Text file src/github.com/linkerd/linkerd2/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden

Documentation: github.com/linkerd/linkerd2/cli/cmd/testdata

     1kind: Namespace
     2apiVersion: v1
     3metadata:
     4  name: linkerd-cni
     5  labels:
     6    linkerd.io/cni-resource: "true"
     7    config.linkerd.io/admission-webhooks: disabled
     8    pod-security.kubernetes.io/enforce: privileged
     9---
    10apiVersion: v1
    11kind: ServiceAccount
    12metadata:
    13  name: linkerd-cni
    14  namespace: linkerd-cni
    15  labels:
    16    linkerd.io/cni-resource: "true"
    17---
    18kind: ClusterRole
    19apiVersion: rbac.authorization.k8s.io/v1
    20metadata:
    21  name: linkerd-cni
    22  labels:
    23    linkerd.io/cni-resource: "true"
    24rules:
    25- apiGroups: [""]
    26  resources: ["pods", "nodes", "namespaces", "services"]
    27  verbs: ["list", "get", "watch"]
    28---
    29apiVersion: rbac.authorization.k8s.io/v1
    30kind: ClusterRoleBinding
    31metadata:
    32  name: linkerd-cni
    33  labels:
    34    linkerd.io/cni-resource: "true"
    35roleRef:
    36  apiGroup: rbac.authorization.k8s.io
    37  kind: ClusterRole
    38  name: linkerd-cni
    39subjects:
    40- kind: ServiceAccount
    41  name: linkerd-cni
    42  namespace: linkerd-cni
    43---
    44kind: ConfigMap
    45apiVersion: v1
    46metadata:
    47  name: linkerd-cni-config
    48  namespace: linkerd-cni
    49  labels:
    50    linkerd.io/cni-resource: "true"
    51data:
    52  dest_cni_net_dir: "/etc/kubernetes/cni/net.d"
    53  dest_cni_bin_dir: "/etc/kubernetes/cni/net.d"
    54  # The CNI network configuration to install on each node. The special
    55  # values in this config will be automatically populated.
    56  # iptables-mode and ipv6 flags are only considered as of linkerd-cni v1.4.0
    57  cni_network_config: |-
    58    {
    59      "name": "linkerd-cni",
    60      "type": "linkerd-cni",
    61      "log_level": "debug",
    62      "policy": {
    63          "type": "k8s",
    64          "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
    65          "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
    66      },
    67      "kubernetes": {
    68          "kubeconfig": "__KUBECONFIG_FILEPATH__"
    69      },
    70      "linkerd": {
    71        "incoming-proxy-port": 5143,
    72        "outgoing-proxy-port": 5140,
    73        "proxy-uid": 12102,
    74        "proxy-gid": 12102,
    75        "ports-to-redirect": [],
    76        "inbound-ports-to-ignore": ["4191","4190"],
    77        "simulate": false,
    78        "use-wait-flag": false,
    79        "iptables-mode": "legacy",
    80        "ipv6": false
    81      }
    82    }
    83---
    84kind: DaemonSet
    85apiVersion: apps/v1
    86metadata:
    87  name: linkerd-cni
    88  namespace: linkerd-cni
    89  labels:
    90    k8s-app: linkerd-cni
    91    linkerd.io/cni-resource: "true"
    92  annotations:
    93    linkerd.io/created-by: linkerd/cli dev-undefined
    94spec:
    95  revisionHistoryLimit: 10
    96  selector:
    97    matchLabels:
    98      k8s-app: linkerd-cni
    99  updateStrategy:
   100    type: RollingUpdate
   101    rollingUpdate:
   102      maxUnavailable: 1
   103  template:
   104    metadata:
   105      labels:
   106        k8s-app: linkerd-cni
   107        linkerd.io/cni-resource: "true"
   108      annotations:
   109        linkerd.io/created-by: linkerd/cli dev-undefined
   110        linkerd.io/inject: disabled
   111    spec:
   112      tolerations:
   113        - operator: Exists
   114      nodeSelector:
   115        kubernetes.io/os: linux
   116      securityContext:
   117        seccompProfile:
   118          type: RuntimeDefault
   119      serviceAccountName: linkerd-cni
   120      priorityClassName: system-node-critical
   121      containers:
   122      # This container installs the linkerd CNI binaries
   123      # and CNI network config file on each node. The install
   124      # script copies the files into place and then sleeps so
   125      # that Kubernetes doesn't keep trying to restart it.
   126      - name: install-cni
   127        image: my-docker-registry.io/awesome/cni-plugin-test-image:v1.4.0
   128        imagePullPolicy: 
   129        env:
   130        - name: DEST_CNI_NET_DIR
   131          valueFrom:
   132            configMapKeyRef:
   133              name: linkerd-cni-config
   134              key: dest_cni_net_dir
   135        - name: DEST_CNI_BIN_DIR
   136          valueFrom:
   137            configMapKeyRef:
   138              name: linkerd-cni-config
   139              key: dest_cni_bin_dir
   140        - name: CNI_NETWORK_CONFIG
   141          valueFrom:
   142            configMapKeyRef:
   143              name: linkerd-cni-config
   144              key: cni_network_config
   145        - name: SLEEP
   146          value: "true"
   147        lifecycle:
   148          # In some edge-cases this helps ensure that cleanup() is called in the container's script
   149          # https://github.com/linkerd/linkerd2/issues/2355
   150          preStop:
   151            exec:
   152              command:
   153              - /bin/sh
   154              - -c
   155              - kill -15 1; sleep 15s
   156        volumeMounts:
   157        - mountPath: /host/etc/kubernetes/cni/net.d
   158          name: cni-net-dir
   159        - mountPath: /tmp
   160          name: linkerd-tmp-dir
   161        securityContext:
   162          readOnlyRootFilesystem: true
   163          privileged: false
   164        resources:
   165      volumes:
   166      - name: cni-net-dir
   167        hostPath:
   168          path: /etc/kubernetes/cni/net.d
   169      - name: linkerd-tmp-dir
   170        emptyDir: {}
   171---

View as plain text