linkerd2/chart/templates/proxy_injector.yaml

{{with .Values -}}
---
###
### Proxy Injector
###
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: linkerd-proxy-injector
  namespace: {{.Namespace}}
  labels:
    {{.ControllerComponentLabel}}: proxy-injector
    {{.ControllerNamespaceLabel}}: {{.Namespace}}
  annotations:
    {{.CreatedByAnnotation}}: {{.CliVersion}}
spec:
  replicas: {{.ControllerReplicas}}
  selector:
    matchLabels:
      {{.ControllerComponentLabel}}: proxy-injector
  template:
    metadata:
      labels:
        {{.ControllerComponentLabel}}: proxy-injector
      annotations:
        {{.CreatedByAnnotation}}: {{.CliVersion}}
    spec:
      serviceAccountName: linkerd-proxy-injector
      containers:
      - name: proxy-injector
        image: {{.ControllerImage}}
        imagePullPolicy: {{.ImagePullPolicy}}
        args:
        - "proxy-injector"
        - "-log-level={{.ControllerLogLevel}}"
        ports:
        - name: proxy-injector
          containerPort: 8443
        - name: admin-http
          containerPort: 9995
        volumeMounts:
        - name: config
          mountPath: /var/run/linkerd/config
        - name: tls
          mountPath: /var/run/linkerd/tls
          readOnly: true
        livenessProbe:
          httpGet:
            path: /ping
            port: 9995
          initialDelaySeconds: 10
        readinessProbe:
          httpGet:
            path: /ready
            port: 9995
          failureThreshold: 7
        {{- include "resources" .ProxyInjectorResources | nindent 8 }}
        securityContext:
          runAsUser: {{.ControllerUID}}
      volumes:
      - name: config
        configMap:
          name: linkerd-config
      - name: tls
        secret:
          secretName: linkerd-proxy-injector-tls
      {{- if .HighAvailability }}
      {{- $local := dict "Label" .ControllerComponentLabel "Component" "proxy-injector" }}
      {{- include "pod-affinity" $local | nindent 6 }}
      {{- end }}

---
kind: Service
apiVersion: v1
metadata:
  name: linkerd-proxy-injector
  namespace: {{.Namespace}}
  labels:
    {{.ControllerComponentLabel}}: proxy-injector
    {{.ControllerNamespaceLabel}}: {{.Namespace}}
  annotations:
    {{.CreatedByAnnotation}}: {{.CliVersion}}
spec:
  type: ClusterIP
  selector:
    {{.ControllerComponentLabel}}: proxy-injector
  ports:
  - name: proxy-injector
    port: 443
    targetPort: proxy-injector
{{end -}}