mirror of https://github.com/linkerd/linkerd2.git
364 lines
9.1 KiB
JSON
364 lines
9.1 KiB
JSON
[
|
|
{
|
|
"op": "add",
|
|
"path": "/metadata/annotations/linkerd.io~1proxy-version",
|
|
"value": "dev-undefined"
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/metadata/annotations/linkerd.io~1trust-root-sha256",
|
|
"value": "5090806bcf2daff5d54739ba02a8e7b919f7e62b2a46757e11089c916ec97fc2"
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/metadata/labels/linkerd.io~1control-plane-ns",
|
|
"value": "linkerd"
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/metadata/labels/linkerd.io~1proxy-deployment",
|
|
"value": "owner-deployment"
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/metadata/labels/linkerd.io~1workload-ns",
|
|
"value": "kube-public"
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/spec/volumes",
|
|
"value": []
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/spec/initContainers",
|
|
"value": []
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/spec/volumes/-",
|
|
"value": {
|
|
"emptyDir": {},
|
|
"name": "linkerd-proxy-init-xtables-lock"
|
|
}
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/spec/initContainers/-",
|
|
"value": {
|
|
"args": [
|
|
"--incoming-proxy-port",
|
|
"4143",
|
|
"--outgoing-proxy-port",
|
|
"4140",
|
|
"--proxy-uid",
|
|
"2102",
|
|
"--inbound-ports-to-ignore",
|
|
"4190,4191,4567,4568",
|
|
"--outbound-ports-to-ignore",
|
|
"4567,4568"
|
|
],
|
|
"image": "cr.l5d.io/linkerd/proxy-init:v2.2.0",
|
|
"imagePullPolicy": "IfNotPresent",
|
|
"name": "linkerd-init",
|
|
"resources": {
|
|
"limits": {
|
|
"cpu": "100m",
|
|
"memory": "20Mi"
|
|
},
|
|
"requests": {
|
|
"cpu": "100m",
|
|
"memory": "20Mi"
|
|
}
|
|
},
|
|
"securityContext": {
|
|
"allowPrivilegeEscalation": false,
|
|
"capabilities": {
|
|
"add": [
|
|
"NET_ADMIN",
|
|
"NET_RAW"
|
|
]
|
|
},
|
|
"privileged": false,
|
|
"runAsNonRoot": true,
|
|
"runAsUser": 65534,
|
|
"readOnlyRootFilesystem": true,
|
|
"seccompProfile": {
|
|
"type": "RuntimeDefault"
|
|
}
|
|
},
|
|
"terminationMessagePolicy": "FallbackToLogsOnError",
|
|
"volumeMounts": [
|
|
{
|
|
"mountPath": "/run",
|
|
"name": "linkerd-proxy-init-xtables-lock"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/spec/containers/-",
|
|
"value": {
|
|
"image": "cr.l5d.io/linkerd/debug:dev-undefined",
|
|
"imagePullPolicy": "IfNotPresent",
|
|
"name": "linkerd-debug",
|
|
"terminationMessagePolicy": "FallbackToLogsOnError"
|
|
}
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/spec/volumes/-",
|
|
"value": {
|
|
"name": "linkerd-identity-end-entity",
|
|
"emptyDir": {
|
|
"medium": "Memory"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/spec/volumes/-",
|
|
"value": {
|
|
"name": "linkerd-identity-token",
|
|
"projected": {
|
|
"sources": [
|
|
{
|
|
"serviceAccountToken": {
|
|
"audience": "identity.l5d.io",
|
|
"expirationSeconds": 86400,
|
|
"path": "linkerd-identity-token"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"op": "add",
|
|
"path": "/spec/containers/0",
|
|
"value": {
|
|
"env": [
|
|
{
|
|
"name": "_pod_name",
|
|
"valueFrom": {
|
|
"fieldRef": {
|
|
"fieldPath": "metadata.name"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"name": "_pod_ns",
|
|
"valueFrom": {
|
|
"fieldRef": {
|
|
"fieldPath": "metadata.namespace"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"name": "_pod_nodeName",
|
|
"valueFrom": {
|
|
"fieldRef": {
|
|
"fieldPath": "spec.nodeName"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_LOG",
|
|
"value": "warn,linkerd=info"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_LOG_FORMAT",
|
|
"value": "plain"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_DESTINATION_SVC_ADDR",
|
|
"value": "linkerd-dst-headless.linkerd.svc.cluster.local.:8086"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS",
|
|
"value": "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_POLICY_SVC_ADDR",
|
|
"value": "linkerd-policy.linkerd.svc.cluster.local.:8090"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_POLICY_WORKLOAD",
|
|
"value": "$(_pod_ns):$(_pod_name)"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_INBOUND_DEFAULT_POLICY",
|
|
"value": "all-unauthenticated"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS",
|
|
"value": "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT",
|
|
"value": "100ms"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT",
|
|
"value": "1000ms"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_CONTROL_LISTEN_ADDR",
|
|
"value": "0.0.0.0:4190"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_ADMIN_LISTEN_ADDR",
|
|
"value": "0.0.0.0:4191"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR",
|
|
"value": "127.0.0.1:4140"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_INBOUND_LISTEN_ADDR",
|
|
"value": "0.0.0.0:4143"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_INBOUND_IPS",
|
|
"valueFrom": {
|
|
"fieldRef": {
|
|
"fieldPath": "status.podIPs"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_INBOUND_PORTS",
|
|
"value": "80"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES",
|
|
"value": "svc.cluster.local."
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE",
|
|
"value": "10000ms"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE",
|
|
"value": "10000ms"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION",
|
|
"value": "25,587,3306,4444,5432,6379,9300,11211"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_DESTINATION_CONTEXT",
|
|
"value": "{\"ns\":\"$(_pod_ns)\", \"nodeName\":\"$(_pod_nodeName)\"}\n"
|
|
},
|
|
{
|
|
"name": "_pod_sa",
|
|
"valueFrom": {
|
|
"fieldRef": {
|
|
"fieldPath": "spec.serviceAccountName"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"name": "_l5d_ns",
|
|
"value": "linkerd"
|
|
},
|
|
{
|
|
"name": "_l5d_trustdomain",
|
|
"value": "cluster.local"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_IDENTITY_DIR",
|
|
"value": "/var/run/linkerd/identity/end-entity"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS",
|
|
"value": "IdentityTrustAnchorsPEM\n"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_IDENTITY_TOKEN_FILE",
|
|
"value": "/var/run/secrets/tokens/linkerd-identity-token"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_IDENTITY_SVC_ADDR",
|
|
"value": "linkerd-identity-headless.linkerd.svc.cluster.local.:8080"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_IDENTITY_LOCAL_NAME",
|
|
"value": "$(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_IDENTITY_SVC_NAME",
|
|
"value": "linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_DESTINATION_SVC_NAME",
|
|
"value": "linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local"
|
|
},
|
|
{
|
|
"name": "LINKERD2_PROXY_POLICY_SVC_NAME",
|
|
"value": "linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local"
|
|
}
|
|
],
|
|
"image": "cr.l5d.io/linkerd/proxy:dev-undefined",
|
|
"imagePullPolicy": "IfNotPresent",
|
|
"lifecycle": {
|
|
"postStart": {
|
|
"exec": {
|
|
"command": [
|
|
"/usr/lib/linkerd/linkerd-await",
|
|
"--timeout=2m"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"livenessProbe": {
|
|
"httpGet": {
|
|
"path": "/live",
|
|
"port": 4191
|
|
},
|
|
"initialDelaySeconds": 10
|
|
},
|
|
"name": "linkerd-proxy",
|
|
"ports": [
|
|
{
|
|
"containerPort": 4143,
|
|
"name": "linkerd-proxy"
|
|
},
|
|
{
|
|
"containerPort": 4191,
|
|
"name": "linkerd-admin"
|
|
}
|
|
],
|
|
"readinessProbe": {
|
|
"httpGet": {
|
|
"path": "/ready",
|
|
"port": 4191
|
|
},
|
|
"initialDelaySeconds": 2
|
|
},
|
|
"resources": null,
|
|
"securityContext": {
|
|
"allowPrivilegeEscalation": false,
|
|
"readOnlyRootFilesystem": true,
|
|
"runAsNonRoot": true,
|
|
"runAsUser": 2102,
|
|
"seccompProfile": {
|
|
"type": "RuntimeDefault"
|
|
}
|
|
},
|
|
"terminationMessagePolicy": "FallbackToLogsOnError",
|
|
"volumeMounts": [
|
|
{
|
|
"mountPath": "/var/run/linkerd/identity/end-entity",
|
|
"name": "linkerd-identity-end-entity"
|
|
},
|
|
{
|
|
"mountPath": "/var/run/secrets/tokens",
|
|
"name": "linkerd-identity-token"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|