Text file
src/github.com/linkerd/linkerd2/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 labels:
5 app: nginx
6 name: nginx
7spec:
8 selector:
9 matchLabels:
10 app: nginx
11 template:
12 metadata:
13 annotations:
14 linkerd.io/created-by: linkerd/cli dev-undefined
15 linkerd.io/proxy-version: testinjectversion
16 linkerd.io/trust-root-sha256: 8dc603abd4e755c25c94da05abbf29b9b283a784733651020d72f97ca8ab98e4
17 labels:
18 app: nginx
19 linkerd.io/control-plane-ns: linkerd
20 linkerd.io/proxy-deployment: nginx
21 linkerd.io/workload-ns: ""
22 spec:
23 automountServiceAccountToken: false
24 containers:
25 - env:
26 - name: _pod_name
27 valueFrom:
28 fieldRef:
29 fieldPath: metadata.name
30 - name: _pod_ns
31 valueFrom:
32 fieldRef:
33 fieldPath: metadata.namespace
34 - name: _pod_nodeName
35 valueFrom:
36 fieldRef:
37 fieldPath: spec.nodeName
38 - name: LINKERD2_PROXY_LOG
39 value: warn,linkerd=info,trust_dns=error
40 - name: LINKERD2_PROXY_LOG_FORMAT
41 value: plain
42 - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
43 value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086
44 - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
45 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
46 - name: LINKERD2_PROXY_POLICY_SVC_ADDR
47 value: linkerd-policy.linkerd.svc.cluster.local.:8090
48 - name: LINKERD2_PROXY_POLICY_WORKLOAD
49 value: |
50 {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"}
51 - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY
52 value: all-unauthenticated
53 - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS
54 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
55 - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT
56 value: 3s
57 - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT
58 value: 5m
59 - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME
60 value: 1h
61 - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
62 value: 100ms
63 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
64 value: 1000ms
65 - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT
66 value: 5s
67 - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
68 value: 90s
69 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
70 value: '[::]:4190'
71 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
72 value: '[::]:4191'
73 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
74 value: 127.0.0.1:4140
75 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
76 value: 127.0.0.1:4140
77 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
78 value: '[::]:4143'
79 - name: LINKERD2_PROXY_INBOUND_IPS
80 valueFrom:
81 fieldRef:
82 fieldPath: status.podIPs
83 - name: LINKERD2_PROXY_INBOUND_PORTS
84 value: "80"
85 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
86 value: svc.cluster.local.
87 - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
88 value: 10000ms
89 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
90 value: 10000ms
91 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
92 value: 10s
93 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
94 value: 3s
95 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
96 value: 10s
97 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
98 value: 3s
99 - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
100 value: 25,587,3306,4444,5432,6379,9300,11211
101 - name: LINKERD2_PROXY_DESTINATION_CONTEXT
102 value: |
103 {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"}
104 - name: _pod_sa
105 valueFrom:
106 fieldRef:
107 fieldPath: spec.serviceAccountName
108 - name: _l5d_ns
109 value: linkerd
110 - name: _l5d_trustdomain
111 value: cluster.local
112 - name: LINKERD2_PROXY_IDENTITY_DIR
113 value: /var/run/linkerd/identity/end-entity
114 - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
115 value: |
116 -----BEGIN CERTIFICATE-----
117 MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
118 JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
119 MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
120 ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
121 l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
122 uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
123 /wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
124 aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
125 IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
126 vgUC0d2/9FMueIVMb+46WTCOjsqr
127 -----END CERTIFICATE-----
128 - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
129 value: /var/run/secrets/tokens/linkerd-identity-token
130 - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
131 value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080
132 - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
133 value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
134 - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
135 value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
136 - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
137 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
138 - name: LINKERD2_PROXY_POLICY_SVC_NAME
139 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
140 image: cr.l5d.io/linkerd/proxy:testinjectversion
141 imagePullPolicy: IfNotPresent
142 lifecycle:
143 postStart:
144 exec:
145 command:
146 - /usr/lib/linkerd/linkerd-await
147 - --timeout=2m
148 - --port=4191
149 livenessProbe:
150 httpGet:
151 path: /live
152 port: 4191
153 initialDelaySeconds: 10
154 timeoutSeconds: 1
155 name: linkerd-proxy
156 ports:
157 - containerPort: 4143
158 name: linkerd-proxy
159 - containerPort: 4191
160 name: linkerd-admin
161 readinessProbe:
162 httpGet:
163 path: /ready
164 port: 4191
165 initialDelaySeconds: 2
166 timeoutSeconds: 1
167 securityContext:
168 allowPrivilegeEscalation: false
169 readOnlyRootFilesystem: true
170 runAsNonRoot: true
171 runAsUser: 2102
172 seccompProfile:
173 type: RuntimeDefault
174 terminationMessagePolicy: FallbackToLogsOnError
175 volumeMounts:
176 - mountPath: /var/run/linkerd/identity/end-entity
177 name: linkerd-identity-end-entity
178 - mountPath: /var/run/secrets/tokens
179 name: linkerd-identity-token
180 - image: nginx
181 name: nginx
182 ports:
183 - containerPort: 80
184 name: http
185 initContainers:
186 - args:
187 - --ipv6=false
188 - --incoming-proxy-port
189 - "4143"
190 - --outgoing-proxy-port
191 - "4140"
192 - --proxy-uid
193 - "2102"
194 - --inbound-ports-to-ignore
195 - 4190,4191,4567,4568
196 - --outbound-ports-to-ignore
197 - 4567,4568
198 image: cr.l5d.io/linkerd/proxy-init:v2.4.0
199 imagePullPolicy: IfNotPresent
200 name: linkerd-init
201 resources:
202 limits:
203 cpu: 100m
204 memory: 20Mi
205 requests:
206 cpu: 100m
207 memory: 20Mi
208 securityContext:
209 allowPrivilegeEscalation: false
210 capabilities:
211 add:
212 - NET_ADMIN
213 - NET_RAW
214 privileged: false
215 readOnlyRootFilesystem: true
216 runAsGroup: 65534
217 runAsNonRoot: true
218 runAsUser: 65534
219 seccompProfile:
220 type: RuntimeDefault
221 terminationMessagePolicy: FallbackToLogsOnError
222 volumeMounts:
223 - mountPath: /run
224 name: linkerd-proxy-init-xtables-lock
225 volumes:
226 - emptyDir: {}
227 name: linkerd-proxy-init-xtables-lock
228 - emptyDir:
229 medium: Memory
230 name: linkerd-identity-end-entity
231 - name: linkerd-identity-token
232 projected:
233 sources:
234 - serviceAccountToken:
235 audience: identity.l5d.io
236 expirationSeconds: 86400
237 path: linkerd-identity-token
238---
View as plain text