...

Text file src/github.com/linkerd/linkerd2/cli/cmd/testdata/install-cni-plugin_default.golden

Documentation: github.com/linkerd/linkerd2/cli/cmd/testdata 

     1kind: Namespace
     2apiVersion: v1
     3metadata:
     4  name: linkerd-cni
     5  labels:
     6    linkerd.io/cni-resource: "true"
     7    config.linkerd.io/admission-webhooks: disabled
     8    pod-security.kubernetes.io/enforce: privileged
     9---
    10apiVersion: v1
    11kind: ServiceAccount
    12metadata:
    13  name: linkerd-cni
    14  namespace: linkerd-cni
    15  labels:
    16    linkerd.io/cni-resource: "true"
    17---
    18kind: ClusterRole
    19apiVersion: rbac.authorization.k8s.io/v1
    20metadata:
    21  name: linkerd-cni
    22  labels:
    23    linkerd.io/cni-resource: "true"
    24rules:
    25- apiGroups: [""]
    26  resources: ["pods", "nodes", "namespaces", "services"]
    27  verbs: ["list", "get", "watch"]
    28---
    29apiVersion: rbac.authorization.k8s.io/v1
    30kind: ClusterRoleBinding
    31metadata:
    32  name: linkerd-cni
    33  labels:
    34    linkerd.io/cni-resource: "true"
    35roleRef:
    36  apiGroup: rbac.authorization.k8s.io
    37  kind: ClusterRole
    38  name: linkerd-cni
    39subjects:
    40- kind: ServiceAccount
    41  name: linkerd-cni
    42  namespace: linkerd-cni
    43---
    44kind: ConfigMap
    45apiVersion: v1
    46metadata:
    47  name: linkerd-cni-config
    48  namespace: linkerd-cni
    49  labels:
    50    linkerd.io/cni-resource: "true"
    51data:
    52  dest_cni_net_dir: "/etc/cni/net.d"
    53  dest_cni_bin_dir: "/opt/cni/bin"
    54  # The CNI network configuration to install on each node. The special
    55  # values in this config will be automatically populated.
    56  # iptables-mode and ipv6 flags are only considered as of linkerd-cni v1.4.0
    57  cni_network_config: |-
    58    {
    59      "name": "linkerd-cni",
    60      "type": "linkerd-cni",
    61      "log_level": "info",
    62      "policy": {
    63          "type": "k8s",
    64          "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
    65          "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
    66      },
    67      "kubernetes": {
    68          "kubeconfig": "__KUBECONFIG_FILEPATH__"
    69      },
    70      "linkerd": {
    71        "incoming-proxy-port": 4143,
    72        "outgoing-proxy-port": 4140,
    73        "proxy-uid": 2102,
    74        "ports-to-redirect": [],
    75        "inbound-ports-to-ignore": ["4191","4190"],
    76        "simulate": false,
    77        "use-wait-flag": false,
    78        "iptables-mode": "legacy",
    79        "ipv6": false
    80      }
    81    }
    82---
    83kind: DaemonSet
    84apiVersion: apps/v1
    85metadata:
    86  name: linkerd-cni
    87  namespace: linkerd-cni
    88  labels:
    89    k8s-app: linkerd-cni
    90    linkerd.io/cni-resource: "true"
    91  annotations:
    92    linkerd.io/created-by: linkerd/cli dev-undefined
    93spec:
    94  revisionHistoryLimit: 10
    95  selector:
    96    matchLabels:
    97      k8s-app: linkerd-cni
    98  updateStrategy:
    99    type: RollingUpdate
   100    rollingUpdate:
   101      maxUnavailable: 1
   102  template:
   103    metadata:
   104      labels:
   105        k8s-app: linkerd-cni
   106        linkerd.io/cni-resource: "true"
   107      annotations:
   108        linkerd.io/created-by: linkerd/cli dev-undefined
   109        linkerd.io/inject: disabled
   110    spec:
   111      tolerations:
   112        - operator: Exists
   113      nodeSelector:
   114        kubernetes.io/os: linux
   115      securityContext:
   116        seccompProfile:
   117          type: RuntimeDefault
   118      serviceAccountName: linkerd-cni
   119      containers:
   120      # This container installs the linkerd CNI binaries
   121      # and CNI network config file on each node. The install
   122      # script copies the files into place and then sleeps so
   123      # that Kubernetes doesn't keep trying to restart it.
   124      - name: install-cni
   125        image: cr.l5d.io/linkerd/cni-plugin:v1.5.0
   126        imagePullPolicy: 
   127        env:
   128        - name: DEST_CNI_NET_DIR
   129          valueFrom:
   130            configMapKeyRef:
   131              name: linkerd-cni-config
   132              key: dest_cni_net_dir
   133        - name: DEST_CNI_BIN_DIR
   134          valueFrom:
   135            configMapKeyRef:
   136              name: linkerd-cni-config
   137              key: dest_cni_bin_dir
   138        - name: CNI_NETWORK_CONFIG
   139          valueFrom:
   140            configMapKeyRef:
   141              name: linkerd-cni-config
   142              key: cni_network_config
   143        - name: SLEEP
   144          value: "true"
   145        lifecycle:
   146          # In some edge-cases this helps ensure that cleanup() is called in the container's script
   147          # https://github.com/linkerd/linkerd2/issues/2355
   148          preStop:
   149            exec:
   150              command:
   151              - /bin/sh
   152              - -c
   153              - kill -15 1; sleep 15s
   154        volumeMounts:
   155        - mountPath: /host/opt/cni/bin
   156          name: cni-bin-dir
   157        - mountPath: /host/etc/cni/net.d
   158          name: cni-net-dir
   159        - mountPath: /tmp
   160          name: linkerd-tmp-dir
   161        securityContext:
   162          readOnlyRootFilesystem: true
   163          privileged: false
   164        resources:
   165          limits:
   166            cpu: "1m"
   167      volumes:
   168      - name: cni-bin-dir
   169        hostPath:
   170          path: /opt/cni/bin
   171      - name: cni-net-dir
   172        hostPath:
   173          path: /etc/cni/net.d
   174      - name: linkerd-tmp-dir
   175        emptyDir: {}
   176---

View as plain text