1apiVersion: v1
2kind: Namespace
3metadata:
4 name: linkerdctl
5 labels:
6 workload.edge.ncr.com: 'platform'
7 platform.edge.ncr.com/component: linkerdctl
8 annotations:
9 linkerd.io/inject: disabled
10 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
11 pallet.edge.ncr.com/name: linkerdctl
12 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
13 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
14 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
15 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
16---
17apiVersion: apiextensions.k8s.io/v1
18kind: CustomResourceDefinition
19metadata:
20 name: linkerds.linkerd.edge.ncr.com
21 labels:
22 platform.edge.ncr.com/component: linkerdctl
23 annotations:
24 controller-gen.kubebuilder.io/version: (unknown)
25 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
26 pallet.edge.ncr.com/name: linkerdctl
27 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
28 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
29 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
30 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
31spec:
32 group: linkerd.edge.ncr.com
33 names:
34 kind: Linkerd
35 listKind: LinkerdList
36 plural: linkerds
37 shortNames:
38 - l5d
39 - l5ds
40 singular: linkerd
41 scope: Cluster
42 versions:
43 - name: v1alpha1
44 additionalPrinterColumns:
45 - name: Ready
46 type: string
47 jsonPath: .status.conditions[?(@.type=="Ready")].status
48 - name: Status
49 type: string
50 jsonPath: .status.conditions[?(@.type=="Ready")].message
51 - name: Version
52 type: string
53 jsonPath: .status.version
54 - name: Age
55 type: date
56 jsonPath: .metadata.creationTimestamp
57 schema:
58 openAPIV3Schema:
59 type: object
60 description: Linkerd is the Schema for the Linkerds API
61 properties:
62 apiVersion:
63 type: string
64 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
65 kind:
66 type: string
67 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
68 metadata:
69 type: object
70 spec:
71 type: object
72 description: LinkerdSpec defines the desired state of Linkerd
73 properties:
74 highAvailability:
75 type: object
76 description: HighAvailability contains the HighAvailability configuration options for a Linkerd installation
77 properties:
78 enabled:
79 type: boolean
80 injection:
81 type: object
82 description: Injection defines the configuration for automated proxy injection
83 properties:
84 enabled:
85 type: boolean
86 exclude:
87 type: object
88 description: Exclude defines the exclusion rules for proxy injection
89 properties:
90 namespaces:
91 type: array
92 items:
93 type: string
94 monitoring:
95 type: object
96 default:
97 enabled: true
98 description: Monitoring will be used to control monitoring features such as prometheus
99 properties:
100 enabled:
101 type: boolean
102 thickPosConfig:
103 type: object
104 description: ThickPosConfig defines alternate configuration for when thick-pos is enabled
105 properties:
106 identityIssuer:
107 type: object
108 description: IdentityIssuer defines the configuration for the Linkerd identity-issuer component
109 properties:
110 certificate:
111 type: object
112 description: Certificate defines configuration for a cert-manager Certificate
113 properties:
114 durationHours:
115 type: integer
116 renewBeforeHours:
117 type: integer
118 required:
119 - durationHours
120 - renewBeforeHours
121 required:
122 - certificate
123 required:
124 - identityIssuer
125 status:
126 type: object
127 description: LinkerdStatus defines the observed state of Linkerd
128 properties:
129 conditions:
130 type: array
131 items:
132 type: object
133 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
134 properties:
135 type:
136 type: string
137 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
138 maxLength: 316
139 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
140 status:
141 type: string
142 description: status of the condition, one of True, False, Unknown.
143 enum:
144 - "True"
145 - "False"
146 - Unknown
147 lastTransitionTime:
148 type: string
149 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
150 format: date-time
151 message:
152 type: string
153 description: message is a human readable message indicating details about the transition. This may be an empty string.
154 maxLength: 32768
155 observedGeneration:
156 type: integer
157 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
158 format: int64
159 minimum: 0
160 reason:
161 type: string
162 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
163 maxLength: 1024
164 minLength: 1
165 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
166 required:
167 - lastTransitionTime
168 - message
169 - reason
170 - status
171 - type
172 disabledNamespaces:
173 type: array
174 items:
175 type: string
176 injectedNamespaces:
177 type: array
178 items:
179 type: string
180 inventory:
181 type: object
182 description: ResourceInventory contains a list of Kubernetes resource object references that have been applied.
183 properties:
184 entries:
185 type: array
186 description: Entries of Kubernetes resource object references.
187 items:
188 type: object
189 description: ResourceRef contains the information necessary to locate a resource within a cluster.
190 properties:
191 id:
192 type: string
193 description: ID is the string representation of the Kubernetes resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
194 v:
195 type: string
196 description: Version is the API version of the Kubernetes resource object's kind.
197 required:
198 - id
199 - v
200 version:
201 type: string
202 served: true
203 storage: true
204 subresources:
205 status: {}
206---
207apiVersion: apiextensions.k8s.io/v1
208kind: CustomResourceDefinition
209metadata:
210 name: linkerdworkloadinjections.linkerd.edge.ncr.com
211 labels:
212 platform.edge.ncr.com/component: linkerdctl
213 annotations:
214 controller-gen.kubebuilder.io/version: (unknown)
215 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
216 pallet.edge.ncr.com/name: linkerdctl
217 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
218 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
219 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
220 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
221spec:
222 group: linkerd.edge.ncr.com
223 names:
224 kind: LinkerdWorkloadInjection
225 listKind: LinkerdWorkloadInjectionList
226 plural: linkerdworkloadinjections
227 singular: linkerdworkloadinjection
228 scope: Cluster
229 versions:
230 - name: v1alpha1
231 additionalPrinterColumns:
232 - name: Ready
233 type: string
234 jsonPath: .status.conditions[?(@.type=="Ready")].status
235 - name: Status
236 type: string
237 jsonPath: .status.conditions[?(@.type=="Ready")].message
238 - name: StartTime
239 type: string
240 jsonPath: .status.startedAt
241 - name: CompletionTime
242 type: string
243 jsonPath: .status.completedAt
244 - name: Age
245 type: date
246 jsonPath: .metadata.creationTimestamp
247 schema:
248 openAPIV3Schema:
249 type: object
250 description: LinkerdWorkloadInjection is the Schema for the LinkerdWorkloadInjection API
251 properties:
252 apiVersion:
253 type: string
254 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
255 kind:
256 type: string
257 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
258 metadata:
259 type: object
260 spec:
261 type: object
262 description: LinkerdInjectionWorkloadSpec defines list of namespaces to inject
263 properties:
264 namespaces:
265 type: array
266 items:
267 type: string
268 status:
269 type: object
270 description: LinkerdStatus defines the observed state of Linkerd
271 properties:
272 completedAt:
273 type: string
274 format: date-time
275 conditions:
276 type: array
277 items:
278 type: object
279 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
280 properties:
281 type:
282 type: string
283 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
284 maxLength: 316
285 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
286 status:
287 type: string
288 description: status of the condition, one of True, False, Unknown.
289 enum:
290 - "True"
291 - "False"
292 - Unknown
293 lastTransitionTime:
294 type: string
295 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
296 format: date-time
297 message:
298 type: string
299 description: message is a human readable message indicating details about the transition. This may be an empty string.
300 maxLength: 32768
301 observedGeneration:
302 type: integer
303 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
304 format: int64
305 minimum: 0
306 reason:
307 type: string
308 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
309 maxLength: 1024
310 minLength: 1
311 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
312 required:
313 - lastTransitionTime
314 - message
315 - reason
316 - status
317 - type
318 failedInventory:
319 type: object
320 description: ResourceInventory contains a list of Kubernetes resource object references that have been applied.
321 properties:
322 entries:
323 type: array
324 description: Entries of Kubernetes resource object references.
325 items:
326 type: object
327 description: ResourceRef contains the information necessary to locate a resource within a cluster.
328 properties:
329 id:
330 type: string
331 description: ID is the string representation of the Kubernetes resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
332 v:
333 type: string
334 description: Version is the API version of the Kubernetes resource object's kind.
335 required:
336 - id
337 - v
338 inventory:
339 type: object
340 description: ResourceInventory contains a list of Kubernetes resource object references that have been applied.
341 properties:
342 entries:
343 type: array
344 description: Entries of Kubernetes resource object references.
345 items:
346 type: object
347 description: ResourceRef contains the information necessary to locate a resource within a cluster.
348 properties:
349 id:
350 type: string
351 description: ID is the string representation of the Kubernetes resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
352 v:
353 type: string
354 description: Version is the API version of the Kubernetes resource object's kind.
355 required:
356 - id
357 - v
358 startedAt:
359 type: string
360 format: date-time
361 served: true
362 storage: true
363 subresources:
364 status: {}
365---
366apiVersion: apiextensions.k8s.io/v1
367kind: CustomResourceDefinition
368metadata:
369 name: serverauthorizations.policy.linkerd.io
370 labels:
371 helm.sh/chart: linkerd2-0.1.0
372 linkerd.io/control-plane-ns: linkerd
373 platform.edge.ncr.com/component: linkerdctl
374 annotations:
375 linkerd.io/created-by: linkerd/cli stable-2.11.4
376 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
377 pallet.edge.ncr.com/name: linkerdctl
378 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
379 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
380 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
381 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
382spec:
383 group: policy.linkerd.io
384 names:
385 kind: ServerAuthorization
386 plural: serverauthorizations
387 shortNames: [saz]
388 singular: serverauthorization
389 scope: Namespaced
390 versions:
391 - name: v1alpha1
392 schema:
393 openAPIV3Schema:
394 type: object
395 properties:
396 spec:
397 type: object
398 description: >-
399 Authorizes clients to communicate with Linkerd-proxied servers.
400 properties:
401 client:
402 type: object
403 description: Describes clients authorized to access a server.
404 properties:
405 meshTLS:
406 type: object
407 properties:
408 identities:
409 type: array
410 description: >-
411 Authorizes clients with the provided proxy identity strings (as provided via MTLS)
412
413 The `*` prefix can be used to match all identities in a domain. An identity string of `*` indicates that all authentication clients are authorized.
414 items:
415 type: string
416 pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
417 serviceAccounts:
418 type: array
419 description: >-
420 Authorizes clients with the provided proxy identity service accounts (as provided via MTLS)
421 items:
422 type: object
423 properties:
424 name:
425 type: string
426 description: The ServiceAccount's name.
427 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
428 namespace:
429 type: string
430 description: >-
431 The ServiceAccount's namespace. If unset, the authorization's namespace is used.
432 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
433 required: [name]
434 unauthenticatedTLS:
435 type: boolean
436 description: >-
437 Indicates that no client identity is required for communication.
438
439 This is mostly important for the identity controller, which must terminate TLS connections from clients that do not yet have a certificate.
440 networks:
441 type: array
442 description: >-
443 Limits the client IP addresses to which this authorization applies. If unset, the server chooses a default (typically, all IPs or the cluster's pod network).
444 items:
445 type: object
446 properties:
447 cidr:
448 type: string
449 except:
450 type: array
451 items:
452 type: string
453 required: [cidr]
454 unauthenticated:
455 type: boolean
456 description: >-
457 Authorizes unauthenticated clients to access a server.
458 server:
459 type: object
460 description: >-
461 Identifies servers in the same namespace for which this authorization applies.
462
463 Only one of `name` or `selector` may be specified.
464 oneOf:
465 - required: [name]
466 - required: [selector]
467 properties:
468 name:
469 type: string
470 description: References a `Server` instance by name
471 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
472 selector:
473 type: object
474 description: >-
475 A label query over servers on which this authorization applies.
476 properties:
477 matchExpressions:
478 type: array
479 items:
480 type: object
481 properties:
482 key:
483 type: string
484 operator:
485 type: string
486 enum: [In, NotIn, Exists, DoesNotExist]
487 values:
488 type: array
489 items:
490 type: string
491 required: [key, operator]
492 matchLabels:
493 type: object
494 x-kubernetes-preserve-unknown-fields: true
495 required: [server, client]
496 required: [spec]
497 served: true
498 storage: false
499 - name: v1beta1
500 additionalPrinterColumns:
501 - name: Server
502 type: string
503 description: The server that this grants access to
504 jsonPath: .spec.server.name
505 schema:
506 openAPIV3Schema:
507 type: object
508 properties:
509 spec:
510 type: object
511 description: >-
512 Authorizes clients to communicate with Linkerd-proxied servers.
513 properties:
514 client:
515 type: object
516 description: Describes clients authorized to access a server.
517 properties:
518 meshTLS:
519 type: object
520 properties:
521 identities:
522 type: array
523 description: >-
524 Authorizes clients with the provided proxy identity strings (as provided via MTLS)
525
526 The `*` prefix can be used to match all identities in a domain. An identity string of `*` indicates that all authentication clients are authorized.
527 items:
528 type: string
529 pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
530 serviceAccounts:
531 type: array
532 description: >-
533 Authorizes clients with the provided proxy identity service accounts (as provided via MTLS)
534 items:
535 type: object
536 properties:
537 name:
538 type: string
539 description: The ServiceAccount's name.
540 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
541 namespace:
542 type: string
543 description: >-
544 The ServiceAccount's namespace. If unset, the authorization's namespace is used.
545 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
546 required: [name]
547 unauthenticatedTLS:
548 type: boolean
549 description: >-
550 Indicates that no client identity is required for communication.
551
552 This is mostly important for the identity controller, which must terminate TLS connections from clients that do not yet have a certificate.
553 networks:
554 type: array
555 description: >-
556 Limits the client IP addresses to which this authorization applies. If unset, the server chooses a default (typically, all IPs or the cluster's pod network).
557 items:
558 type: object
559 properties:
560 cidr:
561 type: string
562 except:
563 type: array
564 items:
565 type: string
566 required: [cidr]
567 unauthenticated:
568 type: boolean
569 description: >-
570 Authorizes unauthenticated clients to access a server.
571 server:
572 type: object
573 description: >-
574 Identifies servers in the same namespace for which this authorization applies.
575
576 Only one of `name` or `selector` may be specified.
577 oneOf:
578 - required: [name]
579 - required: [selector]
580 properties:
581 name:
582 type: string
583 description: References a `Server` instance by name
584 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
585 selector:
586 type: object
587 description: >-
588 A label query over servers on which this authorization applies.
589 properties:
590 matchExpressions:
591 type: array
592 items:
593 type: object
594 properties:
595 key:
596 type: string
597 operator:
598 type: string
599 enum: [In, NotIn, Exists, DoesNotExist]
600 values:
601 type: array
602 items:
603 type: string
604 required: [key, operator]
605 matchLabels:
606 type: object
607 x-kubernetes-preserve-unknown-fields: true
608 required: [server, client]
609 required: [spec]
610 served: true
611 storage: true
612---
613# CRDs taken directly from Linkerd installation manifests, installed
614# alongside the linkerd controller so that the CRDs are available before Linkerd
615# is installed. This is needed so that components can include instances of these
616# CRDs alongside their deployment manifests. Otherwise, Flux will fail to apply
617# those objects infinitely. This could be resolved by applying the Linkerd
618# controller first + an installation CRD, but is not really reasonable.
619# These CRDs aren't generated from the source code to make it easy to keep in
620# lock step because of course Linkerd does some wild shit that makes it impossible
621# to generate the CRDs using standard tooling such as controller-gen. My goodness
622# I hate Linkerd.
623#
624# These must be updated in lockstep with the embedded manifests that the Linkerd
625# controller actually deploys.
626apiVersion: apiextensions.k8s.io/v1
627kind: CustomResourceDefinition
628metadata:
629 name: servers.policy.linkerd.io
630 labels:
631 helm.sh/chart: linkerd2-0.1.0
632 linkerd.io/control-plane-ns: linkerd
633 platform.edge.ncr.com/component: linkerdctl
634 annotations:
635 linkerd.io/created-by: linkerd/cli stable-2.11.4
636 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
637 pallet.edge.ncr.com/name: linkerdctl
638 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
639 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
640 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
641 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
642spec:
643 group: policy.linkerd.io
644 names:
645 kind: Server
646 plural: servers
647 shortNames: [srv]
648 singular: server
649 scope: Namespaced
650 versions:
651 - name: v1alpha1
652 deprecated: true
653 deprecationWarning: "policy.linkerd.io/v1alpha1 Server is deprecated; use policy.linkerd.io/v1beta1 Server"
654 schema:
655 openAPIV3Schema:
656 type: object
657 properties:
658 spec:
659 type: object
660 properties:
661 port:
662 description: >-
663 A port name or number. Must exist in a pod spec.
664 x-kubernetes-int-or-string: true
665 podSelector:
666 type: object
667 description: >-
668 Selects pods in the same namespace.
669 oneOf:
670 - required: [matchExpressions]
671 - required: [matchLabels]
672 properties:
673 matchExpressions:
674 type: array
675 items:
676 type: object
677 properties:
678 key:
679 type: string
680 operator:
681 type: string
682 enum: [In, NotIn, Exists, DoesNotExist]
683 values:
684 type: array
685 items:
686 type: string
687 required: [key, operator]
688 matchLabels:
689 type: object
690 x-kubernetes-preserve-unknown-fields: true
691 proxyProtocol:
692 type: string
693 default: unknown
694 description: >-
695 Configures protocol discovery for inbound connections.
696
697 Supersedes the `config.linkerd.io/opaque-ports` annotation.
698 enum:
699 - unknown
700 - HTTP/1
701 - HTTP/2
702 - gRPC
703 - opaque
704 - TLS
705 required:
706 - podSelector
707 - port
708 required: [spec]
709 served: true
710 storage: false
711 - name: v1beta1
712 additionalPrinterColumns:
713 - name: Port
714 type: string
715 description: The port the server is listening on
716 jsonPath: .spec.port
717 - name: Protocol
718 type: string
719 description: The protocol of the server
720 jsonPath: .spec.proxyProtocol
721 schema:
722 openAPIV3Schema:
723 type: object
724 properties:
725 spec:
726 type: object
727 properties:
728 port:
729 description: >-
730 A port name or number. Must exist in a pod spec.
731 x-kubernetes-int-or-string: true
732 podSelector:
733 type: object
734 description: >-
735 Selects pods in the same namespace.
736
737 The result of matchLabels and matchExpressions are ANDed. Selects all if empty.
738 properties:
739 matchExpressions:
740 type: array
741 items:
742 type: object
743 properties:
744 key:
745 type: string
746 operator:
747 type: string
748 enum: [In, NotIn, Exists, DoesNotExist]
749 values:
750 type: array
751 items:
752 type: string
753 required: [key, operator]
754 matchLabels:
755 type: object
756 x-kubernetes-preserve-unknown-fields: true
757 proxyProtocol:
758 type: string
759 default: unknown
760 description: >-
761 Configures protocol discovery for inbound connections.
762
763 Supersedes the `config.linkerd.io/opaque-ports` annotation.
764 enum:
765 - unknown
766 - HTTP/1
767 - HTTP/2
768 - gRPC
769 - opaque
770 - TLS
771 required:
772 - podSelector
773 - port
774 required: [spec]
775 served: true
776 storage: true
777---
778###
779### Service Profile CRD
780###
781apiVersion: apiextensions.k8s.io/v1
782kind: CustomResourceDefinition
783metadata:
784 name: serviceprofiles.linkerd.io
785 labels:
786 linkerd.io/control-plane-ns: linkerd
787 platform.edge.ncr.com/component: linkerdctl
788 annotations:
789 linkerd.io/created-by: linkerd/cli stable-2.11.4
790 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
791 pallet.edge.ncr.com/name: linkerdctl
792 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
793 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
794 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
795 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
796spec:
797 group: linkerd.io
798 names:
799 kind: ServiceProfile
800 plural: serviceprofiles
801 shortNames:
802 - sp
803 singular: serviceprofile
804 preserveUnknownFields: false
805 scope: Namespaced
806 versions:
807 - name: v1alpha1
808 schema:
809 openAPIV3Schema:
810 type: object
811 properties:
812 spec:
813 type: object
814 description: Spec is the custom resource spec
815 properties:
816 dstOverrides:
817 type: array
818 items:
819 type: object
820 description: WeightedDst is a weighted alternate destination.
821 properties:
822 authority:
823 type: string
824 weight:
825 anyOf:
826 - type: integer
827 - type: string
828 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
829 x-kubernetes-int-or-string: true
830 required:
831 - authority
832 - weight
833 opaquePorts:
834 type: array
835 items:
836 type: string
837 retryBudget:
838 type: object
839 description: RetryBudget describes the maximum number of retries that should be issued to this service.
840 properties:
841 minRetriesPerSecond:
842 type: integer
843 format: int32
844 retryRatio:
845 type: number
846 format: float
847 ttl:
848 type: string
849 required:
850 - minRetriesPerSecond
851 - retryRatio
852 - ttl
853 routes:
854 type: array
855 items:
856 type: object
857 description: RouteSpec specifies a Route resource.
858 properties:
859 name:
860 type: string
861 condition:
862 type: object
863 description: RequestMatch describes the conditions under which to match a Route.
864 properties:
865 all:
866 type: array
867 items:
868 type: object
869 x-kubernetes-preserve-unknown-fields: true
870 any:
871 type: array
872 items:
873 type: object
874 x-kubernetes-preserve-unknown-fields: true
875 method:
876 type: string
877 not:
878 type: array
879 items:
880 type: object
881 x-kubernetes-preserve-unknown-fields: true
882 pathRegex:
883 type: string
884 isRetryable:
885 type: boolean
886 responseClasses:
887 type: array
888 items:
889 type: object
890 description: ResponseClass describes how to classify a response (e.g. success or failures).
891 properties:
892 condition:
893 type: object
894 description: ResponseMatch describes the conditions under which to classify a response.
895 properties:
896 status:
897 type: object
898 description: Range describes a range of integers (e.g. status codes).
899 properties:
900 max:
901 type: integer
902 format: int32
903 min:
904 type: integer
905 format: int32
906 all:
907 type: array
908 items:
909 type: object
910 x-kubernetes-preserve-unknown-fields: true
911 any:
912 type: array
913 items:
914 type: object
915 x-kubernetes-preserve-unknown-fields: true
916 not:
917 type: array
918 items:
919 type: object
920 x-kubernetes-preserve-unknown-fields: true
921 isFailure:
922 type: boolean
923 required:
924 - condition
925 timeout:
926 type: string
927 required:
928 - condition
929 - name
930 required:
931 - routes
932 served: true
933 storage: false
934 - name: v1alpha2
935 schema:
936 openAPIV3Schema:
937 type: object
938 properties:
939 spec:
940 type: object
941 description: Spec is the custom resource spec
942 properties:
943 dstOverrides:
944 type: array
945 items:
946 type: object
947 description: WeightedDst is a weighted alternate destination.
948 properties:
949 authority:
950 type: string
951 weight:
952 anyOf:
953 - type: integer
954 - type: string
955 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
956 x-kubernetes-int-or-string: true
957 required:
958 - authority
959 - weight
960 opaquePorts:
961 type: array
962 items:
963 type: string
964 retryBudget:
965 type: object
966 description: RetryBudget describes the maximum number of retries that should be issued to this service.
967 properties:
968 minRetriesPerSecond:
969 type: integer
970 format: int32
971 retryRatio:
972 type: number
973 format: float
974 ttl:
975 type: string
976 required:
977 - minRetriesPerSecond
978 - retryRatio
979 - ttl
980 routes:
981 type: array
982 items:
983 type: object
984 description: RouteSpec specifies a Route resource.
985 properties:
986 name:
987 type: string
988 condition:
989 type: object
990 description: RequestMatch describes the conditions under which to match a Route.
991 properties:
992 all:
993 type: array
994 items:
995 type: object
996 x-kubernetes-preserve-unknown-fields: true
997 any:
998 type: array
999 items:
1000 type: object
1001 x-kubernetes-preserve-unknown-fields: true
1002 method:
1003 type: string
1004 not:
1005 type: array
1006 items:
1007 type: object
1008 x-kubernetes-preserve-unknown-fields: true
1009 pathRegex:
1010 type: string
1011 isRetryable:
1012 type: boolean
1013 responseClasses:
1014 type: array
1015 items:
1016 type: object
1017 description: ResponseClass describes how to classify a response (e.g. success or failures).
1018 properties:
1019 condition:
1020 type: object
1021 description: ResponseMatch describes the conditions under which to classify a response.
1022 properties:
1023 status:
1024 type: object
1025 description: Range describes a range of integers (e.g. status codes).
1026 properties:
1027 max:
1028 type: integer
1029 format: int32
1030 min:
1031 type: integer
1032 format: int32
1033 all:
1034 type: array
1035 items:
1036 type: object
1037 x-kubernetes-preserve-unknown-fields: true
1038 any:
1039 type: array
1040 items:
1041 type: object
1042 x-kubernetes-preserve-unknown-fields: true
1043 not:
1044 type: array
1045 items:
1046 type: object
1047 x-kubernetes-preserve-unknown-fields: true
1048 isFailure:
1049 type: boolean
1050 required:
1051 - condition
1052 timeout:
1053 type: string
1054 required:
1055 - condition
1056 - name
1057 served: true
1058 storage: true
1059---
1060###
1061### TrafficSplit CRD
1062### Copied from github.com/servicemeshinterface/smi-sdk-go/blob/d4e76b1cd7a33ead5f38d1262dd838a31c80f4e5/crds/split.yaml
1063###
1064apiVersion: apiextensions.k8s.io/v1
1065kind: CustomResourceDefinition
1066metadata:
1067 name: trafficsplits.split.smi-spec.io
1068 labels:
1069 linkerd.io/control-plane-ns: linkerd
1070 platform.edge.ncr.com/component: linkerdctl
1071 annotations:
1072 linkerd.io/created-by: linkerd/cli stable-2.11.4
1073 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1074 pallet.edge.ncr.com/name: linkerdctl
1075 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1076 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1077 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
1078 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1079spec:
1080 conversion:
1081 strategy: None
1082 group: split.smi-spec.io
1083 names:
1084 kind: TrafficSplit
1085 listKind: TrafficSplitList
1086 plural: trafficsplits
1087 shortNames:
1088 - ts
1089 singular: trafficsplit
1090 preserveUnknownFields: false
1091 scope: Namespaced
1092 versions:
1093 - name: v1alpha1
1094 additionalPrinterColumns:
1095 - name: Service
1096 type: string
1097 description: The apex service of this split.
1098 jsonPath: .spec.service
1099 schema:
1100 openAPIV3Schema:
1101 type: object
1102 properties:
1103 spec:
1104 type: object
1105 properties:
1106 service:
1107 type: string
1108 description: The apex service of this split.
1109 backends:
1110 type: array
1111 description: The backend services of this split.
1112 items:
1113 type: object
1114 properties:
1115 service:
1116 type: string
1117 description: Name of the Kubernetes service.
1118 weight:
1119 description: Traffic weight value of this backend.
1120 x-kubernetes-int-or-string: true
1121 required: ['service', 'weight']
1122 required:
1123 - service
1124 - backends
1125 served: true
1126 storage: true
1127 - name: v1alpha2
1128 additionalPrinterColumns:
1129 - name: Service
1130 type: string
1131 description: The apex service of this split.
1132 jsonPath: .spec.service
1133 schema:
1134 openAPIV3Schema:
1135 type: object
1136 properties:
1137 spec:
1138 type: object
1139 properties:
1140 service:
1141 type: string
1142 description: The apex service of this split.
1143 backends:
1144 type: array
1145 description: The backend services of this split.
1146 items:
1147 type: object
1148 properties:
1149 service:
1150 type: string
1151 description: Name of the Kubernetes service.
1152 weight:
1153 type: number
1154 description: Traffic weight value of this backend.
1155 required: ['service', 'weight']
1156 required:
1157 - service
1158 - backends
1159 served: true
1160 storage: false
1161---
1162apiVersion: v1
1163kind: ServiceAccount
1164metadata:
1165 name: linkerdctl
1166 namespace: linkerdctl
1167 labels:
1168 platform.edge.ncr.com/component: linkerdctl
1169 annotations:
1170 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1171 pallet.edge.ncr.com/name: linkerdctl
1172 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1173 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1174 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
1175 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1176---
1177apiVersion: rbac.authorization.k8s.io/v1
1178kind: ClusterRole
1179metadata:
1180 name: linkerdctl
1181 labels:
1182 platform.edge.ncr.com/component: linkerdctl
1183 annotations:
1184 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1185 pallet.edge.ncr.com/name: linkerdctl
1186 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1187 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1188 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
1189 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1190rules:
1191- resources:
1192 - configmaps
1193 - namespaces
1194 - pods
1195 - secrets
1196 - serviceaccounts
1197 - services
1198 apiGroups:
1199 - ""
1200 verbs:
1201 - create
1202 - delete
1203 - get
1204 - list
1205 - patch
1206 - update
1207 - watch
1208- resources:
1209 - namespaces/status
1210 - services/status
1211 apiGroups:
1212 - ""
1213 verbs:
1214 - get
1215- resources:
1216 - nodes
1217 apiGroups:
1218 - ""
1219 verbs:
1220 - get
1221 - list
1222 - watch
1223- resources:
1224 - mutatingwebhookconfigurations
1225 - validatingwebhookconfigurations
1226 apiGroups:
1227 - admissionregistration.k8s.io
1228 verbs:
1229 - create
1230 - delete
1231 - get
1232 - list
1233 - patch
1234 - update
1235 - watch
1236- resources:
1237 - customresourcedefinitions
1238 apiGroups:
1239 - apiextensions.k8s.io
1240 verbs:
1241 - create
1242 - delete
1243 - get
1244 - list
1245 - patch
1246 - update
1247 - watch
1248- resources:
1249 - customresourcedefinitions/status
1250 apiGroups:
1251 - apiextensions.k8s.io
1252 verbs:
1253 - get
1254- resources:
1255 - daemonsets
1256 - deployments
1257 - replicasets
1258 - statefulsets
1259 apiGroups:
1260 - apps
1261 verbs:
1262 - create
1263 - delete
1264 - get
1265 - list
1266 - patch
1267 - update
1268 - watch
1269- resources:
1270 - deployments/status
1271 apiGroups:
1272 - apps
1273 verbs:
1274 - get
1275- resources:
1276 - cronjobs
1277 apiGroups:
1278 - batch
1279 verbs:
1280 - create
1281 - delete
1282 - get
1283 - list
1284 - patch
1285 - update
1286 - watch
1287- resources:
1288 - cronjobs/status
1289 apiGroups:
1290 - batch
1291 verbs:
1292 - get
1293- resources:
1294 - certificates
1295 - issuers
1296 apiGroups:
1297 - cert-manager.io
1298 verbs:
1299 - create
1300 - get
1301 - list
1302 - patch
1303 - update
1304 - watch
1305- resources:
1306 - certificates/status
1307 - issuers/status
1308 apiGroups:
1309 - cert-manager.io
1310 verbs:
1311 - get
1312- resources:
1313 - linkerds
1314 apiGroups:
1315 - linkerd.edge.ncr.com
1316 verbs:
1317 - get
1318 - list
1319 - patch
1320 - update
1321 - watch
1322- resources:
1323 - linkerds/status
1324 apiGroups:
1325 - linkerd.edge.ncr.com
1326 verbs:
1327 - get
1328 - patch
1329 - update
1330- resources:
1331 - linkerdworkloadinjections
1332 apiGroups:
1333 - linkerd.edge.ncr.com
1334 verbs:
1335 - get
1336 - list
1337 - patch
1338 - update
1339 - watch
1340- resources:
1341 - linkerdworkloadinjections/status
1342 apiGroups:
1343 - linkerd.edge.ncr.com
1344 verbs:
1345 - get
1346 - patch
1347 - update
1348- resources:
1349 - podmonitors
1350 apiGroups:
1351 - monitoring.coreos.com
1352 verbs:
1353 - create
1354 - get
1355 - list
1356 - patch
1357 - update
1358 - watch
1359- resources:
1360 - poddisruptionbudgets
1361 - podsecuritypolicies
1362 apiGroups:
1363 - policy
1364 verbs:
1365 - create
1366 - delete
1367 - get
1368 - list
1369 - patch
1370 - update
1371 - watch
1372- resources:
1373 - serverauthorizations
1374 - servers
1375 apiGroups:
1376 - policy.linkerd.io
1377 verbs:
1378 - create
1379 - delete
1380 - get
1381 - list
1382 - patch
1383 - update
1384 - watch
1385- resources:
1386 - clusterrolebindings
1387 - clusterroles
1388 - rolebindings
1389 - roles
1390 apiGroups:
1391 - rbac.authorization.k8s.io
1392 verbs:
1393 - create
1394 - delete
1395 - get
1396 - list
1397 - patch
1398 - update
1399 - watch
1400- resources:
1401 - clusterroles
1402 - roles
1403 apiGroups:
1404 - rbac.authorization.k8s.io
1405 verbs:
1406 - bind
1407 - escalate
1408- resources:
1409 - clusters
1410 apiGroups:
1411 - redpanda.vectorized.io
1412 verbs:
1413 - get
1414 - list
1415 - patch
1416 - watch
1417---
1418apiVersion: rbac.authorization.k8s.io/v1
1419kind: ClusterRoleBinding
1420metadata:
1421 name: linkerdctl
1422 labels:
1423 platform.edge.ncr.com/component: linkerdctl
1424 annotations:
1425 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1426 pallet.edge.ncr.com/name: linkerdctl
1427 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1428 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1429 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
1430 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1431roleRef:
1432 name: linkerdctl
1433 kind: ClusterRole
1434 apiGroup: rbac.authorization.k8s.io
1435subjects:
1436- name: linkerdctl
1437 namespace: linkerdctl
1438 kind: ServiceAccount
1439---
1440apiVersion: apps/v1
1441kind: Deployment
1442metadata:
1443 name: linkerdctl
1444 labels:
1445 build.edge.ncr.com/commit: e48f14778bcd6a9500934a382cb1339bf097186f
1446 build.edge.ncr.com/id: "2529169216"
1447 build.edge.ncr.com/org: edge-infra
1448 build.edge.ncr.com/repo: ncrvoyix-swt-retail
1449 build.edge.ncr.com/semver: 0.3.5
1450 build.edge.ncr.com/timestamp: "1655730650"
1451 platform.edge.ncr.com/component: linkerdctl
1452 namespace: linkerdctl
1453 annotations:
1454 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1455 pallet.edge.ncr.com/name: linkerdctl
1456 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1457 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1458 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
1459 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1460spec:
1461 replicas: 1
1462 selector:
1463 matchLabels:
1464 platform.edge.ncr.com/component: linkerdctl
1465 template:
1466 spec:
1467 serviceAccountName: linkerdctl
1468 containers:
1469 - name: linkerdctl
1470 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/linkerdctl@sha256:3dff168315dcac2a2e3d093c3c0d00ff696b9ff7a54328fd648f79e6d57ee7da
1471 resources:
1472 limits:
1473 cpu: "100m"
1474 imagePullPolicy: IfNotPresent
1475 envFrom:
1476 - secretRef:
1477 name: ldkey
1478 imagePullSecrets:
1479 - name: edge-docker-pull-secret
1480 metadata:
1481 labels:
1482 platform.edge.ncr.com/component: linkerdctl
1483 annotations:
1484 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1485 pallet.edge.ncr.com/name: linkerdctl
1486 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1487 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1488 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
1489 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1490---
1491apiVersion: external-secrets.io/v1beta1
1492kind: ExternalSecret
1493metadata:
1494 name: ldkey
1495 namespace: linkerdctl
1496 labels:
1497 platform.edge.ncr.com/component: linkerdctl
1498 annotations:
1499 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1500 pallet.edge.ncr.com/name: linkerdctl
1501 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1502 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1503 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
1504 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1505spec:
1506 data:
1507 - remoteRef:
1508 key: edge-backend-launch-darkly-sdk-key
1509 secretKey: LD_KEY
1510 refreshInterval: 1m
1511 secretStoreRef:
1512 name: gcp-provider
1513 kind: ClusterSecretStore
1514 target:
1515 name: ldkey
1516 creationPolicy: Owner
View as plain text