apiVersion: v1 kind: Namespace metadata: name: linkerdctl labels: workload.edge.ncr.com: 'platform' platform.edge.ncr.com/component: linkerdctl annotations: linkerd.io/inject: disabled pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: linkerds.linkerd.edge.ncr.com labels: platform.edge.ncr.com/component: linkerdctl annotations: controller-gen.kubebuilder.io/version: (unknown) pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: linkerd.edge.ncr.com names: kind: Linkerd listKind: LinkerdList plural: linkerds shortNames: - l5d - l5ds singular: linkerd scope: Cluster versions: - name: v1alpha1 additionalPrinterColumns: - name: Ready type: string jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Status type: string jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Version type: string jsonPath: .status.version - name: Age type: date jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object description: Linkerd is the Schema for the Linkerds API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: LinkerdSpec defines the desired state of Linkerd properties: highAvailability: type: object description: HighAvailability contains the HighAvailability configuration options for a Linkerd installation properties: enabled: type: boolean injection: type: object description: Injection defines the configuration for automated proxy injection properties: enabled: type: boolean exclude: type: object description: Exclude defines the exclusion rules for proxy injection properties: namespaces: type: array items: type: string monitoring: type: object default: enabled: true description: Monitoring will be used to control monitoring features such as prometheus properties: enabled: type: boolean thickPosConfig: type: object description: ThickPosConfig defines alternate configuration for when thick-pos is enabled properties: identityIssuer: type: object description: IdentityIssuer defines the configuration for the Linkerd identity-issuer component properties: certificate: type: object description: Certificate defines configuration for a cert-manager Certificate properties: durationHours: type: integer renewBeforeHours: type: integer required: - durationHours - renewBeforeHours required: - certificate required: - identityIssuer status: type: object description: LinkerdStatus defines the observed state of Linkerd properties: conditions: type: array items: type: object description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: type: type: string description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ status: type: string description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown lastTransitionTime: type: string description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time message: type: string description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 observedGeneration: type: integer description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 reason: type: string description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ required: - lastTransitionTime - message - reason - status - type disabledNamespaces: type: array items: type: string injectedNamespaces: type: array items: type: string inventory: type: object description: ResourceInventory contains a list of Kubernetes resource object references that have been applied. properties: entries: type: array description: Entries of Kubernetes resource object references. items: type: object description: ResourceRef contains the information necessary to locate a resource within a cluster. properties: id: type: string description: ID is the string representation of the Kubernetes resource object's metadata, in the format '___'. v: type: string description: Version is the API version of the Kubernetes resource object's kind. required: - id - v version: type: string served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: linkerdworkloadinjections.linkerd.edge.ncr.com labels: platform.edge.ncr.com/component: linkerdctl annotations: controller-gen.kubebuilder.io/version: (unknown) pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: linkerd.edge.ncr.com names: kind: LinkerdWorkloadInjection listKind: LinkerdWorkloadInjectionList plural: linkerdworkloadinjections singular: linkerdworkloadinjection scope: Cluster versions: - name: v1alpha1 additionalPrinterColumns: - name: Ready type: string jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Status type: string jsonPath: .status.conditions[?(@.type=="Ready")].message - name: StartTime type: string jsonPath: .status.startedAt - name: CompletionTime type: string jsonPath: .status.completedAt - name: Age type: date jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object description: LinkerdWorkloadInjection is the Schema for the LinkerdWorkloadInjection API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: LinkerdInjectionWorkloadSpec defines list of namespaces to inject properties: namespaces: type: array items: type: string status: type: object description: LinkerdStatus defines the observed state of Linkerd properties: completedAt: type: string format: date-time conditions: type: array items: type: object description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: type: type: string description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ status: type: string description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown lastTransitionTime: type: string description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time message: type: string description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 observedGeneration: type: integer description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 reason: type: string description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ required: - lastTransitionTime - message - reason - status - type failedInventory: type: object description: ResourceInventory contains a list of Kubernetes resource object references that have been applied. properties: entries: type: array description: Entries of Kubernetes resource object references. items: type: object description: ResourceRef contains the information necessary to locate a resource within a cluster. properties: id: type: string description: ID is the string representation of the Kubernetes resource object's metadata, in the format '___'. v: type: string description: Version is the API version of the Kubernetes resource object's kind. required: - id - v inventory: type: object description: ResourceInventory contains a list of Kubernetes resource object references that have been applied. properties: entries: type: array description: Entries of Kubernetes resource object references. items: type: object description: ResourceRef contains the information necessary to locate a resource within a cluster. properties: id: type: string description: ID is the string representation of the Kubernetes resource object's metadata, in the format '___'. v: type: string description: Version is the API version of the Kubernetes resource object's kind. required: - id - v startedAt: type: string format: date-time served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: serverauthorizations.policy.linkerd.io labels: helm.sh/chart: linkerd2-0.1.0 linkerd.io/control-plane-ns: linkerd platform.edge.ncr.com/component: linkerdctl annotations: linkerd.io/created-by: linkerd/cli stable-2.11.4 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: policy.linkerd.io names: kind: ServerAuthorization plural: serverauthorizations shortNames: [saz] singular: serverauthorization scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object properties: spec: type: object description: >- Authorizes clients to communicate with Linkerd-proxied servers. properties: client: type: object description: Describes clients authorized to access a server. properties: meshTLS: type: object properties: identities: type: array description: >- Authorizes clients with the provided proxy identity strings (as provided via MTLS) The `*` prefix can be used to match all identities in a domain. An identity string of `*` indicates that all authentication clients are authorized. items: type: string pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$' serviceAccounts: type: array description: >- Authorizes clients with the provided proxy identity service accounts (as provided via MTLS) items: type: object properties: name: type: string description: The ServiceAccount's name. pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' namespace: type: string description: >- The ServiceAccount's namespace. If unset, the authorization's namespace is used. pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' required: [name] unauthenticatedTLS: type: boolean description: >- Indicates that no client identity is required for communication. This is mostly important for the identity controller, which must terminate TLS connections from clients that do not yet have a certificate. networks: type: array description: >- Limits the client IP addresses to which this authorization applies. If unset, the server chooses a default (typically, all IPs or the cluster's pod network). items: type: object properties: cidr: type: string except: type: array items: type: string required: [cidr] unauthenticated: type: boolean description: >- Authorizes unauthenticated clients to access a server. server: type: object description: >- Identifies servers in the same namespace for which this authorization applies. Only one of `name` or `selector` may be specified. oneOf: - required: [name] - required: [selector] properties: name: type: string description: References a `Server` instance by name pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' selector: type: object description: >- A label query over servers on which this authorization applies. properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string enum: [In, NotIn, Exists, DoesNotExist] values: type: array items: type: string required: [key, operator] matchLabels: type: object x-kubernetes-preserve-unknown-fields: true required: [server, client] required: [spec] served: true storage: false - name: v1beta1 additionalPrinterColumns: - name: Server type: string description: The server that this grants access to jsonPath: .spec.server.name schema: openAPIV3Schema: type: object properties: spec: type: object description: >- Authorizes clients to communicate with Linkerd-proxied servers. properties: client: type: object description: Describes clients authorized to access a server. properties: meshTLS: type: object properties: identities: type: array description: >- Authorizes clients with the provided proxy identity strings (as provided via MTLS) The `*` prefix can be used to match all identities in a domain. An identity string of `*` indicates that all authentication clients are authorized. items: type: string pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$' serviceAccounts: type: array description: >- Authorizes clients with the provided proxy identity service accounts (as provided via MTLS) items: type: object properties: name: type: string description: The ServiceAccount's name. pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' namespace: type: string description: >- The ServiceAccount's namespace. If unset, the authorization's namespace is used. pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' required: [name] unauthenticatedTLS: type: boolean description: >- Indicates that no client identity is required for communication. This is mostly important for the identity controller, which must terminate TLS connections from clients that do not yet have a certificate. networks: type: array description: >- Limits the client IP addresses to which this authorization applies. If unset, the server chooses a default (typically, all IPs or the cluster's pod network). items: type: object properties: cidr: type: string except: type: array items: type: string required: [cidr] unauthenticated: type: boolean description: >- Authorizes unauthenticated clients to access a server. server: type: object description: >- Identifies servers in the same namespace for which this authorization applies. Only one of `name` or `selector` may be specified. oneOf: - required: [name] - required: [selector] properties: name: type: string description: References a `Server` instance by name pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' selector: type: object description: >- A label query over servers on which this authorization applies. properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string enum: [In, NotIn, Exists, DoesNotExist] values: type: array items: type: string required: [key, operator] matchLabels: type: object x-kubernetes-preserve-unknown-fields: true required: [server, client] required: [spec] served: true storage: true --- # CRDs taken directly from Linkerd installation manifests, installed # alongside the linkerd controller so that the CRDs are available before Linkerd # is installed. This is needed so that components can include instances of these # CRDs alongside their deployment manifests. Otherwise, Flux will fail to apply # those objects infinitely. This could be resolved by applying the Linkerd # controller first + an installation CRD, but is not really reasonable. # These CRDs aren't generated from the source code to make it easy to keep in # lock step because of course Linkerd does some wild shit that makes it impossible # to generate the CRDs using standard tooling such as controller-gen. My goodness # I hate Linkerd. # # These must be updated in lockstep with the embedded manifests that the Linkerd # controller actually deploys. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: servers.policy.linkerd.io labels: helm.sh/chart: linkerd2-0.1.0 linkerd.io/control-plane-ns: linkerd platform.edge.ncr.com/component: linkerdctl annotations: linkerd.io/created-by: linkerd/cli stable-2.11.4 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: policy.linkerd.io names: kind: Server plural: servers shortNames: [srv] singular: server scope: Namespaced versions: - name: v1alpha1 deprecated: true deprecationWarning: "policy.linkerd.io/v1alpha1 Server is deprecated; use policy.linkerd.io/v1beta1 Server" schema: openAPIV3Schema: type: object properties: spec: type: object properties: port: description: >- A port name or number. Must exist in a pod spec. x-kubernetes-int-or-string: true podSelector: type: object description: >- Selects pods in the same namespace. oneOf: - required: [matchExpressions] - required: [matchLabels] properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string enum: [In, NotIn, Exists, DoesNotExist] values: type: array items: type: string required: [key, operator] matchLabels: type: object x-kubernetes-preserve-unknown-fields: true proxyProtocol: type: string default: unknown description: >- Configures protocol discovery for inbound connections. Supersedes the `config.linkerd.io/opaque-ports` annotation. enum: - unknown - HTTP/1 - HTTP/2 - gRPC - opaque - TLS required: - podSelector - port required: [spec] served: true storage: false - name: v1beta1 additionalPrinterColumns: - name: Port type: string description: The port the server is listening on jsonPath: .spec.port - name: Protocol type: string description: The protocol of the server jsonPath: .spec.proxyProtocol schema: openAPIV3Schema: type: object properties: spec: type: object properties: port: description: >- A port name or number. Must exist in a pod spec. x-kubernetes-int-or-string: true podSelector: type: object description: >- Selects pods in the same namespace. The result of matchLabels and matchExpressions are ANDed. Selects all if empty. properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string enum: [In, NotIn, Exists, DoesNotExist] values: type: array items: type: string required: [key, operator] matchLabels: type: object x-kubernetes-preserve-unknown-fields: true proxyProtocol: type: string default: unknown description: >- Configures protocol discovery for inbound connections. Supersedes the `config.linkerd.io/opaque-ports` annotation. enum: - unknown - HTTP/1 - HTTP/2 - gRPC - opaque - TLS required: - podSelector - port required: [spec] served: true storage: true --- ### ### Service Profile CRD ### apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: serviceprofiles.linkerd.io labels: linkerd.io/control-plane-ns: linkerd platform.edge.ncr.com/component: linkerdctl annotations: linkerd.io/created-by: linkerd/cli stable-2.11.4 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: linkerd.io names: kind: ServiceProfile plural: serviceprofiles shortNames: - sp singular: serviceprofile preserveUnknownFields: false scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object properties: spec: type: object description: Spec is the custom resource spec properties: dstOverrides: type: array items: type: object description: WeightedDst is a weighted alternate destination. properties: authority: type: string weight: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true required: - authority - weight opaquePorts: type: array items: type: string retryBudget: type: object description: RetryBudget describes the maximum number of retries that should be issued to this service. properties: minRetriesPerSecond: type: integer format: int32 retryRatio: type: number format: float ttl: type: string required: - minRetriesPerSecond - retryRatio - ttl routes: type: array items: type: object description: RouteSpec specifies a Route resource. properties: name: type: string condition: type: object description: RequestMatch describes the conditions under which to match a Route. properties: all: type: array items: type: object x-kubernetes-preserve-unknown-fields: true any: type: array items: type: object x-kubernetes-preserve-unknown-fields: true method: type: string not: type: array items: type: object x-kubernetes-preserve-unknown-fields: true pathRegex: type: string isRetryable: type: boolean responseClasses: type: array items: type: object description: ResponseClass describes how to classify a response (e.g. success or failures). properties: condition: type: object description: ResponseMatch describes the conditions under which to classify a response. properties: status: type: object description: Range describes a range of integers (e.g. status codes). properties: max: type: integer format: int32 min: type: integer format: int32 all: type: array items: type: object x-kubernetes-preserve-unknown-fields: true any: type: array items: type: object x-kubernetes-preserve-unknown-fields: true not: type: array items: type: object x-kubernetes-preserve-unknown-fields: true isFailure: type: boolean required: - condition timeout: type: string required: - condition - name required: - routes served: true storage: false - name: v1alpha2 schema: openAPIV3Schema: type: object properties: spec: type: object description: Spec is the custom resource spec properties: dstOverrides: type: array items: type: object description: WeightedDst is a weighted alternate destination. properties: authority: type: string weight: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true required: - authority - weight opaquePorts: type: array items: type: string retryBudget: type: object description: RetryBudget describes the maximum number of retries that should be issued to this service. properties: minRetriesPerSecond: type: integer format: int32 retryRatio: type: number format: float ttl: type: string required: - minRetriesPerSecond - retryRatio - ttl routes: type: array items: type: object description: RouteSpec specifies a Route resource. properties: name: type: string condition: type: object description: RequestMatch describes the conditions under which to match a Route. properties: all: type: array items: type: object x-kubernetes-preserve-unknown-fields: true any: type: array items: type: object x-kubernetes-preserve-unknown-fields: true method: type: string not: type: array items: type: object x-kubernetes-preserve-unknown-fields: true pathRegex: type: string isRetryable: type: boolean responseClasses: type: array items: type: object description: ResponseClass describes how to classify a response (e.g. success or failures). properties: condition: type: object description: ResponseMatch describes the conditions under which to classify a response. properties: status: type: object description: Range describes a range of integers (e.g. status codes). properties: max: type: integer format: int32 min: type: integer format: int32 all: type: array items: type: object x-kubernetes-preserve-unknown-fields: true any: type: array items: type: object x-kubernetes-preserve-unknown-fields: true not: type: array items: type: object x-kubernetes-preserve-unknown-fields: true isFailure: type: boolean required: - condition timeout: type: string required: - condition - name served: true storage: true --- ### ### TrafficSplit CRD ### Copied from github.com/servicemeshinterface/smi-sdk-go/blob/d4e76b1cd7a33ead5f38d1262dd838a31c80f4e5/crds/split.yaml ### apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: trafficsplits.split.smi-spec.io labels: linkerd.io/control-plane-ns: linkerd platform.edge.ncr.com/component: linkerdctl annotations: linkerd.io/created-by: linkerd/cli stable-2.11.4 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: conversion: strategy: None group: split.smi-spec.io names: kind: TrafficSplit listKind: TrafficSplitList plural: trafficsplits shortNames: - ts singular: trafficsplit preserveUnknownFields: false scope: Namespaced versions: - name: v1alpha1 additionalPrinterColumns: - name: Service type: string description: The apex service of this split. jsonPath: .spec.service schema: openAPIV3Schema: type: object properties: spec: type: object properties: service: type: string description: The apex service of this split. backends: type: array description: The backend services of this split. items: type: object properties: service: type: string description: Name of the Kubernetes service. weight: description: Traffic weight value of this backend. x-kubernetes-int-or-string: true required: ['service', 'weight'] required: - service - backends served: true storage: true - name: v1alpha2 additionalPrinterColumns: - name: Service type: string description: The apex service of this split. jsonPath: .spec.service schema: openAPIV3Schema: type: object properties: spec: type: object properties: service: type: string description: The apex service of this split. backends: type: array description: The backend services of this split. items: type: object properties: service: type: string description: Name of the Kubernetes service. weight: type: number description: Traffic weight value of this backend. required: ['service', 'weight'] required: - service - backends served: true storage: false --- apiVersion: v1 kind: ServiceAccount metadata: name: linkerdctl namespace: linkerdctl labels: platform.edge.ncr.com/component: linkerdctl annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: linkerdctl labels: platform.edge.ncr.com/component: linkerdctl annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a rules: - resources: - configmaps - namespaces - pods - secrets - serviceaccounts - services apiGroups: - "" verbs: - create - delete - get - list - patch - update - watch - resources: - namespaces/status - services/status apiGroups: - "" verbs: - get - resources: - nodes apiGroups: - "" verbs: - get - list - watch - resources: - mutatingwebhookconfigurations - validatingwebhookconfigurations apiGroups: - admissionregistration.k8s.io verbs: - create - delete - get - list - patch - update - watch - resources: - customresourcedefinitions apiGroups: - apiextensions.k8s.io verbs: - create - delete - get - list - patch - update - watch - resources: - customresourcedefinitions/status apiGroups: - apiextensions.k8s.io verbs: - get - resources: - daemonsets - deployments - replicasets - statefulsets apiGroups: - apps verbs: - create - delete - get - list - patch - update - watch - resources: - deployments/status apiGroups: - apps verbs: - get - resources: - cronjobs apiGroups: - batch verbs: - create - delete - get - list - patch - update - watch - resources: - cronjobs/status apiGroups: - batch verbs: - get - resources: - certificates - issuers apiGroups: - cert-manager.io verbs: - create - get - list - patch - update - watch - resources: - certificates/status - issuers/status apiGroups: - cert-manager.io verbs: - get - resources: - linkerds apiGroups: - linkerd.edge.ncr.com verbs: - get - list - patch - update - watch - resources: - linkerds/status apiGroups: - linkerd.edge.ncr.com verbs: - get - patch - update - resources: - linkerdworkloadinjections apiGroups: - linkerd.edge.ncr.com verbs: - get - list - patch - update - watch - resources: - linkerdworkloadinjections/status apiGroups: - linkerd.edge.ncr.com verbs: - get - patch - update - resources: - podmonitors apiGroups: - monitoring.coreos.com verbs: - create - get - list - patch - update - watch - resources: - poddisruptionbudgets - podsecuritypolicies apiGroups: - policy verbs: - create - delete - get - list - patch - update - watch - resources: - serverauthorizations - servers apiGroups: - policy.linkerd.io verbs: - create - delete - get - list - patch - update - watch - resources: - clusterrolebindings - clusterroles - rolebindings - roles apiGroups: - rbac.authorization.k8s.io verbs: - create - delete - get - list - patch - update - watch - resources: - clusterroles - roles apiGroups: - rbac.authorization.k8s.io verbs: - bind - escalate - resources: - clusters apiGroups: - redpanda.vectorized.io verbs: - get - list - patch - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: linkerdctl labels: platform.edge.ncr.com/component: linkerdctl annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a roleRef: name: linkerdctl kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: linkerdctl namespace: linkerdctl kind: ServiceAccount --- apiVersion: apps/v1 kind: Deployment metadata: name: linkerdctl labels: build.edge.ncr.com/commit: e48f14778bcd6a9500934a382cb1339bf097186f build.edge.ncr.com/id: "2529169216" build.edge.ncr.com/org: edge-infra build.edge.ncr.com/repo: ncrvoyix-swt-retail build.edge.ncr.com/semver: 0.3.5 build.edge.ncr.com/timestamp: "1655730650" platform.edge.ncr.com/component: linkerdctl namespace: linkerdctl annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: replicas: 1 selector: matchLabels: platform.edge.ncr.com/component: linkerdctl template: spec: serviceAccountName: linkerdctl containers: - name: linkerdctl image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/linkerdctl@sha256:3dff168315dcac2a2e3d093c3c0d00ff696b9ff7a54328fd648f79e6d57ee7da resources: limits: cpu: "100m" imagePullPolicy: IfNotPresent envFrom: - secretRef: name: ldkey imagePullSecrets: - name: edge-docker-pull-secret metadata: labels: platform.edge.ncr.com/component: linkerdctl annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ldkey namespace: linkerdctl labels: platform.edge.ncr.com/component: linkerdctl annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: linkerdctl pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: data: - remoteRef: key: edge-backend-launch-darkly-sdk-key secretKey: LD_KEY refreshInterval: 1m secretStoreRef: name: gcp-provider kind: ClusterSecretStore target: name: ldkey creationPolicy: Owner