linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make the auto-injector required and removed proxy-auto-inject flag (#2733) 

Make the auto-injector required and removed proxy-auto-inject flag

Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
This commit is contained in:
Alejandro Pedraza 2019-04-24 13:06:51 -05:00 committed by GitHub
parent c062cf433c
commit 53bb7c47f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 1542 additions and 1892 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/test-run
View File

@ -63,7 +63,7 @@ function run_upgrade_test() {
install_edge $edge_namespace install_edge $edge_namespace
printf "Upgrading release [%s] to [%s]\n" "$edge_version" "$linkerd_version" printf "Upgrading release [%s] to [%s]\n" "$edge_version" "$linkerd_version"
run_test "$test_directory/install_test.go" --upgrade-from-version=$edge_version --linkerd-namespace=$edge_namespace --proxy-auto-inject || exit_code=$? run_test "$test_directory/install_test.go" --upgrade-from-version=$edge_version --linkerd-namespace=$edge_namespace || exit_code=$?
} }
linkerd_path=$1 linkerd_path=$1

2
chart/templates/namespace.yaml
View File

@ -8,8 +8,6 @@ kind: Namespace
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: {{.Namespace}} name: {{.Namespace}}
{{- if .ProxyAutoInjectEnabled }}
annotations: annotations:
{{.ProxyInjectAnnotation}}: {{.ProxyInjectDisabled}} {{.ProxyInjectAnnotation}}: {{.ProxyInjectDisabled}}
{{- end }}
{{end -}} {{end -}}

2
chart/templates/proxy_injector-rbac.yaml
View File

@ -1,5 +1,4 @@
{{with .Values -}} {{with .Values -}}
{{if .ProxyAutoInjectEnabled -}}
--- ---
### ###
### Proxy Injector RBAC ### Proxy Injector RBAC
@ -43,4 +42,3 @@ roleRef:
name: linkerd-{{.Namespace}}-proxy-injector name: linkerd-{{.Namespace}}-proxy-injector
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
{{end -}} {{end -}}
{{end -}}

3
chart/templates/proxy_injector.yaml
View File

@ -1,5 +1,4 @@
{{with .Values -}} {{with .Values -}}
{{if .ProxyAutoInjectEnabled -}}
--- ---
### ###
### Proxy Injector ### Proxy Injector
@ -78,6 +77,4 @@ spec:
- name: proxy-injector - name: proxy-injector
port: 443 port: 443
targetPort: proxy-injector targetPort: proxy-injector
---
{{end -}}
{{end -}} {{end -}}

51
cli/cmd/install.go
View File

@ -9,6 +9,7 @@ import (
"io/ioutil" "io/ioutil"
"os" "os"
"path" "path"
"strings"
"time" "time"
"github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes"
@ -52,7 +53,6 @@ type (
ControllerComponentLabel string ControllerComponentLabel string
CreatedByAnnotation string CreatedByAnnotation string
ProxyContainerName string ProxyContainerName string
ProxyAutoInjectEnabled bool
ProxyInjectAnnotation string ProxyInjectAnnotation string
ProxyInjectDisabled string ProxyInjectDisabled string
ControllerUID int64 ControllerUID int64
@ -108,7 +108,6 @@ type (
controlPlaneVersion string controlPlaneVersion string
controllerReplicas uint controllerReplicas uint
controllerLogLevel string controllerLogLevel string
proxyAutoInject bool
highAvailability bool highAvailability bool
controllerUID int64 controllerUID int64
disableH2Upgrade bool disableH2Upgrade bool
@ -158,7 +157,6 @@ func newInstallOptionsWithDefaults() *installOptions {
controlPlaneVersion: version.Version, controlPlaneVersion: version.Version,
controllerReplicas: defaultControllerReplicas, controllerReplicas: defaultControllerReplicas,
controllerLogLevel: "info", controllerLogLevel: "info",
proxyAutoInject: false,
highAvailability: false, highAvailability: false,
controllerUID: 2103, controllerUID: 2103,
disableH2Upgrade: false, disableH2Upgrade: false,
@ -308,10 +306,6 @@ func (options *installOptions) recordableFlagSet() *pflag.FlagSet {
&options.controllerLogLevel, "controller-log-level", options.controllerLogLevel, &options.controllerLogLevel, "controller-log-level", options.controllerLogLevel,
"Log level for the controller and web components", "Log level for the controller and web components",
) )
flags.BoolVar(
&options.proxyAutoInject, "proxy-auto-inject", options.proxyAutoInject,
"Enable proxy sidecar auto-injection via a webhook (default false)",
)
flags.BoolVar( flags.BoolVar(
&options.highAvailability, "ha", options.highAvailability, &options.highAvailability, "ha", options.highAvailability,
"Experimental: Enable HA deployment config for the control plane (default false)", "Experimental: Enable HA deployment config for the control plane (default false)",
@ -456,15 +450,14 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*ins
ProxyInjectDisabled: k8s.ProxyInjectDisabled, ProxyInjectDisabled: k8s.ProxyInjectDisabled,
// Controller configuration: // Controller configuration:
Namespace: controlPlaneNamespace, Namespace: controlPlaneNamespace,
UUID: configs.GetInstall().GetUuid(), UUID: configs.GetInstall().GetUuid(),
ControllerReplicas: options.controllerReplicas, ControllerReplicas: options.controllerReplicas,
ControllerLogLevel: options.controllerLogLevel, ControllerLogLevel: options.controllerLogLevel,
ControllerUID: options.controllerUID, ControllerUID: options.controllerUID,
EnableH2Upgrade: !options.disableH2Upgrade, EnableH2Upgrade: !options.disableH2Upgrade,
NoInitContainer: options.noInitContainer, NoInitContainer: options.noInitContainer,
ProxyAutoInjectEnabled: options.proxyAutoInject, PrometheusLogLevel: toPromLogLevel(options.controllerLogLevel),
PrometheusLogLevel: toPromLogLevel(options.controllerLogLevel),
Configs: configJSONs{ Configs: configJSONs{
Global: globalJSON, Global: globalJSON,
@ -635,17 +628,11 @@ func (options *installOptions) configs(identity *pb.IdentityContext) *pb.All {
} }
func (options *installOptions) globalConfig(identity *pb.IdentityContext) *pb.Global { func (options *installOptions) globalConfig(identity *pb.IdentityContext) *pb.Global {
var autoInjectContext *pb.AutoInjectContext
if options.proxyAutoInject {
autoInjectContext = &pb.AutoInjectContext{}
}
return &pb.Global{ return &pb.Global{
LinkerdNamespace: controlPlaneNamespace, LinkerdNamespace: controlPlaneNamespace,
AutoInjectContext: autoInjectContext, CniEnabled: options.noInitContainer,
CniEnabled: options.noInitContainer, Version: options.controlPlaneVersion,
Version: options.controlPlaneVersion, IdentityContext: identity,
IdentityContext: identity,
} }
} }
@ -933,18 +920,14 @@ func validateArgs(args []string, flags *pflag.FlagSet, installOnlyFlags *pflag.F
combinedFlags.AddFlagSet(flags) combinedFlags.AddFlagSet(flags)
combinedFlags.AddFlagSet(installOnlyFlags) combinedFlags.AddFlagSet(installOnlyFlags)
var err error invalidFlags := make([]string, 0)
combinedFlags.VisitAll(func(f *pflag.Flag) { combinedFlags.VisitAll(func(f *pflag.Flag) {
if f.Changed { if f.Changed {
switch f.Name { invalidFlags = append(invalidFlags, f.Name)
// TODO: remove "proxy-auto-inject" when it becomes default
case "proxy-auto-inject":
default:
err = fmt.Errorf("flag not available for config stage: --%s", f.Name)
}
} }
}) })
if err != nil { if len(invalidFlags) > 0 {
err := fmt.Errorf("flags not available for config stage: --%s", strings.Join(invalidFlags, ", --"))
return "", err return "", err
} }
} }

11
cli/cmd/install_test.go
View File

@ -45,7 +45,6 @@ func TestRender(t *testing.T) {
ControllerComponentLabel: "ControllerComponentLabel", ControllerComponentLabel: "ControllerComponentLabel",
CreatedByAnnotation: "CreatedByAnnotation", CreatedByAnnotation: "CreatedByAnnotation",
ProxyContainerName: "ProxyContainerName", ProxyContainerName: "ProxyContainerName",
ProxyAutoInjectEnabled: true,
ProxyInjectAnnotation: "ProxyInjectAnnotation", ProxyInjectAnnotation: "ProxyInjectAnnotation",
ProxyInjectDisabled: "ProxyInjectDisabled", ProxyInjectDisabled: "ProxyInjectDisabled",
ControllerUID: 2103, ControllerUID: 2103,
@ -83,15 +82,6 @@ func TestRender(t *testing.T) {
noInitContainerOptions.noInitContainer = true noInitContainerOptions.noInitContainer = true
noInitContainerValues, noInitContainerConfig, _ := noInitContainerOptions.validateAndBuild("", nil) noInitContainerValues, noInitContainerConfig, _ := noInitContainerOptions.validateAndBuild("", nil)
noInitContainerWithProxyAutoInjectOptions := testInstallOptions()
noInitContainerWithProxyAutoInjectOptions.recordedFlags = []*config.Install_Flag{
{Name: "linkerd-cni-enabled", Value: "true"},
{Name: "proxy-auto-inject", Value: "true"},
}
noInitContainerWithProxyAutoInjectOptions.noInitContainer = true
noInitContainerWithProxyAutoInjectOptions.proxyAutoInject = true
noInitContainerWithProxyAutoInjectValues, noInitContainerWithProxyAutoInjectConfig, _ := noInitContainerWithProxyAutoInjectOptions.validateAndBuild("", nil)
testCases := []struct { testCases := []struct {
values *installValues values *installValues
configs *config.All configs *config.All
@ -104,7 +94,6 @@ func TestRender(t *testing.T) {
{haValues, haConfig, "install_ha_output.golden"}, {haValues, haConfig, "install_ha_output.golden"},
{haWithOverridesValues, haWithOverridesConfig, "install_ha_with_overrides_output.golden"}, {haWithOverridesValues, haWithOverridesConfig, "install_ha_with_overrides_output.golden"},
{noInitContainerValues, noInitContainerConfig, "install_no_init_container.golden"}, {noInitContainerValues, noInitContainerConfig, "install_no_init_container.golden"},
{noInitContainerWithProxyAutoInjectValues, noInitContainerWithProxyAutoInjectConfig, "install_no_init_container_auto_inject.golden"},
} }
for i, tc := range testCases { for i, tc := range testCases {

44
cli/cmd/testdata/install_config.golden vendored
View File

@ -7,6 +7,8 @@ kind: Namespace
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: linkerd name: linkerd
annotations:
linkerd.io/inject: disabled
--- ---
### ###
### Identity Controller Service RBAC ### Identity Controller Service RBAC
@ -135,6 +137,48 @@ subjects:
namespace: linkerd namespace: linkerd
--- ---
### ###
### Proxy Injector RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create", "get", "delete"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["list", "get", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["list", "get", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
subjects:
- kind: ServiceAccount
name: linkerd-proxy-injector
namespace: linkerd
apiGroup: ""
roleRef:
kind: ClusterRole
name: linkerd-linkerd-proxy-injector
apiGroup: rbac.authorization.k8s.io
---
###
### Service Profile Validator RBAC ### Service Profile Validator RBAC
### ###
--- ---

193
cli/cmd/testdata/install_control-plane.golden vendored
View File

@ -1245,6 +1245,199 @@ spec:
status: {} status: {}
--- ---
### ###
### Proxy Injector
###
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
name: linkerd-proxy-injector
namespace: linkerd
spec:
replicas: 1
selector:
matchLabels:
linkerd.io/control-plane-component: proxy-injector
strategy: {}
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
linkerd.io/identity-mode: default
linkerd.io/proxy-version: install-proxy-version
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-proxy-injector
spec:
containers:
- args:
- proxy-injector
- -controller-namespace=linkerd
- -log-level=info
image: gcr.io/linkerd-io/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /ping
port: 9995
initialDelaySeconds: 10
name: proxy-injector
ports:
- containerPort: 8443
name: proxy-injector
readinessProbe:
failureThreshold: 7
httpGet:
path: /ready
port: 9995
resources: {}
securityContext:
runAsUser: 2103
volumeMounts:
- mountPath: /var/run/linkerd/config
name: config
- env:
- name: LINKERD2_PROXY_LOG
value: warn,linkerd2_proxy=info
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
value: linkerd-destination.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: svc.cluster.local.
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: _pod_ns
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LINKERD2_PROXY_DESTINATION_CONTEXT
value: ns:$(_pod_ns)
- name: LINKERD2_PROXY_IDENTITY_DIR
value: /var/run/linkerd/identity/end-entity
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
value: |
-----BEGIN CERTIFICATE-----
MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy
LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE
AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0
xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364
6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE
AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv
OLO4Zsk1XrGZHGsmyiEyvYF9lpY=
-----END CERTIFICATE-----
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
value: linkerd-identity.linkerd.svc.cluster.local:8080
- name: _pod_sa
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: _l5d_ns
value: linkerd
- name: _l5d_trustdomain
value: cluster.local
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-controller.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: gcr.io/linkerd-io/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-admin
readinessProbe:
httpGet:
path: /ready
port: 4191
initialDelaySeconds: 2
resources: {}
securityContext:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- 4190,4191
- --outbound-ports-to-ignore
- "443"
image: gcr.io/linkerd-io/proxy-init:install-control-plane-version
imagePullPolicy: IfNotPresent
name: linkerd-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
runAsNonRoot: false
runAsUser: 0
terminationMessagePolicy: FallbackToLogsOnError
serviceAccountName: linkerd-proxy-injector
volumes:
- configMap:
name: linkerd-config
name: config
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity
status: {}
---
kind: Service
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
labels:
linkerd.io/control-plane-component: proxy-injector
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
spec:
type: ClusterIP
selector:
linkerd.io/control-plane-component: proxy-injector
ports:
- name: proxy-injector
port: 443
targetPort: proxy-injector
---
###
### Service Profile Validator ### Service Profile Validator
### ###
--- ---

237
cli/cmd/testdata/install_default.golden vendored
View File

@ -7,6 +7,8 @@ kind: Namespace
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: linkerd name: linkerd
annotations:
linkerd.io/inject: disabled
--- ---
### ###
### Identity Controller Service RBAC ### Identity Controller Service RBAC
@ -135,6 +137,48 @@ subjects:
namespace: linkerd namespace: linkerd
--- ---
### ###
### Proxy Injector RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create", "get", "delete"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["list", "get", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["list", "get", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
subjects:
- kind: ServiceAccount
name: linkerd-proxy-injector
namespace: linkerd
apiGroup: ""
roleRef:
kind: ClusterRole
name: linkerd-linkerd-proxy-injector
apiGroup: rbac.authorization.k8s.io
---
###
### Service Profile Validator RBAC ### Service Profile Validator RBAC
### ###
--- ---
@ -1416,6 +1460,199 @@ spec:
status: {} status: {}
--- ---
### ###
### Proxy Injector
###
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
name: linkerd-proxy-injector
namespace: linkerd
spec:
replicas: 1
selector:
matchLabels:
linkerd.io/control-plane-component: proxy-injector
strategy: {}
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
linkerd.io/identity-mode: default
linkerd.io/proxy-version: install-proxy-version
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-proxy-injector
spec:
containers:
- args:
- proxy-injector
- -controller-namespace=linkerd
- -log-level=info
image: gcr.io/linkerd-io/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /ping
port: 9995
initialDelaySeconds: 10
name: proxy-injector
ports:
- containerPort: 8443
name: proxy-injector
readinessProbe:
failureThreshold: 7
httpGet:
path: /ready
port: 9995
resources: {}
securityContext:
runAsUser: 2103
volumeMounts:
- mountPath: /var/run/linkerd/config
name: config
- env:
- name: LINKERD2_PROXY_LOG
value: warn,linkerd2_proxy=info
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
value: linkerd-destination.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: svc.cluster.local.
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: _pod_ns
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LINKERD2_PROXY_DESTINATION_CONTEXT
value: ns:$(_pod_ns)
- name: LINKERD2_PROXY_IDENTITY_DIR
value: /var/run/linkerd/identity/end-entity
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
value: |
-----BEGIN CERTIFICATE-----
MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy
LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE
AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0
xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364
6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE
AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv
OLO4Zsk1XrGZHGsmyiEyvYF9lpY=
-----END CERTIFICATE-----
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
value: linkerd-identity.linkerd.svc.cluster.local:8080
- name: _pod_sa
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: _l5d_ns
value: linkerd
- name: _l5d_trustdomain
value: cluster.local
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-controller.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: gcr.io/linkerd-io/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-admin
readinessProbe:
httpGet:
path: /ready
port: 4191
initialDelaySeconds: 2
resources: {}
securityContext:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- 4190,4191
- --outbound-ports-to-ignore
- "443"
image: gcr.io/linkerd-io/proxy-init:install-control-plane-version
imagePullPolicy: IfNotPresent
name: linkerd-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
runAsNonRoot: false
runAsUser: 0
terminationMessagePolicy: FallbackToLogsOnError
serviceAccountName: linkerd-proxy-injector
volumes:
- configMap:
name: linkerd-config
name: config
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity
status: {}
---
kind: Service
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
labels:
linkerd.io/control-plane-component: proxy-injector
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
spec:
type: ClusterIP
selector:
linkerd.io/control-plane-component: proxy-injector
ports:
- name: proxy-injector
port: 443
targetPort: proxy-injector
---
###
### Service Profile Validator ### Service Profile Validator
### ###
--- ---

243
cli/cmd/testdata/install_ha_output.golden vendored
View File

@ -7,6 +7,8 @@ kind: Namespace
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: linkerd name: linkerd
annotations:
linkerd.io/inject: disabled
--- ---
### ###
### Identity Controller Service RBAC ### Identity Controller Service RBAC
@ -135,6 +137,48 @@ subjects:
namespace: linkerd namespace: linkerd
--- ---
### ###
### Proxy Injector RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create", "get", "delete"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["list", "get", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["list", "get", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
subjects:
- kind: ServiceAccount
name: linkerd-proxy-injector
namespace: linkerd
apiGroup: ""
roleRef:
kind: ClusterRole
name: linkerd-linkerd-proxy-injector
apiGroup: rbac.authorization.k8s.io
---
###
### Service Profile Validator RBAC ### Service Profile Validator RBAC
### ###
--- ---
@ -1452,6 +1496,205 @@ spec:
status: {} status: {}
--- ---
### ###
### Proxy Injector
###
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
name: linkerd-proxy-injector
namespace: linkerd
spec:
replicas: 1
selector:
matchLabels:
linkerd.io/control-plane-component: proxy-injector
strategy: {}
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
linkerd.io/identity-mode: default
linkerd.io/proxy-version: install-proxy-version
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-proxy-injector
spec:
containers:
- args:
- proxy-injector
- -controller-namespace=linkerd
- -log-level=info
image: gcr.io/linkerd-io/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /ping
port: 9995
initialDelaySeconds: 10
name: proxy-injector
ports:
- containerPort: 8443
name: proxy-injector
readinessProbe:
failureThreshold: 7
httpGet:
path: /ready
port: 9995
resources:
requests:
cpu: 100m
memory: 50Mi
securityContext:
runAsUser: 2103
volumeMounts:
- mountPath: /var/run/linkerd/config
name: config
- env:
- name: LINKERD2_PROXY_LOG
value: warn,linkerd2_proxy=info
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
value: linkerd-destination.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: svc.cluster.local.
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: _pod_ns
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LINKERD2_PROXY_DESTINATION_CONTEXT
value: ns:$(_pod_ns)
- name: LINKERD2_PROXY_IDENTITY_DIR
value: /var/run/linkerd/identity/end-entity
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
value: |
-----BEGIN CERTIFICATE-----
MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy
LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE
AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0
xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364
6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE
AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv
OLO4Zsk1XrGZHGsmyiEyvYF9lpY=
-----END CERTIFICATE-----
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
value: linkerd-identity.linkerd.svc.cluster.local:8080
- name: _pod_sa
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: _l5d_ns
value: linkerd
- name: _l5d_trustdomain
value: cluster.local
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-controller.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: gcr.io/linkerd-io/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-admin
readinessProbe:
httpGet:
path: /ready
port: 4191
initialDelaySeconds: 2
resources:
requests:
cpu: 100m
memory: 20Mi
securityContext:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- 4190,4191
- --outbound-ports-to-ignore
- "443"
image: gcr.io/linkerd-io/proxy-init:install-control-plane-version
imagePullPolicy: IfNotPresent
name: linkerd-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
runAsNonRoot: false
runAsUser: 0
terminationMessagePolicy: FallbackToLogsOnError
serviceAccountName: linkerd-proxy-injector
volumes:
- configMap:
name: linkerd-config
name: config
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity
status: {}
---
kind: Service
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
labels:
linkerd.io/control-plane-component: proxy-injector
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
spec:
type: ClusterIP
selector:
linkerd.io/control-plane-component: proxy-injector
ports:
- name: proxy-injector
port: 443
targetPort: proxy-injector
---
###
### Service Profile Validator ### Service Profile Validator
### ###
--- ---

243
cli/cmd/testdata/install_ha_with_overrides_output.golden vendored
View File

@ -7,6 +7,8 @@ kind: Namespace
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: linkerd name: linkerd
annotations:
linkerd.io/inject: disabled
--- ---
### ###
### Identity Controller Service RBAC ### Identity Controller Service RBAC
@ -135,6 +137,48 @@ subjects:
namespace: linkerd namespace: linkerd
--- ---
### ###
### Proxy Injector RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create", "get", "delete"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["list", "get", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["list", "get", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
subjects:
- kind: ServiceAccount
name: linkerd-proxy-injector
namespace: linkerd
apiGroup: ""
roleRef:
kind: ClusterRole
name: linkerd-linkerd-proxy-injector
apiGroup: rbac.authorization.k8s.io
---
###
### Service Profile Validator RBAC ### Service Profile Validator RBAC
### ###
--- ---
@ -1452,6 +1496,205 @@ spec:
status: {} status: {}
--- ---
### ###
### Proxy Injector
###
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
name: linkerd-proxy-injector
namespace: linkerd
spec:
replicas: 1
selector:
matchLabels:
linkerd.io/control-plane-component: proxy-injector
strategy: {}
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
linkerd.io/identity-mode: default
linkerd.io/proxy-version: install-proxy-version
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-proxy-injector
spec:
containers:
- args:
- proxy-injector
- -controller-namespace=linkerd
- -log-level=info
image: gcr.io/linkerd-io/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /ping
port: 9995
initialDelaySeconds: 10
name: proxy-injector
ports:
- containerPort: 8443
name: proxy-injector
readinessProbe:
failureThreshold: 7
httpGet:
path: /ready
port: 9995
resources:
requests:
cpu: 100m
memory: 50Mi
securityContext:
runAsUser: 2103
volumeMounts:
- mountPath: /var/run/linkerd/config
name: config
- env:
- name: LINKERD2_PROXY_LOG
value: warn,linkerd2_proxy=info
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
value: linkerd-destination.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: svc.cluster.local.
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: _pod_ns
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LINKERD2_PROXY_DESTINATION_CONTEXT
value: ns:$(_pod_ns)
- name: LINKERD2_PROXY_IDENTITY_DIR
value: /var/run/linkerd/identity/end-entity
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
value: |
-----BEGIN CERTIFICATE-----
MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy
LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE
AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0
xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364
6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE
AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv
OLO4Zsk1XrGZHGsmyiEyvYF9lpY=
-----END CERTIFICATE-----
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
value: linkerd-identity.linkerd.svc.cluster.local:8080
- name: _pod_sa
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: _l5d_ns
value: linkerd
- name: _l5d_trustdomain
value: cluster.local
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-controller.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: gcr.io/linkerd-io/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-admin
readinessProbe:
httpGet:
path: /ready
port: 4191
initialDelaySeconds: 2
resources:
requests:
cpu: 400m
memory: 300Mi
securityContext:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- 4190,4191
- --outbound-ports-to-ignore
- "443"
image: gcr.io/linkerd-io/proxy-init:install-control-plane-version
imagePullPolicy: IfNotPresent
name: linkerd-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
runAsNonRoot: false
runAsUser: 0
terminationMessagePolicy: FallbackToLogsOnError
serviceAccountName: linkerd-proxy-injector
volumes:
- configMap:
name: linkerd-config
name: config
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity
status: {}
---
kind: Service
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
labels:
linkerd.io/control-plane-component: proxy-injector
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
spec:
type: ClusterIP
selector:
linkerd.io/control-plane-component: proxy-injector
ports:
- name: proxy-injector
port: 443
targetPort: proxy-injector
---
###
### Service Profile Validator ### Service Profile Validator
### ###
--- ---

213
cli/cmd/testdata/install_no_init_container.golden vendored
View File

@ -7,6 +7,8 @@ kind: Namespace
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: linkerd name: linkerd
annotations:
linkerd.io/inject: disabled
--- ---
### ###
### Identity Controller Service RBAC ### Identity Controller Service RBAC
@ -135,6 +137,48 @@ subjects:
namespace: linkerd namespace: linkerd
--- ---
### ###
### Proxy Injector RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create", "get", "delete"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["list", "get", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["list", "get", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
subjects:
- kind: ServiceAccount
name: linkerd-proxy-injector
namespace: linkerd
apiGroup: ""
roleRef:
kind: ClusterRole
name: linkerd-linkerd-proxy-injector
apiGroup: rbac.authorization.k8s.io
---
###
### Service Profile Validator RBAC ### Service Profile Validator RBAC
### ###
--- ---
@ -1296,6 +1340,175 @@ spec:
status: {} status: {}
--- ---
### ###
### Proxy Injector
###
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
name: linkerd-proxy-injector
namespace: linkerd
spec:
replicas: 1
selector:
matchLabels:
linkerd.io/control-plane-component: proxy-injector
strategy: {}
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
linkerd.io/identity-mode: default
linkerd.io/proxy-version: install-proxy-version
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-proxy-injector
spec:
containers:
- args:
- proxy-injector
- -controller-namespace=linkerd
- -log-level=info
image: gcr.io/linkerd-io/controller:install-control-plane-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /ping
port: 9995
initialDelaySeconds: 10
name: proxy-injector
ports:
- containerPort: 8443
name: proxy-injector
readinessProbe:
failureThreshold: 7
httpGet:
path: /ready
port: 9995
resources: {}
securityContext:
runAsUser: 2103
volumeMounts:
- mountPath: /var/run/linkerd/config
name: config
- env:
- name: LINKERD2_PROXY_LOG
value: warn,linkerd2_proxy=info
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
value: linkerd-destination.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: svc.cluster.local.
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: _pod_ns
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LINKERD2_PROXY_DESTINATION_CONTEXT
value: ns:$(_pod_ns)
- name: LINKERD2_PROXY_IDENTITY_DIR
value: /var/run/linkerd/identity/end-entity
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
value: |
-----BEGIN CERTIFICATE-----
MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy
LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE
AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0
xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364
6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE
AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv
OLO4Zsk1XrGZHGsmyiEyvYF9lpY=
-----END CERTIFICATE-----
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
value: linkerd-identity.linkerd.svc.cluster.local:8080
- name: _pod_sa
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: _l5d_ns
value: linkerd
- name: _l5d_trustdomain
value: cluster.local
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-controller.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: gcr.io/linkerd-io/proxy:install-proxy-version
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-admin
readinessProbe:
httpGet:
path: /ready
port: 4191
initialDelaySeconds: 2
resources: {}
securityContext:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
serviceAccountName: linkerd-proxy-injector
volumes:
- configMap:
name: linkerd-config
name: config
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity
status: {}
---
kind: Service
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
labels:
linkerd.io/control-plane-component: proxy-injector
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
spec:
type: ClusterIP
selector:
linkerd.io/control-plane-component: proxy-injector
ports:
- name: proxy-injector
port: 443
targetPort: proxy-injector
---
###
### Service Profile Validator ### Service Profile Validator
### ###
--- ---

1677
cli/cmd/testdata/install_no_init_container_auto_inject.golden vendored
View File

File diff suppressed because it is too large Load Diff

1
cli/cmd/testdata/install_output.golden vendored
View File

@ -1442,7 +1442,6 @@ spec:
port: 443 port: 443
targetPort: proxy-injector targetPort: proxy-injector
--- ---
---
### ###
### Service Profile Validator ### Service Profile Validator
### ###

238
cli/cmd/testdata/upgrade_default.golden vendored
View File

@ -7,6 +7,8 @@ kind: Namespace
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: linkerd name: linkerd
annotations:
linkerd.io/inject: disabled
--- ---
### ###
### Identity Controller Service RBAC ### Identity Controller Service RBAC
@ -135,6 +137,48 @@ subjects:
namespace: linkerd namespace: linkerd
--- ---
### ###
### Proxy Injector RBAC
###
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create", "get", "delete"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["list", "get", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["list", "get", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: linkerd-linkerd-proxy-injector
subjects:
- kind: ServiceAccount
name: linkerd-proxy-injector
namespace: linkerd
apiGroup: ""
roleRef:
kind: ClusterRole
name: linkerd-linkerd-proxy-injector
apiGroup: rbac.authorization.k8s.io
---
###
### Service Profile Validator RBAC ### Service Profile Validator RBAC
### ###
--- ---
@ -1421,6 +1465,200 @@ spec:
status: {} status: {}
--- ---
### ###
### Proxy Injector
###
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
name: linkerd-proxy-injector
namespace: linkerd
spec:
replicas: 1
selector:
matchLabels:
linkerd.io/control-plane-component: proxy-injector
strategy: {}
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
linkerd.io/identity-mode: default
linkerd.io/proxy-version: UPGRADE-PROXY-VERSION
creationTimestamp: null
labels:
linkerd.io/control-plane-component: proxy-injector
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: linkerd-proxy-injector
spec:
containers:
- args:
- proxy-injector
- -controller-namespace=linkerd
- -log-level=info
image: gcr.io/linkerd-io/controller:UPGRADE-CONTROL-PLANE-VERSION
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /ping
port: 9995
initialDelaySeconds: 10
name: proxy-injector
ports:
- containerPort: 8443
name: proxy-injector
readinessProbe:
failureThreshold: 7
httpGet:
path: /ready
port: 9995
resources: {}
securityContext:
runAsUser: 2103
volumeMounts:
- mountPath: /var/run/linkerd/config
name: config
- env:
- name: LINKERD2_PROXY_LOG
value: warn,linkerd2_proxy=info
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
value: linkerd-destination.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: svc.cluster.local.
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
value: 10000ms
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
value: 10000ms
- name: _pod_ns
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LINKERD2_PROXY_DESTINATION_CONTEXT
value: ns:$(_pod_ns)
- name: LINKERD2_PROXY_IDENTITY_DIR
value: /var/run/linkerd/identity/end-entity
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
value: |
-----BEGIN CERTIFICATE-----
MIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0
eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz
MjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j
YWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg
EMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw
QDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW
YmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj
+U9K4WlbzA==
-----END CERTIFICATE-----
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
value: linkerd-identity.linkerd.svc.cluster.local:8080
- name: _pod_sa
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: _l5d_ns
value: linkerd
- name: _l5d_trustdomain
value: cluster.local
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME
value: linkerd-controller.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain)
image: gcr.io/linkerd-io/proxy:UPGRADE-PROXY-VERSION
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-admin
readinessProbe:
httpGet:
path: /ready
port: 4191
initialDelaySeconds: 2
resources: {}
securityContext:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/linkerd/identity/end-entity
name: linkerd-identity-end-entity
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- 4190,4191
- --outbound-ports-to-ignore
- "443"
image: gcr.io/linkerd-io/proxy-init:UPGRADE-CONTROL-PLANE-VERSION
imagePullPolicy: IfNotPresent
name: linkerd-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
runAsNonRoot: false
runAsUser: 0
terminationMessagePolicy: FallbackToLogsOnError
serviceAccountName: linkerd-proxy-injector
volumes:
- configMap:
name: linkerd-config
name: config
- emptyDir:
medium: Memory
name: linkerd-identity-end-entity
status: {}
---
kind: Service
apiVersion: v1
metadata:
name: linkerd-proxy-injector
namespace: linkerd
labels:
linkerd.io/control-plane-component: proxy-injector
annotations:
linkerd.io/created-by: linkerd/cli dev-undefined
spec:
type: ClusterIP
selector:
linkerd.io/control-plane-component: proxy-injector
ports:
- name: proxy-injector
port: 443
targetPort: proxy-injector
---
###
### Service Profile Validator ### Service Profile Validator
### ###
--- ---

3
cli/cmd/upgrade.go
View File

@ -138,9 +138,6 @@ func (options *upgradeOptions) validateAndBuild(k kubernetes.Interface, flags *p
// Update the configs from the synthesized options. // Update the configs from the synthesized options.
options.overrideConfigs(configs, map[string]string{}) options.overrideConfigs(configs, map[string]string{})
if options.proxyAutoInject {
configs.GetGlobal().AutoInjectContext = &pb.AutoInjectContext{}
}
if options.controlPlaneVersion != "" { if options.controlPlaneVersion != "" {
configs.GetGlobal().Version = options.controlPlaneVersion configs.GetGlobal().Version = options.controlPlaneVersion
} }

13
cli/cmd/upgrade_test.go
View File

@ -46,7 +46,7 @@ metadata:
linkerd.io/created-by: linkerd/cli edge-19.4.1 linkerd.io/created-by: linkerd/cli edge-19.4.1
data: data:
global: | global: |
{"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s"},"autoInjectContext":null} {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s"}}
proxy: | proxy: |
{"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true} {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true}
install: | install: |
@ -118,7 +118,7 @@ metadata:
linkerd.io/created-by: linkerd/cli edge-19.4.1 linkerd.io/created-by: linkerd/cli edge-19.4.1
data: data:
global: | global: |
{"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":null,"autoInjectContext":null} {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":null}
proxy: | proxy: |
{"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true} {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true}
install: | install: |
@ -127,7 +127,6 @@ data:
} }
options := testUpgradeOptions() options := testUpgradeOptions()
options.proxyAutoInject = true
flags := options.recordableFlagSet() flags := options.recordableFlagSet()
clientset, _, err := k8s.NewFakeClientSets(k8sConfigs...) clientset, _, err := k8s.NewFakeClientSets(k8sConfigs...)
@ -151,9 +150,6 @@ data:
if configs.GetGlobal().GetIdentityContext().GetTrustAnchorsPem() == "" { if configs.GetGlobal().GetIdentityContext().GetTrustAnchorsPem() == "" {
t.Errorf("identity config not generated") t.Errorf("identity config not generated")
} }
if configs.GetGlobal().GetAutoInjectContext() == nil {
t.Errorf("autoinject config not generated")
}
global := pb.Global{} global := pb.Global{}
if err := json.Unmarshal([]byte(values.Configs.Global), &global); err != nil { if err := json.Unmarshal([]byte(values.Configs.Global), &global); err != nil {
@ -162,9 +158,6 @@ data:
if configs.GetGlobal().GetIdentityContext().GetTrustAnchorsPem() == "" { if configs.GetGlobal().GetIdentityContext().GetTrustAnchorsPem() == "" {
t.Errorf("identity config not serialized") t.Errorf("identity config not serialized")
} }
if configs.GetGlobal().GetAutoInjectContext() == nil {
t.Errorf("autoinject config not serialized")
}
} }
func TestFetchConfigs(t *testing.T) { func TestFetchConfigs(t *testing.T) {
@ -188,7 +181,7 @@ metadata:
namespace: linkerd namespace: linkerd
data: data:
global: | global: |
{"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s"},"autoInjectContext":null} {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s"}}
proxy: | proxy: |
{"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version"} {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version"}
install: | install: |

155
controller/gen/config/config.pb.go generated
View File

@ -32,7 +32,7 @@ func (m *All) Reset() { *m = All{} }
func (m *All) String() string { return proto.CompactTextString(m) } func (m *All) String() string { return proto.CompactTextString(m) }
func (*All) ProtoMessage() {} func (*All) ProtoMessage() {}
func (*All) Descriptor() ([]byte, []int) { func (*All) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{0} return fileDescriptor_config_42b83b762b43f0a0, []int{0}
} }
func (m *All) XXX_Unmarshal(b []byte) error { func (m *All) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_All.Unmarshal(m, b) return xxx_messageInfo_All.Unmarshal(m, b)
@ -79,10 +79,8 @@ type Global struct {
// Control plane and proxy-init version // Control plane and proxy-init version
Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"` Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
// If present, configures identity. // If present, configures identity.
IdentityContext *IdentityContext `protobuf:"bytes,4,opt,name=identity_context,json=identityContext,proto3" json:"identity_context,omitempty"` IdentityContext *IdentityContext `protobuf:"bytes,4,opt,name=identity_context,json=identityContext,proto3" json:"identity_context,omitempty"`
// If present, indicates that the Mutating Webhook Admission Controller should AutoInjectContext *AutoInjectContext `protobuf:"bytes,6,opt,name=auto_inject_context,json=autoInjectContext,proto3" json:"auto_inject_context,omitempty"` // Deprecated: Do not use.
// be configured to automatically inject proxies.
AutoInjectContext *AutoInjectContext `protobuf:"bytes,6,opt,name=auto_inject_context,json=autoInjectContext,proto3" json:"auto_inject_context,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"` XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"` XXX_sizecache int32 `json:"-"`
@ -92,7 +90,7 @@ func (m *Global) Reset() { *m = Global{} }
func (m *Global) String() string { return proto.CompactTextString(m) } func (m *Global) String() string { return proto.CompactTextString(m) }
func (*Global) ProtoMessage() {} func (*Global) ProtoMessage() {}
func (*Global) Descriptor() ([]byte, []int) { func (*Global) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{1} return fileDescriptor_config_42b83b762b43f0a0, []int{1}
} }
func (m *Global) XXX_Unmarshal(b []byte) error { func (m *Global) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Global.Unmarshal(m, b) return xxx_messageInfo_Global.Unmarshal(m, b)
@ -140,6 +138,7 @@ func (m *Global) GetIdentityContext() *IdentityContext {
return nil return nil
} }
// Deprecated: Do not use.
func (m *Global) GetAutoInjectContext() *AutoInjectContext { func (m *Global) GetAutoInjectContext() *AutoInjectContext {
if m != nil { if m != nil {
return m.AutoInjectContext return m.AutoInjectContext
@ -170,7 +169,7 @@ func (m *Proxy) Reset() { *m = Proxy{} }
func (m *Proxy) String() string { return proto.CompactTextString(m) } func (m *Proxy) String() string { return proto.CompactTextString(m) }
func (*Proxy) ProtoMessage() {} func (*Proxy) ProtoMessage() {}
func (*Proxy) Descriptor() ([]byte, []int) { func (*Proxy) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{2} return fileDescriptor_config_42b83b762b43f0a0, []int{2}
} }
func (m *Proxy) XXX_Unmarshal(b []byte) error { func (m *Proxy) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Proxy.Unmarshal(m, b) return xxx_messageInfo_Proxy.Unmarshal(m, b)
@ -293,7 +292,7 @@ func (m *Image) Reset() { *m = Image{} }
func (m *Image) String() string { return proto.CompactTextString(m) } func (m *Image) String() string { return proto.CompactTextString(m) }
func (*Image) ProtoMessage() {} func (*Image) ProtoMessage() {}
func (*Image) Descriptor() ([]byte, []int) { func (*Image) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{3} return fileDescriptor_config_42b83b762b43f0a0, []int{3}
} }
func (m *Image) XXX_Unmarshal(b []byte) error { func (m *Image) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Image.Unmarshal(m, b) return xxx_messageInfo_Image.Unmarshal(m, b)
@ -338,7 +337,7 @@ func (m *Port) Reset() { *m = Port{} }
func (m *Port) String() string { return proto.CompactTextString(m) } func (m *Port) String() string { return proto.CompactTextString(m) }
func (*Port) ProtoMessage() {} func (*Port) ProtoMessage() {}
func (*Port) Descriptor() ([]byte, []int) { func (*Port) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{4} return fileDescriptor_config_42b83b762b43f0a0, []int{4}
} }
func (m *Port) XXX_Unmarshal(b []byte) error { func (m *Port) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Port.Unmarshal(m, b) return xxx_messageInfo_Port.Unmarshal(m, b)
@ -379,7 +378,7 @@ func (m *ResourceRequirements) Reset() { *m = ResourceRequirements{} }
func (m *ResourceRequirements) String() string { return proto.CompactTextString(m) } func (m *ResourceRequirements) String() string { return proto.CompactTextString(m) }
func (*ResourceRequirements) ProtoMessage() {} func (*ResourceRequirements) ProtoMessage() {}
func (*ResourceRequirements) Descriptor() ([]byte, []int) { func (*ResourceRequirements) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{5} return fileDescriptor_config_42b83b762b43f0a0, []int{5}
} }
func (m *ResourceRequirements) XXX_Unmarshal(b []byte) error { func (m *ResourceRequirements) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ResourceRequirements.Unmarshal(m, b) return xxx_messageInfo_ResourceRequirements.Unmarshal(m, b)
@ -427,7 +426,7 @@ func (m *ResourceRequirements) GetLimitMemory() string {
return "" return ""
} }
// Currently, this is basically a boolean. // Deprecated: Do not use.
type AutoInjectContext struct { type AutoInjectContext struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"` XXX_unrecognized []byte `json:"-"`
@ -438,7 +437,7 @@ func (m *AutoInjectContext) Reset() { *m = AutoInjectContext{} }
func (m *AutoInjectContext) String() string { return proto.CompactTextString(m) } func (m *AutoInjectContext) String() string { return proto.CompactTextString(m) }
func (*AutoInjectContext) ProtoMessage() {} func (*AutoInjectContext) ProtoMessage() {}
func (*AutoInjectContext) Descriptor() ([]byte, []int) { func (*AutoInjectContext) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{6} return fileDescriptor_config_42b83b762b43f0a0, []int{6}
} }
func (m *AutoInjectContext) XXX_Unmarshal(b []byte) error { func (m *AutoInjectContext) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_AutoInjectContext.Unmarshal(m, b) return xxx_messageInfo_AutoInjectContext.Unmarshal(m, b)
@ -472,7 +471,7 @@ func (m *IdentityContext) Reset() { *m = IdentityContext{} }
func (m *IdentityContext) String() string { return proto.CompactTextString(m) } func (m *IdentityContext) String() string { return proto.CompactTextString(m) }
func (*IdentityContext) ProtoMessage() {} func (*IdentityContext) ProtoMessage() {}
func (*IdentityContext) Descriptor() ([]byte, []int) { func (*IdentityContext) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{7} return fileDescriptor_config_42b83b762b43f0a0, []int{7}
} }
func (m *IdentityContext) XXX_Unmarshal(b []byte) error { func (m *IdentityContext) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_IdentityContext.Unmarshal(m, b) return xxx_messageInfo_IdentityContext.Unmarshal(m, b)
@ -531,7 +530,7 @@ func (m *LogLevel) Reset() { *m = LogLevel{} }
func (m *LogLevel) String() string { return proto.CompactTextString(m) } func (m *LogLevel) String() string { return proto.CompactTextString(m) }
func (*LogLevel) ProtoMessage() {} func (*LogLevel) ProtoMessage() {}
func (*LogLevel) Descriptor() ([]byte, []int) { func (*LogLevel) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{8} return fileDescriptor_config_42b83b762b43f0a0, []int{8}
} }
func (m *LogLevel) XXX_Unmarshal(b []byte) error { func (m *LogLevel) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_LogLevel.Unmarshal(m, b) return xxx_messageInfo_LogLevel.Unmarshal(m, b)
@ -578,7 +577,7 @@ func (m *Install) Reset() { *m = Install{} }
func (m *Install) String() string { return proto.CompactTextString(m) } func (m *Install) String() string { return proto.CompactTextString(m) }
func (*Install) ProtoMessage() {} func (*Install) ProtoMessage() {}
func (*Install) Descriptor() ([]byte, []int) { func (*Install) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{9} return fileDescriptor_config_42b83b762b43f0a0, []int{9}
} }
func (m *Install) XXX_Unmarshal(b []byte) error { func (m *Install) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Install.Unmarshal(m, b) return xxx_messageInfo_Install.Unmarshal(m, b)
@ -631,7 +630,7 @@ func (m *Install_Flag) Reset() { *m = Install_Flag{} }
func (m *Install_Flag) String() string { return proto.CompactTextString(m) } func (m *Install_Flag) String() string { return proto.CompactTextString(m) }
func (*Install_Flag) ProtoMessage() {} func (*Install_Flag) ProtoMessage() {}
func (*Install_Flag) Descriptor() ([]byte, []int) { func (*Install_Flag) Descriptor() ([]byte, []int) {
return fileDescriptor_config_1dc3723f04bb94b9, []int{9, 0} return fileDescriptor_config_42b83b762b43f0a0, []int{9, 0}
} }
func (m *Install_Flag) XXX_Unmarshal(b []byte) error { func (m *Install_Flag) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Install_Flag.Unmarshal(m, b) return xxx_messageInfo_Install_Flag.Unmarshal(m, b)
@ -679,67 +678,67 @@ func init() {
proto.RegisterType((*Install_Flag)(nil), "linkerd2.config.Install.Flag") proto.RegisterType((*Install_Flag)(nil), "linkerd2.config.Install.Flag")
} }
func init() { proto.RegisterFile("config/config.proto", fileDescriptor_config_1dc3723f04bb94b9) } func init() { proto.RegisterFile("config/config.proto", fileDescriptor_config_42b83b762b43f0a0) }
var fileDescriptor_config_1dc3723f04bb94b9 = []byte{ var fileDescriptor_config_42b83b762b43f0a0 = []byte{
// 929 bytes of a gzipped FileDescriptorProto // 938 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x55, 0xcf, 0x73, 0x1b, 0x35, 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x55, 0x5d, 0x6f, 0x23, 0x35,
0x14, 0x1e, 0xd7, 0x76, 0x62, 0x3f, 0xdb, 0x4d, 0xac, 0xa4, 0x74, 0x13, 0xa6, 0x60, 0x96, 0xe9, 0x14, 0x55, 0xbe, 0xda, 0xe4, 0x26, 0xd9, 0x36, 0x6e, 0x97, 0x4e, 0x8b, 0x16, 0xc2, 0xa0, 0x95,
0x4c, 0x07, 0x18, 0x1b, 0x12, 0x06, 0x3a, 0x3d, 0x61, 0xfa, 0x23, 0xe3, 0x69, 0x80, 0x8c, 0x18, 0x56, 0x80, 0x12, 0x68, 0x11, 0xac, 0xfa, 0x44, 0xf6, 0xab, 0x8a, 0xb6, 0x40, 0x65, 0xc4, 0x3e,
0x38, 0x70, 0xd9, 0x59, 0xef, 0xca, 0x5b, 0x11, 0xad, 0xe4, 0x6a, 0xa5, 0x24, 0xfd, 0x33, 0xb8, 0xf0, 0x32, 0x9a, 0xcc, 0x38, 0xb3, 0xa6, 0x1e, 0x3b, 0xeb, 0xf1, 0xb4, 0xdd, 0x1f, 0x82, 0xc4,
0x71, 0xe2, 0xc6, 0x9f, 0xc8, 0x9d, 0xd1, 0x93, 0x36, 0xa4, 0x59, 0xe2, 0xd3, 0x4a, 0xdf, 0xfb, 0x13, 0x6f, 0xfc, 0xc4, 0x7d, 0x47, 0xbe, 0xf6, 0x94, 0xb6, 0xb3, 0xcd, 0xd3, 0xd8, 0xe7, 0x9e,
0xbe, 0x4f, 0x6f, 0xa5, 0xa7, 0x27, 0xd8, 0xcb, 0x94, 0x5c, 0xf1, 0x62, 0xe6, 0x3f, 0xd3, 0xb5, 0x73, 0x7c, 0xc7, 0xbe, 0xbe, 0x86, 0x9d, 0x44, 0xc9, 0x25, 0xcf, 0xa6, 0xee, 0x33, 0x59, 0x69,
0x56, 0x46, 0x91, 0x1d, 0xc1, 0xe5, 0x39, 0xd3, 0xf9, 0xd1, 0xd4, 0xc3, 0x87, 0x1f, 0x15, 0x4a, 0x65, 0x14, 0xd9, 0x12, 0x5c, 0x9e, 0x33, 0x9d, 0x1e, 0x4e, 0x1c, 0x7c, 0xf0, 0x59, 0xa6, 0x54,
0x15, 0x82, 0xcd, 0x30, 0xbc, 0xb4, 0xab, 0x59, 0x6e, 0x75, 0x6a, 0xb8, 0x92, 0x5e, 0x10, 0xff, 0x26, 0xd8, 0x14, 0xc3, 0x8b, 0x72, 0x39, 0x4d, 0x4b, 0x1d, 0x1b, 0xae, 0xa4, 0x13, 0x84, 0x7f,
0xd9, 0x82, 0xf6, 0x5c, 0x08, 0x32, 0x83, 0xad, 0x42, 0xa8, 0x65, 0x2a, 0xa2, 0xd6, 0xa4, 0xf5, 0x37, 0xa0, 0x35, 0x13, 0x82, 0x4c, 0x61, 0x23, 0x13, 0x6a, 0x11, 0x8b, 0xa0, 0x31, 0x6e, 0x3c,
0x64, 0x70, 0xf4, 0x70, 0x7a, 0xcb, 0x69, 0x7a, 0x82, 0x61, 0x1a, 0x68, 0xe4, 0x0b, 0xe8, 0xae, 0xe9, 0x1f, 0xee, 0x4d, 0xee, 0x38, 0x4d, 0x4e, 0x30, 0x4c, 0x3d, 0x8d, 0x7c, 0x03, 0x9d, 0x95,
0xb5, 0xba, 0x7a, 0x17, 0xdd, 0x43, 0xfe, 0x07, 0x0d, 0xfe, 0x99, 0x8b, 0x52, 0x4f, 0x22, 0x47, 0x56, 0x57, 0xef, 0x83, 0x26, 0xf2, 0x3f, 0xa9, 0xf1, 0xcf, 0x6c, 0x94, 0x3a, 0x12, 0x39, 0x84,
0xb0, 0xcd, 0x65, 0x65, 0x52, 0x21, 0xa2, 0x36, 0xf2, 0xa3, 0x06, 0x7f, 0xe1, 0xe3, 0xb4, 0x26, 0x4d, 0x2e, 0x0b, 0x13, 0x0b, 0x11, 0xb4, 0x90, 0x1f, 0xd4, 0xf8, 0x73, 0x17, 0xa7, 0x15, 0x31,
0xc6, 0x7f, 0xdc, 0x83, 0x2d, 0xbf, 0x28, 0xf9, 0x1c, 0xc6, 0x81, 0x9e, 0xc8, 0xb4, 0x64, 0xd5, 0xfc, 0xab, 0x09, 0x1b, 0x6e, 0x51, 0xf2, 0x35, 0x8c, 0x3c, 0x3d, 0x92, 0x71, 0xce, 0x8a, 0x55,
0x3a, 0xcd, 0x18, 0x26, 0xda, 0xa7, 0xbb, 0x21, 0xf0, 0x63, 0x8d, 0x93, 0x8f, 0x61, 0x90, 0x49, 0x9c, 0x30, 0x4c, 0xb4, 0x47, 0xb7, 0x7d, 0xe0, 0x97, 0x0a, 0x27, 0x9f, 0x43, 0x3f, 0x91, 0x3c,
0x9e, 0x30, 0x99, 0x2e, 0x05, 0xcb, 0x31, 0xbf, 0x1e, 0x85, 0x4c, 0xf2, 0x97, 0x1e, 0x21, 0x11, 0x62, 0x32, 0x5e, 0x08, 0x96, 0x62, 0x7e, 0x5d, 0x0a, 0x89, 0xe4, 0x2f, 0x1d, 0x42, 0x02, 0xd8,
0x6c, 0x5f, 0x30, 0x5d, 0x71, 0x25, 0x31, 0x99, 0x3e, 0xad, 0xa7, 0xe4, 0x35, 0xec, 0xf2, 0x9c, 0xbc, 0x60, 0xba, 0xe0, 0x4a, 0x62, 0x32, 0x3d, 0x5a, 0x4d, 0xc9, 0x6b, 0xd8, 0xe6, 0x29, 0x93,
0x49, 0xc3, 0xcd, 0xbb, 0x24, 0x53, 0xd2, 0xb0, 0x2b, 0x13, 0x75, 0x30, 0xdf, 0x49, 0x33, 0xdf, 0x86, 0x9b, 0xf7, 0x51, 0xa2, 0xa4, 0x61, 0x57, 0x26, 0x68, 0x63, 0xbe, 0xe3, 0x7a, 0xbe, 0x9e,
0x40, 0x7c, 0xee, 0x79, 0x74, 0x87, 0xbf, 0x0f, 0x10, 0x0a, 0x7b, 0xa9, 0x35, 0x2a, 0xe1, 0xf2, 0xf8, 0xdc, 0xf1, 0xe8, 0x16, 0xbf, 0x0d, 0x90, 0x37, 0xb0, 0x13, 0x97, 0x46, 0x45, 0x5c, 0xfe,
0x77, 0x96, 0x99, 0x6b, 0xbf, 0x2d, 0xf4, 0x8b, 0x1b, 0x7e, 0x73, 0x6b, 0xd4, 0x02, 0xa9, 0xb5, 0xc9, 0x12, 0x73, 0xed, 0xb7, 0x81, 0x7e, 0x61, 0xcd, 0x6f, 0x56, 0x1a, 0x35, 0x47, 0xaa, 0x37,
0xe3, 0x38, 0xbd, 0x0d, 0xc5, 0xff, 0x74, 0xa1, 0x8b, 0x1b, 0x4b, 0xbe, 0x85, 0x01, 0x6e, 0x6d, 0x78, 0xd6, 0x0c, 0x1a, 0x74, 0x14, 0xdf, 0x85, 0xc3, 0x0f, 0x1d, 0xe8, 0xe0, 0xe6, 0x92, 0x1f,
0xc2, 0xcb, 0xb4, 0x60, 0xe1, 0xd4, 0x9a, 0xa7, 0xb0, 0x70, 0x51, 0x0a, 0x48, 0xc5, 0x31, 0xf9, 0xa1, 0x8f, 0xdb, 0x1b, 0xf1, 0x3c, 0xce, 0x98, 0x3f, 0xb9, 0xfa, 0x49, 0xcc, 0x6d, 0x94, 0x02,
0x0e, 0x76, 0x83, 0x50, 0x72, 0x13, 0xd4, 0xf7, 0x36, 0xaa, 0xef, 0x7b, 0xb5, 0xe4, 0xc6, 0x3b, 0x52, 0x71, 0x4c, 0x7e, 0x82, 0x6d, 0x2f, 0x94, 0xdc, 0x78, 0x75, 0x73, 0xad, 0xfa, 0x81, 0x53,
0x3c, 0x85, 0xa1, 0xfb, 0x19, 0xad, 0x44, 0xb2, 0x56, 0xda, 0x84, 0x13, 0x7d, 0xd0, 0xac, 0x00, 0x4b, 0x6e, 0x9c, 0xc3, 0x53, 0x18, 0xd8, 0x1f, 0xd2, 0x4a, 0x44, 0x2b, 0xa5, 0x8d, 0x3f, 0xd5,
0xa5, 0x0d, 0x1d, 0x04, 0xaa, 0x9b, 0x90, 0x13, 0xd8, 0xe7, 0x85, 0x54, 0x9a, 0x25, 0x5c, 0x2e, 0x87, 0xf5, 0x2a, 0x50, 0xda, 0xd0, 0xbe, 0xa7, 0xda, 0x09, 0x39, 0x81, 0x5d, 0x9e, 0x49, 0xa5,
0x95, 0x95, 0x39, 0x1a, 0x54, 0x51, 0x67, 0xd2, 0xbe, 0xdb, 0x81, 0x78, 0xc9, 0xc2, 0x2b, 0x1c, 0x59, 0xc4, 0xe5, 0x42, 0x95, 0x32, 0x45, 0x83, 0x22, 0x68, 0x8f, 0x5b, 0xf7, 0x3b, 0x10, 0x27,
0x54, 0x91, 0x05, 0x3c, 0x08, 0x46, 0xca, 0x9a, 0x9b, 0x4e, 0xdd, 0x4d, 0x4e, 0x7b, 0x5e, 0xf3, 0x99, 0x3b, 0x85, 0x85, 0x0a, 0x32, 0x87, 0x87, 0xde, 0x48, 0x95, 0xe6, 0xa6, 0x53, 0x67, 0x9d,
0x53, 0x90, 0x78, 0xab, 0xa7, 0x30, 0xbc, 0x99, 0x4c, 0x38, 0x9f, 0xbb, 0xfe, 0x86, 0xff, 0x97, 0xd3, 0x8e, 0xd3, 0xfc, 0xea, 0x25, 0xce, 0xea, 0x29, 0x0c, 0x6e, 0x26, 0xe3, 0xcf, 0xe8, 0xbe,
0x05, 0xf9, 0x1a, 0x20, 0xcd, 0x4b, 0x2e, 0xbd, 0x6e, 0x7b, 0x93, 0xae, 0x8f, 0x44, 0x54, 0x3d, 0xbf, 0xe1, 0xff, 0x67, 0x41, 0xbe, 0x07, 0x88, 0xd3, 0x9c, 0x4b, 0xa7, 0xdb, 0x5c, 0xa7, 0xeb,
0x83, 0xd1, 0x7b, 0x39, 0x47, 0xbd, 0x4d, 0xc2, 0xa1, 0xba, 0x91, 0x2c, 0x99, 0x43, 0x4f, 0xb3, 0x21, 0x11, 0x55, 0xc7, 0x30, 0xbc, 0x95, 0x73, 0xd0, 0x5d, 0x27, 0x1c, 0xa8, 0x1b, 0xc9, 0x92,
0x4a, 0x59, 0x9d, 0xb1, 0xa8, 0x8f, 0xb2, 0xc7, 0x0d, 0x19, 0x0d, 0x04, 0xca, 0xde, 0x5a, 0xae, 0x19, 0x74, 0x35, 0x2b, 0x54, 0xa9, 0x13, 0x16, 0xf4, 0x50, 0xf6, 0xb8, 0x26, 0xa3, 0x9e, 0x40,
0x59, 0xc9, 0xa4, 0xa9, 0xe8, 0xb5, 0x8c, 0x7c, 0x08, 0x7d, 0x7f, 0xfc, 0x96, 0xe7, 0x11, 0x4c, 0xd9, 0xbb, 0x92, 0x6b, 0x96, 0x33, 0x69, 0x0a, 0x7a, 0x2d, 0x23, 0x9f, 0x42, 0xcf, 0x1d, 0x7f,
0x5a, 0x4f, 0xda, 0xb4, 0x87, 0xc0, 0x2f, 0x3c, 0x27, 0xdf, 0x40, 0x5f, 0xa8, 0x22, 0x11, 0xec, 0xc9, 0xd3, 0x00, 0xc6, 0x8d, 0x27, 0x2d, 0xda, 0x45, 0xe0, 0x77, 0x9e, 0x92, 0x1f, 0xa0, 0x27,
0x82, 0x89, 0x68, 0x80, 0x0b, 0x1c, 0x34, 0x16, 0x38, 0x55, 0xc5, 0xa9, 0x23, 0xd0, 0x9e, 0x08, 0x54, 0x16, 0x09, 0x76, 0xc1, 0x44, 0xd0, 0xc7, 0x05, 0xf6, 0x6b, 0x0b, 0x9c, 0xaa, 0xec, 0xd4,
0x23, 0xf2, 0x0c, 0x0e, 0x72, 0x5e, 0xb9, 0xdb, 0x95, 0xb0, 0x2b, 0xc3, 0xb4, 0x4c, 0x45, 0xb2, 0x12, 0x68, 0x57, 0xf8, 0x11, 0x39, 0x86, 0xfd, 0x94, 0x17, 0xf6, 0x86, 0x45, 0xec, 0xca, 0x30,
0xd6, 0x6a, 0xc5, 0x05, 0xab, 0xa2, 0x21, 0x5e, 0xc0, 0x87, 0x81, 0xf0, 0x32, 0xc4, 0xcf, 0x42, 0x2d, 0x63, 0x11, 0xad, 0xb4, 0x5a, 0x72, 0xc1, 0x8a, 0x60, 0x80, 0x97, 0x70, 0xcf, 0x13, 0x5e,
0x98, 0x7c, 0x0a, 0x23, 0x9f, 0x50, 0x7d, 0x27, 0x47, 0x78, 0x27, 0x87, 0x08, 0xfe, 0xea, 0xb1, 0xfa, 0xf8, 0x99, 0x0f, 0x93, 0x2f, 0x61, 0xe8, 0x12, 0xaa, 0xee, 0xe5, 0x10, 0xef, 0xe5, 0x00,
0xf8, 0x04, 0xba, 0xbe, 0xf6, 0x1e, 0x01, 0x60, 0xc9, 0x62, 0x1f, 0x08, 0x2d, 0xa0, 0x8f, 0x88, 0xc1, 0x37, 0x0e, 0x0b, 0x4f, 0xa0, 0xe3, 0x6a, 0xef, 0x11, 0x00, 0x96, 0x2c, 0xf6, 0x02, 0xdf,
0x6b, 0x00, 0xee, 0xee, 0xaf, 0xad, 0x70, 0x75, 0x29, 0x78, 0xe6, 0x7b, 0x53, 0x9f, 0x82, 0x83, 0x06, 0x7a, 0x88, 0xd8, 0x26, 0x60, 0xef, 0xff, 0xaa, 0x14, 0xb6, 0x2e, 0x05, 0x4f, 0x5c, 0x7f,
0xce, 0x10, 0x89, 0x0f, 0xa1, 0x83, 0x3b, 0x49, 0xa0, 0x83, 0x9b, 0xef, 0x1c, 0x46, 0x14, 0xc7, 0xea, 0x51, 0xb0, 0xd0, 0x19, 0x22, 0xe1, 0x01, 0xb4, 0x71, 0x27, 0x09, 0xb4, 0x71, 0xf3, 0xad,
0xf1, 0x5f, 0x2d, 0xd8, 0xff, 0xbf, 0xdd, 0x73, 0xae, 0x9a, 0xbd, 0xb5, 0xac, 0x32, 0x49, 0xb6, 0xc3, 0x90, 0xe2, 0x38, 0xfc, 0xa7, 0x01, 0xbb, 0x1f, 0xdb, 0x3d, 0xeb, 0xaa, 0xd9, 0xbb, 0x92,
0xb6, 0x61, 0x55, 0x08, 0xd0, 0xf3, 0xb5, 0x25, 0x8f, 0xe1, 0x7e, 0x4d, 0x28, 0x59, 0xa9, 0x74, 0x15, 0x26, 0x4a, 0x56, 0xa5, 0x5f, 0x15, 0x3c, 0xf4, 0x7c, 0x55, 0x92, 0xc7, 0xf0, 0xa0, 0x22,
0xbd, 0xf2, 0x28, 0xa0, 0x3f, 0x20, 0xe8, 0xf6, 0x5e, 0xf0, 0x92, 0x7b, 0x17, 0xdf, 0x7a, 0x7a, 0xe4, 0x2c, 0x57, 0xba, 0x5a, 0x79, 0xe8, 0xd1, 0x9f, 0x11, 0xb4, 0x7b, 0x2f, 0x78, 0xce, 0x9d,
0x08, 0x38, 0x8f, 0x4f, 0x60, 0xe8, 0x83, 0xc1, 0xa1, 0x83, 0xf1, 0x01, 0x62, 0x5e, 0x1f, 0xef, 0x8b, 0x6b, 0x3f, 0x5d, 0x04, 0xac, 0xc7, 0x17, 0x30, 0x70, 0x41, 0xef, 0xd0, 0xc6, 0x78, 0x1f,
0xc1, 0x78, 0xde, 0x6c, 0x09, 0x2d, 0xd8, 0xb9, 0xd5, 0x8b, 0x9c, 0x97, 0xd1, 0xb6, 0x32, 0x49, 0x31, 0xa7, 0x0f, 0xf7, 0x60, 0x54, 0xeb, 0x14, 0xc7, 0xcd, 0xa0, 0x11, 0x7e, 0x68, 0xc0, 0xd6,
0xae, 0xca, 0x94, 0xcb, 0x90, 0xf1, 0x00, 0xb1, 0x17, 0x08, 0x91, 0xcf, 0x60, 0xec, 0x29, 0xa9, 0x9d, 0x9e, 0x64, 0xfd, 0x8c, 0x2e, 0x0b, 0x13, 0xa5, 0x2a, 0x8f, 0xb9, 0xf4, 0x59, 0xf7, 0x11,
0xcc, 0xde, 0x28, 0x5d, 0x25, 0x6b, 0x56, 0x86, 0xac, 0x77, 0x30, 0x30, 0xf7, 0xf8, 0x19, 0x2b, 0x7b, 0x81, 0x10, 0xf9, 0x0a, 0x46, 0x8e, 0x12, 0xcb, 0xe4, 0xad, 0xd2, 0x45, 0xb4, 0x62, 0xb9,
0xc9, 0x2b, 0x18, 0xf3, 0xaa, 0xb2, 0xa9, 0xcc, 0x58, 0x22, 0xf8, 0x8a, 0x19, 0x5e, 0xb2, 0x70, 0xcf, 0x7c, 0x0b, 0x03, 0x33, 0x87, 0x9f, 0xb1, 0x9c, 0xbc, 0x82, 0x11, 0x2f, 0x8a, 0x32, 0x96,
0xeb, 0x0f, 0xa6, 0xfe, 0x81, 0x99, 0xd6, 0x0f, 0xcc, 0xf4, 0x45, 0x78, 0x60, 0xe8, 0x6e, 0xad, 0x09, 0x8b, 0x04, 0x5f, 0x32, 0xc3, 0x73, 0xe6, 0x6f, 0xfe, 0xfe, 0xc4, 0x3d, 0x34, 0x93, 0xea,
0x39, 0x0d, 0x12, 0xf2, 0x1a, 0xf6, 0x33, 0xa1, 0xb2, 0xf3, 0xa4, 0x3a, 0x67, 0x97, 0x49, 0x2a, 0xa1, 0x99, 0xbc, 0xf0, 0x0f, 0x0d, 0xdd, 0xae, 0x34, 0xa7, 0x5e, 0x42, 0x5e, 0xc3, 0x6e, 0x22,
0x84, 0xba, 0x74, 0xf1, 0xd0, 0x62, 0x37, 0x58, 0x11, 0x94, 0xfd, 0x7c, 0xce, 0x2e, 0xe7, 0xb5, 0x54, 0x72, 0x1e, 0x15, 0xe7, 0xec, 0x32, 0x8a, 0x85, 0x50, 0x97, 0x36, 0xee, 0x5b, 0xed, 0x1a,
0x28, 0x9e, 0x40, 0xaf, 0xae, 0x44, 0xb2, 0x0f, 0x5d, 0x5f, 0xb3, 0xfe, 0x47, 0xfd, 0x24, 0xfe, 0x2b, 0x82, 0xb2, 0xdf, 0xce, 0xd9, 0xe5, 0xac, 0x12, 0x85, 0x63, 0xe8, 0x56, 0xd5, 0x48, 0x76,
0xbb, 0x05, 0xdb, 0xe1, 0x55, 0x71, 0xe7, 0x6d, 0x5d, 0xc5, 0x7b, 0x02, 0x8e, 0xf1, 0xa1, 0x10, 0xa1, 0xe3, 0xea, 0xd6, 0xfd, 0xa8, 0x9b, 0x84, 0xff, 0x36, 0x60, 0xd3, 0xbf, 0x2e, 0xf6, 0xcc,
0xfc, 0xba, 0xee, 0x42, 0xb1, 0x64, 0x82, 0x87, 0xaa, 0x23, 0xc7, 0xd0, 0x5d, 0x89, 0xb4, 0xa8, 0x4b, 0x5b, 0xf5, 0x8e, 0x80, 0x63, 0x7c, 0x30, 0x04, 0xbf, 0xae, 0x3d, 0x5f, 0x30, 0x89, 0xe0,
0xa2, 0x36, 0x76, 0x95, 0x47, 0x77, 0xbd, 0x59, 0xd3, 0x57, 0x22, 0x2d, 0xa8, 0xe7, 0x1e, 0x7e, 0xbe, 0xf2, 0xc8, 0x11, 0x74, 0x96, 0x22, 0xce, 0x8a, 0xa0, 0x85, 0x9d, 0xe5, 0xd1, 0x7d, 0x6f,
0x09, 0x1d, 0x37, 0x75, 0x2b, 0xde, 0xa8, 0x51, 0x1c, 0xbb, 0x3c, 0x2f, 0x52, 0x61, 0x59, 0x58, 0xd7, 0xe4, 0x95, 0x88, 0x33, 0xea, 0xb8, 0x07, 0xdf, 0x42, 0xdb, 0x4e, 0xed, 0x8a, 0x37, 0xea,
0xcb, 0x4f, 0xbe, 0x3f, 0xfe, 0xed, 0xab, 0x82, 0x9b, 0x37, 0x76, 0x39, 0xcd, 0x54, 0x39, 0x0b, 0x14, 0xc7, 0x36, 0xcf, 0x8b, 0x58, 0x94, 0xcc, 0xaf, 0xe5, 0x26, 0xcf, 0x8e, 0xfe, 0xf8, 0x2e,
0x6b, 0xd4, 0xdf, 0xa3, 0x59, 0x68, 0xa0, 0x82, 0xe9, 0x59, 0xc1, 0x64, 0x78, 0xef, 0x97, 0x5b, 0xe3, 0xe6, 0x6d, 0xb9, 0x98, 0x24, 0x2a, 0x9f, 0xfa, 0x35, 0xaa, 0xef, 0xe1, 0xd4, 0x37, 0x51,
0xb8, 0x4b, 0xc7, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0xa2, 0x59, 0xbd, 0x38, 0x07, 0x08, 0x00, 0xc1, 0xf4, 0x34, 0x63, 0xd2, 0xbf, 0xfb, 0x8b, 0x0d, 0xdc, 0xa5, 0xa3, 0xff, 0x02, 0x00, 0x00,
0x00, 0xff, 0xff, 0xd2, 0x4a, 0xdf, 0x3e, 0x0f, 0x08, 0x00, 0x00,
} }

7
proto/config/config.proto
View File

@ -22,9 +22,7 @@ message Global {
// If present, configures identity. // If present, configures identity.
IdentityContext identity_context = 4; IdentityContext identity_context = 4;
// If present, indicates that the Mutating Webhook Admission Controller should AutoInjectContext auto_inject_context = 6 [deprecated=true];
// be configured to automatically inject proxies.
AutoInjectContext auto_inject_context = 6;
} }
message Proxy { message Proxy {
@ -63,8 +61,7 @@ message ResourceRequirements {
string limit_memory = 4; string limit_memory = 4;
} }
// Currently, this is basically a boolean. message AutoInjectContext { option deprecated = true; }
message AutoInjectContext {}
message IdentityContext { message IdentityContext {
string trust_domain = 1; string trust_domain = 1;

13
test/get/get_test.go
View File

@ -33,12 +33,13 @@ var (
} }
linkerdPods = map[string]int{ linkerdPods = map[string]int{
"linkerd-controller": 1, "linkerd-controller": 1,
"linkerd-grafana": 1, "linkerd-grafana": 1,
"linkerd-identity": 1, "linkerd-identity": 1,
"linkerd-prometheus": 1, "linkerd-prometheus": 1,
"linkerd-sp-validator": 1, "linkerd-proxy-injector": 1,
"linkerd-web": 1, "linkerd-sp-validator": 1,
"linkerd-web": 1,
} }
) )

2
test/inject/inject_test.go
View File

@ -87,8 +87,6 @@ func TestInjectParams(t *testing.T) {
} }
} }
// TestAnnotationPermutations assumes a control-plane installed with
// `--proxy-auto-inject` was installed via `install_test.go`.
func TestAnnotationPermutations(t *testing.T) { func TestAnnotationPermutations(t *testing.T) {
injectYAML, err := testutil.ReadFile("testdata/inject_test.yaml") injectYAML, err := testutil.ReadFile("testdata/inject_test.yaml")
if err != nil { if err != nil {

51
test/install_test.go
View File

@ -40,12 +40,13 @@ var (
} }
linkerdDeployReplicas = map[string]deploySpec{ linkerdDeployReplicas = map[string]deploySpec{
"linkerd-controller": {1, []string{"destination", "public-api", "tap"}}, "linkerd-controller": {1, []string{"destination", "public-api", "tap"}},
"linkerd-grafana": {1, []string{}}, "linkerd-grafana": {1, []string{}},
"linkerd-identity": {1, []string{"identity"}}, "linkerd-identity": {1, []string{"identity"}},
"linkerd-prometheus": {1, []string{}}, "linkerd-prometheus": {1, []string{}},
"linkerd-sp-validator": {1, []string{"sp-validator"}}, "linkerd-sp-validator": {1, []string{"sp-validator"}},
"linkerd-web": {1, []string{"web"}}, "linkerd-web": {1, []string{"web"}},
"linkerd-proxy-injector": {1, []string{"proxy-injector"}},
} }
// Linkerd commonly logs these errors during testing, remove these once // Linkerd commonly logs these errors during testing, remove these once
@ -125,11 +126,6 @@ func TestInstallOrUpgrade(t *testing.T) {
cmd = "upgrade" cmd = "upgrade"
} }
if TestHelper.AutoInject() {
args = append(args, "--proxy-auto-inject")
linkerdDeployReplicas["linkerd-proxy-injector"] = deploySpec{1, []string{"proxy-injector"}}
}
exec := append([]string{cmd}, args...) exec := append([]string{cmd}, args...)
out, _, err := TestHelper.LinkerdRun(exec...) out, _, err := TestHelper.LinkerdRun(exec...)
if err != nil { if err != nil {
@ -268,30 +264,15 @@ func TestInject(t *testing.T) {
prefixedNs := TestHelper.GetTestNamespace("smoke-test") prefixedNs := TestHelper.GetTestNamespace("smoke-test")
if TestHelper.AutoInject() { out, err = testutil.ReadFile("testdata/smoke_test.yaml")
out, err = testutil.ReadFile("testdata/smoke_test.yaml") if err != nil {
if err != nil { t.Fatalf("failed to read smoke test file: %s", err)
t.Fatalf("failed to read smoke test file: %s", err) }
} err = TestHelper.CreateNamespaceIfNotExists(prefixedNs, map[string]string{
err = TestHelper.CreateNamespaceIfNotExists(prefixedNs, map[string]string{ k8s.ProxyInjectAnnotation: k8s.ProxyInjectEnabled,
k8s.ProxyInjectAnnotation: k8s.ProxyInjectEnabled, })
}) if err != nil {
if err != nil { t.Fatalf("failed to create %s namespace: %s", prefixedNs, err)
t.Fatalf("failed to create %s namespace with auto inject enabled: %s", prefixedNs, err)
}
} else {
cmd := []string{"inject", "--manual", "testdata/smoke_test.yaml"}
var injectReport string
out, injectReport, err = TestHelper.LinkerdRun(cmd...)
if err != nil {
t.Fatalf("linkerd inject command failed: %s\n%s", err, out)
}
err = TestHelper.ValidateOutput(injectReport, "inject.report.golden")
if err != nil {
t.Fatalf("Received unexpected output\n%s", err.Error())
}
} }
out, err = TestHelper.KubectlApply(out, prefixedNs) out, err = TestHelper.KubectlApply(out, prefixedNs)

15
test/stat/stat_test.go
View File

@ -72,12 +72,13 @@ func TestCliStatForLinkerdNamespace(t *testing.T) {
{ {
args: []string{"stat", "deploy", "-n", TestHelper.GetLinkerdNamespace()}, args: []string{"stat", "deploy", "-n", TestHelper.GetLinkerdNamespace()},
expectedRows: map[string]string{ expectedRows: map[string]string{
"linkerd-controller": "1/1", "linkerd-controller": "1/1",
"linkerd-grafana": "1/1", "linkerd-grafana": "1/1",
"linkerd-identity": "1/1", "linkerd-identity": "1/1",
"linkerd-prometheus": "1/1", "linkerd-prometheus": "1/1",
"linkerd-sp-validator": "1/1", "linkerd-proxy-injector": "1/1",
"linkerd-web": "1/1", "linkerd-sp-validator": "1/1",
"linkerd-web": "1/1",
}, },
}, },
{ {
@ -107,7 +108,7 @@ func TestCliStatForLinkerdNamespace(t *testing.T) {
{ {
args: []string{"stat", "ns", TestHelper.GetLinkerdNamespace()}, args: []string{"stat", "ns", TestHelper.GetLinkerdNamespace()},
expectedRows: map[string]string{ expectedRows: map[string]string{
TestHelper.GetLinkerdNamespace(): "6/6", TestHelper.GetLinkerdNamespace(): "7/7",
}, },
}, },
{ {

6
test/testdata/inject.report.golden vendored
View File

@ -1,6 +0,0 @@
deployment "smoke-test-terminus" injected
service "smoke-test-terminus-svc" skipped
deployment "smoke-test-gateway" injected
service "smoke-test-gateway-svc" skipped

9
testutil/test_helper.go
View File

@ -20,7 +20,6 @@ type TestHelper struct {
linkerd string linkerd string
version string version string
namespace string namespace string
autoInject bool
upgradeFromVersion string upgradeFromVersion string
httpClient http.Client httpClient http.Client
KubernetesHelper KubernetesHelper
@ -37,7 +36,6 @@ func NewTestHelper() *TestHelper {
k8sContext := flag.String("k8s-context", "", "kubernetes context associated with the test cluster") k8sContext := flag.String("k8s-context", "", "kubernetes context associated with the test cluster")
linkerd := flag.String("linkerd", "", "path to the linkerd binary to test") linkerd := flag.String("linkerd", "", "path to the linkerd binary to test")
namespace := flag.String("linkerd-namespace", "l5d-integration", "the namespace where linkerd is installed") namespace := flag.String("linkerd-namespace", "l5d-integration", "the namespace where linkerd is installed")
autoInject := flag.Bool("proxy-auto-inject", false, "enable proxy sidecar auto-injection in tests")
upgradeFromVersion := flag.String("upgrade-from-version", "", "when specified, the upgrade test uses it as the base version of the upgrade") upgradeFromVersion := flag.String("upgrade-from-version", "", "when specified, the upgrade test uses it as the base version of the upgrade")
runTests := flag.Bool("integration-tests", false, "must be provided to run the integration tests") runTests := flag.Bool("integration-tests", false, "must be provided to run the integration tests")
verbose := flag.Bool("verbose", false, "turn on debug logging") verbose := flag.Bool("verbose", false, "turn on debug logging")
@ -69,7 +67,6 @@ func NewTestHelper() *TestHelper {
testHelper := &TestHelper{ testHelper := &TestHelper{
linkerd: *linkerd, linkerd: *linkerd,
namespace: *namespace, namespace: *namespace,
autoInject: *autoInject,
upgradeFromVersion: *upgradeFromVersion, upgradeFromVersion: *upgradeFromVersion,
} }
@ -111,12 +108,6 @@ func (h *TestHelper) GetTestNamespace(testName string) string {
return h.namespace + "-" + testName return h.namespace + "-" + testName
} }
// AutoInject returns whether or not Proxy Auto Inject is enabled for the given
// test.
func (h *TestHelper) AutoInject() bool {
return h.autoInject
}
// UpgradeFromVersion returns the base version of the upgrade test. // UpgradeFromVersion returns the base version of the upgrade test.
func (h *TestHelper) UpgradeFromVersion() string { func (h *TestHelper) UpgradeFromVersion() string {
return h.upgradeFromVersion return h.upgradeFromVersion