1apiVersion: v1
2kind: Pod
3metadata:
4 annotations:
5 linkerd.io/created-by: linkerd/cli dev-undefined
6 linkerd.io/proxy-version: test-inject-proxy-version
7 linkerd.io/trust-root-sha256: 8dc603abd4e755c25c94da05abbf29b9b283a784733651020d72f97ca8ab98e4
8 labels:
9 app: vote-bot
10 linkerd.io/control-plane-ns: linkerd
11 linkerd.io/workload-ns: emojivoto
12 name: vote-bot
13 namespace: emojivoto
14spec:
15 containers:
16 - command:
17 - emojivoto-vote-bot
18 env:
19 - name: WEB_HOST
20 value: web-svc.emojivoto:80
21 image: buoyantio/emojivoto-web:v10
22 name: vote-bot
23 initContainers:
24 - args:
25 - --incoming-proxy-port
26 - "4143"
27 - --outgoing-proxy-port
28 - "4140"
29 - --proxy-uid
30 - "2102"
31 - --inbound-ports-to-ignore
32 - 4190,4191,4567,4568
33 - --outbound-ports-to-ignore
34 - 4567,4568
35 image: cr.l5d.io/linkerd/proxy-init:v2.3.0
36 imagePullPolicy: IfNotPresent
37 name: linkerd-init
38 resources:
39 limits:
40 cpu: 100m
41 memory: 20Mi
42 requests:
43 cpu: 100m
44 memory: 20Mi
45 securityContext:
46 allowPrivilegeEscalation: false
47 capabilities:
48 add:
49 - NET_ADMIN
50 - NET_RAW
51 privileged: false
52 readOnlyRootFilesystem: true
53 runAsNonRoot: true
54 runAsUser: 65534
55 seccompProfile:
56 type: RuntimeDefault
57 terminationMessagePolicy: FallbackToLogsOnError
58 volumeMounts:
59 - mountPath: /run
60 name: linkerd-proxy-init-xtables-lock
61 - env:
62 - name: _pod_name
63 valueFrom:
64 fieldRef:
65 fieldPath: metadata.name
66 - name: _pod_ns
67 valueFrom:
68 fieldRef:
69 fieldPath: metadata.namespace
70 - name: _pod_nodeName
71 valueFrom:
72 fieldRef:
73 fieldPath: spec.nodeName
74 - name: LINKERD2_PROXY_LOG
75 value: warn,linkerd=info,trust_dns=error
76 - name: LINKERD2_PROXY_LOG_FORMAT
77 value: plain
78 - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
79 value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086
80 - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
81 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
82 - name: LINKERD2_PROXY_POLICY_SVC_ADDR
83 value: linkerd-policy.linkerd.svc.cluster.local.:8090
84 - name: LINKERD2_PROXY_POLICY_WORKLOAD
85 value: |
86 {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"}
87 - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY
88 value: all-unauthenticated
89 - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS
90 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
91 - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT
92 value: 3s
93 - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT
94 value: 5m
95 - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME
96 value: 1h
97 - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
98 value: 100ms
99 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
100 value: 1000ms
101 - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT
102 value: 5s
103 - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
104 value: 90s
105 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
106 value: 0.0.0.0:4190
107 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
108 value: 0.0.0.0:4191
109 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
110 value: 127.0.0.1:4140
111 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
112 value: 0.0.0.0:4143
113 - name: LINKERD2_PROXY_INBOUND_IPS
114 valueFrom:
115 fieldRef:
116 fieldPath: status.podIPs
117 - name: LINKERD2_PROXY_INBOUND_PORTS
118 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
119 value: svc.cluster.local.
120 - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
121 value: 10000ms
122 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
123 value: 10000ms
124 - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
125 value: 25,587,3306,4444,5432,6379,9300,11211
126 - name: LINKERD2_PROXY_DESTINATION_CONTEXT
127 value: |
128 {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"}
129 - name: _pod_sa
130 valueFrom:
131 fieldRef:
132 fieldPath: spec.serviceAccountName
133 - name: _l5d_ns
134 value: linkerd
135 - name: _l5d_trustdomain
136 value: cluster.local
137 - name: LINKERD2_PROXY_IDENTITY_DIR
138 value: /var/run/linkerd/identity/end-entity
139 - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
140 value: |
141 -----BEGIN CERTIFICATE-----
142 MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
143 JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
144 MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
145 ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
146 l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
147 uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
148 /wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
149 aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
150 IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
151 vgUC0d2/9FMueIVMb+46WTCOjsqr
152 -----END CERTIFICATE-----
153 - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
154 value: /var/run/secrets/tokens/linkerd-identity-token
155 - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
156 value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080
157 - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
158 value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
159 - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
160 value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
161 - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
162 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
163 - name: LINKERD2_PROXY_POLICY_SVC_NAME
164 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
165 image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version
166 imagePullPolicy: IfNotPresent
167 lifecycle:
168 postStart:
169 exec:
170 command:
171 - /usr/lib/linkerd/linkerd-await
172 - --timeout=2m
173 - --port=4191
174 livenessProbe:
175 httpGet:
176 path: /live
177 port: 4191
178 initialDelaySeconds: 10
179 timeoutSeconds: 1
180 name: linkerd-proxy
181 ports:
182 - containerPort: 4143
183 name: linkerd-proxy
184 - containerPort: 4191
185 name: linkerd-admin
186 readinessProbe:
187 httpGet:
188 path: /ready
189 port: 4191
190 initialDelaySeconds: 2
191 timeoutSeconds: 1
192 restartPolicy: Always
193 securityContext:
194 allowPrivilegeEscalation: false
195 readOnlyRootFilesystem: true
196 runAsNonRoot: true
197 runAsUser: 2102
198 seccompProfile:
199 type: RuntimeDefault
200 startupProbe:
201 failureThreshold: 120
202 httpGet:
203 path: /ready
204 port: 4191
205 scheme: HTTP
206 periodSeconds: 1
207 successThreshold: 1
208 timeoutSeconds: 1
209 terminationMessagePolicy: FallbackToLogsOnError
210 volumeMounts:
211 - mountPath: /var/run/linkerd/identity/end-entity
212 name: linkerd-identity-end-entity
213 - mountPath: /var/run/secrets/tokens
214 name: linkerd-identity-token
215 volumes:
216 - emptyDir: {}
217 name: linkerd-proxy-init-xtables-lock
218 - emptyDir:
219 medium: Memory
220 name: linkerd-identity-end-entity
221 - name: linkerd-identity-token
222 projected:
223 sources:
224 - serviceAccountToken:
225 audience: identity.l5d.io
226 expirationSeconds: 86400
227 path: linkerd-identity-token
228---
View as plain text