From 6508c836f3954bf6c66e48fe507b1df25833ddfb Mon Sep 17 00:00:00 2001 From: jan-kantert <66950100+jan-kantert@users.noreply.github.com> Date: Thu, 5 Oct 2023 14:46:58 +0200 Subject: [PATCH 1/7] Update _proxy.tpl Add timeout config for readinessProbe and livenessProbes --- charts/partials/templates/_proxy.tpl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/partials/templates/_proxy.tpl b/charts/partials/templates/_proxy.tpl index 7bb187d5eaa9a..f133dff409b96 100644 --- a/charts/partials/templates/_proxy.tpl +++ b/charts/partials/templates/_proxy.tpl @@ -169,7 +169,8 @@ livenessProbe: httpGet: path: /live port: {{.Values.proxy.ports.admin}} - initialDelaySeconds: 10 + initialDelaySeconds: {{.Values.proxy.livenessProbe.initialDelaySeconds | default 10}} + timeoutSeconds: {{.Values.proxy.livenessProbe.timeoutSeconds | default 30}} name: linkerd-proxy ports: - containerPort: {{.Values.proxy.ports.inbound}} @@ -180,7 +181,8 @@ readinessProbe: httpGet: path: /ready port: {{.Values.proxy.ports.admin}} - initialDelaySeconds: 2 + initialDelaySeconds: {{.Values.proxy.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{.Values.proxy.readinessProbe.timeoutSeconds }} {{- if and .Values.proxy.nativeSidecar .Values.proxy.await }} startupProbe: httpGet: From 1f4c7e76c3d931cd2a4f0b9b613087aa96db1931 Mon Sep 17 00:00:00 2001 From: jan-kantert <66950100+jan-kantert@users.noreply.github.com> Date: Thu, 5 Oct 2023 14:52:25 +0200 Subject: [PATCH 2/7] Update values.yaml Add defaults for timeouts and delays --- charts/linkerd-control-plane/values.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/charts/linkerd-control-plane/values.yaml b/charts/linkerd-control-plane/values.yaml index 54e7522d68f47..5bc030a513673 100644 --- a/charts/linkerd-control-plane/values.yaml +++ b/charts/linkerd-control-plane/values.yaml @@ -198,11 +198,20 @@ proxy: # "all-unauthenticated", "cluster-authenticated", "cluster-unauthenticated", "deny" # @default -- "all-unauthenticated" defaultInboundPolicy: "all-unauthenticated" +<<<<<<< HEAD # -- Enable KEP-753 native sidecars # This is an experimental feature. It requires Kubernetes >= 1.29. # If enabled, .proxy.waitBeforeExitSeconds should not be used. nativeSidecar: false # -- Native sidecar proxy startup probe parameters. + # -- LivenessProbe timeout and delay configuration + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 30 + # -- ReadinessProbe timeout and delay configuration + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 5 startupProbe: initialDelaySeconds: 0 periodSeconds: 1 From 960c3ff6fd2ca1015cdb6f4f88196c3c9d18b28a Mon Sep 17 00:00:00 2001 From: jan-kantert <66950100+jan-kantert@users.noreply.github.com> Date: Mon, 23 Oct 2023 15:05:45 +0200 Subject: [PATCH 3/7] Update values.yaml Changed to previous default --- charts/linkerd-control-plane/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/linkerd-control-plane/values.yaml b/charts/linkerd-control-plane/values.yaml index 5bc030a513673..6e34c1706a31e 100644 --- a/charts/linkerd-control-plane/values.yaml +++ b/charts/linkerd-control-plane/values.yaml @@ -207,11 +207,11 @@ proxy: # -- LivenessProbe timeout and delay configuration livenessProbe: initialDelaySeconds: 10 - timeoutSeconds: 30 + timeoutSeconds: 1 # -- ReadinessProbe timeout and delay configuration readinessProbe: initialDelaySeconds: 2 - timeoutSeconds: 5 + timeoutSeconds: 1 startupProbe: initialDelaySeconds: 0 periodSeconds: 1 From 4f2585ce165929e9a2bb170b3993b441b9ba2655 Mon Sep 17 00:00:00 2001 From: jan-kantert <66950100+jan-kantert@users.noreply.github.com> Date: Mon, 23 Oct 2023 15:06:14 +0200 Subject: [PATCH 4/7] Update _proxy.tpl changed to previous default --- charts/partials/templates/_proxy.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/partials/templates/_proxy.tpl b/charts/partials/templates/_proxy.tpl index f133dff409b96..3678eb23abc87 100644 --- a/charts/partials/templates/_proxy.tpl +++ b/charts/partials/templates/_proxy.tpl @@ -170,7 +170,7 @@ livenessProbe: path: /live port: {{.Values.proxy.ports.admin}} initialDelaySeconds: {{.Values.proxy.livenessProbe.initialDelaySeconds | default 10}} - timeoutSeconds: {{.Values.proxy.livenessProbe.timeoutSeconds | default 30}} + timeoutSeconds: {{.Values.proxy.livenessProbe.timeoutSeconds | default 1}} name: linkerd-proxy ports: - containerPort: {{.Values.proxy.ports.inbound}} From 1fa578d8cf9a50bd7e4fc3391d99bf89d74cac4e Mon Sep 17 00:00:00 2001 From: Matei David Date: Tue, 5 Dec 2023 12:04:37 +0000 Subject: [PATCH 5/7] Add Go struct values Signed-off-by: Matei David --- pkg/charts/linkerd2/values.go | 7 +++++++ pkg/charts/linkerd2/values_test.go | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index eb17e93522f55..6ad4776c0fa74 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -121,6 +121,8 @@ type ( ShutdownGracePeriod string `json:"shutdownGracePeriod"` NativeSidecar bool `json:"nativeSidecar"` StartupProbe *StartupProbe `json:"startupProbe"` + ReadinessProbe *Probe `json:"readinessProbe"` + LivenessProbe *Probe `json:"livenessProbe"` Control *ProxyControl `json:"control"` ExperimentalEnv map[string]string `json:"experimentalEnv"` @@ -214,6 +216,11 @@ type ( Outbound int32 `json:"outbound"` } + Probe struct { + InitialDelaySeconds uint `json:"initialDelaySeconds"` + TimeoutSeconds uint `json:"timeoutSeconds"` + } + // Constraints wraps the Limit and Request settings for computational resources Constraints struct { Limit string `json:"limit"` diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index 3b6487c86e8dd..0a516df51e001 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -139,6 +139,13 @@ func TestNewValues(t *testing.T) { InitialDelaySeconds: 0, PeriodSeconds: 1, }, + ReadinessProbe: &Probe{ + InitialDelaySeconds: 2, + TimeoutSeconds: 1, + }, + LivenessProbe: &Probe{ + InitialDelaySeconds: 10, + TimeoutSeconds: 1, Control: &ProxyControl{ Streams: &ProxyControlStreams{ InitialTimeout: "3s", From 822cb770eedfe018398bb0b2a5d26fbfebba9456 Mon Sep 17 00:00:00 2001 From: Matei David Date: Tue, 5 Dec 2023 12:42:55 +0000 Subject: [PATCH 6/7] Update tests Signed-off-by: Matei David --- cli/cmd/install_test.go | 8 ++++++++ .../expected/injected_nginx.yaml | 2 ++ .../expected/injected_nginx_redis.yaml | 4 ++++ .../expected/injected_redis.yaml | 2 ++ cli/cmd/testdata/inject_contour.golden.yml | 2 ++ ...ject_emojivoto_already_injected.golden.yml | 8 ++++++++ .../inject_emojivoto_deployment.golden.yml | 2 ++ ...emojivoto_deployment_access_log.golden.yml | 2 ++ ...omountServiceAccountToken_false.golden.yml | 2 ++ ...ojivoto_deployment_capabilities.golden.yml | 2 ++ ...oto_deployment_config_overrides.golden.yml | 2 ++ ...voto_deployment_controller_name.golden.yml | 4 ++++ ...ject_emojivoto_deployment_debug.golden.yml | 2 ++ ...voto_deployment_empty_resources.golden.yml | 2 ++ ...to_deployment_hostNetwork_false.golden.yml | 2 ++ ...ivoto_deployment_native_sidecar.golden.yml | 2 ++ ...to_deployment_no_init_container.golden.yml | 2 ++ ...ojivoto_deployment_opaque_ports.golden.yml | 2 ++ ...emojivoto_deployment_overridden.golden.yml | 2 ++ ...ojivoto_deployment_proxyignores.golden.yml | 2 ++ ...inject_emojivoto_deployment_udp.golden.yml | 2 ++ .../testdata/inject_emojivoto_list.golden.yml | 4 ++++ ..._emojivoto_list_empty_resources.golden.yml | 4 ++++ .../testdata/inject_emojivoto_pod.golden.yml | 2 ++ .../inject_emojivoto_pod_ingress.golden.yml | 2 ++ ...ject_emojivoto_pod_proxyignores.golden.yml | 2 ++ ...ect_emojivoto_pod_with_requests.golden.yml | 2 ++ .../inject_emojivoto_statefulset.golden.yml | 2 ++ .../inject_gettest_deployment.good.golden.yml | 4 ++++ .../inject_tap_deployment_debug.golden.yml | 2 ++ ...install_controlplane_tracing_output.golden | 15 ++++++++++++++ cli/cmd/testdata/install_custom_domain.golden | 15 ++++++++++++++ .../testdata/install_custom_registry.golden | 15 ++++++++++++++ cli/cmd/testdata/install_default.golden | 15 ++++++++++++++ ...stall_default_override_dst_get_nets.golden | 15 ++++++++++++++ cli/cmd/testdata/install_default_token.golden | 15 ++++++++++++++ cli/cmd/testdata/install_ha_output.golden | 15 ++++++++++++++ .../install_ha_with_overrides_output.golden | 15 ++++++++++++++ .../install_heartbeat_disabled_output.golden | 15 ++++++++++++++ .../install_helm_control_plane_output.golden | 15 ++++++++++++++ ...nstall_helm_control_plane_output_ha.golden | 15 ++++++++++++++ .../install_helm_output_ha_labels.golden | 15 ++++++++++++++ ...l_helm_output_ha_namespace_selector.golden | 15 ++++++++++++++ .../testdata/install_no_init_container.golden | 15 ++++++++++++++ cli/cmd/testdata/install_output.golden | 20 ++++++++++++++++--- cli/cmd/testdata/install_proxy_ignores.golden | 15 ++++++++++++++ cli/cmd/testdata/install_values_file.golden | 15 ++++++++++++++ .../fake/data/pod-with-debug.patch.json | 6 ++++-- .../data/pod-with-ns-annotations.patch.json | 6 ++++-- .../proxy-injector/fake/data/pod.patch.json | 6 ++++-- 50 files changed, 351 insertions(+), 9 deletions(-) diff --git a/cli/cmd/install_test.go b/cli/cmd/install_test.go index 42e78858f7afe..74fa5fd165cfa 100644 --- a/cli/cmd/install_test.go +++ b/cli/cmd/install_test.go @@ -100,6 +100,14 @@ func TestRender(t *testing.T) { OpaquePorts: "25,443,587,3306,5432,11211", Await: true, DefaultInboundPolicy: "default-allow-policy", + LivenessProbe: &charts.Probe{ + InitialDelaySeconds: 10, + TimeoutSeconds: 1, + }, + ReadinessProbe: &charts.Probe{ + InitialDelaySeconds: 2, + TimeoutSeconds: 1, + }, }, ProxyInit: &charts.ProxyInit{ IptablesMode: "legacy", diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml index f54302b0c4c4a..276bb94f287eb 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml @@ -137,6 +137,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -148,6 +149,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml index c29b1c15c5d20..8835572286b1f 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml @@ -137,6 +137,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -148,6 +149,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -357,6 +359,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -368,6 +371,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml index 64f843149b165..0264966bed530 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml @@ -137,6 +137,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -148,6 +149,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_contour.golden.yml b/cli/cmd/testdata/inject_contour.golden.yml index f0fbe708a3c83..a399c1cceaf30 100644 --- a/cli/cmd/testdata/inject_contour.golden.yml +++ b/cli/cmd/testdata/inject_contour.golden.yml @@ -145,6 +145,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -156,6 +157,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml index 066d61ef5e19a..9f89d4909beba 100644 --- a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml @@ -139,6 +139,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -150,6 +151,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -370,6 +372,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -381,6 +384,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -601,6 +605,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -612,6 +617,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -832,6 +838,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -843,6 +850,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml index a5e12f6180e80..42872e879b779 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml @@ -139,6 +139,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -150,6 +151,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml index 7fa9baab5e9d0..584e381d2c98e 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml @@ -142,6 +142,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -153,6 +154,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml index 6cda7e09671ff..f0f2aa24098b8 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml @@ -140,6 +140,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -151,6 +152,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml index af2980a20cfa0..0fd6cabf7c618 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml @@ -139,6 +139,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -150,6 +151,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml index bd541fcbb9464..462c91aff7909 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml @@ -149,6 +149,7 @@ spec: path: /live port: 9998 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -160,6 +161,7 @@ spec: path: /ready port: 9998 initialDelaySeconds: 2 + timeoutSeconds: 1 resources: limits: cpu: "1" diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml index 31af59bc8b3ff..7d35cd6939cc5 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml @@ -139,6 +139,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -150,6 +151,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -370,6 +372,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -381,6 +384,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml index a03614bc19fd4..fe438d9335bb8 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml @@ -140,6 +140,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -151,6 +152,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml index d9da3231f904e..e86ec8510b717 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml @@ -139,6 +139,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -150,6 +151,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml index 296d130fc961f..55f7dbe438165 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml @@ -139,6 +139,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -150,6 +151,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml index a02eb5b1c25e5..a759d6c3b8ee1 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml @@ -185,6 +185,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -196,6 +197,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 restartPolicy: Always securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml index fff2448b4d245..1bcb50fb3a82f 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml @@ -139,6 +139,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -150,6 +151,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml index 6f005e6a2c0a7..befda57b48c83 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml @@ -140,6 +140,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -151,6 +152,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml index 86912d6cadce7..2c806256df212 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml @@ -140,6 +140,7 @@ spec: path: /live port: 1234 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -151,6 +152,7 @@ spec: path: /ready port: 1234 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml index 76890e12da561..1ce74ebdb6365 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml @@ -141,6 +141,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -152,6 +153,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml index fe22f43193928..af48a5446d713 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml @@ -139,6 +139,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -150,6 +151,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_list.golden.yml b/cli/cmd/testdata/inject_emojivoto_list.golden.yml index f9e54ec3862b9..70536306d72c3 100644 --- a/cli/cmd/testdata/inject_emojivoto_list.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list.golden.yml @@ -141,6 +141,7 @@ items: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -152,6 +153,7 @@ items: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -371,6 +373,7 @@ items: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -382,6 +385,7 @@ items: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml index 72fcf66e2774c..48452e90eea52 100644 --- a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml @@ -141,6 +141,7 @@ items: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -152,6 +153,7 @@ items: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -371,6 +373,7 @@ items: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -382,6 +385,7 @@ items: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml index 93c5c02110218..117b4d7330c00 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml @@ -130,6 +130,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -141,6 +142,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml index ff85a2a5ec33c..54e6120d28c49 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml @@ -133,6 +133,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -144,6 +145,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml index 7ce5d234f8e0d..2728fb63bb37b 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml @@ -132,6 +132,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -143,6 +144,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml index 745c45dc4bbd3..18376ffaff8d7 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml @@ -134,6 +134,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -145,6 +146,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 resources: limits: cpu: 160m diff --git a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml index f2f51c98baae0..b155a9db342fb 100644 --- a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml @@ -140,6 +140,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -151,6 +152,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml index bc660d7ad717b..413b29e465cd5 100644 --- a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml +++ b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml @@ -135,6 +135,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -146,6 +147,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -368,6 +370,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -379,6 +382,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml index 05fb2b80db4e0..43c39096eb2d0 100644 --- a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml @@ -156,6 +156,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -167,6 +168,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index 17354f7e55485..a5842fe2d1001 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -641,6 +641,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -653,6 +656,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1016,6 +1022,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1027,6 +1034,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1349,6 +1358,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1360,6 +1370,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1782,6 +1794,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1793,6 +1806,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_custom_domain.golden b/cli/cmd/testdata/install_custom_domain.golden index e872b5a48965d..ee2ca8270bf08 100644 --- a/cli/cmd/testdata/install_custom_domain.golden +++ b/cli/cmd/testdata/install_custom_domain.golden @@ -641,6 +641,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -653,6 +656,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1015,6 +1021,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1026,6 +1033,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1348,6 +1357,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1359,6 +1369,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1780,6 +1792,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1791,6 +1804,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index 089e06bed5c8f..ad615aaaac53d 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -641,6 +641,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -653,6 +656,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1015,6 +1021,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1026,6 +1033,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1348,6 +1357,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1359,6 +1369,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1780,6 +1792,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1791,6 +1804,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index e872b5a48965d..ee2ca8270bf08 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -641,6 +641,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -653,6 +656,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1015,6 +1021,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1026,6 +1033,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1348,6 +1357,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1359,6 +1369,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1780,6 +1792,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1791,6 +1804,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_default_override_dst_get_nets.golden b/cli/cmd/testdata/install_default_override_dst_get_nets.golden index c86044d96bf7a..94a6c168a95d3 100644 --- a/cli/cmd/testdata/install_default_override_dst_get_nets.golden +++ b/cli/cmd/testdata/install_default_override_dst_get_nets.golden @@ -641,6 +641,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -653,6 +656,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1015,6 +1021,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1026,6 +1033,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1348,6 +1357,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1359,6 +1369,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1780,6 +1792,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1791,6 +1804,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_default_token.golden b/cli/cmd/testdata/install_default_token.golden index 5d0350cddf4a8..bc44ac93b653c 100644 --- a/cli/cmd/testdata/install_default_token.golden +++ b/cli/cmd/testdata/install_default_token.golden @@ -641,6 +641,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -653,6 +656,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1015,6 +1021,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1026,6 +1033,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1339,6 +1348,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1350,6 +1360,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1762,6 +1774,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1773,6 +1786,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index f2a82115197a2..da868b4368ff2 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -668,6 +668,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -680,6 +683,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1092,6 +1098,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1103,6 +1110,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1465,6 +1474,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1476,6 +1486,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1933,6 +1945,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1944,6 +1957,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 1febd663bf622..fe7abc3192be7 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -668,6 +668,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -680,6 +683,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1092,6 +1098,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1103,6 +1110,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1465,6 +1474,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1476,6 +1486,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1933,6 +1945,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1944,6 +1957,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index 7662b6a56ad2c..40237edf2ef8d 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -572,6 +572,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -584,6 +587,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -946,6 +952,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -957,6 +964,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1279,6 +1288,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1290,6 +1300,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1651,6 +1663,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1662,6 +1675,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_helm_control_plane_output.golden b/cli/cmd/testdata/install_helm_control_plane_output.golden index adb265e729f82..90ae6595914f3 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output.golden @@ -618,6 +618,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -630,6 +633,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -988,6 +994,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -999,6 +1006,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1323,6 +1332,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1334,6 +1344,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1759,6 +1771,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1770,6 +1783,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden index b05e1eb0c08b6..47a21231ee1f4 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden @@ -645,6 +645,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -657,6 +660,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1065,6 +1071,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1076,6 +1083,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1440,6 +1449,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1451,6 +1461,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1912,6 +1924,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1923,6 +1936,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" diff --git a/cli/cmd/testdata/install_helm_output_ha_labels.golden b/cli/cmd/testdata/install_helm_output_ha_labels.golden index dc754310374ac..81984ae907a84 100644 --- a/cli/cmd/testdata/install_helm_output_ha_labels.golden +++ b/cli/cmd/testdata/install_helm_output_ha_labels.golden @@ -649,6 +649,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -661,6 +664,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1073,6 +1079,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1084,6 +1091,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1452,6 +1461,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1463,6 +1473,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1932,6 +1944,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1943,6 +1956,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" diff --git a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden index 499ef81cc82d8..a44bf62049083 100644 --- a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden +++ b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden @@ -640,6 +640,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -652,6 +655,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1055,6 +1061,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1066,6 +1073,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1430,6 +1439,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1441,6 +1451,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" @@ -1902,6 +1914,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1913,6 +1926,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: memory: "250Mi" diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index 8768ea6b4831d..2fa8d94ba802b 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -641,6 +641,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -653,6 +656,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1015,6 +1021,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1026,6 +1033,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1342,6 +1351,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1353,6 +1363,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1768,6 +1780,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1779,6 +1792,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index 3b2209808d4c8..9f51f5376349f 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -617,6 +617,9 @@ data: inboundDiscoveryCacheUnusedTimeout: "" isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info nativeSidecar: false @@ -629,6 +632,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -830,7 +836,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - args: - identity @@ -980,6 +986,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -991,6 +998,7 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 resources: limits: cpu: "cpu-limit" @@ -1210,7 +1218,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1310,6 +1318,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1321,6 +1330,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: cpu: "cpu-limit" @@ -1646,7 +1657,7 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - + containers: - env: - name: _pod_name @@ -1746,6 +1757,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1757,6 +1769,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: limits: cpu: "cpu-limit" diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index 101ba5eeafbce..a1ea6192ea1ac 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -641,6 +641,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -653,6 +656,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1015,6 +1021,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1026,6 +1033,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1348,6 +1357,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1359,6 +1369,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1780,6 +1792,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1791,6 +1804,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/cli/cmd/testdata/install_values_file.golden b/cli/cmd/testdata/install_values_file.golden index 54aff46a284cb..50350417c3b60 100644 --- a/cli/cmd/testdata/install_values_file.golden +++ b/cli/cmd/testdata/install_values_file.golden @@ -641,6 +641,9 @@ data: inboundDiscoveryCacheUnusedTimeout: 90s isGateway: false isIngress: false + livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 logFormat: plain logLevel: warn,linkerd=info,trust_dns=error nativeSidecar: false @@ -653,6 +656,9 @@ data: control: 4190 inbound: 4143 outbound: 4140 + readinessProbe: + initialDelaySeconds: 2 + timeoutSeconds: 1 requireIdentityOnInboundPorts: "" resources: cpu: @@ -1015,6 +1021,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1026,6 +1033,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1348,6 +1357,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1359,6 +1369,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false @@ -1780,6 +1792,7 @@ spec: path: /live port: 4191 initialDelaySeconds: 10 + timeoutSeconds: 1 name: linkerd-proxy ports: - containerPort: 4143 @@ -1791,6 +1804,8 @@ spec: path: /ready port: 4191 initialDelaySeconds: 2 + timeoutSeconds: 1 + initialDelaySeconds: 2 resources: securityContext: allowPrivilegeEscalation: false diff --git a/controller/proxy-injector/fake/data/pod-with-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-debug.patch.json index 6e31779122c46..aff3b43224f0f 100644 --- a/controller/proxy-injector/fake/data/pod-with-debug.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-debug.patch.json @@ -352,7 +352,8 @@ "path": "/live", "port": 4191 }, - "initialDelaySeconds": 10 + "initialDelaySeconds": 10, + "timeoutSeconds": 1 }, "name": "linkerd-proxy", "ports": [ @@ -370,7 +371,8 @@ "path": "/ready", "port": 4191 }, - "initialDelaySeconds": 2 + "initialDelaySeconds": 2, + "timeoutSeconds": 1 }, "resources": null, "securityContext": { diff --git a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json index 70e79bf01c1fa..ce54761815901 100644 --- a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json @@ -346,7 +346,8 @@ "path": "/live", "port": 4191 }, - "initialDelaySeconds": 10 + "initialDelaySeconds": 10, + "timeoutSeconds": 1 }, "name": "linkerd-proxy", "ports": [ @@ -364,7 +365,8 @@ "path": "/ready", "port": 4191 }, - "initialDelaySeconds": 2 + "initialDelaySeconds": 2, + "timeoutSeconds": 1 }, "resources": null, "securityContext": { diff --git a/controller/proxy-injector/fake/data/pod.patch.json b/controller/proxy-injector/fake/data/pod.patch.json index 85ab71faf0adf..8aac1074194b6 100644 --- a/controller/proxy-injector/fake/data/pod.patch.json +++ b/controller/proxy-injector/fake/data/pod.patch.json @@ -328,7 +328,8 @@ "path": "/live", "port": 4191 }, - "initialDelaySeconds": 10 + "initialDelaySeconds": 10, + "timeoutSeconds": 1 }, "name": "linkerd-proxy", "ports": [ @@ -346,7 +347,8 @@ "path": "/ready", "port": 4191 }, - "initialDelaySeconds": 2 + "initialDelaySeconds": 2, + "timeoutSeconds": 1 }, "resources": null, "securityContext": { From c39b6dbdb6dd32eac59dfdade5300d86f19f407d Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Fri, 5 Jan 2024 11:04:59 -0500 Subject: [PATCH 7/7] Rebase, final touches --- charts/linkerd-control-plane/README.md | 6 +++++- charts/linkerd-control-plane/values.yaml | 1 - charts/partials/templates/_proxy.tpl | 4 ++-- pkg/charts/linkerd2/values_test.go | 1 + 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/linkerd-control-plane/README.md b/charts/linkerd-control-plane/README.md index 2fc82dcac03de..23846c9919580 100644 --- a/charts/linkerd-control-plane/README.md +++ b/charts/linkerd-control-plane/README.md @@ -244,6 +244,7 @@ Kubernetes: `>=1.22.0-0` | proxy.image.version | string | linkerdVersion | Tag for the proxy container image | | proxy.inboundConnectTimeout | string | `"100ms"` | Maximum time allowed for the proxy to establish an inbound TCP connection | | proxy.inboundDiscoveryCacheUnusedTimeout | string | `"90s"` | Maximum time allowed before an unused inbound discovery result is evicted from the cache | +| proxy.livenessProbe | object | `{"initialDelaySeconds":10,"timeoutSeconds":1}` | LivenessProbe timeout and delay configuration | | proxy.logFormat | string | `"plain"` | Log format (`plain` or `json`) for the proxy | | proxy.logLevel | string | `"warn,linkerd=info,trust_dns=error"` | Log level for the proxy | | proxy.nativeSidecar | bool | `false` | Enable KEP-753 native sidecars This is an experimental feature. It requires Kubernetes >= 1.29. If enabled, .proxy.waitBeforeExitSeconds should not be used. | @@ -254,6 +255,7 @@ Kubernetes: `>=1.22.0-0` | proxy.ports.control | int | `4190` | Control port for the proxy container | | proxy.ports.inbound | int | `4143` | Inbound port for the proxy container | | proxy.ports.outbound | int | `4140` | Outbound port for the proxy container | +| proxy.readinessProbe | object | `{"initialDelaySeconds":2,"timeoutSeconds":1}` | ReadinessProbe timeout and delay configuration | | proxy.requireIdentityOnInboundPorts | string | `""` | | | proxy.resources.cpu.limit | string | `""` | Maximum amount of CPU units that the proxy can use | | proxy.resources.cpu.request | string | `""` | Amount of CPU units that the proxy requests | @@ -262,7 +264,9 @@ Kubernetes: `>=1.22.0-0` | proxy.resources.memory.limit | string | `""` | Maximum amount of memory that the proxy can use | | proxy.resources.memory.request | string | `""` | Maximum amount of memory that the proxy requests | | proxy.shutdownGracePeriod | string | `""` | Grace period for graceful proxy shutdowns. If this timeout elapses before all open connections have completed, the proxy will terminate forcefully, closing any remaining connections. | -| proxy.startupProbe | object | `{"failureThreshold":120,"initialDelaySeconds":0,"periodSeconds":1}` | Native sidecar proxy startup probe parameters. | +| proxy.startupProbe.failureThreshold | int | `120` | | +| proxy.startupProbe.initialDelaySeconds | int | `0` | | +| proxy.startupProbe.periodSeconds | int | `1` | | | proxy.uid | int | `2102` | User id under which the proxy runs | | proxy.waitBeforeExitSeconds | int | `0` | If set the injected proxy sidecars in the data plane will stay alive for at least the given period before receiving the SIGTERM signal from Kubernetes but no longer than the pod's `terminationGracePeriodSeconds`. See [Lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks) for more info on container lifecycle hooks. | | proxyInit.closeWaitTimeoutSecs | int | `0` | | diff --git a/charts/linkerd-control-plane/values.yaml b/charts/linkerd-control-plane/values.yaml index 6e34c1706a31e..4a2b288488461 100644 --- a/charts/linkerd-control-plane/values.yaml +++ b/charts/linkerd-control-plane/values.yaml @@ -198,7 +198,6 @@ proxy: # "all-unauthenticated", "cluster-authenticated", "cluster-unauthenticated", "deny" # @default -- "all-unauthenticated" defaultInboundPolicy: "all-unauthenticated" -<<<<<<< HEAD # -- Enable KEP-753 native sidecars # This is an experimental feature. It requires Kubernetes >= 1.29. # If enabled, .proxy.waitBeforeExitSeconds should not be used. diff --git a/charts/partials/templates/_proxy.tpl b/charts/partials/templates/_proxy.tpl index 3678eb23abc87..058a3b46576f3 100644 --- a/charts/partials/templates/_proxy.tpl +++ b/charts/partials/templates/_proxy.tpl @@ -169,8 +169,8 @@ livenessProbe: httpGet: path: /live port: {{.Values.proxy.ports.admin}} - initialDelaySeconds: {{.Values.proxy.livenessProbe.initialDelaySeconds | default 10}} - timeoutSeconds: {{.Values.proxy.livenessProbe.timeoutSeconds | default 1}} + initialDelaySeconds: {{.Values.proxy.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{.Values.proxy.livenessProbe.timeoutSeconds }} name: linkerd-proxy ports: - containerPort: {{.Values.proxy.ports.inbound}} diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index 0a516df51e001..e7a1837ecdffb 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -146,6 +146,7 @@ func TestNewValues(t *testing.T) { LivenessProbe: &Probe{ InitialDelaySeconds: 10, TimeoutSeconds: 1, + }, Control: &ProxyControl{ Streams: &ProxyControlStreams{ InitialTimeout: "3s",