mirror of https://github.com/linkerd/linkerd2.git
60 lines
2.2 KiB
YAML
60 lines
2.2 KiB
YAML
# -- CNI plugin plane namespace
|
|
namespace: linkerd-cni
|
|
# -- Whether to create the CNI plugin plane namespace or not
|
|
installNamespace: true
|
|
# -- CNI resource annotation. Do not edit
|
|
cniResourceLabel: linkerd.io/cni-resource
|
|
# -- Inbound port for the proxy container
|
|
inboundProxyPort: 4143
|
|
# -- Outbound port for the proxy container
|
|
outboundProxyPort: 4140
|
|
# -- Inbound ports the proxy should ignore
|
|
# - SMTP (25,587) server-first
|
|
# - HTTPS (443) opaque TLS
|
|
# - MYSQL (3306) server-first
|
|
# - Memcached (11211) clients do not issue any preamble, which breaks detection
|
|
ignoreInboundPorts: "25,443,587,3306,11211"
|
|
# -- Outbound ports the proxy should ignore
|
|
ignoreOutboundPorts: "25,443,587,3306,11211"
|
|
# -- Annotation label for the proxy create. Do not edit.
|
|
createdByAnnotation: linkerd.io/created-by
|
|
# -- Docker image for the CNI plugin
|
|
cniPluginImage: "ghcr.io/linkerd/cni-plugin"
|
|
# -- Tag for the CNI container Docker image
|
|
cniPluginVersion: linkerdVersionValue
|
|
# -- Log level for the CNI plugin
|
|
logLevel: info
|
|
# -- Ports to redirect to proxy
|
|
portsToRedirect: ""
|
|
# -- User id under which the proxy shall be ran
|
|
proxyUID: 2102
|
|
# -- Directory on the host where the CNI plugin binaries reside
|
|
destCNINetDir: "/etc/cni/net.d"
|
|
# -- Directory on the host where the CNI configuration will be placed
|
|
destCNIBinDir: "/opt/cni/bin"
|
|
# -- Configures the CNI plugin to use the -w flag for the iptables command
|
|
useWaitFlag: false
|
|
# -- Kubernetes priorityClassName for the CNI plugin's Pods
|
|
priorityClassName: ""
|
|
|
|
# namespace annotation and labels - do not edit
|
|
proxyInjectAnnotation: linkerd.io/inject
|
|
proxyInjectDisabled: disabled
|
|
|
|
# -|- Tolerations section, See the
|
|
# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
|
|
# for more information
|
|
#tolerations:
|
|
|
|
#
|
|
## For Private docker registries, authentication is needed.
|
|
# If the control plane service images are pulled from a
|
|
# protected docker registry, define pull secrets as follows:
|
|
#
|
|
#imagePullSecrets:
|
|
# - name: my-private-docker-registry-login-secret
|
|
#
|
|
# The pull secrets are applied to the respective service accounts
|
|
# which will further orchestrate the deployments.
|
|
imagePullSecrets:
|