mateobur/l5d-daemonset.yml

## l5d-daemonset.yml
# runs linkerd in a daemonset, in linker-to-linker mode, with TLS for all calls
# from linkerd to linkerd
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: l5d-config
data:
  config.yaml: |-
    admin:
      port: 9990

    namers:
    - kind: io.l5d.k8s
      experimental: true
      host: localhost
      port: 8001

    telemetry:
    - kind: io.l5d.prometheus
    - kind: io.l5d.recentRequests
      sampleRate: 0.25
    - kind: io.l5d.statsd
      experimental: true
      prefix: linkerd
      hostname: 127.0.0.1
      port: 8125
      gaugeIntervalMs: 10000
      sampleRate: 0.01

    usage:
      orgId: linkerd-examples-daemonset-tls

    routers:
    - protocol: http
      label: outgoing
      dtab: |
        /srv        => /#/io.l5d.k8s/production/http;
        /host       => /srv;
        /svc        => /host;
      interpreter:
        kind: default
        transformers:
        - kind: io.l5d.k8s.daemonset
          namespace: production
          port: incoming
          service: l5d
      servers:
      - port: 4140
        ip: 0.0.0.0
      client:
        tls:
          kind: io.l5d.static
          caCertPath: /io.buoyant/linkerd/certs/cacertificate.pem
          commonName: linkerd
      responseClassifier:
        kind: io.l5d.retryableRead5XX

    - protocol: http
      label: incoming
      dtab: |
        /srv        => /#/io.l5d.k8s/production/http;
        /host       => /srv;
        /svc        => /host;
      failFast: true
      timeoutMs: 300
      interpreter:
        kind: default
        transformers:
        - kind: io.l5d.k8s.localnode
      servers:
      - port: 4141
        ip: 0.0.0.0
        tls:
          certPath: /io.buoyant/linkerd/certs/certificate.pem
          keyPath: /io.buoyant/linkerd/certs/key.pem
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    app: l5d
  name: l5d
spec:
  template:
    metadata:
      labels:
        app: l5d
    spec:
      volumes:
      - name: l5d-config
        configMap:
          name: "l5d-config"
      - name: certificates
        secret:
          secretName: certificates
      containers:
      - name: l5d
        image: buoyantio/linkerd:0.9.1
        env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        args:
        - /io.buoyant/linkerd/config/config.yaml
        ports:
        - name: outgoing
          containerPort: 4140
          hostPort: 4140
        - name: incoming
          containerPort: 4141
        - name: admin
          containerPort: 9990
        volumeMounts:
        - name: "l5d-config"
          mountPath: "/io.buoyant/linkerd/config"
          readOnly: true
        - name: "certificates"
          mountPath: "/io.buoyant/linkerd/certs"
          readOnly: true

      - name: kubectl
        image: buoyantio/kubectl:v1.4.0
        args:
        - "proxy"
        - "-p"
        - "8001"
	# runs linkerd in a daemonset, in linker-to-linker mode, with TLS for all calls
	# from linkerd to linkerd
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: l5d-config
	data:
	config.yaml: \|-
	admin:
	port: 9990

	namers:
	- kind: io.l5d.k8s
	experimental: true
	host: localhost
	port: 8001

	telemetry:
	- kind: io.l5d.prometheus
	- kind: io.l5d.recentRequests
	sampleRate: 0.25
	- kind: io.l5d.statsd
	experimental: true
	prefix: linkerd
	hostname: 127.0.0.1
	port: 8125
	gaugeIntervalMs: 10000
	sampleRate: 0.01

	usage:
	orgId: linkerd-examples-daemonset-tls

	routers:
	- protocol: http
	label: outgoing
	dtab: \|
	/srv => /#/io.l5d.k8s/production/http;
	/host => /srv;
	/svc => /host;
	interpreter:
	kind: default
	transformers:
	- kind: io.l5d.k8s.daemonset
	namespace: production
	port: incoming
	service: l5d
	servers:
	- port: 4140
	ip: 0.0.0.0
	client:
	tls:
	kind: io.l5d.static
	caCertPath: /io.buoyant/linkerd/certs/cacertificate.pem
	commonName: linkerd
	responseClassifier:
	kind: io.l5d.retryableRead5XX

	- protocol: http
	label: incoming
	dtab: \|
	/srv => /#/io.l5d.k8s/production/http;
	/host => /srv;
	/svc => /host;
	failFast: true
	timeoutMs: 300
	interpreter:
	kind: default
	transformers:
	- kind: io.l5d.k8s.localnode
	servers:
	- port: 4141
	ip: 0.0.0.0
	tls:
	certPath: /io.buoyant/linkerd/certs/certificate.pem
	keyPath: /io.buoyant/linkerd/certs/key.pem
	---
	apiVersion: extensions/v1beta1
	kind: DaemonSet
	metadata:
	labels:
	app: l5d
	name: l5d
	spec:
	template:
	metadata:
	labels:
	app: l5d
	spec:
	volumes:
	- name: l5d-config
	configMap:
	name: "l5d-config"
	- name: certificates
	secret:
	secretName: certificates
	containers:
	- name: l5d
	image: buoyantio/linkerd:0.9.1
	env:
	- name: POD_IP
	valueFrom:
	fieldRef:
	fieldPath: status.podIP
	args:
	- /io.buoyant/linkerd/config/config.yaml
	ports:
	- name: outgoing
	containerPort: 4140
	hostPort: 4140
	- name: incoming
	containerPort: 4141
	- name: admin
	containerPort: 9990
	volumeMounts:
	- name: "l5d-config"
	mountPath: "/io.buoyant/linkerd/config"
	readOnly: true
	- name: "certificates"
	mountPath: "/io.buoyant/linkerd/certs"
	readOnly: true

	- name: kubectl
	image: buoyantio/kubectl:v1.4.0
	args:
	- "proxy"
	- "-p"
	- "8001"