1apiVersion: v1
2items:
3- apiVersion: apps/v1
4 kind: Deployment
5 metadata:
6 name: web
7 namespace: emojivoto
8 spec:
9 replicas: 1
10 selector:
11 matchLabels:
12 app: web-svc
13 template:
14 metadata:
15 annotations:
16 linkerd.io/created-by: linkerd/cli dev-undefined
17 linkerd.io/proxy-version: test-inject-proxy-version
18 linkerd.io/trust-root-sha256: 8dc603abd4e755c25c94da05abbf29b9b283a784733651020d72f97ca8ab98e4
19 labels:
20 app: web-svc
21 linkerd.io/control-plane-ns: linkerd
22 linkerd.io/proxy-deployment: web
23 linkerd.io/workload-ns: emojivoto
24 spec:
25 containers:
26 - env:
27 - name: _pod_name
28 valueFrom:
29 fieldRef:
30 fieldPath: metadata.name
31 - name: _pod_ns
32 valueFrom:
33 fieldRef:
34 fieldPath: metadata.namespace
35 - name: _pod_nodeName
36 valueFrom:
37 fieldRef:
38 fieldPath: spec.nodeName
39 - name: LINKERD2_PROXY_LOG
40 value: warn,linkerd=info,trust_dns=error
41 - name: LINKERD2_PROXY_LOG_FORMAT
42 value: plain
43 - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
44 value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086
45 - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
46 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
47 - name: LINKERD2_PROXY_POLICY_SVC_ADDR
48 value: linkerd-policy.linkerd.svc.cluster.local.:8090
49 - name: LINKERD2_PROXY_POLICY_WORKLOAD
50 value: |
51 {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"}
52 - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY
53 value: all-unauthenticated
54 - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS
55 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
56 - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT
57 value: 3s
58 - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT
59 value: 5m
60 - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME
61 value: 1h
62 - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
63 value: 100ms
64 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
65 value: 1000ms
66 - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT
67 value: 5s
68 - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
69 value: 90s
70 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
71 value: '[::]:4190'
72 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
73 value: '[::]:4191'
74 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
75 value: 127.0.0.1:4140
76 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
77 value: 127.0.0.1:4140
78 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
79 value: '[::]:4143'
80 - name: LINKERD2_PROXY_INBOUND_IPS
81 valueFrom:
82 fieldRef:
83 fieldPath: status.podIPs
84 - name: LINKERD2_PROXY_INBOUND_PORTS
85 value: "80"
86 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
87 value: svc.cluster.local.
88 - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
89 value: 10000ms
90 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
91 value: 10000ms
92 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
93 value: 10s
94 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
95 value: 3s
96 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
97 value: 10s
98 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
99 value: 3s
100 - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
101 value: 25,587,3306,4444,5432,6379,9300,11211
102 - name: LINKERD2_PROXY_DESTINATION_CONTEXT
103 value: |
104 {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"}
105 - name: _pod_sa
106 valueFrom:
107 fieldRef:
108 fieldPath: spec.serviceAccountName
109 - name: _l5d_ns
110 value: linkerd
111 - name: _l5d_trustdomain
112 value: cluster.local
113 - name: LINKERD2_PROXY_IDENTITY_DIR
114 value: /var/run/linkerd/identity/end-entity
115 - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
116 value: |
117 -----BEGIN CERTIFICATE-----
118 MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
119 JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
120 MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
121 ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
122 l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
123 uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
124 /wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
125 aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
126 IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
127 vgUC0d2/9FMueIVMb+46WTCOjsqr
128 -----END CERTIFICATE-----
129 - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
130 value: /var/run/secrets/tokens/linkerd-identity-token
131 - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
132 value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080
133 - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
134 value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
135 - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
136 value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
137 - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
138 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
139 - name: LINKERD2_PROXY_POLICY_SVC_NAME
140 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
141 image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version
142 imagePullPolicy: IfNotPresent
143 lifecycle:
144 postStart:
145 exec:
146 command:
147 - /usr/lib/linkerd/linkerd-await
148 - --timeout=2m
149 - --port=4191
150 livenessProbe:
151 httpGet:
152 path: /live
153 port: 4191
154 initialDelaySeconds: 10
155 timeoutSeconds: 1
156 name: linkerd-proxy
157 ports:
158 - containerPort: 4143
159 name: linkerd-proxy
160 - containerPort: 4191
161 name: linkerd-admin
162 readinessProbe:
163 httpGet:
164 path: /ready
165 port: 4191
166 initialDelaySeconds: 2
167 timeoutSeconds: 1
168 securityContext:
169 allowPrivilegeEscalation: false
170 readOnlyRootFilesystem: true
171 runAsNonRoot: true
172 runAsUser: 2102
173 seccompProfile:
174 type: RuntimeDefault
175 terminationMessagePolicy: FallbackToLogsOnError
176 volumeMounts:
177 - mountPath: /var/run/linkerd/identity/end-entity
178 name: linkerd-identity-end-entity
179 - mountPath: /var/run/secrets/tokens
180 name: linkerd-identity-token
181 - env:
182 - name: WEB_PORT
183 value: "80"
184 - name: EMOJISVC_HOST
185 value: emoji-svc.emojivoto:8080
186 - name: VOTINGSVC_HOST
187 value: voting-svc.emojivoto:8080
188 - name: INDEX_BUNDLE
189 value: dist/index_bundle.js
190 image: buoyantio/emojivoto-web:v10
191 name: web-svc
192 ports:
193 - containerPort: 80
194 name: http
195 initContainers:
196 - args:
197 - --ipv6=false
198 - --incoming-proxy-port
199 - "4143"
200 - --outgoing-proxy-port
201 - "4140"
202 - --proxy-uid
203 - "2102"
204 - --inbound-ports-to-ignore
205 - 4190,4191,4567,4568
206 - --outbound-ports-to-ignore
207 - 4567,4568
208 image: cr.l5d.io/linkerd/proxy-init:v2.4.0
209 imagePullPolicy: IfNotPresent
210 name: linkerd-init
211 resources:
212 limits:
213 cpu: 100m
214 memory: 20Mi
215 requests:
216 cpu: 100m
217 memory: 20Mi
218 securityContext:
219 allowPrivilegeEscalation: false
220 capabilities:
221 add:
222 - NET_ADMIN
223 - NET_RAW
224 privileged: false
225 readOnlyRootFilesystem: true
226 runAsGroup: 65534
227 runAsNonRoot: true
228 runAsUser: 65534
229 seccompProfile:
230 type: RuntimeDefault
231 terminationMessagePolicy: FallbackToLogsOnError
232 volumeMounts:
233 - mountPath: /run
234 name: linkerd-proxy-init-xtables-lock
235 volumes:
236 - emptyDir: {}
237 name: linkerd-proxy-init-xtables-lock
238 - emptyDir:
239 medium: Memory
240 name: linkerd-identity-end-entity
241 - name: linkerd-identity-token
242 projected:
243 sources:
244 - serviceAccountToken:
245 audience: identity.l5d.io
246 expirationSeconds: 86400
247 path: linkerd-identity-token
248- apiVersion: apps/v1
249 kind: Deployment
250 metadata:
251 name: emoji
252 namespace: emojivoto
253 spec:
254 replicas: 1
255 selector:
256 matchLabels:
257 app: emoji-svc
258 template:
259 metadata:
260 annotations:
261 linkerd.io/created-by: linkerd/cli dev-undefined
262 linkerd.io/proxy-version: test-inject-proxy-version
263 linkerd.io/trust-root-sha256: 8dc603abd4e755c25c94da05abbf29b9b283a784733651020d72f97ca8ab98e4
264 labels:
265 app: emoji-svc
266 linkerd.io/control-plane-ns: linkerd
267 linkerd.io/proxy-deployment: emoji
268 linkerd.io/workload-ns: emojivoto
269 spec:
270 containers:
271 - env:
272 - name: _pod_name
273 valueFrom:
274 fieldRef:
275 fieldPath: metadata.name
276 - name: _pod_ns
277 valueFrom:
278 fieldRef:
279 fieldPath: metadata.namespace
280 - name: _pod_nodeName
281 valueFrom:
282 fieldRef:
283 fieldPath: spec.nodeName
284 - name: LINKERD2_PROXY_LOG
285 value: warn,linkerd=info,trust_dns=error
286 - name: LINKERD2_PROXY_LOG_FORMAT
287 value: plain
288 - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
289 value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086
290 - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
291 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
292 - name: LINKERD2_PROXY_POLICY_SVC_ADDR
293 value: linkerd-policy.linkerd.svc.cluster.local.:8090
294 - name: LINKERD2_PROXY_POLICY_WORKLOAD
295 value: |
296 {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"}
297 - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY
298 value: all-unauthenticated
299 - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS
300 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
301 - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT
302 value: 3s
303 - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT
304 value: 5m
305 - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME
306 value: 1h
307 - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
308 value: 100ms
309 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
310 value: 1000ms
311 - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT
312 value: 5s
313 - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
314 value: 90s
315 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
316 value: '[::]:4190'
317 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
318 value: '[::]:4191'
319 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
320 value: 127.0.0.1:4140
321 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
322 value: 127.0.0.1:4140
323 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
324 value: '[::]:4143'
325 - name: LINKERD2_PROXY_INBOUND_IPS
326 valueFrom:
327 fieldRef:
328 fieldPath: status.podIPs
329 - name: LINKERD2_PROXY_INBOUND_PORTS
330 value: "8080"
331 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
332 value: svc.cluster.local.
333 - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
334 value: 10000ms
335 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
336 value: 10000ms
337 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
338 value: 10s
339 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
340 value: 3s
341 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
342 value: 10s
343 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
344 value: 3s
345 - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
346 value: 25,587,3306,4444,5432,6379,9300,11211
347 - name: LINKERD2_PROXY_DESTINATION_CONTEXT
348 value: |
349 {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"}
350 - name: _pod_sa
351 valueFrom:
352 fieldRef:
353 fieldPath: spec.serviceAccountName
354 - name: _l5d_ns
355 value: linkerd
356 - name: _l5d_trustdomain
357 value: cluster.local
358 - name: LINKERD2_PROXY_IDENTITY_DIR
359 value: /var/run/linkerd/identity/end-entity
360 - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
361 value: |
362 -----BEGIN CERTIFICATE-----
363 MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
364 JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
365 MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
366 ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
367 l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
368 uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
369 /wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
370 aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
371 IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
372 vgUC0d2/9FMueIVMb+46WTCOjsqr
373 -----END CERTIFICATE-----
374 - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
375 value: /var/run/secrets/tokens/linkerd-identity-token
376 - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
377 value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080
378 - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
379 value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
380 - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
381 value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
382 - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
383 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
384 - name: LINKERD2_PROXY_POLICY_SVC_NAME
385 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
386 image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version
387 imagePullPolicy: IfNotPresent
388 lifecycle:
389 postStart:
390 exec:
391 command:
392 - /usr/lib/linkerd/linkerd-await
393 - --timeout=2m
394 - --port=4191
395 livenessProbe:
396 httpGet:
397 path: /live
398 port: 4191
399 initialDelaySeconds: 10
400 timeoutSeconds: 1
401 name: linkerd-proxy
402 ports:
403 - containerPort: 4143
404 name: linkerd-proxy
405 - containerPort: 4191
406 name: linkerd-admin
407 readinessProbe:
408 httpGet:
409 path: /ready
410 port: 4191
411 initialDelaySeconds: 2
412 timeoutSeconds: 1
413 securityContext:
414 allowPrivilegeEscalation: false
415 readOnlyRootFilesystem: true
416 runAsNonRoot: true
417 runAsUser: 2102
418 seccompProfile:
419 type: RuntimeDefault
420 terminationMessagePolicy: FallbackToLogsOnError
421 volumeMounts:
422 - mountPath: /var/run/linkerd/identity/end-entity
423 name: linkerd-identity-end-entity
424 - mountPath: /var/run/secrets/tokens
425 name: linkerd-identity-token
426 - env:
427 - name: GRPC_PORT
428 value: "8080"
429 image: buoyantio/emojivoto-emoji-svc:v10
430 name: emoji-svc
431 ports:
432 - containerPort: 8080
433 name: grpc
434 protocol: TCP
435 initContainers:
436 - args:
437 - --ipv6=false
438 - --incoming-proxy-port
439 - "4143"
440 - --outgoing-proxy-port
441 - "4140"
442 - --proxy-uid
443 - "2102"
444 - --inbound-ports-to-ignore
445 - 4190,4191,4567,4568
446 - --outbound-ports-to-ignore
447 - 4567,4568
448 image: cr.l5d.io/linkerd/proxy-init:v2.4.0
449 imagePullPolicy: IfNotPresent
450 name: linkerd-init
451 resources:
452 limits:
453 cpu: 100m
454 memory: 20Mi
455 requests:
456 cpu: 100m
457 memory: 20Mi
458 securityContext:
459 allowPrivilegeEscalation: false
460 capabilities:
461 add:
462 - NET_ADMIN
463 - NET_RAW
464 privileged: false
465 readOnlyRootFilesystem: true
466 runAsGroup: 65534
467 runAsNonRoot: true
468 runAsUser: 65534
469 seccompProfile:
470 type: RuntimeDefault
471 terminationMessagePolicy: FallbackToLogsOnError
472 volumeMounts:
473 - mountPath: /run
474 name: linkerd-proxy-init-xtables-lock
475 volumes:
476 - emptyDir: {}
477 name: linkerd-proxy-init-xtables-lock
478 - emptyDir:
479 medium: Memory
480 name: linkerd-identity-end-entity
481 - name: linkerd-identity-token
482 projected:
483 sources:
484 - serviceAccountToken:
485 audience: identity.l5d.io
486 expirationSeconds: 86400
487 path: linkerd-identity-token
488kind: List
489metadata: {}
490---
View as plain text