apiVersion: apps/v1 kind: Deployment metadata: annotations: creationTimestamp: null generation: 1 labels: linkerd.io/control-plane-component: tap linkerd.io/control-plane-ns: linkerd name: linkerd-tap namespace: linkerd resourceVersion: "2387" selfLink: /apis/extensions/v1beta1/namespaces/linkerd/deployments/linkerd-tap uid: edb24475-9371-491a-b536-b084a91d9700 spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: linkerd.io/control-plane-component: tap linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-tap strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: linkerd.io/created-by: linkerd/cli git-a94122bf linkerd.io/proxy-version: git-a94122bf creationTimestamp: null labels: linkerd.io/control-plane-component: tap linkerd.io/control-plane-ns: linkerd linkerd.io/proxy-deployment: linkerd-tap spec: containers: - args: - tap - -controller-namespace=linkerd - -log-level=info image: cr.l5d.io/linkerd/controller:git-a94122bf imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: 9998 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: tap ports: - containerPort: 8088 name: grpc protocol: TCP - containerPort: 8089 name: apiserver protocol: TCP - containerPort: 9998 name: admin-http protocol: TCP readinessProbe: failureThreshold: 7 httpGet: path: /ready port: 9998 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: runAsUser: 2103 runAsGroup: 2103 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/linkerd/tls name: tls readOnly: true - mountPath: /var/run/linkerd/config name: config - env: - name: LINKERD2_PROXY_LOG value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-destination.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR value: "[::]:4190" - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR value: "[::]:4191" - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS value: "127.0.0.1:4140,[::1]:4140" - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR value: "[::]:4143" - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES value: svc.cluster.local. - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE value: 10000ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE value: 10000ms - name: _pod_ns valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: LINKERD2_PROXY_DESTINATION_CONTEXT value: ns:$(_pod_ns) - name: LINKERD2_PROXY_IDENTITY_DIR value: /var/run/linkerd/identity/end-entity - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS value: | -----BEGIN CERTIFICATE----- MIIBgjCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0 eS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkxMDIyMTEyMzA1WhcNMjAxMDIx MTEyMzI1WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j YWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQy6ZAtJL51C4jsnaS4PL+zJ4+K 9cVJXGFxfRdY/yleFsSNT7/JTgUvj9sp+k2rBx69PHN63lv/n6Aq+e1DFfRVo0Iw QDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgUd/XaAE4B5v5l4jK xHmCQR+nhuq8rJ0Y0qKZT4eoCC4CIHer48hsc1BJWeKNfsx/71nvFA/9ZCuwk25K puTT5Vel -----END CERTIFICATE----- - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE value: /var/run/secrets/kubernetes.io/serviceaccount/token - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR value: linkerd-identity.linkerd.svc.cluster.local:8080 - name: _pod_sa valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local - name: LINKERD2_PROXY_IDENTITY_SVC_NAME value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local - name: LINKERD2_PROXY_DESTINATION_SVC_NAME value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local - name: LINKERD2_PROXY_TAP_SVC_NAME value: linkerd-tap.linkerd.serviceaccount.identity.linkerd.cluster.local image: cr.l5d.io/linkerd/proxy:git-a94122bf imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /metrics port: 4191 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 name: linkerd-proxy protocol: TCP - containerPort: 4191 name: linkerd-admin protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: 4191 scheme: HTTP initialDelaySeconds: 2 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 2102 runAsGroup: 2102 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/linkerd/identity/end-entity name: linkerd-identity-end-entity dnsPolicy: ClusterFirst initContainers: - args: - --incoming-proxy-port - "4143" - --outgoing-proxy-port - "4140" - --proxy-uid - "2102" - --proxy-gid - "2102" - --inbound-ports-to-ignore - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568,443 image: cr.l5d.io/linkerd/proxy-init:v2.0.0 imagePullPolicy: IfNotPresent name: linkerd-init resources: limits: cpu: 100m memory: 50Mi requests: cpu: 10m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_ADMIN - NET_RAW privileged: false runAsNonRoot: true readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: linkerd-tap serviceAccountName: linkerd-tap terminationGracePeriodSeconds: 30 volumes: - configMap: defaultMode: 420 name: linkerd-config name: config - emptyDir: medium: Memory name: linkerd-identity-end-entity - name: tls secret: defaultMode: 420 secretName: linkerd-tap-k8s-tls status: {}