1kind: ClusterRole
2apiVersion: rbac.authorization.k8s.io/v1
3metadata:
4 name: linkerd-service-mirror-access-local-resources-test-cluster
5 labels:
6 linkerd.io/extension: multicluster
7 component: service-mirror
8 mirror.linkerd.io/cluster-name: test-cluster
9rules:
10- apiGroups: [""]
11 resources: ["endpoints", "services"]
12 verbs: ["list", "get", "watch", "create", "delete", "update"]
13- apiGroups: [""]
14 resources: ["namespaces"]
15 verbs: ["list", "get", "watch"]
16---
17kind: ClusterRoleBinding
18apiVersion: rbac.authorization.k8s.io/v1
19metadata:
20 name: linkerd-service-mirror-access-local-resources-test-cluster
21 labels:
22 linkerd.io/extension: multicluster
23 component: service-mirror
24 mirror.linkerd.io/cluster-name: test-cluster
25roleRef:
26 apiGroup: rbac.authorization.k8s.io
27 kind: ClusterRole
28 name: linkerd-service-mirror-access-local-resources-test-cluster
29subjects:
30- kind: ServiceAccount
31 name: linkerd-service-mirror-test-cluster
32 namespace: test
33---
34kind: Role
35apiVersion: rbac.authorization.k8s.io/v1
36metadata:
37 name: linkerd-service-mirror-read-remote-creds-test-cluster
38 namespace: test
39 labels:
40 linkerd.io/extension: multicluster
41 component: service-mirror
42 mirror.linkerd.io/cluster-name: test-cluster
43rules:
44 - apiGroups: [""]
45 resources: ["secrets"]
46 resourceNames: ["cluster-credentials-test-cluster"]
47 verbs: ["list", "get", "watch"]
48 - apiGroups: ["multicluster.linkerd.io"]
49 resources: ["links"]
50 verbs: ["list", "get", "watch"]
51 - apiGroups: ["coordination.k8s.io"]
52 resources: ["leases"]
53 verbs: ["create", "get", "update", "patch"]
54---
55kind: RoleBinding
56apiVersion: rbac.authorization.k8s.io/v1
57metadata:
58 name: linkerd-service-mirror-read-remote-creds-test-cluster
59 namespace: test
60 labels:
61 linkerd.io/extension: multicluster
62 component: service-mirror
63 mirror.linkerd.io/cluster-name: test-cluster
64roleRef:
65 apiGroup: rbac.authorization.k8s.io
66 kind: Role
67 name: linkerd-service-mirror-read-remote-creds-test-cluster
68subjects:
69 - kind: ServiceAccount
70 name: linkerd-service-mirror-test-cluster
71 namespace: test
72---
73kind: ServiceAccount
74apiVersion: v1
75metadata:
76 name: linkerd-service-mirror-test-cluster
77 namespace: test
78 labels:
79 linkerd.io/extension: multicluster
80 component: service-mirror
81 mirror.linkerd.io/cluster-name: test-cluster
82---
83apiVersion: apps/v1
84kind: Deployment
85metadata:
86 labels:
87 linkerd.io/extension: multicluster
88 component: service-mirror
89 mirror.linkerd.io/cluster-name: test-cluster
90 name: linkerd-service-mirror-test-cluster
91 namespace: test
92spec:
93 replicas: 1
94 revisionHistoryLimit: 10
95 selector:
96 matchLabels:
97 component: linkerd-service-mirror
98 mirror.linkerd.io/cluster-name: test-cluster
99 strategy:
100 rollingUpdate:
101 maxUnavailable: 1
102 template:
103 metadata:
104 annotations:
105 linkerd.io/inject: enabled
106 cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
107 config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0"
108 labels:
109 linkerd.io/extension: multicluster
110 component: linkerd-service-mirror
111 mirror.linkerd.io/cluster-name: test-cluster
112 spec:
113 affinity:
114 podAntiAffinity:
115 preferredDuringSchedulingIgnoredDuringExecution:
116 - podAffinityTerm:
117 labelSelector:
118 matchExpressions:
119 - key: mirror.linkerd.io/cluster-name
120 operator: In
121 values:
122 - test-cluster
123 topologyKey: topology.kubernetes.io/zone
124 weight: 100
125 requiredDuringSchedulingIgnoredDuringExecution:
126 - labelSelector:
127 matchExpressions:
128 - key: mirror.linkerd.io/cluster-name
129 operator: In
130 values:
131 - test-cluster
132 topologyKey: kubernetes.io/hostname
133 containers:
134 - args:
135 - service-mirror
136 - -log-level=info
137 - -log-format=plain
138 - -event-requeue-limit=3
139 - -namespace=test
140 - -enable-pprof=false
141 - test-cluster
142 image: cr.l5d.io/linkerd/controller:dev-undefined
143 name: service-mirror
144 securityContext:
145 allowPrivilegeEscalation: false
146 capabilities:
147 drop:
148 - ALL
149 readOnlyRootFilesystem: true
150 runAsGroup: 2103
151 runAsNonRoot: true
152 runAsUser: 2103
153 seccompProfile:
154 type: RuntimeDefault
155 ports:
156 - containerPort: 9999
157 name: admin-http
158 securityContext:
159 seccompProfile:
160 type: RuntimeDefault
161 serviceAccountName: linkerd-service-mirror-test-cluster
162---
163kind: PodDisruptionBudget
164apiVersion: policy/v1
165metadata:
166 name: linkerd-service-mirror-test-cluster
167 namespace: test
168 labels:
169 component: linkerd-service-mirror
170 annotations:
171 linkerd.io/created-by: linkerd/cli dev-undefined
172spec:
173 maxUnavailable: 1
174 selector:
175 matchLabels:
176 component: linkerd-service-mirror
177 mirror.linkerd.io/cluster-name: test-cluster
178---
179apiVersion: v1
180kind: Service
181metadata:
182 name: probe-gateway-test-cluster
183 namespace: test
184 labels:
185 linkerd.io/extension: multicluster
186 mirror.linkerd.io/mirrored-gateway: "true"
187 mirror.linkerd.io/cluster-name: test-cluster
188spec:
189 ports:
190 - name: mc-probe
191 port: 4191
192 protocol: TCP
View as plain text