12:46:08 -0700 Subject: [PATCH] adding *.yaml and *.sh with eol=lf to .gitattributes for easier WSL development with autocrlf --- .gitattributes | 3 + .../jaeger/chart/templates/ingress.yaml | 84 +++---- .../jaeger/chart/templates/jaeger-volume.yaml | 32 +-- .../chart/templates/service-headless.yaml | 108 ++++----- .../jaeger/chart/templates/service.yaml | 108 ++++----- .../chart/templates/serviceaccount.yaml | 18 +- .../jaeger/chart/templates/statefulset.yaml | 218 +++++++++--------- .../templates/tests/test-connection.yaml | 30 +-- hack/observability/jaeger/chart/values.yaml | 188 +++++++-------- ...ackend-policy-allow-ingress-pod-label.yaml | 34 +-- ...icy-allow-ingress-pod-namespace-label.yaml | 38 +-- .../policies/backend-policy-deny-ingress.yaml | 22 +- 12 files changed, 443 insertions(+), 440 deletions(-) diff --git a/.gitattributes b/.gitattributes index 980d8c0774d..f8edb51ef45 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,5 @@ # Specify generated cluster templates as generated files **/cluster-template-*.yaml linguist-generated + +*.sh text eol=lf +*.yaml text eol=lf \ No newline at end of file diff --git a/hack/observability/jaeger/chart/templates/ingress.yaml b/hack/observability/jaeger/chart/templates/ingress.yaml index 04fbb9f407d..6a0781204e2 100644 --- a/hack/observability/jaeger/chart/templates/ingress.yaml +++ b/hack/observability/jaeger/chart/templates/ingress.yaml @@ -1,43 +1,43 @@ -{{- if .Values.enabled }} -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "jaeger-all-in-one.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "jaeger-all-in-one.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} -{{- end }} +{{- if .Values.enabled }} +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "jaeger-all-in-one.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "jaeger-all-in-one.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/hack/observability/jaeger/chart/templates/jaeger-volume.yaml b/hack/observability/jaeger/chart/templates/jaeger-volume.yaml index 2c06c6d0dc3..b9e93b3dc8b 100644 --- a/hack/observability/jaeger/chart/templates/jaeger-volume.yaml +++ b/hack/observability/jaeger/chart/templates/jaeger-volume.yaml @@ -1,17 +1,17 @@ -{{- if .Values.enabled }} -{{- if .Values.volume.enabled -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "jaeger-all-in-one.fullname" . }} -spec: - {{- if .Values.volume.className }} - storageClassName: {{ .Values.volume.className }} - {{- end }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.volume.size }} -{{- end }} +{{- if .Values.enabled }} +{{- if .Values.volume.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "jaeger-all-in-one.fullname" . }} +spec: + {{- if .Values.volume.className }} + storageClassName: {{ .Values.volume.className }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.volume.size }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/hack/observability/jaeger/chart/templates/service-headless.yaml b/hack/observability/jaeger/chart/templates/service-headless.yaml index 05d8f7b1366..f77017a50a8 100644 --- a/hack/observability/jaeger/chart/templates/service-headless.yaml +++ b/hack/observability/jaeger/chart/templates/service-headless.yaml @@ -1,55 +1,55 @@ -{{- if .Values.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "jaeger-all-in-one.fullname" . }}-headless - labels: - {{- include "jaeger-all-in-one.labels" . | nindent 4 }} - {{- with .Values.service.headless.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - clusterIP: None - ports: - - port: 6831 - targetPort: udp-com-thr - protocol: UDP - name: udp-com-thr - - port: 6832 - targetPort: udp-bin-thr - protocol: UDP - name: udp-bin-thr - - port: 5775 - targetPort: udp-bin-thr-o - protocol: UDP - name: udp-bin-thr-o - - port: 5778 - targetPort: http-configs - protocol: TCP - name: http-configs - - port: {{ .Values.service.port }} - targetPort: http-ui - protocol: TCP - name: http-ui - - port: 14250 - targetPort: grpc-proto - protocol: TCP - name: grpc-proto - - port: 14268 - targetPort: http-bin-thr - protocol: TCP - name: http-bin-thr - - port: 14269 - targetPort: http-admin - protocol: TCP - name: http-admin - {{- if .Values.enableHttpZipkinCollector }} - - port: 9411 - targetPort: http-zipkin - protocol: TCP - name: http-zipkin - {{- end }} - selector: - {{- include "jaeger-all-in-one.selectorLabels" . | nindent 4 }} +{{- if .Values.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jaeger-all-in-one.fullname" . }}-headless + labels: + {{- include "jaeger-all-in-one.labels" . | nindent 4 }} + {{- with .Values.service.headless.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + clusterIP: None + ports: + - port: 6831 + targetPort: udp-com-thr + protocol: UDP + name: udp-com-thr + - port: 6832 + targetPort: udp-bin-thr + protocol: UDP + name: udp-bin-thr + - port: 5775 + targetPort: udp-bin-thr-o + protocol: UDP + name: udp-bin-thr-o + - port: 5778 + targetPort: http-configs + protocol: TCP + name: http-configs + - port: {{ .Values.service.port }} + targetPort: http-ui + protocol: TCP + name: http-ui + - port: 14250 + targetPort: grpc-proto + protocol: TCP + name: grpc-proto + - port: 14268 + targetPort: http-bin-thr + protocol: TCP + name: http-bin-thr + - port: 14269 + targetPort: http-admin + protocol: TCP + name: http-admin + {{- if .Values.enableHttpZipkinCollector }} + - port: 9411 + targetPort: http-zipkin + protocol: TCP + name: http-zipkin + {{- end }} + selector: + {{- include "jaeger-all-in-one.selectorLabels" . | nindent 4 }} {{- end }} \ No newline at end of file diff --git a/hack/observability/jaeger/chart/templates/service.yaml b/hack/observability/jaeger/chart/templates/service.yaml index b0fd23daca6..df7a7903222 100644 --- a/hack/observability/jaeger/chart/templates/service.yaml +++ b/hack/observability/jaeger/chart/templates/service.yaml @@ -1,55 +1,55 @@ -{{- if .Values.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "jaeger-all-in-one.fullname" . }} - labels: - {{- include "jaeger-all-in-one.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - port: 6831 - targetPort: udp-com-thr - protocol: UDP - name: udp-com-thr - - port: 6832 - targetPort: udp-bin-thr - protocol: UDP - name: udp-bin-thr - - port: 5775 - targetPort: udp-bin-thr-o - protocol: UDP - name: udp-bin-thr-o - - port: 5778 - targetPort: http-configs - protocol: TCP - name: http-configs - - port: {{ .Values.service.port }} - targetPort: http-ui - protocol: TCP - name: http-ui - - port: 14250 - targetPort: grpc-proto - protocol: TCP - name: grpc-proto - - port: 14268 - targetPort: http-bin-thr - protocol: TCP - name: http-bin-thr - - port: 14269 - targetPort: http-admin - protocol: TCP - name: http-admin - {{- if .Values.enableHttpZipkinCollector }} - - port: 9411 - targetPort: http-zipkin - protocol: TCP - name: http-zipkin - {{- end }} - selector: - {{- include "jaeger-all-in-one.selectorLabels" . | nindent 4 }} +{{- if .Values.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jaeger-all-in-one.fullname" . }} + labels: + {{- include "jaeger-all-in-one.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: 6831 + targetPort: udp-com-thr + protocol: UDP + name: udp-com-thr + - port: 6832 + targetPort: udp-bin-thr + protocol: UDP + name: udp-bin-thr + - port: 5775 + targetPort: udp-bin-thr-o + protocol: UDP + name: udp-bin-thr-o + - port: 5778 + targetPort: http-configs + protocol: TCP + name: http-configs + - port: {{ .Values.service.port }} + targetPort: http-ui + protocol: TCP + name: http-ui + - port: 14250 + targetPort: grpc-proto + protocol: TCP + name: grpc-proto + - port: 14268 + targetPort: http-bin-thr + protocol: TCP + name: http-bin-thr + - port: 14269 + targetPort: http-admin + protocol: TCP + name: http-admin + {{- if .Values.enableHttpZipkinCollector }} + - port: 9411 + targetPort: http-zipkin + protocol: TCP + name: http-zipkin + {{- end }} + selector: + {{- include "jaeger-all-in-one.selectorLabels" . | nindent 4 }} {{- end }} \ No newline at end of file diff --git a/hack/observability/jaeger/chart/templates/serviceaccount.yaml b/hack/observability/jaeger/chart/templates/serviceaccount.yaml index 40e6566eda7..4d60e1566df 100644 --- a/hack/observability/jaeger/chart/templates/serviceaccount.yaml +++ b/hack/observability/jaeger/chart/templates/serviceaccount.yaml @@ -1,10 +1,10 @@ -{{- if .Values.enabled }} -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "jaeger-all-in-one.serviceAccountName" . }} - labels: -{{ include "jaeger-all-in-one.labels" . | nindent 4 }} -{{- end -}} +{{- if .Values.enabled }} +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jaeger-all-in-one.serviceAccountName" . }} + labels: +{{ include "jaeger-all-in-one.labels" . | nindent 4 }} +{{- end -}} {{- end }} \ No newline at end of file diff --git a/hack/observability/jaeger/chart/templates/statefulset.yaml b/hack/observability/jaeger/chart/templates/statefulset.yaml index 62cf8741357..c32881ed62c 100644 --- a/hack/observability/jaeger/chart/templates/statefulset.yaml +++ b/hack/observability/jaeger/chart/templates/statefulset.yaml @@ -1,109 +1,109 @@ -{{- if .Values.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "jaeger-all-in-one.fullname" . }} - labels: - {{- include "jaeger-all-in-one.labels" . | nindent 4 }} -spec: - serviceName: {{ include "jaeger-all-in-one.fullname" . }}-headless - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "jaeger-all-in-one.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "jaeger-all-in-one.selectorLabels" . | nindent 8 }} - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "jaeger-all-in-one.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- if .Values.volume.enabled }} - volumes: - - name: jaeger-volume - persistentVolumeClaim: - claimName: {{ include "jaeger-all-in-one.fullname" . }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: udp-com-thr - containerPort: 6831 - protocol: UDP - - name: udp-bin-thr - containerPort: 6832 - protocol: UDP - - name: udp-bin-thr-o - containerPort: 5775 - protocol: UDP - - name: http-configs - containerPort: 5778 - protocol: TCP - - name: http-ui - containerPort: 16686 - protocol: TCP - - name: grpc-proto - containerPort: 14250 - protocol: TCP - - name: http-bin-thr - containerPort: 14268 - protocol: TCP - - name: http-admin - containerPort: 14269 - protocol: TCP - {{- if .Values.enableHttpZipkinCollector }} - - name: http-zipkin - containerPort: 9411 - protocol: TCP - {{- end }} - {{- if .Values.volume.enabled }} - volumeMounts: - - mountPath: "/badger" - name: jaeger-volume - {{- end }} - livenessProbe: - httpGet: - path: {{ .Values.healthCheckUrl | quote }} - port: http-admin - readinessProbe: - httpGet: - path: {{ .Values.healthCheckUrl | quote }} - port: http-admin - resources: - {{- toYaml .Values.resources | nindent 12 }} - env: - {{- range $key, $value := .Values.environmentVariables }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.enableHttpZipkinCollector }} - - name: COLLECTOR_ZIPKIN_HOST_PORT - value: "9411" - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} +{{- if .Values.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "jaeger-all-in-one.fullname" . }} + labels: + {{- include "jaeger-all-in-one.labels" . | nindent 4 }} +spec: + serviceName: {{ include "jaeger-all-in-one.fullname" . }}-headless + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "jaeger-all-in-one.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "jaeger-all-in-one.selectorLabels" . | nindent 8 }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "jaeger-all-in-one.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.volume.enabled }} + volumes: + - name: jaeger-volume + persistentVolumeClaim: + claimName: {{ include "jaeger-all-in-one.fullname" . }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: udp-com-thr + containerPort: 6831 + protocol: UDP + - name: udp-bin-thr + containerPort: 6832 + protocol: UDP + - name: udp-bin-thr-o + containerPort: 5775 + protocol: UDP + - name: http-configs + containerPort: 5778 + protocol: TCP + - name: http-ui + containerPort: 16686 + protocol: TCP + - name: grpc-proto + containerPort: 14250 + protocol: TCP + - name: http-bin-thr + containerPort: 14268 + protocol: TCP + - name: http-admin + containerPort: 14269 + protocol: TCP + {{- if .Values.enableHttpZipkinCollector }} + - name: http-zipkin + containerPort: 9411 + protocol: TCP + {{- end }} + {{- if .Values.volume.enabled }} + volumeMounts: + - mountPath: "/badger" + name: jaeger-volume + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.healthCheckUrl | quote }} + port: http-admin + readinessProbe: + httpGet: + path: {{ .Values.healthCheckUrl | quote }} + port: http-admin + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + {{- range $key, $value := .Values.environmentVariables }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- if .Values.enableHttpZipkinCollector }} + - name: COLLECTOR_ZIPKIN_HOST_PORT + value: "9411" + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/hack/observability/jaeger/chart/templates/tests/test-connection.yaml b/hack/observability/jaeger/chart/templates/tests/test-connection.yaml index 458831992e8..ed0bbc9e68b 100644 --- a/hack/observability/jaeger/chart/templates/tests/test-connection.yaml +++ b/hack/observability/jaeger/chart/templates/tests/test-connection.yaml @@ -1,15 +1,15 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "jaeger-all-in-one.fullname" . }}-test-connection" - labels: -{{ include "jaeger-all-in-one.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "jaeger-all-in-one.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "jaeger-all-in-one.fullname" . }}-test-connection" + labels: +{{ include "jaeger-all-in-one.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "jaeger-all-in-one.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/hack/observability/jaeger/chart/values.yaml b/hack/observability/jaeger/chart/values.yaml index 4d61ab60989..acc581f55c6 100644 --- a/hack/observability/jaeger/chart/values.yaml +++ b/hack/observability/jaeger/chart/values.yaml @@ -1,95 +1,95 @@ -# Default values for jaeger-all-in-one. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -enabled: true -replicaCount: 1 - -image: - repository: jaegertracing/all-in-one - pullPolicy: IfNotPresent - -healthCheckUrl: / -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" -terminationGracePeriodSeconds: 10 -environmentVariables: - MEMORY_MAX_TRACES: 100000 - SPAN_STORAGE_TYPE: badger - BADGER_EPHEMERAL: false - BADGER_DIRECTORY_VALUE: /badger/data - BADGER_DIRECTORY_KEY: /badger/key - -enableHttpZipkinCollector: false - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/path: "/metrics" - prometheus.io/port: "14269" - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 16686 - annotations: - prometheus.io/probe: "true" - prometheus.io/probe-path: "/" - headless: - annotations: {} - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # cert-manager.io/cluster-issuer: letsencrypt - # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - # nginx.ingress.kubernetes.io/from-to-www-redirect: "true" - hosts: [] - # - host: jaeger.localhost - # paths: - # - / - tls: [] - # - secretName: tls-secret - # hosts: - # - jaeger.localhost - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -volume: - enabled: true - className: "" +# Default values for jaeger-all-in-one. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +enabled: true +replicaCount: 1 + +image: + repository: jaegertracing/all-in-one + pullPolicy: IfNotPresent + +healthCheckUrl: / +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +terminationGracePeriodSeconds: 10 +environmentVariables: + MEMORY_MAX_TRACES: 100000 + SPAN_STORAGE_TYPE: badger + BADGER_EPHEMERAL: false + BADGER_DIRECTORY_VALUE: /badger/data + BADGER_DIRECTORY_KEY: /badger/key + +enableHttpZipkinCollector: false + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "14269" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 16686 + annotations: + prometheus.io/probe: "true" + prometheus.io/probe-path: "/" + headless: + annotations: {} + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # cert-manager.io/cluster-issuer: letsencrypt + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/from-to-www-redirect: "true" + hosts: [] + # - host: jaeger.localhost + # paths: + # - / + tls: [] + # - secretName: tls-secret + # hosts: + # - jaeger.localhost + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +volume: + enabled: true + className: "" size: 3Gi \ No newline at end of file diff --git a/test/e2e/workloads/policies/backend-policy-allow-ingress-pod-label.yaml b/test/e2e/workloads/policies/backend-policy-allow-ingress-pod-label.yaml index d569d4a1496..d15e7c3f7f0 100644 --- a/test/e2e/workloads/policies/backend-policy-allow-ingress-pod-label.yaml +++ b/test/e2e/workloads/policies/backend-policy-allow-ingress-pod-label.yaml @@ -1,17 +1,17 @@ -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: backend-allow-ingress-pod-label - namespace: development -spec: - podSelector: - matchLabels: - app: webapp - role: backend - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: webapp - role: frontend +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: backend-allow-ingress-pod-label + namespace: development +spec: + podSelector: + matchLabels: + app: webapp + role: backend + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app: webapp + role: frontend diff --git a/test/e2e/workloads/policies/backend-policy-allow-ingress-pod-namespace-label.yaml b/test/e2e/workloads/policies/backend-policy-allow-ingress-pod-namespace-label.yaml index a2f06fd5754..7b5bcfecdaa 100644 --- a/test/e2e/workloads/policies/backend-policy-allow-ingress-pod-namespace-label.yaml +++ b/test/e2e/workloads/policies/backend-policy-allow-ingress-pod-namespace-label.yaml @@ -1,19 +1,19 @@ -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: backend-policy-allow-ingress-pod-namespace-label - namespace: development -spec: - podSelector: - matchLabels: - app: webapp - role: backend - ingress: - - from: - - namespaceSelector: - matchLabels: - purpose: development - podSelector: - matchLabels: - app: webapp - role: frontend +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: backend-policy-allow-ingress-pod-namespace-label + namespace: development +spec: + podSelector: + matchLabels: + app: webapp + role: backend + ingress: + - from: + - namespaceSelector: + matchLabels: + purpose: development + podSelector: + matchLabels: + app: webapp + role: frontend diff --git a/test/e2e/workloads/policies/backend-policy-deny-ingress.yaml b/test/e2e/workloads/policies/backend-policy-deny-ingress.yaml index 58f42e13d60..de04a85d3fe 100644 --- a/test/e2e/workloads/policies/backend-policy-deny-ingress.yaml +++ b/test/e2e/workloads/policies/backend-policy-deny-ingress.yaml @@ -1,11 +1,11 @@ -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: backend-deny-ingress - namespace: development -spec: - podSelector: - matchLabels: - app: webapp - role: backend - ingress: [] +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: backend-deny-ingress + namespace: development +spec: + podSelector: + matchLabels: + app: webapp + role: backend + ingress: []