1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: get-test-deploy-injected-1
5spec:
6 selector: null
7 template:
8 metadata:
9 annotations:
10 linkerd.io/created-by: linkerd/cli dev-undefined
11 linkerd.io/proxy-version: testinjectversion
12 linkerd.io/trust-root-sha256: 8dc603abd4e755c25c94da05abbf29b9b283a784733651020d72f97ca8ab98e4
13 labels:
14 app: get-test
15 linkerd.io/control-plane-ns: linkerd
16 linkerd.io/proxy-deployment: get-test-deploy-injected-1
17 linkerd.io/workload-ns: ""
18 spec:
19 containers:
20 - env:
21 - name: _pod_name
22 valueFrom:
23 fieldRef:
24 fieldPath: metadata.name
25 - name: _pod_ns
26 valueFrom:
27 fieldRef:
28 fieldPath: metadata.namespace
29 - name: _pod_nodeName
30 valueFrom:
31 fieldRef:
32 fieldPath: spec.nodeName
33 - name: LINKERD2_PROXY_LOG
34 value: warn,linkerd=info,trust_dns=error
35 - name: LINKERD2_PROXY_LOG_FORMAT
36 value: plain
37 - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
38 value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086
39 - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
40 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
41 - name: LINKERD2_PROXY_POLICY_SVC_ADDR
42 value: linkerd-policy.linkerd.svc.cluster.local.:8090
43 - name: LINKERD2_PROXY_POLICY_WORKLOAD
44 value: |
45 {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"}
46 - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY
47 value: all-unauthenticated
48 - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS
49 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
50 - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT
51 value: 3s
52 - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT
53 value: 5m
54 - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME
55 value: 1h
56 - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
57 value: 100ms
58 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
59 value: 1000ms
60 - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT
61 value: 5s
62 - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
63 value: 90s
64 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
65 value: '[::]:4190'
66 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
67 value: '[::]:4191'
68 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
69 value: 127.0.0.1:4140
70 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
71 value: 127.0.0.1:4140
72 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
73 value: '[::]:4143'
74 - name: LINKERD2_PROXY_INBOUND_IPS
75 valueFrom:
76 fieldRef:
77 fieldPath: status.podIPs
78 - name: LINKERD2_PROXY_INBOUND_PORTS
79 value: "9090"
80 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
81 value: svc.cluster.local.
82 - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
83 value: 10000ms
84 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
85 value: 10000ms
86 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
87 value: 10s
88 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
89 value: 3s
90 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
91 value: 10s
92 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
93 value: 3s
94 - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
95 value: 25,587,3306,4444,5432,6379,9300,11211
96 - name: LINKERD2_PROXY_DESTINATION_CONTEXT
97 value: |
98 {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"}
99 - name: _pod_sa
100 valueFrom:
101 fieldRef:
102 fieldPath: spec.serviceAccountName
103 - name: _l5d_ns
104 value: linkerd
105 - name: _l5d_trustdomain
106 value: cluster.local
107 - name: LINKERD2_PROXY_IDENTITY_DIR
108 value: /var/run/linkerd/identity/end-entity
109 - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
110 value: |
111 -----BEGIN CERTIFICATE-----
112 MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
113 JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
114 MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
115 ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
116 l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
117 uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
118 /wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
119 aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
120 IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
121 vgUC0d2/9FMueIVMb+46WTCOjsqr
122 -----END CERTIFICATE-----
123 - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
124 value: /var/run/secrets/tokens/linkerd-identity-token
125 - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
126 value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080
127 - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
128 value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
129 - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
130 value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
131 - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
132 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
133 - name: LINKERD2_PROXY_POLICY_SVC_NAME
134 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
135 image: cr.l5d.io/linkerd/proxy:testinjectversion
136 imagePullPolicy: IfNotPresent
137 lifecycle:
138 postStart:
139 exec:
140 command:
141 - /usr/lib/linkerd/linkerd-await
142 - --timeout=2m
143 - --port=4191
144 livenessProbe:
145 httpGet:
146 path: /live
147 port: 4191
148 initialDelaySeconds: 10
149 timeoutSeconds: 1
150 name: linkerd-proxy
151 ports:
152 - containerPort: 4143
153 name: linkerd-proxy
154 - containerPort: 4191
155 name: linkerd-admin
156 readinessProbe:
157 httpGet:
158 path: /ready
159 port: 4191
160 initialDelaySeconds: 2
161 timeoutSeconds: 1
162 securityContext:
163 allowPrivilegeEscalation: false
164 readOnlyRootFilesystem: true
165 runAsNonRoot: true
166 runAsUser: 2102
167 seccompProfile:
168 type: RuntimeDefault
169 terminationMessagePolicy: FallbackToLogsOnError
170 volumeMounts:
171 - mountPath: /var/run/linkerd/identity/end-entity
172 name: linkerd-identity-end-entity
173 - mountPath: /var/run/secrets/tokens
174 name: linkerd-identity-token
175 - args:
176 - terminus
177 - --grpc-server-port
178 - "9090"
179 - --response-text
180 - c1
181 image: buoyantio/bb:v0.0.6
182 name: http-to-grpc-two-replicas-c1
183 ports:
184 - containerPort: 9090
185 - args:
186 - terminus
187 - --grpc-server-port
188 - "8080"
189 - --response-text
190 - c2
191 image: buoyantio/bb:v0.0.6
192 name: http-to-grpc-two-replicas-c2
193 ports:
194 - containerPort: 9090
195 initContainers:
196 - args:
197 - --ipv6=false
198 - --incoming-proxy-port
199 - "4143"
200 - --outgoing-proxy-port
201 - "4140"
202 - --proxy-uid
203 - "2102"
204 - --inbound-ports-to-ignore
205 - 4190,4191,4567,4568
206 - --outbound-ports-to-ignore
207 - 4567,4568
208 image: cr.l5d.io/linkerd/proxy-init:v2.4.0
209 imagePullPolicy: IfNotPresent
210 name: linkerd-init
211 resources:
212 limits:
213 cpu: 100m
214 memory: 20Mi
215 requests:
216 cpu: 100m
217 memory: 20Mi
218 securityContext:
219 allowPrivilegeEscalation: false
220 capabilities:
221 add:
222 - NET_ADMIN
223 - NET_RAW
224 privileged: false
225 readOnlyRootFilesystem: true
226 runAsGroup: 65534
227 runAsNonRoot: true
228 runAsUser: 65534
229 seccompProfile:
230 type: RuntimeDefault
231 terminationMessagePolicy: FallbackToLogsOnError
232 volumeMounts:
233 - mountPath: /run
234 name: linkerd-proxy-init-xtables-lock
235 volumes:
236 - emptyDir: {}
237 name: linkerd-proxy-init-xtables-lock
238 - emptyDir:
239 medium: Memory
240 name: linkerd-identity-end-entity
241 - name: linkerd-identity-token
242 projected:
243 sources:
244 - serviceAccountToken:
245 audience: identity.l5d.io
246 expirationSeconds: 86400
247 path: linkerd-identity-token
248---
249apiVersion: apps/v1
250kind: Deployment
251metadata:
252 name: get-test-deploy-injected-2
253spec:
254 selector: null
255 template:
256 metadata:
257 annotations:
258 linkerd.io/created-by: linkerd/cli dev-undefined
259 linkerd.io/proxy-version: testinjectversion
260 linkerd.io/trust-root-sha256: 8dc603abd4e755c25c94da05abbf29b9b283a784733651020d72f97ca8ab98e4
261 labels:
262 app: get-test
263 linkerd.io/control-plane-ns: linkerd
264 linkerd.io/proxy-deployment: get-test-deploy-injected-2
265 linkerd.io/workload-ns: ""
266 spec:
267 containers:
268 - env:
269 - name: _pod_name
270 valueFrom:
271 fieldRef:
272 fieldPath: metadata.name
273 - name: _pod_ns
274 valueFrom:
275 fieldRef:
276 fieldPath: metadata.namespace
277 - name: _pod_nodeName
278 valueFrom:
279 fieldRef:
280 fieldPath: spec.nodeName
281 - name: LINKERD2_PROXY_LOG
282 value: warn,linkerd=info,trust_dns=error
283 - name: LINKERD2_PROXY_LOG_FORMAT
284 value: plain
285 - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
286 value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086
287 - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
288 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
289 - name: LINKERD2_PROXY_POLICY_SVC_ADDR
290 value: linkerd-policy.linkerd.svc.cluster.local.:8090
291 - name: LINKERD2_PROXY_POLICY_WORKLOAD
292 value: |
293 {"ns":"$(_pod_ns)", "pod":"$(_pod_name)"}
294 - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY
295 value: all-unauthenticated
296 - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS
297 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8
298 - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT
299 value: 3s
300 - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT
301 value: 5m
302 - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME
303 value: 1h
304 - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT
305 value: 100ms
306 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT
307 value: 1000ms
308 - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT
309 value: 5s
310 - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
311 value: 90s
312 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
313 value: '[::]:4190'
314 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
315 value: '[::]:4191'
316 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
317 value: 127.0.0.1:4140
318 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
319 value: 127.0.0.1:4140
320 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
321 value: '[::]:4143'
322 - name: LINKERD2_PROXY_INBOUND_IPS
323 valueFrom:
324 fieldRef:
325 fieldPath: status.podIPs
326 - name: LINKERD2_PROXY_INBOUND_PORTS
327 value: "9090"
328 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
329 value: svc.cluster.local.
330 - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
331 value: 10000ms
332 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
333 value: 10000ms
334 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
335 value: 10s
336 - name: LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
337 value: 3s
338 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL
339 value: 10s
340 - name: LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT
341 value: 3s
342 - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
343 value: 25,587,3306,4444,5432,6379,9300,11211
344 - name: LINKERD2_PROXY_DESTINATION_CONTEXT
345 value: |
346 {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"}
347 - name: _pod_sa
348 valueFrom:
349 fieldRef:
350 fieldPath: spec.serviceAccountName
351 - name: _l5d_ns
352 value: linkerd
353 - name: _l5d_trustdomain
354 value: cluster.local
355 - name: LINKERD2_PROXY_IDENTITY_DIR
356 value: /var/run/linkerd/identity/end-entity
357 - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
358 value: |
359 -----BEGIN CERTIFICATE-----
360 MIIBwTCCAWagAwIBAgIQeDZp5lDaIygQ5UfMKZrFATAKBggqhkjOPQQDAjApMScw
361 JQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjAwODI4
362 MDcxMjQ3WhcNMzAwODI2MDcxMjQ3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5r
363 ZXJkLmNsdXN0ZXIubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqc70Z
364 l1vgw79rjB5uSITICUA6GyfvSFfcuIis7B/XFSkkwAHU5S/s1AAP+R0TX7HBWUC4
365 uaG4WWsiwJKNn7mgo3AwbjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
366 /wIBATAdBgNVHQ4EFgQU5YtjVVPfd7I7NLHsn2C26EByGV0wKQYDVR0RBCIwIIIe
367 aWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0kAMEYC
368 IQCN7lBFLDDvjx6V0+XkjpKERRsJYf5adMvnloFl48ilJgIhANtxhndcr+QJPuC8
369 vgUC0d2/9FMueIVMb+46WTCOjsqr
370 -----END CERTIFICATE-----
371 - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
372 value: /var/run/secrets/tokens/linkerd-identity-token
373 - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
374 value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080
375 - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
376 value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
377 - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
378 value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
379 - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
380 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
381 - name: LINKERD2_PROXY_POLICY_SVC_NAME
382 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
383 image: cr.l5d.io/linkerd/proxy:testinjectversion
384 imagePullPolicy: IfNotPresent
385 lifecycle:
386 postStart:
387 exec:
388 command:
389 - /usr/lib/linkerd/linkerd-await
390 - --timeout=2m
391 - --port=4191
392 livenessProbe:
393 httpGet:
394 path: /live
395 port: 4191
396 initialDelaySeconds: 10
397 timeoutSeconds: 1
398 name: linkerd-proxy
399 ports:
400 - containerPort: 4143
401 name: linkerd-proxy
402 - containerPort: 4191
403 name: linkerd-admin
404 readinessProbe:
405 httpGet:
406 path: /ready
407 port: 4191
408 initialDelaySeconds: 2
409 timeoutSeconds: 1
410 securityContext:
411 allowPrivilegeEscalation: false
412 readOnlyRootFilesystem: true
413 runAsNonRoot: true
414 runAsUser: 2102
415 seccompProfile:
416 type: RuntimeDefault
417 terminationMessagePolicy: FallbackToLogsOnError
418 volumeMounts:
419 - mountPath: /var/run/linkerd/identity/end-entity
420 name: linkerd-identity-end-entity
421 - mountPath: /var/run/secrets/tokens
422 name: linkerd-identity-token
423 - args:
424 - terminus
425 - --grpc-server-port
426 - "9090"
427 - --response-text
428 - c1
429 image: buoyantio/bb:v0.0.6
430 name: http-to-grpc-one-replica-c1
431 ports:
432 - containerPort: 9090
433 - args:
434 - terminus
435 - --grpc-server-port
436 - "8080"
437 - --response-text
438 - c2
439 image: buoyantio/bb:v0.0.6
440 name: http-to-grpc-one-replica-c2
441 ports:
442 - containerPort: 9090
443 initContainers:
444 - args:
445 - --ipv6=false
446 - --incoming-proxy-port
447 - "4143"
448 - --outgoing-proxy-port
449 - "4140"
450 - --proxy-uid
451 - "2102"
452 - --inbound-ports-to-ignore
453 - 4190,4191,4567,4568
454 - --outbound-ports-to-ignore
455 - 4567,4568
456 image: cr.l5d.io/linkerd/proxy-init:v2.4.0
457 imagePullPolicy: IfNotPresent
458 name: linkerd-init
459 resources:
460 limits:
461 cpu: 100m
462 memory: 20Mi
463 requests:
464 cpu: 100m
465 memory: 20Mi
466 securityContext:
467 allowPrivilegeEscalation: false
468 capabilities:
469 add:
470 - NET_ADMIN
471 - NET_RAW
472 privileged: false
473 readOnlyRootFilesystem: true
474 runAsGroup: 65534
475 runAsNonRoot: true
476 runAsUser: 65534
477 seccompProfile:
478 type: RuntimeDefault
479 terminationMessagePolicy: FallbackToLogsOnError
480 volumeMounts:
481 - mountPath: /run
482 name: linkerd-proxy-init-xtables-lock
483 volumes:
484 - emptyDir: {}
485 name: linkerd-proxy-init-xtables-lock
486 - emptyDir:
487 medium: Memory
488 name: linkerd-identity-end-entity
489 - name: linkerd-identity-token
490 projected:
491 sources:
492 - serviceAccountToken:
493 audience: identity.l5d.io
494 expirationSeconds: 86400
495 path: linkerd-identity-token
496---
View as plain text