...

Text file src/github.com/linkerd/linkerd2/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml

Documentation: github.com/linkerd/linkerd2/cli/cmd/testdata/inject-filepath/expected

     1apiVersion: apps/v1
     2kind: Deployment
     3metadata:
     4  name: redis
     5spec:
     6  selector:
     7    matchLabels:
     8      app: redis
     9  template:
    10    metadata:
    11      annotations:
    12        linkerd.io/created-by: linkerd/cli dev-undefined
    13        linkerd.io/proxy-version: install-proxy-version
    14        linkerd.io/trust-root-sha256: 8dc603abd4e755c25c94da05abbf29b9b283a784733651020d72f97ca8ab98e4
    15      labels:
    16        app: redis
    17        linkerd.io/control-plane-ns: linkerd
    18        linkerd.io/proxy-deployment: redis
    19        linkerd.io/workload-ns: ""
    20    spec:
    21      containers:
    22      - env:
    23        - name: _pod_name
    24          valueFrom:
    25            fieldRef:
    26              fieldPath: metadata.name
    27        - name: _pod_ns
    28          valueFrom:
    29            fieldRef:
    30              fieldPath: metadata.namespace
    31        - name: _pod_nodeName
    32          valueFrom:
    33            fieldRef:
    34              fieldPath: spec.nodeName
    35        - name: LINKERD2_PROXY_LOG
    36          value: warn,linkerd=info,trust_dns=error
    37        - name: LINKERD2_PROXY_LOG_FORMAT
    38          value: plain
    39        - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
    40          value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086
    41        - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
    42          value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
    43        - name: LINKERD2_PROXY_POLICY_SVC_ADDR
    44          value: linkerd-policy.linkerd.svc.cluster.local.:8090
    45        - name: LINKERD2_PROXY_POLICY_WORKLOAD
    46          value: |
    47            {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"}
    48        - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY
    49          value: all-unauthenticated
    50        - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS
    51          value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
    52        - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT
    53          value: 3s
    54        - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT
    55          value: 5m
    56        - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME
    57          value: 1h
    58        - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
    59          value: 100ms
    60        - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
    61          value: 1000ms
    62        - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT
    63          value: 5s
    64        - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
    65          value: 90s
    66        - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
    67          value: '[::]:4190'
    68        - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
    69          value: '[::]:4191'
    70        - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
    71          value: 127.0.0.1:4140
    72        - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
    73          value: 127.0.0.1:4140
    74        - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
    75          value: '[::]:4143'
    76        - name: LINKERD2_PROXY_INBOUND_IPS
    77          valueFrom:
    78            fieldRef:
    79              fieldPath: status.podIPs
    80        - name: LINKERD2_PROXY_INBOUND_PORTS
    81          value: "6379"
    82        - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
    83          value: svc.cluster.local.
    84        - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
    85          value: 10000ms
    86        - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
    87          value: 10000ms
    88        - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
    89          value: 10s
    90        - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
    91          value: 3s
    92        - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
    93          value: 10s
    94        - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
    95          value: 3s
    96        - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
    97          value: 25,587,3306,4444,5432,6379,9300,11211
    98        - name: LINKERD2_PROXY_DESTINATION_CONTEXT
    99          value: |
   100            {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"}
   101        - name: _pod_sa
   102          valueFrom:
   103            fieldRef:
   104              fieldPath: spec.serviceAccountName
   105        - name: _l5d_ns
   106          value: linkerd
   107        - name: _l5d_trustdomain
   108          value: cluster.local
   109        - name: LINKERD2_PROXY_IDENTITY_DIR
   110          value: /var/run/linkerd/identity/end-entity
   111        - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
   112          value: |
   113            -----BEGIN CERTIFICATE-----
   114            MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
   115            JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
   116            MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
   117            ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
   118            l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
   119            uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
   120            /wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
   121            aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
   122            IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
   123            vgUC0d2/9FMueIVMb+46WTCOjsqr
   124            -----END CERTIFICATE-----
   125        - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
   126          value: /var/run/secrets/tokens/linkerd-identity-token
   127        - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
   128          value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080
   129        - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
   130          value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
   131        - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
   132          value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
   133        - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
   134          value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
   135        - name: LINKERD2_PROXY_POLICY_SVC_NAME
   136          value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
   137        image: cr.l5d.io/linkerd/proxy:install-proxy-version
   138        imagePullPolicy: IfNotPresent
   139        lifecycle:
   140          postStart:
   141            exec:
   142              command:
   143              - /usr/lib/linkerd/linkerd-await
   144              - --timeout=2m
   145              - --port=4191
   146        livenessProbe:
   147          httpGet:
   148            path: /live
   149            port: 4191
   150          initialDelaySeconds: 10
   151          timeoutSeconds: 1
   152        name: linkerd-proxy
   153        ports:
   154        - containerPort: 4143
   155          name: linkerd-proxy
   156        - containerPort: 4191
   157          name: linkerd-admin
   158        readinessProbe:
   159          httpGet:
   160            path: /ready
   161            port: 4191
   162          initialDelaySeconds: 2
   163          timeoutSeconds: 1
   164        securityContext:
   165          allowPrivilegeEscalation: false
   166          readOnlyRootFilesystem: true
   167          runAsNonRoot: true
   168          runAsUser: 2102
   169          seccompProfile:
   170            type: RuntimeDefault
   171        terminationMessagePolicy: FallbackToLogsOnError
   172        volumeMounts:
   173        - mountPath: /var/run/linkerd/identity/end-entity
   174          name: linkerd-identity-end-entity
   175        - mountPath: /var/run/secrets/tokens
   176          name: linkerd-identity-token
   177      - image: redis
   178        name: redis
   179        ports:
   180        - containerPort: 6379
   181          name: server
   182      initContainers:
   183      - args:
   184        - --ipv6=false
   185        - --incoming-proxy-port
   186        - "4143"
   187        - --outgoing-proxy-port
   188        - "4140"
   189        - --proxy-uid
   190        - "2102"
   191        - --inbound-ports-to-ignore
   192        - 4190,4191,4567,4568
   193        - --outbound-ports-to-ignore
   194        - 4567,4568
   195        image: cr.l5d.io/linkerd/proxy-init:v2.4.0
   196        imagePullPolicy: IfNotPresent
   197        name: linkerd-init
   198        resources:
   199          limits:
   200            cpu: 100m
   201            memory: 20Mi
   202          requests:
   203            cpu: 100m
   204            memory: 20Mi
   205        securityContext:
   206          allowPrivilegeEscalation: false
   207          capabilities:
   208            add:
   209            - NET_ADMIN
   210            - NET_RAW
   211          privileged: false
   212          readOnlyRootFilesystem: true
   213          runAsGroup: 65534
   214          runAsNonRoot: true
   215          runAsUser: 65534
   216          seccompProfile:
   217            type: RuntimeDefault
   218        terminationMessagePolicy: FallbackToLogsOnError
   219        volumeMounts:
   220        - mountPath: /run
   221          name: linkerd-proxy-init-xtables-lock
   222      volumes:
   223      - emptyDir: {}
   224        name: linkerd-proxy-init-xtables-lock
   225      - emptyDir:
   226          medium: Memory
   227        name: linkerd-identity-end-entity
   228      - name: linkerd-identity-token
   229        projected:
   230          sources:
   231          - serviceAccountToken:
   232              audience: identity.l5d.io
   233              expirationSeconds: 86400
   234              path: linkerd-identity-token
   235---
   236apiVersion: apps/v1
   237kind: Deployment
   238metadata:
   239  name: nginx
   240spec:
   241  selector:
   242    matchLabels:
   243      app: nginx
   244  template:
   245    metadata:
   246      annotations:
   247        linkerd.io/created-by: linkerd/cli dev-undefined
   248        linkerd.io/proxy-version: install-proxy-version
   249        linkerd.io/trust-root-sha256: 8dc603abd4e755c25c94da05abbf29b9b283a784733651020d72f97ca8ab98e4
   250      labels:
   251        app: nginx
   252        linkerd.io/control-plane-ns: linkerd
   253        linkerd.io/proxy-deployment: nginx
   254        linkerd.io/workload-ns: ""
   255    spec:
   256      containers:
   257      - env:
   258        - name: _pod_name
   259          valueFrom:
   260            fieldRef:
   261              fieldPath: metadata.name
   262        - name: _pod_ns
   263          valueFrom:
   264            fieldRef:
   265              fieldPath: metadata.namespace
   266        - name: _pod_nodeName
   267          valueFrom:
   268            fieldRef:
   269              fieldPath: spec.nodeName
   270        - name: LINKERD2_PROXY_LOG
   271          value: warn,linkerd=info,trust_dns=error
   272        - name: LINKERD2_PROXY_LOG_FORMAT
   273          value: plain
   274        - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
   275          value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086
   276        - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
   277          value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
   278        - name: LINKERD2_PROXY_POLICY_SVC_ADDR
   279          value: linkerd-policy.linkerd.svc.cluster.local.:8090
   280        - name: LINKERD2_PROXY_POLICY_WORKLOAD
   281          value: |
   282            {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"}
   283        - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY
   284          value: all-unauthenticated
   285        - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS
   286          value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
   287        - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT
   288          value: 3s
   289        - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT
   290          value: 5m
   291        - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME
   292          value: 1h
   293        - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
   294          value: 100ms
   295        - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
   296          value: 1000ms
   297        - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT
   298          value: 5s
   299        - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
   300          value: 90s
   301        - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
   302          value: '[::]:4190'
   303        - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
   304          value: '[::]:4191'
   305        - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
   306          value: 127.0.0.1:4140
   307        - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
   308          value: 127.0.0.1:4140
   309        - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
   310          value: '[::]:4143'
   311        - name: LINKERD2_PROXY_INBOUND_IPS
   312          valueFrom:
   313            fieldRef:
   314              fieldPath: status.podIPs
   315        - name: LINKERD2_PROXY_INBOUND_PORTS
   316          value: "80"
   317        - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
   318          value: svc.cluster.local.
   319        - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
   320          value: 10000ms
   321        - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
   322          value: 10000ms
   323        - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
   324          value: 10s
   325        - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
   326          value: 3s
   327        - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
   328          value: 10s
   329        - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
   330          value: 3s
   331        - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
   332          value: 25,587,3306,4444,5432,6379,9300,11211
   333        - name: LINKERD2_PROXY_DESTINATION_CONTEXT
   334          value: |
   335            {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"}
   336        - name: _pod_sa
   337          valueFrom:
   338            fieldRef:
   339              fieldPath: spec.serviceAccountName
   340        - name: _l5d_ns
   341          value: linkerd
   342        - name: _l5d_trustdomain
   343          value: cluster.local
   344        - name: LINKERD2_PROXY_IDENTITY_DIR
   345          value: /var/run/linkerd/identity/end-entity
   346        - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
   347          value: |
   348            -----BEGIN CERTIFICATE-----
   349            MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
   350            JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
   351            MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
   352            ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
   353            l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
   354            uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
   355            /wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
   356            aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
   357            IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
   358            vgUC0d2/9FMueIVMb+46WTCOjsqr
   359            -----END CERTIFICATE-----
   360        - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
   361          value: /var/run/secrets/tokens/linkerd-identity-token
   362        - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
   363          value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080
   364        - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
   365          value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
   366        - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
   367          value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
   368        - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
   369          value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
   370        - name: LINKERD2_PROXY_POLICY_SVC_NAME
   371          value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
   372        image: cr.l5d.io/linkerd/proxy:install-proxy-version
   373        imagePullPolicy: IfNotPresent
   374        lifecycle:
   375          postStart:
   376            exec:
   377              command:
   378              - /usr/lib/linkerd/linkerd-await
   379              - --timeout=2m
   380              - --port=4191
   381        livenessProbe:
   382          httpGet:
   383            path: /live
   384            port: 4191
   385          initialDelaySeconds: 10
   386          timeoutSeconds: 1
   387        name: linkerd-proxy
   388        ports:
   389        - containerPort: 4143
   390          name: linkerd-proxy
   391        - containerPort: 4191
   392          name: linkerd-admin
   393        readinessProbe:
   394          httpGet:
   395            path: /ready
   396            port: 4191
   397          initialDelaySeconds: 2
   398          timeoutSeconds: 1
   399        securityContext:
   400          allowPrivilegeEscalation: false
   401          readOnlyRootFilesystem: true
   402          runAsNonRoot: true
   403          runAsUser: 2102
   404          seccompProfile:
   405            type: RuntimeDefault
   406        terminationMessagePolicy: FallbackToLogsOnError
   407        volumeMounts:
   408        - mountPath: /var/run/linkerd/identity/end-entity
   409          name: linkerd-identity-end-entity
   410        - mountPath: /var/run/secrets/tokens
   411          name: linkerd-identity-token
   412      - image: nginx
   413        name: nginx
   414        ports:
   415        - containerPort: 80
   416          name: http
   417      initContainers:
   418      - args:
   419        - --ipv6=false
   420        - --incoming-proxy-port
   421        - "4143"
   422        - --outgoing-proxy-port
   423        - "4140"
   424        - --proxy-uid
   425        - "2102"
   426        - --inbound-ports-to-ignore
   427        - 4190,4191,4567,4568
   428        - --outbound-ports-to-ignore
   429        - 4567,4568
   430        image: cr.l5d.io/linkerd/proxy-init:v2.4.0
   431        imagePullPolicy: IfNotPresent
   432        name: linkerd-init
   433        resources:
   434          limits:
   435            cpu: 100m
   436            memory: 20Mi
   437          requests:
   438            cpu: 100m
   439            memory: 20Mi
   440        securityContext:
   441          allowPrivilegeEscalation: false
   442          capabilities:
   443            add:
   444            - NET_ADMIN
   445            - NET_RAW
   446          privileged: false
   447          readOnlyRootFilesystem: true
   448          runAsGroup: 65534
   449          runAsNonRoot: true
   450          runAsUser: 65534
   451          seccompProfile:
   452            type: RuntimeDefault
   453        terminationMessagePolicy: FallbackToLogsOnError
   454        volumeMounts:
   455        - mountPath: /run
   456          name: linkerd-proxy-init-xtables-lock
   457      volumes:
   458      - emptyDir: {}
   459        name: linkerd-proxy-init-xtables-lock
   460      - emptyDir:
   461          medium: Memory
   462        name: linkerd-identity-end-entity
   463      - name: linkerd-identity-token
   464        projected:
   465          sources:
   466          - serviceAccountToken:
   467              audience: identity.l5d.io
   468              expirationSeconds: 86400
   469              path: linkerd-identity-token
   470---

View as plain text