1# linkerd2-cni
2
3Linkerd is a *service mesh*, designed to give platform-wide observability,
4reliability, and security without requiring configuration or code changes. The
5Linkerd [CNI plugin](https://linkerd.io/2/features/cni/) takes care of setting
6up your pod's network so incoming and outgoing traffic is proxied through the
7data plane.
8
9
10
11
12
13## Requirements
14
15Kubernetes: `>=1.22.0-0`
16
17| Repository | Name | Version |
18|------------|------|---------|
19| file://../partials | partials | 0.1.0 |
20
21## Values
22
23| Key | Type | Default | Description |
24|-----|------|---------|-------------|
25| commonLabels | object | `{}` | Labels to apply to all resources |
26| destCNIBinDir | string | `"/opt/cni/bin"` | Directory on the host where the CNI configuration will be placed |
27| destCNINetDir | string | `"/etc/cni/net.d"` | Directory on the host where the CNI plugin binaries reside |
28| disableIPv6 | bool | `false` | Disables adding IPv6 rules on top of IPv4 rules |
29| enablePSP | bool | `false` | Add a PSP resource and bind it to the linkerd-cni ServiceAccounts. Note PSP has been deprecated since k8s v1.21 |
30| extraInitContainers | list | `[]` | Add additional initContainers to the daemonset |
31| ignoreInboundPorts | string | `""` | Default set of inbound ports to skip via iptables |
32| ignoreOutboundPorts | string | `""` | Default set of outbound ports to skip via iptables |
33| image.name | string | `"cr.l5d.io/linkerd/cni-plugin"` | Docker image for the CNI plugin |
34| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the linkerd-cni container |
35| image.version | string | `"v1.5.0"` | Tag for the CNI container Docker image |
36| imagePullSecrets | list | `[]` | |
37| inboundProxyPort | int | `4143` | Inbound port for the proxy container |
38| iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing |
39| logLevel | string | `"info"` | Log level for the CNI plugin |
40| outboundProxyPort | int | `4140` | Outbound port for the proxy container |
41| podLabels | object | `{}` | Additional labels to add to all pods |
42| portsToRedirect | string | `""` | Ports to redirect to proxy |
43| priorityClassName | string | `""` | Kubernetes priorityClassName for the CNI plugin's Pods |
44| privileged | bool | `false` | Run the install-cni container in privileged mode |
45| proxyAdminPort | int | `4191` | Admin port for the proxy container |
46| proxyControlPort | int | `4190` | Control port for the proxy container |
47| proxyGID | int | `-1` | Optional customisation of the group id under which the proxy shall be ran (the group ID will be omitted if lower than 0) |
48| proxyUID | int | `2102` | User id under which the proxy shall be ran |
49| repairController.enableSecurityContext | bool | `true` | Include a securityContext in the repair-controller container |
50| repairController.enabled | bool | `false` | Enables the repair-controller container |
51| repairController.logFormat | string | plain | Log format (`plain` or `json`) for the repair-controller container |
52| repairController.logLevel | string | info | Log level for the repair-controller container |
53| repairController.resources.cpu.limit | string | `""` | Maximum amount of CPU units that the repair-controller container can use |
54| repairController.resources.cpu.request | string | `""` | Amount of CPU units that the repair-controller container requests |
55| repairController.resources.ephemeral-storage.limit | string | `""` | Maximum amount of ephemeral storage that the repair-controller container can use |
56| repairController.resources.ephemeral-storage.request | string | `""` | Amount of ephemeral storage that the repair-controller container requests |
57| repairController.resources.memory.limit | string | `""` | Maximum amount of memory that the repair-controller container can use |
58| repairController.resources.memory.request | string | `""` | Amount of memory that the repair-controller container requests |
59| resources | object | `{"cpu":{"limit":"","request":""},"ephemeral-storage":{"limit":"","request":""},"memory":{"limit":"","request":""}}` | Resource requests and limits for linkerd-cni daemonset container |
60| resources.cpu.limit | string | `""` | Maximum amount of CPU units that the cni container can use |
61| resources.cpu.request | string | `""` | Amount of CPU units that the cni container requests |
62| resources.ephemeral-storage.limit | string | `""` | Maximum amount of ephemeral storage that the cni container can use |
63| resources.ephemeral-storage.request | string | `""` | Amount of ephemeral storage that the cni container requests |
64| resources.memory.limit | string | `""` | Maximum amount of memory that the cni container can use |
65| resources.memory.request | string | `""` | Amount of memory that the cni container requests |
66| revisionHistoryLimit | int | `10` | Specifies the number of old ReplicaSets to retain to allow rollback. |
67| tolerations[0] | object | `{"operator":"Exists"}` | toleration properties |
68| useWaitFlag | bool | `false` | Configures the CNI plugin to use the -w flag for the iptables command |
69
70----------------------------------------------
71Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
View as plain text