From 3b392b2d18fb3f6b57e8465e1c325e26ccfaf12a Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Sun, 29 Dec 2019 03:00:17 -0600 Subject: [PATCH 01/11] Fixes bug where override of Docker registry was not being applied to debug containers (#3851) This fix creates the following a new "debug" configuration section. This allows for more consistent usage as with proxyImage and proxyInitImage. Registry flag does not set registry for debug container #3851 Signed-off-by: Paul Balogh --- charts/linkerd2/templates/_config.tpl | 10 + charts/linkerd2/templates/config.yaml | 8 + charts/linkerd2/values.yaml | 7 + cli/cmd/doc.go | 12 + cli/cmd/inject.go | 20 + cli/cmd/inject_test.go | 124 + cli/cmd/install.go | 20 +- cli/cmd/install_helm_test.go | 5 + cli/cmd/install_test.go | 18 +- cli/cmd/root.go | 9 +- ...ject_emojivoto_deployment_debug.golden.yml | 2 +- .../inject_tap_deployment_debug.golden.yml | 2 +- cli/cmd/testdata/install_control-plane.golden | 2 + .../testdata/install_custom_registry.golden | 3061 +++++++++++++++++ cli/cmd/testdata/install_default.golden | 2 + cli/cmd/testdata/install_ha_output.golden | 2 + .../install_ha_with_overrides_output.golden | 2 + cli/cmd/testdata/install_helm_output.golden | 8 + .../testdata/install_helm_output_ha.golden | 8 + .../testdata/install_no_init_container.golden | 2 + cli/cmd/testdata/install_output.golden | 2 + cli/cmd/testdata/install_proxy_ignores.golden | 2 + cli/cmd/testdata/upgrade_default.golden | 2 + .../testdata/upgrade_external_issuer.golden | 2 + cli/cmd/testdata/upgrade_ha.golden | 2 + .../testdata/upgrade_overwrite_issuer.golden | 2 + ...write_trust_anchors-external-issuer.golden | 2 + .../upgrade_overwrite_trust_anchors.golden | 2 + cli/cmd/upgrade.go | 2 +- cli/cmd/upgrade_test.go | 52 +- controller/api/public/grpc_server.go | 46 +- controller/api/public/grpc_server_test.go | 18 +- .../api/public/testdata/debug.conf.json | 7 + .../api/public/testdata/install.conf.json | 4 + controller/gen/config/config.pb.go | 192 +- .../fake/data/pod-with-debug-disabled.yaml | 17 + .../fake/data/pod-with-debug-enabled.yaml | 17 + .../fake/data/pod-with-debug.patch.json | 181 + controller/proxy-injector/webhook.go | 7 +- controller/proxy-injector/webhook_test.go | 45 + pkg/charts/linkerd2/values.go | 2 + pkg/charts/linkerd2/values_test.go | 9 + pkg/config/config.go | 20 +- pkg/healthcheck/healthcheck_test.go | 20 +- pkg/inject/inject.go | 33 +- pkg/k8s/labels.go | 15 +- proto/config/config.proto | 7 + 47 files changed, 3913 insertions(+), 121 deletions(-) create mode 100644 cli/cmd/testdata/install_custom_registry.golden create mode 100644 controller/api/public/testdata/debug.conf.json create mode 100644 controller/api/public/testdata/install.conf.json create mode 100644 controller/proxy-injector/fake/data/pod-with-debug-disabled.yaml create mode 100644 controller/proxy-injector/fake/data/pod-with-debug-enabled.yaml create mode 100644 controller/proxy-injector/fake/data/pod-with-debug.patch.json diff --git a/charts/linkerd2/templates/_config.tpl b/charts/linkerd2/templates/_config.tpl index e70ac12304db3..7b5b5f578ed41 100644 --- a/charts/linkerd2/templates/_config.tpl +++ b/charts/linkerd2/templates/_config.tpl @@ -78,3 +78,13 @@ "flags":[] } {{- end -}} + +{{- define "linkerd.configs.debug" -}} +{ + "debugImage":{ + "imageName":"{{.Values.debugContainer.image.name}}", + "pullPolicy":"{{.Values.debugContainer.image.pullPolicy}}" + }, + "debugImageVersion": "{{.Values.debugContainer.image.version}}" +} +{{- end -}} diff --git a/charts/linkerd2/templates/config.yaml b/charts/linkerd2/templates/config.yaml index 95d6c9d2783a1..154ef20e4efd1 100644 --- a/charts/linkerd2/templates/config.yaml +++ b/charts/linkerd2/templates/config.yaml @@ -34,3 +34,11 @@ data: {{- else -}} {{- include "linkerd.configs.install" . | nindent 4}} {{- end }} + debug: | + {{- if .Values.configs -}} + {{- if .Values.configs.debug -}} + {{.Values.configs.debug | nindent 4}} + {{- end }} + {{- else -}} + {{- include "linkerd.configs.debug" . | nindent 4}} + {{- end }} diff --git a/charts/linkerd2/values.yaml b/charts/linkerd2/values.yaml index 77b1682ebb4c6..5186975f13970 100644 --- a/charts/linkerd2/values.yaml +++ b/charts/linkerd2/values.yaml @@ -88,6 +88,13 @@ controllerUID: 2103 dashboard: replicas: 1 +# debug configuration +debugContainer: + image: + name: gcr.io/linkerd-io/debug + pullPolicy: *image_pull_policy + version: *linkerd_version + # identity configuration identity: issuer: diff --git a/cli/cmd/doc.go b/cli/cmd/doc.go index ac1c7d72ae106..e2d3dec5f7a65 100644 --- a/cli/cmd/doc.go +++ b/cli/cmd/doc.go @@ -131,6 +131,18 @@ func generateAnnotationsDocs() []annotationDoc { Name: k8s.ProxyInitImageVersionAnnotation, Description: "Linkerd init container image version", }, + { + Name: k8s.DebugImageAnnotation, + Description: "Linkerd debug container image name", + }, + { + Name: k8s.DebugImageVersionAnnotation, + Description: "Linkerd debug container image version", + }, + { + Name: k8s.DebugImagePullPolicyAnnotation, + Description: "Docker image pull policy for debug image", + }, { Name: k8s.ProxyControlPortAnnotation, Description: "Proxy port to use for control", diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index fbbbfd2c5f951..1bcaf84cfd4d8 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -392,9 +392,20 @@ func (options *proxyConfigOptions) overrideConfigs(configs *cfg.All, overrideAnn if options.imagePullPolicy != "" { configs.Proxy.ProxyImage.PullPolicy = options.imagePullPolicy configs.Proxy.ProxyInitImage.PullPolicy = options.imagePullPolicy + configs.Debug.DebugImage.PullPolicy = options.imagePullPolicy overrideAnnotations[k8s.ProxyImagePullPolicyAnnotation] = options.imagePullPolicy } + if options.dockerRegistry != "" { + currentDebugImage := configs.Debug.DebugImage.ImageName + currentRegistry := getFlagValue(configs.GetInstall().GetFlags(), "registry") + if currentRegistry == "" { + currentRegistry = defaultDockerRegistry + } + override := strings.Replace(currentDebugImage, currentRegistry, options.dockerRegistry, 1) + overrideAnnotations[k8s.DebugImageAnnotation] = override + } + if options.proxyUID != 0 { configs.Proxy.ProxyUid = options.proxyUID overrideAnnotations[k8s.ProxyUIDAnnotation] = strconv.FormatInt(options.proxyUID, 10) @@ -479,3 +490,12 @@ func parsePortRanges(portRanges []*cfg.PortRange) string { return strings.TrimSuffix(str, ",") } + +func getFlagValue(flags []*cfg.Install_Flag, name string) string { + for _, flag := range flags { + if flag.Name == name { + return flag.Value + } + } + return "" +} diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index b37dbc1dc71c5..cdf4a4f32e180 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -77,6 +77,7 @@ func TestUninjectAndInject(t *testing.T) { defaultConfig := testInstallConfig() defaultConfig.Global.Version = "test-inject-control-plane-version" defaultConfig.Proxy.ProxyVersion = "test-inject-proxy-version" + defaultConfig.Debug.DebugImageVersion = "test-inject-debug-version" emptyVersionConfig := testInstallConfig() emptyVersionConfig.Global.Version = "" @@ -570,3 +571,126 @@ func TestWalk(t *testing.T) { } } } + +func TestOverrideConfigsParameterized(t *testing.T) { + + tests := []struct { + description string + configOptions proxyConfigOptions + expectedOverrides map[string]string + }{ + { + description: "proxy configuration overrides", + configOptions: proxyConfigOptions{ + ignoreInboundPorts: []string{"8500-8505"}, + ignoreOutboundPorts: []string{"3306"}, + proxyAdminPort: 1234, + proxyControlPort: 4190, + proxyInboundPort: 4143, + proxyOutboundPort: 4140, + proxyUID: 999, + proxyLogLevel: "debug", + disableIdentity: true, + disableTap: true, + enableExternalProfiles: true, + proxyCPURequest: "10m", + proxyCPULimit: "100m", + proxyMemoryRequest: "10Mi", + proxyMemoryLimit: "50Mi", + traceCollector: "oc-collector.tracing:55678", + traceCollectorSvcAccount: "default", + waitBeforeExitSeconds: 10, + }, + expectedOverrides: map[string]string{ + k8s.ProxyIgnoreInboundPortsAnnotation: "8500-8505", + k8s.ProxyIgnoreOutboundPortsAnnotation: "3306", + k8s.ProxyAdminPortAnnotation: "1234", + k8s.ProxyControlPortAnnotation: "4190", + k8s.ProxyInboundPortAnnotation: "4143", + k8s.ProxyOutboundPortAnnotation: "4140", + k8s.ProxyUIDAnnotation: "999", + k8s.ProxyLogLevelAnnotation: "debug", + k8s.ProxyDisableIdentityAnnotation: "true", + k8s.ProxyDisableTapAnnotation: "true", + k8s.ProxyEnableExternalProfilesAnnotation: "true", + k8s.ProxyCPURequestAnnotation: "10m", + k8s.ProxyCPULimitAnnotation: "100m", + k8s.ProxyMemoryRequestAnnotation: "10Mi", + k8s.ProxyMemoryLimitAnnotation: "50Mi", + k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678", + k8s.ProxyTraceCollectorSvcAccountAnnotation: "default", + k8s.ProxyWaitBeforeExitSecondsAnnotation: "10", + }, + }, + { + description: "proxy image overrides", + configOptions: proxyConfigOptions{ + proxyImage: "gcr.io/linkerd-io/proxy", + proxyVersion: "test-proxy-version", + imagePullPolicy: "IfNotPresent", + }, + expectedOverrides: map[string]string{ + k8s.ProxyImageAnnotation: "gcr.io/linkerd-io/proxy", + k8s.ProxyVersionOverrideAnnotation: "test-proxy-version", + k8s.ProxyImagePullPolicyAnnotation: "IfNotPresent", + }, + }, + { + description: "proxy-init image overrides", + configOptions: proxyConfigOptions{ + initImage: "gcr.io/linkerd-io/proxyInit", + initImageVersion: "test-proxy-init-version", + imagePullPolicy: "IfNotPresent", + }, + expectedOverrides: map[string]string{ + k8s.ProxyInitImageAnnotation: "gcr.io/linkerd-io/proxyInit", + k8s.ProxyInitImageVersionAnnotation: "test-proxy-init-version", + k8s.ProxyImagePullPolicyAnnotation: "IfNotPresent", + }, + }, + { + description: "custom docker registry with proxy and proxy-init", + configOptions: proxyConfigOptions{ + proxyImage: "gcr.io/linkerd-io/proxy", + initImage: "gcr.io/linkerd-io/proxyInit", + dockerRegistry: "my.custom.registry/linkerd-io", + }, + expectedOverrides: map[string]string{ + k8s.ProxyImageAnnotation: "my.custom.registry/linkerd-io/proxy", + k8s.ProxyInitImageAnnotation: "my.custom.registry/linkerd-io/proxyInit", + k8s.DebugImageAnnotation: "my.custom.registry/linkerd-io/debug", + }, + }, + { + description: "custom docker registry", + configOptions: proxyConfigOptions{ + dockerRegistry: "my.custom.registry/linkerd-io", + }, + expectedOverrides: map[string]string{ + k8s.DebugImageAnnotation: "my.custom.registry/linkerd-io/debug", + }, + }, + { + description: "no overrides", + configOptions: proxyConfigOptions{}, + expectedOverrides: map[string]string{}, + }, + } + + defaultConfig := testInstallConfig() + for _, tt := range tests { + t.Run(tt.description, func(t *testing.T) { + actualOverrides := map[string]string{} + tt.configOptions.overrideConfigs(defaultConfig, actualOverrides) + if len(tt.expectedOverrides) != len(actualOverrides) { + t.Fatalf("expected %d annotation(s), but received %d", len(tt.expectedOverrides), len(actualOverrides)) + } + for key, expected := range tt.expectedOverrides { + actual := actualOverrides[key] + if actual != expected { + t.Fatalf("expected annotation %q with %q, but got %q", key, expected, actual) + } + } + }) + } +} diff --git a/cli/cmd/install.go b/cli/cmd/install.go index 8cd67d2118953..9cd5c61b9a2f8 100644 --- a/cli/cmd/install.go +++ b/cli/cmd/install.go @@ -189,6 +189,8 @@ func newInstallOptionsWithDefaults() (*installOptions, error) { proxyImage: defaults.Global.Proxy.Image.Name, initImage: defaults.Global.ProxyInit.Image.Name, initImageVersion: version.ProxyInitVersion, + debugImage: defaults.DebugContainer.Image.Name, + debugImageVersion: version.Version, dockerRegistry: defaultDockerRegistry, imagePullPolicy: defaults.Global.ImagePullPolicy, ignoreInboundPorts: nil, @@ -639,7 +641,7 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*l5d options.identityOptions.replicas = options.controllerReplicas } - globalJSON, proxyJSON, installJSON, err := config.ToJSON(configs) + globalJSON, proxyJSON, installJSON, debugJSON, err := config.ToJSON(configs) if err != nil { return nil, err } @@ -649,6 +651,7 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*l5d installValues.Configs.Global = globalJSON installValues.Configs.Proxy = proxyJSON installValues.Configs.Install = installJSON + installValues.Configs.Debug = debugJSON installValues.ControllerImage = fmt.Sprintf("%s/controller", options.dockerRegistry) installValues.ControllerImageVersion = configs.GetGlobal().GetVersion() installValues.ControllerLogLevel = options.controllerLogLevel @@ -702,6 +705,10 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*l5d installValues.Global.ProxyInit.IgnoreInboundPorts = strings.Join(options.ignoreInboundPorts, ",") installValues.Global.ProxyInit.IgnoreOutboundPorts = strings.Join(options.ignoreOutboundPorts, ",") + installValues.DebugContainer.Image.Name = registryOverride(options.debugImage, options.dockerRegistry) + installValues.DebugContainer.Image.PullPolicy = options.imagePullPolicy + installValues.DebugContainer.Image.Version = options.debugImageVersion + return installValues, nil } @@ -762,6 +769,7 @@ func (options *installOptions) configs(identity *pb.IdentityContext) *pb.All { Global: options.globalConfig(identity), Proxy: options.proxyConfig(), Install: options.installConfig(), + Debug: options.debugConfig(), } } @@ -833,6 +841,16 @@ func (options *installOptions) proxyConfig() *pb.Proxy { } } +func (options *installOptions) debugConfig() *pb.Debug { + return &pb.Debug{ + DebugImage: &pb.Image{ + ImageName: registryOverride(options.debugImage, options.dockerRegistry), + PullPolicy: options.imagePullPolicy, + }, + DebugImageVersion: options.debugImageVersion, + } +} + func errAfterRunningChecks(options *installOptions) error { checks := []healthcheck.CategoryID{ healthcheck.KubernetesAPIChecks, diff --git a/cli/cmd/install_helm_test.go b/cli/cmd/install_helm_test.go index 939b82917210c..77c10c89760bd 100644 --- a/cli/cmd/install_helm_test.go +++ b/cli/cmd/install_helm_test.go @@ -69,6 +69,11 @@ func testRenderHelm(t *testing.T, chart *pb.Chart, goldenFileName string) { } }, "configs": null, + "debugContainer":{ + "image":{ + "version":"test-debug-version" + } + }, "proxyInjector":{ "keyPEM":"test-proxy-injector-key-pem", "crtPEM":"test-proxy-injector-crt-pem" diff --git a/cli/cmd/install_test.go b/cli/cmd/install_test.go index d3f9919962fbd..527a83a01eac9 100644 --- a/cli/cmd/install_test.go +++ b/cli/cmd/install_test.go @@ -120,6 +120,7 @@ func TestRender(t *testing.T) { Global: "GlobalConfig", Proxy: "ProxyConfig", Install: "InstallConfig", + Debug: "DebugConfig", }, ControllerReplicas: 1, ProxyInjector: defaultValues.ProxyInjector, @@ -201,6 +202,18 @@ func TestRender(t *testing.T) { withControlPlaneTracingValues, _, _ := withControlPlaneTracing.validateAndBuild("", nil) addFakeTLSSecrets(withControlPlaneTracingValues) + customRegistryOverride := "my.custom.registry/linkerd-io" + withCustomRegistryOptions, err := testInstallOptions() + if err != nil { + t.Fatalf("Unexpected error: %v\n", err) + } + withCustomRegistryOptions.dockerRegistry = customRegistryOverride + withCustomRegistryOptions.recordedFlags = []*config.Install_Flag{ + {Name: "registry", Value: customRegistryOverride}, + } + withCustomRegistryValues, _, _ := withCustomRegistryOptions.validateAndBuild("", nil) + addFakeTLSSecrets(withCustomRegistryValues) + testCases := []struct { values *charts.Values goldenFileName string @@ -216,6 +229,7 @@ func TestRender(t *testing.T) { {withHeartBeatDisabledValues, "install_heartbeat_disabled_output.golden"}, {withRestrictedDashboardPriviligesValues, "install_restricted_dashboard.golden"}, {withControlPlaneTracingValues, "install_controlplane_tracing_output.golden"}, + {withCustomRegistryValues, "install_custom_registry.golden"}, } for i, tc := range testCases { @@ -264,6 +278,7 @@ func testInstallOptions() (*installOptions, error) { o.ignoreCluster = true o.proxyVersion = "install-proxy-version" + o.debugImageVersion = "install-debug-version" o.controlPlaneVersion = "install-control-plane-version" o.heartbeatSchedule = fakeHeartbeatSchedule o.identityOptions.crtPEMFile = filepath.Join("testdata", "valid-crt.pem") @@ -315,11 +330,12 @@ func TestValidate(t *testing.T) { testValues.Global = new(pb.Global) testValues.Proxy = new(pb.Proxy) testValues.Install = new(pb.Install) + testValues.Debug = new(pb.Debug) actual, err := underTest.buildValuesWithoutIdentity(testValues) if err != nil { - t.Fatalf("Unexpected error ocured %s", err) + t.Fatalf("Unexpected error occurred %s", err) } if actual.PrometheusLogLevel != expected { diff --git a/cli/cmd/root.go b/cli/cmd/root.go index 118d2ad87d9d2..891765084f9bc 100644 --- a/cli/cmd/root.go +++ b/cli/cmd/root.go @@ -182,6 +182,8 @@ type proxyConfigOptions struct { proxyImage string initImage string initImageVersion string + debugImage string + debugImageVersion string dockerRegistry string imagePullPolicy string ignoreInboundPorts []string @@ -200,10 +202,9 @@ type proxyConfigOptions struct { traceCollector string traceCollectorSvcAccount string waitBeforeExitSeconds uint64 - // ignoreCluster is not validated by validate(). - ignoreCluster bool - disableIdentity bool - disableTap bool + ignoreCluster bool // not validated by validate() + disableIdentity bool + disableTap bool } func (options *proxyConfigOptions) validate() error { diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml index abedf2d4f7b06..ec53bdcafd12f 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml @@ -35,7 +35,7 @@ spec: ports: - containerPort: 80 name: http - - image: gcr.io/linkerd-io/debug:test-inject-control-plane-version + - image: gcr.io/linkerd-io/debug:test-inject-debug-version imagePullPolicy: IfNotPresent name: linkerd-debug terminationMessagePolicy: FallbackToLogsOnError diff --git a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml index 329fba2c00b70..e40a7722aec6f 100644 --- a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml @@ -83,7 +83,7 @@ spec: readOnly: true - mountPath: /var/run/linkerd/config name: config - - image: gcr.io/linkerd-io/debug:test-inject-control-plane-version + - image: gcr.io/linkerd-io/debug:test-inject-debug-version imagePullPolicy: IfNotPresent name: linkerd-debug terminationMessagePolicy: FallbackToLogsOnError diff --git a/cli/cmd/testdata/install_control-plane.golden b/cli/cmd/testdata/install_control-plane.golden index 482fd55793980..7064afaec0e91 100644 --- a/cli/cmd/testdata/install_control-plane.golden +++ b/cli/cmd/testdata/install_control-plane.golden @@ -16,6 +16,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden new file mode 100644 index 0000000000000..7f017968a8e17 --- /dev/null +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -0,0 +1,3061 @@ +--- +### +### Linkerd Namespace +### +--- +kind: Namespace +apiVersion: v1 +metadata: + name: linkerd + annotations: + linkerd.io/inject: disabled + labels: + linkerd.io/is-control-plane: "true" + config.linkerd.io/admission-webhooks: disabled +--- +### +### Identity Controller Service RBAC +### +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-identity + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-identity + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linkerd-linkerd-identity +subjects: +- kind: ServiceAccount + name: linkerd-identity + namespace: linkerd +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-identity + namespace: linkerd + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd +--- +### +### Controller RBAC +### +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-controller + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: ["extensions", "apps"] + resources: ["daemonsets", "deployments", "replicasets", "statefulsets"] + verbs: ["list", "get", "watch"] +- apiGroups: ["extensions", "batch"] + resources: ["cronjobs", "jobs"] + verbs: ["list" , "get", "watch"] +- apiGroups: [""] + resources: ["pods", "endpoints", "services", "replicationcontrollers", "namespaces"] + verbs: ["list", "get", "watch"] +- apiGroups: ["linkerd.io"] + resources: ["serviceprofiles"] + verbs: ["list", "get", "watch"] +- apiGroups: ["split.smi-spec.io"] + resources: ["trafficsplits"] + verbs: ["list", "get", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-controller + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linkerd-linkerd-controller +subjects: +- kind: ServiceAccount + name: linkerd-controller + namespace: linkerd +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-controller + namespace: linkerd + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd +--- +### +### Destination Controller Service +### +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-destination + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["list", "get", "watch"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["list", "get", "watch"] +- apiGroups: [""] + resources: ["pods", "endpoints", "services"] + verbs: ["list", "get", "watch"] +- apiGroups: ["linkerd.io"] + resources: ["serviceprofiles"] + verbs: ["list", "get", "watch"] +- apiGroups: ["split.smi-spec.io"] + resources: ["trafficsplits"] + verbs: ["list", "get", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-destination + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linkerd-linkerd-destination +subjects: +- kind: ServiceAccount + name: linkerd-destination + namespace: linkerd +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-destination + namespace: linkerd + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd +--- +### +### Heartbeat RBAC +### +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: linkerd-heartbeat + namespace: linkerd + labels: + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["linkerd-config"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: linkerd-heartbeat + namespace: linkerd + labels: + linkerd.io/control-plane-ns: linkerd +roleRef: + kind: Role + name: linkerd-heartbeat + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: linkerd-heartbeat + namespace: linkerd +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-heartbeat + namespace: linkerd + labels: + linkerd.io/control-plane-component: heartbeat + linkerd.io/control-plane-ns: linkerd +--- +### +### Web RBAC +### +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: linkerd-web + namespace: linkerd + labels: + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["linkerd-config"] +- apiGroups: [""] + resources: ["namespaces", "configmaps"] + verbs: ["get"] +- apiGroups: [""] + resources: ["serviceaccounts", "pods"] + verbs: ["list"] +- apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: linkerd-web + namespace: linkerd + labels: + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd +roleRef: + kind: Role + name: linkerd-web + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: linkerd-web + namespace: linkerd +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: linkerd-linkerd-web-check + labels: + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles", "clusterrolebindings"] + verbs: ["list"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["list"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["list"] +- apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + verbs: ["list"] +- apiGroups: ["linkerd.io"] + resources: ["serviceprofiles"] + verbs: ["list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: linkerd-linkerd-web-check + labels: + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd +roleRef: + kind: ClusterRole + name: linkerd-linkerd-web-check + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: linkerd-web + namespace: linkerd +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-web-admin + labels: + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linkerd-linkerd-tap-admin +subjects: +- kind: ServiceAccount + name: linkerd-web + namespace: linkerd +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-web + namespace: linkerd + labels: + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd +--- +### +### Service Profile CRD +### +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: serviceprofiles.linkerd.io + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + linkerd.io/control-plane-ns: linkerd +spec: + group: linkerd.io + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1alpha2 + served: true + storage: true + scope: Namespaced + names: + plural: serviceprofiles + singular: serviceprofile + kind: ServiceProfile + shortNames: + - sp +--- +### +### TrafficSplit CRD +### Copied from https://github.com/deislabs/smi-sdk-go/blob/cea7e1e9372304bbb6c74a3f6ca788d9eaa9cc58/crds/split.yaml +### +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: trafficsplits.split.smi-spec.io + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + linkerd.io/control-plane-ns: linkerd +spec: + group: split.smi-spec.io + version: v1alpha1 + scope: Namespaced + names: + kind: TrafficSplit + shortNames: + - ts + plural: trafficsplits + singular: trafficsplit + additionalPrinterColumns: + - name: Service + type: string + description: The apex service of this split. + JSONPath: .spec.service +--- +### +### Prometheus RBAC +### +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-prometheus + labels: + linkerd.io/control-plane-component: prometheus + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: [""] + resources: ["nodes", "nodes/proxy", "pods"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-prometheus + labels: + linkerd.io/control-plane-component: prometheus + linkerd.io/control-plane-ns: linkerd +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linkerd-linkerd-prometheus +subjects: +- kind: ServiceAccount + name: linkerd-prometheus + namespace: linkerd +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-prometheus + namespace: linkerd + labels: + linkerd.io/control-plane-component: prometheus + linkerd.io/control-plane-ns: linkerd +--- +### +### Grafana RBAC +### +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-grafana + namespace: linkerd + labels: + linkerd.io/control-plane-component: grafana + linkerd.io/control-plane-ns: linkerd +--- +### +### Proxy Injector RBAC +### +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-proxy-injector + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +- apiGroups: [""] + resources: ["namespaces", "replicationcontrollers"] + verbs: ["list", "get", "watch"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["list", "watch"] +- apiGroups: ["extensions", "apps"] + resources: ["deployments", "replicasets", "daemonsets", "statefulsets"] + verbs: ["list", "get", "watch"] +- apiGroups: ["extensions", "batch"] + resources: ["cronjobs", "jobs"] + verbs: ["list", "get", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-proxy-injector + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd +subjects: +- kind: ServiceAccount + name: linkerd-proxy-injector + namespace: linkerd + apiGroup: "" +roleRef: + kind: ClusterRole + name: linkerd-linkerd-proxy-injector + apiGroup: rbac.authorization.k8s.io +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-proxy-injector + namespace: linkerd + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd +--- +kind: Secret +apiVersion: v1 +metadata: + name: linkerd-proxy-injector-tls + namespace: linkerd + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +type: Opaque +data: + crt.pem: cHJveHkgaW5qZWN0b3IgY3J0 + key.pem: cHJveHkgaW5qZWN0b3Iga2V5 +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: linkerd-proxy-injector-webhook-config + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd +webhooks: +- name: linkerd-proxy-injector.linkerd.io + namespaceSelector: + matchExpressions: + - key: config.linkerd.io/admission-webhooks + operator: NotIn + values: + - disabled + clientConfig: + service: + name: linkerd-proxy-injector + namespace: linkerd + path: "/" + caBundle: cHJveHkgaW5qZWN0b3IgY3J0 + failurePolicy: Ignore + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + sideEffects: None +--- +### +### Service Profile Validator RBAC +### +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-sp-validator + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-sp-validator + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd +subjects: +- kind: ServiceAccount + name: linkerd-sp-validator + namespace: linkerd + apiGroup: "" +roleRef: + kind: ClusterRole + name: linkerd-linkerd-sp-validator + apiGroup: rbac.authorization.k8s.io +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-sp-validator + namespace: linkerd + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd +--- +kind: Secret +apiVersion: v1 +metadata: + name: linkerd-sp-validator-tls + namespace: linkerd + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +type: Opaque +data: + crt.pem: cHJveHkgaW5qZWN0b3IgY3J0 + key.pem: cHJveHkgaW5qZWN0b3Iga2V5 +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: linkerd-sp-validator-webhook-config + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd +webhooks: +- name: linkerd-sp-validator.linkerd.io + namespaceSelector: + matchExpressions: + - key: config.linkerd.io/admission-webhooks + operator: NotIn + values: + - disabled + clientConfig: + service: + name: linkerd-sp-validator + namespace: linkerd + path: "/" + caBundle: cHJveHkgaW5qZWN0b3IgY3J0 + failurePolicy: Ignore + rules: + - operations: [ "CREATE" , "UPDATE" ] + apiGroups: ["linkerd.io"] + apiVersions: ["v1alpha1", "v1alpha2"] + resources: ["serviceprofiles"] + sideEffects: None +--- +### +### Tap RBAC +### +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-tap + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: [""] + resources: ["pods", "services", "replicationcontrollers", "namespaces", "nodes"] + verbs: ["list", "get", "watch"] +- apiGroups: ["extensions", "apps"] + resources: ["daemonsets", "deployments", "replicasets", "statefulsets"] + verbs: ["list", "get", "watch"] +- apiGroups: ["extensions", "batch"] + resources: ["cronjobs", "jobs"] + verbs: ["list" , "get", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-tap-admin + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: ["tap.linkerd.io"] + resources: ["*"] + verbs: ["watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linkerd-linkerd-tap + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linkerd-linkerd-tap +subjects: +- kind: ServiceAccount + name: linkerd-tap + namespace: linkerd +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: linkerd-linkerd-tap-auth-delegator + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: linkerd-tap + namespace: linkerd +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: linkerd-tap + namespace: linkerd + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: linkerd-linkerd-tap-auth-reader + namespace: kube-system + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: linkerd-tap + namespace: linkerd +--- +kind: Secret +apiVersion: v1 +metadata: + name: linkerd-tap-tls + namespace: linkerd + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +type: Opaque +data: + crt.pem: dGFwIGNydA== + key.pem: dGFwIGtleQ== +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha1.tap.linkerd.io + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd +spec: + group: tap.linkerd.io + version: v1alpha1 + groupPriorityMinimum: 1000 + versionPriority: 100 + service: + name: linkerd-tap + namespace: linkerd + caBundle: dGFwIGNydA== +--- +### +### Control Plane PSP +### +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: linkerd-linkerd-control-plane + labels: + linkerd.io/control-plane-ns: linkerd +spec: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + allowedCapabilities: + - NET_ADMIN + - NET_RAW + requiredDropCapabilities: + - ALL + hostNetwork: false + hostIPC: false + hostPID: false + seLinux: + rule: RunAsAny + runAsUser: + rule: RunAsAny + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + volumes: + - configMap + - emptyDir + - secret + - projected + - downwardAPI + - persistentVolumeClaim +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: linkerd-psp + namespace: linkerd + labels: + linkerd.io/control-plane-ns: linkerd +rules: +- apiGroups: ['policy', 'extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - linkerd-linkerd-control-plane +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: linkerd-psp + namespace: linkerd + labels: + linkerd.io/control-plane-ns: linkerd +roleRef: + kind: Role + name: linkerd-psp + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: linkerd-controller + namespace: linkerd +- kind: ServiceAccount + name: linkerd-destination + namespace: linkerd +- kind: ServiceAccount + name: linkerd-grafana + namespace: linkerd +- kind: ServiceAccount + name: linkerd-heartbeat + namespace: linkerd +- kind: ServiceAccount + name: linkerd-identity + namespace: linkerd +- kind: ServiceAccount + name: linkerd-prometheus + namespace: linkerd +- kind: ServiceAccount + name: linkerd-proxy-injector + namespace: linkerd +- kind: ServiceAccount + name: linkerd-sp-validator + namespace: linkerd +- kind: ServiceAccount + name: linkerd-tap + namespace: linkerd +- kind: ServiceAccount + name: linkerd-web + namespace: linkerd +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: linkerd-config + namespace: linkerd + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +data: + global: | + {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} + proxy: | + {"proxyImage":{"imageName":"my.custom.registry/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"my.custom.registry/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + install: | + {"cliVersion":"dev-undefined","flags":[{"name":"registry","value":"my.custom.registry/linkerd-io"}]} + debug: | + {"debugImage":{"imageName":"my.custom.registry/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} +--- +### +### Identity Controller Service +### +--- +kind: Secret +apiVersion: v1 +metadata: + name: linkerd-identity-issuer + namespace: linkerd + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-issuer-expiry: 2029-02-28T02:03:52Z +data: + crt.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJjakNDQVJpZ0F3SUJBZ0lCQWpBS0JnZ3Foa2pPUFFRREFqQVlNUll3RkFZRFZRUURFdzFqYkhWemRHVnkKTG14dlkyRnNNQjRYRFRFNU1ETXdNekF4TlRrMU1sb1hEVEk1TURJeU9EQXlNRE0xTWxvd0tURW5NQ1VHQTFVRQpBeE1lYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Ga3dFd1lIS29aSXpqMENBUVlJCktvWkl6ajBEQVFjRFFnQUVJU2cwQ21KTkJXTHhKVHNLdDcrYno4QXMxWWZxWkZ1VHEyRm5ZbzAxNk5LVnY3MGUKUUMzVDZ0T3Bhajl4dUtzWGZsVTZaa3VpVlJpaWh3K3RWMmlzcTZOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdFRwpNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQURBUUgvCk1Bb0dDQ3FHU000OUJBTUNBMGdBTUVVQ0lGK2FNMEJ3MlBkTUZEcS9LdGFCUXZIZEFZYVVQVng4dmYzam4rTTQKQWFENEFpRUE5SEJkanlXeWlLZUt4bEE4Q29PdlVBd0k5NXhjNlhVTW9EeFJTWGpucFhnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t + key.pem: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU1JSnltZWtZeitra0NMUGtGbHJVeUF1L2NISllSVHl3Zm1BVVJLS1JYZHpvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSVNnMENtSk5CV0x4SlRzS3Q3K2J6OEFzMVlmcVpGdVRxMkZuWW8wMTZOS1Z2NzBlUUMzVAo2dE9wYWo5eHVLc1hmbFU2Wmt1aVZSaWlodyt0VjJpc3F3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQ== +--- +kind: Service +apiVersion: v1 +metadata: + name: linkerd-identity + namespace: linkerd + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + type: ClusterIP + selector: + linkerd.io/control-plane-component: identity + ports: + - name: grpc + port: 8080 + targetPort: 8080 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + app.kubernetes.io/name: identity + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + name: linkerd-identity + namespace: linkerd +spec: + replicas: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-identity + template: + metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-mode: default + linkerd.io/proxy-version: install-proxy-version + labels: + linkerd.io/control-plane-component: identity + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-identity + spec: + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - args: + - identity + - -log-level=info + image: my.custom.registry/linkerd-io/controller:install-control-plane-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /ping + port: 9990 + initialDelaySeconds: 10 + name: identity + ports: + - containerPort: 8080 + name: grpc + - containerPort: 9990 + name: admin-http + readinessProbe: + failureThreshold: 7 + httpGet: + path: /ready + port: 9990 + securityContext: + runAsUser: 2103 + volumeMounts: + - mountPath: /var/run/linkerd/config + name: config + - mountPath: /var/run/linkerd/identity/issuer + name: identity-issuer + - env: + - name: LINKERD2_PROXY_LOG + value: warn,linkerd2_proxy=info + - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR + value: linkerd-dst.linkerd.svc.cluster.local:8086 + - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR + value: 0.0.0.0:4190 + - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR + value: 0.0.0.0:4191 + - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR + value: 127.0.0.1:4140 + - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR + value: 0.0.0.0:4143 + - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE + value: 10000ms + - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE + value: 10000ms + - name: _pod_ns + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LINKERD2_PROXY_DESTINATION_CONTEXT + value: ns:$(_pod_ns) + - name: LINKERD2_PROXY_IDENTITY_DIR + value: /var/run/linkerd/identity/end-entity + - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS + value: | + -----BEGIN CERTIFICATE----- + MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy + LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE + AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 + xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 + 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF + BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE + AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv + OLO4Zsk1XrGZHGsmyiEyvYF9lpY= + -----END CERTIFICATE----- + - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR + value: localhost.:8080 + - name: _pod_sa + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: _l5d_ns + value: linkerd + - name: _l5d_trustdomain + value: cluster.local + - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME + value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_IDENTITY_SVC_NAME + value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_DESTINATION_SVC_NAME + value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_TAP_SVC_NAME + value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: 4191 + initialDelaySeconds: 10 + name: linkerd-proxy + ports: + - containerPort: 4143 + name: linkerd-proxy + - containerPort: 4191 + name: linkerd-admin + readinessProbe: + httpGet: + path: /ready + port: 4191 + initialDelaySeconds: 2 + resources: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2102 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/linkerd/identity/end-entity + name: linkerd-identity-end-entity + initContainers: + - args: + - --incoming-proxy-port + - "4143" + - --outgoing-proxy-port + - "4140" + - --proxy-uid + - "2102" + - --inbound-ports-to-ignore + - 4190,4191 + - --outbound-ports-to-ignore + - "443" + image: my.custom.registry/linkerd-io/proxy-init:v1.3.0 + imagePullPolicy: IfNotPresent + name: linkerd-init + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "10m" + memory: "10Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + serviceAccountName: linkerd-identity + volumes: + - configMap: + name: linkerd-config + name: config + - name: identity-issuer + secret: + secretName: linkerd-identity-issuer + - emptyDir: + medium: Memory + name: linkerd-identity-end-entity +--- +### +### Controller +### +--- +kind: Service +apiVersion: v1 +metadata: + name: linkerd-controller-api + namespace: linkerd + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + type: ClusterIP + selector: + linkerd.io/control-plane-component: controller + ports: + - name: http + port: 8085 + targetPort: 8085 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + name: linkerd-controller + namespace: linkerd +spec: + replicas: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-controller + template: + metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-mode: default + linkerd.io/proxy-version: install-proxy-version + labels: + linkerd.io/control-plane-component: controller + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-controller + spec: + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - args: + - public-api + - -prometheus-url=http://linkerd-prometheus.linkerd.svc.cluster.local:9090 + - -destination-addr=linkerd-dst.linkerd.svc.cluster.local:8086 + - -controller-namespace=linkerd + - -log-level=info + image: my.custom.registry/linkerd-io/controller:install-control-plane-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /ping + port: 9995 + initialDelaySeconds: 10 + name: public-api + ports: + - containerPort: 8085 + name: http + - containerPort: 9995 + name: admin-http + readinessProbe: + failureThreshold: 7 + httpGet: + path: /ready + port: 9995 + securityContext: + runAsUser: 2103 + volumeMounts: + - mountPath: /var/run/linkerd/config + name: config + - env: + - name: LINKERD2_PROXY_LOG + value: warn,linkerd2_proxy=info + - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR + value: linkerd-dst.linkerd.svc.cluster.local:8086 + - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR + value: 0.0.0.0:4190 + - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR + value: 0.0.0.0:4191 + - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR + value: 127.0.0.1:4140 + - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR + value: 0.0.0.0:4143 + - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE + value: 10000ms + - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE + value: 10000ms + - name: _pod_ns + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LINKERD2_PROXY_DESTINATION_CONTEXT + value: ns:$(_pod_ns) + - name: LINKERD2_PROXY_IDENTITY_DIR + value: /var/run/linkerd/identity/end-entity + - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS + value: | + -----BEGIN CERTIFICATE----- + MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy + LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE + AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 + xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 + 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF + BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE + AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv + OLO4Zsk1XrGZHGsmyiEyvYF9lpY= + -----END CERTIFICATE----- + - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR + value: linkerd-identity.linkerd.svc.cluster.local:8080 + - name: _pod_sa + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: _l5d_ns + value: linkerd + - name: _l5d_trustdomain + value: cluster.local + - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME + value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_IDENTITY_SVC_NAME + value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_DESTINATION_SVC_NAME + value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_TAP_SVC_NAME + value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: 4191 + initialDelaySeconds: 10 + name: linkerd-proxy + ports: + - containerPort: 4143 + name: linkerd-proxy + - containerPort: 4191 + name: linkerd-admin + readinessProbe: + httpGet: + path: /ready + port: 4191 + initialDelaySeconds: 2 + resources: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2102 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/linkerd/identity/end-entity + name: linkerd-identity-end-entity + initContainers: + - args: + - --incoming-proxy-port + - "4143" + - --outgoing-proxy-port + - "4140" + - --proxy-uid + - "2102" + - --inbound-ports-to-ignore + - 4190,4191 + - --outbound-ports-to-ignore + - "443" + image: my.custom.registry/linkerd-io/proxy-init:v1.3.0 + imagePullPolicy: IfNotPresent + name: linkerd-init + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "10m" + memory: "10Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + serviceAccountName: linkerd-controller + volumes: + - configMap: + name: linkerd-config + name: config + - emptyDir: + medium: Memory + name: linkerd-identity-end-entity +--- +### +### Destination Controller Service +### +--- +kind: Service +apiVersion: v1 +metadata: + name: linkerd-dst + namespace: linkerd + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + type: ClusterIP + selector: + linkerd.io/control-plane-component: destination + ports: + - name: grpc + port: 8086 + targetPort: 8086 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + app.kubernetes.io/name: destination + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd + name: linkerd-destination + namespace: linkerd +spec: + replicas: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-destination + template: + metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-mode: default + linkerd.io/proxy-version: install-proxy-version + labels: + linkerd.io/control-plane-component: destination + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-destination + spec: + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - args: + - destination + - -addr=:8086 + - -controller-namespace=linkerd + - -enable-h2-upgrade=true + - -log-level=info + image: my.custom.registry/linkerd-io/controller:install-control-plane-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /ping + port: 9996 + initialDelaySeconds: 10 + name: destination + ports: + - containerPort: 8086 + name: grpc + - containerPort: 9996 + name: admin-http + readinessProbe: + failureThreshold: 7 + httpGet: + path: /ready + port: 9996 + securityContext: + runAsUser: 2103 + volumeMounts: + - mountPath: /var/run/linkerd/config + name: config + - env: + - name: LINKERD2_PROXY_LOG + value: warn,linkerd2_proxy=info + - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR + value: localhost.:8086 + - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR + value: 0.0.0.0:4190 + - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR + value: 0.0.0.0:4191 + - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR + value: 127.0.0.1:4140 + - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR + value: 0.0.0.0:4143 + - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE + value: 10000ms + - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE + value: 10000ms + - name: _pod_ns + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LINKERD2_PROXY_DESTINATION_CONTEXT + value: ns:$(_pod_ns) + - name: LINKERD2_PROXY_IDENTITY_DIR + value: /var/run/linkerd/identity/end-entity + - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS + value: | + -----BEGIN CERTIFICATE----- + MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy + LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE + AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 + xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 + 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF + BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE + AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv + OLO4Zsk1XrGZHGsmyiEyvYF9lpY= + -----END CERTIFICATE----- + - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR + value: linkerd-identity.linkerd.svc.cluster.local:8080 + - name: _pod_sa + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: _l5d_ns + value: linkerd + - name: _l5d_trustdomain + value: cluster.local + - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME + value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_IDENTITY_SVC_NAME + value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_DESTINATION_SVC_NAME + value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_TAP_SVC_NAME + value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: 4191 + initialDelaySeconds: 10 + name: linkerd-proxy + ports: + - containerPort: 4143 + name: linkerd-proxy + - containerPort: 4191 + name: linkerd-admin + readinessProbe: + httpGet: + path: /ready + port: 4191 + initialDelaySeconds: 2 + resources: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2102 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/linkerd/identity/end-entity + name: linkerd-identity-end-entity + initContainers: + - args: + - --incoming-proxy-port + - "4143" + - --outgoing-proxy-port + - "4140" + - --proxy-uid + - "2102" + - --inbound-ports-to-ignore + - 4190,4191 + - --outbound-ports-to-ignore + - "443" + image: my.custom.registry/linkerd-io/proxy-init:v1.3.0 + imagePullPolicy: IfNotPresent + name: linkerd-init + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "10m" + memory: "10Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + serviceAccountName: linkerd-destination + volumes: + - configMap: + name: linkerd-config + name: config + - emptyDir: + medium: Memory + name: linkerd-identity-end-entity +--- +### +### Heartbeat +### +--- +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: linkerd-heartbeat + namespace: linkerd + labels: + app.kubernetes.io/name: heartbeat + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: heartbeat + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + schedule: "1 2 3 4 5" + successfulJobsHistoryLimit: 0 + jobTemplate: + spec: + template: + metadata: + labels: + linkerd.io/control-plane-component: heartbeat + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + spec: + nodeSelector: + beta.kubernetes.io/os: linux + serviceAccountName: linkerd-heartbeat + restartPolicy: Never + containers: + - name: heartbeat + image: my.custom.registry/linkerd-io/controller:install-control-plane-version + imagePullPolicy: IfNotPresent + args: + - "heartbeat" + - "-prometheus-url=http://linkerd-prometheus.linkerd.svc.cluster.local:9090" + - "-controller-namespace=linkerd" + - "-log-level=info" + securityContext: + runAsUser: 2103 +--- +### +### Web +### +--- +kind: Service +apiVersion: v1 +metadata: + name: linkerd-web + namespace: linkerd + labels: + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + type: ClusterIP + selector: + linkerd.io/control-plane-component: web + ports: + - name: http + port: 8084 + targetPort: 8084 + - name: admin-http + port: 9994 + targetPort: 9994 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + app.kubernetes.io/name: web + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd + name: linkerd-web + namespace: linkerd +spec: + replicas: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-web + template: + metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-mode: default + linkerd.io/proxy-version: install-proxy-version + labels: + linkerd.io/control-plane-component: web + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-web + spec: + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - args: + - -api-addr=linkerd-controller-api.linkerd.svc.cluster.local:8085 + - -grafana-addr=linkerd-grafana.linkerd.svc.cluster.local:3000 + - -controller-namespace=linkerd + - -log-level=info + - -enforced-host=^(localhost|127\.0\.0\.1|linkerd-web\.linkerd\.svc\.cluster\.local|linkerd-web\.linkerd\.svc|\[::1\])(:\d+)?$ + image: my.custom.registry/linkerd-io/web:install-control-plane-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /ping + port: 9994 + initialDelaySeconds: 10 + name: web + ports: + - containerPort: 8084 + name: http + - containerPort: 9994 + name: admin-http + readinessProbe: + failureThreshold: 7 + httpGet: + path: /ready + port: 9994 + securityContext: + runAsUser: 2103 + volumeMounts: + - mountPath: /var/run/linkerd/config + name: config + - env: + - name: LINKERD2_PROXY_LOG + value: warn,linkerd2_proxy=info + - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR + value: linkerd-dst.linkerd.svc.cluster.local:8086 + - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR + value: 0.0.0.0:4190 + - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR + value: 0.0.0.0:4191 + - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR + value: 127.0.0.1:4140 + - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR + value: 0.0.0.0:4143 + - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE + value: 10000ms + - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE + value: 10000ms + - name: _pod_ns + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LINKERD2_PROXY_DESTINATION_CONTEXT + value: ns:$(_pod_ns) + - name: LINKERD2_PROXY_IDENTITY_DIR + value: /var/run/linkerd/identity/end-entity + - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS + value: | + -----BEGIN CERTIFICATE----- + MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy + LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE + AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 + xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 + 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF + BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE + AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv + OLO4Zsk1XrGZHGsmyiEyvYF9lpY= + -----END CERTIFICATE----- + - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR + value: linkerd-identity.linkerd.svc.cluster.local:8080 + - name: _pod_sa + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: _l5d_ns + value: linkerd + - name: _l5d_trustdomain + value: cluster.local + - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME + value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_IDENTITY_SVC_NAME + value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_DESTINATION_SVC_NAME + value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_TAP_SVC_NAME + value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: 4191 + initialDelaySeconds: 10 + name: linkerd-proxy + ports: + - containerPort: 4143 + name: linkerd-proxy + - containerPort: 4191 + name: linkerd-admin + readinessProbe: + httpGet: + path: /ready + port: 4191 + initialDelaySeconds: 2 + resources: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2102 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/linkerd/identity/end-entity + name: linkerd-identity-end-entity + initContainers: + - args: + - --incoming-proxy-port + - "4143" + - --outgoing-proxy-port + - "4140" + - --proxy-uid + - "2102" + - --inbound-ports-to-ignore + - 4190,4191 + - --outbound-ports-to-ignore + - "443" + image: my.custom.registry/linkerd-io/proxy-init:v1.3.0 + imagePullPolicy: IfNotPresent + name: linkerd-init + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "10m" + memory: "10Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + serviceAccountName: linkerd-web + volumes: + - configMap: + name: linkerd-config + name: config + - emptyDir: + medium: Memory + name: linkerd-identity-end-entity +--- +### +### Prometheus +### +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: linkerd-prometheus-config + namespace: linkerd + labels: + linkerd.io/control-plane-component: prometheus + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +data: + prometheus.yml: |- + global: + scrape_interval: 10s + scrape_timeout: 10s + evaluation_interval: 10s + + rule_files: + - /etc/prometheus/*_rules.yml + + scrape_configs: + - job_name: 'prometheus' + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'grafana' + kubernetes_sd_configs: + - role: pod + namespaces: + names: ['linkerd'] + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_container_name + action: keep + regex: ^grafana$ + + # Required for: https://grafana.com/grafana/dashboards/315 + - job_name: 'kubernetes-nodes-cadvisor' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + metric_relabel_configs: + - source_labels: [__name__] + regex: '(container|machine)_(cpu|memory|network|fs)_(.+)' + action: keep + - source_labels: [__name__] + regex: 'container_memory_failures_total' # unneeded large metric + action: drop + + - job_name: 'linkerd-controller' + kubernetes_sd_configs: + - role: pod + namespaces: + names: ['linkerd'] + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_label_linkerd_io_control_plane_component + - __meta_kubernetes_pod_container_port_name + action: keep + regex: (.*);admin-http$ + - source_labels: [__meta_kubernetes_pod_container_name] + action: replace + target_label: component + + - job_name: 'linkerd-proxy' + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_container_name + - __meta_kubernetes_pod_container_port_name + - __meta_kubernetes_pod_label_linkerd_io_control_plane_ns + action: keep + regex: ^linkerd-proxy;linkerd-admin;linkerd$ + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + # special case k8s' "job" label, to not interfere with prometheus' "job" + # label + # __meta_kubernetes_pod_label_linkerd_io_proxy_job=foo => + # k8s_job=foo + - source_labels: [__meta_kubernetes_pod_label_linkerd_io_proxy_job] + action: replace + target_label: k8s_job + # drop __meta_kubernetes_pod_label_linkerd_io_proxy_job + - action: labeldrop + regex: __meta_kubernetes_pod_label_linkerd_io_proxy_job + # __meta_kubernetes_pod_label_linkerd_io_proxy_deployment=foo => + # deployment=foo + - action: labelmap + regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+) + # drop all labels that we just made copies of in the previous labelmap + - action: labeldrop + regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+) + # __meta_kubernetes_pod_label_linkerd_io_foo=bar => + # foo=bar + - action: labelmap + regex: __meta_kubernetes_pod_label_linkerd_io_(.+) +--- +kind: Service +apiVersion: v1 +metadata: + name: linkerd-prometheus + namespace: linkerd + labels: + linkerd.io/control-plane-component: prometheus + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + type: ClusterIP + selector: + linkerd.io/control-plane-component: prometheus + ports: + - name: admin-http + port: 9090 + targetPort: 9090 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: prometheus + linkerd.io/control-plane-ns: linkerd + name: linkerd-prometheus + namespace: linkerd +spec: + replicas: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: prometheus + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-prometheus + template: + metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-mode: default + linkerd.io/proxy-version: install-proxy-version + labels: + linkerd.io/control-plane-component: prometheus + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-prometheus + spec: + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - args: + - --storage.tsdb.path=/data + - --storage.tsdb.retention.time=6h + - --config.file=/etc/prometheus/prometheus.yml + - --log.level=info + image: prom/prometheus:v2.11.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + initialDelaySeconds: 30 + timeoutSeconds: 30 + name: prometheus + ports: + - containerPort: 9090 + name: admin-http + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + initialDelaySeconds: 30 + timeoutSeconds: 30 + securityContext: + runAsUser: 65534 + volumeMounts: + - mountPath: /data + name: data + - mountPath: /etc/prometheus + name: prometheus-config + readOnly: true + - env: + - name: LINKERD2_PROXY_LOG + value: warn,linkerd2_proxy=info + - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR + value: linkerd-dst.linkerd.svc.cluster.local:8086 + - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR + value: 0.0.0.0:4190 + - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR + value: 0.0.0.0:4191 + - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR + value: 127.0.0.1:4140 + - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR + value: 0.0.0.0:4143 + - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE + value: 10000ms + - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE + value: 10000ms + - name: _pod_ns + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LINKERD2_PROXY_DESTINATION_CONTEXT + value: ns:$(_pod_ns) + - name: LINKERD2_PROXY_OUTBOUND_ROUTER_CAPACITY + value: "10000" + - name: LINKERD2_PROXY_IDENTITY_DIR + value: /var/run/linkerd/identity/end-entity + - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS + value: | + -----BEGIN CERTIFICATE----- + MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy + LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE + AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 + xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 + 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF + BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE + AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv + OLO4Zsk1XrGZHGsmyiEyvYF9lpY= + -----END CERTIFICATE----- + - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR + value: linkerd-identity.linkerd.svc.cluster.local:8080 + - name: _pod_sa + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: _l5d_ns + value: linkerd + - name: _l5d_trustdomain + value: cluster.local + - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME + value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_IDENTITY_SVC_NAME + value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_DESTINATION_SVC_NAME + value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_TAP_SVC_NAME + value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: 4191 + initialDelaySeconds: 10 + name: linkerd-proxy + ports: + - containerPort: 4143 + name: linkerd-proxy + - containerPort: 4191 + name: linkerd-admin + readinessProbe: + httpGet: + path: /ready + port: 4191 + initialDelaySeconds: 2 + resources: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2102 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/linkerd/identity/end-entity + name: linkerd-identity-end-entity + initContainers: + - args: + - --incoming-proxy-port + - "4143" + - --outgoing-proxy-port + - "4140" + - --proxy-uid + - "2102" + - --inbound-ports-to-ignore + - 4190,4191 + - --outbound-ports-to-ignore + - "443" + image: my.custom.registry/linkerd-io/proxy-init:v1.3.0 + imagePullPolicy: IfNotPresent + name: linkerd-init + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "10m" + memory: "10Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + serviceAccountName: linkerd-prometheus + volumes: + - emptyDir: {} + name: data + - configMap: + name: linkerd-prometheus-config + name: prometheus-config + - emptyDir: + medium: Memory + name: linkerd-identity-end-entity +--- +### +### Grafana +### +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: linkerd-grafana-config + namespace: linkerd + labels: + linkerd.io/control-plane-component: grafana + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +data: + grafana.ini: |- + instance_name = linkerd-grafana + + [server] + root_url = %(protocol)s://%(domain)s:/grafana/ + + [auth] + disable_login_form = true + + [auth.anonymous] + enabled = true + org_role = Editor + + [auth.basic] + enabled = false + + [analytics] + check_for_updates = false + + [panels] + disable_sanitize_html = true + + datasources.yaml: |- + apiVersion: 1 + datasources: + - name: prometheus + type: prometheus + access: proxy + orgId: 1 + url: http://linkerd-prometheus.linkerd.svc.cluster.local:9090 + isDefault: true + jsonData: + timeInterval: "5s" + version: 1 + editable: true + + dashboards.yaml: |- + apiVersion: 1 + providers: + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: true + editable: true + options: + path: /var/lib/grafana/dashboards + homeDashboardId: linkerd-top-line +--- +kind: Service +apiVersion: v1 +metadata: + name: linkerd-grafana + namespace: linkerd + labels: + linkerd.io/control-plane-component: grafana + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + type: ClusterIP + selector: + linkerd.io/control-plane-component: grafana + ports: + - name: http + port: 3000 + targetPort: 3000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: grafana + linkerd.io/control-plane-ns: linkerd + name: linkerd-grafana + namespace: linkerd +spec: + replicas: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: grafana + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-grafana + template: + metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-mode: default + linkerd.io/proxy-version: install-proxy-version + labels: + linkerd.io/control-plane-component: grafana + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-grafana + spec: + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - env: + - name: GF_PATHS_DATA + value: /data + image: my.custom.registry/linkerd-io/grafana:install-control-plane-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 30 + name: grafana + ports: + - containerPort: 3000 + name: http + readinessProbe: + httpGet: + path: /api/health + port: 3000 + securityContext: + runAsUser: 472 + volumeMounts: + - mountPath: /data + name: data + - mountPath: /etc/grafana + name: grafana-config + readOnly: true + - env: + - name: LINKERD2_PROXY_LOG + value: warn,linkerd2_proxy=info + - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR + value: linkerd-dst.linkerd.svc.cluster.local:8086 + - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR + value: 0.0.0.0:4190 + - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR + value: 0.0.0.0:4191 + - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR + value: 127.0.0.1:4140 + - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR + value: 0.0.0.0:4143 + - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE + value: 10000ms + - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE + value: 10000ms + - name: _pod_ns + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LINKERD2_PROXY_DESTINATION_CONTEXT + value: ns:$(_pod_ns) + - name: LINKERD2_PROXY_IDENTITY_DIR + value: /var/run/linkerd/identity/end-entity + - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS + value: | + -----BEGIN CERTIFICATE----- + MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy + LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE + AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 + xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 + 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF + BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE + AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv + OLO4Zsk1XrGZHGsmyiEyvYF9lpY= + -----END CERTIFICATE----- + - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR + value: linkerd-identity.linkerd.svc.cluster.local:8080 + - name: _pod_sa + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: _l5d_ns + value: linkerd + - name: _l5d_trustdomain + value: cluster.local + - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME + value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_IDENTITY_SVC_NAME + value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_DESTINATION_SVC_NAME + value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_TAP_SVC_NAME + value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: 4191 + initialDelaySeconds: 10 + name: linkerd-proxy + ports: + - containerPort: 4143 + name: linkerd-proxy + - containerPort: 4191 + name: linkerd-admin + readinessProbe: + httpGet: + path: /ready + port: 4191 + initialDelaySeconds: 2 + resources: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2102 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/linkerd/identity/end-entity + name: linkerd-identity-end-entity + initContainers: + - args: + - --incoming-proxy-port + - "4143" + - --outgoing-proxy-port + - "4140" + - --proxy-uid + - "2102" + - --inbound-ports-to-ignore + - 4190,4191 + - --outbound-ports-to-ignore + - "443" + image: my.custom.registry/linkerd-io/proxy-init:v1.3.0 + imagePullPolicy: IfNotPresent + name: linkerd-init + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "10m" + memory: "10Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + serviceAccountName: linkerd-grafana + volumes: + - emptyDir: {} + name: data + - configMap: + items: + - key: grafana.ini + path: grafana.ini + - key: datasources.yaml + path: provisioning/datasources/datasources.yaml + - key: dashboards.yaml + path: provisioning/dashboards/dashboards.yaml + name: linkerd-grafana-config + name: grafana-config + - emptyDir: + medium: Memory + name: linkerd-identity-end-entity +--- +### +### Proxy Injector +### +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + app.kubernetes.io/name: proxy-injector + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd + name: linkerd-proxy-injector + namespace: linkerd +spec: + replicas: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: proxy-injector + template: + metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-mode: default + linkerd.io/proxy-version: install-proxy-version + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-proxy-injector + spec: + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - args: + - proxy-injector + - -log-level=info + image: my.custom.registry/linkerd-io/controller:install-control-plane-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /ping + port: 9995 + initialDelaySeconds: 10 + name: proxy-injector + ports: + - containerPort: 8443 + name: proxy-injector + - containerPort: 9995 + name: admin-http + readinessProbe: + failureThreshold: 7 + httpGet: + path: /ready + port: 9995 + securityContext: + runAsUser: 2103 + volumeMounts: + - mountPath: /var/run/linkerd/config + name: config + - mountPath: /var/run/linkerd/tls + name: tls + readOnly: true + - env: + - name: LINKERD2_PROXY_LOG + value: warn,linkerd2_proxy=info + - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR + value: linkerd-dst.linkerd.svc.cluster.local:8086 + - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR + value: 0.0.0.0:4190 + - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR + value: 0.0.0.0:4191 + - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR + value: 127.0.0.1:4140 + - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR + value: 0.0.0.0:4143 + - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE + value: 10000ms + - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE + value: 10000ms + - name: _pod_ns + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LINKERD2_PROXY_DESTINATION_CONTEXT + value: ns:$(_pod_ns) + - name: LINKERD2_PROXY_IDENTITY_DIR + value: /var/run/linkerd/identity/end-entity + - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS + value: | + -----BEGIN CERTIFICATE----- + MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy + LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE + AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 + xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 + 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF + BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE + AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv + OLO4Zsk1XrGZHGsmyiEyvYF9lpY= + -----END CERTIFICATE----- + - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR + value: linkerd-identity.linkerd.svc.cluster.local:8080 + - name: _pod_sa + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: _l5d_ns + value: linkerd + - name: _l5d_trustdomain + value: cluster.local + - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME + value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_IDENTITY_SVC_NAME + value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_DESTINATION_SVC_NAME + value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_TAP_SVC_NAME + value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: 4191 + initialDelaySeconds: 10 + name: linkerd-proxy + ports: + - containerPort: 4143 + name: linkerd-proxy + - containerPort: 4191 + name: linkerd-admin + readinessProbe: + httpGet: + path: /ready + port: 4191 + initialDelaySeconds: 2 + resources: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2102 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/linkerd/identity/end-entity + name: linkerd-identity-end-entity + initContainers: + - args: + - --incoming-proxy-port + - "4143" + - --outgoing-proxy-port + - "4140" + - --proxy-uid + - "2102" + - --inbound-ports-to-ignore + - 4190,4191 + - --outbound-ports-to-ignore + - "443" + image: my.custom.registry/linkerd-io/proxy-init:v1.3.0 + imagePullPolicy: IfNotPresent + name: linkerd-init + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "10m" + memory: "10Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + serviceAccountName: linkerd-proxy-injector + volumes: + - configMap: + name: linkerd-config + name: config + - name: tls + secret: + secretName: linkerd-proxy-injector-tls + - emptyDir: + medium: Memory + name: linkerd-identity-end-entity +--- +kind: Service +apiVersion: v1 +metadata: + name: linkerd-proxy-injector + namespace: linkerd + labels: + linkerd.io/control-plane-component: proxy-injector + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + type: ClusterIP + selector: + linkerd.io/control-plane-component: proxy-injector + ports: + - name: proxy-injector + port: 443 + targetPort: proxy-injector +--- +### +### Service Profile Validator +### +--- +kind: Service +apiVersion: v1 +metadata: + name: linkerd-sp-validator + namespace: linkerd + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + type: ClusterIP + selector: + linkerd.io/control-plane-component: sp-validator + ports: + - name: sp-validator + port: 443 + targetPort: sp-validator +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + app.kubernetes.io/name: sp-validator + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd + name: linkerd-sp-validator + namespace: linkerd +spec: + replicas: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: sp-validator + template: + metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-mode: default + linkerd.io/proxy-version: install-proxy-version + labels: + linkerd.io/control-plane-component: sp-validator + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-sp-validator + spec: + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - args: + - sp-validator + - -log-level=info + image: my.custom.registry/linkerd-io/controller:install-control-plane-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /ping + port: 9997 + initialDelaySeconds: 10 + name: sp-validator + ports: + - containerPort: 8443 + name: sp-validator + - containerPort: 9997 + name: admin-http + readinessProbe: + failureThreshold: 7 + httpGet: + path: /ready + port: 9997 + securityContext: + runAsUser: 2103 + volumeMounts: + - mountPath: /var/run/linkerd/tls + name: tls + readOnly: true + - env: + - name: LINKERD2_PROXY_LOG + value: warn,linkerd2_proxy=info + - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR + value: linkerd-dst.linkerd.svc.cluster.local:8086 + - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR + value: 0.0.0.0:4190 + - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR + value: 0.0.0.0:4191 + - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR + value: 127.0.0.1:4140 + - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR + value: 0.0.0.0:4143 + - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE + value: 10000ms + - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE + value: 10000ms + - name: _pod_ns + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LINKERD2_PROXY_DESTINATION_CONTEXT + value: ns:$(_pod_ns) + - name: LINKERD2_PROXY_IDENTITY_DIR + value: /var/run/linkerd/identity/end-entity + - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS + value: | + -----BEGIN CERTIFICATE----- + MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy + LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE + AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 + xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 + 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF + BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE + AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv + OLO4Zsk1XrGZHGsmyiEyvYF9lpY= + -----END CERTIFICATE----- + - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR + value: linkerd-identity.linkerd.svc.cluster.local:8080 + - name: _pod_sa + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: _l5d_ns + value: linkerd + - name: _l5d_trustdomain + value: cluster.local + - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME + value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_IDENTITY_SVC_NAME + value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_DESTINATION_SVC_NAME + value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_TAP_SVC_NAME + value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: 4191 + initialDelaySeconds: 10 + name: linkerd-proxy + ports: + - containerPort: 4143 + name: linkerd-proxy + - containerPort: 4191 + name: linkerd-admin + readinessProbe: + httpGet: + path: /ready + port: 4191 + initialDelaySeconds: 2 + resources: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2102 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/linkerd/identity/end-entity + name: linkerd-identity-end-entity + initContainers: + - args: + - --incoming-proxy-port + - "4143" + - --outgoing-proxy-port + - "4140" + - --proxy-uid + - "2102" + - --inbound-ports-to-ignore + - 4190,4191 + - --outbound-ports-to-ignore + - "443" + image: my.custom.registry/linkerd-io/proxy-init:v1.3.0 + imagePullPolicy: IfNotPresent + name: linkerd-init + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "10m" + memory: "10Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + serviceAccountName: linkerd-sp-validator + volumes: + - name: tls + secret: + secretName: linkerd-sp-validator-tls + - emptyDir: + medium: Memory + name: linkerd-identity-end-entity +--- +### +### Tap +### +--- +kind: Service +apiVersion: v1 +metadata: + name: linkerd-tap + namespace: linkerd + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined +spec: + type: ClusterIP + selector: + linkerd.io/control-plane-component: tap + ports: + - name: grpc + port: 8088 + targetPort: 8088 + - name: apiserver + port: 443 + targetPort: apiserver +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + labels: + app.kubernetes.io/name: tap + app.kubernetes.io/part-of: Linkerd + app.kubernetes.io/version: install-control-plane-version + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd + name: linkerd-tap + namespace: linkerd +spec: + replicas: 1 + selector: + matchLabels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-tap + template: + metadata: + annotations: + linkerd.io/created-by: linkerd/cli dev-undefined + linkerd.io/identity-mode: default + linkerd.io/proxy-version: install-proxy-version + labels: + linkerd.io/control-plane-component: tap + linkerd.io/control-plane-ns: linkerd + linkerd.io/proxy-deployment: linkerd-tap + spec: + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - args: + - tap + - -controller-namespace=linkerd + - -log-level=info + image: my.custom.registry/linkerd-io/controller:install-control-plane-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /ping + port: 9998 + initialDelaySeconds: 10 + name: tap + ports: + - containerPort: 8088 + name: grpc + - containerPort: 8089 + name: apiserver + - containerPort: 9998 + name: admin-http + readinessProbe: + failureThreshold: 7 + httpGet: + path: /ready + port: 9998 + securityContext: + runAsUser: 2103 + volumeMounts: + - mountPath: /var/run/linkerd/tls + name: tls + readOnly: true + - mountPath: /var/run/linkerd/config + name: config + - env: + - name: LINKERD2_PROXY_LOG + value: warn,linkerd2_proxy=info + - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR + value: linkerd-dst.linkerd.svc.cluster.local:8086 + - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR + value: 0.0.0.0:4190 + - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR + value: 0.0.0.0:4191 + - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR + value: 127.0.0.1:4140 + - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR + value: 0.0.0.0:4143 + - name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES + value: svc.cluster.local. + - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE + value: 10000ms + - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE + value: 10000ms + - name: _pod_ns + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LINKERD2_PROXY_DESTINATION_CONTEXT + value: ns:$(_pod_ns) + - name: LINKERD2_PROXY_IDENTITY_DIR + value: /var/run/linkerd/identity/end-entity + - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS + value: | + -----BEGIN CERTIFICATE----- + MIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy + LmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE + AxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0 + xtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364 + 6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF + BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE + AiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv + OLO4Zsk1XrGZHGsmyiEyvYF9lpY= + -----END CERTIFICATE----- + - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR + value: linkerd-identity.linkerd.svc.cluster.local:8080 + - name: _pod_sa + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: _l5d_ns + value: linkerd + - name: _l5d_trustdomain + value: cluster.local + - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME + value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_IDENTITY_SVC_NAME + value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_DESTINATION_SVC_NAME + value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + - name: LINKERD2_PROXY_TAP_SVC_NAME + value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: 4191 + initialDelaySeconds: 10 + name: linkerd-proxy + ports: + - containerPort: 4143 + name: linkerd-proxy + - containerPort: 4191 + name: linkerd-admin + readinessProbe: + httpGet: + path: /ready + port: 4191 + initialDelaySeconds: 2 + resources: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2102 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/linkerd/identity/end-entity + name: linkerd-identity-end-entity + initContainers: + - args: + - --incoming-proxy-port + - "4143" + - --outgoing-proxy-port + - "4140" + - --proxy-uid + - "2102" + - --inbound-ports-to-ignore + - 4190,4191 + - --outbound-ports-to-ignore + - "443" + image: my.custom.registry/linkerd-io/proxy-init:v1.3.0 + imagePullPolicy: IfNotPresent + name: linkerd-init + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "10m" + memory: "10Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + serviceAccountName: linkerd-tap + volumes: + - configMap: + name: linkerd-config + name: config + - emptyDir: + medium: Memory + name: linkerd-identity-end-entity + - name: tls + secret: + secretName: linkerd-tap-tls diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index e1e28f304424d..eda1dd3575869 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index c91efd85fe850..6f48469b1a5ab 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"}]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 18fe1ab326980..3a81b9f2fae7f 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"400m","requestMemory":"300Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"},{"name":"controller-replicas","value":"2"},{"name":"proxy-cpu-request","value":"400m"},{"name":"proxy-memory-request","value":"300Mi"}]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_helm_output.golden b/cli/cmd/testdata/install_helm_output.golden index 1787ae8684f9b..3f12efd3fd9e3 100644 --- a/cli/cmd/testdata/install_helm_output.golden +++ b/cli/cmd/testdata/install_helm_output.golden @@ -937,6 +937,14 @@ data: "cliVersion":"linkerd-version", "flags":[] } + debug: | + { + "debugImage":{ + "imageName":"gcr.io/linkerd-io/debug", + "pullPolicy":"IfNotPresent" + }, + "debugImageVersion": "test-debug-version" + } --- # Source: linkerd2/templates/identity.yaml --- diff --git a/cli/cmd/testdata/install_helm_output_ha.golden b/cli/cmd/testdata/install_helm_output_ha.golden index b005a02284bfd..16ca6e63db7dd 100644 --- a/cli/cmd/testdata/install_helm_output_ha.golden +++ b/cli/cmd/testdata/install_helm_output_ha.golden @@ -937,6 +937,14 @@ data: "cliVersion":"linkerd-version", "flags":[] } + debug: | + { + "debugImage":{ + "imageName":"gcr.io/linkerd-io/debug", + "pullPolicy":"IfNotPresent" + }, + "debugImageVersion": "test-debug-version" + } --- # Source: linkerd2/templates/identity.yaml --- diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index d0efc77ae47c5..1b45080d4e85f 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -851,6 +851,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"linkerd-cni-enabled","value":"true"}]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index c8ba8f4d1013b..9648664e08a51 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -854,6 +854,8 @@ data: ProxyConfig install: | InstallConfig + debug: | + DebugConfig --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index fad50501c586a..f777451b4b1a6 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[{"portRange":"22"},{"portRange":"8100-8102"}],"ignoreOutboundPorts":[{"portRange":"5432"}],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_default.golden b/cli/cmd/testdata/upgrade_default.golden index 4c75f7ae203be..e3768703b6a30 100644 --- a/cli/cmd/testdata/upgrade_default.golden +++ b/cli/cmd/testdata/upgrade_default.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_external_issuer.golden b/cli/cmd/testdata/upgrade_external_issuer.golden index 186d542b00e9a..d1b51fc366ab9 100644 --- a/cli/cmd/testdata/upgrade_external_issuer.golden +++ b/cli/cmd/testdata/upgrade_external_issuer.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_ha.golden b/cli/cmd/testdata/upgrade_ha.golden index 2630284e488c4..ccce7661e130d 100644 --- a/cli/cmd/testdata/upgrade_ha.golden +++ b/cli/cmd/testdata/upgrade_ha.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"}]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_overwrite_issuer.golden b/cli/cmd/testdata/upgrade_overwrite_issuer.golden index 08ccd3060fd8b..d9c8b29fcb9aa 100644 --- a/cli/cmd/testdata/upgrade_overwrite_issuer.golden +++ b/cli/cmd/testdata/upgrade_overwrite_issuer.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden b/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden index 0426a248f4e77..b3eda408aef57 100644 --- a/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden +++ b/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden index 08ccd3060fd8b..d9c8b29fcb9aa 100644 --- a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden +++ b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/upgrade.go b/cli/cmd/upgrade.go index d5e346c91ece7..a2708fe16c853 100644 --- a/cli/cmd/upgrade.go +++ b/cli/cmd/upgrade.go @@ -305,7 +305,7 @@ func (options *upgradeOptions) validateAndBuild(stage string, k kubernetes.Inter // override the anchors in config configs.Global.IdentityContext.TrustAnchorsPem = values.Global.IdentityTrustAnchorsPEM // rebuild the json config map - globalJSON, _, _, _ := config.ToJSON(configs) + globalJSON, _, _, _, _ := config.ToJSON(configs) values.Configs.Global = globalJSON } diff --git a/cli/cmd/upgrade_test.go b/cli/cmd/upgrade_test.go index 042772a620286..1db621d593b24 100644 --- a/cli/cmd/upgrade_test.go +++ b/cli/cmd/upgrade_test.go @@ -16,6 +16,7 @@ import ( const ( upgradeProxyVersion = "UPGRADE-PROXY-VERSION" upgradeControlPlaneVersion = "UPGRADE-CONTROL-PLANE-VERSION" + upgradeDebugVersion = "UPGRADE-DEBUG-VERSION" ) func testUpgradeOptions() (*upgradeOptions, error) { @@ -26,6 +27,7 @@ func testUpgradeOptions() (*upgradeOptions, error) { o.controlPlaneVersion = upgradeControlPlaneVersion o.proxyVersion = upgradeProxyVersion + o.debugImageVersion = upgradeDebugVersion o.heartbeatSchedule = fakeHeartbeatSchedule return o, nil } @@ -57,7 +59,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, ` kind: Secret apiVersion: v1 @@ -140,7 +144,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[{"name":"ha","value":"true"}]}`, + {"cliVersion":"edge-19.4.1","flags":[{"name":"ha","value":"true"}]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, ` kind: Secret apiVersion: v1 @@ -223,7 +229,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[{"name":"ha","value":"true"}]}`, + {"cliVersion":"edge-19.4.1","flags":[{"name":"ha","value":"true"}]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, ` kind: Secret apiVersion: v1 @@ -314,7 +322,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, ` kind: Secret apiVersion: v1 @@ -398,7 +408,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, ` kind: Secret apiVersion: v1 @@ -481,7 +493,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, ` kind: Secret apiVersion: v1 @@ -567,7 +581,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, ` kind: Secret apiVersion: v1 @@ -652,7 +668,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, }, "", errors.New("a private key file must be specified if a certificate is provided"), @@ -678,7 +696,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, }, "", errors.New("a certificate file must be specified if a private key is provided"), @@ -704,7 +724,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, }, "", errors.New("cannot update issuer certificates if you are using external cert management solution"), @@ -731,7 +753,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, ` kind: Secret apiVersion: v1 @@ -818,7 +842,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | - {"cliVersion":"edge-19.4.1","flags":[]}`, + {"cliVersion":"edge-19.4.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, ` kind: Secret apiVersion: v1 @@ -1077,6 +1103,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | {"cliVersion":"edge-19.3.1","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} `, ` apiVersion: v1 diff --git a/controller/api/public/grpc_server.go b/controller/api/public/grpc_server.go index 41dad723fedc9..d32beec664c2c 100644 --- a/controller/api/public/grpc_server.go +++ b/controller/api/public/grpc_server.go @@ -33,14 +33,16 @@ type APIServer interface { } type grpcServer struct { - prometheusAPI promv1.API - destinationClient destinationPb.DestinationClient - k8sAPI *k8s.API - controllerNamespace string - clusterDomain string - ignoredNamespaces []string - mountPathGlobalConfig string - mountPathProxyConfig string + prometheusAPI promv1.API + destinationClient destinationPb.DestinationClient + k8sAPI *k8s.API + controllerNamespace string + clusterDomain string + ignoredNamespaces []string + mountPathGlobalConfig string + mountPathProxyConfig string + mountPathInstallConfig string + mountPathDebugConfig string } type podReport struct { @@ -66,14 +68,16 @@ func newGrpcServer( ) *grpcServer { grpcServer := &grpcServer{ - prometheusAPI: promAPI, - destinationClient: destinationClient, - k8sAPI: k8sAPI, - controllerNamespace: controllerNamespace, - clusterDomain: clusterDomain, - ignoredNamespaces: ignoredNamespaces, - mountPathGlobalConfig: pkgK8s.MountPathGlobalConfig, - mountPathProxyConfig: pkgK8s.MountPathProxyConfig, + prometheusAPI: promAPI, + destinationClient: destinationClient, + k8sAPI: k8sAPI, + controllerNamespace: controllerNamespace, + clusterDomain: clusterDomain, + ignoredNamespaces: ignoredNamespaces, + mountPathGlobalConfig: pkgK8s.MountPathGlobalConfig, + mountPathProxyConfig: pkgK8s.MountPathProxyConfig, + mountPathInstallConfig: pkgK8s.MountPathInstallConfig, + mountPathDebugConfig: pkgK8s.MountPathDebugConfig, } pb.RegisterApiServer(prometheus.NewGrpcServer(), grpcServer) @@ -234,7 +238,15 @@ func (s *grpcServer) Config(ctx context.Context, req *pb.Empty) (*configPb.All, if err != nil { return nil, fmt.Errorf("error retrieving proxy config - %s", err) } - return &configPb.All{Global: global, Proxy: proxy}, nil + install, err := config.Install(s.mountPathInstallConfig) + if err != nil { + return nil, fmt.Errorf("error retrieving install config - %s", err) + } + debug, err := config.Debug(s.mountPathDebugConfig) + if err != nil { + return nil, fmt.Errorf("error retrieving debug config - %s", err) + } + return &configPb.All{Global: global, Proxy: proxy, Install: install, Debug: debug}, nil } func (s *grpcServer) Tap(req *pb.TapRequest, stream pb.Api_TapServer) error { diff --git a/controller/api/public/grpc_server_test.go b/controller/api/public/grpc_server_test.go index d35855c1de868..63f7dc1e81e58 100644 --- a/controller/api/public/grpc_server_test.go +++ b/controller/api/public/grpc_server_test.go @@ -538,6 +538,8 @@ func TestConfig(t *testing.T) { ) fakeGrpcServer.mountPathGlobalConfig = "testdata/global.conf.json" fakeGrpcServer.mountPathProxyConfig = "testdata/proxy.conf.json" + fakeGrpcServer.mountPathInstallConfig = "testdata/install.conf.json" + fakeGrpcServer.mountPathDebugConfig = "testdata/debug.conf.json" k8sAPI.Sync() @@ -548,16 +550,26 @@ func TestConfig(t *testing.T) { expectedVersion := "dev-206ff685-foo" if v := rsp.GetGlobal().GetVersion(); v != expectedVersion { - t.Fatalf("Unexpected response: \"%s\" != \"%s\"", expectedVersion, v) + t.Fatalf("Unexpected global config response: \"%s\" != \"%s\"", expectedVersion, v) } expectedPort := "123" portRanges := rsp.GetProxy().GetIgnoreOutboundPorts() if len(portRanges) != 1 { - t.Fatal("Unexpected response: didn't get the outbound port") + t.Fatal("Unexpected proxy config response: didn't get the outbound port") } if p := portRanges[0].GetPortRange(); p != expectedPort { - t.Fatalf("Unexpected response: %s != %s", expectedPort, p) + t.Fatalf("Unexpected proxy config response: %s != %s", expectedPort, p) + } + + expectedVersion = "test-install-version" + if v := rsp.GetInstall().GetCliVersion(); v != expectedVersion { + t.Fatalf("Unexpected install config response: \"%s\" != \"%s\"", expectedVersion, v) + } + + expectedVersion = "test-debug-version" + if v := rsp.GetDebug().GetDebugImageVersion(); v != expectedVersion { + t.Fatalf("Unexpected debug config response: \"%s\" != \"%s\"", expectedVersion, v) } }) } diff --git a/controller/api/public/testdata/debug.conf.json b/controller/api/public/testdata/debug.conf.json new file mode 100644 index 0000000000000..b274fa7088176 --- /dev/null +++ b/controller/api/public/testdata/debug.conf.json @@ -0,0 +1,7 @@ +{ + "debugImage": { + "imageName": "gcr.io/linkerd-io/debug", + "pullPolicy": "IfNotPresent" + }, + "debugImageVersion": "test-debug-version" +} diff --git a/controller/api/public/testdata/install.conf.json b/controller/api/public/testdata/install.conf.json new file mode 100644 index 0000000000000..847dae965e32f --- /dev/null +++ b/controller/api/public/testdata/install.conf.json @@ -0,0 +1,4 @@ +{ + "cliVersion": "test-install-version", + "flags":[] +} diff --git a/controller/gen/config/config.pb.go b/controller/gen/config/config.pb.go index 801acd2dd4dcb..7b5e88f91c1d6 100644 --- a/controller/gen/config/config.pb.go +++ b/controller/gen/config/config.pb.go @@ -25,6 +25,7 @@ type All struct { Global *Global `protobuf:"bytes,1,opt,name=global,proto3" json:"global,omitempty"` Proxy *Proxy `protobuf:"bytes,2,opt,name=proxy,proto3" json:"proxy,omitempty"` Install *Install `protobuf:"bytes,3,opt,name=install,proto3" json:"install,omitempty"` + Debug *Debug `protobuf:"bytes,4,opt,name=debug,proto3" json:"debug,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -76,6 +77,13 @@ func (m *All) GetInstall() *Install { return nil } +func (m *All) GetDebug() *Debug { + if m != nil { + return m.Debug + } + return nil +} + type Global struct { LinkerdNamespace string `protobuf:"bytes,1,opt,name=linkerd_namespace,json=linkerdNamespace,proto3" json:"linkerd_namespace,omitempty"` CniEnabled bool `protobuf:"varint,2,opt,name=cni_enabled,json=cniEnabled,proto3" json:"cni_enabled,omitempty"` @@ -740,6 +748,54 @@ func (m *Install_Flag) GetValue() string { return "" } +// Configuration settings for debug containers +type Debug struct { + DebugImage *Image `protobuf:"bytes,1,opt,name=debug_image,json=debugImage,proto3" json:"debug_image,omitempty"` + DebugImageVersion string `protobuf:"bytes,2,opt,name=debug_image_version,json=debugImageVersion,proto3" json:"debug_image_version,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *Debug) Reset() { *m = Debug{} } +func (m *Debug) String() string { return proto.CompactTextString(m) } +func (*Debug) ProtoMessage() {} +func (*Debug) Descriptor() ([]byte, []int) { + return fileDescriptor_cc332a44e926b360, []int{11} +} + +func (m *Debug) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_Debug.Unmarshal(m, b) +} +func (m *Debug) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_Debug.Marshal(b, m, deterministic) +} +func (m *Debug) XXX_Merge(src proto.Message) { + xxx_messageInfo_Debug.Merge(m, src) +} +func (m *Debug) XXX_Size() int { + return xxx_messageInfo_Debug.Size(m) +} +func (m *Debug) XXX_DiscardUnknown() { + xxx_messageInfo_Debug.DiscardUnknown(m) +} + +var xxx_messageInfo_Debug proto.InternalMessageInfo + +func (m *Debug) GetDebugImage() *Image { + if m != nil { + return m.DebugImage + } + return nil +} + +func (m *Debug) GetDebugImageVersion() string { + if m != nil { + return m.DebugImageVersion + } + return "" +} + func init() { proto.RegisterType((*All)(nil), "linkerd2.config.All") proto.RegisterType((*Global)(nil), "linkerd2.config.Global") @@ -753,75 +809,79 @@ func init() { proto.RegisterType((*LogLevel)(nil), "linkerd2.config.LogLevel") proto.RegisterType((*Install)(nil), "linkerd2.config.Install") proto.RegisterType((*Install_Flag)(nil), "linkerd2.config.Install.Flag") + proto.RegisterType((*Debug)(nil), "linkerd2.config.Debug") } func init() { proto.RegisterFile("config/config.proto", fileDescriptor_cc332a44e926b360) } var fileDescriptor_cc332a44e926b360 = []byte{ - // 1037 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x56, 0xdd, 0x6e, 0xdb, 0x36, - 0x14, 0x86, 0x1d, 0xdb, 0xb1, 0x8f, 0xed, 0xfc, 0x30, 0x7f, 0x4a, 0x86, 0x6e, 0x99, 0x86, 0x02, - 0x41, 0x37, 0xd8, 0x5b, 0x32, 0xb4, 0x45, 0xae, 0x96, 0xb6, 0x69, 0x91, 0x35, 0xeb, 0x02, 0x15, - 0xeb, 0x80, 0xdd, 0x08, 0xb2, 0x7c, 0xac, 0x70, 0xa1, 0x48, 0x97, 0xa2, 0x92, 0xf4, 0x21, 0x76, - 0xbd, 0x5d, 0xed, 0x39, 0xf6, 0x60, 0x7b, 0x80, 0x81, 0x87, 0x54, 0x96, 0xc4, 0x4d, 0x7a, 0x65, - 0xf1, 0x3b, 0xdf, 0xf7, 0xf1, 0x48, 0xe7, 0xf0, 0xd0, 0xb0, 0x92, 0x2a, 0x39, 0xe1, 0xd9, 0xd0, - 0xfd, 0x0c, 0xa6, 0x5a, 0x19, 0xc5, 0x16, 0x05, 0x97, 0x67, 0xa8, 0xc7, 0xbb, 0x03, 0x07, 0x6f, - 0x7d, 0x9e, 0x29, 0x95, 0x09, 0x1c, 0x52, 0x78, 0x54, 0x4e, 0x86, 0xe3, 0x52, 0x27, 0x86, 0x2b, - 0xe9, 0x04, 0xe1, 0x5f, 0x35, 0x98, 0x3b, 0x10, 0x82, 0x0d, 0xa1, 0x95, 0x09, 0x35, 0x4a, 0x44, - 0x50, 0xdb, 0xae, 0xed, 0x74, 0x77, 0x37, 0x06, 0xb7, 0x9c, 0x06, 0xaf, 0x28, 0x1c, 0x79, 0x1a, - 0xfb, 0x06, 0x9a, 0x53, 0xad, 0x2e, 0x3f, 0x04, 0x75, 0xe2, 0xaf, 0xcf, 0xf0, 0x4f, 0x6c, 0x34, - 0x72, 0x24, 0xb6, 0x0b, 0xf3, 0x5c, 0x16, 0x26, 0x11, 0x22, 0x98, 0x23, 0x7e, 0x30, 0xc3, 0x3f, - 0x72, 0xf1, 0xa8, 0x22, 0x86, 0xff, 0xd6, 0xa1, 0xe5, 0x36, 0x65, 0x5f, 0xc3, 0xb2, 0xa7, 0xc7, - 0x32, 0xc9, 0xb1, 0x98, 0x26, 0x29, 0x52, 0xa2, 0x9d, 0x68, 0xc9, 0x07, 0xde, 0x54, 0x38, 0xfb, - 0x02, 0xba, 0xa9, 0xe4, 0x31, 0xca, 0x64, 0x24, 0x70, 0x4c, 0xf9, 0xb5, 0x23, 0x48, 0x25, 0x3f, - 0x74, 0x08, 0x0b, 0x60, 0xfe, 0x1c, 0x75, 0xc1, 0x95, 0xa4, 0x64, 0x3a, 0x51, 0xb5, 0x64, 0xaf, - 0x61, 0x89, 0x8f, 0x51, 0x1a, 0x6e, 0x3e, 0xc4, 0xa9, 0x92, 0x06, 0x2f, 0x4d, 0xd0, 0xa0, 0x7c, - 0xb7, 0x67, 0xf3, 0xf5, 0xc4, 0xe7, 0x8e, 0x17, 0x2d, 0xf2, 0x9b, 0x00, 0x7b, 0x07, 0x2b, 0x49, - 0x69, 0x54, 0xcc, 0xe5, 0xef, 0x98, 0x9a, 0x2b, 0xbf, 0x16, 0xf9, 0x85, 0x33, 0x7e, 0x07, 0xa5, - 0x51, 0x47, 0x44, 0xf5, 0x06, 0xcf, 0xea, 0x41, 0x2d, 0x5a, 0x4e, 0x6e, 0xc3, 0xec, 0x31, 0xac, - 0xab, 0x9c, 0x9b, 0x5f, 0x71, 0x74, 0xaa, 0xd4, 0xd9, 0x5b, 0x3e, 0xc6, 0xc3, 0xc9, 0x04, 0x53, - 0x53, 0x04, 0xf3, 0xf4, 0xaa, 0x77, 0x44, 0xd9, 0x43, 0x58, 0x48, 0x45, 0x59, 0x18, 0xd4, 0xf1, - 0x58, 0xe5, 0x09, 0x97, 0x41, 0x9b, 0xde, 0xbe, 0xef, 0xd1, 0x17, 0x04, 0x86, 0xff, 0xb4, 0xa0, - 0x49, 0xb5, 0x63, 0x4f, 0xa0, 0x4b, 0xd5, 0x8b, 0x79, 0x9e, 0x64, 0xe8, 0x1b, 0x63, 0xb6, 0xd0, - 0x47, 0x36, 0x1a, 0x01, 0x51, 0xe9, 0x99, 0xfd, 0x00, 0x4b, 0x5e, 0x28, 0xb9, 0xf1, 0xea, 0xfa, - 0xbd, 0xea, 0x05, 0xa7, 0x96, 0xdc, 0x38, 0x87, 0xa7, 0xd0, 0xb3, 0xdf, 0x4b, 0x2b, 0x11, 0x4f, - 0x95, 0x36, 0xbe, 0x69, 0xd6, 0x66, 0x9b, 0x4c, 0x69, 0x13, 0x75, 0x3d, 0xd5, 0x2e, 0xd8, 0x31, - 0xac, 0xf2, 0x4c, 0x2a, 0x8d, 0x31, 0x97, 0x23, 0x55, 0xca, 0x31, 0x19, 0x14, 0x41, 0x63, 0x7b, - 0x6e, 0xa7, 0xbb, 0xbb, 0xf5, 0x71, 0x87, 0x44, 0x66, 0x18, 0x31, 0xa7, 0x3b, 0x72, 0x32, 0x8b, - 0x17, 0xec, 0x0d, 0xac, 0x79, 0x37, 0x55, 0x9a, 0xeb, 0x76, 0xcd, 0x4f, 0xda, 0xad, 0x38, 0xe1, - 0xcf, 0x5e, 0xe7, 0xfc, 0x9e, 0x42, 0xef, 0x7a, 0x5a, 0xbe, 0x19, 0xee, 0x7a, 0x2f, 0xfe, 0x7f, - 0x2a, 0xec, 0x7b, 0x80, 0x64, 0x9c, 0x73, 0xe9, 0x74, 0xf3, 0xf7, 0xe9, 0x3a, 0x44, 0x24, 0xd5, - 0x3e, 0xf4, 0x6f, 0x24, 0x4e, 0x25, 0xbf, 0x53, 0xd8, 0x53, 0xd7, 0x92, 0x65, 0x07, 0xd0, 0xd6, - 0x58, 0xa8, 0x52, 0xa7, 0x18, 0x74, 0x48, 0xf6, 0x70, 0x46, 0x16, 0x79, 0x42, 0x84, 0xef, 0x4b, - 0xae, 0x31, 0x47, 0x69, 0x8a, 0xe8, 0x4a, 0xc6, 0x3e, 0x83, 0x8e, 0x6b, 0x84, 0x92, 0x8f, 0x03, - 0xd8, 0xae, 0xed, 0xcc, 0x45, 0x6d, 0x02, 0x7e, 0xe1, 0x63, 0xf6, 0x18, 0x3a, 0x42, 0x65, 0xb1, - 0xc0, 0x73, 0x14, 0x41, 0x97, 0x36, 0xd8, 0x9c, 0xd9, 0xe0, 0x58, 0x65, 0xc7, 0x96, 0x10, 0xb5, - 0x85, 0x7f, 0x62, 0xfb, 0xb0, 0x39, 0xe6, 0x85, 0x3d, 0xca, 0x31, 0x5e, 0x1a, 0xd4, 0x32, 0x11, - 0xf1, 0x54, 0xab, 0x09, 0x17, 0x58, 0x04, 0x3d, 0x3a, 0x02, 0x1b, 0x9e, 0x70, 0xe8, 0xe3, 0x27, - 0x3e, 0xcc, 0xbe, 0x82, 0xbe, 0x4b, 0xa8, 0x1a, 0x00, 0x7d, 0x3a, 0x02, 0x3d, 0x02, 0xdf, 0xf9, - 0x29, 0xf0, 0x04, 0x82, 0xdb, 0xed, 0x7b, 0xc5, 0x5f, 0x20, 0xfe, 0xda, 0xcd, 0x76, 0xf5, 0xc2, - 0xf0, 0x15, 0x34, 0x5d, 0xfb, 0x3e, 0x00, 0x70, 0x32, 0x3b, 0xad, 0xfc, 0xa0, 0xea, 0x10, 0x62, - 0xc7, 0x94, 0x9d, 0x50, 0xd3, 0x52, 0xd8, 0xd6, 0x16, 0x3c, 0x75, 0x13, 0xb4, 0x13, 0x81, 0x85, - 0x4e, 0x08, 0x09, 0xb7, 0xa0, 0x41, 0x25, 0x60, 0xd0, 0xa0, 0xaa, 0x59, 0x87, 0x7e, 0x44, 0xcf, - 0xe1, 0x23, 0xe8, 0x5c, 0x35, 0x99, 0xdd, 0xc8, 0x82, 0xb1, 0xb6, 0xab, 0x6a, 0xa3, 0x69, 0x15, - 0x0e, 0xff, 0xae, 0xc1, 0xea, 0xc7, 0x4a, 0x64, 0x33, 0xd0, 0xf8, 0xbe, 0xc4, 0xc2, 0xc4, 0xe9, - 0xb4, 0xf4, 0x42, 0xf0, 0xd0, 0xf3, 0x69, 0x69, 0x87, 0x45, 0x45, 0xc8, 0x31, 0x57, 0xba, 0xca, - 0xb2, 0xef, 0xd1, 0x9f, 0x08, 0xb4, 0x05, 0x16, 0x3c, 0xe7, 0xce, 0xc5, 0x0d, 0xd3, 0x36, 0x01, - 0xd6, 0xe3, 0x4b, 0xe8, 0xb9, 0xa0, 0x77, 0x68, 0x50, 0xbc, 0x4b, 0x98, 0xd3, 0x87, 0x1b, 0xb0, - 0x3c, 0x33, 0xf7, 0xf6, 0xeb, 0x41, 0x2d, 0xfc, 0xa3, 0x0e, 0x8b, 0xb7, 0x26, 0xac, 0xf5, 0x33, - 0xba, 0x2c, 0x4c, 0x35, 0xbe, 0x5c, 0xd6, 0x5d, 0xc2, 0xdc, 0xf0, 0x62, 0x8f, 0x60, 0xd9, 0x51, - 0x12, 0x99, 0x9e, 0x2a, 0x5d, 0xc4, 0x53, 0xcc, 0x7d, 0xe6, 0x8b, 0x14, 0x38, 0x70, 0xf8, 0x09, - 0xe6, 0xec, 0x25, 0x2c, 0xf3, 0xa2, 0x28, 0x13, 0x99, 0x62, 0x2c, 0xf8, 0x04, 0x0d, 0xcf, 0xd1, - 0x0f, 0x9a, 0xcd, 0x81, 0xbb, 0x36, 0x07, 0xd5, 0xb5, 0x39, 0x78, 0xe1, 0xaf, 0xcd, 0x68, 0xa9, - 0xd2, 0x1c, 0x7b, 0x09, 0x7b, 0x0d, 0xab, 0xa9, 0x50, 0xe9, 0x59, 0x5c, 0x9c, 0xe1, 0x45, 0x9c, - 0x08, 0xa1, 0x2e, 0x6c, 0xdc, 0x5f, 0x1c, 0xf7, 0x58, 0x31, 0x92, 0xbd, 0x3d, 0xc3, 0x8b, 0x83, - 0x4a, 0xc4, 0xd6, 0xa1, 0x55, 0xa4, 0xa7, 0x98, 0x63, 0xd0, 0xa4, 0xac, 0xfd, 0x2a, 0xdc, 0x86, - 0x76, 0x75, 0x14, 0xd8, 0x2a, 0x34, 0xdd, 0xa1, 0x71, 0x1f, 0xc0, 0x2d, 0xc2, 0x3f, 0x6b, 0x30, - 0xef, 0xef, 0x50, 0xba, 0x02, 0x05, 0xbf, 0x6a, 0x5a, 0xdf, 0x60, 0xa9, 0xe0, 0x55, 0x8b, 0xef, - 0x41, 0x73, 0x22, 0x92, 0xac, 0x08, 0xe6, 0x68, 0x8e, 0x3d, 0xb8, 0xeb, 0x36, 0x1e, 0xbc, 0x14, - 0x49, 0x16, 0x39, 0xee, 0xd6, 0xb7, 0xd0, 0xb0, 0x4b, 0xdb, 0x95, 0xd7, 0xfa, 0x9a, 0x9e, 0x6d, - 0x4e, 0xe7, 0x89, 0x28, 0xd1, 0xef, 0xe5, 0x16, 0x3f, 0x36, 0xda, 0xb5, 0xa5, 0xfa, 0xb3, 0xbd, - 0xdf, 0xbe, 0xcb, 0xb8, 0x39, 0x2d, 0x47, 0x83, 0x54, 0xe5, 0x43, 0xbf, 0x53, 0xf5, 0xbb, 0x3b, - 0xf4, 0xd3, 0x5b, 0xa0, 0x1e, 0x66, 0x28, 0xfd, 0xff, 0x99, 0x51, 0x8b, 0xbe, 0xd7, 0xde, 0x7f, - 0x01, 0x00, 0x00, 0xff, 0xff, 0x44, 0x94, 0xe5, 0x88, 0xe7, 0x08, 0x00, 0x00, + // 1080 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0xdd, 0x4e, 0x1b, 0x47, + 0x14, 0x96, 0x8d, 0x6d, 0xec, 0x63, 0x1b, 0xf0, 0xf0, 0xb7, 0x50, 0xa5, 0xa5, 0x5b, 0x45, 0x42, + 0x69, 0x65, 0xb7, 0x50, 0x25, 0x11, 0x57, 0x25, 0x81, 0x44, 0x34, 0x34, 0x45, 0x1b, 0x35, 0x95, + 0x7a, 0xb3, 0x5a, 0xef, 0x1e, 0x2f, 0x53, 0x66, 0x67, 0x9c, 0xdd, 0x59, 0x20, 0x0f, 0xd1, 0xeb, + 0xde, 0xf5, 0x39, 0xfa, 0x04, 0x7d, 0xa2, 0x3e, 0x40, 0x35, 0x67, 0x66, 0x09, 0xe0, 0x40, 0x73, + 0xc5, 0xce, 0x77, 0xbe, 0xef, 0x9b, 0x33, 0x9e, 0x33, 0xe7, 0x00, 0xcb, 0xb1, 0x92, 0x13, 0x9e, + 0x8e, 0xec, 0x9f, 0xe1, 0x34, 0x57, 0x5a, 0xb1, 0x45, 0xc1, 0xe5, 0x19, 0xe6, 0xc9, 0xce, 0xd0, + 0xc2, 0x9b, 0x9f, 0xa7, 0x4a, 0xa5, 0x02, 0x47, 0x14, 0x1e, 0x97, 0x93, 0x51, 0x52, 0xe6, 0x91, + 0xe6, 0x4a, 0x5a, 0x81, 0xff, 0x4f, 0x0d, 0xe6, 0xf6, 0x85, 0x60, 0x23, 0x68, 0xa5, 0x42, 0x8d, + 0x23, 0xe1, 0xd5, 0xb6, 0x6a, 0xdb, 0xdd, 0x9d, 0xf5, 0xe1, 0x2d, 0xa7, 0xe1, 0x4b, 0x0a, 0x07, + 0x8e, 0xc6, 0xbe, 0x81, 0xe6, 0x34, 0x57, 0x97, 0xef, 0xbd, 0x3a, 0xf1, 0xd7, 0x66, 0xf8, 0x27, + 0x26, 0x1a, 0x58, 0x12, 0xdb, 0x81, 0x79, 0x2e, 0x0b, 0x1d, 0x09, 0xe1, 0xcd, 0x11, 0xdf, 0x9b, + 0xe1, 0x1f, 0xd9, 0x78, 0x50, 0x11, 0xcd, 0x0e, 0x09, 0x8e, 0xcb, 0xd4, 0x6b, 0xdc, 0xb1, 0xc3, + 0x81, 0x89, 0x06, 0x96, 0xe4, 0xff, 0x5b, 0x87, 0x96, 0x4d, 0x91, 0x7d, 0x0d, 0x03, 0x47, 0x0d, + 0x65, 0x94, 0x61, 0x31, 0x8d, 0x62, 0xa4, 0x63, 0x75, 0x82, 0x25, 0x17, 0x78, 0x5d, 0xe1, 0xec, + 0x0b, 0xe8, 0xc6, 0x92, 0x87, 0x28, 0xa3, 0xb1, 0xc0, 0x84, 0x4e, 0xd3, 0x0e, 0x20, 0x96, 0xfc, + 0xd0, 0x22, 0xcc, 0x83, 0xf9, 0x73, 0xcc, 0x0b, 0xae, 0x24, 0xa5, 0xde, 0x09, 0xaa, 0x25, 0x7b, + 0x05, 0x4b, 0x3c, 0x41, 0xa9, 0xb9, 0x7e, 0x1f, 0xc6, 0x4a, 0x6a, 0xbc, 0xd4, 0x2e, 0xd7, 0xad, + 0xd9, 0xd3, 0x39, 0xe2, 0x73, 0xcb, 0x0b, 0x16, 0xf9, 0x4d, 0x80, 0xbd, 0x85, 0xe5, 0xa8, 0xd4, + 0x2a, 0xe4, 0xf2, 0x77, 0x8c, 0xf5, 0x95, 0x5f, 0x8b, 0xfc, 0xfc, 0x19, 0xbf, 0xfd, 0x52, 0xab, + 0x23, 0xa2, 0x3a, 0x83, 0x67, 0x75, 0xaf, 0x16, 0x0c, 0xa2, 0xdb, 0x30, 0x7b, 0x0c, 0x6b, 0x2a, + 0xe3, 0xfa, 0x57, 0x1c, 0x9f, 0x2a, 0x75, 0xf6, 0x86, 0x27, 0x78, 0x38, 0x99, 0x60, 0xac, 0x0b, + 0x6f, 0x9e, 0x8e, 0x7a, 0x47, 0x94, 0x3d, 0x84, 0x85, 0x58, 0x94, 0x85, 0xc6, 0x3c, 0x4c, 0x54, + 0x16, 0x71, 0xe9, 0xb5, 0xe9, 0xf4, 0x7d, 0x87, 0x1e, 0x10, 0xe8, 0xff, 0xdd, 0x82, 0x26, 0xdd, + 0x34, 0x7b, 0x02, 0x5d, 0xba, 0xeb, 0x90, 0x67, 0x51, 0x8a, 0xae, 0x8c, 0x66, 0x2f, 0xed, 0xc8, + 0x44, 0x03, 0x20, 0x2a, 0x7d, 0xb3, 0x1f, 0x60, 0xc9, 0x09, 0x25, 0xd7, 0x4e, 0x5d, 0xbf, 0x57, + 0xbd, 0x60, 0xd5, 0x92, 0x6b, 0xeb, 0xf0, 0x14, 0x7a, 0xe6, 0xf7, 0xca, 0x95, 0x08, 0xa7, 0x2a, + 0xd7, 0xae, 0xc4, 0x56, 0x67, 0x4b, 0x52, 0xe5, 0x3a, 0xe8, 0x3a, 0xaa, 0x59, 0xb0, 0x63, 0x58, + 0xe1, 0xa9, 0x54, 0x39, 0x86, 0x5c, 0x8e, 0x55, 0x29, 0x13, 0x32, 0x28, 0xbc, 0xc6, 0xd6, 0xdc, + 0x76, 0x77, 0x67, 0xf3, 0xe3, 0x0e, 0x91, 0x4c, 0x31, 0x60, 0x56, 0x77, 0x64, 0x65, 0x06, 0x2f, + 0xd8, 0x6b, 0x58, 0x75, 0x6e, 0xaa, 0xd4, 0xd7, 0xed, 0x9a, 0xff, 0x6b, 0xb7, 0x6c, 0x85, 0x3f, + 0x3b, 0x9d, 0xf5, 0x7b, 0x0a, 0xbd, 0xeb, 0x69, 0xb9, 0x62, 0xb8, 0xeb, 0x5c, 0xfc, 0x43, 0x2a, + 0xec, 0x7b, 0x80, 0x28, 0xc9, 0xb8, 0xb4, 0xba, 0xf9, 0xfb, 0x74, 0x1d, 0x22, 0x92, 0x6a, 0x0f, + 0xfa, 0x37, 0x12, 0xa7, 0x2b, 0xbf, 0x53, 0xd8, 0x53, 0xd7, 0x92, 0x65, 0xfb, 0xd0, 0xce, 0xb1, + 0x50, 0x65, 0x1e, 0xa3, 0xd7, 0x21, 0xd9, 0xc3, 0x19, 0x59, 0xe0, 0x08, 0x01, 0xbe, 0x2b, 0x79, + 0x8e, 0x19, 0x4a, 0x5d, 0x04, 0x57, 0x32, 0xf6, 0x19, 0x74, 0x6c, 0x21, 0x94, 0x3c, 0xf1, 0x60, + 0xab, 0xb6, 0x3d, 0x17, 0xb4, 0x09, 0xf8, 0x85, 0x27, 0xec, 0x31, 0x74, 0x84, 0x4a, 0x43, 0x81, + 0xe7, 0x28, 0xbc, 0x2e, 0x6d, 0xb0, 0x31, 0xb3, 0xc1, 0xb1, 0x4a, 0x8f, 0x0d, 0x21, 0x68, 0x0b, + 0xf7, 0xc5, 0xf6, 0x60, 0x23, 0xe1, 0x85, 0x79, 0xca, 0x21, 0x5e, 0x6a, 0xcc, 0x65, 0x24, 0xc2, + 0x69, 0xae, 0x26, 0x5c, 0x60, 0xe1, 0xf5, 0xe8, 0x09, 0xac, 0x3b, 0xc2, 0xa1, 0x8b, 0x9f, 0xb8, + 0x30, 0xfb, 0x0a, 0xfa, 0x36, 0xa1, 0xaa, 0x01, 0xf4, 0xe9, 0x09, 0xf4, 0x08, 0x7c, 0xeb, 0xba, + 0xc0, 0x13, 0xf0, 0x6e, 0x97, 0xef, 0x15, 0x7f, 0x81, 0xf8, 0xab, 0x37, 0xcb, 0xd5, 0x09, 0xfd, + 0x97, 0xd0, 0xb4, 0xe5, 0xfb, 0x00, 0xc0, 0xca, 0x4c, 0xb7, 0x72, 0x8d, 0xaa, 0x43, 0x88, 0x69, + 0x53, 0xa6, 0x43, 0x4d, 0x4b, 0x61, 0x4a, 0x5b, 0xf0, 0xd8, 0xf6, 0xdb, 0x4e, 0x00, 0x06, 0x3a, + 0x21, 0xc4, 0xdf, 0x84, 0x06, 0x5d, 0x01, 0x83, 0x06, 0xdd, 0x9a, 0x71, 0xe8, 0x07, 0xf4, 0xed, + 0x3f, 0x82, 0xce, 0x55, 0x91, 0x99, 0x8d, 0x0c, 0x18, 0xe6, 0x66, 0x55, 0x6d, 0x34, 0xad, 0xc2, + 0xfe, 0x5f, 0x35, 0x58, 0xf9, 0xd8, 0x15, 0x99, 0x0c, 0x72, 0x7c, 0x57, 0x62, 0xa1, 0xc3, 0x78, + 0x5a, 0x3a, 0x21, 0x38, 0xe8, 0xf9, 0xb4, 0x34, 0xcd, 0xa2, 0x22, 0x64, 0x98, 0xa9, 0xbc, 0xca, + 0xb2, 0xef, 0xd0, 0x9f, 0x08, 0x34, 0x17, 0x2c, 0x78, 0xc6, 0xad, 0x8b, 0x6d, 0xa6, 0x6d, 0x02, + 0x8c, 0xc7, 0x97, 0xd0, 0xb3, 0x41, 0xe7, 0xd0, 0xa0, 0x78, 0x97, 0x30, 0xab, 0xf7, 0xd7, 0x61, + 0x30, 0xd3, 0xf7, 0xf6, 0xea, 0x5e, 0xcd, 0xff, 0xa3, 0x0e, 0x8b, 0xb7, 0x3a, 0xac, 0xf1, 0xd3, + 0x79, 0x59, 0xe8, 0xaa, 0x7d, 0xd9, 0xac, 0xbb, 0x84, 0xd9, 0xe6, 0xc5, 0x1e, 0xc1, 0xc0, 0x52, + 0x22, 0x19, 0x9f, 0xaa, 0xbc, 0x08, 0xa7, 0x98, 0xb9, 0xcc, 0x17, 0x29, 0xb0, 0x6f, 0xf1, 0x13, + 0xcc, 0xd8, 0x0b, 0x18, 0xf0, 0xa2, 0x28, 0x23, 0x19, 0x63, 0x28, 0xf8, 0x04, 0x35, 0xcf, 0xd0, + 0x35, 0x9a, 0x8d, 0xa1, 0x1d, 0xb2, 0xc3, 0x6a, 0xc8, 0x0e, 0x0f, 0xdc, 0x90, 0x0d, 0x96, 0x2a, + 0xcd, 0xb1, 0x93, 0xb0, 0x57, 0xb0, 0x12, 0x0b, 0x15, 0x9f, 0x85, 0xc5, 0x19, 0x5e, 0x84, 0x91, + 0x10, 0xea, 0xc2, 0xc4, 0xdd, 0xe0, 0xb8, 0xc7, 0x8a, 0x91, 0xec, 0xcd, 0x19, 0x5e, 0xec, 0x57, + 0x22, 0xb6, 0x06, 0xad, 0x22, 0x3e, 0xc5, 0x0c, 0xbd, 0x26, 0x65, 0xed, 0x56, 0xfe, 0x16, 0xb4, + 0xab, 0xa7, 0xc0, 0x56, 0xa0, 0x69, 0x1f, 0x8d, 0xfd, 0x01, 0xec, 0xc2, 0xff, 0xb3, 0x06, 0xf3, + 0x6e, 0xe2, 0xd2, 0x08, 0x14, 0xfc, 0xaa, 0x68, 0x5d, 0x81, 0xc5, 0x82, 0x57, 0x25, 0xbe, 0x0b, + 0xcd, 0x89, 0x88, 0xd2, 0xc2, 0x9b, 0xa3, 0x3e, 0xf6, 0xe0, 0xae, 0xd9, 0x3d, 0x7c, 0x21, 0xa2, + 0x34, 0xb0, 0xdc, 0xcd, 0x6f, 0xa1, 0x61, 0x96, 0xa6, 0x2a, 0xaf, 0xd5, 0x35, 0x7d, 0x9b, 0x9c, + 0xce, 0x23, 0x51, 0xa2, 0xdb, 0xcb, 0x2e, 0x7e, 0x6c, 0xb4, 0x6b, 0x4b, 0x75, 0x7f, 0x0a, 0x4d, + 0x1a, 0xec, 0x66, 0xa0, 0xd0, 0x68, 0xff, 0xb4, 0x81, 0x42, 0x54, 0xfb, 0x9e, 0x86, 0xb0, 0x7c, + 0x4d, 0x78, 0xeb, 0x5c, 0x83, 0x0f, 0x44, 0x77, 0xbc, 0x67, 0xbb, 0xbf, 0x7d, 0x97, 0x72, 0x7d, + 0x5a, 0x8e, 0x87, 0xb1, 0xca, 0x46, 0xce, 0xbf, 0xfa, 0xbb, 0x33, 0x72, 0xf3, 0x42, 0x60, 0x3e, + 0x4a, 0x51, 0xba, 0xff, 0xb7, 0xc6, 0x2d, 0xba, 0xa1, 0xdd, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, + 0xc5, 0x52, 0x65, 0x6e, 0x87, 0x09, 0x00, 0x00, } diff --git a/controller/proxy-injector/fake/data/pod-with-debug-disabled.yaml b/controller/proxy-injector/fake/data/pod-with-debug-disabled.yaml new file mode 100644 index 0000000000000..af5607a768801 --- /dev/null +++ b/controller/proxy-injector/fake/data/pod-with-debug-disabled.yaml @@ -0,0 +1,17 @@ +kind: Pod +apiVersion: apps/v1 +metadata: + name: nginx + namespace: kube-public + annotations: + config.linkerd.io/enable-debug-sidecar: false + linkerd.io/inject: enabled + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - name: http + containerPort: 80 diff --git a/controller/proxy-injector/fake/data/pod-with-debug-enabled.yaml b/controller/proxy-injector/fake/data/pod-with-debug-enabled.yaml new file mode 100644 index 0000000000000..be9245c67bdd7 --- /dev/null +++ b/controller/proxy-injector/fake/data/pod-with-debug-enabled.yaml @@ -0,0 +1,17 @@ +kind: Pod +apiVersion: apps/v1 +metadata: + name: nginx + namespace: kube-public + annotations: + config.linkerd.io/enable-debug-sidecar: true + linkerd.io/inject: enabled + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - name: http + containerPort: 80 diff --git a/controller/proxy-injector/fake/data/pod-with-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-debug.patch.json new file mode 100644 index 0000000000000..5b9d4c6433a7d --- /dev/null +++ b/controller/proxy-injector/fake/data/pod-with-debug.patch.json @@ -0,0 +1,181 @@ +[ + { + "op": "add", + "path": "/metadata/annotations/linkerd.io~1identity-mode", + "value": "disabled" + }, + { + "op": "add", + "path": "/metadata/annotations/linkerd.io~1proxy-version", + "value": "dev-undefined" + }, + { + "op": "add", + "path": "/metadata/labels/linkerd.io~1control-plane-ns", + "value": "linkerd" + }, + { + "op": "add", + "path": "/metadata/labels/linkerd.io~1proxy-deployment", + "value": "owner-deployment" + }, + { + "op": "add", + "path": "/spec/initContainers", + "value": [] + }, + { + "op": "add", + "path": "/spec/initContainers/-", + "value": + { + "args": [ + "--incoming-proxy-port", + "4143", + "--outgoing-proxy-port", + "4140", + "--proxy-uid", + "2102", + "--inbound-ports-to-ignore", + "4190,4191" + ], + "image": "gcr.io/linkerd-io/proxy-init:v1.3.0", + "imagePullPolicy": "IfNotPresent", + "name": "linkerd-init", + "resources": { + "limits": { + "cpu":"100m", + "memory":"50Mi" + }, + "requests": { + "cpu":"10m", + "memory":"10Mi" + } + }, + "securityContext": { + "allowPrivilegeEscalation": false, + "capabilities": { + "add": [ + "NET_ADMIN", + "NET_RAW" + ] + }, + "privileged": false, + "readOnlyRootFilesystem": true, + "runAsNonRoot": false, + "runAsUser": 0 + }, + "terminationMessagePolicy": "FallbackToLogsOnError" + } + }, + { + "op": "add", + "path": "/spec/containers/-", + "value": + { + "image": "gcr.io/linkerd-io/debug:debug-image-version", + "imagePullPolicy": "IfNotPresent", + "name": "linkerd-debug", + "terminationMessagePolicy": "FallbackToLogsOnError" + } + }, + { + "op": "add", + "path": "/spec/containers/-", + "value": + { + "env": [ + { + "name": "LINKERD2_PROXY_LOG", + "value": "warn,linkerd2_proxy=info" + }, + { + "name": "LINKERD2_PROXY_DESTINATION_SVC_ADDR", + "value": "linkerd-dst.linkerd.svc.cluster.local:8086" + }, + { + "name": "LINKERD2_PROXY_CONTROL_LISTEN_ADDR", + "value": "0.0.0.0:4190" + }, + { + "name": "LINKERD2_PROXY_ADMIN_LISTEN_ADDR", + "value": "0.0.0.0:4191" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR", + "value": "127.0.0.1:4140" + }, + { + "name": "LINKERD2_PROXY_INBOUND_LISTEN_ADDR", + "value": "0.0.0.0:4143" + }, + { + "name": "LINKERD2_PROXY_DESTINATION_GET_SUFFIXES", + "value": "." + }, + { + "name": "LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES", + "value": "." + }, + { + "name": "LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE", + "value": "10000ms" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE", + "value": "10000ms" + }, + { + "name": "_pod_ns", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "LINKERD2_PROXY_DESTINATION_CONTEXT", + "value": "ns:$(_pod_ns)" + }, + { + "name": "LINKERD2_PROXY_IDENTITY_DISABLED", + "value": "disabled" + } + ], + "image": "gcr.io/linkerd-io/proxy:dev-undefined", + "imagePullPolicy": "IfNotPresent", + "livenessProbe": { + "httpGet": { + "path": "/metrics", + "port": 4191 + }, + "initialDelaySeconds": 10 + }, + "name": "linkerd-proxy", + "ports": [ + { + "containerPort": 4143, + "name": "linkerd-proxy" + }, + { + "containerPort": 4191, + "name": "linkerd-admin" + } + ], + "readinessProbe": { + "httpGet": { + "path": "/ready", + "port": 4191 + }, + "initialDelaySeconds": 2 + }, + "resources": null, + "securityContext": { + "allowPrivilegeEscalation": false, + "readOnlyRootFilesystem": true, + "runAsUser": 2102 + }, + "terminationMessagePolicy": "FallbackToLogsOnError" + } + } +] diff --git a/controller/proxy-injector/webhook.go b/controller/proxy-injector/webhook.go index b769a1e25215d..1d7e88f24f63b 100644 --- a/controller/proxy-injector/webhook.go +++ b/controller/proxy-injector/webhook.go @@ -41,13 +41,18 @@ func Inject(api *k8s.API, return nil, err } + debugConfig, err := config.Debug(pkgK8s.MountPathDebugConfig) + if err != nil { + return nil, err + } + namespace, err := api.NS().Lister().Get(request.Namespace) if err != nil { return nil, err } nsAnnotations := namespace.GetAnnotations() - configs := &pb.All{Global: globalConfig, Proxy: proxyConfig} + configs := &pb.All{Global: globalConfig, Proxy: proxyConfig, Debug: debugConfig} resourceConfig := inject.NewResourceConfig(configs, inject.OriginWebhook). WithOwnerRetriever(ownerRetriever(api, request.Namespace)). WithNsAnnotations(nsAnnotations). diff --git a/controller/proxy-injector/webhook_test.go b/controller/proxy-injector/webhook_test.go index fc51399a49753..d951b06402cd2 100644 --- a/controller/proxy-injector/webhook_test.go +++ b/controller/proxy-injector/webhook_test.go @@ -42,6 +42,10 @@ var ( LogLevel: &config.LogLevel{Level: "warn,linkerd=info"}, DisableExternalProfiles: false, }, + Debug: &config.Debug{ + DebugImage: &config.Image{ImageName: "gcr.io/linkerd-io/debug", PullPolicy: "IfNotPresent"}, + DebugImageVersion: "debug-image-version", + }, } ) @@ -88,6 +92,11 @@ func TestGetPatch(t *testing.T) { ns: nsDisabled, conf: confNsDisabled(), }, + { + filename: "pod-with-debug-disabled.yaml", + ns: nsDisabled, + conf: confNsDisabled(), + }, } expectedPatchBytes, err := factory.FileContents("pod.patch.json") @@ -133,6 +142,42 @@ func TestGetPatch(t *testing.T) { } }) + t.Run("by checking annotations with debug", func(t *testing.T) { + expectedPatchBytes, err := factory.FileContents("pod-with-debug.patch.json") + if err != nil { + t.Fatalf("Unexpected error: %s", err) + } + expectedPatch, err := unmarshalPatch(expectedPatchBytes) + if err != nil { + t.Fatalf("Unexpected error: %s", err) + } + + pod, err := factory.FileContents("pod-with-debug-enabled.yaml") + if err != nil { + t.Fatalf("Unexpected error: %s", err) + } + fakeReq := getFakeReq(pod) + conf := confNsEnabled().WithKind(fakeReq.Kind.Kind).WithOwnerRetriever(ownerRetrieverFake) + _, err = conf.ParseMetaAndYAML(fakeReq.Object.Raw) + if err != nil { + t.Fatal(err) + } + + patchJSON, err := conf.GetPatch(true) + if err != nil { + t.Fatalf("Unexpected PatchForAdmissionRequest error: %s", err) + } + actualPatch, err := unmarshalPatch(patchJSON) + if err != nil { + t.Fatalf("Unexpected error: %s", err) + } + if !reflect.DeepEqual(expectedPatch, actualPatch) { + t.Fatalf("The actual patch didn't match what was expected.\nExpected: %s\nActual: %s", + expectedPatchBytes, patchJSON) + } + + }) + t.Run("by checking container spec", func(t *testing.T) { deployment, err := factory.FileContents("deployment-with-injected-proxy.yaml") if err != nil { diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index 3a3f73281a02f..3da2c4a95dc4d 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -42,6 +42,7 @@ type ( Global *Global `json:"global"` Identity *Identity `json:"identity"` Dashboard *Dashboard `json:"dashboard"` + DebugContainer *DebugContainer `json:"debugContainer"` ProxyInjector *ProxyInjector `json:"proxyInjector"` ProfileValidator *ProfileValidator `json:"profileValidator"` Tap *Tap `json:"tap"` @@ -87,6 +88,7 @@ type ( Global string `json:"global"` Proxy string `json:"proxy"` Install string `json:"install"` + Debug string `json:"debug"` } // Proxy contains the fields to set the proxy sidecar container diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index ea9a966f31f75..163b593727e2a 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -113,6 +113,13 @@ func TestNewValues(t *testing.T) { Dashboard: &Dashboard{ Replicas: 1, }, + DebugContainer: &DebugContainer{ + Image: &Image{ + Name: "gcr.io/linkerd-io/debug", + PullPolicy: "IfNotPresent", + Version: testVersion, + }, + }, ProxyInjector: &ProxyInjector{TLS: &TLS{}}, ProfileValidator: &ProfileValidator{TLS: &TLS{}}, @@ -125,6 +132,7 @@ func TestNewValues(t *testing.T) { actual.ControllerImageVersion = testVersion actual.Global.Proxy.Image.Version = testVersion actual.Global.ProxyInit.Image.Version = testVersion + actual.DebugContainer.Image.Version = testVersion if !reflect.DeepEqual(expected, actual) { t.Errorf("Mismatch Helm values.\nExpected: %+v\nActual: %+v", expected, actual) @@ -208,6 +216,7 @@ func TestNewValues(t *testing.T) { actual.ControllerImageVersion = testVersion actual.Global.Proxy.Image.Version = testVersion actual.Global.ProxyInit.Image.Version = testVersion + actual.DebugContainer.Image.Version = testVersion if !reflect.DeepEqual(expected, actual) { t.Errorf("Mismatch Helm HA defaults.\nExpected: %+v\nActual: %+v", expected, actual) diff --git a/pkg/config/config.go b/pkg/config/config.go index 29685b8f890a5..c67d4f0897736 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -32,6 +32,13 @@ func Install(filepath string) (*pb.Install, error) { return config, err } +// Debug returns the Debug protobuf config from the linkerd-config ConfigMap +func Debug(filepath string) (*pb.Debug, error) { + config := &pb.Debug{} + err := unmarshalFile(filepath, config) + return config, err +} + func unmarshalFile(filepath string, msg proto.Message) error { configJSON, err := ioutil.ReadFile(filepath) if err != nil { @@ -62,7 +69,7 @@ func unmarshal(json string, msg proto.Message) error { // FromConfigMap builds a configuration by reading a map with the keys "global" // and "proxy", each containing JSON values. func FromConfigMap(configMap map[string]string) (*pb.All, error) { - c := &pb.All{Global: &pb.Global{}, Proxy: &pb.Proxy{}, Install: &pb.Install{}} + c := &pb.All{Global: &pb.Global{}, Proxy: &pb.Proxy{}, Install: &pb.Install{}, Debug: &pb.Debug{}} if err := unmarshal(configMap["global"], c.Global); err != nil { return nil, fmt.Errorf("invalid global config: %s", err) @@ -76,11 +83,15 @@ func FromConfigMap(configMap map[string]string) (*pb.All, error) { return nil, fmt.Errorf("invalid install config: %s", err) } + if err := unmarshal(configMap["debug"], c.Debug); err != nil { + return nil, fmt.Errorf("invalid debug config: %s", err) + } + return c, nil } // ToJSON encode the configuration to JSON, i.e. to be stored in a ConfigMap. -func ToJSON(configs *pb.All) (global, proxy, install string, err error) { +func ToJSON(configs *pb.All) (global, proxy, install, debug string, err error) { m := jsonpb.Marshaler{EmitDefaults: true} global, err = m.MarshalToString(configs.GetGlobal()) @@ -94,5 +105,10 @@ func ToJSON(configs *pb.All) (global, proxy, install string, err error) { } install, err = m.MarshalToString(configs.GetInstall()) + if err != nil { + return + } + + debug, err = m.MarshalToString(configs.GetDebug()) return } diff --git a/pkg/healthcheck/healthcheck_test.go b/pkg/healthcheck/healthcheck_test.go index ba75a62b4dc49..db98021377c22 100644 --- a/pkg/healthcheck/healthcheck_test.go +++ b/pkg/healthcheck/healthcheck_test.go @@ -2281,7 +2281,9 @@ data: proxy: | {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version", "proxy_init_image_version":"v1.3.0"} install: | - {"cliVersion":"dev-undefined","flags":[]}`, + {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"}`, }, &configPb.All{ Global: &configPb.Global{ @@ -2328,6 +2330,12 @@ data: ProxyInitImageVersion: "v1.3.0", }, Install: &configPb.Install{ CliVersion: "dev-undefined", + }, Debug: &configPb.Debug{ + DebugImage: &configPb.Image{ + ImageName: "gcr.io/linkerd-io/debug", + PullPolicy: "IfNotPresent", + }, + DebugImageVersion: "install-debug-version", }}, nil, }, @@ -2342,9 +2350,10 @@ data: global: | {"linkerdNamespace":"ns","identityContext":null} proxy: "{}" - install: "{}"`, + install: "{}" + debug: "{}"`, }, - &configPb.All{Global: &configPb.Global{LinkerdNamespace: "ns", IdentityContext: nil}, Proxy: &configPb.Proxy{}, Install: &configPb.Install{}}, + &configPb.All{Global: &configPb.Global{LinkerdNamespace: "ns", IdentityContext: nil}, Proxy: &configPb.Proxy{}, Install: &configPb.Install{}, Debug: &configPb.Debug{}}, nil, }, { @@ -2357,9 +2366,10 @@ metadata: data: global: "{}" proxy: "{}" - install: "{}"`, + install: "{}" + debug: "{}"`, }, - &configPb.All{Global: &configPb.Global{}, Proxy: &configPb.Proxy{}, Install: &configPb.Install{}}, + &configPb.All{Global: &configPb.Global{}, Proxy: &configPb.Proxy{}, Install: &configPb.Install{}, Debug: &configPb.Debug{}}, nil, }, { diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index 2d07d846cbbfd..645982af7190c 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -495,9 +495,9 @@ func (conf *ResourceConfig) injectPodSpec(values *patch) { log.Infof("inject debug container") values.DebugContainer = &l5dcharts.DebugContainer{ Image: &l5dcharts.Image{ - Name: k8s.DebugSidecarImage, - Version: conf.configs.GetGlobal().GetVersion(), - PullPolicy: conf.proxyImagePullPolicy(), + Name: conf.debugSidecarImage(), + Version: conf.debugSidecarImageVersion(), + PullPolicy: conf.debugSidecarImagePullPolicy(), }, } } @@ -904,6 +904,33 @@ func (conf *ResourceConfig) proxyOutboundSkipPorts() string { return strings.Join(portRanges, ",") } +func (conf *ResourceConfig) debugSidecarImage() string { + if override := conf.getOverride(k8s.DebugImageAnnotation); override != "" { + return override + } + return conf.configs.GetDebug().GetDebugImage().GetImageName() +} + +func (conf *ResourceConfig) debugSidecarImageVersion() string { + if override := conf.getOverride(k8s.DebugImageVersionAnnotation); override != "" { + return override + } + if debugVersion := conf.configs.GetDebug().GetDebugImageVersion(); debugVersion != "" { + return debugVersion + } + if controlPlaneVersion := conf.configs.GetGlobal().GetVersion(); controlPlaneVersion != "" { + return controlPlaneVersion + } + return version.Version +} + +func (conf *ResourceConfig) debugSidecarImagePullPolicy() string { + if override := conf.getOverride(k8s.DebugImagePullPolicyAnnotation); override != "" { + return override + } + return conf.configs.GetDebug().GetDebugImage().GetPullPolicy() +} + // GetOverriddenConfiguration returns a map of the overridden proxy annotations func (conf *ResourceConfig) GetOverriddenConfiguration() map[string]string { proxyOverrideConfig := map[string]string{} diff --git a/pkg/k8s/labels.go b/pkg/k8s/labels.go index bb5865c218340..5f4dbdd206a08 100644 --- a/pkg/k8s/labels.go +++ b/pkg/k8s/labels.go @@ -119,6 +119,15 @@ const ( // ProxyInitImageVersionAnnotation can be used to overrided the proxy-init image version ProxyInitImageVersionAnnotation = ProxyConfigAnnotationsPrefix + "/init-image-version" + // DebugImageAnnotation can be used to override the debugImage config. + DebugImageAnnotation = ProxyConfigAnnotationsPrefix + "/debug-image" + + // DebugImageVersionAnnotation can be used to override the debugImageVersion config. + DebugImageVersionAnnotation = ProxyConfigAnnotationsPrefix + "/debug-image-version" + + // DebugImagePullPolicyAnnotation can be used to override the debugImagePullPolicy config. + DebugImagePullPolicyAnnotation = ProxyConfigAnnotationsPrefix + "/debug-image-pull-policy" + // ProxyControlPortAnnotation can be used to override the controlPort config. ProxyControlPortAnnotation = ProxyConfigAnnotationsPrefix + "/control-port" @@ -209,9 +218,6 @@ const ( // DebugSidecarName is the name of the default linkerd debug container DebugSidecarName = "linkerd-debug" - // DebugSidecarImage is the image name of the default linkerd debug container - DebugSidecarImage = "gcr.io/linkerd-io/debug" - // InitContainerName is the name assigned to the injected init container. InitContainerName = "linkerd-init" @@ -281,6 +287,9 @@ const ( // MountPathInstallConfig is the path at which the install config file is mounted. MountPathInstallConfig = MountPathBase + "/config/install" + // MountPathDebugConfig is the path at which the debug config file is mounted. + MountPathDebugConfig = MountPathBase + "/config/debug" + // MountPathEndEntity is the path at which a tmpfs directory is mounted to // store identity credentials. MountPathEndEntity = MountPathBase + "/identity/end-entity" diff --git a/proto/config/config.proto b/proto/config/config.proto index 40f5abfb8fcda..fd5eebd6e48e5 100644 --- a/proto/config/config.proto +++ b/proto/config/config.proto @@ -10,6 +10,7 @@ message All { Global global = 1; Proxy proxy = 2; Install install = 3; + Debug debug = 4; } message Global { @@ -106,3 +107,9 @@ message Install { string value = 2; } } + +// Configuration settings for debug containers +message Debug { + Image debug_image = 1; + string debug_image_version = 2; +} From 5e6e3b4197f568705893d599b6571f5d462166d7 Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Mon, 30 Dec 2019 13:26:52 -0600 Subject: [PATCH 02/11] Post-rebase updates; updated new testcases and addressed scopelinter issue Signed-off-by: Paul Balogh --- cli/cmd/inject_test.go | 1 + cli/cmd/testdata/install_controlplane_tracing_output.golden | 2 ++ cli/cmd/testdata/install_heartbeat_disabled_output.golden | 2 ++ cli/cmd/testdata/install_restricted_dashboard.golden | 2 ++ 4 files changed, 7 insertions(+) diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index cdf4a4f32e180..25145da0e00f7 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -679,6 +679,7 @@ func TestOverrideConfigsParameterized(t *testing.T) { defaultConfig := testInstallConfig() for _, tt := range tests { + tt := tt // pin t.Run(tt.description, func(t *testing.T) { actualOverrides := map[string]string{} tt.configOptions.overrideConfigs(defaultConfig, actualOverrides) diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index 23d4a868aec91..e5e64aa33b4a6 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -854,6 +854,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index 0ed875142b6db..e800665bad1da 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -810,6 +810,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_restricted_dashboard.golden b/cli/cmd/testdata/install_restricted_dashboard.golden index 0b9b2287f3b14..283b9f6cf2a1f 100644 --- a/cli/cmd/testdata/install_restricted_dashboard.golden +++ b/cli/cmd/testdata/install_restricted_dashboard.golden @@ -789,6 +789,8 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} install: | {"cliVersion":"dev-undefined","flags":[]} + debug: | + {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service From 2deef12450ac58489b946badbe8afbe7eb8d7349 Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Fri, 3 Jan 2020 09:23:42 -0600 Subject: [PATCH 03/11] Correcting upgrade issue from prior releases having no "debug" section of configs Signed-off-by: Paul Balogh --- cli/cmd/upgrade.go | 22 ++++++++++++++-------- cli/cmd/upgrade_test.go | 2 -- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/cli/cmd/upgrade.go b/cli/cmd/upgrade.go index a2708fe16c853..6ac3e4519c69f 100644 --- a/cli/cmd/upgrade.go +++ b/cli/cmd/upgrade.go @@ -222,9 +222,9 @@ func (options *upgradeOptions) validateAndBuild(stage string, k kubernetes.Inter return nil, nil, fmt.Errorf("could not fetch configs from kubernetes: %s", err) } - // If the install config needs to be repaired--either because it did not + // If the configs need to be repaired--either because sections did not // exist or because it is missing expected fields, repair it. - repairInstall(configs.Install) + repairConfigs(configs) // We recorded flags during a prior install. If we haven't overridden the // flag on this upgrade, reset that prior value as if it were specified now. @@ -352,15 +352,21 @@ func setFlagsFromInstall(flags *pflag.FlagSet, installFlags []*pb.Install_Flag) } } -func repairInstall(install *pb.Install) { - if install == nil { - install = &pb.Install{} +func repairConfigs(configs *pb.All) { + // Repair the "install" section; install flags are updated separately + if configs.Install == nil { + configs.Install = &pb.Install{} } - // ALWAYS update the CLI version to the most recent. - install.CliVersion = version.Version + configs.Install.CliVersion = version.Version - // Install flags are updated separately. + // Repair the "debug" section + if configs.Debug == nil { + configs.Debug = &pb.Debug{} + } + if configs.Debug.DebugImage == nil { + configs.Debug.DebugImage = &pb.Image{} + } } func fetchTLSSecret(k kubernetes.Interface, webhook string, options *upgradeOptions) (*charts.TLS, error) { diff --git a/cli/cmd/upgrade_test.go b/cli/cmd/upgrade_test.go index 1db621d593b24..7d085477e9679 100644 --- a/cli/cmd/upgrade_test.go +++ b/cli/cmd/upgrade_test.go @@ -1103,8 +1103,6 @@ data: {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} install: | {"cliVersion":"edge-19.3.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} `, ` apiVersion: v1 From a426214a5ccac4f98c9d00623889400484717be7 Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Tue, 7 Jan 2020 23:19:03 -0600 Subject: [PATCH 04/11] Post-rebase update; bump version of prometheus to match updated tests Signed-off-by: Paul Balogh --- cli/cmd/testdata/install_custom_registry.golden | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index 7f017968a8e17..aa651507c0559 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -1964,7 +1964,7 @@ spec: - --storage.tsdb.retention.time=6h - --config.file=/etc/prometheus/prometheus.yml - --log.level=info - image: prom/prometheus:v2.11.1 + image: prom/prometheus:v2.15.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: From 25071ed9d0a583471a00c64ac1b13552c34c6a51 Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Thu, 9 Jan 2020 22:46:19 -0600 Subject: [PATCH 05/11] Review update; moving debug configurations to data.proxy rather than a new data.debug section Signed-off-by: Paul Balogh --- charts/linkerd2/README.md | 5 +- charts/linkerd2/templates/_config.tpl | 17 +- charts/linkerd2/templates/config.yaml | 8 - cli/cmd/inject.go | 4 +- cli/cmd/inject_test.go | 2 +- cli/cmd/install.go | 9 +- cli/cmd/install_test.go | 2 - cli/cmd/testdata/install_control-plane.golden | 4 +- ...install_controlplane_tracing_output.golden | 4 +- .../testdata/install_custom_registry.golden | 4 +- cli/cmd/testdata/install_default.golden | 4 +- cli/cmd/testdata/install_ha_output.golden | 4 +- .../install_ha_with_overrides_output.golden | 4 +- .../install_heartbeat_disabled_output.golden | 4 +- cli/cmd/testdata/install_helm_output.golden | 15 +- .../testdata/install_helm_output_ha.golden | 15 +- .../testdata/install_no_init_container.golden | 4 +- cli/cmd/testdata/install_output.golden | 2 - cli/cmd/testdata/install_proxy_ignores.golden | 4 +- .../install_restricted_dashboard.golden | 4 +- cli/cmd/testdata/upgrade_default.golden | 4 +- .../testdata/upgrade_external_issuer.golden | 4 +- cli/cmd/testdata/upgrade_ha.golden | 4 +- .../testdata/upgrade_overwrite_issuer.golden | 4 +- ...write_trust_anchors-external-issuer.golden | 4 +- .../upgrade_overwrite_trust_anchors.golden | 4 +- cli/cmd/upgrade.go | 12 +- cli/cmd/upgrade_test.go | 72 ++---- controller/api/public/grpc_server.go | 8 +- controller/api/public/grpc_server_test.go | 9 +- .../api/public/testdata/debug.conf.json | 7 - .../api/public/testdata/proxy.conf.json | 7 +- controller/gen/config/config.pb.go | 210 +++++++----------- controller/proxy-injector/webhook.go | 7 +- controller/proxy-injector/webhook_test.go | 6 +- pkg/charts/linkerd2/values.go | 1 - pkg/config/config.go | 20 +- pkg/healthcheck/healthcheck_test.go | 21 +- pkg/inject/inject.go | 6 +- pkg/k8s/labels.go | 3 - proto/config/config.proto | 10 +- 41 files changed, 186 insertions(+), 356 deletions(-) delete mode 100644 controller/api/public/testdata/debug.conf.json diff --git a/charts/linkerd2/README.md b/charts/linkerd2/README.md index 0a2be7657e0c5..db773a5d50329 100644 --- a/charts/linkerd2/README.md +++ b/charts/linkerd2/README.md @@ -89,6 +89,9 @@ The following table lists the configurable parameters of the Linkerd2 chart and | `controllerReplicas` | Number of replicas for each control plane pod | `1` | | `controllerUID` | User ID for the control plane components | `2103` | | `dashboard.replicas` | Number of replicas of dashboard | `1` | +| `debugContainer.image.name` | Docker image for the debug container | `gcr.io/linkerd-io/proxy` | +| `debugContainer.image.pullPolicy` | Pull policy for the debug container Docker image | `IfNotPresent` | +| `debugContainer.image.version` | Tag for the debug container Docker image | `stable-2.5.0` | | `disableHeartBeat` | Set to true to not start the heartbeat cronjob | `false` | | `enableH2Upgrade` | Allow proxies to perform transparent HTTP/2 upgrading | `true` | | `global.clusterDomain` | Kubernetes DNS Domain name to use | `cluster.local` | @@ -148,7 +151,7 @@ The following table lists the configurable parameters of the Linkerd2 chart and | `profileValidator.keyPEM` | Certificate key for the service profile validator. If not provided then Helm will generate one. || | `tap.crtPEM` | Certificate for the Tap component. If not provided then Helm will generate one. || | `tap.keyPEM` | Certificate key for Tap component. If not provided then Helm will generate one. || -| `webhookFailurePolicy` | Failure policy for the proxy injector | `Ignore` +| `webhookFailurePolicy` | Failure policy for the proxy injector | `Ignore` | `webImage` | Docker image for the web container | `gcr.io/linkerd-io/web` | ## Get involved diff --git a/charts/linkerd2/templates/_config.tpl b/charts/linkerd2/templates/_config.tpl index 7b5b5f578ed41..f4c74fe5e808c 100644 --- a/charts/linkerd2/templates/_config.tpl +++ b/charts/linkerd2/templates/_config.tpl @@ -68,7 +68,12 @@ }, "disableExternalProfiles": {{not .Values.global.proxy.enableExternalProfiles}}, "proxyVersion": "{{.Values.global.proxy.image.version}}", - "proxyInitImageVersion": "{{.Values.global.proxyInit.image.version}}" + "proxyInitImageVersion": "{{.Values.global.proxyInit.image.version}}", + "debugImage":{ + "imageName":"{{.Values.debugContainer.image.name}}", + "pullPolicy":"{{.Values.debugContainer.image.pullPolicy}}" + }, + "debugImageVersion": "{{.Values.debugContainer.image.version}}" } {{- end -}} @@ -78,13 +83,3 @@ "flags":[] } {{- end -}} - -{{- define "linkerd.configs.debug" -}} -{ - "debugImage":{ - "imageName":"{{.Values.debugContainer.image.name}}", - "pullPolicy":"{{.Values.debugContainer.image.pullPolicy}}" - }, - "debugImageVersion": "{{.Values.debugContainer.image.version}}" -} -{{- end -}} diff --git a/charts/linkerd2/templates/config.yaml b/charts/linkerd2/templates/config.yaml index 154ef20e4efd1..95d6c9d2783a1 100644 --- a/charts/linkerd2/templates/config.yaml +++ b/charts/linkerd2/templates/config.yaml @@ -34,11 +34,3 @@ data: {{- else -}} {{- include "linkerd.configs.install" . | nindent 4}} {{- end }} - debug: | - {{- if .Values.configs -}} - {{- if .Values.configs.debug -}} - {{.Values.configs.debug | nindent 4}} - {{- end }} - {{- else -}} - {{- include "linkerd.configs.debug" . | nindent 4}} - {{- end }} diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index 1bcaf84cfd4d8..7a3779d92c0d0 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -392,12 +392,12 @@ func (options *proxyConfigOptions) overrideConfigs(configs *cfg.All, overrideAnn if options.imagePullPolicy != "" { configs.Proxy.ProxyImage.PullPolicy = options.imagePullPolicy configs.Proxy.ProxyInitImage.PullPolicy = options.imagePullPolicy - configs.Debug.DebugImage.PullPolicy = options.imagePullPolicy + configs.Proxy.DebugImage.PullPolicy = options.imagePullPolicy overrideAnnotations[k8s.ProxyImagePullPolicyAnnotation] = options.imagePullPolicy } if options.dockerRegistry != "" { - currentDebugImage := configs.Debug.DebugImage.ImageName + currentDebugImage := configs.Proxy.DebugImage.ImageName currentRegistry := getFlagValue(configs.GetInstall().GetFlags(), "registry") if currentRegistry == "" { currentRegistry = defaultDockerRegistry diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index 25145da0e00f7..1bd7718f782e8 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -77,7 +77,7 @@ func TestUninjectAndInject(t *testing.T) { defaultConfig := testInstallConfig() defaultConfig.Global.Version = "test-inject-control-plane-version" defaultConfig.Proxy.ProxyVersion = "test-inject-proxy-version" - defaultConfig.Debug.DebugImageVersion = "test-inject-debug-version" + defaultConfig.Proxy.DebugImageVersion = "test-inject-debug-version" emptyVersionConfig := testInstallConfig() emptyVersionConfig.Global.Version = "" diff --git a/cli/cmd/install.go b/cli/cmd/install.go index 9cd5c61b9a2f8..a5da48857fb8f 100644 --- a/cli/cmd/install.go +++ b/cli/cmd/install.go @@ -641,7 +641,7 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*l5d options.identityOptions.replicas = options.controllerReplicas } - globalJSON, proxyJSON, installJSON, debugJSON, err := config.ToJSON(configs) + globalJSON, proxyJSON, installJSON, err := config.ToJSON(configs) if err != nil { return nil, err } @@ -651,7 +651,6 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*l5d installValues.Configs.Global = globalJSON installValues.Configs.Proxy = proxyJSON installValues.Configs.Install = installJSON - installValues.Configs.Debug = debugJSON installValues.ControllerImage = fmt.Sprintf("%s/controller", options.dockerRegistry) installValues.ControllerImageVersion = configs.GetGlobal().GetVersion() installValues.ControllerLogLevel = options.controllerLogLevel @@ -769,7 +768,6 @@ func (options *installOptions) configs(identity *pb.IdentityContext) *pb.All { Global: options.globalConfig(identity), Proxy: options.proxyConfig(), Install: options.installConfig(), - Debug: options.debugConfig(), } } @@ -838,11 +836,6 @@ func (options *installOptions) proxyConfig() *pb.Proxy { DisableExternalProfiles: !options.enableExternalProfiles, ProxyVersion: options.proxyVersion, ProxyInitImageVersion: options.initImageVersion, - } -} - -func (options *installOptions) debugConfig() *pb.Debug { - return &pb.Debug{ DebugImage: &pb.Image{ ImageName: registryOverride(options.debugImage, options.dockerRegistry), PullPolicy: options.imagePullPolicy, diff --git a/cli/cmd/install_test.go b/cli/cmd/install_test.go index 527a83a01eac9..7fecc6dd0df4c 100644 --- a/cli/cmd/install_test.go +++ b/cli/cmd/install_test.go @@ -120,7 +120,6 @@ func TestRender(t *testing.T) { Global: "GlobalConfig", Proxy: "ProxyConfig", Install: "InstallConfig", - Debug: "DebugConfig", }, ControllerReplicas: 1, ProxyInjector: defaultValues.ProxyInjector, @@ -330,7 +329,6 @@ func TestValidate(t *testing.T) { testValues.Global = new(pb.Global) testValues.Proxy = new(pb.Proxy) testValues.Install = new(pb.Install) - testValues.Debug = new(pb.Debug) actual, err := underTest.buildValuesWithoutIdentity(testValues) diff --git a/cli/cmd/testdata/install_control-plane.golden b/cli/cmd/testdata/install_control-plane.golden index 7064afaec0e91..8025ae45ce2d5 100644 --- a/cli/cmd/testdata/install_control-plane.golden +++ b/cli/cmd/testdata/install_control-plane.golden @@ -13,11 +13,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index e5e64aa33b4a6..848d928088c3d 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index aa651507c0559..882836f697d20 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"my.custom.registry/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"my.custom.registry/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"my.custom.registry/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"my.custom.registry/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"my.custom.registry/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"registry","value":"my.custom.registry/linkerd-io"}]} - debug: | - {"debugImage":{"imageName":"my.custom.registry/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index eda1dd3575869..ea5fe15250cc8 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index 6f48469b1a5ab..75b3c77019ad7 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"}]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 3a81b9f2fae7f..b6d4202c26f09 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"400m","requestMemory":"300Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"400m","requestMemory":"300Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"},{"name":"controller-replicas","value":"2"},{"name":"proxy-cpu-request","value":"400m"},{"name":"proxy-memory-request","value":"300Mi"}]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index e800665bad1da..98c8d8791236c 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -807,11 +807,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_helm_output.golden b/cli/cmd/testdata/install_helm_output.golden index 3f12efd3fd9e3..5444014a086a8 100644 --- a/cli/cmd/testdata/install_helm_output.golden +++ b/cli/cmd/testdata/install_helm_output.golden @@ -930,21 +930,18 @@ data: }, "disableExternalProfiles": true, "proxyVersion": "test-proxy-version", - "proxyInitImageVersion": "test-proxy-init-version" - } - install: | - { - "cliVersion":"linkerd-version", - "flags":[] - } - debug: | - { + "proxyInitImageVersion": "test-proxy-init-version", "debugImage":{ "imageName":"gcr.io/linkerd-io/debug", "pullPolicy":"IfNotPresent" }, "debugImageVersion": "test-debug-version" } + install: | + { + "cliVersion":"linkerd-version", + "flags":[] + } --- # Source: linkerd2/templates/identity.yaml --- diff --git a/cli/cmd/testdata/install_helm_output_ha.golden b/cli/cmd/testdata/install_helm_output_ha.golden index 16ca6e63db7dd..d472721bbf2a3 100644 --- a/cli/cmd/testdata/install_helm_output_ha.golden +++ b/cli/cmd/testdata/install_helm_output_ha.golden @@ -930,21 +930,18 @@ data: }, "disableExternalProfiles": true, "proxyVersion": "test-proxy-version", - "proxyInitImageVersion": "test-proxy-init-version" - } - install: | - { - "cliVersion":"linkerd-version", - "flags":[] - } - debug: | - { + "proxyInitImageVersion": "test-proxy-init-version", "debugImage":{ "imageName":"gcr.io/linkerd-io/debug", "pullPolicy":"IfNotPresent" }, "debugImageVersion": "test-debug-version" } + install: | + { + "cliVersion":"linkerd-version", + "flags":[] + } --- # Source: linkerd2/templates/identity.yaml --- diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index 1b45080d4e85f..fae9cb3fa2d0a 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -848,11 +848,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":true,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"linkerd-cni-enabled","value":"true"}]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index 9648664e08a51..c8ba8f4d1013b 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -854,8 +854,6 @@ data: ProxyConfig install: | InstallConfig - debug: | - DebugConfig --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index f777451b4b1a6..9d8cd0c5504a7 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[{"portRange":"22"},{"portRange":"8100-8102"}],"ignoreOutboundPorts":[{"portRange":"5432"}],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[{"portRange":"22"},{"portRange":"8100-8102"}],"ignoreOutboundPorts":[{"portRange":"5432"}],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/install_restricted_dashboard.golden b/cli/cmd/testdata/install_restricted_dashboard.golden index 283b9f6cf2a1f..67c9fc51fd60a 100644 --- a/cli/cmd/testdata/install_restricted_dashboard.golden +++ b/cli/cmd/testdata/install_restricted_dashboard.golden @@ -786,11 +786,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_default.golden b/cli/cmd/testdata/upgrade_default.golden index e3768703b6a30..2d3852c7aa507 100644 --- a/cli/cmd/testdata/upgrade_default.golden +++ b/cli/cmd/testdata/upgrade_default.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_external_issuer.golden b/cli/cmd/testdata/upgrade_external_issuer.golden index d1b51fc366ab9..ff720653b81da 100644 --- a/cli/cmd/testdata/upgrade_external_issuer.golden +++ b/cli/cmd/testdata/upgrade_external_issuer.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"kubernetes.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_ha.golden b/cli/cmd/testdata/upgrade_ha.golden index ccce7661e130d..6fc3633cf74c7 100644 --- a/cli/cmd/testdata/upgrade_ha.golden +++ b/cli/cmd/testdata/upgrade_ha.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"}]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_overwrite_issuer.golden b/cli/cmd/testdata/upgrade_overwrite_issuer.golden index d9c8b29fcb9aa..e379a0c179c89 100644 --- a/cli/cmd/testdata/upgrade_overwrite_issuer.golden +++ b/cli/cmd/testdata/upgrade_overwrite_issuer.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden b/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden index b3eda408aef57..f19d4c109231d 100644 --- a/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden +++ b/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"kubernetes.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden index d9c8b29fcb9aa..e379a0c179c89 100644 --- a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden +++ b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden @@ -851,11 +851,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} --- ### ### Identity Controller Service diff --git a/cli/cmd/upgrade.go b/cli/cmd/upgrade.go index 6ac3e4519c69f..b8db1f8fdb317 100644 --- a/cli/cmd/upgrade.go +++ b/cli/cmd/upgrade.go @@ -305,7 +305,7 @@ func (options *upgradeOptions) validateAndBuild(stage string, k kubernetes.Inter // override the anchors in config configs.Global.IdentityContext.TrustAnchorsPem = values.Global.IdentityTrustAnchorsPEM // rebuild the json config map - globalJSON, _, _, _, _ := config.ToJSON(configs) + globalJSON, _, _, _ := config.ToJSON(configs) values.Configs.Global = globalJSON } @@ -360,12 +360,12 @@ func repairConfigs(configs *pb.All) { // ALWAYS update the CLI version to the most recent. configs.Install.CliVersion = version.Version - // Repair the "debug" section - if configs.Debug == nil { - configs.Debug = &pb.Debug{} + // Repair the "proxy" section + if configs.Proxy == nil { + configs.Proxy = &pb.Proxy{} } - if configs.Debug.DebugImage == nil { - configs.Debug.DebugImage = &pb.Image{} + if configs.Proxy.DebugImage == nil { + configs.Proxy.DebugImage = &pb.Image{} } } diff --git a/cli/cmd/upgrade_test.go b/cli/cmd/upgrade_test.go index 7d085477e9679..5e52be12f6692 100644 --- a/cli/cmd/upgrade_test.go +++ b/cli/cmd/upgrade_test.go @@ -57,11 +57,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, ` kind: Secret apiVersion: v1 @@ -142,11 +140,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[{"name":"ha","value":"true"}]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[{"name":"ha","value":"true"}]}`, ` kind: Secret apiVersion: v1 @@ -227,11 +223,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"}} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[{"name":"ha","value":"true"}]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[{"name":"ha","value":"true"}]}`, ` kind: Secret apiVersion: v1 @@ -320,11 +314,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"kubernetes.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, ` kind: Secret apiVersion: v1 @@ -406,11 +398,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"kubernetes.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, ` kind: Secret apiVersion: v1 @@ -491,11 +481,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, ` kind: Secret apiVersion: v1 @@ -579,11 +567,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBwTCCAWegAwIBAgIRAL4P/Flr9k8dH2irpJj9/DUwCgYIKoZIzj0EAwIwKTEn\nMCUGA1UEAxMeaWRlbnRpdHkubGlua2VyZC5jbHVzdGVyLmxvY2FsMB4XDTE5MTIw\nNjEzMjYxOFoXDTI5MTIwMzEzMjYxOFowKTEnMCUGA1UEAxMeaWRlbnRpdHkubGlu\na2VyZC5jbHVzdGVyLmxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7xqp\nIwJRM0HMtlhBJmG3Tpah/5tFapeFnZLWanOcNLAtRWyr55EIIlVKTHmmwtn5hBgg\noszaWogLVPW77BpXiaNwMG4wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\nAf8CAQEwHQYDVR0OBBYEFIwhqACdkaeqy7/Qdh35FqRCizYTMCkGA1UdEQQiMCCC\nHmlkZW50aXR5LmxpbmtlcmQuY2x1c3Rlci5sb2NhbDAKBggqhkjOPQQDAgNIADBF\nAiBEqWPaMM7bemV7UjsrkDoIVGW2pXB8GhTJfhyHoH2VZQIhANClWdDVvh/20KfA\nIZp9KcosxUcRb3KZE1ZgciwaO1UI\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, ` kind: Secret apiVersion: v1 @@ -666,11 +652,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, }, "", errors.New("a private key file must be specified if a certificate is provided"), @@ -694,11 +678,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, }, "", errors.New("a certificate file must be specified if a private key is provided"), @@ -722,11 +704,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"kubernetes.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, }, "", errors.New("cannot update issuer certificates if you are using external cert management solution"), @@ -751,11 +731,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"c29tZS1vbGQtY2E=","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"kubernetes.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, ` kind: Secret apiVersion: v1 @@ -840,11 +818,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"edge-19.4.1","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"}, "clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"} install: | - {"cliVersion":"edge-19.4.1","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"UPGRADE-DEBUG-VERSION"}`, + {"cliVersion":"edge-19.4.1","flags":[]}`, ` kind: Secret apiVersion: v1 diff --git a/controller/api/public/grpc_server.go b/controller/api/public/grpc_server.go index d32beec664c2c..9a9edc96a104f 100644 --- a/controller/api/public/grpc_server.go +++ b/controller/api/public/grpc_server.go @@ -42,7 +42,6 @@ type grpcServer struct { mountPathGlobalConfig string mountPathProxyConfig string mountPathInstallConfig string - mountPathDebugConfig string } type podReport struct { @@ -77,7 +76,6 @@ func newGrpcServer( mountPathGlobalConfig: pkgK8s.MountPathGlobalConfig, mountPathProxyConfig: pkgK8s.MountPathProxyConfig, mountPathInstallConfig: pkgK8s.MountPathInstallConfig, - mountPathDebugConfig: pkgK8s.MountPathDebugConfig, } pb.RegisterApiServer(prometheus.NewGrpcServer(), grpcServer) @@ -242,11 +240,7 @@ func (s *grpcServer) Config(ctx context.Context, req *pb.Empty) (*configPb.All, if err != nil { return nil, fmt.Errorf("error retrieving install config - %s", err) } - debug, err := config.Debug(s.mountPathDebugConfig) - if err != nil { - return nil, fmt.Errorf("error retrieving debug config - %s", err) - } - return &configPb.All{Global: global, Proxy: proxy, Install: install, Debug: debug}, nil + return &configPb.All{Global: global, Proxy: proxy, Install: install}, nil } func (s *grpcServer) Tap(req *pb.TapRequest, stream pb.Api_TapServer) error { diff --git a/controller/api/public/grpc_server_test.go b/controller/api/public/grpc_server_test.go index 63f7dc1e81e58..d483515228469 100644 --- a/controller/api/public/grpc_server_test.go +++ b/controller/api/public/grpc_server_test.go @@ -539,7 +539,6 @@ func TestConfig(t *testing.T) { fakeGrpcServer.mountPathGlobalConfig = "testdata/global.conf.json" fakeGrpcServer.mountPathProxyConfig = "testdata/proxy.conf.json" fakeGrpcServer.mountPathInstallConfig = "testdata/install.conf.json" - fakeGrpcServer.mountPathDebugConfig = "testdata/debug.conf.json" k8sAPI.Sync() @@ -561,15 +560,15 @@ func TestConfig(t *testing.T) { if p := portRanges[0].GetPortRange(); p != expectedPort { t.Fatalf("Unexpected proxy config response: %s != %s", expectedPort, p) } + expectedVersion = "test-debug-version" + if v := rsp.GetProxy().GetDebugImageVersion(); v != expectedVersion { + t.Fatalf("Unexpected proxy debug config response: \"%s\" != \"%s\"", expectedVersion, v) + } expectedVersion = "test-install-version" if v := rsp.GetInstall().GetCliVersion(); v != expectedVersion { t.Fatalf("Unexpected install config response: \"%s\" != \"%s\"", expectedVersion, v) } - expectedVersion = "test-debug-version" - if v := rsp.GetDebug().GetDebugImageVersion(); v != expectedVersion { - t.Fatalf("Unexpected debug config response: \"%s\" != \"%s\"", expectedVersion, v) - } }) } diff --git a/controller/api/public/testdata/debug.conf.json b/controller/api/public/testdata/debug.conf.json deleted file mode 100644 index b274fa7088176..0000000000000 --- a/controller/api/public/testdata/debug.conf.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "debugImage": { - "imageName": "gcr.io/linkerd-io/debug", - "pullPolicy": "IfNotPresent" - }, - "debugImageVersion": "test-debug-version" -} diff --git a/controller/api/public/testdata/proxy.conf.json b/controller/api/public/testdata/proxy.conf.json index 325d84ecd9211..896a2c8a90aa9 100644 --- a/controller/api/public/testdata/proxy.conf.json +++ b/controller/api/public/testdata/proxy.conf.json @@ -35,5 +35,10 @@ "logLevel": { "level": "warn,linkerd=info" }, - "disableExternalProfiles": false + "disableExternalProfiles": false, + "debugImage": { + "imageName": "gcr.io/linkerd-io/debug", + "pullPolicy": "IfNotPresent" + }, + "debugImageVersion": "test-debug-version" } diff --git a/controller/gen/config/config.pb.go b/controller/gen/config/config.pb.go index 7b5e88f91c1d6..9d767c414d861 100644 --- a/controller/gen/config/config.pb.go +++ b/controller/gen/config/config.pb.go @@ -25,7 +25,6 @@ type All struct { Global *Global `protobuf:"bytes,1,opt,name=global,proto3" json:"global,omitempty"` Proxy *Proxy `protobuf:"bytes,2,opt,name=proxy,proto3" json:"proxy,omitempty"` Install *Install `protobuf:"bytes,3,opt,name=install,proto3" json:"install,omitempty"` - Debug *Debug `protobuf:"bytes,4,opt,name=debug,proto3" json:"debug,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -77,13 +76,6 @@ func (m *All) GetInstall() *Install { return nil } -func (m *All) GetDebug() *Debug { - if m != nil { - return m.Debug - } - return nil -} - type Global struct { LinkerdNamespace string `protobuf:"bytes,1,opt,name=linkerd_namespace,json=linkerdNamespace,proto3" json:"linkerd_namespace,omitempty"` CniEnabled bool `protobuf:"varint,2,opt,name=cni_enabled,json=cniEnabled,proto3" json:"cni_enabled,omitempty"` @@ -190,6 +182,8 @@ type Proxy struct { DisableExternalProfiles bool `protobuf:"varint,12,opt,name=disable_external_profiles,json=disableExternalProfiles,proto3" json:"disable_external_profiles,omitempty"` ProxyVersion string `protobuf:"bytes,13,opt,name=proxy_version,json=proxyVersion,proto3" json:"proxy_version,omitempty"` ProxyInitImageVersion string `protobuf:"bytes,14,opt,name=proxy_init_image_version,json=proxyInitImageVersion,proto3" json:"proxy_init_image_version,omitempty"` + DebugImage *Image `protobuf:"bytes,15,opt,name=debug_image,json=debugImage,proto3" json:"debug_image,omitempty"` + DebugImageVersion string `protobuf:"bytes,16,opt,name=debug_image_version,json=debugImageVersion,proto3" json:"debug_image_version,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -318,6 +312,20 @@ func (m *Proxy) GetProxyInitImageVersion() string { return "" } +func (m *Proxy) GetDebugImage() *Image { + if m != nil { + return m.DebugImage + } + return nil +} + +func (m *Proxy) GetDebugImageVersion() string { + if m != nil { + return m.DebugImageVersion + } + return "" +} + type Image struct { ImageName string `protobuf:"bytes,1,opt,name=image_name,json=imageName,proto3" json:"image_name,omitempty"` PullPolicy string `protobuf:"bytes,2,opt,name=pull_policy,json=pullPolicy,proto3" json:"pull_policy,omitempty"` @@ -748,54 +756,6 @@ func (m *Install_Flag) GetValue() string { return "" } -// Configuration settings for debug containers -type Debug struct { - DebugImage *Image `protobuf:"bytes,1,opt,name=debug_image,json=debugImage,proto3" json:"debug_image,omitempty"` - DebugImageVersion string `protobuf:"bytes,2,opt,name=debug_image_version,json=debugImageVersion,proto3" json:"debug_image_version,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Debug) Reset() { *m = Debug{} } -func (m *Debug) String() string { return proto.CompactTextString(m) } -func (*Debug) ProtoMessage() {} -func (*Debug) Descriptor() ([]byte, []int) { - return fileDescriptor_cc332a44e926b360, []int{11} -} - -func (m *Debug) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Debug.Unmarshal(m, b) -} -func (m *Debug) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Debug.Marshal(b, m, deterministic) -} -func (m *Debug) XXX_Merge(src proto.Message) { - xxx_messageInfo_Debug.Merge(m, src) -} -func (m *Debug) XXX_Size() int { - return xxx_messageInfo_Debug.Size(m) -} -func (m *Debug) XXX_DiscardUnknown() { - xxx_messageInfo_Debug.DiscardUnknown(m) -} - -var xxx_messageInfo_Debug proto.InternalMessageInfo - -func (m *Debug) GetDebugImage() *Image { - if m != nil { - return m.DebugImage - } - return nil -} - -func (m *Debug) GetDebugImageVersion() string { - if m != nil { - return m.DebugImageVersion - } - return "" -} - func init() { proto.RegisterType((*All)(nil), "linkerd2.config.All") proto.RegisterType((*Global)(nil), "linkerd2.config.Global") @@ -809,79 +769,77 @@ func init() { proto.RegisterType((*LogLevel)(nil), "linkerd2.config.LogLevel") proto.RegisterType((*Install)(nil), "linkerd2.config.Install") proto.RegisterType((*Install_Flag)(nil), "linkerd2.config.Install.Flag") - proto.RegisterType((*Debug)(nil), "linkerd2.config.Debug") } func init() { proto.RegisterFile("config/config.proto", fileDescriptor_cc332a44e926b360) } var fileDescriptor_cc332a44e926b360 = []byte{ - // 1080 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0xdd, 0x4e, 0x1b, 0x47, - 0x14, 0x96, 0x8d, 0x6d, 0xec, 0x63, 0x1b, 0xf0, 0xf0, 0xb7, 0x50, 0xa5, 0xa5, 0x5b, 0x45, 0x42, - 0x69, 0x65, 0xb7, 0x50, 0x25, 0x11, 0x57, 0x25, 0x81, 0x44, 0x34, 0x34, 0x45, 0x1b, 0x35, 0x95, - 0x7a, 0xb3, 0x5a, 0xef, 0x1e, 0x2f, 0x53, 0x66, 0x67, 0x9c, 0xdd, 0x59, 0x20, 0x0f, 0xd1, 0xeb, - 0xde, 0xf5, 0x39, 0xfa, 0x04, 0x7d, 0xa2, 0x3e, 0x40, 0x35, 0x67, 0x66, 0x09, 0xe0, 0x40, 0x73, - 0xc5, 0xce, 0x77, 0xbe, 0xef, 0x9b, 0x33, 0x9e, 0x33, 0xe7, 0x00, 0xcb, 0xb1, 0x92, 0x13, 0x9e, - 0x8e, 0xec, 0x9f, 0xe1, 0x34, 0x57, 0x5a, 0xb1, 0x45, 0xc1, 0xe5, 0x19, 0xe6, 0xc9, 0xce, 0xd0, - 0xc2, 0x9b, 0x9f, 0xa7, 0x4a, 0xa5, 0x02, 0x47, 0x14, 0x1e, 0x97, 0x93, 0x51, 0x52, 0xe6, 0x91, - 0xe6, 0x4a, 0x5a, 0x81, 0xff, 0x4f, 0x0d, 0xe6, 0xf6, 0x85, 0x60, 0x23, 0x68, 0xa5, 0x42, 0x8d, - 0x23, 0xe1, 0xd5, 0xb6, 0x6a, 0xdb, 0xdd, 0x9d, 0xf5, 0xe1, 0x2d, 0xa7, 0xe1, 0x4b, 0x0a, 0x07, - 0x8e, 0xc6, 0xbe, 0x81, 0xe6, 0x34, 0x57, 0x97, 0xef, 0xbd, 0x3a, 0xf1, 0xd7, 0x66, 0xf8, 0x27, - 0x26, 0x1a, 0x58, 0x12, 0xdb, 0x81, 0x79, 0x2e, 0x0b, 0x1d, 0x09, 0xe1, 0xcd, 0x11, 0xdf, 0x9b, - 0xe1, 0x1f, 0xd9, 0x78, 0x50, 0x11, 0xcd, 0x0e, 0x09, 0x8e, 0xcb, 0xd4, 0x6b, 0xdc, 0xb1, 0xc3, - 0x81, 0x89, 0x06, 0x96, 0xe4, 0xff, 0x5b, 0x87, 0x96, 0x4d, 0x91, 0x7d, 0x0d, 0x03, 0x47, 0x0d, - 0x65, 0x94, 0x61, 0x31, 0x8d, 0x62, 0xa4, 0x63, 0x75, 0x82, 0x25, 0x17, 0x78, 0x5d, 0xe1, 0xec, - 0x0b, 0xe8, 0xc6, 0x92, 0x87, 0x28, 0xa3, 0xb1, 0xc0, 0x84, 0x4e, 0xd3, 0x0e, 0x20, 0x96, 0xfc, - 0xd0, 0x22, 0xcc, 0x83, 0xf9, 0x73, 0xcc, 0x0b, 0xae, 0x24, 0xa5, 0xde, 0x09, 0xaa, 0x25, 0x7b, - 0x05, 0x4b, 0x3c, 0x41, 0xa9, 0xb9, 0x7e, 0x1f, 0xc6, 0x4a, 0x6a, 0xbc, 0xd4, 0x2e, 0xd7, 0xad, - 0xd9, 0xd3, 0x39, 0xe2, 0x73, 0xcb, 0x0b, 0x16, 0xf9, 0x4d, 0x80, 0xbd, 0x85, 0xe5, 0xa8, 0xd4, - 0x2a, 0xe4, 0xf2, 0x77, 0x8c, 0xf5, 0x95, 0x5f, 0x8b, 0xfc, 0xfc, 0x19, 0xbf, 0xfd, 0x52, 0xab, - 0x23, 0xa2, 0x3a, 0x83, 0x67, 0x75, 0xaf, 0x16, 0x0c, 0xa2, 0xdb, 0x30, 0x7b, 0x0c, 0x6b, 0x2a, - 0xe3, 0xfa, 0x57, 0x1c, 0x9f, 0x2a, 0x75, 0xf6, 0x86, 0x27, 0x78, 0x38, 0x99, 0x60, 0xac, 0x0b, - 0x6f, 0x9e, 0x8e, 0x7a, 0x47, 0x94, 0x3d, 0x84, 0x85, 0x58, 0x94, 0x85, 0xc6, 0x3c, 0x4c, 0x54, - 0x16, 0x71, 0xe9, 0xb5, 0xe9, 0xf4, 0x7d, 0x87, 0x1e, 0x10, 0xe8, 0xff, 0xdd, 0x82, 0x26, 0xdd, - 0x34, 0x7b, 0x02, 0x5d, 0xba, 0xeb, 0x90, 0x67, 0x51, 0x8a, 0xae, 0x8c, 0x66, 0x2f, 0xed, 0xc8, - 0x44, 0x03, 0x20, 0x2a, 0x7d, 0xb3, 0x1f, 0x60, 0xc9, 0x09, 0x25, 0xd7, 0x4e, 0x5d, 0xbf, 0x57, - 0xbd, 0x60, 0xd5, 0x92, 0x6b, 0xeb, 0xf0, 0x14, 0x7a, 0xe6, 0xf7, 0xca, 0x95, 0x08, 0xa7, 0x2a, - 0xd7, 0xae, 0xc4, 0x56, 0x67, 0x4b, 0x52, 0xe5, 0x3a, 0xe8, 0x3a, 0xaa, 0x59, 0xb0, 0x63, 0x58, - 0xe1, 0xa9, 0x54, 0x39, 0x86, 0x5c, 0x8e, 0x55, 0x29, 0x13, 0x32, 0x28, 0xbc, 0xc6, 0xd6, 0xdc, - 0x76, 0x77, 0x67, 0xf3, 0xe3, 0x0e, 0x91, 0x4c, 0x31, 0x60, 0x56, 0x77, 0x64, 0x65, 0x06, 0x2f, - 0xd8, 0x6b, 0x58, 0x75, 0x6e, 0xaa, 0xd4, 0xd7, 0xed, 0x9a, 0xff, 0x6b, 0xb7, 0x6c, 0x85, 0x3f, - 0x3b, 0x9d, 0xf5, 0x7b, 0x0a, 0xbd, 0xeb, 0x69, 0xb9, 0x62, 0xb8, 0xeb, 0x5c, 0xfc, 0x43, 0x2a, - 0xec, 0x7b, 0x80, 0x28, 0xc9, 0xb8, 0xb4, 0xba, 0xf9, 0xfb, 0x74, 0x1d, 0x22, 0x92, 0x6a, 0x0f, - 0xfa, 0x37, 0x12, 0xa7, 0x2b, 0xbf, 0x53, 0xd8, 0x53, 0xd7, 0x92, 0x65, 0xfb, 0xd0, 0xce, 0xb1, - 0x50, 0x65, 0x1e, 0xa3, 0xd7, 0x21, 0xd9, 0xc3, 0x19, 0x59, 0xe0, 0x08, 0x01, 0xbe, 0x2b, 0x79, - 0x8e, 0x19, 0x4a, 0x5d, 0x04, 0x57, 0x32, 0xf6, 0x19, 0x74, 0x6c, 0x21, 0x94, 0x3c, 0xf1, 0x60, - 0xab, 0xb6, 0x3d, 0x17, 0xb4, 0x09, 0xf8, 0x85, 0x27, 0xec, 0x31, 0x74, 0x84, 0x4a, 0x43, 0x81, - 0xe7, 0x28, 0xbc, 0x2e, 0x6d, 0xb0, 0x31, 0xb3, 0xc1, 0xb1, 0x4a, 0x8f, 0x0d, 0x21, 0x68, 0x0b, - 0xf7, 0xc5, 0xf6, 0x60, 0x23, 0xe1, 0x85, 0x79, 0xca, 0x21, 0x5e, 0x6a, 0xcc, 0x65, 0x24, 0xc2, - 0x69, 0xae, 0x26, 0x5c, 0x60, 0xe1, 0xf5, 0xe8, 0x09, 0xac, 0x3b, 0xc2, 0xa1, 0x8b, 0x9f, 0xb8, - 0x30, 0xfb, 0x0a, 0xfa, 0x36, 0xa1, 0xaa, 0x01, 0xf4, 0xe9, 0x09, 0xf4, 0x08, 0x7c, 0xeb, 0xba, - 0xc0, 0x13, 0xf0, 0x6e, 0x97, 0xef, 0x15, 0x7f, 0x81, 0xf8, 0xab, 0x37, 0xcb, 0xd5, 0x09, 0xfd, - 0x97, 0xd0, 0xb4, 0xe5, 0xfb, 0x00, 0xc0, 0xca, 0x4c, 0xb7, 0x72, 0x8d, 0xaa, 0x43, 0x88, 0x69, - 0x53, 0xa6, 0x43, 0x4d, 0x4b, 0x61, 0x4a, 0x5b, 0xf0, 0xd8, 0xf6, 0xdb, 0x4e, 0x00, 0x06, 0x3a, - 0x21, 0xc4, 0xdf, 0x84, 0x06, 0x5d, 0x01, 0x83, 0x06, 0xdd, 0x9a, 0x71, 0xe8, 0x07, 0xf4, 0xed, - 0x3f, 0x82, 0xce, 0x55, 0x91, 0x99, 0x8d, 0x0c, 0x18, 0xe6, 0x66, 0x55, 0x6d, 0x34, 0xad, 0xc2, - 0xfe, 0x5f, 0x35, 0x58, 0xf9, 0xd8, 0x15, 0x99, 0x0c, 0x72, 0x7c, 0x57, 0x62, 0xa1, 0xc3, 0x78, - 0x5a, 0x3a, 0x21, 0x38, 0xe8, 0xf9, 0xb4, 0x34, 0xcd, 0xa2, 0x22, 0x64, 0x98, 0xa9, 0xbc, 0xca, - 0xb2, 0xef, 0xd0, 0x9f, 0x08, 0x34, 0x17, 0x2c, 0x78, 0xc6, 0xad, 0x8b, 0x6d, 0xa6, 0x6d, 0x02, - 0x8c, 0xc7, 0x97, 0xd0, 0xb3, 0x41, 0xe7, 0xd0, 0xa0, 0x78, 0x97, 0x30, 0xab, 0xf7, 0xd7, 0x61, - 0x30, 0xd3, 0xf7, 0xf6, 0xea, 0x5e, 0xcd, 0xff, 0xa3, 0x0e, 0x8b, 0xb7, 0x3a, 0xac, 0xf1, 0xd3, - 0x79, 0x59, 0xe8, 0xaa, 0x7d, 0xd9, 0xac, 0xbb, 0x84, 0xd9, 0xe6, 0xc5, 0x1e, 0xc1, 0xc0, 0x52, - 0x22, 0x19, 0x9f, 0xaa, 0xbc, 0x08, 0xa7, 0x98, 0xb9, 0xcc, 0x17, 0x29, 0xb0, 0x6f, 0xf1, 0x13, - 0xcc, 0xd8, 0x0b, 0x18, 0xf0, 0xa2, 0x28, 0x23, 0x19, 0x63, 0x28, 0xf8, 0x04, 0x35, 0xcf, 0xd0, - 0x35, 0x9a, 0x8d, 0xa1, 0x1d, 0xb2, 0xc3, 0x6a, 0xc8, 0x0e, 0x0f, 0xdc, 0x90, 0x0d, 0x96, 0x2a, - 0xcd, 0xb1, 0x93, 0xb0, 0x57, 0xb0, 0x12, 0x0b, 0x15, 0x9f, 0x85, 0xc5, 0x19, 0x5e, 0x84, 0x91, - 0x10, 0xea, 0xc2, 0xc4, 0xdd, 0xe0, 0xb8, 0xc7, 0x8a, 0x91, 0xec, 0xcd, 0x19, 0x5e, 0xec, 0x57, - 0x22, 0xb6, 0x06, 0xad, 0x22, 0x3e, 0xc5, 0x0c, 0xbd, 0x26, 0x65, 0xed, 0x56, 0xfe, 0x16, 0xb4, - 0xab, 0xa7, 0xc0, 0x56, 0xa0, 0x69, 0x1f, 0x8d, 0xfd, 0x01, 0xec, 0xc2, 0xff, 0xb3, 0x06, 0xf3, - 0x6e, 0xe2, 0xd2, 0x08, 0x14, 0xfc, 0xaa, 0x68, 0x5d, 0x81, 0xc5, 0x82, 0x57, 0x25, 0xbe, 0x0b, - 0xcd, 0x89, 0x88, 0xd2, 0xc2, 0x9b, 0xa3, 0x3e, 0xf6, 0xe0, 0xae, 0xd9, 0x3d, 0x7c, 0x21, 0xa2, - 0x34, 0xb0, 0xdc, 0xcd, 0x6f, 0xa1, 0x61, 0x96, 0xa6, 0x2a, 0xaf, 0xd5, 0x35, 0x7d, 0x9b, 0x9c, - 0xce, 0x23, 0x51, 0xa2, 0xdb, 0xcb, 0x2e, 0x7e, 0x6c, 0xb4, 0x6b, 0x4b, 0x75, 0x7f, 0x0a, 0x4d, - 0x1a, 0xec, 0x66, 0xa0, 0xd0, 0x68, 0xff, 0xb4, 0x81, 0x42, 0x54, 0xfb, 0x9e, 0x86, 0xb0, 0x7c, - 0x4d, 0x78, 0xeb, 0x5c, 0x83, 0x0f, 0x44, 0x77, 0xbc, 0x67, 0xbb, 0xbf, 0x7d, 0x97, 0x72, 0x7d, - 0x5a, 0x8e, 0x87, 0xb1, 0xca, 0x46, 0xce, 0xbf, 0xfa, 0xbb, 0x33, 0x72, 0xf3, 0x42, 0x60, 0x3e, - 0x4a, 0x51, 0xba, 0xff, 0xb7, 0xc6, 0x2d, 0xba, 0xa1, 0xdd, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, - 0xc5, 0x52, 0x65, 0x6e, 0x87, 0x09, 0x00, 0x00, + // 1064 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x56, 0xdf, 0x6f, 0xdb, 0x36, + 0x10, 0x86, 0x1d, 0x3b, 0xb6, 0xcf, 0x76, 0x63, 0x33, 0x69, 0xa3, 0x64, 0xe8, 0x96, 0x69, 0x28, + 0x10, 0x74, 0x83, 0xbd, 0x25, 0x43, 0x5b, 0xe4, 0x69, 0x69, 0x9b, 0x16, 0x59, 0xb3, 0x2e, 0x50, + 0xb1, 0x0e, 0xd8, 0x8b, 0x20, 0x4b, 0x67, 0x85, 0x0b, 0x45, 0xba, 0x12, 0x95, 0xa4, 0x7f, 0xc4, + 0x9e, 0xb7, 0xa7, 0x01, 0xfb, 0x1f, 0xf7, 0x07, 0x0c, 0x3c, 0x52, 0xce, 0x0f, 0x37, 0xd9, 0x93, + 0xc5, 0xef, 0xbe, 0xef, 0xbb, 0x93, 0x78, 0x3c, 0x1a, 0x56, 0x63, 0x25, 0xa7, 0x3c, 0x1d, 0xdb, + 0x9f, 0xd1, 0x2c, 0x57, 0x5a, 0xb1, 0x15, 0xc1, 0xe5, 0x29, 0xe6, 0xc9, 0xce, 0xc8, 0xc2, 0x9b, + 0x9f, 0xa7, 0x4a, 0xa5, 0x02, 0xc7, 0x14, 0x9e, 0x94, 0xd3, 0x71, 0x52, 0xe6, 0x91, 0xe6, 0x4a, + 0x5a, 0x81, 0xff, 0x57, 0x0d, 0x96, 0xf6, 0x85, 0x60, 0x63, 0x58, 0x4e, 0x85, 0x9a, 0x44, 0xc2, + 0xab, 0x6d, 0xd5, 0xb6, 0xbb, 0x3b, 0xeb, 0xa3, 0x1b, 0x4e, 0xa3, 0xd7, 0x14, 0x0e, 0x1c, 0x8d, + 0x7d, 0x03, 0xcd, 0x59, 0xae, 0x2e, 0x3e, 0x7a, 0x75, 0xe2, 0x3f, 0x58, 0xe0, 0x1f, 0x9b, 0x68, + 0x60, 0x49, 0x6c, 0x07, 0x5a, 0x5c, 0x16, 0x3a, 0x12, 0xc2, 0x5b, 0x22, 0xbe, 0xb7, 0xc0, 0x3f, + 0xb4, 0xf1, 0xa0, 0x22, 0xfa, 0xff, 0xd6, 0x61, 0xd9, 0x26, 0x65, 0x5f, 0xc3, 0xd0, 0xd1, 0x43, + 0x19, 0x65, 0x58, 0xcc, 0xa2, 0x18, 0xa9, 0xd0, 0x4e, 0x30, 0x70, 0x81, 0xb7, 0x15, 0xce, 0xbe, + 0x80, 0x6e, 0x2c, 0x79, 0x88, 0x32, 0x9a, 0x08, 0x4c, 0xa8, 0xbe, 0x76, 0x00, 0xb1, 0xe4, 0x07, + 0x16, 0x61, 0x1e, 0xb4, 0xce, 0x30, 0x2f, 0xb8, 0x92, 0x54, 0x4c, 0x27, 0xa8, 0x96, 0xec, 0x0d, + 0x0c, 0x78, 0x82, 0x52, 0x73, 0xfd, 0x31, 0x8c, 0x95, 0xd4, 0x78, 0xa1, 0xbd, 0x06, 0xd5, 0xbb, + 0xb5, 0x58, 0xaf, 0x23, 0xbe, 0xb0, 0xbc, 0x60, 0x85, 0x5f, 0x07, 0xd8, 0x7b, 0x58, 0x8d, 0x4a, + 0xad, 0x42, 0x2e, 0x7f, 0xc7, 0x58, 0xcf, 0xfd, 0x96, 0xc9, 0xcf, 0x5f, 0xf0, 0xdb, 0x2f, 0xb5, + 0x3a, 0x24, 0xaa, 0x33, 0x78, 0x5e, 0xf7, 0x6a, 0xc1, 0x30, 0xba, 0x09, 0xb3, 0x27, 0xf0, 0x40, + 0x65, 0x5c, 0xff, 0x8a, 0x93, 0x13, 0xa5, 0x4e, 0xdf, 0xf1, 0x04, 0x0f, 0xa6, 0x53, 0x8c, 0x75, + 0xe1, 0xb5, 0xe8, 0x55, 0x6f, 0x89, 0xb2, 0x47, 0x70, 0x2f, 0x16, 0x65, 0xa1, 0x31, 0x0f, 0x13, + 0x95, 0x45, 0x5c, 0x7a, 0x6d, 0x7a, 0xfb, 0xbe, 0x43, 0x5f, 0x12, 0xe8, 0xff, 0xd3, 0x82, 0x26, + 0xed, 0x1d, 0x7b, 0x0a, 0x5d, 0xda, 0xbd, 0x90, 0x67, 0x51, 0x8a, 0xae, 0x31, 0x16, 0x37, 0xfa, + 0xd0, 0x44, 0x03, 0x20, 0x2a, 0x3d, 0xb3, 0x1f, 0x60, 0xe0, 0x84, 0x92, 0x6b, 0xa7, 0xae, 0xdf, + 0xa9, 0xbe, 0x67, 0xd5, 0x92, 0x6b, 0xeb, 0xf0, 0x0c, 0x7a, 0xe6, 0x7b, 0xe5, 0x4a, 0x84, 0x33, + 0x95, 0x6b, 0xd7, 0x34, 0xf7, 0x17, 0x9b, 0x4c, 0xe5, 0x3a, 0xe8, 0x3a, 0xaa, 0x59, 0xb0, 0x23, + 0x58, 0xe3, 0xa9, 0x54, 0x39, 0x86, 0x5c, 0x4e, 0x54, 0x29, 0x13, 0x32, 0x28, 0xbc, 0xc6, 0xd6, + 0xd2, 0x76, 0x77, 0x67, 0xf3, 0xd3, 0x0e, 0x91, 0x4c, 0x31, 0x60, 0x56, 0x77, 0x68, 0x65, 0x06, + 0x2f, 0xd8, 0x5b, 0xb8, 0xef, 0xdc, 0x54, 0xa9, 0xaf, 0xda, 0x35, 0xff, 0xd7, 0x6e, 0xd5, 0x0a, + 0x7f, 0x76, 0x3a, 0xeb, 0xf7, 0x0c, 0x7a, 0x57, 0xcb, 0x72, 0xcd, 0x70, 0xdb, 0x7b, 0xf1, 0xcb, + 0x52, 0xd8, 0xf7, 0x00, 0x51, 0x92, 0x71, 0x69, 0x75, 0xad, 0xbb, 0x74, 0x1d, 0x22, 0x92, 0x6a, + 0x0f, 0xfa, 0xd7, 0x0a, 0xa7, 0x2d, 0xbf, 0x55, 0xd8, 0x53, 0x57, 0x8a, 0x65, 0xfb, 0xd0, 0xce, + 0xb1, 0x50, 0x65, 0x1e, 0xa3, 0xd7, 0x21, 0xd9, 0xa3, 0x05, 0x59, 0xe0, 0x08, 0x01, 0x7e, 0x28, + 0x79, 0x8e, 0x19, 0x4a, 0x5d, 0x04, 0x73, 0x19, 0xfb, 0x0c, 0x3a, 0xb6, 0x11, 0x4a, 0x9e, 0x78, + 0xb0, 0x55, 0xdb, 0x5e, 0x0a, 0xda, 0x04, 0xfc, 0xc2, 0x13, 0xf6, 0x04, 0x3a, 0x42, 0xa5, 0xa1, + 0xc0, 0x33, 0x14, 0x5e, 0x97, 0x12, 0x6c, 0x2c, 0x24, 0x38, 0x52, 0xe9, 0x91, 0x21, 0x04, 0x6d, + 0xe1, 0x9e, 0xd8, 0x1e, 0x6c, 0x24, 0xbc, 0x30, 0x47, 0x39, 0xc4, 0x0b, 0x8d, 0xb9, 0x8c, 0x44, + 0x38, 0xcb, 0xd5, 0x94, 0x0b, 0x2c, 0xbc, 0x1e, 0x1d, 0x81, 0x75, 0x47, 0x38, 0x70, 0xf1, 0x63, + 0x17, 0x66, 0x5f, 0x41, 0xdf, 0x16, 0x54, 0x0d, 0x80, 0x3e, 0x1d, 0x81, 0x1e, 0x81, 0xef, 0xdd, + 0x14, 0x78, 0x0a, 0xde, 0xcd, 0xf6, 0x9d, 0xf3, 0xef, 0x11, 0xff, 0xfe, 0xf5, 0x76, 0xbd, 0x14, + 0x76, 0x13, 0x9c, 0x94, 0xa9, 0x6b, 0xf9, 0x95, 0xbb, 0x0f, 0x0c, 0x51, 0x6d, 0xbb, 0x8f, 0x60, + 0xf5, 0x8a, 0x70, 0x9e, 0x6c, 0x40, 0xc9, 0x86, 0x97, 0x44, 0x97, 0xc8, 0x7f, 0x0d, 0x4d, 0x2b, + 0x7c, 0x08, 0x60, 0x25, 0x66, 0x2c, 0xba, 0x89, 0xd8, 0x21, 0xc4, 0xcc, 0x43, 0x33, 0x0a, 0x67, + 0xa5, 0x30, 0x67, 0x48, 0xf0, 0xd8, 0x8e, 0xea, 0x4e, 0x00, 0x06, 0x3a, 0x26, 0xc4, 0xdf, 0x84, + 0x06, 0xed, 0x35, 0x83, 0x06, 0xb5, 0x87, 0x71, 0xe8, 0x07, 0xf4, 0xec, 0x3f, 0x86, 0xce, 0xbc, + 0x9b, 0x4d, 0x22, 0x03, 0x86, 0xb9, 0x59, 0x55, 0x89, 0x66, 0x55, 0xd8, 0xff, 0xbb, 0x06, 0x6b, + 0x9f, 0xea, 0x05, 0x53, 0x41, 0x8e, 0x1f, 0x4a, 0x2c, 0x74, 0x18, 0xcf, 0x4a, 0x27, 0x04, 0x07, + 0xbd, 0x98, 0x95, 0x66, 0x2a, 0x55, 0x84, 0x0c, 0x33, 0x95, 0x57, 0x55, 0xf6, 0x1d, 0xfa, 0x13, + 0x81, 0xa6, 0x93, 0x04, 0xcf, 0xb8, 0x75, 0xb1, 0x53, 0xbb, 0x4d, 0x80, 0xf1, 0xf8, 0x12, 0x7a, + 0x36, 0xe8, 0x1c, 0x1a, 0x14, 0xef, 0x12, 0x66, 0xf5, 0xfe, 0x3a, 0x0c, 0x17, 0x06, 0xec, 0x5e, + 0xdd, 0xab, 0xf9, 0x7f, 0xd4, 0x61, 0xe5, 0xc6, 0x28, 0x37, 0x7e, 0x3a, 0x2f, 0x0b, 0x5d, 0xcd, + 0x49, 0x5b, 0x75, 0x97, 0x30, 0x3b, 0x25, 0xd9, 0x63, 0x18, 0x5a, 0x4a, 0x24, 0xe3, 0x13, 0x95, + 0x17, 0xe1, 0x0c, 0x33, 0x57, 0xf9, 0x0a, 0x05, 0xf6, 0x2d, 0x7e, 0x8c, 0x19, 0x7b, 0x05, 0x43, + 0x5e, 0x14, 0x65, 0x24, 0x63, 0x0c, 0x05, 0x9f, 0xa2, 0xe6, 0x19, 0xba, 0x89, 0xb6, 0x31, 0xb2, + 0xf7, 0xf3, 0xa8, 0xba, 0x9f, 0x47, 0x2f, 0xdd, 0xfd, 0x1c, 0x0c, 0x2a, 0xcd, 0x91, 0x93, 0xb0, + 0x37, 0xb0, 0x16, 0x0b, 0x15, 0x9f, 0x86, 0xc5, 0x29, 0x9e, 0x87, 0x91, 0x10, 0xea, 0xdc, 0xc4, + 0xdd, 0x0d, 0x75, 0x87, 0x15, 0x23, 0xd9, 0xbb, 0x53, 0x3c, 0xdf, 0xaf, 0x44, 0xec, 0x01, 0x2c, + 0x17, 0xf1, 0x09, 0x66, 0xe8, 0x35, 0xa9, 0x6a, 0xb7, 0xf2, 0xb7, 0xa0, 0x5d, 0x9d, 0x39, 0xb6, + 0x06, 0x4d, 0x7b, 0x3a, 0xed, 0x07, 0xb0, 0x0b, 0xff, 0xcf, 0x1a, 0xb4, 0xdc, 0x65, 0x4d, 0x77, + 0xad, 0xe0, 0xf3, 0x86, 0x75, 0x0d, 0x16, 0x0b, 0x5e, 0x1d, 0x89, 0x5d, 0x68, 0x4e, 0x45, 0x94, + 0x16, 0xde, 0x12, 0x0d, 0xcc, 0x87, 0xb7, 0x5d, 0xfb, 0xa3, 0x57, 0x22, 0x4a, 0x03, 0xcb, 0xdd, + 0xfc, 0x16, 0x1a, 0x66, 0x69, 0xba, 0xf2, 0x4a, 0x5f, 0xd3, 0xb3, 0xa9, 0xe9, 0x2c, 0x12, 0x25, + 0xba, 0x5c, 0x76, 0xf1, 0x63, 0xa3, 0x5d, 0x1b, 0xd4, 0x9f, 0xef, 0xfe, 0xf6, 0x5d, 0xca, 0xf5, + 0x49, 0x39, 0x19, 0xc5, 0x2a, 0x1b, 0xbb, 0x4c, 0xd5, 0xef, 0xce, 0xd8, 0x5d, 0x13, 0x02, 0xf3, + 0x71, 0x8a, 0xd2, 0xfd, 0x71, 0x9a, 0x2c, 0xd3, 0xf7, 0xda, 0xfd, 0x2f, 0x00, 0x00, 0xff, 0xff, + 0x45, 0xd3, 0x28, 0x78, 0x50, 0x09, 0x00, 0x00, } diff --git a/controller/proxy-injector/webhook.go b/controller/proxy-injector/webhook.go index 1d7e88f24f63b..b769a1e25215d 100644 --- a/controller/proxy-injector/webhook.go +++ b/controller/proxy-injector/webhook.go @@ -41,18 +41,13 @@ func Inject(api *k8s.API, return nil, err } - debugConfig, err := config.Debug(pkgK8s.MountPathDebugConfig) - if err != nil { - return nil, err - } - namespace, err := api.NS().Lister().Get(request.Namespace) if err != nil { return nil, err } nsAnnotations := namespace.GetAnnotations() - configs := &pb.All{Global: globalConfig, Proxy: proxyConfig, Debug: debugConfig} + configs := &pb.All{Global: globalConfig, Proxy: proxyConfig} resourceConfig := inject.NewResourceConfig(configs, inject.OriginWebhook). WithOwnerRetriever(ownerRetriever(api, request.Namespace)). WithNsAnnotations(nsAnnotations). diff --git a/controller/proxy-injector/webhook_test.go b/controller/proxy-injector/webhook_test.go index d951b06402cd2..332afd86e3899 100644 --- a/controller/proxy-injector/webhook_test.go +++ b/controller/proxy-injector/webhook_test.go @@ -41,10 +41,8 @@ var ( ProxyUid: 2102, LogLevel: &config.LogLevel{Level: "warn,linkerd=info"}, DisableExternalProfiles: false, - }, - Debug: &config.Debug{ - DebugImage: &config.Image{ImageName: "gcr.io/linkerd-io/debug", PullPolicy: "IfNotPresent"}, - DebugImageVersion: "debug-image-version", + DebugImage: &config.Image{ImageName: "gcr.io/linkerd-io/debug", PullPolicy: "IfNotPresent"}, + DebugImageVersion: "debug-image-version", }, } ) diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index 3da2c4a95dc4d..da1c0d04f9c41 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -88,7 +88,6 @@ type ( Global string `json:"global"` Proxy string `json:"proxy"` Install string `json:"install"` - Debug string `json:"debug"` } // Proxy contains the fields to set the proxy sidecar container diff --git a/pkg/config/config.go b/pkg/config/config.go index c67d4f0897736..29685b8f890a5 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -32,13 +32,6 @@ func Install(filepath string) (*pb.Install, error) { return config, err } -// Debug returns the Debug protobuf config from the linkerd-config ConfigMap -func Debug(filepath string) (*pb.Debug, error) { - config := &pb.Debug{} - err := unmarshalFile(filepath, config) - return config, err -} - func unmarshalFile(filepath string, msg proto.Message) error { configJSON, err := ioutil.ReadFile(filepath) if err != nil { @@ -69,7 +62,7 @@ func unmarshal(json string, msg proto.Message) error { // FromConfigMap builds a configuration by reading a map with the keys "global" // and "proxy", each containing JSON values. func FromConfigMap(configMap map[string]string) (*pb.All, error) { - c := &pb.All{Global: &pb.Global{}, Proxy: &pb.Proxy{}, Install: &pb.Install{}, Debug: &pb.Debug{}} + c := &pb.All{Global: &pb.Global{}, Proxy: &pb.Proxy{}, Install: &pb.Install{}} if err := unmarshal(configMap["global"], c.Global); err != nil { return nil, fmt.Errorf("invalid global config: %s", err) @@ -83,15 +76,11 @@ func FromConfigMap(configMap map[string]string) (*pb.All, error) { return nil, fmt.Errorf("invalid install config: %s", err) } - if err := unmarshal(configMap["debug"], c.Debug); err != nil { - return nil, fmt.Errorf("invalid debug config: %s", err) - } - return c, nil } // ToJSON encode the configuration to JSON, i.e. to be stored in a ConfigMap. -func ToJSON(configs *pb.All) (global, proxy, install, debug string, err error) { +func ToJSON(configs *pb.All) (global, proxy, install string, err error) { m := jsonpb.Marshaler{EmitDefaults: true} global, err = m.MarshalToString(configs.GetGlobal()) @@ -105,10 +94,5 @@ func ToJSON(configs *pb.All) (global, proxy, install, debug string, err error) { } install, err = m.MarshalToString(configs.GetInstall()) - if err != nil { - return - } - - debug, err = m.MarshalToString(configs.GetDebug()) return } diff --git a/pkg/healthcheck/healthcheck_test.go b/pkg/healthcheck/healthcheck_test.go index db98021377c22..81d8d9a2c4b3a 100644 --- a/pkg/healthcheck/healthcheck_test.go +++ b/pkg/healthcheck/healthcheck_test.go @@ -2279,11 +2279,9 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"fake-trust-anchors-pem","issuanceLifetime":"86400s","clockSkewAllowance":"20s"}} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version", "proxy_init_image_version":"v1.3.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxy_init_image_version":"v1.3.0","debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | - {"cliVersion":"dev-undefined","flags":[]} - debug: | - {"debugImage":{"imageName":"gcr.io/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"}`, + {"cliVersion":"dev-undefined","flags":[]}`, }, &configPb.All{ Global: &configPb.Global{ @@ -2328,14 +2326,13 @@ data: DisableExternalProfiles: true, ProxyVersion: "install-proxy-version", ProxyInitImageVersion: "v1.3.0", - }, Install: &configPb.Install{ - CliVersion: "dev-undefined", - }, Debug: &configPb.Debug{ DebugImage: &configPb.Image{ ImageName: "gcr.io/linkerd-io/debug", PullPolicy: "IfNotPresent", }, DebugImageVersion: "install-debug-version", + }, Install: &configPb.Install{ + CliVersion: "dev-undefined", }}, nil, }, @@ -2350,10 +2347,9 @@ data: global: | {"linkerdNamespace":"ns","identityContext":null} proxy: "{}" - install: "{}" - debug: "{}"`, + install: "{}"`, }, - &configPb.All{Global: &configPb.Global{LinkerdNamespace: "ns", IdentityContext: nil}, Proxy: &configPb.Proxy{}, Install: &configPb.Install{}, Debug: &configPb.Debug{}}, + &configPb.All{Global: &configPb.Global{LinkerdNamespace: "ns", IdentityContext: nil}, Proxy: &configPb.Proxy{}, Install: &configPb.Install{}}, nil, }, { @@ -2366,10 +2362,9 @@ metadata: data: global: "{}" proxy: "{}" - install: "{}" - debug: "{}"`, + install: "{}"`, }, - &configPb.All{Global: &configPb.Global{}, Proxy: &configPb.Proxy{}, Install: &configPb.Install{}, Debug: &configPb.Debug{}}, + &configPb.All{Global: &configPb.Global{}, Proxy: &configPb.Proxy{}, Install: &configPb.Install{}}, nil, }, { diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index 645982af7190c..b2e8623683725 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -908,14 +908,14 @@ func (conf *ResourceConfig) debugSidecarImage() string { if override := conf.getOverride(k8s.DebugImageAnnotation); override != "" { return override } - return conf.configs.GetDebug().GetDebugImage().GetImageName() + return conf.configs.GetProxy().GetDebugImage().GetImageName() } func (conf *ResourceConfig) debugSidecarImageVersion() string { if override := conf.getOverride(k8s.DebugImageVersionAnnotation); override != "" { return override } - if debugVersion := conf.configs.GetDebug().GetDebugImageVersion(); debugVersion != "" { + if debugVersion := conf.configs.GetProxy().GetDebugImageVersion(); debugVersion != "" { return debugVersion } if controlPlaneVersion := conf.configs.GetGlobal().GetVersion(); controlPlaneVersion != "" { @@ -928,7 +928,7 @@ func (conf *ResourceConfig) debugSidecarImagePullPolicy() string { if override := conf.getOverride(k8s.DebugImagePullPolicyAnnotation); override != "" { return override } - return conf.configs.GetDebug().GetDebugImage().GetPullPolicy() + return conf.configs.GetProxy().GetDebugImage().GetPullPolicy() } // GetOverriddenConfiguration returns a map of the overridden proxy annotations diff --git a/pkg/k8s/labels.go b/pkg/k8s/labels.go index 5f4dbdd206a08..5f1d7e47d3088 100644 --- a/pkg/k8s/labels.go +++ b/pkg/k8s/labels.go @@ -287,9 +287,6 @@ const ( // MountPathInstallConfig is the path at which the install config file is mounted. MountPathInstallConfig = MountPathBase + "/config/install" - // MountPathDebugConfig is the path at which the debug config file is mounted. - MountPathDebugConfig = MountPathBase + "/config/debug" - // MountPathEndEntity is the path at which a tmpfs directory is mounted to // store identity credentials. MountPathEndEntity = MountPathBase + "/identity/end-entity" diff --git a/proto/config/config.proto b/proto/config/config.proto index fd5eebd6e48e5..7b6ae840392f2 100644 --- a/proto/config/config.proto +++ b/proto/config/config.proto @@ -10,7 +10,6 @@ message All { Global global = 1; Proxy proxy = 2; Install install = 3; - Debug debug = 4; } message Global { @@ -51,6 +50,9 @@ message Proxy { string proxy_version = 13; string proxy_init_image_version = 14; + + Image debug_image = 15; + string debug_image_version = 16; } message Image { @@ -107,9 +109,3 @@ message Install { string value = 2; } } - -// Configuration settings for debug containers -message Debug { - Image debug_image = 1; - string debug_image_version = 2; -} From 36fbf6d5f82c01546d723b74f88e814c927bcf61 Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Fri, 10 Jan 2020 00:24:37 -0600 Subject: [PATCH 06/11] Post-rebase updates to fix tests Signed-off-by: Paul Balogh --- cli/cmd/inject_test.go | 8 +++++--- .../testdata/install_custom_registry.golden | 20 +++++++++---------- .../fake/data/pod-with-debug.patch.json | 2 +- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index 1bd7718f782e8..a7898fe9c5d6a 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -656,8 +656,8 @@ func TestOverrideConfigsParameterized(t *testing.T) { dockerRegistry: "my.custom.registry/linkerd-io", }, expectedOverrides: map[string]string{ - k8s.ProxyImageAnnotation: "my.custom.registry/linkerd-io/proxy", - k8s.ProxyInitImageAnnotation: "my.custom.registry/linkerd-io/proxyInit", + k8s.ProxyImageAnnotation: "gcr.io/linkerd-io/proxy", + k8s.ProxyInitImageAnnotation: "gcr.io/linkerd-io/proxyInit", k8s.DebugImageAnnotation: "my.custom.registry/linkerd-io/debug", }, }, @@ -667,7 +667,9 @@ func TestOverrideConfigsParameterized(t *testing.T) { dockerRegistry: "my.custom.registry/linkerd-io", }, expectedOverrides: map[string]string{ - k8s.DebugImageAnnotation: "my.custom.registry/linkerd-io/debug", + k8s.ProxyImageAnnotation: "my.custom.registry/linkerd-io/proxy", + k8s.ProxyInitImageAnnotation: "my.custom.registry/linkerd-io/proxyInit", + k8s.DebugImageAnnotation: "my.custom.registry/linkerd-io/debug", }, }, { diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index 882836f697d20..c17867b54d775 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -851,7 +851,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"my.custom.registry/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"my.custom.registry/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"my.custom.registry/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} + {"proxyImage":{"imageName":"my.custom.registry/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"my.custom.registry/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.3.0","debugImage":{"imageName":"my.custom.registry/linkerd-io/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"registry","value":"my.custom.registry/linkerd-io"}]} --- @@ -957,7 +957,7 @@ spec: name: identity-issuer - env: - name: LINKERD2_PROXY_LOG - value: warn,linkerd2_proxy=info + value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-dst.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR @@ -1176,7 +1176,7 @@ spec: name: config - env: - name: LINKERD2_PROXY_LOG - value: warn,linkerd2_proxy=info + value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-dst.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR @@ -1392,7 +1392,7 @@ spec: name: config - env: - name: LINKERD2_PROXY_LOG - value: warn,linkerd2_proxy=info + value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: localhost.:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR @@ -1656,7 +1656,7 @@ spec: name: config - env: - name: LINKERD2_PROXY_LOG - value: warn,linkerd2_proxy=info + value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-dst.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR @@ -1990,7 +1990,7 @@ spec: readOnly: true - env: - name: LINKERD2_PROXY_LOG - value: warn,linkerd2_proxy=info + value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-dst.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR @@ -2267,7 +2267,7 @@ spec: readOnly: true - env: - name: LINKERD2_PROXY_LOG - value: warn,linkerd2_proxy=info + value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-dst.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR @@ -2471,7 +2471,7 @@ spec: readOnly: true - env: - name: LINKERD2_PROXY_LOG - value: warn,linkerd2_proxy=info + value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-dst.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR @@ -2705,7 +2705,7 @@ spec: readOnly: true - env: - name: LINKERD2_PROXY_LOG - value: warn,linkerd2_proxy=info + value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-dst.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR @@ -2927,7 +2927,7 @@ spec: name: config - env: - name: LINKERD2_PROXY_LOG - value: warn,linkerd2_proxy=info + value: warn,linkerd=info - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR value: linkerd-dst.linkerd.svc.cluster.local:8086 - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR diff --git a/controller/proxy-injector/fake/data/pod-with-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-debug.patch.json index 5b9d4c6433a7d..b1171880bf377 100644 --- a/controller/proxy-injector/fake/data/pod-with-debug.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-debug.patch.json @@ -87,7 +87,7 @@ "env": [ { "name": "LINKERD2_PROXY_LOG", - "value": "warn,linkerd2_proxy=info" + "value": "warn,linkerd=info" }, { "name": "LINKERD2_PROXY_DESTINATION_SVC_ADDR", From a56b265c4252eb256d34eacc510be59e15694d6a Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Fri, 10 Jan 2020 19:30:33 -0600 Subject: [PATCH 07/11] Review updates; update versions in README, cleanup registry override on inject Signed-off-by: Paul Balogh --- charts/linkerd2/README.md | 4 +- cli/cmd/inject.go | 26 +++++---- cli/cmd/inject_test.go | 109 +++++++++++++++++++++++++++++++++++--- 3 files changed, 117 insertions(+), 22 deletions(-) diff --git a/charts/linkerd2/README.md b/charts/linkerd2/README.md index db773a5d50329..b687ef5b7d530 100644 --- a/charts/linkerd2/README.md +++ b/charts/linkerd2/README.md @@ -91,7 +91,7 @@ The following table lists the configurable parameters of the Linkerd2 chart and | `dashboard.replicas` | Number of replicas of dashboard | `1` | | `debugContainer.image.name` | Docker image for the debug container | `gcr.io/linkerd-io/proxy` | | `debugContainer.image.pullPolicy` | Pull policy for the debug container Docker image | `IfNotPresent` | -| `debugContainer.image.version` | Tag for the debug container Docker image | `stable-2.5.0` | +| `debugContainer.image.version` | Tag for the debug container Docker image | latest version | | `disableHeartBeat` | Set to true to not start the heartbeat cronjob | `false` | | `enableH2Upgrade` | Allow proxies to perform transparent HTTP/2 upgrading | `true` | | `global.clusterDomain` | Kubernetes DNS Domain name to use | `cluster.local` | @@ -125,7 +125,7 @@ The following table lists the configurable parameters of the Linkerd2 chart and | `global.proxyInit.ignoreOutboundPorts` | Outbound ports the proxy should ignore || | `global.proxyInit.image.name` | Docker image for the proxy-init container | `gcr.io/linkerd-io/proxy-init` | | `global.proxyInit.image.pullPolicy` | Pull policy for the proxy-init container Docker image | `IfNotPresent` | -| `global.proxyInit.image.version` | Tag for the proxy-init container Docker image | `v1.1.0` | +| `global.proxyInit.image.version` | Tag for the proxy-init container Docker image | latest version | | `global.proxyInit.resources.cpu.limit` | Maximum amount of CPU units that the proxy-init container can use | `100m` | | `global.proxyInit.resources.cpu.request` | Amount of CPU units that the proxy-init container requests | `10m` | | `global.ProxyInit.resources.memory.limit` | Maximum amount of memory that the proxy-init container can use | `50Mi` | diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index 7a3779d92c0d0..4aa032aef82a6 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -367,10 +367,18 @@ func (options *proxyConfigOptions) overrideConfigs(configs *cfg.All, overrideAnn } if options.dockerRegistry != "" { - configs.Proxy.ProxyImage.ImageName = registryOverride(configs.Proxy.ProxyImage.ImageName, options.dockerRegistry) - configs.Proxy.ProxyInitImage.ImageName = registryOverride(configs.Proxy.ProxyInitImage.ImageName, options.dockerRegistry) - overrideAnnotations[k8s.ProxyImageAnnotation] = configs.Proxy.ProxyImage.ImageName - overrideAnnotations[k8s.ProxyInitImageAnnotation] = configs.Proxy.ProxyInitImage.ImageName + currentProxyImage := configs.Proxy.ProxyImage.ImageName + currentProxyInitImage := configs.Proxy.ProxyInitImage.ImageName + currentDebugImage := configs.Proxy.DebugImage.ImageName + + currentRegistry := getFlagValue(configs.GetInstall().GetFlags(), "registry") + if currentRegistry == "" { + currentRegistry = defaultDockerRegistry + } + + overrideAnnotations[k8s.ProxyImageAnnotation] = strings.Replace(currentProxyImage, currentRegistry, options.dockerRegistry, 1) + overrideAnnotations[k8s.ProxyInitImageAnnotation] = strings.Replace(currentProxyInitImage, currentRegistry, options.dockerRegistry, 1) + overrideAnnotations[k8s.DebugImageAnnotation] = strings.Replace(currentDebugImage, currentRegistry, options.dockerRegistry, 1) } if options.proxyImage != "" { @@ -396,16 +404,6 @@ func (options *proxyConfigOptions) overrideConfigs(configs *cfg.All, overrideAnn overrideAnnotations[k8s.ProxyImagePullPolicyAnnotation] = options.imagePullPolicy } - if options.dockerRegistry != "" { - currentDebugImage := configs.Proxy.DebugImage.ImageName - currentRegistry := getFlagValue(configs.GetInstall().GetFlags(), "registry") - if currentRegistry == "" { - currentRegistry = defaultDockerRegistry - } - override := strings.Replace(currentDebugImage, currentRegistry, options.dockerRegistry, 1) - overrideAnnotations[k8s.DebugImageAnnotation] = override - } - if options.proxyUID != 0 { configs.Proxy.ProxyUid = options.proxyUID overrideAnnotations[k8s.ProxyUIDAnnotation] = strconv.FormatInt(options.proxyUID, 10) diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index a7898fe9c5d6a..b0316c398f8a8 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -638,12 +638,12 @@ func TestOverrideConfigsParameterized(t *testing.T) { { description: "proxy-init image overrides", configOptions: proxyConfigOptions{ - initImage: "gcr.io/linkerd-io/proxyInit", + initImage: "gcr.io/linkerd-io/proxy-init", initImageVersion: "test-proxy-init-version", imagePullPolicy: "IfNotPresent", }, expectedOverrides: map[string]string{ - k8s.ProxyInitImageAnnotation: "gcr.io/linkerd-io/proxyInit", + k8s.ProxyInitImageAnnotation: "gcr.io/linkerd-io/proxy-init", k8s.ProxyInitImageVersionAnnotation: "test-proxy-init-version", k8s.ProxyImagePullPolicyAnnotation: "IfNotPresent", }, @@ -652,12 +652,12 @@ func TestOverrideConfigsParameterized(t *testing.T) { description: "custom docker registry with proxy and proxy-init", configOptions: proxyConfigOptions{ proxyImage: "gcr.io/linkerd-io/proxy", - initImage: "gcr.io/linkerd-io/proxyInit", + initImage: "gcr.io/linkerd-io/proxy-init", dockerRegistry: "my.custom.registry/linkerd-io", }, expectedOverrides: map[string]string{ k8s.ProxyImageAnnotation: "gcr.io/linkerd-io/proxy", - k8s.ProxyInitImageAnnotation: "gcr.io/linkerd-io/proxyInit", + k8s.ProxyInitImageAnnotation: "gcr.io/linkerd-io/proxy-init", k8s.DebugImageAnnotation: "my.custom.registry/linkerd-io/debug", }, }, @@ -668,7 +668,7 @@ func TestOverrideConfigsParameterized(t *testing.T) { }, expectedOverrides: map[string]string{ k8s.ProxyImageAnnotation: "my.custom.registry/linkerd-io/proxy", - k8s.ProxyInitImageAnnotation: "my.custom.registry/linkerd-io/proxyInit", + k8s.ProxyInitImageAnnotation: "my.custom.registry/linkerd-io/proxy-init", k8s.DebugImageAnnotation: "my.custom.registry/linkerd-io/debug", }, }, @@ -679,10 +679,107 @@ func TestOverrideConfigsParameterized(t *testing.T) { }, } - defaultConfig := testInstallConfig() for _, tt := range tests { tt := tt // pin t.Run(tt.description, func(t *testing.T) { + defaultConfig := testInstallConfig() + actualOverrides := map[string]string{} + tt.configOptions.overrideConfigs(defaultConfig, actualOverrides) + if len(tt.expectedOverrides) != len(actualOverrides) { + t.Fatalf("expected %d annotation(s), but received %d", len(tt.expectedOverrides), len(actualOverrides)) + } + for key, expected := range tt.expectedOverrides { + actual := actualOverrides[key] + if actual != expected { + t.Fatalf("expected annotation %q with %q, but got %q", key, expected, actual) + } + } + }) + } +} + +func TestOverrideConfigsWithCustomRegistryInstall(t *testing.T) { + + tests := []struct { + description string + configOptions proxyConfigOptions + expectedOverrides map[string]string + }{ + { + description: "proxy image overrides", + configOptions: proxyConfigOptions{ + proxyImage: "gcr.io/linkerd-io/proxy", + proxyVersion: "test-proxy-version", + imagePullPolicy: "IfNotPresent", + }, + expectedOverrides: map[string]string{ + k8s.ProxyImageAnnotation: "gcr.io/linkerd-io/proxy", + k8s.ProxyVersionOverrideAnnotation: "test-proxy-version", + k8s.ProxyImagePullPolicyAnnotation: "IfNotPresent", + }, + }, + { + description: "proxy-init image overrides", + configOptions: proxyConfigOptions{ + initImage: "gcr.io/linkerd-io/proxy-init", + initImageVersion: "test-proxy-init-version", + imagePullPolicy: "IfNotPresent", + }, + expectedOverrides: map[string]string{ + k8s.ProxyInitImageAnnotation: "gcr.io/linkerd-io/proxy-init", + k8s.ProxyInitImageVersionAnnotation: "test-proxy-init-version", + k8s.ProxyImagePullPolicyAnnotation: "IfNotPresent", + }, + }, + { + description: "custom docker registry with proxy and proxy-init", + configOptions: proxyConfigOptions{ + proxyImage: "gcr.io/linkerd-io/proxy", + initImage: "gcr.io/linkerd-io/proxy-init", + dockerRegistry: "my.custom.registry/linkerd-io", + }, + expectedOverrides: map[string]string{ + k8s.ProxyImageAnnotation: "gcr.io/linkerd-io/proxy", + k8s.ProxyInitImageAnnotation: "gcr.io/linkerd-io/proxy-init", + k8s.DebugImageAnnotation: "my.custom.registry/linkerd-io/debug", + }, + }, + { + description: "custom docker registry", + configOptions: proxyConfigOptions{ + dockerRegistry: "my.custom.registry/linkerd-io", + }, + expectedOverrides: map[string]string{ + k8s.ProxyImageAnnotation: "my.custom.registry/linkerd-io/proxy", + k8s.ProxyInitImageAnnotation: "my.custom.registry/linkerd-io/proxy-init", + k8s.DebugImageAnnotation: "my.custom.registry/linkerd-io/debug", + }, + }, + { + description: "no overrides", + configOptions: proxyConfigOptions{}, + expectedOverrides: map[string]string{}, + }, + } + + // Setup the registry used when "installing" linkerd + customRegistryAtInstall := "custom.install.registry/linkerd-io" + installFlags := make([]*pb.Install_Flag, 0) + installFlags = append(installFlags, &pb.Install_Flag{ + Name: "registry", + Value: customRegistryAtInstall, + }) + + for _, tt := range tests { + tt := tt // pin + t.Run(tt.description, func(t *testing.T) { + + defaultConfig := testInstallConfig() + defaultConfig.Install.Flags = installFlags + defaultConfig.Proxy.ProxyImage.ImageName = customRegistryAtInstall + "/proxy" + defaultConfig.Proxy.ProxyInitImage.ImageName = customRegistryAtInstall + "/proxy-init" + defaultConfig.Proxy.DebugImage.ImageName = customRegistryAtInstall + "/debug" + actualOverrides := map[string]string{} tt.configOptions.overrideConfigs(defaultConfig, actualOverrides) if len(tt.expectedOverrides) != len(actualOverrides) { From 4a569554d9eccf937c438797869def4f28d8cbaf Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Mon, 13 Jan 2020 21:42:34 -0600 Subject: [PATCH 08/11] Review updates; defensive coding for debug container on registry override and correction to README Signed-off-by: Paul Balogh --- charts/linkerd2/README.md | 2 +- cli/cmd/inject.go | 9 ++++++--- pkg/k8s/labels.go | 3 +++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/linkerd2/README.md b/charts/linkerd2/README.md index b687ef5b7d530..8eace0d1444bb 100644 --- a/charts/linkerd2/README.md +++ b/charts/linkerd2/README.md @@ -89,7 +89,7 @@ The following table lists the configurable parameters of the Linkerd2 chart and | `controllerReplicas` | Number of replicas for each control plane pod | `1` | | `controllerUID` | User ID for the control plane components | `2103` | | `dashboard.replicas` | Number of replicas of dashboard | `1` | -| `debugContainer.image.name` | Docker image for the debug container | `gcr.io/linkerd-io/proxy` | +| `debugContainer.image.name` | Docker image for the debug container | `gcr.io/linkerd-io/debug` | | `debugContainer.image.pullPolicy` | Pull policy for the debug container Docker image | `IfNotPresent` | | `debugContainer.image.version` | Tag for the debug container Docker image | latest version | | `disableHeartBeat` | Set to true to not start the heartbeat cronjob | `false` | diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index 4aa032aef82a6..2468335bc39f8 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -367,9 +367,12 @@ func (options *proxyConfigOptions) overrideConfigs(configs *cfg.All, overrideAnn } if options.dockerRegistry != "" { - currentProxyImage := configs.Proxy.ProxyImage.ImageName - currentProxyInitImage := configs.Proxy.ProxyInitImage.ImageName - currentDebugImage := configs.Proxy.DebugImage.ImageName + currentProxyImage := configs.GetProxy().GetProxyImage().GetImageName() + currentProxyInitImage := configs.GetProxy().GetProxyInitImage().GetImageName() + currentDebugImage := configs.GetProxy().GetDebugImage().GetImageName() + if currentDebugImage == "" { + currentDebugImage = k8s.DebugSidecarImage + } currentRegistry := getFlagValue(configs.GetInstall().GetFlags(), "registry") if currentRegistry == "" { diff --git a/pkg/k8s/labels.go b/pkg/k8s/labels.go index 5f1d7e47d3088..0fe91969015ef 100644 --- a/pkg/k8s/labels.go +++ b/pkg/k8s/labels.go @@ -218,6 +218,9 @@ const ( // DebugSidecarName is the name of the default linkerd debug container DebugSidecarName = "linkerd-debug" + // DebugSidecarImage is the image name of the default linkerd debug container + DebugSidecarImage = "gcr.io/linkerd-io/debug" + // InitContainerName is the name assigned to the injected init container. InitContainerName = "linkerd-init" From a69af6e53adf2a6850be8be0c22c79ffd4e96c61 Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Tue, 14 Jan 2020 18:39:28 -0600 Subject: [PATCH 09/11] Review updates; simplify registry override Signed-off-by: Paul Balogh --- cli/cmd/inject.go | 39 +++++++++++++++++------------------ cli/cmd/inject_test.go | 47 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 20 deletions(-) diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index 2468335bc39f8..e208cbbf77a6f 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -367,21 +367,13 @@ func (options *proxyConfigOptions) overrideConfigs(configs *cfg.All, overrideAnn } if options.dockerRegistry != "" { - currentProxyImage := configs.GetProxy().GetProxyImage().GetImageName() - currentProxyInitImage := configs.GetProxy().GetProxyInitImage().GetImageName() - currentDebugImage := configs.GetProxy().GetDebugImage().GetImageName() - if currentDebugImage == "" { - currentDebugImage = k8s.DebugSidecarImage + debugImage := configs.GetProxy().GetDebugImage().GetImageName() + if debugImage == "" { + debugImage = k8s.DebugSidecarImage } - - currentRegistry := getFlagValue(configs.GetInstall().GetFlags(), "registry") - if currentRegistry == "" { - currentRegistry = defaultDockerRegistry - } - - overrideAnnotations[k8s.ProxyImageAnnotation] = strings.Replace(currentProxyImage, currentRegistry, options.dockerRegistry, 1) - overrideAnnotations[k8s.ProxyInitImageAnnotation] = strings.Replace(currentProxyInitImage, currentRegistry, options.dockerRegistry, 1) - overrideAnnotations[k8s.DebugImageAnnotation] = strings.Replace(currentDebugImage, currentRegistry, options.dockerRegistry, 1) + overrideAnnotations[k8s.ProxyImageAnnotation] = overwriteRegistry(configs.GetProxy().GetProxyImage().GetImageName(), options.dockerRegistry) + overrideAnnotations[k8s.ProxyInitImageAnnotation] = overwriteRegistry(configs.GetProxy().GetProxyInitImage().GetImageName(), options.dockerRegistry) + overrideAnnotations[k8s.DebugImageAnnotation] = overwriteRegistry(debugImage, options.dockerRegistry) } if options.proxyImage != "" { @@ -492,11 +484,18 @@ func parsePortRanges(portRanges []*cfg.PortRange) string { return strings.TrimSuffix(str, ",") } -func getFlagValue(flags []*cfg.Install_Flag, name string) string { - for _, flag := range flags { - if flag.Name == name { - return flag.Value - } +// overwriteRegistry replaces the registry-portion of the provided image with the provided registry. +func overwriteRegistry(image, registry string) string { + if image == "" || registry == "" { + return image + } + updated := registry + if !strings.HasSuffix(updated, "/") { + updated += "/" + } + i := len(image) - 1 + for i >= 0 && image[i] != '/' { + i-- } - return "" + return updated + image[i+1:] } diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index b0316c398f8a8..5c5f35254118f 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -794,3 +794,50 @@ func TestOverrideConfigsWithCustomRegistryInstall(t *testing.T) { }) } } + +func TestOverwriteRegistry(t *testing.T) { + testCases := []struct { + image string + registry string + expected string + }{ + { + image: "gcr.io/linkerd-io/image", + registry: "my.custom.registry", + expected: "my.custom.registry/image", + }, + { + image: "gcr.io/linkerd-io/image", + registry: "my.custom.registry/", + expected: "my.custom.registry/image", + }, + { + image: "my.custom.registry/image", + registry: "my.custom.registry", + expected: "my.custom.registry/image", + }, + { + image: "my.custom.registry/image", + registry: "gcr.io/linkerd-io", + expected: "gcr.io/linkerd-io/image", + }, + { + image: "", + registry: "my.custom.registry", + expected: "", + }, + { + image: "gcr.io/linkerd-io/image", + registry: "", + expected: "gcr.io/linkerd-io/image", + }, + } + for i, tc := range testCases { + t.Run(fmt.Sprintf("%d", i), func(t *testing.T) { + actual := overwriteRegistry(tc.image, tc.registry) + if actual != tc.expected { + t.Fatalf("expected %q, but got %q", tc.expected, actual) + } + }) + } +} From d30e6b6011f9c995c9c8e79095b370afdfc0af61 Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Tue, 14 Jan 2020 19:31:33 -0600 Subject: [PATCH 10/11] Update unit test to appease linter Signed-off-by: Paul Balogh --- cli/cmd/inject_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index 5c5f35254118f..5fbd9af9baddf 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -833,6 +833,7 @@ func TestOverwriteRegistry(t *testing.T) { }, } for i, tc := range testCases { + tc := tc // pin t.Run(fmt.Sprintf("%d", i), func(t *testing.T) { actual := overwriteRegistry(tc.image, tc.registry) if actual != tc.expected { From 08005f757d372e048dc5355bcfdc9662b01d3232 Mon Sep 17 00:00:00 2001 From: Paul Balogh Date: Wed, 15 Jan 2020 16:46:43 -0600 Subject: [PATCH 11/11] Review update; improving the overwriteRegistry method; post-rebase update for README Signed-off-by: Paul Balogh --- charts/linkerd2/README.md | 2 +- cli/cmd/inject.go | 19 ++++++++++--------- cli/cmd/inject_test.go | 5 +++++ 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/charts/linkerd2/README.md b/charts/linkerd2/README.md index 8eace0d1444bb..9a53ab900a8a1 100644 --- a/charts/linkerd2/README.md +++ b/charts/linkerd2/README.md @@ -151,7 +151,7 @@ The following table lists the configurable parameters of the Linkerd2 chart and | `profileValidator.keyPEM` | Certificate key for the service profile validator. If not provided then Helm will generate one. || | `tap.crtPEM` | Certificate for the Tap component. If not provided then Helm will generate one. || | `tap.keyPEM` | Certificate key for Tap component. If not provided then Helm will generate one. || -| `webhookFailurePolicy` | Failure policy for the proxy injector | `Ignore` +| `webhookFailurePolicy` | Failure policy for the proxy injector | `Ignore` | | `webImage` | Docker image for the web container | `gcr.io/linkerd-io/web` | ## Get involved diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index e208cbbf77a6f..c14d0be2ceda8 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -28,6 +28,7 @@ const ( injectDisabledDesc = "pods are not annotated to disable injection" unsupportedDesc = "at least one resource injected" udpDesc = "pod specs do not include UDP ports" + slash = "/" ) type resourceTransformerInject struct { @@ -485,17 +486,17 @@ func parsePortRanges(portRanges []*cfg.PortRange) string { } // overwriteRegistry replaces the registry-portion of the provided image with the provided registry. -func overwriteRegistry(image, registry string) string { - if image == "" || registry == "" { +func overwriteRegistry(image, newRegistry string) string { + if image == "" { return image } - updated := registry - if !strings.HasSuffix(updated, "/") { - updated += "/" + registry := newRegistry + if registry != "" && !strings.HasSuffix(registry, slash) { + registry += slash } - i := len(image) - 1 - for i >= 0 && image[i] != '/' { - i-- + imageName := image + if strings.Contains(image, slash) { + imageName = image[strings.LastIndex(image, slash)+1:] } - return updated + image[i+1:] + return registry + imageName } diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index 5fbd9af9baddf..2227e75bd52fa 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -829,6 +829,11 @@ func TestOverwriteRegistry(t *testing.T) { { image: "gcr.io/linkerd-io/image", registry: "", + expected: "image", + }, + { + image: "image", + registry: "gcr.io/linkerd-io", expected: "gcr.io/linkerd-io/image", }, }