values.yaml

Documentation: github.com/linkerd/linkerd2/charts/linkerd2-cni

     1# -- Inbound port for the proxy container
     2inboundProxyPort: 4143
     3# -- Outbound port for the proxy container
     4outboundProxyPort: 4140
     5# -- Default set of inbound ports to skip via iptables
     6ignoreInboundPorts: ""
     7# -- Default set of outbound ports to skip via iptables
     8ignoreOutboundPorts: ""
     9# -- Admin port for the proxy container
    10proxyAdminPort: 4191
    11# -- Control port for the proxy container
    12proxyControlPort: 4190
    13# -- Additional labels to add to all pods
    14podLabels: {}
    15# -- Labels to apply to all resources
    16commonLabels: {}
    17# -- Log level for the CNI plugin
    18logLevel:         info
    19# -- Ports to redirect to proxy
    20portsToRedirect:  ""
    21# -- User id under which the proxy shall be ran
    22proxyUID:         2102
    23# -- (int) Optional customisation of the group id under which the proxy shall be ran (the group ID will be omitted if lower than 0)
    24proxyGID: -1
    25# -- Directory on the host where the CNI plugin binaries reside
    26destCNINetDir:    "/etc/cni/net.d"
    27# -- Directory on the host where the CNI configuration will be placed
    28destCNIBinDir:    "/opt/cni/bin"
    29# -- Configures the CNI plugin to use the -w flag for the iptables command
    30useWaitFlag:      false
    31# -- Variant of iptables that will be used to configure routing
    32iptablesMode: "legacy"
    33# -- Disables adding IPv6 rules on top of IPv4 rules
    34disableIPv6: true
    35# -- Kubernetes priorityClassName for the CNI plugin's Pods
    36priorityClassName: ""
    37# -- Specifies the number of old ReplicaSets to retain to allow rollback.
    38revisionHistoryLimit: 10
    39
    40# -- Add a PSP resource and bind it to the linkerd-cni ServiceAccounts.
    41# Note PSP has been deprecated since k8s v1.21
    42enablePSP: false
    43
    44# -- Run the install-cni container in privileged mode
    45privileged: false
    46
    47# -|- Tolerations section, See the
    48# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
    49# for more information
    50tolerations:
    51  # -- toleration properties
    52  - operator: Exists
    53
    54# -|- NodeAffinity section, See the
    55# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)
    56# for more information
    57#nodeAffinity:
    58
    59# -|- Image section
    60image:
    61  # -- Docker image for the CNI plugin
    62  name: "cr.l5d.io/linkerd/cni-plugin"
    63  # -- Tag for the CNI container Docker image
    64  version: "v1.5.0"
    65  # -- Pull policy for the linkerd-cni container
    66  pullPolicy: IfNotPresent
    67
    68#
    69## For Private docker registries, authentication is needed.
    70# If the control plane service images are pulled from a
    71# protected docker registry, define pull secrets as follows:
    72#
    73#imagePullSecrets:
    74#    - name: my-private-docker-registry-login-secret
    75#
    76# The pull secrets are applied to the respective service accounts
    77# which will further orchestrate the deployments.
    78imagePullSecrets: []
    79
    80# -- Add additional initContainers to the daemonset
    81extraInitContainers: []
    82
    83# The cni-repair-controller scans pods in each node to find those that have
    84# been injected by linkerd, and whose linkerd-network-validator container has
    85# failed. This is usually caused by a race between linkerd-cni and the CNI
    86# plugin used in the cluster. This controller deletes those failed pods so they
    87# can restart and rety re-acquiring a proper network config.
    88repairController:
    89  # -- Enables the repair-controller container
    90  enabled: false
    91
    92  # -- Log level for the repair-controller container
    93  # @default -- info
    94  logLevel: info
    95  # -- Log format (`plain` or `json`) for the repair-controller container
    96  # @default -- plain
    97  logFormat: plain
    98
    99  # -- Include a securityContext in the repair-controller container
   100  enableSecurityContext: true
   101
   102  resources:
   103    cpu:
   104      # -- Maximum amount of CPU units that the repair-controller container can use
   105      limit: ""
   106      # -- Amount of CPU units that the repair-controller container requests
   107      request: ""
   108    memory:
   109      # -- Maximum amount of memory that the repair-controller container can use
   110      limit: ""
   111      # -- Amount of memory that the repair-controller container requests
   112      request: ""
   113    ephemeral-storage:
   114      # -- Maximum amount of ephemeral storage that the repair-controller container can use
   115      limit: ""
   116      # -- Amount of ephemeral storage that the repair-controller container requests
   117      request: ""
   118
   119# -- Resource requests and limits for linkerd-cni daemonset container
   120resources:
   121  cpu:
   122    # -- Maximum amount of CPU units that the cni container can use
   123    limit: ""
   124    # -- Amount of CPU units that the cni container requests
   125    request: ""
   126  memory:
   127    # -- Maximum amount of memory that the cni container can use
   128    limit: ""
   129    # -- Amount of memory that the cni container requests
   130    request: ""
   131  ephemeral-storage:
   132    # -- Maximum amount of ephemeral storage that the cni container can use
   133    limit: ""
   134    # -- Amount of ephemeral storage that the cni container requests
   135    request: ""
View as plain text