linkerd
/
website
mirror of https://github.com/linkerd/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
website/linkerd.io/content/2.18/reference/proxy-configuration.md

2.4 KiB
Raw Permalink Blame History

title description
Proxy Configuration Linkerd provides a set of annotations that can be used to override the data plane proxy's configuration.

Linkerd provides a set of annotations that can be used to override the data plane proxy's configuration. This is useful for overriding the default configurations of auto-injected proxies.

The following is the list of supported annotations:

{{< docs/cli-annotations "inject" >}}

For example, to update an auto-injected proxy's CPU and memory resources, we insert the appropriate annotations into the spec.template.metadata.annotations of the owner's pod spec, using kubectl edit like this:

spec:
  template:
    metadata:
      annotations:
        config.linkerd.io/proxy-cpu-limit: "1"
        config.linkerd.io/proxy-cpu-request: "0.2"
        config.linkerd.io/proxy-memory-limit: 2Gi
        config.linkerd.io/proxy-memory-request: 128Mi

See here for details on tuning the proxy's resource usage.

For proxies injected using the linkerd inject command, configuration can be overridden using the command-line flags.

Ingress Mode

{{< warning >}} When an ingress is meshed in ingress mode by using linkerd.io/inject: ingress, the ingress must be configured to remove the l5d-dst-override header to avoid creating an open relay to cluster-local and external endpoints. {{< /warning >}}

Proxy ingress mode is a mode of operation designed to help Linkerd integrate with certain ingress controllers. Ingress mode is necessary if the ingress itself cannot be otherwise configured to use the Service port/ip as the destination.

When an individual Linkerd proxy is set to ingress mode, it will route requests based on their :authority, Host, or l5d-dst-override headers instead of their original destination. This will inform Linkerd to override the endpoint selection of the ingress container and to perform its own endpoint selection, enabling features such as per-route metrics and traffic splitting.

The proxy can be configured to run in ingress mode by using the linkerd.io/inject: ingress annotation rather than the default linkerd.io/inject: enabled annotation. This can also be done with the --ingress flag in the inject CLI command:

kubectl get deployment <ingress-controller> -n <ingress-namespace> -o yaml | linkerd inject --ingress - | kubectl apply -f -