diff --git a/Cargo.lock b/Cargo.lock index 64471137b..ec31c5562 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1219,6 +1219,8 @@ dependencies = [ "linkerd2-proxy-api", "maplit", "prost-types", + "serde", + "serde_json", "tokio", "tonic", "tracing", diff --git a/charts/partials/templates/_proxy.tpl b/charts/partials/templates/_proxy.tpl index 7bb187d5e..098d34a12 100644 --- a/charts/partials/templates/_proxy.tpl +++ b/charts/partials/templates/_proxy.tpl @@ -39,7 +39,8 @@ env: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: {{ternary "localhost.:8090" (printf "linkerd-policy.%s.svc.%s.:8090" .Release.Namespace .Values.clusterDomain) (eq (toString .Values.proxy.component) "linkerd-destination")}} - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: {{.Values.proxy.defaultInboundPolicy}} - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml index f54302b0c..9bc0046a5 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml @@ -43,7 +43,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml index c29b1c15c..07082ef7c 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml @@ -43,7 +43,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -263,7 +264,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml index 64f843149..6189f2c7c 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml @@ -43,7 +43,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_contour.golden.yml b/cli/cmd/testdata/inject_contour.golden.yml index f0fbe708a..feb5bf0a3 100644 --- a/cli/cmd/testdata/inject_contour.golden.yml +++ b/cli/cmd/testdata/inject_contour.golden.yml @@ -51,7 +51,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml index 066d61ef5..14fb09d5b 100644 --- a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml @@ -45,7 +45,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -276,7 +277,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -507,7 +509,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -738,7 +741,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml index a5e12f618..5514fd7bd 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml @@ -45,7 +45,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml index 7fa9baab5..f182758d3 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml @@ -46,7 +46,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml index 6cda7e096..68284055b 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml @@ -46,7 +46,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml index af2980a20..96453c487 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml @@ -45,7 +45,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml index bd541fcbb..906a3eb15 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml @@ -55,7 +55,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml index 31af59bc8..b0fe70665 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml @@ -45,7 +45,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -276,7 +277,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml index a03614bc1..eff5e403e 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml @@ -46,7 +46,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml index d9da3231f..18f012f50 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml @@ -45,7 +45,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml index 296d130fc..b16d3ffb6 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml @@ -45,7 +45,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml index a02eb5b1c..9e048e52c 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml @@ -98,7 +98,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml index fff2448b4..f57c352cd 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml @@ -45,7 +45,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml index 6f005e6a2..ab78b5565 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml @@ -46,7 +46,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml index 86912d6ca..c7c3f9b83 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml @@ -46,7 +46,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml index 76890e12d..f1ef01956 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml @@ -47,7 +47,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml index fe22f4319..4ec14b28f 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml @@ -45,7 +45,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_list.golden.yml b/cli/cmd/testdata/inject_emojivoto_list.golden.yml index f9e54ec38..eab9da1e4 100644 --- a/cli/cmd/testdata/inject_emojivoto_list.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list.golden.yml @@ -47,7 +47,8 @@ items: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -277,7 +278,8 @@ items: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml index 72fcf66e2..ce1e32e04 100644 --- a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml @@ -47,7 +47,8 @@ items: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -277,7 +278,8 @@ items: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml index 93c5c0211..25420d601 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml @@ -37,7 +37,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml index ff85a2a5e..91ad3e7d8 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml @@ -38,7 +38,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml index 7ce5d234f..c3dc4db68 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml @@ -39,7 +39,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml index 745c45dc4..819799c3c 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml @@ -41,7 +41,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml index f2f51c98b..93cdaf438 100644 --- a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml @@ -46,7 +46,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml index bc660d7ad..da2d9cd12 100644 --- a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml +++ b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml @@ -41,7 +41,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -274,7 +275,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml index 05fb2b80d..e6d0966c7 100644 --- a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml @@ -62,7 +62,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: $(_pod_ns):$(_pod_name) + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index 17354f7e5..5c58c6a22 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -861,7 +861,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -938,7 +938,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1245,7 +1246,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1271,7 +1272,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1678,7 +1680,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1704,7 +1706,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_custom_domain.golden b/cli/cmd/testdata/install_custom_domain.golden index e872b5a48..01096f0c3 100644 --- a/cli/cmd/testdata/install_custom_domain.golden +++ b/cli/cmd/testdata/install_custom_domain.golden @@ -861,7 +861,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -937,7 +937,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1244,7 +1245,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1270,7 +1271,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1676,7 +1678,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1702,7 +1704,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index 089e06bed..be2a34800 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -861,7 +861,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -937,7 +937,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1244,7 +1245,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1270,7 +1271,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1676,7 +1678,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1702,7 +1704,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index e872b5a48..01096f0c3 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -861,7 +861,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -937,7 +937,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1244,7 +1245,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1270,7 +1271,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1676,7 +1678,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1702,7 +1704,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_default_override_dst_get_nets.golden b/cli/cmd/testdata/install_default_override_dst_get_nets.golden index c86044d96..64a99407b 100644 --- a/cli/cmd/testdata/install_default_override_dst_get_nets.golden +++ b/cli/cmd/testdata/install_default_override_dst_get_nets.golden @@ -861,7 +861,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -937,7 +937,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1244,7 +1245,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1270,7 +1271,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1676,7 +1678,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1702,7 +1704,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_default_token.golden b/cli/cmd/testdata/install_default_token.golden index 5d0350cdd..dd73e0c20 100644 --- a/cli/cmd/testdata/install_default_token.golden +++ b/cli/cmd/testdata/install_default_token.golden @@ -861,7 +861,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -937,7 +937,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1235,7 +1236,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1261,7 +1262,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1658,7 +1660,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1684,7 +1686,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index f2a821151..6226c4124 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -1014,7 +1014,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1387,7 +1388,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1855,7 +1857,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 1febd663b..a7c633867 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -1014,7 +1014,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1387,7 +1388,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1855,7 +1857,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index 7662b6a56..e17f5634f 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -792,7 +792,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -868,7 +868,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1175,7 +1176,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1201,7 +1202,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1547,7 +1549,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1573,7 +1575,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_helm_control_plane_output.golden b/cli/cmd/testdata/install_helm_control_plane_output.golden index adb265e72..fb2546893 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output.golden @@ -834,7 +834,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -910,7 +910,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd-dev.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1219,7 +1220,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1245,7 +1246,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1655,7 +1657,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1681,7 +1683,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd-dev.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden index b05e1eb0c..ab4f21c77 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden @@ -987,7 +987,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd-dev.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1362,7 +1363,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1834,7 +1836,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd-dev.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_helm_output_ha_labels.golden b/cli/cmd/testdata/install_helm_output_ha_labels.golden index dc7543103..7f3885fe9 100644 --- a/cli/cmd/testdata/install_helm_output_ha_labels.golden +++ b/cli/cmd/testdata/install_helm_output_ha_labels.golden @@ -995,7 +995,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd-dev.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1374,7 +1375,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1854,7 +1856,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd-dev.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden index 499ef81cc..8ac004e00 100644 --- a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden +++ b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden @@ -977,7 +977,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd-dev.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1352,7 +1353,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1824,7 +1826,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd-dev.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index 8768ea6b4..f4d992fb5 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -861,7 +861,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -937,7 +937,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1238,7 +1239,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1264,7 +1265,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1664,7 +1666,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1690,7 +1692,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index 3b2209808..2ae231777 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -830,7 +830,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -906,7 +906,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1210,7 +1211,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1236,7 +1237,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1646,7 +1648,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1672,7 +1674,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index 101ba5eea..fdb1a225c 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -861,7 +861,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -937,7 +937,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1244,7 +1245,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1270,7 +1271,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1676,7 +1678,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1702,7 +1704,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.cluster.local.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/cli/cmd/testdata/install_values_file.golden b/cli/cmd/testdata/install_values_file.golden index 54aff46a2..5859872de 100644 --- a/cli/cmd/testdata/install_values_file.golden +++ b/cli/cmd/testdata/install_values_file.golden @@ -861,7 +861,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -937,7 +937,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.example.com.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1244,7 +1245,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1270,7 +1271,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: localhost.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS @@ -1676,7 +1678,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1702,7 +1704,8 @@ spec: - name: LINKERD2_PROXY_POLICY_SVC_ADDR value: linkerd-policy.linkerd.svc.example.com.:8090 - name: LINKERD2_PROXY_POLICY_WORKLOAD - value: "$(_pod_ns):$(_pod_name)" + value: | + {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"} - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS diff --git a/controller/proxy-injector/fake/data/pod-with-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-debug.patch.json index 6e3177912..fe8ec5de3 100644 --- a/controller/proxy-injector/fake/data/pod-with-debug.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-debug.patch.json @@ -199,7 +199,7 @@ }, { "name": "LINKERD2_PROXY_POLICY_WORKLOAD", - "value": "$(_pod_ns):$(_pod_name)" + "value": "{\"ns\":\"$(_pod_ns)\", \"pod\":\"$(_pod_name)\"}\n" }, { "name": "LINKERD2_PROXY_INBOUND_DEFAULT_POLICY", diff --git a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json index 70e79bf01..94010ed72 100644 --- a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json @@ -185,7 +185,7 @@ }, { "name": "LINKERD2_PROXY_POLICY_WORKLOAD", - "value": "$(_pod_ns):$(_pod_name)" + "value": "{\"ns\":\"$(_pod_ns)\", \"pod\":\"$(_pod_name)\"}\n" }, { "name": "LINKERD2_PROXY_INBOUND_DEFAULT_POLICY", diff --git a/controller/proxy-injector/fake/data/pod.patch.json b/controller/proxy-injector/fake/data/pod.patch.json index 85ab71faf..ad43f6e5d 100644 --- a/controller/proxy-injector/fake/data/pod.patch.json +++ b/controller/proxy-injector/fake/data/pod.patch.json @@ -175,7 +175,7 @@ }, { "name": "LINKERD2_PROXY_POLICY_WORKLOAD", - "value": "$(_pod_ns):$(_pod_name)" + "value": "{\"ns\":\"$(_pod_ns)\", \"pod\":\"$(_pod_name)\"}\n" }, { "name": "LINKERD2_PROXY_INBOUND_DEFAULT_POLICY", diff --git a/policy-controller/grpc/Cargo.toml b/policy-controller/grpc/Cargo.toml index 9c4ebd086..8a5ac6c01 100644 --- a/policy-controller/grpc/Cargo.toml +++ b/policy-controller/grpc/Cargo.toml @@ -18,6 +18,8 @@ prost-types = "0.11.9" tokio = { version = "1", features = ["macros"] } tonic = { version = "0.8", default-features = false } tracing = "0.1" +serde = { version = "1", features = ["derive"] } +serde_json = "1" [dependencies.linkerd2-proxy-api] version = "0.11" diff --git a/policy-controller/grpc/src/inbound.rs b/policy-controller/grpc/src/inbound.rs index f05568b5b..2a7bcd7e8 100644 --- a/policy-controller/grpc/src/inbound.rs +++ b/policy-controller/grpc/src/inbound.rs @@ -1,4 +1,4 @@ -use crate::http_route; +use crate::{http_route, workload::Kind, workload::Workload}; use futures::prelude::*; use linkerd2_proxy_api::{ self as api, @@ -17,7 +17,7 @@ use linkerd_policy_controller_core::{ IdentityMatch, IpNet, NetworkMatch, }; use maplit::*; -use std::{num::NonZeroU16, sync::Arc}; +use std::{num::NonZeroU16, str::FromStr, sync::Arc}; use tracing::trace; #[derive(Clone, Debug)] @@ -49,21 +49,17 @@ where &self, proto::PortSpec { workload, port }: proto::PortSpec, ) -> Result<(String, String, NonZeroU16), tonic::Status> { - // Parse a workload name in the form namespace:name. - let (ns, name) = match workload.split_once(':') { - None => { - return Err(tonic::Status::invalid_argument(format!( - "Invalid workload: {}", - workload - ))); + let (ns, name) = match Workload::from_str(&workload)? { + Workload { + namespace, + kind: Kind::Pod(pod), + } => (namespace, pod), + _ => { + // TODO: handle external workloads + return Err(tonic::Status::invalid_argument( + "only pod workload supported at the moment", + )); } - Some((ns, pod)) if ns.is_empty() || pod.is_empty() => { - return Err(tonic::Status::invalid_argument(format!( - "Invalid workload: {}", - workload - ))); - } - Some((ns, pod)) => (ns, pod), }; // Ensure that the port is in the valid range. diff --git a/policy-controller/grpc/src/lib.rs b/policy-controller/grpc/src/lib.rs index a8fb6eadc..404d2c9f2 100644 --- a/policy-controller/grpc/src/lib.rs +++ b/policy-controller/grpc/src/lib.rs @@ -2,6 +2,7 @@ #![forbid(unsafe_code)] mod http_route; +mod workload; pub mod inbound; pub mod outbound; diff --git a/policy-controller/grpc/src/outbound.rs b/policy-controller/grpc/src/outbound.rs index fbe7f1f16..1b5a07f8c 100644 --- a/policy-controller/grpc/src/outbound.rs +++ b/policy-controller/grpc/src/outbound.rs @@ -1,4 +1,4 @@ -use crate::http_route; +use crate::{http_route, workload}; use futures::prelude::*; use linkerd2_proxy_api::{ self as api, destination, @@ -15,7 +15,7 @@ use linkerd_policy_controller_core::{ OutboundPolicy, OutboundPolicyStream, }, }; -use std::{net::SocketAddr, num::NonZeroU16, sync::Arc, time}; +use std::{net::SocketAddr, num::NonZeroU16, str::FromStr, sync::Arc, time}; #[derive(Clone, Debug)] pub struct OutboundPolicyServer { @@ -45,17 +45,7 @@ where let target = spec .target .ok_or_else(|| tonic::Status::invalid_argument("target is required"))?; - let source_namespace = spec - .source_workload - .split_once(':') - .ok_or_else(|| { - tonic::Status::invalid_argument(format!( - "failed to parse source workload: {}", - spec.source_workload - )) - })? - .0 - .to_string(); + let source_namespace = workload::Workload::from_str(&spec.source_workload)?.namespace; let target = match target { outbound::traffic_spec::Target::Addr(target) => target, outbound::traffic_spec::Target::Authority(auth) => { diff --git a/policy-controller/grpc/src/workload.rs b/policy-controller/grpc/src/workload.rs new file mode 100644 index 000000000..813fccef9 --- /dev/null +++ b/policy-controller/grpc/src/workload.rs @@ -0,0 +1,86 @@ +use serde::{Deserialize, Serialize}; +use std::str::FromStr; + +#[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)] +pub enum Kind { + #[serde(rename = "external_workload")] + External(String), + #[serde(rename = "pod")] + Pod(String), +} + +#[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)] +pub struct Workload { + #[serde(flatten)] + pub kind: Kind, + #[serde(rename = "ns")] + pub namespace: String, +} + +impl FromStr for Workload { + type Err = tonic::Status; + + fn from_str(s: &str) -> Result { + if s.starts_with('{') { + return serde_json::from_str(s).map_err(|error| { + tracing::error!(%error, "Invalid {s} workload string"); + tonic::Status::invalid_argument(format!("Invalid workload: {}", s)) + }); + } + + match s.split_once(':') { + None => Err(tonic::Status::invalid_argument(format!( + "Invalid workload: {}", + s + ))), + Some((ns, pod)) if ns.is_empty() || pod.is_empty() => Err( + tonic::Status::invalid_argument(format!("Invalid workload: {}", s)), + ), + Some((ns, pod)) => Ok(Workload { + namespace: ns.to_string(), + kind: Kind::Pod(pod.to_string()), + }), + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn parse_old_format() { + let input = "my-namespace:my-pod"; + let expected: Workload = Workload { + namespace: "my-namespace".to_string(), + kind: Kind::Pod("my-pod".to_string()), + }; + assert_eq!(expected, Workload::from_str(input).expect("should parse")); + } + + #[test] + fn parse_new_format_pod() { + let input = r#"{"ns":"my-namespace", "pod":"my-pod"}"#; + let expected: Workload = Workload { + namespace: "my-namespace".to_string(), + kind: Kind::Pod("my-pod".to_string()), + }; + assert_eq!(expected, Workload::from_str(input).expect("should parse")); + } + + #[test] + fn parse_new_format_external() { + let input = r#"{"ns":"my-namespace", "external_workload":"my-external"}"#; + let expected: Workload = Workload { + namespace: "my-namespace".to_string(), + kind: Kind::External("my-external".to_string()), + }; + assert_eq!(expected, Workload::from_str(input).expect("should parse")); + } + + #[test] + fn errors_invalid_new_format() { + let input = r#"{"ns":"my-namespace", "nonsense":"my-external"}"#; + assert!(Workload::from_str(input).is_err()); + } +}