Skip to content

Instantly share code, notes, and snippets.

@ankurcha
Last active May 16, 2017 16:46
Show Gist options
  • Save ankurcha/d0c5f673d869748cc329bf54d3c74558 to your computer and use it in GitHub Desktop.
Save ankurcha/d0c5f673d869748cc329bf54d3c74558 to your computer and use it in GitHub Desktop.
Linkerd configuration
# runs linkerd in a daemonset, in linker-to-linker mode, with TLS for all calls
# from linkerd to linkerd
---
apiVersion: v1
kind: ConfigMap
metadata:
name: l5d-config
data:
config.yaml: |-
admin:
port: 9990
namers:
- kind: io.l5d.k8s
experimental: true
telemetry:
- kind: io.l5d.prometheus
- kind: io.l5d.recentRequests
sampleRate: 0.25
routers:
## outgoing configurations ##
- protocol: http
label: http-ingress
interpreter:
kind: io.l5d.mesh
experimental: true
root: /http
dst: /$/inet/namerd/4321
transformers:
- kind: io.l5d.k8s.daemonset
namespace: l5d-system
port: http-internal
service: l5d
servers:
- port: 4100
ip: 0.0.0.0
engine:
kind: netty4
- port: 4200
ip: 0.0.0.0
engine:
kind: netty4
tls:
certPath: /etc/l5d/tls/certificate.pem
keyPath: /etc/l5d/tls/key.pkcs8
client:
engine:
kind: netty4
tls:
commonName: l5d
trustCerts:
- /etc/l5d/tls/ca.pem
- protocol: http
label: http-internal
interpreter:
kind: io.l5d.mesh
experimental: true
root: /http
dst: /$/inet/namerd/4321
transformers:
- kind: io.l5d.k8s.localnode
servers:
- port: 4300
ip: 0.0.0.0
engine:
kind: netty4
tls:
certPath: /etc/l5d/tls/certificate.pem
keyPath: /etc/l5d/tls/key.pkcs8
- protocol: h2
experimental: true
label: h2-ingress
interpreter:
kind: io.l5d.mesh
experimental: true
root: /h2
dst: /$/inet/namerd/4321
transformers:
- kind: io.l5d.k8s.daemonset
namespace: l5d-system
port: h2-internal
service: l5d
servers:
- port: 5100
ip: 0.0.0.0
- port: 5200
ip: 0.0.0.0
tls:
certPath: /etc/l5d/tls/certificate.pem
keyPath: /etc/l5d/tls/key.pkcs8
client:
tls:
commonName: l5d
trustCerts:
- /etc/l5d/tls/ca.pem
- protocol: h2
experimental: true
label: h2-internal
interpreter:
kind: io.l5d.mesh
experimental: true
root: /h2
dst: /$/inet/namerd/4321
transformers:
- kind: io.l5d.k8s.localnode
servers:
- port: 5300
ip: 0.0.0.0
tls:
certPath: /etc/l5d/tls/certificate.pem
keyPath: /etc/l5d/tls/key.pkcs8
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
app: l5d
name: l5d
spec:
template:
metadata:
labels:
app: l5d
spec:
volumes:
- name: l5d-config
configMap:
name: l5d-config
- name: l5d-pki
secret:
secretName: l5d-pki
containers:
- name: l5d
image: buoyantio/linkerd:1.0.0
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
args:
- /etc/l5d/config/config.yaml
ports:
- {name: http-ingress, containerPort: 4100, hostPort: 4100}
- {name: https-ingress, containerPort: 4200, hostPort: 4200}
- {name: http-internal, containerPort: 4300 }
- {name: h2-ingress, containerPort: 5100, hostPort: 5100}
- {name: h2s-ingress, containerPort: 5200, hostPort: 5200}
- {name: h2-internal, containerPort: 5300 }
- {name: admin, containerPort: 9990 }
volumeMounts:
- name: "l5d-config"
mountPath: "/etc/l5d/config"
readOnly: true
- name: "l5d-pki"
mountPath: "/etc/l5d/tls"
readOnly: true
- name: kubectl
image: buoyantio/kubectl:v1.4.0
args:
- "proxy"
- "-p"
- "8001"
---
apiVersion: v1
kind: Service
metadata:
name: l5d
spec:
selector:
app: l5d
type: LoadBalancer
ports:
- {name: http-ingress, port: 4100}
- {name: https-ingress, port: 4200}
- {name: http-internal, port: 4300}
- {name: h2-ingress, port: 5100}
- {name: h2s-ingress, port: 5200}
- {name: h2-internal, port: 5300}
- {name: admin, port: 9990}
# create dtabs for h2 / grpc
namerctl dtab create h2 --base-url http://localhost:4180 - <<EOF
/domain/production => /#/io.l5d.k8s/production/8443;
/domain/staging => /#/io.l5d.k8s/staging/8443;
/domain/qa => /#/io.l5d.k8s/qa/8443;
/svc => /$/io.buoyant.http.domainToPathPfx/domain;
EOF
# create dtabs for http(s)
namerctl dtab create http --base-url http://localhost:4180 - <<EOF
/domain/production => /#/io.l5d.k8s/production/8080;
/domain/staging => /#/io.l5d.k8s/staging/8080;
/domain/qa => /#/io.l5d.k8s/qa/8080;
/svc => /$/io.buoyant.http.domainToPathPfx/domain;
EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment