Initial commit

linkerd/Chart.lock

@@ -0,0 +1,18 @@
+dependencies:
+- name: linkerd-crds
+  repository: https://helm.linkerd.io/edge
+  version: 2024.10.3
+- name: linkerd2-cni
+  repository: https://helm.linkerd.io/edge
+  version: 2024.10.3
+- name: linkerd-control-plane
+  repository: https://helm.linkerd.io/edge
+  version: 2024.10.3
+- name: linkerd-viz
+  repository: https://helm.linkerd.io/edge
+  version: 2024.10.3
+- name: linkerd-smi
+  repository: https://linkerd.github.io/linkerd-smi
+  version: 1.0.4
+digest: sha256:9abbf9c779d8421b51613e8b45c41b2012f380bd85069bc3b0074a0a79096dcb
+generated: "2024-10-20T04:06:19.187873925+02:00"

linkerd/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: linkerd
+description: Helm chart to update the linkerd setup
+type: application
+version: 0.1.0
+dependencies:
+- name: linkerd-crds 
+  version: "2024.10.3"
+  repository: "https://helm.linkerd.io/edge"
+- name: linkerd2-cni
+  version: "2024.10.3"
+  repository: "https://helm.linkerd.io/edge"
+- name: linkerd-control-plane
+  version: "2024.10.3"
+  repository: "https://helm.linkerd.io/edge"
+- name: linkerd-smi
+  version: "1.0.4"
+  repository: "https://linkerd.github.io/linkerd-smi"

linkerd/init.sh

@@ -0,0 +1,9 @@
+step-cli certificate create root.linkerd.cluster.local ca.crt ca.key \
+  --profile root-ca --no-password --insecure &&
+  kubectl create secret tls \
+    linkerd-trust-anchor \
+    --cert=ca.crt \
+    --key=ca.key \
+    --namespace=linkerd &&
+  yq e -i '.["linkerd-control-plane"].identityTrustAnchorsPEM=load_str("ca.crt")' values.yaml &&
+  rm ca.crt ca.key

linkerd/templates/identity-issuer-certificate.yaml

@@ -0,0 +1,22 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: linkerd-identity-issuer
+spec:
+  secretName: linkerd-identity-issuer
+  duration: 48h
+  renewBefore: 25h
+  issuerRef:
+    name: linkerd-trust-anchor
+    kind: Issuer
+  commonName: identity.linkerd.cluster.local
+  dnsNames:
+  - identity.linkerd.cluster.local
+  isCA: true
+  privateKey:
+    algorithm: ECDSA
+  usages:
+  - cert sign
+  - crl sign
+  - server auth
+  - client auth

linkerd/templates/trust-anchor-issuer.yaml

@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: linkerd-trust-anchor
+spec:
+  ca:
+    secretName: linkerd-trust-anchor

linkerd/values.yaml

@@ -0,0 +1,23 @@
+linkerd-control-plane:
+  cniEnabled: true
+  identity:
+    issuer:
+      scheme: kubernetes.io/tls
+  identityTrustAnchorsPEM: |
+    -----BEGIN CERTIFICATE-----
+    MIIBjjCCATSgAwIBAgIRALFMxwXuxeFAIPXzJnwl35IwCgYIKoZIzj0EAwIwJTEj
+    MCEGA1UEAxMacm9vdC5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjQxMDE5MjM0
+    NTQyWhcNMzQxMDE3MjM0NTQyWjAlMSMwIQYDVQQDExpyb290LmxpbmtlcmQuY2x1
+    c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABM9+FB46xXRcqAwC
+    YaZ0nCESy31TU6wk3ED5b4RGkM+W0HCjr6FkJ/bdiZalwGZ5CmYo2skOvdMNMiOI
+    DpDcW6yjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0G
+    A1UdDgQWBBSS3w3dDp+eYTqv/r/6aWX1HCGkTTAKBggqhkjOPQQDAgNIADBFAiBA
+    2HeSIMA42bJtg4VImveysgdrHUEuLkvqyDt4NzPEFwIhAMsFnvGKdBlW0kckLWeN
+    KNZoN1TwbI/Hvdhh0EJRgx8e
+    -----END CERTIFICATE-----
+  proxy:
+    nativeSidecar: true
+
+linkerd2-cni:
+  repairController:
+    enabled: true