1apiVersion: v1
2kind: Pod
3metadata:
4 annotations:
5 linkerd.io/created-by: linkerd/cli dev-undefined
6 linkerd.io/inject: ingress
7 linkerd.io/proxy-version: test-inject-proxy-version
8 linkerd.io/trust-root-sha256: 8dc603abd4e755c25c94da05abbf29b9b283a784733651020d72f97ca8ab98e4
9 labels:
10 app: vote-bot
11 linkerd.io/control-plane-ns: linkerd
12 linkerd.io/workload-ns: emojivoto
13 name: vote-bot
14 namespace: emojivoto
15spec:
16 containers:
17 - env:
18 - name: _pod_name
19 valueFrom:
20 fieldRef:
21 fieldPath: metadata.name
22 - name: _pod_ns
23 valueFrom:
24 fieldRef:
25 fieldPath: metadata.namespace
26 - name: _pod_nodeName
27 valueFrom:
28 fieldRef:
29 fieldPath: spec.nodeName
30 - name: LINKERD2_PROXY_LOG
31 value: warn,linkerd=info,trust_dns=error
32 - name: LINKERD2_PROXY_LOG_FORMAT
33 value: plain
34 - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
35 value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086
36 - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
37 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
38 - name: LINKERD2_PROXY_POLICY_SVC_ADDR
39 value: linkerd-policy.linkerd.svc.cluster.local.:8090
40 - name: LINKERD2_PROXY_POLICY_WORKLOAD
41 value: |
42 {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"}
43 - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY
44 value: all-unauthenticated
45 - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS
46 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
47 - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT
48 value: 3s
49 - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT
50 value: 5m
51 - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME
52 value: 1h
53 - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
54 value: 100ms
55 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
56 value: 1000ms
57 - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT
58 value: 5s
59 - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
60 value: 90s
61 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
62 value: '[::]:4190'
63 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
64 value: '[::]:4191'
65 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
66 value: 127.0.0.1:4140
67 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
68 value: 127.0.0.1:4140
69 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
70 value: '[::]:4143'
71 - name: LINKERD2_PROXY_INBOUND_IPS
72 valueFrom:
73 fieldRef:
74 fieldPath: status.podIPs
75 - name: LINKERD2_PROXY_INBOUND_PORTS
76 - name: LINKERD2_PROXY_INGRESS_MODE
77 value: "true"
78 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
79 value: svc.cluster.local.
80 - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
81 value: 10000ms
82 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
83 value: 10000ms
84 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
85 value: 10s
86 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
87 value: 3s
88 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
89 value: 10s
90 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
91 value: 3s
92 - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
93 value: 25,587,3306,4444,5432,6379,9300,11211
94 - name: LINKERD2_PROXY_DESTINATION_CONTEXT
95 value: |
96 {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"}
97 - name: _pod_sa
98 valueFrom:
99 fieldRef:
100 fieldPath: spec.serviceAccountName
101 - name: _l5d_ns
102 value: linkerd
103 - name: _l5d_trustdomain
104 value: cluster.local
105 - name: LINKERD2_PROXY_IDENTITY_DIR
106 value: /var/run/linkerd/identity/end-entity
107 - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
108 value: |
109 -----BEGIN CERTIFICATE-----
110 MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
111 JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
112 MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
113 ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
114 l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
115 uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
116 /wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
117 aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
118 IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
119 vgUC0d2/9FMueIVMb+46WTCOjsqr
120 -----END CERTIFICATE-----
121 - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
122 value: /var/run/secrets/tokens/linkerd-identity-token
123 - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
124 value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080
125 - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
126 value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
127 - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
128 value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
129 - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
130 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
131 - name: LINKERD2_PROXY_POLICY_SVC_NAME
132 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
133 image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version
134 imagePullPolicy: IfNotPresent
135 lifecycle:
136 postStart:
137 exec:
138 command:
139 - /usr/lib/linkerd/linkerd-await
140 - --timeout=2m
141 - --port=4191
142 livenessProbe:
143 httpGet:
144 path: /live
145 port: 4191
146 initialDelaySeconds: 10
147 timeoutSeconds: 1
148 name: linkerd-proxy
149 ports:
150 - containerPort: 4143
151 name: linkerd-proxy
152 - containerPort: 4191
153 name: linkerd-admin
154 readinessProbe:
155 httpGet:
156 path: /ready
157 port: 4191
158 initialDelaySeconds: 2
159 timeoutSeconds: 1
160 securityContext:
161 allowPrivilegeEscalation: false
162 readOnlyRootFilesystem: true
163 runAsNonRoot: true
164 runAsUser: 2102
165 seccompProfile:
166 type: RuntimeDefault
167 terminationMessagePolicy: FallbackToLogsOnError
168 volumeMounts:
169 - mountPath: /var/run/linkerd/identity/end-entity
170 name: linkerd-identity-end-entity
171 - mountPath: /var/run/secrets/tokens
172 name: linkerd-identity-token
173 - command:
174 - emojivoto-vote-bot
175 env:
176 - name: WEB_HOST
177 value: web-svc.emojivoto:80
178 image: buoyantio/emojivoto-web:v10
179 name: vote-bot
180 initContainers:
181 - args:
182 - --ipv6=false
183 - --incoming-proxy-port
184 - "4143"
185 - --outgoing-proxy-port
186 - "4140"
187 - --proxy-uid
188 - "2102"
189 - --inbound-ports-to-ignore
190 - 4190,4191,4567,4568
191 - --outbound-ports-to-ignore
192 - 4567,4568
193 image: cr.l5d.io/linkerd/proxy-init:v2.4.0
194 imagePullPolicy: IfNotPresent
195 name: linkerd-init
196 resources:
197 limits:
198 cpu: 100m
199 memory: 20Mi
200 requests:
201 cpu: 100m
202 memory: 20Mi
203 securityContext:
204 allowPrivilegeEscalation: false
205 capabilities:
206 add:
207 - NET_ADMIN
208 - NET_RAW
209 privileged: false
210 readOnlyRootFilesystem: true
211 runAsGroup: 65534
212 runAsNonRoot: true
213 runAsUser: 65534
214 seccompProfile:
215 type: RuntimeDefault
216 terminationMessagePolicy: FallbackToLogsOnError
217 volumeMounts:
218 - mountPath: /run
219 name: linkerd-proxy-init-xtables-lock
220 volumes:
221 - emptyDir: {}
222 name: linkerd-proxy-init-xtables-lock
223 - emptyDir:
224 medium: Memory
225 name: linkerd-identity-end-entity
226 - name: linkerd-identity-token
227 projected:
228 sources:
229 - serviceAccountToken:
230 audience: identity.l5d.io
231 expirationSeconds: 86400
232 path: linkerd-identity-token
233---
View as plain text