ankurcha · May 16, 2017 16:46
diff --git a/linkerd.yaml b/linkerd.yaml
 # runs linkerd in a daemonset, in linker-to-linker mode, with TLS for all calls
 # from linkerd to linkerd
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: l5d-config
 data:
  config.yaml: |-
    admin:
      port: 9990

    namers:
    - kind: io.l5d.k8s
      experimental: true

    telemetry:
    - kind: io.l5d.prometheus
    - kind: io.l5d.recentRequests
      sampleRate: 0.25

    routers:
    ## outgoing configurations ##
    - protocol: http
      label: http-ingress
      interpreter:
        kind: io.l5d.mesh
        experimental: true
        root: /http
        dst: /$/inet/namerd/4321
        transformers:
        - kind: io.l5d.k8s.daemonset
          namespace: l5d-system
          port: http-internal
          service: l5d
      servers:
      - port: 4100
        ip: 0.0.0.0
        engine:
          kind: netty4
      - port: 4200
        ip: 0.0.0.0
        engine:
          kind: netty4
        tls:
          certPath: /etc/l5d/tls/certificate.pem
          keyPath: /etc/l5d/tls/key.pkcs8
      client:
        engine:
          kind: netty4
        tls:
          commonName: l5d
          trustCerts:
          - /etc/l5d/tls/ca.pem
    - protocol: http
      label: http-internal
      interpreter:
        kind: io.l5d.mesh
        experimental: true
        root: /http
        dst: /$/inet/namerd/4321
        transformers:
        - kind: io.l5d.k8s.localnode
      servers:
      - port: 4300
        ip: 0.0.0.0
        engine:
          kind: netty4
        tls:
          certPath: /etc/l5d/tls/certificate.pem
          keyPath: /etc/l5d/tls/key.pkcs8
    - protocol: h2
      experimental: true
      label: h2-ingress
      interpreter:
        kind: io.l5d.mesh
        experimental: true
        root: /h2
        dst: /$/inet/namerd/4321
        transformers:
        - kind: io.l5d.k8s.daemonset
          namespace: l5d-system
          port: h2-internal
          service: l5d
      servers:
      - port: 5100
        ip: 0.0.0.0
      - port: 5200
        ip: 0.0.0.0
        tls:
          certPath: /etc/l5d/tls/certificate.pem
          keyPath: /etc/l5d/tls/key.pkcs8
      client:
        tls:
          commonName: l5d
          trustCerts:
          - /etc/l5d/tls/ca.pem
    - protocol: h2
      experimental: true
      label: h2-internal
      interpreter:
        kind: io.l5d.mesh
        experimental: true
        root: /h2
        dst: /$/inet/namerd/4321
        transformers:
        - kind: io.l5d.k8s.localnode
      servers:
      - port: 5300
        ip: 0.0.0.0
        tls:
          certPath: /etc/l5d/tls/certificate.pem
          keyPath: /etc/l5d/tls/key.pkcs8

 ---
 apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
  labels:
    app: l5d
  name: l5d
 spec:
  template:
    metadata:
      labels:
        app: l5d
    spec:
      volumes:
      - name: l5d-config
        configMap:
          name: l5d-config
      - name: l5d-pki
        secret:
          secretName: l5d-pki
      containers:
      - name: l5d
        image: buoyantio/linkerd:1.0.0
        env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        args:
        - /etc/l5d/config/config.yaml
        ports:
        - {name: http-ingress,  containerPort: 4100, hostPort: 4100}
        - {name: https-ingress, containerPort: 4200, hostPort: 4200}
        - {name: http-internal, containerPort: 4300                }
        - {name: h2-ingress,    containerPort: 5100, hostPort: 5100}
        - {name: h2s-ingress,   containerPort: 5200, hostPort: 5200}
        - {name: h2-internal,   containerPort: 5300                }
        - {name: admin,         containerPort: 9990                }
        volumeMounts:
        - name: "l5d-config"
          mountPath: "/etc/l5d/config"
          readOnly: true
        - name: "l5d-pki"
          mountPath: "/etc/l5d/tls"
          readOnly: true

      - name: kubectl
        image: buoyantio/kubectl:v1.4.0
        args:
        - "proxy"
        - "-p"
        - "8001"
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: l5d
 spec:
  selector:
    app: l5d
  type: LoadBalancer
  ports:
  - {name: http-ingress,  port: 4100}
  - {name: https-ingress, port: 4200}
  - {name: http-internal, port: 4300}
  - {name: h2-ingress,    port: 5100}
  - {name: h2s-ingress,   port: 5200}
  - {name: h2-internal,   port: 5300}
  - {name: admin,         port: 9990}
diff --git a/namerd-dtabs.sh b/namerd-dtabs.sh
 # create dtabs for h2 / grpc
 namerctl dtab create h2 --base-url http://localhost:4180 - <<EOF
 /domain/production => /#/io.l5d.k8s/production/8443;
 /domain/staging    => /#/io.l5d.k8s/staging/8443;
 /domain/qa         => /#/io.l5d.k8s/qa/8443;
 /svc               => /$/io.buoyant.http.domainToPathPfx/domain;
 EOF

 # create dtabs for http(s)
 namerctl dtab create http --base-url http://localhost:4180 - <<EOF
 /domain/production => /#/io.l5d.k8s/production/8080;
 /domain/staging    => /#/io.l5d.k8s/staging/8080;
 /domain/qa         => /#/io.l5d.k8s/qa/8080;
 /svc               => /$/io.buoyant.http.domainToPathPfx/domain;
 EOF
	# runs linkerd in a daemonset, in linker-to-linker mode, with TLS for all calls
	# from linkerd to linkerd
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: l5d-config
	data:
	config.yaml: \|-
	admin:
	port: 9990

	namers:
	- kind: io.l5d.k8s
	experimental: true

	telemetry:
	- kind: io.l5d.prometheus
	- kind: io.l5d.recentRequests
	sampleRate: 0.25

	routers:
	## outgoing configurations ##
	- protocol: http
	label: http-ingress
	interpreter:
	kind: io.l5d.mesh
	experimental: true
	root: /http
	dst: /$/inet/namerd/4321
	transformers:
	- kind: io.l5d.k8s.daemonset
	namespace: l5d-system
	port: http-internal
	service: l5d
	servers:
	- port: 4100
	ip: 0.0.0.0
	engine:
	kind: netty4
	- port: 4200
	ip: 0.0.0.0
	engine:
	kind: netty4
	tls:
	certPath: /etc/l5d/tls/certificate.pem
	keyPath: /etc/l5d/tls/key.pkcs8
	client:
	engine:
	kind: netty4
	tls:
	commonName: l5d
	trustCerts:
	- /etc/l5d/tls/ca.pem
	- protocol: http
	label: http-internal
	interpreter:
	kind: io.l5d.mesh
	experimental: true
	root: /http
	dst: /$/inet/namerd/4321
	transformers:
	- kind: io.l5d.k8s.localnode
	servers:
	- port: 4300
	ip: 0.0.0.0
	engine:
	kind: netty4
	tls:
	certPath: /etc/l5d/tls/certificate.pem
	keyPath: /etc/l5d/tls/key.pkcs8
	- protocol: h2
	experimental: true
	label: h2-ingress
	interpreter:
	kind: io.l5d.mesh
	experimental: true
	root: /h2
	dst: /$/inet/namerd/4321
	transformers:
	- kind: io.l5d.k8s.daemonset
	namespace: l5d-system
	port: h2-internal
	service: l5d
	servers:
	- port: 5100
	ip: 0.0.0.0
	- port: 5200
	ip: 0.0.0.0
	tls:
	certPath: /etc/l5d/tls/certificate.pem
	keyPath: /etc/l5d/tls/key.pkcs8
	client:
	tls:
	commonName: l5d
	trustCerts:
	- /etc/l5d/tls/ca.pem
	- protocol: h2
	experimental: true
	label: h2-internal
	interpreter:
	kind: io.l5d.mesh
	experimental: true
	root: /h2
	dst: /$/inet/namerd/4321
	transformers:
	- kind: io.l5d.k8s.localnode
	servers:
	- port: 5300
	ip: 0.0.0.0
	tls:
	certPath: /etc/l5d/tls/certificate.pem
	keyPath: /etc/l5d/tls/key.pkcs8

	---
	apiVersion: extensions/v1beta1
	kind: DaemonSet
	metadata:
	labels:
	app: l5d
	name: l5d
	spec:
	template:
	metadata:
	labels:
	app: l5d
	spec:
	volumes:
	- name: l5d-config
	configMap:
	name: l5d-config
	- name: l5d-pki
	secret:
	secretName: l5d-pki
	containers:
	- name: l5d
	image: buoyantio/linkerd:1.0.0
	env:
	- name: POD_IP
	valueFrom:
	fieldRef:
	fieldPath: status.podIP
	args:
	- /etc/l5d/config/config.yaml
	ports:
	- {name: http-ingress, containerPort: 4100, hostPort: 4100}
	- {name: https-ingress, containerPort: 4200, hostPort: 4200}
	- {name: http-internal, containerPort: 4300 }
	- {name: h2-ingress, containerPort: 5100, hostPort: 5100}
	- {name: h2s-ingress, containerPort: 5200, hostPort: 5200}
	- {name: h2-internal, containerPort: 5300 }
	- {name: admin, containerPort: 9990 }
	volumeMounts:
	- name: "l5d-config"
	mountPath: "/etc/l5d/config"
	readOnly: true
	- name: "l5d-pki"
	mountPath: "/etc/l5d/tls"
	readOnly: true

	- name: kubectl
	image: buoyantio/kubectl:v1.4.0
	args:
	- "proxy"
	- "-p"
	- "8001"
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: l5d
	spec:
	selector:
	app: l5d
	type: LoadBalancer
	ports:
	- {name: http-ingress, port: 4100}
	- {name: https-ingress, port: 4200}
	- {name: http-internal, port: 4300}
	- {name: h2-ingress, port: 5100}
	- {name: h2s-ingress, port: 5200}
	- {name: h2-internal, port: 5300}
	- {name: admin, port: 9990}
	# create dtabs for h2 / grpc
	namerctl dtab create h2 --base-url http://localhost:4180 - <<EOF
	/domain/production => /#/io.l5d.k8s/production/8443;
	/domain/staging => /#/io.l5d.k8s/staging/8443;
	/domain/qa => /#/io.l5d.k8s/qa/8443;
	/svc => /$/io.buoyant.http.domainToPathPfx/domain;
	EOF

	# create dtabs for http(s)
	namerctl dtab create http --base-url http://localhost:4180 - <<EOF
	/domain/production => /#/io.l5d.k8s/production/8080;
	/domain/staging => /#/io.l5d.k8s/staging/8080;
	/domain/qa => /#/io.l5d.k8s/qa/8080;
	/svc => /$/io.buoyant.http.domainToPathPfx/domain;
	EOF