From b0576c26deaf9cb0ded3f7822b83d421a08665ff Mon Sep 17 00:00:00 2001 From: Eugene Glotov Date: Mon, 9 Dec 2019 10:26:59 +0200 Subject: [PATCH 1/6] Fix typo Signed-off-by: Eugene Glotov --- bin/_docker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/_docker.sh b/bin/_docker.sh index 9480f4c293616..f0ae57e5853bc 100644 --- a/bin/_docker.sh +++ b/bin/_docker.sh @@ -5,7 +5,7 @@ bindir=$( cd "${BASH_SOURCE[0]%/*}" && pwd ) . "$bindir"/_log.sh # TODO this should be set to the canonical public docker registry; we can override this -# docker regsistry in, for instance, CI. +# docker registry in, for instance, CI. export DOCKER_REGISTRY=${DOCKER_REGISTRY:-gcr.io/linkerd-io} # When set, causes docker's build output to be emitted to stderr. From 4754743df051250465238c642f64de0d8d6c6c8c Mon Sep 17 00:00:00 2001 From: Eugene Glotov Date: Mon, 9 Dec 2019 16:30:21 +0200 Subject: [PATCH 2/6] Inject preStop hook into the proxy sidecar container to stop it last MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds support for a Graceful Shutdown technique that is used by some Kubernetes administrators while the more perspective configuration is being discussed in https://github.com/kubernetes/kubernetes/issues/65502 The problem is that RollingUpdate strategy does not guarantee that all traffic will be sent to a new pod _before_ the previous pod is removed. Kubernetes inside is an event-driven system and when a pod is being terminating, several processes can receive the event simultaneously. And if an Ingress Controller gets the event too late or processes it slower than Kubernetes removes the pod from its Service, users requests will continue flowing into the black whole. According [to the documentation](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) > 1. If one of the Pod’s containers has defined a `preStop` hook, > it is invoked inside of the container. If the `preStop` hook is still > running after the grace period expires, step 2 is then invoked with > a small (2 second) extended grace period. > > 2. The container is sent the `TERM` signal. Note that not all > containers in the Pod will receive the `TERM` signal at the same time > and may each require a preStop hook if the order in which > they shut down matters. This commit adds support for the `preStop` hook that can be configured in three forms: 1. As command line argument `--wait-before-exit-seconds` for `linkerd inject` command. 2. As `linkerd2` Helm chart value `Proxy.WaitBeforeExitSeconds`. 2. As `config.alpha.linkerd.io/wait-before-exit-seconds` annotation. If configured, it will add the following preHook to the proxy container definition: ```yaml lifecycle: preStop: exec: command: - /bin/bash - -c - sleep {{.Values.Proxy.WaitBeforeExitSeconds}} ``` To achieve max benefit from the option, the main container should have its own `preStop` hook with the `sleep` command inside which has a smaller period than is set for the proxy sidecar. And none of them must be bigger than `terminationGracePeriodSeconds` configured for the entire pod. An example of a rendered Kubernetes resource where `.Values.Proxy.WaitBeforeExitSeconds` is equal to `40`: ```yaml # application container lifecycle: preStop: exec: command: - /bin/bash - -c - sleep 20 # linkerd-proxy container lifecycle: preStop: exec: command: - /bin/bash - -c - sleep 40 terminationGracePeriodSeconds: 160 # for entire pod ``` Fixes #3747 Signed-off-by: Eugene Glotov --- charts/linkerd2/README.md | 1 + charts/linkerd2/values.yaml | 10 ++ charts/partials/templates/_proxy.tpl | 9 ++ cli/cmd/inject.go | 12 +++ cli/cmd/install.go | 1 + cli/cmd/root.go | 1 + cli/cmd/testdata/install_control-plane.golden | 2 +- cli/cmd/testdata/install_default.golden | 2 +- cli/cmd/testdata/install_ha_output.golden | 2 +- .../install_ha_with_overrides_output.golden | 2 +- .../testdata/install_no_init_container.golden | 2 +- cli/cmd/testdata/upgrade_default.golden | 2 +- .../testdata/upgrade_external_issuer.golden | 2 +- cli/cmd/testdata/upgrade_ha.golden | 2 +- .../testdata/upgrade_overwrite_issuer.golden | 2 +- .../upgrade_overwrite_trust_anchors.golden | 2 +- controller/gen/config/config.pb.go | 8 ++ pkg/charts/linkerd2/values.go | 1 + pkg/charts/linkerd2/values_test.go | 3 +- pkg/inject/inject.go | 16 ++- pkg/inject/inject_test.go | 98 +++++++++++-------- pkg/k8s/labels.go | 10 +- 22 files changed, 134 insertions(+), 56 deletions(-) diff --git a/charts/linkerd2/README.md b/charts/linkerd2/README.md index da24ea2bfcaa3..681ecf6af11ee 100644 --- a/charts/linkerd2/README.md +++ b/charts/linkerd2/README.md @@ -126,6 +126,7 @@ The following table lists the configurable parameters of the Linkerd2 chart and | `proxy.trace.collectorSvcAccount` | Service account associated with the Trace collector instance || | `proxy.trace.collectorSvcAddr` | Collector Service address for the proxies to send Trace Data || | `proxy.uid` | User id under which the proxy runs | `2102` | +| `Proxy.WaitBeforeExitSeconds` | The proxy sidecar container will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. | `0` | | `proxyInit.ignoreInboundPorts` | Inbound ports the proxy should ignore || | `proxyInit.ignoreOutboundPorts` | Outbound ports the proxy should ignore || | `proxyInit.image.name` | Docker image for the proxy-init container | `gcr.io/linkerd-io/proxy-init` | diff --git a/charts/linkerd2/values.yaml b/charts/linkerd2/values.yaml index 8666526405bd2..b76962de95f29 100644 --- a/charts/linkerd2/values.yaml +++ b/charts/linkerd2/values.yaml @@ -87,6 +87,16 @@ proxy: collectorSvcAddr: "" collectorSvcAccount: default uid: 2102 + # If not empty, the proxy sidecar container will stay alive for at least the given period + # before receiving SIGTERM signal from Kubernetes + # but no longer than terminationGracePeriodSeconds value for the entire pod. + # Depending on the goals, the application container (to which the proxy sidecar is attached) + # can also have its own preStop hook with a period of waiting + # smaller than the proxy sidecar WaitBeforeExitSeconds period + # but enough big to wait until a load balancer deregisters the target. + # After that the application container can gracefully shutdown + # and the proxy sidecar container should finally exit last + WaitBeforeExitSeconds: 0 # proxy-init configuration proxyInit: diff --git a/charts/partials/templates/_proxy.tpl b/charts/partials/templates/_proxy.tpl index a38a5830be5be..778fbe58876a5 100644 --- a/charts/partials/templates/_proxy.tpl +++ b/charts/partials/templates/_proxy.tpl @@ -110,6 +110,15 @@ securityContext: readOnlyRootFilesystem: true runAsUser: {{.Values.proxy.uid}} terminationMessagePolicy: FallbackToLogsOnError +{{- if .Values.Proxy.WaitBeforeExitSeconds }} +lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - sleep {{.Values.Proxy.WaitBeforeExitSeconds}} +{{- end }} {{- if or (not .Values.proxy.disableIdentity) (.Values.proxy.saMountPath) }} volumeMounts: {{- if not .Values.proxy.disableIdentity }} diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index b5716e509df3d..598de90b9d69d 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -100,6 +100,11 @@ sub-folders, or coming from stdin.`, &manualOption, "manual", manualOption, "Include the proxy sidecar container spec in the YAML output (the auto-injector won't pick it up, so config annotations aren't supported) (default false)", ) + flags.UintVar( + &options.waitBeforeExitSeconds, "wait-before-exit-seconds", options.waitBeforeExitSeconds, + "The periods during which the proxy sidecar container must stay alive while its pod is terminating. "+ + "Must be smaller than terminationGracePeriodSeconds for the pod (default 0)", + ) flags.BoolVar( &options.disableIdentity, "disable-identity", options.disableIdentity, "Disables resources from participating in TLS identity", @@ -439,6 +444,13 @@ func (options *proxyConfigOptions) overrideConfigs(configs *cfg.All, overrideAnn if options.traceCollectorSvcAccount != "" { overrideAnnotations[k8s.ProxyTraceCollectorSvcAccountAnnotation] = options.traceCollectorSvcAccount } + if options.waitBeforeExitSeconds != 0 { + overrideAnnotations[k8s.WaitBeforeExitSecondsAnnotation] = uintToString(options.waitBeforeExitSeconds) + } +} + +func uintToString(v uint) string { + return strconv.FormatUint(uint64(v), 10) } func toPort(p uint) *cfg.Port { diff --git a/cli/cmd/install.go b/cli/cmd/install.go index 5b3024ffe047a..37eab458e55d2 100644 --- a/cli/cmd/install.go +++ b/cli/cmd/install.go @@ -198,6 +198,7 @@ func newInstallOptionsWithDefaults() (*installOptions, error) { proxyCPULimit: defaults.Proxy.Resources.CPU.Limit, proxyMemoryLimit: defaults.Proxy.Resources.Memory.Limit, enableExternalProfiles: defaults.Proxy.EnableExternalProfiles, + waitBeforeExitSeconds: uint(defaults.Proxy.WaitBeforeExitSeconds), }, identityOptions: &installIdentityOptions{ trustDomain: defaults.Identity.TrustDomain, diff --git a/cli/cmd/root.go b/cli/cmd/root.go index bcd69dd689df3..9169216251699 100644 --- a/cli/cmd/root.go +++ b/cli/cmd/root.go @@ -199,6 +199,7 @@ type proxyConfigOptions struct { enableExternalProfiles bool traceCollector string traceCollectorSvcAccount string + waitBeforeExitSeconds uint // ignoreCluster is not validated by validate(). ignoreCluster bool disableIdentity bool diff --git a/cli/cmd/testdata/install_control-plane.golden b/cli/cmd/testdata/install_control-plane.golden index cf738a3a6a8c8..bdadd842cf8b3 100644 --- a/cli/cmd/testdata/install_control-plane.golden +++ b/cli/cmd/testdata/install_control-plane.golden @@ -13,7 +13,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index 17da2d26ed9f9..4d7be10984f50 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index 067d46375fea8..4aa342dfab141 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"}]} --- diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 09f55dbf61734..80b65bcb7fd94 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"400m","requestMemory":"300Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"400m","requestMemory":"300Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"},{"name":"controller-replicas","value":"2"},{"name":"proxy-cpu-request","value":"400m"},{"name":"proxy-memory-request","value":"300Mi"}]} --- diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index 9298bccb8c5bf..2e6565fe247c2 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -845,7 +845,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":true,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[{"name":"linkerd-cni-enabled","value":"true"}]} --- diff --git a/cli/cmd/testdata/upgrade_default.golden b/cli/cmd/testdata/upgrade_default.golden index ad5f4fdbf41d1..13d9ef09df050 100644 --- a/cli/cmd/testdata/upgrade_default.golden +++ b/cli/cmd/testdata/upgrade_default.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/upgrade_external_issuer.golden b/cli/cmd/testdata/upgrade_external_issuer.golden index 9e905e1a628c9..adae70f75ba78 100644 --- a/cli/cmd/testdata/upgrade_external_issuer.golden +++ b/cli/cmd/testdata/upgrade_external_issuer.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"kubernetes.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/upgrade_ha.golden b/cli/cmd/testdata/upgrade_ha.golden index 9f0cad2afff0e..5c88f5f3187db 100644 --- a/cli/cmd/testdata/upgrade_ha.golden +++ b/cli/cmd/testdata/upgrade_ha.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"}]} --- diff --git a/cli/cmd/testdata/upgrade_overwrite_issuer.golden b/cli/cmd/testdata/upgrade_overwrite_issuer.golden index 93e2e98a150e2..15dc78e706877 100644 --- a/cli/cmd/testdata/upgrade_overwrite_issuer.golden +++ b/cli/cmd/testdata/upgrade_overwrite_issuer.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden index 93e2e98a150e2..15dc78e706877 100644 --- a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden +++ b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/controller/gen/config/config.pb.go b/controller/gen/config/config.pb.go index 42472eaa6ea73..4c7f799760239 100644 --- a/controller/gen/config/config.pb.go +++ b/controller/gen/config/config.pb.go @@ -182,6 +182,7 @@ type Proxy struct { DisableExternalProfiles bool `protobuf:"varint,12,opt,name=disable_external_profiles,json=disableExternalProfiles,proto3" json:"disable_external_profiles,omitempty"` ProxyVersion string `protobuf:"bytes,13,opt,name=proxy_version,json=proxyVersion,proto3" json:"proxy_version,omitempty"` ProxyInitImageVersion string `protobuf:"bytes,14,opt,name=proxy_init_image_version,json=proxyInitImageVersion,proto3" json:"proxy_init_image_version,omitempty"` + WaitBeforeExitSeconds int32 `protobuf:"varint,15,opt,name=wait_before_exit_seconds,json=waitBeforeExitSeconds,proto3" json:"wait_before_exit_seconds,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -268,6 +269,13 @@ func (m *Proxy) GetOutboundPort() *Port { return nil } +func (m *Proxy) GetWaitBeforeExitSeconds() int32 { + if m != nil { + return m.WaitBeforeExitSeconds + } + return 0 +} + func (m *Proxy) GetResource() *ResourceRequirements { if m != nil { return m.Resource diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index af7a902ace793..00db144d065f4 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -95,6 +95,7 @@ type ( Resources *Resources `json:"resources"` Trace *Trace `json:"trace"` UID int64 `json:"uid"` + WaitBeforeExitSeconds int32 `json:"waitBeforeExitSeconds"` } // ProxyInit contains the fields to set the proxy-init container diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index 9011d9d05be3a..f3daf163400d5 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -98,7 +98,8 @@ func TestNewValues(t *testing.T) { CollectorSvcAddr: "", CollectorSvcAccount: "default", }, - UID: 2102, + UID: 2102, + WaitBeforeExitSeconds: 0, }, ProxyInit: &ProxyInit{ diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index ddd737ec1f078..871c453ea74f5 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -467,8 +467,9 @@ func (conf *ResourceConfig) injectPodSpec(values *patch) { Inbound: conf.proxyInboundPort(), Outbound: conf.proxyOutboundPort(), }, - UID: conf.proxyUID(), - Resources: conf.proxyResourceRequirements(), + UID: conf.proxyUID(), + Resources: conf.proxyResourceRequirements(), + WaitBeforeExitSeconds: conf.proxyWaitBeforeExitSeconds(), } if v := conf.pod.meta.Annotations[k8s.ProxyEnableDebugAnnotation]; v != "" { @@ -757,6 +758,17 @@ func (conf *ResourceConfig) tapDisabled() bool { return false } +func (conf *ResourceConfig) proxyWaitBeforeExitSeconds() int32 { + if override := conf.getOverride(k8s.WaitBeforeExitSecondsAnnotation); override != "" { + waitBeforeExitSeconds, err := strconv.ParseInt(override, 10, 32) + if err == nil { + return int32(waitBeforeExitSeconds) + } + } + + return conf.configs.GetProxy().GetWaitBeforeExitSeconds() +} + func (conf *ResourceConfig) proxyResourceRequirements() *l5dcharts.Resources { var ( requestCPU k8sResource.Quantity diff --git a/pkg/inject/inject_test.go b/pkg/inject/inject_test.go index 5806d9ad5b96e..18ffb2a176d50 100644 --- a/pkg/inject/inject_test.go +++ b/pkg/inject/inject_test.go @@ -15,23 +15,24 @@ import ( ) type expectedProxyConfigs struct { - identityContext *config.IdentityContext - image string - imagePullPolicy string - proxyVersion string - controlPort int32 - inboundPort int32 - adminPort int32 - outboundPort int32 - logLevel string - resourceRequirements *l5dcharts.Resources - proxyUID int64 - initImage string - initImagePullPolicy string - initVersion string - inboundSkipPorts string - outboundSkipPorts string - trace *l5dcharts.Trace + identityContext *config.IdentityContext + image string + imagePullPolicy string + proxyVersion string + controlPort int32 + inboundPort int32 + adminPort int32 + outboundPort int32 + waitBeforeExitSeconds int32 + logLevel string + resourceRequirements *l5dcharts.Resources + proxyUID int64 + initImage string + initImagePullPolicy string + initVersion string + inboundSkipPorts string + outboundSkipPorts string + trace *l5dcharts.Trace } func TestConfigAccessors(t *testing.T) { @@ -65,6 +66,7 @@ func TestConfigAccessors(t *testing.T) { LogLevel: &config.LogLevel{Level: "info,linkerd2_proxy=debug"}, DisableExternalProfiles: false, ProxyVersion: proxyVersion, + WaitBeforeExitSeconds: 0, } globalConfig := &config.Global{ @@ -107,20 +109,22 @@ func TestConfigAccessors(t *testing.T) { k8s.ProxyVersionOverrideAnnotation: proxyVersionOverride, k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678", k8s.ProxyTraceCollectorSvcAccountAnnotation: "default", + k8s.WaitBeforeExitSecondsAnnotation: "123", }, }, Spec: corev1.PodSpec{}, }, }, expected: expectedProxyConfigs{ - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "Always", - proxyVersion: proxyVersionOverride, - controlPort: int32(4000), - inboundPort: int32(5000), - adminPort: int32(5001), - outboundPort: int32(5002), - logLevel: "debug,linkerd2_proxy=debug", + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "Always", + proxyVersion: proxyVersionOverride, + controlPort: int32(4000), + inboundPort: int32(5000), + adminPort: int32(5001), + outboundPort: int32(5002), + waitBeforeExitSeconds: int32(123), + logLevel: "debug,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1500m", @@ -151,15 +155,16 @@ func TestConfigAccessors(t *testing.T) { }, }, expected: expectedProxyConfigs{ - identityContext: &config.IdentityContext{}, - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "IfNotPresent", - proxyVersion: proxyVersion, - controlPort: int32(9000), - inboundPort: int32(6000), - adminPort: int32(6001), - outboundPort: int32(6002), - logLevel: "info,linkerd2_proxy=debug", + identityContext: &config.IdentityContext{}, + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "IfNotPresent", + proxyVersion: proxyVersion, + controlPort: int32(9000), + inboundPort: int32(6000), + adminPort: int32(6001), + outboundPort: int32(6002), + waitBeforeExitSeconds: int32(0), + logLevel: "info,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1", @@ -200,6 +205,7 @@ func TestConfigAccessors(t *testing.T) { k8s.ProxyVersionOverrideAnnotation: proxyVersionOverride, k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678", k8s.ProxyTraceCollectorSvcAccountAnnotation: "default", + k8s.WaitBeforeExitSecondsAnnotation: "123", }, spec: appsv1.DeploymentSpec{ Template: corev1.PodTemplateSpec{ @@ -207,14 +213,15 @@ func TestConfigAccessors(t *testing.T) { }, }, expected: expectedProxyConfigs{ - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "Always", - proxyVersion: proxyVersionOverride, - controlPort: int32(4000), - inboundPort: int32(5000), - adminPort: int32(5001), - outboundPort: int32(5002), - logLevel: "debug,linkerd2_proxy=debug", + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "Always", + proxyVersion: proxyVersionOverride, + controlPort: int32(4000), + inboundPort: int32(5000), + adminPort: int32(5001), + outboundPort: int32(5002), + waitBeforeExitSeconds: int32(123), + logLevel: "debug,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1500m", @@ -315,6 +322,13 @@ func TestConfigAccessors(t *testing.T) { } }) + t.Run("proxyWaitBeforeExitSeconds", func(t *testing.T) { + expected := testCase.expected.waitBeforeExitSeconds + if actual := resourceConfig.proxyWaitBeforeExitSeconds(); expected != actual { + t.Errorf("Expected: %v Actual: %v", expected, actual) + } + }) + t.Run("proxyLogLevel", func(t *testing.T) { expected := testCase.expected.logLevel if actual := resourceConfig.proxyLogLevel(); expected != actual { diff --git a/pkg/k8s/labels.go b/pkg/k8s/labels.go index 72029b2e1ecd9..c004ca4cd4e31 100644 --- a/pkg/k8s/labels.go +++ b/pkg/k8s/labels.go @@ -102,6 +102,9 @@ const ( // ProxyConfigAnnotationsPrefix is the prefix of all config-related annotations ProxyConfigAnnotationsPrefix = "config.linkerd.io" + // ProxyConfigAnnotationsPrefixAlpha is the prefix of newly released config-related annotations + ProxyConfigAnnotationsPrefixAlpha = "config.alpha.linkerd.io" + // ProxyImageAnnotation can be used to override the proxyImage config. ProxyImageAnnotation = ProxyConfigAnnotationsPrefix + "/proxy-image" @@ -178,10 +181,15 @@ const ( // its value. ProxyTraceCollectorSvcAddrAnnotation = ProxyConfigAnnotationsPrefix + "/trace-collector" + // WaitBeforeExitSecondsAnnotation makes the proxy container to wait for the given period before exiting + // after the Pod entered the Terminating state. Must be smaller than terminationGracePeriodSeconds + // configured for the Pod + WaitBeforeExitSecondsAnnotation = ProxyConfigAnnotationsPrefixAlpha + "/wait-before-exit-seconds" + // ProxyTraceCollectorSvcAccountAnnotation is used to specify the service account // associated with the trace collector. It is used to create the service's // mTLS identity. - ProxyTraceCollectorSvcAccountAnnotation = "config.alpha.linkerd.io/trace-collector-service-account" + ProxyTraceCollectorSvcAccountAnnotation = ProxyConfigAnnotationsPrefixAlpha + "/trace-collector-service-account" // IdentityModeDefault is assigned to IdentityModeAnnotation to // use the control plane's default identity scheme. From fbd00e098ee148b269843cf876591acc35bf02c1 Mon Sep 17 00:00:00 2001 From: Eugene Glotov Date: Wed, 11 Dec 2019 09:40:43 +0200 Subject: [PATCH 3/6] Address PR review comments Signed-off-by: Eugene Glotov --- Dockerfile-proxy | 2 +- charts/linkerd2/README.md | 2 +- charts/linkerd2/values.yaml | 6 +- cli/Dockerfile-bin | 2 +- cli/cmd/doc.go | 4 + cli/cmd/inject.go | 18 +-- cli/cmd/install.go | 2 +- cli/cmd/root.go | 2 +- cli/cmd/testdata/install_control-plane.golden | 2 +- cli/cmd/testdata/install_default.golden | 2 +- cli/cmd/testdata/install_ha_output.golden | 2 +- .../install_ha_with_overrides_output.golden | 2 +- .../testdata/install_no_init_container.golden | 2 +- cli/cmd/testdata/upgrade_default.golden | 2 +- .../testdata/upgrade_external_issuer.golden | 2 +- cli/cmd/testdata/upgrade_ha.golden | 2 +- .../testdata/upgrade_overwrite_issuer.golden | 2 +- .../upgrade_overwrite_trust_anchors.golden | 2 +- cni-plugin/Dockerfile | 2 +- controller/Dockerfile | 2 +- controller/gen/config/config.pb.go | 8 - go.mod | 1 + go.sum | 1 + pkg/inject/inject.go | 20 ++- pkg/inject/inject_test.go | 143 +++++++++++------- pkg/k8s/labels.go | 4 +- web/Dockerfile | 2 +- 27 files changed, 141 insertions(+), 100 deletions(-) diff --git a/Dockerfile-proxy b/Dockerfile-proxy index 09d5cecceb28d..8f875d7a9d9c7 100644 --- a/Dockerfile-proxy +++ b/Dockerfile-proxy @@ -9,7 +9,7 @@ RUN (proxy=$(bin/fetch-proxy $(cat proxy-version)) && \ mv "$proxy" linkerd2-proxy) ## compile proxy-identity agent -FROM gcr.io/linkerd-io/go-deps:2273074d as golang +FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang WORKDIR /linkerd-build COPY pkg/flags pkg/flags COPY pkg/tls pkg/tls diff --git a/charts/linkerd2/README.md b/charts/linkerd2/README.md index 681ecf6af11ee..e109660c8ea84 100644 --- a/charts/linkerd2/README.md +++ b/charts/linkerd2/README.md @@ -126,7 +126,7 @@ The following table lists the configurable parameters of the Linkerd2 chart and | `proxy.trace.collectorSvcAccount` | Service account associated with the Trace collector instance || | `proxy.trace.collectorSvcAddr` | Collector Service address for the proxies to send Trace Data || | `proxy.uid` | User id under which the proxy runs | `2102` | -| `Proxy.WaitBeforeExitSeconds` | The proxy sidecar container will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. | `0` | +| `Proxy.WaitBeforeExitSeconds` | The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. | `0` | | `proxyInit.ignoreInboundPorts` | Inbound ports the proxy should ignore || | `proxyInit.ignoreOutboundPorts` | Outbound ports the proxy should ignore || | `proxyInit.image.name` | Docker image for the proxy-init container | `gcr.io/linkerd-io/proxy-init` | diff --git a/charts/linkerd2/values.yaml b/charts/linkerd2/values.yaml index b76962de95f29..69ae90c1bb0c7 100644 --- a/charts/linkerd2/values.yaml +++ b/charts/linkerd2/values.yaml @@ -87,15 +87,15 @@ proxy: collectorSvcAddr: "" collectorSvcAccount: default uid: 2102 - # If not empty, the proxy sidecar container will stay alive for at least the given period + # If not empty, the proxy sidecar will stay alive for at least the given period # before receiving SIGTERM signal from Kubernetes # but no longer than terminationGracePeriodSeconds value for the entire pod. # Depending on the goals, the application container (to which the proxy sidecar is attached) # can also have its own preStop hook with a period of waiting # smaller than the proxy sidecar WaitBeforeExitSeconds period - # but enough big to wait until a load balancer deregisters the target. + # but big enough to wait until a load balancer deregisters the target. # After that the application container can gracefully shutdown - # and the proxy sidecar container should finally exit last + # and the proxy sidecar should finally exit last WaitBeforeExitSeconds: 0 # proxy-init configuration diff --git a/cli/Dockerfile-bin b/cli/Dockerfile-bin index 1313f78fb578e..02536b30cada8 100644 --- a/cli/Dockerfile-bin +++ b/cli/Dockerfile-bin @@ -1,5 +1,5 @@ ## compile binaries -FROM gcr.io/linkerd-io/go-deps:2273074d as golang +FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang WORKDIR /linkerd-build COPY cli cli COPY charts charts diff --git a/cli/cmd/doc.go b/cli/cmd/doc.go index 230bb8b60ba51..f3e051ba219bd 100644 --- a/cli/cmd/doc.go +++ b/cli/cmd/doc.go @@ -207,5 +207,9 @@ func generateAnnotationsDocs() []annotationDoc { Name: k8s.ProxyTraceCollectorSvcAccountAnnotation, Description: "The trace collector's service account name. E.g., `tracing-service-account`. If not provided, it will be defaulted to `default`.", }, + { + Name: k8s.ProxyWaitBeforeExitAnnotation, + Description: "The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. Accepts values in two formats: time.Duration or as an unsigned integer (number of seconds). If not provided, it will be defaulted to `0`.", + }, } } diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index 598de90b9d69d..05c5bc120286f 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -10,6 +10,8 @@ import ( "strconv" "strings" + "github.com/docker/docker/api/types/time" + jsonpatch "github.com/evanphx/json-patch" cfg "github.com/linkerd/linkerd2/controller/gen/config" "github.com/linkerd/linkerd2/controller/gen/public" @@ -100,10 +102,10 @@ sub-folders, or coming from stdin.`, &manualOption, "manual", manualOption, "Include the proxy sidecar container spec in the YAML output (the auto-injector won't pick it up, so config annotations aren't supported) (default false)", ) - flags.UintVar( - &options.waitBeforeExitSeconds, "wait-before-exit-seconds", options.waitBeforeExitSeconds, - "The periods during which the proxy sidecar container must stay alive while its pod is terminating. "+ - "Must be smaller than terminationGracePeriodSeconds for the pod (default 0)", + flags.DurationVar( + &options.waitBeforeExit, "wait-before-exit", options.waitBeforeExit, + "The period during which the proxy sidecar must stay alive while its pod is terminating. "+ + "Must be smaller than terminationGracePeriodSeconds for the pod (default 0). E.g.: 2m, 10s, 2m3s", ) flags.BoolVar( &options.disableIdentity, "disable-identity", options.disableIdentity, @@ -444,15 +446,11 @@ func (options *proxyConfigOptions) overrideConfigs(configs *cfg.All, overrideAnn if options.traceCollectorSvcAccount != "" { overrideAnnotations[k8s.ProxyTraceCollectorSvcAccountAnnotation] = options.traceCollectorSvcAccount } - if options.waitBeforeExitSeconds != 0 { - overrideAnnotations[k8s.WaitBeforeExitSecondsAnnotation] = uintToString(options.waitBeforeExitSeconds) + if options.waitBeforeExit != 0 { + overrideAnnotations[k8s.ProxyWaitBeforeExitAnnotation] = time.DurationToSecondsString(options.waitBeforeExit) + "s" } } -func uintToString(v uint) string { - return strconv.FormatUint(uint64(v), 10) -} - func toPort(p uint) *cfg.Port { return &cfg.Port{Port: uint32(p)} } diff --git a/cli/cmd/install.go b/cli/cmd/install.go index 37eab458e55d2..ca549398394cf 100644 --- a/cli/cmd/install.go +++ b/cli/cmd/install.go @@ -198,7 +198,7 @@ func newInstallOptionsWithDefaults() (*installOptions, error) { proxyCPULimit: defaults.Proxy.Resources.CPU.Limit, proxyMemoryLimit: defaults.Proxy.Resources.Memory.Limit, enableExternalProfiles: defaults.Proxy.EnableExternalProfiles, - waitBeforeExitSeconds: uint(defaults.Proxy.WaitBeforeExitSeconds), + waitBeforeExit: time.Duration(defaults.Proxy.WaitBeforeExitSeconds) * time.Second, }, identityOptions: &installIdentityOptions{ trustDomain: defaults.Identity.TrustDomain, diff --git a/cli/cmd/root.go b/cli/cmd/root.go index 9169216251699..72fc765534408 100644 --- a/cli/cmd/root.go +++ b/cli/cmd/root.go @@ -199,7 +199,7 @@ type proxyConfigOptions struct { enableExternalProfiles bool traceCollector string traceCollectorSvcAccount string - waitBeforeExitSeconds uint + waitBeforeExit time.Duration // ignoreCluster is not validated by validate(). ignoreCluster bool disableIdentity bool diff --git a/cli/cmd/testdata/install_control-plane.golden b/cli/cmd/testdata/install_control-plane.golden index bdadd842cf8b3..cf738a3a6a8c8 100644 --- a/cli/cmd/testdata/install_control-plane.golden +++ b/cli/cmd/testdata/install_control-plane.golden @@ -13,7 +13,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index 4d7be10984f50..17da2d26ed9f9 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index 4aa342dfab141..067d46375fea8 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"}]} --- diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 80b65bcb7fd94..09f55dbf61734 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"400m","requestMemory":"300Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"400m","requestMemory":"300Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"},{"name":"controller-replicas","value":"2"},{"name":"proxy-cpu-request","value":"400m"},{"name":"proxy-memory-request","value":"300Mi"}]} --- diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index 2e6565fe247c2..9298bccb8c5bf 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -845,7 +845,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":true,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"linkerd-cni-enabled","value":"true"}]} --- diff --git a/cli/cmd/testdata/upgrade_default.golden b/cli/cmd/testdata/upgrade_default.golden index 13d9ef09df050..ad5f4fdbf41d1 100644 --- a/cli/cmd/testdata/upgrade_default.golden +++ b/cli/cmd/testdata/upgrade_default.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/upgrade_external_issuer.golden b/cli/cmd/testdata/upgrade_external_issuer.golden index adae70f75ba78..9e905e1a628c9 100644 --- a/cli/cmd/testdata/upgrade_external_issuer.golden +++ b/cli/cmd/testdata/upgrade_external_issuer.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"kubernetes.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/upgrade_ha.golden b/cli/cmd/testdata/upgrade_ha.golden index 5c88f5f3187db..9f0cad2afff0e 100644 --- a/cli/cmd/testdata/upgrade_ha.golden +++ b/cli/cmd/testdata/upgrade_ha.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBgzCCASmgAwIBAgIBATAKBggqhkjOPQQDAjApMScwJQYDVQQDEx5pZGVudGl0\neS5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMTkwNDA0MjM1MzM3WhcNMjAwNDAz\nMjM1MzU3WjApMScwJQYDVQQDEx5pZGVudGl0eS5saW5rZXJkLmNsdXN0ZXIubG9j\nYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+Sb5X4wi4XP0X3rJwMp23VBdg\nEMMU8EU+KG8UI2LmC5Vjg5RWLOW6BJjBmjXViKM+b+1/oKAeOg6FrJk8qyFlo0Iw\nQDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKUFG3sYOS++bakW\nYmJZU45iCdTLtaelMDSFiHoC9eBKAiBDWzzo+/CYLLmn33bAEn8pQnogP4Fx06aj\n+U9K4WlbzA==\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"100m","requestMemory":"20Mi","limitCpu":"1","limitMemory":"250Mi"},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[{"name":"ha","value":"true"}]} --- diff --git a/cli/cmd/testdata/upgrade_overwrite_issuer.golden b/cli/cmd/testdata/upgrade_overwrite_issuer.golden index 15dc78e706877..93e2e98a150e2 100644 --- a/cli/cmd/testdata/upgrade_overwrite_issuer.golden +++ b/cli/cmd/testdata/upgrade_overwrite_issuer.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden index 15dc78e706877..93e2e98a150e2 100644 --- a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden +++ b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden @@ -848,7 +848,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"UPGRADE-CONTROL-PLANE-VERSION","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"-----BEGIN CERTIFICATE-----\nMIIBYDCCAQegAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1jbHVzdGVy\nLmxvY2FsMB4XDTE5MDMwMzAxNTk1MloXDTI5MDIyODAyMDM1MlowGDEWMBQGA1UE\nAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAChpAt0\nxtgO9qbVtEtDK80N6iCL2Htyf2kIv2m5QkJ1y0TFQi5hTVe3wtspJ8YpZF0pl364\n6TiYeXB8tOOhIACjQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE\nAiBQ/AAwF8kG8VOmRSUTPakSSa/N4mqK2HsZuhQXCmiZHwIgZEzI5DCkpU7w3SIv\nOLO4Zsk1XrGZHGsmyiEyvYF9lpY=\n-----END CERTIFICATE-----\n","issuanceLifetime":"86400s","clockSkewAllowance":"20s","scheme":"linkerd.io/tls"},"autoInjectContext":null,"omitWebhookSideEffects":false,"clusterDomain":"cluster.local"} proxy: | - {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0","waitBeforeExitSeconds":0} + {"proxyImage":{"imageName":"gcr.io/linkerd-io/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"gcr.io/linkerd-io/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","logLevel":{"level":"warn,linkerd2_proxy=info"},"disableExternalProfiles":true,"proxyVersion":"UPGRADE-PROXY-VERSION","proxyInitImageVersion":"v1.2.0"} install: | {"cliVersion":"dev-undefined","flags":[]} --- diff --git a/cni-plugin/Dockerfile b/cni-plugin/Dockerfile index a7bfaaec5fb3b..b3580cf2ae598 100644 --- a/cni-plugin/Dockerfile +++ b/cni-plugin/Dockerfile @@ -1,5 +1,5 @@ ## compile cni-plugin utility -FROM gcr.io/linkerd-io/go-deps:2273074d as golang +FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang WORKDIR /linkerd-build COPY pkg pkg COPY controller controller diff --git a/controller/Dockerfile b/controller/Dockerfile index 324b453092a6d..1a822bf4d6d66 100644 --- a/controller/Dockerfile +++ b/controller/Dockerfile @@ -1,5 +1,5 @@ ## compile controller service -FROM gcr.io/linkerd-io/go-deps:2273074d as golang +FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang WORKDIR /linkerd-build COPY controller/gen controller/gen COPY pkg pkg diff --git a/controller/gen/config/config.pb.go b/controller/gen/config/config.pb.go index 4c7f799760239..42472eaa6ea73 100644 --- a/controller/gen/config/config.pb.go +++ b/controller/gen/config/config.pb.go @@ -182,7 +182,6 @@ type Proxy struct { DisableExternalProfiles bool `protobuf:"varint,12,opt,name=disable_external_profiles,json=disableExternalProfiles,proto3" json:"disable_external_profiles,omitempty"` ProxyVersion string `protobuf:"bytes,13,opt,name=proxy_version,json=proxyVersion,proto3" json:"proxy_version,omitempty"` ProxyInitImageVersion string `protobuf:"bytes,14,opt,name=proxy_init_image_version,json=proxyInitImageVersion,proto3" json:"proxy_init_image_version,omitempty"` - WaitBeforeExitSeconds int32 `protobuf:"varint,15,opt,name=wait_before_exit_seconds,json=waitBeforeExitSeconds,proto3" json:"wait_before_exit_seconds,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -269,13 +268,6 @@ func (m *Proxy) GetOutboundPort() *Port { return nil } -func (m *Proxy) GetWaitBeforeExitSeconds() int32 { - if m != nil { - return m.WaitBeforeExitSeconds - } - return 0 -} - func (m *Proxy) GetResource() *ResourceRequirements { if m != nil { return m.Resource diff --git a/go.mod b/go.mod index 5e87ab1459ede..683fb89dd8937 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/cyphar/filepath-securejoin v0.2.2 // indirect github.com/deislabs/smi-sdk-go v0.0.0-20190610232231-f281e2121a16 github.com/dgrijalva/jwt-go v3.1.0+incompatible // indirect + github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 github.com/elazarl/goproxy v0.0.0-20190711103511-473e67f1d7d2 // indirect github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2 // indirect github.com/emicklei/proto v1.6.8 diff --git a/go.sum b/go.sum index 71ba9129d49fd..af5b0b3fffd17 100644 --- a/go.sum +++ b/go.sum @@ -69,6 +69,7 @@ github.com/deislabs/smi-sdk-go v0.0.0-20190610232231-f281e2121a16/go.mod h1:jtrs github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.1.0+incompatible h1:FFziAwDQQ2dz1XClWMkwvukur3evtZx7x/wMHKM1i20= github.com/dgrijalva/jwt-go v3.1.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 h1:w3NnFcKR5241cfmQU5ZZAsf0xcpId6mWOupTvJlUX2U= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 h1:cenwrSVm+Z7QLSV/BsnenAOcDXdX4cMv4wP0B/5QbPg= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index 871c453ea74f5..01321a749c520 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -8,6 +8,7 @@ import ( "sort" "strconv" "strings" + "time" "github.com/linkerd/linkerd2/controller/gen/config" "github.com/linkerd/linkerd2/pkg/charts" @@ -469,7 +470,7 @@ func (conf *ResourceConfig) injectPodSpec(values *patch) { }, UID: conf.proxyUID(), Resources: conf.proxyResourceRequirements(), - WaitBeforeExitSeconds: conf.proxyWaitBeforeExitSeconds(), + WaitBeforeExitSeconds: int32(conf.proxyWaitBeforeExit() / time.Second), } if v := conf.pod.meta.Annotations[k8s.ProxyEnableDebugAnnotation]; v != "" { @@ -758,15 +759,20 @@ func (conf *ResourceConfig) tapDisabled() bool { return false } -func (conf *ResourceConfig) proxyWaitBeforeExitSeconds() int32 { - if override := conf.getOverride(k8s.WaitBeforeExitSecondsAnnotation); override != "" { - waitBeforeExitSeconds, err := strconv.ParseInt(override, 10, 32) - if err == nil { - return int32(waitBeforeExitSeconds) +func (conf *ResourceConfig) proxyWaitBeforeExit() time.Duration { + if override := conf.getOverride(k8s.ProxyWaitBeforeExitAnnotation); override != "" { + waitBeforeExit, err := time.ParseDuration(override) + + // Try to parse plain integer as value in seconds if it is not formatted as Duration + if err != nil { + waitInSeconds, _ := strconv.ParseUint(override, 10, 32) + waitBeforeExit = time.Duration(waitInSeconds) * time.Second } + + return waitBeforeExit } - return conf.configs.GetProxy().GetWaitBeforeExitSeconds() + return 0 } func (conf *ResourceConfig) proxyResourceRequirements() *l5dcharts.Resources { diff --git a/pkg/inject/inject_test.go b/pkg/inject/inject_test.go index 18ffb2a176d50..d7bb164e7cf6b 100644 --- a/pkg/inject/inject_test.go +++ b/pkg/inject/inject_test.go @@ -3,6 +3,7 @@ package inject import ( "reflect" "testing" + "time" "github.com/linkerd/linkerd2/controller/gen/config" l5dcharts "github.com/linkerd/linkerd2/pkg/charts/linkerd2" @@ -15,24 +16,24 @@ import ( ) type expectedProxyConfigs struct { - identityContext *config.IdentityContext - image string - imagePullPolicy string - proxyVersion string - controlPort int32 - inboundPort int32 - adminPort int32 - outboundPort int32 - waitBeforeExitSeconds int32 - logLevel string - resourceRequirements *l5dcharts.Resources - proxyUID int64 - initImage string - initImagePullPolicy string - initVersion string - inboundSkipPorts string - outboundSkipPorts string - trace *l5dcharts.Trace + identityContext *config.IdentityContext + image string + imagePullPolicy string + proxyVersion string + controlPort int32 + inboundPort int32 + adminPort int32 + outboundPort int32 + proxyWaitBeforeExit time.Duration + logLevel string + resourceRequirements *l5dcharts.Resources + proxyUID int64 + initImage string + initImagePullPolicy string + initVersion string + inboundSkipPorts string + outboundSkipPorts string + trace *l5dcharts.Trace } func TestConfigAccessors(t *testing.T) { @@ -66,7 +67,6 @@ func TestConfigAccessors(t *testing.T) { LogLevel: &config.LogLevel{Level: "info,linkerd2_proxy=debug"}, DisableExternalProfiles: false, ProxyVersion: proxyVersion, - WaitBeforeExitSeconds: 0, } globalConfig := &config.Global{ @@ -109,22 +109,22 @@ func TestConfigAccessors(t *testing.T) { k8s.ProxyVersionOverrideAnnotation: proxyVersionOverride, k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678", k8s.ProxyTraceCollectorSvcAccountAnnotation: "default", - k8s.WaitBeforeExitSecondsAnnotation: "123", + k8s.ProxyWaitBeforeExitAnnotation: "2m3s", }, }, Spec: corev1.PodSpec{}, }, }, expected: expectedProxyConfigs{ - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "Always", - proxyVersion: proxyVersionOverride, - controlPort: int32(4000), - inboundPort: int32(5000), - adminPort: int32(5001), - outboundPort: int32(5002), - waitBeforeExitSeconds: int32(123), - logLevel: "debug,linkerd2_proxy=debug", + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "Always", + proxyVersion: proxyVersionOverride, + controlPort: int32(4000), + inboundPort: int32(5000), + adminPort: int32(5001), + outboundPort: int32(5002), + proxyWaitBeforeExit: time.Duration(123) * time.Second, + logLevel: "debug,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1500m", @@ -155,16 +155,16 @@ func TestConfigAccessors(t *testing.T) { }, }, expected: expectedProxyConfigs{ - identityContext: &config.IdentityContext{}, - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "IfNotPresent", - proxyVersion: proxyVersion, - controlPort: int32(9000), - inboundPort: int32(6000), - adminPort: int32(6001), - outboundPort: int32(6002), - waitBeforeExitSeconds: int32(0), - logLevel: "info,linkerd2_proxy=debug", + identityContext: &config.IdentityContext{}, + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "IfNotPresent", + proxyVersion: proxyVersion, + controlPort: int32(9000), + inboundPort: int32(6000), + adminPort: int32(6001), + outboundPort: int32(6002), + proxyWaitBeforeExit: time.Duration(0), + logLevel: "info,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1", @@ -205,7 +205,7 @@ func TestConfigAccessors(t *testing.T) { k8s.ProxyVersionOverrideAnnotation: proxyVersionOverride, k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678", k8s.ProxyTraceCollectorSvcAccountAnnotation: "default", - k8s.WaitBeforeExitSecondsAnnotation: "123", + k8s.ProxyWaitBeforeExitAnnotation: "2m3s", }, spec: appsv1.DeploymentSpec{ Template: corev1.PodTemplateSpec{ @@ -213,15 +213,15 @@ func TestConfigAccessors(t *testing.T) { }, }, expected: expectedProxyConfigs{ - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "Always", - proxyVersion: proxyVersionOverride, - controlPort: int32(4000), - inboundPort: int32(5000), - adminPort: int32(5001), - outboundPort: int32(5002), - waitBeforeExitSeconds: int32(123), - logLevel: "debug,linkerd2_proxy=debug", + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "Always", + proxyVersion: proxyVersionOverride, + controlPort: int32(4000), + inboundPort: int32(5000), + adminPort: int32(5001), + outboundPort: int32(5002), + proxyWaitBeforeExit: time.Duration(123) * time.Second, + logLevel: "debug,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1500m", @@ -244,6 +244,45 @@ func TestConfigAccessors(t *testing.T) { }, }, }, + {id: "wait before exit annotation is integer", + nsAnnotations: map[string]string{ + k8s.ProxyWaitBeforeExitAnnotation: "222", + }, + spec: appsv1.DeploymentSpec{ + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{}, + Spec: corev1.PodSpec{}, + }, + }, + expected: expectedProxyConfigs{ + identityContext: &config.IdentityContext{}, + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "IfNotPresent", + proxyVersion: proxyVersion, + controlPort: int32(9000), + inboundPort: int32(6000), + adminPort: int32(6001), + outboundPort: int32(6002), + proxyWaitBeforeExit: time.Duration(222) * time.Second, + logLevel: "info,linkerd2_proxy=debug", + resourceRequirements: &l5dcharts.Resources{ + CPU: l5dcharts.Constraints{ + Limit: "1", + Request: "200m", + }, + Memory: l5dcharts.Constraints{ + Limit: "128", + Request: "64", + }, + }, + proxyUID: int64(8888), + initImage: "gcr.io/linkerd-io/proxy-init", + initImagePullPolicy: "IfNotPresent", + initVersion: version.ProxyInitVersion, + inboundSkipPorts: "53", + outboundSkipPorts: "9079", + }, + }, } for _, tc := range testCases { @@ -322,9 +361,9 @@ func TestConfigAccessors(t *testing.T) { } }) - t.Run("proxyWaitBeforeExitSeconds", func(t *testing.T) { - expected := testCase.expected.waitBeforeExitSeconds - if actual := resourceConfig.proxyWaitBeforeExitSeconds(); expected != actual { + t.Run("proxyWaitBeforeExit", func(t *testing.T) { + expected := testCase.expected.proxyWaitBeforeExit + if actual := resourceConfig.proxyWaitBeforeExit(); expected != actual { t.Errorf("Expected: %v Actual: %v", expected, actual) } }) diff --git a/pkg/k8s/labels.go b/pkg/k8s/labels.go index c004ca4cd4e31..9912639439edf 100644 --- a/pkg/k8s/labels.go +++ b/pkg/k8s/labels.go @@ -181,10 +181,10 @@ const ( // its value. ProxyTraceCollectorSvcAddrAnnotation = ProxyConfigAnnotationsPrefix + "/trace-collector" - // WaitBeforeExitSecondsAnnotation makes the proxy container to wait for the given period before exiting + // ProxyWaitBeforeExitAnnotation makes the proxy container to wait for the given period before exiting // after the Pod entered the Terminating state. Must be smaller than terminationGracePeriodSeconds // configured for the Pod - WaitBeforeExitSecondsAnnotation = ProxyConfigAnnotationsPrefixAlpha + "/wait-before-exit-seconds" + ProxyWaitBeforeExitAnnotation = ProxyConfigAnnotationsPrefixAlpha + "/proxy-wait-before-exit" // ProxyTraceCollectorSvcAccountAnnotation is used to specify the service account // associated with the trace collector. It is used to create the service's diff --git a/web/Dockerfile b/web/Dockerfile index 07327adbddcbe..a1a8c83d6ae9f 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -21,7 +21,7 @@ COPY web/app ./web/app RUN ./bin/web build ## compile go server -FROM gcr.io/linkerd-io/go-deps:2273074d as golang +FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang WORKDIR /linkerd-build RUN mkdir -p web COPY web/main.go web From 1a704cbf5761ae6acdeb5ad30f28935d4f7bad74 Mon Sep 17 00:00:00 2001 From: Eugene Glotov Date: Mon, 16 Dec 2019 17:16:49 +0200 Subject: [PATCH 4/6] Address PR review comments (second pass) Signed-off-by: Eugene Glotov --- charts/linkerd2/values.yaml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/charts/linkerd2/values.yaml b/charts/linkerd2/values.yaml index 69ae90c1bb0c7..a9d6bbf081942 100644 --- a/charts/linkerd2/values.yaml +++ b/charts/linkerd2/values.yaml @@ -87,15 +87,10 @@ proxy: collectorSvcAddr: "" collectorSvcAccount: default uid: 2102 - # If not empty, the proxy sidecar will stay alive for at least the given period - # before receiving SIGTERM signal from Kubernetes - # but no longer than terminationGracePeriodSeconds value for the entire pod. - # Depending on the goals, the application container (to which the proxy sidecar is attached) - # can also have its own preStop hook with a period of waiting - # smaller than the proxy sidecar WaitBeforeExitSeconds period - # but big enough to wait until a load balancer deregisters the target. - # After that the application container can gracefully shutdown - # and the proxy sidecar should finally exit last + # If set, the proxy's pre-stop hook will postpone the Kubernetes's SIGTERM signal + # and wait for this duration before letting the proxy process the SIGTERM signal. + # See https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + # for more info on container lifecycle hooks. WaitBeforeExitSeconds: 0 # proxy-init configuration From 410b9a80203a24244e688ff0e0a6e4d992b8741e Mon Sep 17 00:00:00 2001 From: Eugene Glotov Date: Tue, 17 Dec 2019 11:18:00 +0200 Subject: [PATCH 5/6] Address PR review comments (third pass): return `-seconds` suffix Signed-off-by: Eugene Glotov --- Dockerfile-proxy | 2 +- charts/linkerd2/README.md | 2 +- charts/linkerd2/values.yaml | 2 +- charts/partials/templates/_proxy.tpl | 4 +- cli/Dockerfile-bin | 2 +- cli/cmd/doc.go | 4 +- cli/cmd/inject.go | 16 ++-- cli/cmd/install.go | 2 +- cli/cmd/root.go | 2 +- cni-plugin/Dockerfile | 2 +- controller/Dockerfile | 2 +- go.mod | 1 - go.sum | 1 - pkg/charts/linkerd2/values.go | 2 +- pkg/inject/inject.go | 22 ++--- pkg/inject/inject_test.go | 131 ++++++++++++++------------- pkg/k8s/labels.go | 4 +- web/Dockerfile | 2 +- 18 files changed, 102 insertions(+), 101 deletions(-) diff --git a/Dockerfile-proxy b/Dockerfile-proxy index 8f875d7a9d9c7..09d5cecceb28d 100644 --- a/Dockerfile-proxy +++ b/Dockerfile-proxy @@ -9,7 +9,7 @@ RUN (proxy=$(bin/fetch-proxy $(cat proxy-version)) && \ mv "$proxy" linkerd2-proxy) ## compile proxy-identity agent -FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang +FROM gcr.io/linkerd-io/go-deps:2273074d as golang WORKDIR /linkerd-build COPY pkg/flags pkg/flags COPY pkg/tls pkg/tls diff --git a/charts/linkerd2/README.md b/charts/linkerd2/README.md index e109660c8ea84..3d5e4675a5f19 100644 --- a/charts/linkerd2/README.md +++ b/charts/linkerd2/README.md @@ -126,7 +126,7 @@ The following table lists the configurable parameters of the Linkerd2 chart and | `proxy.trace.collectorSvcAccount` | Service account associated with the Trace collector instance || | `proxy.trace.collectorSvcAddr` | Collector Service address for the proxies to send Trace Data || | `proxy.uid` | User id under which the proxy runs | `2102` | -| `Proxy.WaitBeforeExitSeconds` | The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. | `0` | +| `proxy.waitBeforeExitSeconds` | The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. | `0` | | `proxyInit.ignoreInboundPorts` | Inbound ports the proxy should ignore || | `proxyInit.ignoreOutboundPorts` | Outbound ports the proxy should ignore || | `proxyInit.image.name` | Docker image for the proxy-init container | `gcr.io/linkerd-io/proxy-init` | diff --git a/charts/linkerd2/values.yaml b/charts/linkerd2/values.yaml index a9d6bbf081942..2cd50cdbcc262 100644 --- a/charts/linkerd2/values.yaml +++ b/charts/linkerd2/values.yaml @@ -91,7 +91,7 @@ proxy: # and wait for this duration before letting the proxy process the SIGTERM signal. # See https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks # for more info on container lifecycle hooks. - WaitBeforeExitSeconds: 0 + waitBeforeExitSeconds: 0 # proxy-init configuration proxyInit: diff --git a/charts/partials/templates/_proxy.tpl b/charts/partials/templates/_proxy.tpl index 778fbe58876a5..3d4e51cf53fd0 100644 --- a/charts/partials/templates/_proxy.tpl +++ b/charts/partials/templates/_proxy.tpl @@ -110,14 +110,14 @@ securityContext: readOnlyRootFilesystem: true runAsUser: {{.Values.proxy.uid}} terminationMessagePolicy: FallbackToLogsOnError -{{- if .Values.Proxy.WaitBeforeExitSeconds }} +{{- if .Values.proxy.waitBeforeExitSeconds }} lifecycle: preStop: exec: command: - /bin/bash - -c - - sleep {{.Values.Proxy.WaitBeforeExitSeconds}} + - sleep {{.Values.proxy.waitBeforeExitSeconds}} {{- end }} {{- if or (not .Values.proxy.disableIdentity) (.Values.proxy.saMountPath) }} volumeMounts: diff --git a/cli/Dockerfile-bin b/cli/Dockerfile-bin index 02536b30cada8..1313f78fb578e 100644 --- a/cli/Dockerfile-bin +++ b/cli/Dockerfile-bin @@ -1,5 +1,5 @@ ## compile binaries -FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang +FROM gcr.io/linkerd-io/go-deps:2273074d as golang WORKDIR /linkerd-build COPY cli cli COPY charts charts diff --git a/cli/cmd/doc.go b/cli/cmd/doc.go index f3e051ba219bd..ac1c7d72ae106 100644 --- a/cli/cmd/doc.go +++ b/cli/cmd/doc.go @@ -208,8 +208,8 @@ func generateAnnotationsDocs() []annotationDoc { Description: "The trace collector's service account name. E.g., `tracing-service-account`. If not provided, it will be defaulted to `default`.", }, { - Name: k8s.ProxyWaitBeforeExitAnnotation, - Description: "The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. Accepts values in two formats: time.Duration or as an unsigned integer (number of seconds). If not provided, it will be defaulted to `0`.", + Name: k8s.ProxyWaitBeforeExitSecondsAnnotation, + Description: "The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's `terminationGracePeriodSeconds`. If not provided, it will be defaulted to `0`", }, } } diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index 05c5bc120286f..3ccd2cf4f0e07 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -10,8 +10,6 @@ import ( "strconv" "strings" - "github.com/docker/docker/api/types/time" - jsonpatch "github.com/evanphx/json-patch" cfg "github.com/linkerd/linkerd2/controller/gen/config" "github.com/linkerd/linkerd2/controller/gen/public" @@ -102,10 +100,10 @@ sub-folders, or coming from stdin.`, &manualOption, "manual", manualOption, "Include the proxy sidecar container spec in the YAML output (the auto-injector won't pick it up, so config annotations aren't supported) (default false)", ) - flags.DurationVar( - &options.waitBeforeExit, "wait-before-exit", options.waitBeforeExit, + flags.Uint64Var( + &options.waitBeforeExitSeconds, "wait-before-exit-seconds", options.waitBeforeExitSeconds, "The period during which the proxy sidecar must stay alive while its pod is terminating. "+ - "Must be smaller than terminationGracePeriodSeconds for the pod (default 0). E.g.: 2m, 10s, 2m3s", + "Must be smaller than terminationGracePeriodSeconds for the pod (default 0)", ) flags.BoolVar( &options.disableIdentity, "disable-identity", options.disableIdentity, @@ -446,11 +444,15 @@ func (options *proxyConfigOptions) overrideConfigs(configs *cfg.All, overrideAnn if options.traceCollectorSvcAccount != "" { overrideAnnotations[k8s.ProxyTraceCollectorSvcAccountAnnotation] = options.traceCollectorSvcAccount } - if options.waitBeforeExit != 0 { - overrideAnnotations[k8s.ProxyWaitBeforeExitAnnotation] = time.DurationToSecondsString(options.waitBeforeExit) + "s" + if options.waitBeforeExitSeconds != 0 { + overrideAnnotations[k8s.ProxyWaitBeforeExitSecondsAnnotation] = uintToString(options.waitBeforeExitSeconds) } } +func uintToString(v uint64) string { + return strconv.FormatUint(v, 10) +} + func toPort(p uint) *cfg.Port { return &cfg.Port{Port: uint32(p)} } diff --git a/cli/cmd/install.go b/cli/cmd/install.go index ca549398394cf..e08d3da02e48a 100644 --- a/cli/cmd/install.go +++ b/cli/cmd/install.go @@ -198,7 +198,7 @@ func newInstallOptionsWithDefaults() (*installOptions, error) { proxyCPULimit: defaults.Proxy.Resources.CPU.Limit, proxyMemoryLimit: defaults.Proxy.Resources.Memory.Limit, enableExternalProfiles: defaults.Proxy.EnableExternalProfiles, - waitBeforeExit: time.Duration(defaults.Proxy.WaitBeforeExitSeconds) * time.Second, + waitBeforeExitSeconds: defaults.Proxy.WaitBeforeExitSeconds, }, identityOptions: &installIdentityOptions{ trustDomain: defaults.Identity.TrustDomain, diff --git a/cli/cmd/root.go b/cli/cmd/root.go index 72fc765534408..ae95203ee44cd 100644 --- a/cli/cmd/root.go +++ b/cli/cmd/root.go @@ -199,7 +199,7 @@ type proxyConfigOptions struct { enableExternalProfiles bool traceCollector string traceCollectorSvcAccount string - waitBeforeExit time.Duration + waitBeforeExitSeconds uint64 // ignoreCluster is not validated by validate(). ignoreCluster bool disableIdentity bool diff --git a/cni-plugin/Dockerfile b/cni-plugin/Dockerfile index b3580cf2ae598..a7bfaaec5fb3b 100644 --- a/cni-plugin/Dockerfile +++ b/cni-plugin/Dockerfile @@ -1,5 +1,5 @@ ## compile cni-plugin utility -FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang +FROM gcr.io/linkerd-io/go-deps:2273074d as golang WORKDIR /linkerd-build COPY pkg pkg COPY controller controller diff --git a/controller/Dockerfile b/controller/Dockerfile index 1a822bf4d6d66..324b453092a6d 100644 --- a/controller/Dockerfile +++ b/controller/Dockerfile @@ -1,5 +1,5 @@ ## compile controller service -FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang +FROM gcr.io/linkerd-io/go-deps:2273074d as golang WORKDIR /linkerd-build COPY controller/gen controller/gen COPY pkg pkg diff --git a/go.mod b/go.mod index 683fb89dd8937..5e87ab1459ede 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,6 @@ require ( github.com/cyphar/filepath-securejoin v0.2.2 // indirect github.com/deislabs/smi-sdk-go v0.0.0-20190610232231-f281e2121a16 github.com/dgrijalva/jwt-go v3.1.0+incompatible // indirect - github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 github.com/elazarl/goproxy v0.0.0-20190711103511-473e67f1d7d2 // indirect github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2 // indirect github.com/emicklei/proto v1.6.8 diff --git a/go.sum b/go.sum index af5b0b3fffd17..71ba9129d49fd 100644 --- a/go.sum +++ b/go.sum @@ -69,7 +69,6 @@ github.com/deislabs/smi-sdk-go v0.0.0-20190610232231-f281e2121a16/go.mod h1:jtrs github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.1.0+incompatible h1:FFziAwDQQ2dz1XClWMkwvukur3evtZx7x/wMHKM1i20= github.com/dgrijalva/jwt-go v3.1.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 h1:w3NnFcKR5241cfmQU5ZZAsf0xcpId6mWOupTvJlUX2U= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 h1:cenwrSVm+Z7QLSV/BsnenAOcDXdX4cMv4wP0B/5QbPg= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index 00db144d065f4..b27f209c7c663 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -95,7 +95,7 @@ type ( Resources *Resources `json:"resources"` Trace *Trace `json:"trace"` UID int64 `json:"uid"` - WaitBeforeExitSeconds int32 `json:"waitBeforeExitSeconds"` + WaitBeforeExitSeconds uint64 `json:"waitBeforeExitSeconds"` } // ProxyInit contains the fields to set the proxy-init container diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index 01321a749c520..dad52b6af479e 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -8,7 +8,6 @@ import ( "sort" "strconv" "strings" - "time" "github.com/linkerd/linkerd2/controller/gen/config" "github.com/linkerd/linkerd2/pkg/charts" @@ -452,6 +451,7 @@ func (conf *ResourceConfig) complete(template *corev1.PodTemplateSpec) { // injectPodSpec adds linkerd sidecars to the provided PodSpec. func (conf *ResourceConfig) injectPodSpec(values *patch) { + waitBeforeExitSeconds, _ := conf.proxyWaitBeforeExitSeconds() values.Proxy = &l5dcharts.Proxy{ Component: conf.pod.labels[k8s.ProxyDeploymentLabel], EnableExternalProfiles: conf.enableExternalProfiles(), @@ -470,7 +470,7 @@ func (conf *ResourceConfig) injectPodSpec(values *patch) { }, UID: conf.proxyUID(), Resources: conf.proxyResourceRequirements(), - WaitBeforeExitSeconds: int32(conf.proxyWaitBeforeExit() / time.Second), + WaitBeforeExitSeconds: waitBeforeExitSeconds, } if v := conf.pod.meta.Annotations[k8s.ProxyEnableDebugAnnotation]; v != "" { @@ -759,20 +759,18 @@ func (conf *ResourceConfig) tapDisabled() bool { return false } -func (conf *ResourceConfig) proxyWaitBeforeExit() time.Duration { - if override := conf.getOverride(k8s.ProxyWaitBeforeExitAnnotation); override != "" { - waitBeforeExit, err := time.ParseDuration(override) - - // Try to parse plain integer as value in seconds if it is not formatted as Duration - if err != nil { - waitInSeconds, _ := strconv.ParseUint(override, 10, 32) - waitBeforeExit = time.Duration(waitInSeconds) * time.Second +func (conf *ResourceConfig) proxyWaitBeforeExitSeconds() (uint64, error) { + if override := conf.getOverride(k8s.ProxyWaitBeforeExitSecondsAnnotation); override != "" { + waitBeforeExitSeconds, err := strconv.ParseUint(override, 10, 64) + if nil != err { + log.Warnf("unrecognized value used for the %s annotation, uint64 is expected: %s", + k8s.ProxyWaitBeforeExitSecondsAnnotation, override) } - return waitBeforeExit + return waitBeforeExitSeconds, err } - return 0 + return 0, nil } func (conf *ResourceConfig) proxyResourceRequirements() *l5dcharts.Resources { diff --git a/pkg/inject/inject_test.go b/pkg/inject/inject_test.go index d7bb164e7cf6b..4ea9159781f28 100644 --- a/pkg/inject/inject_test.go +++ b/pkg/inject/inject_test.go @@ -3,7 +3,6 @@ package inject import ( "reflect" "testing" - "time" "github.com/linkerd/linkerd2/controller/gen/config" l5dcharts "github.com/linkerd/linkerd2/pkg/charts/linkerd2" @@ -16,24 +15,24 @@ import ( ) type expectedProxyConfigs struct { - identityContext *config.IdentityContext - image string - imagePullPolicy string - proxyVersion string - controlPort int32 - inboundPort int32 - adminPort int32 - outboundPort int32 - proxyWaitBeforeExit time.Duration - logLevel string - resourceRequirements *l5dcharts.Resources - proxyUID int64 - initImage string - initImagePullPolicy string - initVersion string - inboundSkipPorts string - outboundSkipPorts string - trace *l5dcharts.Trace + identityContext *config.IdentityContext + image string + imagePullPolicy string + proxyVersion string + controlPort int32 + inboundPort int32 + adminPort int32 + outboundPort int32 + proxyWaitBeforeExitSeconds uint64 + logLevel string + resourceRequirements *l5dcharts.Resources + proxyUID int64 + initImage string + initImagePullPolicy string + initVersion string + inboundSkipPorts string + outboundSkipPorts string + trace *l5dcharts.Trace } func TestConfigAccessors(t *testing.T) { @@ -109,22 +108,22 @@ func TestConfigAccessors(t *testing.T) { k8s.ProxyVersionOverrideAnnotation: proxyVersionOverride, k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678", k8s.ProxyTraceCollectorSvcAccountAnnotation: "default", - k8s.ProxyWaitBeforeExitAnnotation: "2m3s", + k8s.ProxyWaitBeforeExitSecondsAnnotation: "123", }, }, Spec: corev1.PodSpec{}, }, }, expected: expectedProxyConfigs{ - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "Always", - proxyVersion: proxyVersionOverride, - controlPort: int32(4000), - inboundPort: int32(5000), - adminPort: int32(5001), - outboundPort: int32(5002), - proxyWaitBeforeExit: time.Duration(123) * time.Second, - logLevel: "debug,linkerd2_proxy=debug", + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "Always", + proxyVersion: proxyVersionOverride, + controlPort: int32(4000), + inboundPort: int32(5000), + adminPort: int32(5001), + outboundPort: int32(5002), + proxyWaitBeforeExitSeconds: 123, + logLevel: "debug,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1500m", @@ -155,16 +154,16 @@ func TestConfigAccessors(t *testing.T) { }, }, expected: expectedProxyConfigs{ - identityContext: &config.IdentityContext{}, - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "IfNotPresent", - proxyVersion: proxyVersion, - controlPort: int32(9000), - inboundPort: int32(6000), - adminPort: int32(6001), - outboundPort: int32(6002), - proxyWaitBeforeExit: time.Duration(0), - logLevel: "info,linkerd2_proxy=debug", + identityContext: &config.IdentityContext{}, + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "IfNotPresent", + proxyVersion: proxyVersion, + controlPort: int32(9000), + inboundPort: int32(6000), + adminPort: int32(6001), + outboundPort: int32(6002), + proxyWaitBeforeExitSeconds: 0, + logLevel: "info,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1", @@ -205,7 +204,7 @@ func TestConfigAccessors(t *testing.T) { k8s.ProxyVersionOverrideAnnotation: proxyVersionOverride, k8s.ProxyTraceCollectorSvcAddrAnnotation: "oc-collector.tracing:55678", k8s.ProxyTraceCollectorSvcAccountAnnotation: "default", - k8s.ProxyWaitBeforeExitAnnotation: "2m3s", + k8s.ProxyWaitBeforeExitSecondsAnnotation: "123", }, spec: appsv1.DeploymentSpec{ Template: corev1.PodTemplateSpec{ @@ -213,15 +212,15 @@ func TestConfigAccessors(t *testing.T) { }, }, expected: expectedProxyConfigs{ - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "Always", - proxyVersion: proxyVersionOverride, - controlPort: int32(4000), - inboundPort: int32(5000), - adminPort: int32(5001), - outboundPort: int32(5002), - proxyWaitBeforeExit: time.Duration(123) * time.Second, - logLevel: "debug,linkerd2_proxy=debug", + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "Always", + proxyVersion: proxyVersionOverride, + controlPort: int32(4000), + inboundPort: int32(5000), + adminPort: int32(5001), + outboundPort: int32(5002), + proxyWaitBeforeExitSeconds: 123, + logLevel: "debug,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1500m", @@ -244,9 +243,9 @@ func TestConfigAccessors(t *testing.T) { }, }, }, - {id: "wait before exit annotation is integer", + {id: "use not a uint value for ProxyWaitBeforeExitSecondsAnnotation annotation", nsAnnotations: map[string]string{ - k8s.ProxyWaitBeforeExitAnnotation: "222", + k8s.ProxyWaitBeforeExitSecondsAnnotation: "-111", }, spec: appsv1.DeploymentSpec{ Template: corev1.PodTemplateSpec{ @@ -255,16 +254,16 @@ func TestConfigAccessors(t *testing.T) { }, }, expected: expectedProxyConfigs{ - identityContext: &config.IdentityContext{}, - image: "gcr.io/linkerd-io/proxy", - imagePullPolicy: "IfNotPresent", - proxyVersion: proxyVersion, - controlPort: int32(9000), - inboundPort: int32(6000), - adminPort: int32(6001), - outboundPort: int32(6002), - proxyWaitBeforeExit: time.Duration(222) * time.Second, - logLevel: "info,linkerd2_proxy=debug", + identityContext: &config.IdentityContext{}, + image: "gcr.io/linkerd-io/proxy", + imagePullPolicy: "IfNotPresent", + proxyVersion: proxyVersion, + controlPort: int32(9000), + inboundPort: int32(6000), + adminPort: int32(6001), + outboundPort: int32(6002), + proxyWaitBeforeExitSeconds: 0, + logLevel: "info,linkerd2_proxy=debug", resourceRequirements: &l5dcharts.Resources{ CPU: l5dcharts.Constraints{ Limit: "1", @@ -361,9 +360,13 @@ func TestConfigAccessors(t *testing.T) { } }) - t.Run("proxyWaitBeforeExit", func(t *testing.T) { - expected := testCase.expected.proxyWaitBeforeExit - if actual := resourceConfig.proxyWaitBeforeExit(); expected != actual { + t.Run("proxyWaitBeforeExitSeconds", func(t *testing.T) { + expected := testCase.expected.proxyWaitBeforeExitSeconds + actual, err := resourceConfig.proxyWaitBeforeExitSeconds() + if nil != err { + // negative test cases above cover the situation + } + if expected != actual { t.Errorf("Expected: %v Actual: %v", expected, actual) } }) diff --git a/pkg/k8s/labels.go b/pkg/k8s/labels.go index 9912639439edf..bd3c559fae8a5 100644 --- a/pkg/k8s/labels.go +++ b/pkg/k8s/labels.go @@ -181,10 +181,10 @@ const ( // its value. ProxyTraceCollectorSvcAddrAnnotation = ProxyConfigAnnotationsPrefix + "/trace-collector" - // ProxyWaitBeforeExitAnnotation makes the proxy container to wait for the given period before exiting + // ProxyWaitBeforeExitSecondsAnnotation makes the proxy container to wait for the given period before exiting // after the Pod entered the Terminating state. Must be smaller than terminationGracePeriodSeconds // configured for the Pod - ProxyWaitBeforeExitAnnotation = ProxyConfigAnnotationsPrefixAlpha + "/proxy-wait-before-exit" + ProxyWaitBeforeExitSecondsAnnotation = ProxyConfigAnnotationsPrefixAlpha + "/proxy-wait-before-exit-seconds" // ProxyTraceCollectorSvcAccountAnnotation is used to specify the service account // associated with the trace collector. It is used to create the service's diff --git a/web/Dockerfile b/web/Dockerfile index a1a8c83d6ae9f..07327adbddcbe 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -21,7 +21,7 @@ COPY web/app ./web/app RUN ./bin/web build ## compile go server -FROM gcr.io/linkerd-io/go-deps:ab3733c1 as golang +FROM gcr.io/linkerd-io/go-deps:2273074d as golang WORKDIR /linkerd-build RUN mkdir -p web COPY web/main.go web From d1416666630f473567335dbecfe7547ecf9305c1 Mon Sep 17 00:00:00 2001 From: Eugene Glotov Date: Wed, 18 Dec 2019 23:08:31 +0200 Subject: [PATCH 6/6] Do not return errors from `proxyWaitBeforeExitSeconds()` Signed-off-by: Eugene Glotov --- pkg/inject/inject.go | 9 ++++----- pkg/inject/inject_test.go | 6 +----- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index dad52b6af479e..d3e989b8a21d1 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -451,7 +451,6 @@ func (conf *ResourceConfig) complete(template *corev1.PodTemplateSpec) { // injectPodSpec adds linkerd sidecars to the provided PodSpec. func (conf *ResourceConfig) injectPodSpec(values *patch) { - waitBeforeExitSeconds, _ := conf.proxyWaitBeforeExitSeconds() values.Proxy = &l5dcharts.Proxy{ Component: conf.pod.labels[k8s.ProxyDeploymentLabel], EnableExternalProfiles: conf.enableExternalProfiles(), @@ -470,7 +469,7 @@ func (conf *ResourceConfig) injectPodSpec(values *patch) { }, UID: conf.proxyUID(), Resources: conf.proxyResourceRequirements(), - WaitBeforeExitSeconds: waitBeforeExitSeconds, + WaitBeforeExitSeconds: conf.proxyWaitBeforeExitSeconds(), } if v := conf.pod.meta.Annotations[k8s.ProxyEnableDebugAnnotation]; v != "" { @@ -759,7 +758,7 @@ func (conf *ResourceConfig) tapDisabled() bool { return false } -func (conf *ResourceConfig) proxyWaitBeforeExitSeconds() (uint64, error) { +func (conf *ResourceConfig) proxyWaitBeforeExitSeconds() uint64 { if override := conf.getOverride(k8s.ProxyWaitBeforeExitSecondsAnnotation); override != "" { waitBeforeExitSeconds, err := strconv.ParseUint(override, 10, 64) if nil != err { @@ -767,10 +766,10 @@ func (conf *ResourceConfig) proxyWaitBeforeExitSeconds() (uint64, error) { k8s.ProxyWaitBeforeExitSecondsAnnotation, override) } - return waitBeforeExitSeconds, err + return waitBeforeExitSeconds } - return 0, nil + return 0 } func (conf *ResourceConfig) proxyResourceRequirements() *l5dcharts.Resources { diff --git a/pkg/inject/inject_test.go b/pkg/inject/inject_test.go index 4ea9159781f28..99f8046fdc9bf 100644 --- a/pkg/inject/inject_test.go +++ b/pkg/inject/inject_test.go @@ -362,11 +362,7 @@ func TestConfigAccessors(t *testing.T) { t.Run("proxyWaitBeforeExitSeconds", func(t *testing.T) { expected := testCase.expected.proxyWaitBeforeExitSeconds - actual, err := resourceConfig.proxyWaitBeforeExitSeconds() - if nil != err { - // negative test cases above cover the situation - } - if expected != actual { + if actual := resourceConfig.proxyWaitBeforeExitSeconds(); expected != actual { t.Errorf("Expected: %v Actual: %v", expected, actual) } })