Last active
January 21, 2021 01:23
-
-
Save cpretzer/10f017577b6c2a944b819619737769a6 to your computer and use it in GitHub Desktop.
Linkerd Proxy with LINKERD2_PROXY_DNS_CANONICALIZE_TIMEOUT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
annotations: | |
deployment.kubernetes.io/revision: "1" | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"voting","app.kubernetes.io/part-of":"emojivoto","app.kubernetes.io/version":"v11"},"name":"voting","namespace":"emojivoto"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"voting-svc","version":"v11"}},"template":{"metadata":{"labels":{"app":"voting-svc","version":"v11"}},"spec":{"containers":[{"env":[{"name":"GRPC_PORT","value":"8080"},{"name":"PROM_PORT","value":"8801"}],"image":"buoyantio/emojivoto-voting-svc:v11","name":"voting-svc","ports":[{"containerPort":8080,"name":"grpc"},{"containerPort":8801,"name":"prom"}],"resources":{"requests":{"cpu":"100m"}}}],"serviceAccountName":"voting"}}}} | |
generation: 1 | |
labels: | |
app.kubernetes.io/name: voting | |
app.kubernetes.io/part-of: emojivoto | |
app.kubernetes.io/version: v11 | |
name: voting | |
namespace: emojivoto | |
resourceVersion: "30980160" | |
selfLink: /apis/apps/v1/namespaces/emojivoto/deployments/voting | |
uid: 7ab2c18d-a33d-4340-b43b-dd18cde20d81 | |
spec: | |
progressDeadlineSeconds: 600 | |
replicas: 1 | |
revisionHistoryLimit: 10 | |
selector: | |
matchLabels: | |
app: voting-svc | |
version: v11 | |
strategy: | |
rollingUpdate: | |
maxSurge: 25% | |
maxUnavailable: 25% | |
type: RollingUpdate | |
template: | |
metadata: | |
annotations: | |
linkerd.io/created-by: linkerd/cli stable-2.8.1 | |
linkerd.io/identity-mode: default | |
linkerd.io/proxy-version: stable-2.8.1 | |
labels: | |
app: voting-svc | |
linkerd.io/control-plane-ns: linkerd | |
linkerd.io/proxy-deployment: voting | |
linkerd.io/workload-ns: emojivoto | |
version: v11 | |
spec: | |
containers: | |
- env: | |
- name: GRPC_PORT | |
value: "8080" | |
- name: PROM_PORT | |
value: "8801" | |
image: buoyantio/emojivoto-voting-svc:v11 | |
imagePullPolicy: IfNotPresent | |
name: voting-svc | |
ports: | |
- containerPort: 8080 | |
name: grpc | |
protocol: TCP | |
- containerPort: 8801 | |
name: prom | |
protocol: TCP | |
resources: | |
requests: | |
cpu: 100m | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
- env: | |
- name: LINKERD2_PROXY_LOG | |
value: warn,linkerd=info | |
- name: LINKERD2_PROXY_DESTINATION_SVC_ADDR | |
value: linkerd-dst.linkerd.svc.cluster.local:8086 | |
- name: LINKERD2_PROXY_DNS_CANONICALIZATION_TIMEOUIT | |
value: 1s | |
- name: LINKERD2_PROXY_DESTINATION_GET_NETWORKS | |
value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 | |
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR | |
value: 0.0.0.0:4190 | |
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR | |
value: 0.0.0.0:4191 | |
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR | |
value: 127.0.0.1:4140 | |
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR | |
value: 0.0.0.0:4143 | |
- name: LINKERD2_PROXY_DESTINATION_GET_SUFFIXES | |
value: svc.cluster.local. | |
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES | |
value: svc.cluster.local. | |
- name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE | |
value: 10000ms | |
- name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE | |
value: 10000ms | |
- name: _pod_ns | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: LINKERD2_PROXY_DESTINATION_CONTEXT | |
value: ns:$(_pod_ns) | |
- name: LINKERD2_PROXY_IDENTITY_DIR | |
value: /var/run/linkerd/identity/end-entity | |
- name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS | |
value: | | |
<REDACTED> | |
- name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE | |
value: /var/run/secrets/kubernetes.io/serviceaccount/token | |
- name: LINKERD2_PROXY_IDENTITY_SVC_ADDR | |
value: linkerd-identity.linkerd.svc.cluster.local:8080 | |
- name: _pod_sa | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.serviceAccountName | |
- name: _l5d_ns | |
value: linkerd | |
- name: _l5d_trustdomain | |
value: cluster.local | |
- name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME | |
value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) | |
- name: LINKERD2_PROXY_IDENTITY_SVC_NAME | |
value: linkerd-identity.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) | |
- name: LINKERD2_PROXY_DESTINATION_SVC_NAME | |
value: linkerd-destination.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) | |
- name: LINKERD2_PROXY_TAP_SVC_NAME | |
value: linkerd-tap.$(_l5d_ns).serviceaccount.identity.$(_l5d_ns).$(_l5d_trustdomain) | |
image: gcr.io/linkerd-io/proxy:stable-2.8.1 | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
httpGet: | |
path: /live | |
port: 4191 | |
initialDelaySeconds: 10 | |
name: linkerd-proxy | |
ports: | |
- containerPort: 4143 | |
name: linkerd-proxy | |
- containerPort: 4191 | |
name: linkerd-admin | |
readinessProbe: | |
httpGet: | |
path: /ready | |
port: 4191 | |
initialDelaySeconds: 2 | |
securityContext: | |
allowPrivilegeEscalation: false | |
readOnlyRootFilesystem: true | |
runAsUser: 2102 | |
terminationMessagePolicy: FallbackToLogsOnError | |
volumeMounts: | |
- mountPath: /var/run/linkerd/identity/end-entity | |
name: linkerd-identity-end-entity | |
dnsPolicy: ClusterFirst | |
initContainers: | |
- args: | |
- --incoming-proxy-port | |
- "4143" | |
- --outgoing-proxy-port | |
- "4140" | |
- --proxy-uid | |
- "2102" | |
- --inbound-ports-to-ignore | |
- 4190,4191 | |
image: gcr.io/linkerd-io/proxy-init:v1.3.3 | |
imagePullPolicy: IfNotPresent | |
name: linkerd-init | |
resources: | |
limits: | |
cpu: 100m | |
memory: 50Mi | |
requests: | |
cpu: 10m | |
memory: 10Mi | |
securityContext: | |
allowPrivilegeEscalation: false | |
capabilities: | |
add: | |
- NET_ADMIN | |
- NET_RAW | |
privileged: false | |
readOnlyRootFilesystem: true | |
runAsNonRoot: false | |
runAsUser: 0 | |
terminationMessagePolicy: FallbackToLogsOnError | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: voting | |
serviceAccountName: voting | |
terminationGracePeriodSeconds: 30 | |
volumes: | |
- emptyDir: | |
medium: Memory | |
name: linkerd-identity-end-entity | |
status: | |
availableReplicas: 1 | |
conditions: | |
- message: Deployment has minimum availability. | |
reason: MinimumReplicasAvailable | |
status: "True" | |
type: Available | |
- message: ReplicaSet "voting-5858f494d" has successfully progressed. | |
reason: NewReplicaSetAvailable | |
status: "True" | |
type: Progressing | |
observedGeneration: 1 | |
readyReplicas: 1 | |
replicas: 1 | |
updatedReplicas: 1 | |
--- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment