# -- Inbound port for the proxy container inboundProxyPort: 4143 # -- Outbound port for the proxy container outboundProxyPort: 4140 # -- Default set of inbound ports to skip via iptables ignoreInboundPorts: "" # -- Default set of outbound ports to skip via iptables ignoreOutboundPorts: "" # -- Admin port for the proxy container proxyAdminPort: 4191 # -- Control port for the proxy container proxyControlPort: 4190 # -- Additional labels to add to all pods podLabels: {} # -- Labels to apply to all resources commonLabels: {} # -- Log level for the CNI plugin logLevel: info # -- Ports to redirect to proxy portsToRedirect: "" # -- User id under which the proxy shall be ran proxyUID: 2102 # -- (int) Optional customisation of the group id under which the proxy shall be ran (the group ID will be omitted if lower than 0) proxyGID: -1 # -- Directory on the host where the CNI plugin binaries reside destCNINetDir: "/etc/cni/net.d" # -- Directory on the host where the CNI configuration will be placed destCNIBinDir: "/opt/cni/bin" # -- Configures the CNI plugin to use the -w flag for the iptables command useWaitFlag: false # -- Variant of iptables that will be used to configure routing iptablesMode: "legacy" # -- Disables adding IPv6 rules on top of IPv4 rules disableIPv6: true # -- Kubernetes priorityClassName for the CNI plugin's Pods priorityClassName: "" # -- Specifies the number of old ReplicaSets to retain to allow rollback. revisionHistoryLimit: 10 # -- Add a PSP resource and bind it to the linkerd-cni ServiceAccounts. # Note PSP has been deprecated since k8s v1.21 enablePSP: false # -- Run the install-cni container in privileged mode privileged: false # -|- Tolerations section, See the # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) # for more information tolerations: # -- toleration properties - operator: Exists # -|- NodeAffinity section, See the # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) # for more information #nodeAffinity: # -|- Image section image: # -- Docker image for the CNI plugin name: "cr.l5d.io/linkerd/cni-plugin" # -- Tag for the CNI container Docker image version: "v1.5.0" # -- Pull policy for the linkerd-cni container pullPolicy: IfNotPresent # ## For Private docker registries, authentication is needed. # If the control plane service images are pulled from a # protected docker registry, define pull secrets as follows: # #imagePullSecrets: # - name: my-private-docker-registry-login-secret # # The pull secrets are applied to the respective service accounts # which will further orchestrate the deployments. imagePullSecrets: [] # -- Add additional initContainers to the daemonset extraInitContainers: [] # The cni-repair-controller scans pods in each node to find those that have # been injected by linkerd, and whose linkerd-network-validator container has # failed. This is usually caused by a race between linkerd-cni and the CNI # plugin used in the cluster. This controller deletes those failed pods so they # can restart and rety re-acquiring a proper network config. repairController: # -- Enables the repair-controller container enabled: false # -- Log level for the repair-controller container # @default -- info logLevel: info # -- Log format (`plain` or `json`) for the repair-controller container # @default -- plain logFormat: plain # -- Include a securityContext in the repair-controller container enableSecurityContext: true resources: cpu: # -- Maximum amount of CPU units that the repair-controller container can use limit: "" # -- Amount of CPU units that the repair-controller container requests request: "" memory: # -- Maximum amount of memory that the repair-controller container can use limit: "" # -- Amount of memory that the repair-controller container requests request: "" ephemeral-storage: # -- Maximum amount of ephemeral storage that the repair-controller container can use limit: "" # -- Amount of ephemeral storage that the repair-controller container requests request: "" # -- Resource requests and limits for linkerd-cni daemonset container resources: cpu: # -- Maximum amount of CPU units that the cni container can use limit: "" # -- Amount of CPU units that the cni container requests request: "" memory: # -- Maximum amount of memory that the cni container can use limit: "" # -- Amount of memory that the cni container requests request: "" ephemeral-storage: # -- Maximum amount of ephemeral storage that the cni container can use limit: "" # -- Amount of ephemeral storage that the cni container requests request: ""