--- kind: Namespace apiVersion: v1 metadata: name: linkerd annotations: linkerd.io/inject: disabled --- ### ### Identity Controller Service ### --- kind: ServiceAccount apiVersion: v1 metadata: name: linkerd-identity namespace: linkerd --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: linkerd-linkerd-identity rules: - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] verbs: ["create"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: linkerd-linkerd-identity roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: linkerd-linkerd-identity subjects: - kind: ServiceAccount name: linkerd-identity namespace: linkerd --- kind: Service apiVersion: v1 metadata: name: linkerd-identity namespace: linkerd labels: linkerd.io/control-plane-component: identity annotations: linkerd.io/created-by: linkerd/cli dev-undefined spec: type: ClusterIP selector: linkerd.io/control-plane-component: identity ports: - name: grpc port: 8080 targetPort: 8080 --- kind: Secret apiVersion: v1 metadata: name: linkerd-identity-issuer namespace: linkerd labels: linkerd.io/control-plane-component: identity annotations: linkerd.io/created-by: linkerd/cli dev-undefined linkerd.io/identity-issuer-expiry: 2029-02-28T02:03:52Z data: crt.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJjakNDQVJpZ0F3SUJBZ0lCQWpBS0JnZ3Foa2pPUFFRREFqQVlNUll3RkFZRFZRUURFdzFqYkhWemRHVnkKTG14dlkyRnNNQjRYRFRFNU1ETXdNekF4TlRrMU1sb1hEVEk1TURJeU9EQXlNRE0xTWxvd0tURW5NQ1VHQTFVRQpBeE1lYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Ga3dFd1lIS29aSXpqMENBUVlJCktvWkl6ajBEQVFjRFFnQUVJU2cwQ21KTkJXTHhKVHNLdDcrYno4QXMxWWZxWkZ1VHEyRm5ZbzAxNk5LVnY3MGUKUUMzVDZ0T3Bhajl4dUtzWGZsVTZaa3VpVlJpaWh3K3RWMmlzcTZOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdFRwpNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQURBUUgvCk1Bb0dDQ3FHU000OUJBTUNBMGdBTUVVQ0lGK2FNMEJ3MlBkTUZEcS9LdGFCUXZIZEFZYVVQVng4dmYzam4rTTQKQWFENEFpRUE5SEJkanlXeWlLZUt4bEE4Q29PdlVBd0k5NXhjNlhVTW9EeFJTWGpucFhnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== key.pem: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU1JSnltZWtZeitra0NMUGtGbHJVeUF1L2NISllSVHl3Zm1BVVJLS1JYZHpvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSVNnMENtSk5CV0x4SlRzS3Q3K2J6OEFzMVlmcVpGdVRxMkZuWW8wMTZOS1Z2NzBlUUMzVAo2dE9wYWo5eHVLc1hmbFU2Wmt1aVZSaWlodyt0VjJpc3F3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= --- apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: identity name: linkerd-identity namespace: linkerd spec: replicas: 1 strategy: {} template: metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined linkerd.io/identity-mode: disabled linkerd.io/proxy-version: dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: identity linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-identity spec: containers: - args: - identity - -log-level=info image: gcr.io/linkerd-io/controller:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /ping port: 9990 initialDelaySeconds: 10 name: identity ports: - containerPort: 8080 name: grpc - containerPort: 9990 name: admin-http readinessProbe: failureThreshold: 7 httpGet: path: /ready port: 9990 resources: {} securityContext: runAsUser: 2103 volumeMounts: - mountPath: /var/run/linkerd/config name: config - mountPath: /var/run/linkerd/identity/issuer name: identity-issuer - env: - name: LINKERD2_PROXY_LOG value: warn,linkerd2_proxy=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-destination.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR value: 0.0.0.0:4190 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR value: 0.0.0.0:4191 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR value: 127.0.0.1:4140 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR value: 0.0.0.0:4143 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES value: . - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE value: 10000ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE value: 10000ms - name: _pod_ns valueFrom: fieldRef: fieldPath: metadata.namespace - name: LINKERD2_PROXY_DESTINATION_CONTEXT value: ns:$(_pod_ns) - name: LINKERD2_PROXY_IDENTITY_DISABLED value: Identity is not yet available image: gcr.io/linkerd-io/proxy:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /metrics port: 4191 initialDelaySeconds: 10 name: linkerd-proxy ports: - containerPort: 4143 name: linkerd-proxy - containerPort: 4191 name: linkerd-admin readinessProbe: httpGet: path: /ready port: 4191 initialDelaySeconds: 2 resources: {} securityContext: runAsUser: 2102 terminationMessagePolicy: FallbackToLogsOnError serviceAccountName: linkerd-identity volumes: - configMap: name: linkerd-config name: config - name: identity-issuer secret: secretName: linkerd-identity-issuer status: {} --- ### ### Controller ### --- kind: ServiceAccount apiVersion: v1 metadata: name: linkerd-controller namespace: linkerd --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: linkerd-linkerd-controller rules: - apiGroups: ["extensions", "apps"] resources: ["daemonsets", "deployments", "replicasets", "statefulsets"] verbs: ["list", "get", "watch"] - apiGroups: ["extensions", "batch"] resources: ["jobs"] verbs: ["list" , "get", "watch"] - apiGroups: [""] resources: ["pods", "endpoints", "services", "replicationcontrollers", "namespaces"] verbs: ["list", "get", "watch"] - apiGroups: ["linkerd.io"] resources: ["serviceprofiles"] verbs: ["list", "get", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: linkerd-linkerd-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: linkerd-linkerd-controller subjects: - kind: ServiceAccount name: linkerd-controller namespace: linkerd --- kind: Service apiVersion: v1 metadata: name: linkerd-controller-api namespace: linkerd labels: linkerd.io/control-plane-component: controller annotations: linkerd.io/created-by: linkerd/cli dev-undefined spec: type: ClusterIP selector: linkerd.io/control-plane-component: controller ports: - name: http port: 8085 targetPort: 8085 --- kind: Service apiVersion: v1 metadata: name: linkerd-destination namespace: linkerd labels: linkerd.io/control-plane-component: controller annotations: linkerd.io/created-by: linkerd/cli dev-undefined spec: type: ClusterIP selector: linkerd.io/control-plane-component: controller ports: - name: grpc port: 8086 targetPort: 8086 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: controller name: linkerd-controller namespace: linkerd spec: replicas: 1 strategy: {} template: metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined linkerd.io/identity-mode: disabled linkerd.io/proxy-version: dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: controller linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-controller spec: containers: - args: - public-api - -prometheus-url=http://linkerd-prometheus.linkerd.svc.cluster.local:9090 - -controller-namespace=linkerd - -log-level=info image: gcr.io/linkerd-io/controller:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /ping port: 9995 initialDelaySeconds: 10 name: public-api ports: - containerPort: 8085 name: http - containerPort: 9995 name: admin-http readinessProbe: failureThreshold: 7 httpGet: path: /ready port: 9995 resources: {} securityContext: runAsUser: 2103 volumeMounts: - mountPath: /var/run/linkerd/config name: config - args: - destination - -addr=:8086 - -controller-namespace=linkerd - -enable-h2-upgrade=true - -log-level=info image: gcr.io/linkerd-io/controller:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /ping port: 9996 initialDelaySeconds: 10 name: destination ports: - containerPort: 8086 name: grpc - containerPort: 9996 name: admin-http readinessProbe: failureThreshold: 7 httpGet: path: /ready port: 9996 resources: {} securityContext: runAsUser: 2103 - args: - tap - -controller-namespace=linkerd - -log-level=info image: gcr.io/linkerd-io/controller:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /ping port: 9998 initialDelaySeconds: 10 name: tap ports: - containerPort: 8088 name: grpc - containerPort: 9998 name: admin-http readinessProbe: failureThreshold: 7 httpGet: path: /ready port: 9998 resources: {} securityContext: runAsUser: 2103 - env: - name: LINKERD2_PROXY_LOG value: warn,linkerd2_proxy=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: localhost.:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR value: 0.0.0.0:4190 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR value: 0.0.0.0:4191 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR value: 127.0.0.1:4140 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR value: 0.0.0.0:4143 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES value: . - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE value: 10000ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE value: 10000ms - name: _pod_ns valueFrom: fieldRef: fieldPath: metadata.namespace - name: LINKERD2_PROXY_DESTINATION_CONTEXT value: ns:$(_pod_ns) - name: LINKERD2_PROXY_IDENTITY_DISABLED value: Identity is not yet available image: gcr.io/linkerd-io/proxy:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /metrics port: 4191 initialDelaySeconds: 10 name: linkerd-proxy ports: - containerPort: 4143 name: linkerd-proxy - containerPort: 4191 name: linkerd-admin readinessProbe: httpGet: path: /ready port: 4191 initialDelaySeconds: 2 resources: {} securityContext: runAsUser: 2102 terminationMessagePolicy: FallbackToLogsOnError serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config status: {} --- kind: ConfigMap apiVersion: v1 metadata: name: linkerd-config namespace: linkerd labels: linkerd.io/control-plane-component: controller annotations: linkerd.io/created-by: linkerd/cli dev-undefined data: global: | {"linkerdNamespace":"linkerd","cniEnabled":true,"version":"dev-undefined","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s"}} proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":false} --- ### ### Service Profile CRD ### --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: serviceprofiles.linkerd.io annotations: linkerd.io/created-by: linkerd/cli dev-undefined spec: group: linkerd.io version: v1alpha1 scope: Namespaced names: plural: serviceprofiles singular: serviceprofile kind: ServiceProfile shortNames: - sp validation: openAPIV3Schema: properties: spec: required: - routes properties: retryBudget: required: - minRetriesPerSecond - retryRatio - ttl type: object properties: minRetriesPerSecond: type: integer retryRatio: type: number ttl: type: string routes: type: array items: type: object required: - name - condition properties: name: type: string timeout: type: string condition: type: object minProperties: 1 properties: method: type: string pathRegex: type: string all: type: array items: type: object any: type: array items: type: object not: type: object responseClasses: type: array items: type: object required: - condition properties: isFailure: type: boolean condition: type: object properties: status: type: object minProperties: 1 properties: min: type: integer minimum: 100 maximum: 599 max: type: integer minimum: 100 maximum: 599 all: type: array items: type: object any: type: array items: type: object not: type: object --- ### ### Web ### --- kind: ServiceAccount apiVersion: v1 metadata: name: linkerd-web namespace: linkerd --- kind: Service apiVersion: v1 metadata: name: linkerd-web namespace: linkerd labels: linkerd.io/control-plane-component: web annotations: linkerd.io/created-by: linkerd/cli dev-undefined spec: type: ClusterIP selector: linkerd.io/control-plane-component: web ports: - name: http port: 8084 targetPort: 8084 - name: admin-http port: 9994 targetPort: 9994 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: web name: linkerd-web namespace: linkerd spec: replicas: 1 strategy: {} template: metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined linkerd.io/identity-mode: disabled linkerd.io/proxy-version: dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: web linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-web spec: containers: - args: - -api-addr=linkerd-controller-api.linkerd.svc.cluster.local:8085 - -grafana-addr=linkerd-grafana.linkerd.svc.cluster.local:3000 - -uuid=deaab91a-f4ab-448a-b7d1-c832a2fa0a60 - -controller-namespace=linkerd - -log-level=info image: gcr.io/linkerd-io/web:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /ping port: 9994 initialDelaySeconds: 10 name: web ports: - containerPort: 8084 name: http - containerPort: 9994 name: admin-http readinessProbe: failureThreshold: 7 httpGet: path: /ready port: 9994 resources: {} securityContext: runAsUser: 2103 - env: - name: LINKERD2_PROXY_LOG value: warn,linkerd2_proxy=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-destination.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR value: 0.0.0.0:4190 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR value: 0.0.0.0:4191 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR value: 127.0.0.1:4140 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR value: 0.0.0.0:4143 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES value: . - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE value: 10000ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE value: 10000ms - name: _pod_ns valueFrom: fieldRef: fieldPath: metadata.namespace - name: LINKERD2_PROXY_DESTINATION_CONTEXT value: ns:$(_pod_ns) - name: LINKERD2_PROXY_IDENTITY_DISABLED value: Identity is not yet available image: gcr.io/linkerd-io/proxy:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /metrics port: 4191 initialDelaySeconds: 10 name: linkerd-proxy ports: - containerPort: 4143 name: linkerd-proxy - containerPort: 4191 name: linkerd-admin readinessProbe: httpGet: path: /ready port: 4191 initialDelaySeconds: 2 resources: {} securityContext: runAsUser: 2102 terminationMessagePolicy: FallbackToLogsOnError serviceAccountName: linkerd-web status: {} --- ### ### Prometheus ### --- kind: ServiceAccount apiVersion: v1 metadata: name: linkerd-prometheus namespace: linkerd --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: linkerd-linkerd-prometheus rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: linkerd-linkerd-prometheus roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: linkerd-linkerd-prometheus subjects: - kind: ServiceAccount name: linkerd-prometheus namespace: linkerd --- kind: Service apiVersion: v1 metadata: name: linkerd-prometheus namespace: linkerd labels: linkerd.io/control-plane-component: prometheus annotations: linkerd.io/created-by: linkerd/cli dev-undefined spec: type: ClusterIP selector: linkerd.io/control-plane-component: prometheus ports: - name: admin-http port: 9090 targetPort: 9090 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: prometheus name: linkerd-prometheus namespace: linkerd spec: replicas: 1 strategy: {} template: metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined linkerd.io/identity-mode: disabled linkerd.io/proxy-version: dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: prometheus linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-prometheus spec: containers: - args: - --storage.tsdb.path=/data - --storage.tsdb.retention=6h - --config.file=/etc/prometheus/prometheus.yml - --log.level=info image: prom/prometheus:v2.7.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /-/healthy port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 name: prometheus ports: - containerPort: 9090 name: admin-http readinessProbe: httpGet: path: /-/ready port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 resources: {} securityContext: runAsUser: 65534 volumeMounts: - mountPath: /data name: data - mountPath: /etc/prometheus name: prometheus-config readOnly: true - env: - name: LINKERD2_PROXY_LOG value: warn,linkerd2_proxy=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-destination.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR value: 0.0.0.0:4190 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR value: 0.0.0.0:4191 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR value: 127.0.0.1:4140 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR value: 0.0.0.0:4143 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES value: . - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE value: 10000ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE value: 10000ms - name: _pod_ns valueFrom: fieldRef: fieldPath: metadata.namespace - name: LINKERD2_PROXY_DESTINATION_CONTEXT value: ns:$(_pod_ns) - name: LINKERD2_PROXY_OUTBOUND_ROUTER_CAPACITY value: "10000" - name: LINKERD2_PROXY_IDENTITY_DISABLED value: Identity is not yet available image: gcr.io/linkerd-io/proxy:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /metrics port: 4191 initialDelaySeconds: 10 name: linkerd-proxy ports: - containerPort: 4143 name: linkerd-proxy - containerPort: 4191 name: linkerd-admin readinessProbe: httpGet: path: /ready port: 4191 initialDelaySeconds: 2 resources: {} securityContext: runAsUser: 2102 terminationMessagePolicy: FallbackToLogsOnError serviceAccountName: linkerd-prometheus volumes: - emptyDir: {} name: data - configMap: name: linkerd-prometheus-config name: prometheus-config status: {} --- kind: ConfigMap apiVersion: v1 metadata: name: linkerd-prometheus-config namespace: linkerd labels: linkerd.io/control-plane-component: prometheus annotations: linkerd.io/created-by: linkerd/cli dev-undefined data: prometheus.yml: |- global: scrape_interval: 10s scrape_timeout: 10s evaluation_interval: 10s rule_files: - /etc/prometheus/*_rules.yml scrape_configs: - job_name: 'prometheus' static_configs: - targets: ['localhost:9090'] - job_name: 'grafana' kubernetes_sd_configs: - role: pod namespaces: names: ['linkerd'] relabel_configs: - source_labels: - __meta_kubernetes_pod_container_name action: keep regex: ^grafana$ - job_name: 'linkerd-controller' kubernetes_sd_configs: - role: pod namespaces: names: ['linkerd'] relabel_configs: - source_labels: - __meta_kubernetes_pod_label_linkerd_io_control_plane_component - __meta_kubernetes_pod_container_port_name action: keep regex: (.*);admin-http$ - source_labels: [__meta_kubernetes_pod_container_name] action: replace target_label: component - job_name: 'linkerd-proxy' kubernetes_sd_configs: - role: pod relabel_configs: - source_labels: - __meta_kubernetes_pod_container_name - __meta_kubernetes_pod_container_port_name - __meta_kubernetes_pod_label_linkerd_io_control_plane_ns action: keep regex: ^linkerd-proxy;linkerd-admin;linkerd$ - source_labels: [__meta_kubernetes_namespace] action: replace target_label: namespace - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: pod # special case k8s' "job" label, to not interfere with prometheus' "job" # label # __meta_kubernetes_pod_label_linkerd_io_proxy_job=foo => # k8s_job=foo - source_labels: [__meta_kubernetes_pod_label_linkerd_io_proxy_job] action: replace target_label: k8s_job # drop __meta_kubernetes_pod_label_linkerd_io_proxy_job - action: labeldrop regex: __meta_kubernetes_pod_label_linkerd_io_proxy_job # __meta_kubernetes_pod_label_linkerd_io_proxy_deployment=foo => # deployment=foo - action: labelmap regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+) # drop all labels that we just made copies of in the previous labelmap - action: labeldrop regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+) # __meta_kubernetes_pod_label_linkerd_io_foo=bar => # foo=bar - action: labelmap regex: __meta_kubernetes_pod_label_linkerd_io_(.+) --- ### ### Grafana ### --- kind: ServiceAccount apiVersion: v1 metadata: name: linkerd-grafana namespace: linkerd --- kind: Service apiVersion: v1 metadata: name: linkerd-grafana namespace: linkerd labels: linkerd.io/control-plane-component: grafana annotations: linkerd.io/created-by: linkerd/cli dev-undefined spec: type: ClusterIP selector: linkerd.io/control-plane-component: grafana ports: - name: http port: 3000 targetPort: 3000 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: grafana name: linkerd-grafana namespace: linkerd spec: replicas: 1 strategy: {} template: metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined linkerd.io/identity-mode: disabled linkerd.io/proxy-version: dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: grafana linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-grafana spec: containers: - env: - name: GF_PATHS_DATA value: /data image: gcr.io/linkerd-io/grafana:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /api/health port: 3000 initialDelaySeconds: 30 name: grafana ports: - containerPort: 3000 name: http readinessProbe: httpGet: path: /api/health port: 3000 resources: {} securityContext: runAsUser: 472 volumeMounts: - mountPath: /data name: data - mountPath: /etc/grafana name: grafana-config readOnly: true - env: - name: LINKERD2_PROXY_LOG value: warn,linkerd2_proxy=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-destination.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR value: 0.0.0.0:4190 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR value: 0.0.0.0:4191 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR value: 127.0.0.1:4140 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR value: 0.0.0.0:4143 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES value: . - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE value: 10000ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE value: 10000ms - name: _pod_ns valueFrom: fieldRef: fieldPath: metadata.namespace - name: LINKERD2_PROXY_DESTINATION_CONTEXT value: ns:$(_pod_ns) - name: LINKERD2_PROXY_IDENTITY_DISABLED value: Identity is not yet available image: gcr.io/linkerd-io/proxy:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /metrics port: 4191 initialDelaySeconds: 10 name: linkerd-proxy ports: - containerPort: 4143 name: linkerd-proxy - containerPort: 4191 name: linkerd-admin readinessProbe: httpGet: path: /ready port: 4191 initialDelaySeconds: 2 resources: {} securityContext: runAsUser: 2102 terminationMessagePolicy: FallbackToLogsOnError serviceAccountName: linkerd-grafana volumes: - emptyDir: {} name: data - configMap: items: - key: grafana.ini path: grafana.ini - key: datasources.yaml path: provisioning/datasources/datasources.yaml - key: dashboards.yaml path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config status: {} --- kind: ConfigMap apiVersion: v1 metadata: name: linkerd-grafana-config namespace: linkerd labels: linkerd.io/control-plane-component: grafana annotations: linkerd.io/created-by: linkerd/cli dev-undefined data: grafana.ini: |- instance_name = linkerd-grafana [server] root_url = %(protocol)s://%(domain)s:/grafana/ [auth] disable_login_form = true [auth.anonymous] enabled = true org_role = Editor [auth.basic] enabled = false [analytics] check_for_updates = false datasources.yaml: |- apiVersion: 1 datasources: - name: prometheus type: prometheus access: proxy orgId: 1 url: http://linkerd-prometheus.linkerd.svc.cluster.local:9090 isDefault: true jsonData: timeInterval: "5s" version: 1 editable: true dashboards.yaml: |- apiVersion: 1 providers: - name: 'default' orgId: 1 folder: '' type: file disableDeletion: true editable: true options: path: /var/lib/grafana/dashboards homeDashboardId: linkerd-top-line --- ### ### Proxy Injector ### --- apiVersion: apps/v1 kind: Deployment metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: proxy-injector name: linkerd-proxy-injector namespace: linkerd spec: replicas: 1 selector: matchLabels: linkerd.io/control-plane-component: proxy-injector strategy: {} template: metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined linkerd.io/identity-mode: disabled linkerd.io/proxy-version: dev-undefined creationTimestamp: null labels: linkerd.io/control-plane-component: proxy-injector linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-proxy-injector spec: containers: - args: - proxy-injector - -controller-namespace=linkerd - -log-level=info - -no-init-container=true image: gcr.io/linkerd-io/controller:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /ping port: 9995 initialDelaySeconds: 10 name: proxy-injector ports: - containerPort: 8443 name: proxy-injector readinessProbe: failureThreshold: 7 httpGet: path: /ready port: 9995 resources: {} securityContext: runAsUser: 2103 volumeMounts: - mountPath: /var/run/linkerd/config name: config - env: - name: LINKERD2_PROXY_LOG value: warn,linkerd2_proxy=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-destination.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR value: 0.0.0.0:4190 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR value: 0.0.0.0:4191 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR value: 127.0.0.1:4140 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR value: 0.0.0.0:4143 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES value: . - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE value: 10000ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE value: 10000ms - name: _pod_ns valueFrom: fieldRef: fieldPath: metadata.namespace - name: LINKERD2_PROXY_DESTINATION_CONTEXT value: ns:$(_pod_ns) - name: LINKERD2_PROXY_IDENTITY_DISABLED value: Identity is not yet available image: gcr.io/linkerd-io/proxy:dev-undefined imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /metrics port: 4191 initialDelaySeconds: 10 name: linkerd-proxy ports: - containerPort: 4143 name: linkerd-proxy - containerPort: 4191 name: linkerd-admin readinessProbe: httpGet: path: /ready port: 4191 initialDelaySeconds: 2 resources: {} securityContext: runAsUser: 2102 terminationMessagePolicy: FallbackToLogsOnError serviceAccountName: linkerd-proxy-injector volumes: - configMap: name: linkerd-config name: config status: {} --- kind: ServiceAccount apiVersion: v1 metadata: name: linkerd-proxy-injector namespace: linkerd --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: linkerd-linkerd-proxy-injector rules: - apiGroups: ["admissionregistration.k8s.io"] resources: ["mutatingwebhookconfigurations"] verbs: ["create", "get", "delete"] - apiGroups: [""] resources: ["namespaces"] verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: linkerd-linkerd-proxy-injector subjects: - kind: ServiceAccount name: linkerd-proxy-injector namespace: linkerd apiGroup: "" roleRef: kind: ClusterRole name: linkerd-linkerd-proxy-injector apiGroup: rbac.authorization.k8s.io --- kind: Service apiVersion: v1 metadata: name: linkerd-proxy-injector namespace: linkerd labels: linkerd.io/control-plane-component: proxy-injector annotations: linkerd.io/created-by: linkerd/cli dev-undefined spec: type: ClusterIP selector: linkerd.io/control-plane-component: proxy-injector ports: - name: proxy-injector port: 443 targetPort: proxy-injector ---