Text file src/github.com/linkerd/linkerd2/cli/cmd/testdata/install-cni-plugin_skip_ports.golden

Documentation: github.com/linkerd/linkerd2/cli/cmd/testdata

     1kind: Namespace
     2apiVersion: v1
     3metadata:
     4  name: linkerd-cni
     5  labels:
     6    linkerd.io/cni-resource: "true"
     7    config.linkerd.io/admission-webhooks: disabled
     8    pod-security.kubernetes.io/enforce: privileged
     9---
    10apiVersion: v1
    11kind: ServiceAccount
    12metadata:
    13  name: linkerd-cni
    14  namespace: linkerd-cni
    15  labels:
    16    linkerd.io/cni-resource: "true"
    17---
    18kind: ClusterRole
    19apiVersion: rbac.authorization.k8s.io/v1
    20metadata:
    21  name: linkerd-cni
    22  labels:
    23    linkerd.io/cni-resource: "true"
    24rules:
    25- apiGroups: [""]
    26  resources: ["pods", "nodes", "namespaces", "services"]
    27  verbs: ["list", "get", "watch"]
    28---
    29apiVersion: rbac.authorization.k8s.io/v1
    30kind: ClusterRoleBinding
    31metadata:
    32  name: linkerd-cni
    33  labels:
    34    linkerd.io/cni-resource: "true"
    35roleRef:
    36  apiGroup: rbac.authorization.k8s.io
    37  kind: ClusterRole
    38  name: linkerd-cni
    39subjects:
    40- kind: ServiceAccount
    41  name: linkerd-cni
    42  namespace: linkerd-cni
    43---
    44kind: ConfigMap
    45apiVersion: v1
    46metadata:
    47  name: linkerd-cni-config
    48  namespace: linkerd-cni
    49  labels:
    50    linkerd.io/cni-resource: "true"
    51data:
    52  dest_cni_net_dir: "/etc/cni/net.d"
    53  dest_cni_bin_dir: "/opt/cni/bin"
    54  # The CNI network configuration to install on each node. The special
    55  # values in this config will be automatically populated.
    56  # iptables-mode and ipv6 flags are only considered as of linkerd-cni v1.4.0
    57  cni_network_config: |-
    58    {
    59      "name": "linkerd-cni",
    60      "type": "linkerd-cni",
    61      "log_level": "info",
    62      "policy": {
    63          "type": "k8s",
    64          "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
    65          "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
    66      },
    67      "kubernetes": {
    68          "kubeconfig": "__KUBECONFIG_FILEPATH__"
    69      },
    70      "linkerd": {
    71        "incoming-proxy-port": 4143,
    72        "outgoing-proxy-port": 4140,
    73        "proxy-uid": 2102,
    74        "ports-to-redirect": [],
    75        "inbound-ports-to-ignore": ["4191","4190","80","8080"],
    76        "outbound-ports-to-ignore": ["443","1000"],
    77        "simulate": false,
    78        "use-wait-flag": false,
    79        "iptables-mode": "legacy",
    80        "ipv6": false
    81      }
    82    }
    83---
    84kind: DaemonSet
    85apiVersion: apps/v1
    86metadata:
    87  name: linkerd-cni
    88  namespace: linkerd-cni
    89  labels:
    90    k8s-app: linkerd-cni
    91    linkerd.io/cni-resource: "true"
    92  annotations:
    93    linkerd.io/created-by: linkerd/cli dev-undefined
    94spec:
    95  revisionHistoryLimit: 10
    96  selector:
    97    matchLabels:
    98      k8s-app: linkerd-cni
    99  updateStrategy:
   100    type: RollingUpdate
   101    rollingUpdate:
   102      maxUnavailable: 1
   103  template:
   104    metadata:
   105      labels:
   106        k8s-app: linkerd-cni
   107        linkerd.io/cni-resource: "true"
   108      annotations:
   109        linkerd.io/created-by: linkerd/cli dev-undefined
   110        linkerd.io/inject: disabled
   111    spec:
   112      tolerations:
   113        - operator: Exists
   114      nodeSelector:
   115        kubernetes.io/os: linux
   116      securityContext:
   117        seccompProfile:
   118          type: RuntimeDefault
   119      serviceAccountName: linkerd-cni
   120      containers:
   121      # This container installs the linkerd CNI binaries
   122      # and CNI network config file on each node. The install
   123      # script copies the files into place and then sleeps so
   124      # that Kubernetes doesn't keep trying to restart it.
   125      - name: install-cni
   126        image: cr.l5d.io/linkerd/cni-plugin:v1.5.0
   127        imagePullPolicy: 
   128        env:
   129        - name: DEST_CNI_NET_DIR
   130          valueFrom:
   131            configMapKeyRef:
   132              name: linkerd-cni-config
   133              key: dest_cni_net_dir
   134        - name: DEST_CNI_BIN_DIR
   135          valueFrom:
   136            configMapKeyRef:
   137              name: linkerd-cni-config
   138              key: dest_cni_bin_dir
   139        - name: CNI_NETWORK_CONFIG
   140          valueFrom:
   141            configMapKeyRef:
   142              name: linkerd-cni-config
   143              key: cni_network_config
   144        - name: SLEEP
   145          value: "true"
   146        lifecycle:
   147          # In some edge-cases this helps ensure that cleanup() is called in the container's script
   148          # https://github.com/linkerd/linkerd2/issues/2355
   149          preStop:
   150            exec:
   151              command:
   152              - /bin/sh
   153              - -c
   154              - kill -15 1; sleep 15s
   155        volumeMounts:
   156        - mountPath: /host/opt/cni/bin
   157          name: cni-bin-dir
   158        - mountPath: /host/etc/cni/net.d
   159          name: cni-net-dir
   160        - mountPath: /tmp
   161          name: linkerd-tmp-dir
   162        securityContext:
   163          readOnlyRootFilesystem: true
   164          privileged: false
   165        resources:
   166      volumes:
   167      - name: cni-bin-dir
   168        hostPath:
   169          path: /opt/cni/bin
   170      - name: cni-net-dir
   171        hostPath:
   172          path: /etc/cni/net.d
   173      - name: linkerd-tmp-dir
   174        emptyDir: {}
   175---

View as plain text