mirror of https://github.com/linkerd/linkerd2.git
63 lines
2.3 KiB
Smarty
63 lines
2.3 KiB
Smarty
{{- define "partials.proxy-init" -}}
|
|
args:
|
|
- --incoming-proxy-port
|
|
- {{.Values.global.proxy.ports.inbound | quote}}
|
|
- --outgoing-proxy-port
|
|
- {{.Values.global.proxy.ports.outbound | quote}}
|
|
- --proxy-uid
|
|
- {{.Values.global.proxy.uid | quote}}
|
|
- --inbound-ports-to-ignore
|
|
- "{{.Values.global.proxy.ports.control}},{{.Values.global.proxy.ports.admin}}{{ternary (printf ",%s" .Values.global.proxyInit.ignoreInboundPorts) "" (not (empty .Values.global.proxyInit.ignoreInboundPorts)) }}"
|
|
{{- if .Values.global.proxyInit.ignoreOutboundPorts }}
|
|
- --outbound-ports-to-ignore
|
|
- {{.Values.global.proxyInit.ignoreOutboundPorts | quote}}
|
|
{{- end }}
|
|
{{- if .Values.global.proxyInit.closeWaitTimeoutSecs }}
|
|
- --timeout-close-wait-secs
|
|
- {{ .Values.global.proxyInit.closeWaitTimeoutSecs | quote}}
|
|
{{- end }}
|
|
image: {{.Values.global.proxyInit.image.name}}:{{.Values.global.proxyInit.image.version}}
|
|
imagePullPolicy: {{.Values.global.proxyInit.image.pullPolicy}}
|
|
name: linkerd-init
|
|
{{ include "partials.resources" .Values.global.proxyInit.resources }}
|
|
securityContext:
|
|
{{- if .Values.global.proxyInit.closeWaitTimeoutSecs }}
|
|
allowPrivilegeEscalation: true
|
|
{{- else }}
|
|
allowPrivilegeEscalation: false
|
|
{{- end }}
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
{{- if .Values.global.proxyInit.capabilities -}}
|
|
{{- if .Values.global.proxyInit.capabilities.add }}
|
|
{{- toYaml .Values.global.proxyInit.capabilities.add | trim | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.global.proxyInit.capabilities.drop -}}
|
|
{{- include "partials.proxy-init.capabilities.drop" . | nindent 4 -}}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.global.proxyInit.closeWaitTimeoutSecs }}
|
|
privileged: true
|
|
{{- else }}
|
|
privileged: false
|
|
{{- end }}
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: false
|
|
runAsUser: 0
|
|
terminationMessagePolicy: FallbackToLogsOnError
|
|
{{- if or (not .Values.global.cniEnabled) .Values.global.proxyInit.saMountPath }}
|
|
volumeMounts:
|
|
{{- end -}}
|
|
{{- if not .Values.global.cniEnabled }}
|
|
- mountPath: {{.Values.global.proxyInit.xtMountPath.mountPath}}
|
|
name: {{.Values.global.proxyInit.xtMountPath.name}}
|
|
{{- end -}}
|
|
{{- if .Values.global.proxyInit.saMountPath }}
|
|
- mountPath: {{.Values.global.proxyInit.saMountPath.mountPath}}
|
|
name: {{.Values.global.proxyInit.saMountPath.name}}
|
|
readOnly: {{.Values.global.proxyInit.saMountPath.readOnly}}
|
|
{{- end -}}
|
|
{{- end -}}
|