Text file src/github.com/linkerd/linkerd2/cli/cmd/testdata/install_cni_helm_override_output.golden

Documentation: github.com/linkerd/linkerd2/cli/cmd/testdata

     1---
     2# Source: linkerd2-cni/templates/cni-plugin.yaml
     3apiVersion: v1
     4kind: ServiceAccount
     5metadata:
     6  name: linkerd-cni
     7  namespace: linkerd-test
     8  labels:
     9    linkerd.io/cni-resource: "true"
    10---
    11kind: ClusterRole
    12apiVersion: rbac.authorization.k8s.io/v1
    13metadata:
    14  name: linkerd-cni
    15  labels:
    16    linkerd.io/cni-resource: "true"
    17rules:
    18- apiGroups: [""]
    19  resources: ["pods", "nodes", "namespaces", "services"]
    20  verbs: ["list", "get", "watch"]
    21---
    22apiVersion: rbac.authorization.k8s.io/v1
    23kind: ClusterRoleBinding
    24metadata:
    25  name: linkerd-cni
    26  labels:
    27    linkerd.io/cni-resource: "true"
    28roleRef:
    29  apiGroup: rbac.authorization.k8s.io
    30  kind: ClusterRole
    31  name: linkerd-cni
    32subjects:
    33- kind: ServiceAccount
    34  name: linkerd-cni
    35  namespace: linkerd-test
    36---
    37kind: ConfigMap
    38apiVersion: v1
    39metadata:
    40  name: linkerd-cni-config
    41  namespace: linkerd-test
    42  labels:
    43    linkerd.io/cni-resource: "true"
    44data:
    45  dest_cni_net_dir: "/etc/cni/net.d-test"
    46  dest_cni_bin_dir: "/opt/cni/bin-test"
    47  # The CNI network configuration to install on each node. The special
    48  # values in this config will be automatically populated.
    49  # iptables-mode and ipv6 flags are only considered as of linkerd-cni v1.4.0
    50  cni_network_config: |-
    51    {
    52      "name": "linkerd-cni",
    53      "type": "linkerd-cni",
    54      "log_level": "debug",
    55      "policy": {
    56          "type": "k8s",
    57          "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
    58          "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
    59      },
    60      "kubernetes": {
    61          "kubeconfig": "__KUBECONFIG_FILEPATH__"
    62      },
    63      "linkerd": {
    64        "incoming-proxy-port": 1234,
    65        "outgoing-proxy-port": 5678,
    66        "proxy-uid": 1111,
    67        "proxy-gid": 1111,
    68        "ports-to-redirect": [],
    69        "inbound-ports-to-ignore": ["4191","4190"],
    70        "simulate": false,
    71        "use-wait-flag": true,
    72        "iptables-mode": "legacy",
    73        "ipv6": false
    74      }
    75    }
    76---
    77kind: DaemonSet
    78apiVersion: apps/v1
    79metadata:
    80  name: linkerd-cni
    81  namespace: linkerd-test
    82  labels:
    83    k8s-app: linkerd-cni
    84    linkerd.io/cni-resource: "true"
    85  annotations:
    86    linkerd.io/created-by: test-version
    87spec:
    88  revisionHistoryLimit: 10
    89  selector:
    90    matchLabels:
    91      k8s-app: linkerd-cni
    92  updateStrategy:
    93    type: RollingUpdate
    94    rollingUpdate:
    95      maxUnavailable: 1
    96  template:
    97    metadata:
    98      labels:
    99        k8s-app: linkerd-cni
   100        linkerd.io/cni-resource: "true"
   101      annotations:
   102        linkerd.io/created-by: test-version
   103        linkerd.io/inject: disabled
   104    spec:
   105      tolerations:
   106        - operator: Exists
   107      nodeSelector:
   108        kubernetes.io/os: linux
   109      securityContext:
   110        seccompProfile:
   111          type: RuntimeDefault
   112      serviceAccountName: linkerd-cni
   113      priorityClassName: system-node-critical
   114      containers:
   115      # This container installs the linkerd CNI binaries
   116      # and CNI network config file on each node. The install
   117      # script copies the files into place and then sleeps so
   118      # that Kubernetes doesn't keep trying to restart it.
   119      - name: install-cni
   120        image: cr.l5d.io/linkerd/cni-plugin:v1.4.0
   121        imagePullPolicy: IfNotPresent
   122        env:
   123        - name: DEST_CNI_NET_DIR
   124          valueFrom:
   125            configMapKeyRef:
   126              name: linkerd-cni-config
   127              key: dest_cni_net_dir
   128        - name: DEST_CNI_BIN_DIR
   129          valueFrom:
   130            configMapKeyRef:
   131              name: linkerd-cni-config
   132              key: dest_cni_bin_dir
   133        - name: CNI_NETWORK_CONFIG
   134          valueFrom:
   135            configMapKeyRef:
   136              name: linkerd-cni-config
   137              key: cni_network_config
   138        - name: SLEEP
   139          value: "true"
   140        lifecycle:
   141          # In some edge-cases this helps ensure that cleanup() is called in the container's script
   142          # https://github.com/linkerd/linkerd2/issues/2355
   143          preStop:
   144            exec:
   145              command:
   146              - /bin/sh
   147              - -c
   148              - kill -15 1; sleep 15s
   149        volumeMounts:
   150        - mountPath: /host/opt/cni/bin-test
   151          name: cni-bin-dir
   152        - mountPath: /host/etc/cni/net.d-test
   153          name: cni-net-dir
   154        - mountPath: /tmp
   155          name: linkerd-tmp-dir
   156        securityContext:
   157          readOnlyRootFilesystem: true
   158          privileged: false
   159        resources:
   160      volumes:
   161      - name: cni-bin-dir
   162        hostPath:
   163          path: /opt/cni/bin-test
   164      - name: cni-net-dir
   165        hostPath:
   166          path: /etc/cni/net.d-test
   167      - name: linkerd-tmp-dir
   168        emptyDir: {}

View as plain text