Created
December 5, 2022 19:37
-
-
Save adleong/1f0b5ea98b8341f4a594e757c1bf5915 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Two backend pods, one always failing | |
| # and another one returning OK response | |
| # Slowcooker is used to generate traffic | |
| # that will be routed via traffic split | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: backend | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: backend | |
| template: | |
| metadata: | |
| annotations: | |
| config.linkerd.io/proxy-image: mycoliza/l2-proxy | |
| config.linkerd.io/proxy-log-level: linkerd=DEBUG,INFO | |
| config.linkerd.io/proxy-version: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| linkerd.io/created-by: linkerd/cli git-f52bc0b3 | |
| linkerd.io/proxy-version: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| linkerd.io/trust-root-sha256: 1861098d9f2e23c015f072d105bdfd827e6703df54a2b4bec645c642dfc4c161 | |
| labels: | |
| app: backend | |
| linkerd.io/control-plane-ns: linkerd | |
| linkerd.io/proxy-deployment: backend | |
| linkerd.io/workload-ns: "" | |
| spec: | |
| containers: | |
| - env: | |
| - name: _pod_name | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: _pod_ns | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: _pod_nodeName | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| - name: LINKERD2_PROXY_LOG | |
| value: linkerd=DEBUG,INFO | |
| - name: LINKERD2_PROXY_LOG_FORMAT | |
| value: plain | |
| - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR | |
| value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086 | |
| - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS | |
| value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 | |
| - name: LINKERD2_PROXY_POLICY_SVC_ADDR | |
| value: linkerd-policy.linkerd.svc.cluster.local.:8090 | |
| - name: LINKERD2_PROXY_CLIENT_POLICY_SVC_ADDR | |
| value: linkerd-client-policy.linkerd.svc.cluster.local.:8091 | |
| - name: LINKERD2_PROXY_CLIENT_POLICY_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_POLICY_WORKLOAD | |
| value: $(_pod_ns):$(_pod_name) | |
| - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY | |
| value: all-unauthenticated | |
| - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS | |
| value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 | |
| - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT | |
| value: 100ms | |
| - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT | |
| value: 1000ms | |
| - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR | |
| value: 0.0.0.0:4190 | |
| - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR | |
| value: 0.0.0.0:4191 | |
| - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR | |
| value: 127.0.0.1:4140 | |
| - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR | |
| value: 0.0.0.0:4143 | |
| - name: LINKERD2_PROXY_INBOUND_IPS | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIPs | |
| - name: LINKERD2_PROXY_INBOUND_PORTS | |
| value: "8080" | |
| - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES | |
| value: svc.cluster.local. | |
| - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE | |
| value: 10000ms | |
| - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE | |
| value: 10000ms | |
| - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION | |
| value: 25,587,3306,4444,5432,6379,9300,11211 | |
| - name: LINKERD2_PROXY_DESTINATION_CONTEXT | |
| value: | | |
| {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)"} | |
| - name: _pod_sa | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.serviceAccountName | |
| - name: _l5d_ns | |
| value: linkerd | |
| - name: _l5d_trustdomain | |
| value: cluster.local | |
| - name: LINKERD2_PROXY_IDENTITY_DIR | |
| value: /var/run/linkerd/identity/end-entity | |
| - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS | |
| value: | | |
| -----BEGIN CERTIFICATE----- | |
| MIIBiDCCAS6gAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDExFpZGVudGl0 | |
| eS5saW5rZXJkLjAeFw0yMjExMDgwMDQ4MTdaFw0yMzExMDgwMDQ4MzdaMBwxGjAY | |
| BgNVBAMTEWlkZW50aXR5LmxpbmtlcmQuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD | |
| QgAEPoTgMbFw3e5FP8/kVHqtQKsMpvZivjFaJPes/6OC3olxKY7fBy3rjIokEjGW | |
| 744A142AV3nCUy6x8g5PqAlSWqNhMF8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQW | |
| MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW | |
| BBQjwqdfyP/3hS70EYUjSxpOjS3O/zAKBggqhkjOPQQDAgNIADBFAiEAzQhL0Bjr | |
| r0by0i9fU+toYh8GukCzRVxfiAQsoVvZHa8CIDHCli0Upm3bbSY11l3U/J1lv7U+ | |
| o/DmcZodY33VSZXq | |
| -----END CERTIFICATE----- | |
| - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE | |
| value: /var/run/secrets/tokens/linkerd-identity-token | |
| - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR | |
| value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080 | |
| - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME | |
| value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_IDENTITY_SVC_NAME | |
| value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_DESTINATION_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_POLICY_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| image: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| imagePullPolicy: IfNotPresent | |
| lifecycle: | |
| postStart: | |
| exec: | |
| command: | |
| - /usr/lib/linkerd/linkerd-await | |
| - --timeout=2m | |
| livenessProbe: | |
| httpGet: | |
| path: /live | |
| port: 4191 | |
| initialDelaySeconds: 10 | |
| name: linkerd-proxy | |
| ports: | |
| - containerPort: 4143 | |
| name: linkerd-proxy | |
| - containerPort: 4191 | |
| name: linkerd-admin | |
| readinessProbe: | |
| httpGet: | |
| path: /ready | |
| port: 4191 | |
| initialDelaySeconds: 2 | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| readOnlyRootFilesystem: true | |
| runAsUser: 2102 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| volumeMounts: | |
| - mountPath: /var/run/linkerd/identity/end-entity | |
| name: linkerd-identity-end-entity | |
| - mountPath: /var/run/secrets/tokens | |
| name: linkerd-identity-token | |
| - args: | |
| - terminus | |
| - --h1-server-port=8080 | |
| - --response-text=backend1 | |
| image: buoyantio/bb:v0.0.6 | |
| name: backend | |
| ports: | |
| - containerPort: 8080 | |
| initContainers: | |
| - args: | |
| - --incoming-proxy-port | |
| - "4143" | |
| - --outgoing-proxy-port | |
| - "4140" | |
| - --proxy-uid | |
| - "2102" | |
| - --inbound-ports-to-ignore | |
| - 4190,4191,4567,4568 | |
| - --outbound-ports-to-ignore | |
| - 4567,4568 | |
| image: cr.l5d.io/linkerd/proxy-init:v2.0.0 | |
| imagePullPolicy: IfNotPresent | |
| name: linkerd-init | |
| resources: | |
| limits: | |
| cpu: 100m | |
| memory: 20Mi | |
| requests: | |
| cpu: 100m | |
| memory: 20Mi | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| add: | |
| - NET_ADMIN | |
| - NET_RAW | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| runAsNonRoot: true | |
| runAsUser: 65534 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| volumeMounts: | |
| - mountPath: /run | |
| name: linkerd-proxy-init-xtables-lock | |
| volumes: | |
| - emptyDir: {} | |
| name: linkerd-proxy-init-xtables-lock | |
| - emptyDir: | |
| medium: Memory | |
| name: linkerd-identity-end-entity | |
| - name: linkerd-identity-token | |
| projected: | |
| sources: | |
| - serviceAccountToken: | |
| audience: identity.l5d.io | |
| expirationSeconds: 86400 | |
| path: linkerd-identity-token | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: backend-svc | |
| spec: | |
| ports: | |
| - name: http | |
| port: 8080 | |
| targetPort: 8080 | |
| selector: | |
| app: backend | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: failing | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: failing | |
| template: | |
| metadata: | |
| annotations: | |
| config.linkerd.io/proxy-image: mycoliza/l2-proxy | |
| config.linkerd.io/proxy-log-level: linkerd=DEBUG,INFO | |
| config.linkerd.io/proxy-version: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| linkerd.io/created-by: linkerd/cli git-f52bc0b3 | |
| linkerd.io/proxy-version: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| linkerd.io/trust-root-sha256: 1861098d9f2e23c015f072d105bdfd827e6703df54a2b4bec645c642dfc4c161 | |
| labels: | |
| app: failing | |
| linkerd.io/control-plane-ns: linkerd | |
| linkerd.io/proxy-deployment: failing | |
| linkerd.io/workload-ns: "" | |
| spec: | |
| containers: | |
| - env: | |
| - name: _pod_name | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: _pod_ns | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: _pod_nodeName | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| - name: LINKERD2_PROXY_LOG | |
| value: linkerd=DEBUG,INFO | |
| - name: LINKERD2_PROXY_LOG_FORMAT | |
| value: plain | |
| - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR | |
| value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086 | |
| - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS | |
| value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 | |
| - name: LINKERD2_PROXY_POLICY_SVC_ADDR | |
| value: linkerd-policy.linkerd.svc.cluster.local.:8090 | |
| - name: LINKERD2_PROXY_CLIENT_POLICY_SVC_ADDR | |
| value: linkerd-client-policy.linkerd.svc.cluster.local.:8091 | |
| - name: LINKERD2_PROXY_CLIENT_POLICY_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_POLICY_WORKLOAD | |
| value: $(_pod_ns):$(_pod_name) | |
| - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY | |
| value: all-unauthenticated | |
| - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS | |
| value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 | |
| - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT | |
| value: 100ms | |
| - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT | |
| value: 1000ms | |
| - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR | |
| value: 0.0.0.0:4190 | |
| - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR | |
| value: 0.0.0.0:4191 | |
| - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR | |
| value: 127.0.0.1:4140 | |
| - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR | |
| value: 0.0.0.0:4143 | |
| - name: LINKERD2_PROXY_INBOUND_IPS | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIPs | |
| - name: LINKERD2_PROXY_INBOUND_PORTS | |
| value: "8080" | |
| - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES | |
| value: svc.cluster.local. | |
| - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE | |
| value: 10000ms | |
| - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE | |
| value: 10000ms | |
| - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION | |
| value: 25,587,3306,4444,5432,6379,9300,11211 | |
| - name: LINKERD2_PROXY_DESTINATION_CONTEXT | |
| value: | | |
| {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)"} | |
| - name: _pod_sa | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.serviceAccountName | |
| - name: _l5d_ns | |
| value: linkerd | |
| - name: _l5d_trustdomain | |
| value: cluster.local | |
| - name: LINKERD2_PROXY_IDENTITY_DIR | |
| value: /var/run/linkerd/identity/end-entity | |
| - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS | |
| value: | | |
| -----BEGIN CERTIFICATE----- | |
| MIIBiDCCAS6gAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDExFpZGVudGl0 | |
| eS5saW5rZXJkLjAeFw0yMjExMDgwMDQ4MTdaFw0yMzExMDgwMDQ4MzdaMBwxGjAY | |
| BgNVBAMTEWlkZW50aXR5LmxpbmtlcmQuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD | |
| QgAEPoTgMbFw3e5FP8/kVHqtQKsMpvZivjFaJPes/6OC3olxKY7fBy3rjIokEjGW | |
| 744A142AV3nCUy6x8g5PqAlSWqNhMF8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQW | |
| MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW | |
| BBQjwqdfyP/3hS70EYUjSxpOjS3O/zAKBggqhkjOPQQDAgNIADBFAiEAzQhL0Bjr | |
| r0by0i9fU+toYh8GukCzRVxfiAQsoVvZHa8CIDHCli0Upm3bbSY11l3U/J1lv7U+ | |
| o/DmcZodY33VSZXq | |
| -----END CERTIFICATE----- | |
| - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE | |
| value: /var/run/secrets/tokens/linkerd-identity-token | |
| - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR | |
| value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080 | |
| - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME | |
| value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_IDENTITY_SVC_NAME | |
| value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_DESTINATION_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_POLICY_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| image: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| imagePullPolicy: IfNotPresent | |
| lifecycle: | |
| postStart: | |
| exec: | |
| command: | |
| - /usr/lib/linkerd/linkerd-await | |
| - --timeout=2m | |
| livenessProbe: | |
| httpGet: | |
| path: /live | |
| port: 4191 | |
| initialDelaySeconds: 10 | |
| name: linkerd-proxy | |
| ports: | |
| - containerPort: 4143 | |
| name: linkerd-proxy | |
| - containerPort: 4191 | |
| name: linkerd-admin | |
| readinessProbe: | |
| httpGet: | |
| path: /ready | |
| port: 4191 | |
| initialDelaySeconds: 2 | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| readOnlyRootFilesystem: true | |
| runAsUser: 2102 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| volumeMounts: | |
| - mountPath: /var/run/linkerd/identity/end-entity | |
| name: linkerd-identity-end-entity | |
| - mountPath: /var/run/secrets/tokens | |
| name: linkerd-identity-token | |
| - args: | |
| - terminus | |
| - --h1-server-port=8080 | |
| - --response-text=failing | |
| - --percent-failure=100 | |
| image: buoyantio/bb:v0.0.6 | |
| name: failing | |
| ports: | |
| - containerPort: 8080 | |
| initContainers: | |
| - args: | |
| - --incoming-proxy-port | |
| - "4143" | |
| - --outgoing-proxy-port | |
| - "4140" | |
| - --proxy-uid | |
| - "2102" | |
| - --inbound-ports-to-ignore | |
| - 4190,4191,4567,4568 | |
| - --outbound-ports-to-ignore | |
| - 4567,4568 | |
| image: cr.l5d.io/linkerd/proxy-init:v2.0.0 | |
| imagePullPolicy: IfNotPresent | |
| name: linkerd-init | |
| resources: | |
| limits: | |
| cpu: 100m | |
| memory: 20Mi | |
| requests: | |
| cpu: 100m | |
| memory: 20Mi | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| add: | |
| - NET_ADMIN | |
| - NET_RAW | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| runAsNonRoot: true | |
| runAsUser: 65534 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| volumeMounts: | |
| - mountPath: /run | |
| name: linkerd-proxy-init-xtables-lock | |
| volumes: | |
| - emptyDir: {} | |
| name: linkerd-proxy-init-xtables-lock | |
| - emptyDir: | |
| medium: Memory | |
| name: linkerd-identity-end-entity | |
| - name: linkerd-identity-token | |
| projected: | |
| sources: | |
| - serviceAccountToken: | |
| audience: identity.l5d.io | |
| expirationSeconds: 86400 | |
| path: linkerd-identity-token | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: failing-svc | |
| spec: | |
| ports: | |
| - name: http | |
| port: 8080 | |
| targetPort: 8080 | |
| selector: | |
| app: failing | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: slow-cooker | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: slow-cooker | |
| template: | |
| metadata: | |
| annotations: | |
| config.linkerd.io/proxy-image: mycoliza/l2-proxy | |
| config.linkerd.io/proxy-log-level: linkerd=DEBUG,INFO | |
| config.linkerd.io/proxy-version: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| linkerd.io/created-by: linkerd/cli git-f52bc0b3 | |
| linkerd.io/proxy-version: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| linkerd.io/trust-root-sha256: 1861098d9f2e23c015f072d105bdfd827e6703df54a2b4bec645c642dfc4c161 | |
| labels: | |
| app: slow-cooker | |
| linkerd.io/control-plane-ns: linkerd | |
| linkerd.io/proxy-deployment: slow-cooker | |
| linkerd.io/workload-ns: "" | |
| spec: | |
| containers: | |
| - env: | |
| - name: _pod_name | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: _pod_ns | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: _pod_nodeName | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| - name: LINKERD2_PROXY_LOG | |
| value: linkerd=DEBUG,INFO | |
| - name: LINKERD2_PROXY_LOG_FORMAT | |
| value: plain | |
| - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR | |
| value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086 | |
| - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS | |
| value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 | |
| - name: LINKERD2_PROXY_POLICY_SVC_ADDR | |
| value: linkerd-policy.linkerd.svc.cluster.local.:8090 | |
| - name: LINKERD2_PROXY_CLIENT_POLICY_SVC_ADDR | |
| value: linkerd-client-policy.linkerd.svc.cluster.local.:8091 | |
| - name: LINKERD2_PROXY_CLIENT_POLICY_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_POLICY_WORKLOAD | |
| value: $(_pod_ns):$(_pod_name) | |
| - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY | |
| value: all-unauthenticated | |
| - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS | |
| value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 | |
| - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT | |
| value: 100ms | |
| - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT | |
| value: 1000ms | |
| - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR | |
| value: 0.0.0.0:4190 | |
| - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR | |
| value: 0.0.0.0:4191 | |
| - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR | |
| value: 127.0.0.1:4140 | |
| - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR | |
| value: 0.0.0.0:4143 | |
| - name: LINKERD2_PROXY_INBOUND_IPS | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIPs | |
| - name: LINKERD2_PROXY_INBOUND_PORTS | |
| value: "9999" | |
| - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES | |
| value: svc.cluster.local. | |
| - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE | |
| value: 10000ms | |
| - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE | |
| value: 10000ms | |
| - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION | |
| value: 25,587,3306,4444,5432,6379,9300,11211 | |
| - name: LINKERD2_PROXY_DESTINATION_CONTEXT | |
| value: | | |
| {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)"} | |
| - name: _pod_sa | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.serviceAccountName | |
| - name: _l5d_ns | |
| value: linkerd | |
| - name: _l5d_trustdomain | |
| value: cluster.local | |
| - name: LINKERD2_PROXY_IDENTITY_DIR | |
| value: /var/run/linkerd/identity/end-entity | |
| - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS | |
| value: | | |
| -----BEGIN CERTIFICATE----- | |
| MIIBiDCCAS6gAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDExFpZGVudGl0 | |
| eS5saW5rZXJkLjAeFw0yMjExMDgwMDQ4MTdaFw0yMzExMDgwMDQ4MzdaMBwxGjAY | |
| BgNVBAMTEWlkZW50aXR5LmxpbmtlcmQuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD | |
| QgAEPoTgMbFw3e5FP8/kVHqtQKsMpvZivjFaJPes/6OC3olxKY7fBy3rjIokEjGW | |
| 744A142AV3nCUy6x8g5PqAlSWqNhMF8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQW | |
| MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW | |
| BBQjwqdfyP/3hS70EYUjSxpOjS3O/zAKBggqhkjOPQQDAgNIADBFAiEAzQhL0Bjr | |
| r0by0i9fU+toYh8GukCzRVxfiAQsoVvZHa8CIDHCli0Upm3bbSY11l3U/J1lv7U+ | |
| o/DmcZodY33VSZXq | |
| -----END CERTIFICATE----- | |
| - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE | |
| value: /var/run/secrets/tokens/linkerd-identity-token | |
| - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR | |
| value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080 | |
| - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME | |
| value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_IDENTITY_SVC_NAME | |
| value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_DESTINATION_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_POLICY_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| image: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| imagePullPolicy: IfNotPresent | |
| lifecycle: | |
| postStart: | |
| exec: | |
| command: | |
| - /usr/lib/linkerd/linkerd-await | |
| - --timeout=2m | |
| livenessProbe: | |
| httpGet: | |
| path: /live | |
| port: 4191 | |
| initialDelaySeconds: 10 | |
| name: linkerd-proxy | |
| ports: | |
| - containerPort: 4143 | |
| name: linkerd-proxy | |
| - containerPort: 4191 | |
| name: linkerd-admin | |
| readinessProbe: | |
| httpGet: | |
| path: /ready | |
| port: 4191 | |
| initialDelaySeconds: 2 | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| readOnlyRootFilesystem: true | |
| runAsUser: 2102 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| volumeMounts: | |
| - mountPath: /var/run/linkerd/identity/end-entity | |
| name: linkerd-identity-end-entity | |
| - mountPath: /var/run/secrets/tokens | |
| name: linkerd-identity-token | |
| - args: | |
| - -c | |
| - | | |
| sleep 5 # wait for pods to start | |
| /slow_cooker/slow_cooker http://backend-svc:8080 | |
| command: | |
| - /bin/sh | |
| image: buoyantio/slow_cooker:1.3.0 | |
| name: slow-cooker | |
| ports: | |
| - containerPort: 9999 | |
| initContainers: | |
| - args: | |
| - --incoming-proxy-port | |
| - "4143" | |
| - --outgoing-proxy-port | |
| - "4140" | |
| - --proxy-uid | |
| - "2102" | |
| - --inbound-ports-to-ignore | |
| - 4190,4191,4567,4568 | |
| - --outbound-ports-to-ignore | |
| - 4567,4568 | |
| image: cr.l5d.io/linkerd/proxy-init:v2.0.0 | |
| imagePullPolicy: IfNotPresent | |
| name: linkerd-init | |
| resources: | |
| limits: | |
| cpu: 100m | |
| memory: 20Mi | |
| requests: | |
| cpu: 100m | |
| memory: 20Mi | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| add: | |
| - NET_ADMIN | |
| - NET_RAW | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| runAsNonRoot: true | |
| runAsUser: 65534 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| volumeMounts: | |
| - mountPath: /run | |
| name: linkerd-proxy-init-xtables-lock | |
| volumes: | |
| - emptyDir: {} | |
| name: linkerd-proxy-init-xtables-lock | |
| - emptyDir: | |
| medium: Memory | |
| name: linkerd-identity-end-entity | |
| - name: linkerd-identity-token | |
| projected: | |
| sources: | |
| - serviceAccountToken: | |
| audience: identity.l5d.io | |
| expirationSeconds: 86400 | |
| path: linkerd-identity-token | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: slow-cooker | |
| spec: | |
| ports: | |
| - name: metrics | |
| port: 9999 | |
| targetPort: 9999 | |
| selector: | |
| app: slow-cooker | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: curl | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: curl | |
| template: | |
| metadata: | |
| annotations: | |
| config.linkerd.io/proxy-image: mycoliza/l2-proxy | |
| config.linkerd.io/proxy-log-level: linkerd=DEBUG,INFO | |
| config.linkerd.io/proxy-version: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| linkerd.io/created-by: linkerd/cli git-f52bc0b3 | |
| linkerd.io/proxy-version: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| linkerd.io/trust-root-sha256: 1861098d9f2e23c015f072d105bdfd827e6703df54a2b4bec645c642dfc4c161 | |
| labels: | |
| app: curl | |
| linkerd.io/control-plane-ns: linkerd | |
| linkerd.io/proxy-deployment: curl | |
| linkerd.io/workload-ns: "" | |
| spec: | |
| containers: | |
| - env: | |
| - name: _pod_name | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: _pod_ns | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: _pod_nodeName | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| - name: LINKERD2_PROXY_LOG | |
| value: linkerd=DEBUG,INFO | |
| - name: LINKERD2_PROXY_LOG_FORMAT | |
| value: plain | |
| - name: LINKERD2_PROXY_DESTINATION_SVC_ADDR | |
| value: linkerd-dst-headless.linkerd.svc.cluster.local.:8086 | |
| - name: LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS | |
| value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 | |
| - name: LINKERD2_PROXY_POLICY_SVC_ADDR | |
| value: linkerd-policy.linkerd.svc.cluster.local.:8090 | |
| - name: LINKERD2_PROXY_CLIENT_POLICY_SVC_ADDR | |
| value: linkerd-client-policy.linkerd.svc.cluster.local.:8091 | |
| - name: LINKERD2_PROXY_CLIENT_POLICY_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_POLICY_WORKLOAD | |
| value: $(_pod_ns):$(_pod_name) | |
| - name: LINKERD2_PROXY_INBOUND_DEFAULT_POLICY | |
| value: all-unauthenticated | |
| - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS | |
| value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 | |
| - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT | |
| value: 100ms | |
| - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT | |
| value: 1000ms | |
| - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR | |
| value: 0.0.0.0:4190 | |
| - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR | |
| value: 0.0.0.0:4191 | |
| - name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR | |
| value: 127.0.0.1:4140 | |
| - name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR | |
| value: 0.0.0.0:4143 | |
| - name: LINKERD2_PROXY_INBOUND_IPS | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIPs | |
| - name: LINKERD2_PROXY_INBOUND_PORTS | |
| value: "9999" | |
| - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES | |
| value: svc.cluster.local. | |
| - name: LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE | |
| value: 10000ms | |
| - name: LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE | |
| value: 10000ms | |
| - name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION | |
| value: 25,587,3306,4444,5432,6379,9300,11211 | |
| - name: LINKERD2_PROXY_DESTINATION_CONTEXT | |
| value: | | |
| {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)"} | |
| - name: _pod_sa | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.serviceAccountName | |
| - name: _l5d_ns | |
| value: linkerd | |
| - name: _l5d_trustdomain | |
| value: cluster.local | |
| - name: LINKERD2_PROXY_IDENTITY_DIR | |
| value: /var/run/linkerd/identity/end-entity | |
| - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS | |
| value: | | |
| -----BEGIN CERTIFICATE----- | |
| MIIBiDCCAS6gAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDExFpZGVudGl0 | |
| eS5saW5rZXJkLjAeFw0yMjExMDgwMDQ4MTdaFw0yMzExMDgwMDQ4MzdaMBwxGjAY | |
| BgNVBAMTEWlkZW50aXR5LmxpbmtlcmQuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD | |
| QgAEPoTgMbFw3e5FP8/kVHqtQKsMpvZivjFaJPes/6OC3olxKY7fBy3rjIokEjGW | |
| 744A142AV3nCUy6x8g5PqAlSWqNhMF8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQW | |
| MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW | |
| BBQjwqdfyP/3hS70EYUjSxpOjS3O/zAKBggqhkjOPQQDAgNIADBFAiEAzQhL0Bjr | |
| r0by0i9fU+toYh8GukCzRVxfiAQsoVvZHa8CIDHCli0Upm3bbSY11l3U/J1lv7U+ | |
| o/DmcZodY33VSZXq | |
| -----END CERTIFICATE----- | |
| - name: LINKERD2_PROXY_IDENTITY_TOKEN_FILE | |
| value: /var/run/secrets/tokens/linkerd-identity-token | |
| - name: LINKERD2_PROXY_IDENTITY_SVC_ADDR | |
| value: linkerd-identity-headless.linkerd.svc.cluster.local.:8080 | |
| - name: LINKERD2_PROXY_IDENTITY_LOCAL_NAME | |
| value: $(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_IDENTITY_SVC_NAME | |
| value: linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_DESTINATION_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| - name: LINKERD2_PROXY_POLICY_SVC_NAME | |
| value: linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local | |
| image: mycoliza/l2-proxy:eliza.route-splitting.446f233a | |
| imagePullPolicy: IfNotPresent | |
| lifecycle: | |
| postStart: | |
| exec: | |
| command: | |
| - /usr/lib/linkerd/linkerd-await | |
| - --timeout=2m | |
| livenessProbe: | |
| httpGet: | |
| path: /live | |
| port: 4191 | |
| initialDelaySeconds: 10 | |
| name: linkerd-proxy | |
| ports: | |
| - containerPort: 4143 | |
| name: linkerd-proxy | |
| - containerPort: 4191 | |
| name: linkerd-admin | |
| readinessProbe: | |
| httpGet: | |
| path: /ready | |
| port: 4191 | |
| initialDelaySeconds: 2 | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| readOnlyRootFilesystem: true | |
| runAsUser: 2102 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| volumeMounts: | |
| - mountPath: /var/run/linkerd/identity/end-entity | |
| name: linkerd-identity-end-entity | |
| - mountPath: /var/run/secrets/tokens | |
| name: linkerd-identity-token | |
| - image: appropriate/curl | |
| imagePullPolicy: Always | |
| command: | |
| - sleep | |
| - 365d | |
| name: curl | |
| initContainers: | |
| - args: | |
| - --incoming-proxy-port | |
| - "4143" | |
| - --outgoing-proxy-port | |
| - "4140" | |
| - --proxy-uid | |
| - "2102" | |
| - --inbound-ports-to-ignore | |
| - 4190,4191,4567,4568 | |
| - --outbound-ports-to-ignore | |
| - 4567,4568 | |
| image: cr.l5d.io/linkerd/proxy-init:v2.0.0 | |
| imagePullPolicy: IfNotPresent | |
| name: linkerd-init | |
| resources: | |
| limits: | |
| cpu: 100m | |
| memory: 20Mi | |
| requests: | |
| cpu: 100m | |
| memory: 20Mi | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| add: | |
| - NET_ADMIN | |
| - NET_RAW | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| runAsNonRoot: true | |
| runAsUser: 65534 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| volumeMounts: | |
| - mountPath: /run | |
| name: linkerd-proxy-init-xtables-lock | |
| volumes: | |
| - emptyDir: {} | |
| name: linkerd-proxy-init-xtables-lock | |
| - emptyDir: | |
| medium: Memory | |
| name: linkerd-identity-end-entity | |
| - name: linkerd-identity-token | |
| projected: | |
| sources: | |
| - serviceAccountToken: | |
| audience: identity.l5d.io | |
| expirationSeconds: 86400 | |
| path: linkerd-identity-token | |
| --- | |
| apiVersion: policy.linkerd.io/v1beta1 | |
| kind: HTTPRoute | |
| metadata: | |
| name: split | |
| spec: | |
| parentRefs: | |
| - name: backend-svc | |
| kind: Service | |
| group: core | |
| port: 8080 | |
| rules: | |
| - backendRefs: | |
| - name: backend-svc | |
| port: 8080 | |
| - matches: | |
| - headers: | |
| - name: fail | |
| value: "true" | |
| backendRefs: | |
| - name: failing-svc | |
| port: 8080 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment