apiVersion: apps/v1 kind: Deployment metadata: generation: 1 labels: linkerd.io/control-plane-component: tap linkerd.io/control-plane-ns: linkerd name: linkerd-tap namespace: linkerd resourceVersion: "2387" selfLink: /apis/extensions/v1beta1/namespaces/linkerd/deployments/linkerd-tap uid: edb24475-9371-491a-b536-b084a91d9700 spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: linkerd.io/control-plane-component: tap linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-tap strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: config.linkerd.io/enable-debug-sidecar: "true" linkerd.io/created-by: linkerd/cli dev-undefined linkerd.io/identity-mode: default linkerd.io/proxy-version: test-inject-proxy-version labels: linkerd.io/control-plane-component: tap linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-tap spec: containers: - args: - tap - -controller-namespace=linkerd - -log-level=info image: gcr.io/linkerd-io/controller:git-a94122bf imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: 9998 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: tap ports: - containerPort: 8088 name: grpc protocol: TCP - containerPort: 8089 name: apiserver protocol: TCP - containerPort: 9998 name: admin-http protocol: TCP readinessProbe: failureThreshold: 7 httpGet: path: /ready port: 9998 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 securityContext: runAsUser: 2103 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/linkerd/tls name: tls readOnly: true - mountPath: /var/run/linkerd/config name: config - image: gcr.io/linkerd-io/debug:test-inject-debug-version imagePullPolicy: IfNotPresent name: linkerd-debug terminationMessagePolicy: FallbackToLogsOnError - env: - name: LINKERD2_PROXY_LOG value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-dst.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR value: 0.0.0.0:4190 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR value: 0.0.0.0:4191 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR value: 127.0.0.1:4140 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR value: 0.0.0.0:4143 - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES value: svc.cluster.local. - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES value: svc.cluster.local. - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE value: 10000ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE value: 10000ms - name: _pod_ns valueFrom: fieldRef: fieldPath: metadata.namespace - name: LINKERD2_PROXY_DESTINATION_CONTEXT value: ns:$(_pod_ns) - name: LINKERD2_PROXY_IDENTITY_DIR value: /var/run/linkerd/identity/end-entity - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS value: | -----BEGIN CERTIFICATE----- MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv OLO4Zsk1XrGZHGsmyiEyvYF9lpY= -----END CERTIFICATE----- - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE value: /var/run/secrets/kubernetes.io/serviceaccount/token - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR value: linkerd-identity.linkerd.svc.cluster.local:8080 - name: _pod_sa valueFrom: fieldRef: fieldPath: spec.serviceAccountName - name: _l5d_ns value: linkerd - name: _l5d_trustdomain value: cluster.local - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) - name: LINKERD2_PROXY_IDENTITY_SVC_NAME value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) - name: LINKERD2_PROXY_DESTINATION_SVC_NAME value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) - name: LINKERD2_PROXY_TAP_SVC_NAME value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) image: gcr.io/linkerd-io/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /metrics port: 4191 initialDelaySeconds: 10 name: linkerd-proxy ports: - containerPort: 4143 name: linkerd-proxy - containerPort: 4191 name: linkerd-admin readinessProbe: httpGet: path: /ready port: 4191 initialDelaySeconds: 2 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 2102 terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/linkerd/identity/end-entity name: linkerd-identity-end-entity dnsPolicy: ClusterFirst initContainers: - args: - --incoming-proxy-port - "4143" - --outgoing-proxy-port - "4140" - --proxy-uid - "2102" - --inbound-ports-to-ignore - 4190,4191 - --outbound-ports-to-ignore - "443" image: gcr.io/linkerd-io/proxy-init:v1.3.2 imagePullPolicy: IfNotPresent name: linkerd-init resources: limits: cpu: 100m memory: 50Mi requests: cpu: 10m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_ADMIN - NET_RAW privileged: false readOnlyRootFilesystem: true runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: linkerd-tap serviceAccountName: linkerd-tap terminationGracePeriodSeconds: 30 volumes: - configMap: defaultMode: 420 name: linkerd-config name: config - name: tls secret: defaultMode: 420 secretName: linkerd-tap-tls - emptyDir: medium: Memory name: linkerd-identity-end-entity ---