1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 annotations:
5 creationTimestamp: null
6 generation: 1
7 labels:
8 linkerd.io/control-plane-component: tap
9 linkerd.io/control-plane-ns: linkerd
10 name: linkerd-tap
11 namespace: linkerd
12 resourceVersion: "2387"
13 selfLink: /apis/extensions/v1beta1/namespaces/linkerd/deployments/linkerd-tap
14 uid: edb24475-9371-491a-b536-b084a91d9700
15spec:
16 progressDeadlineSeconds: 600
17 replicas: 1
18 revisionHistoryLimit: 10
19 selector:
20 matchLabels:
21 linkerd.io/control-plane-component: tap
22 linkerd.io/control-plane-ns: linkerd
23 linkerd.io/proxy-deployment: linkerd-tap
24 strategy:
25 rollingUpdate:
26 maxSurge: 25%
27 maxUnavailable: 25%
28 type: RollingUpdate
29 template:
30 metadata:
31 annotations:
32 linkerd.io/created-by: linkerd/cli git-a94122bf
33 linkerd.io/proxy-version: git-a94122bf
34 creationTimestamp: null
35 labels:
36 linkerd.io/control-plane-component: tap
37 linkerd.io/control-plane-ns: linkerd
38 linkerd.io/proxy-deployment: linkerd-tap
39 spec:
40 containers:
41 - args:
42 - tap
43 - -controller-namespace=linkerd
44 - -log-level=info
45 image: cr.l5d.io/linkerd/controller:git-a94122bf
46 imagePullPolicy: IfNotPresent
47 livenessProbe:
48 failureThreshold: 3
49 httpGet:
50 path: /ping
51 port: 9998
52 scheme: HTTP
53 initialDelaySeconds: 10
54 periodSeconds: 10
55 successThreshold: 1
56 timeoutSeconds: 1
57 name: tap
58 ports:
59 - containerPort: 8088
60 name: grpc
61 protocol: TCP
62 - containerPort: 8089
63 name: apiserver
64 protocol: TCP
65 - containerPort: 9998
66 name: admin-http
67 protocol: TCP
68 readinessProbe:
69 failureThreshold: 7
70 httpGet:
71 path: /ready
72 port: 9998
73 scheme: HTTP
74 periodSeconds: 10
75 successThreshold: 1
76 timeoutSeconds: 1
77 resources: {}
78 securityContext:
79 runAsUser: 2103
80 runAsGroup: 2103
81 terminationMessagePath: /dev/termination-log
82 terminationMessagePolicy: File
83 volumeMounts:
84 - mountPath: /var/run/linkerd/tls
85 name: tls
86 readOnly: true
87 - mountPath: /var/run/linkerd/config
88 name: config
89 - env:
90 - name: LINKERD2_PROXY_LOG
91 value: warn,linkerd=info
92 - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR
93 value: linkerd-destination.linkerd.svc.cluster.local:8086
94 - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
95 value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
96 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
97 value: "[::]:4190"
98 - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
99 value: "[::]:4191"
100 - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
101 value: "127.0.0.1:4140,[::1]:4140"
102 - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
103 value: "[::]:4143"
104 - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
105 value: svc.cluster.local.
106 - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE
107 value: 10000ms
108 - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE
109 value: 10000ms
110 - name: _pod_ns
111 valueFrom:
112 fieldRef:
113 apiVersion: v1
114 fieldPath: metadata.namespace
115 - name: LINKERD2_PROXY_DESTINATION_CONTEXT
116 value: ns:$(_pod_ns)
117 - name: LINKERD2_PROXY_IDENTITY_DIR
118 value: /var/run/linkerd/identity/end-entity
119 - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
120 value: |
121 -----BEGIN CERTIFICATE-----
122 MIIBgjCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0
123 eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkxMDIyMTEyMzA1WhcNMjAxMDIx
124 MTEyMzI1WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j
125 YWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQy6ZAtJL51C4jsnaS4PL+zJ4+K
126 9cVJXGFxfRdY/yleFsSNT7/JTgUvj9sp+k2rBx69PHN63lv/n6Aq+e1DFfRVo0Iw
127 QDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
128 MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgUd/XaAE4B5v5l4jK
129 xHmCQR+nhuq8rJ0Y0qKZT4eoCC4CIHer48hsc1BJWeKNfsx/71nvFA/9ZCuwk25K
130 puTT5Vel
131 -----END CERTIFICATE-----
132 - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE
133 value: /var/run/secrets/kubernetes.io/serviceaccount/token
134 - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR
135 value: linkerd-identity.linkerd.svc.cluster.local:8080
136 - name: _pod_sa
137 valueFrom:
138 fieldRef:
139 apiVersion: v1
140 fieldPath: spec.serviceAccountName
141 - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME
142 value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local
143 - name: LINKERD2_PROXY_IDENTITY_SVC_NAME
144 value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local
145 - name: LINKERD2_PROXY_DESTINATION_SVC_NAME
146 value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local
147 - name: LINKERD2_PROXY_TAP_SVC_NAME
148 value: linkerd-tap.linkerd.serviceaccount.identity.linkerd.cluster.local
149 image: cr.l5d.io/linkerd/proxy:git-a94122bf
150 imagePullPolicy: IfNotPresent
151 livenessProbe:
152 failureThreshold: 3
153 httpGet:
154 path: /metrics
155 port: 4191
156 scheme: HTTP
157 initialDelaySeconds: 10
158 periodSeconds: 10
159 successThreshold: 1
160 timeoutSeconds: 1
161 name: linkerd-proxy
162 ports:
163 - containerPort: 4143
164 name: linkerd-proxy
165 protocol: TCP
166 - containerPort: 4191
167 name: linkerd-admin
168 protocol: TCP
169 readinessProbe:
170 failureThreshold: 3
171 httpGet:
172 path: /ready
173 port: 4191
174 scheme: HTTP
175 initialDelaySeconds: 2
176 periodSeconds: 10
177 successThreshold: 1
178 timeoutSeconds: 1
179 resources: {}
180 securityContext:
181 allowPrivilegeEscalation: false
182 readOnlyRootFilesystem: true
183 runAsUser: 2102
184 runAsGroup: 2102
185 terminationMessagePath: /dev/termination-log
186 terminationMessagePolicy: FallbackToLogsOnError
187 volumeMounts:
188 - mountPath: /var/run/linkerd/identity/end-entity
189 name: linkerd-identity-end-entity
190 dnsPolicy: ClusterFirst
191 initContainers:
192 - args:
193 - --incoming-proxy-port
194 - "4143"
195 - --outgoing-proxy-port
196 - "4140"
197 - --proxy-uid
198 - "2102"
199 - --proxy-gid
200 - "2102"
201 - --inbound-ports-to-ignore
202 - 4190,4191,4567,4568
203 - --outbound-ports-to-ignore
204 - 4567,4568,443
205 image: cr.l5d.io/linkerd/proxy-init:v2.0.0
206 imagePullPolicy: IfNotPresent
207 name: linkerd-init
208 resources:
209 limits:
210 cpu: 100m
211 memory: 50Mi
212 requests:
213 cpu: 10m
214 memory: 10Mi
215 securityContext:
216 allowPrivilegeEscalation: false
217 capabilities:
218 add:
219 - NET_ADMIN
220 - NET_RAW
221 privileged: false
222 runAsNonRoot: true
223 readOnlyRootFilesystem: true
224 terminationMessagePath: /dev/termination-log
225 terminationMessagePolicy: FallbackToLogsOnError
226 restartPolicy: Always
227 schedulerName: default-scheduler
228 securityContext: {}
229 serviceAccount: linkerd-tap
230 serviceAccountName: linkerd-tap
231 terminationGracePeriodSeconds: 30
232 volumes:
233 - configMap:
234 defaultMode: 420
235 name: linkerd-config
236 name: config
237 - emptyDir:
238 medium: Memory
239 name: linkerd-identity-end-entity
240 - name: tls
241 secret:
242 defaultMode: 420
243 secretName: linkerd-tap-k8s-tls
244status: {}
View as plain text