-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Control skip port flag via custom annotation in resource #1997
Comments
I love this! It'd be awesome to work on along with #1862 . |
This is a great idea! This makes sense for my use case in conjunction with |
I agree! We're actively working on annotation-based overrides for all inject configuration options as part of #2287. That will include overrides for inbound/outbound ports. |
EDIT: @klingerf described a better approach at #1997 (comment), by using
Keep in mind that this is a global change which will also affect the proxies in the control plane. The current workaround is to modify the the config map which the proxy-injector reads from. Inside the If for example, I am auto-injecting into a NATS server, I'll add port 4222 and 6222 to the |
@ihcsim I don't think there's a need to modify the
But the values in the ConfigMap are applied globally and can't be overridden per injected deployment. We're planning on fixing that by adding support for overriding the values via annotations, as described in this issue. |
This is fixed by #2471. |
Feature Request
For disable protocol auto detection on specific port we have this option on
linkerd inject
cli command--skip-outbound-ports
and--skip-outbound-ports
but when auto injection is in use we cannot specify this option for each resource.What problem are you trying to solve?
Auto injection sidecar proxy is really awesome because with these feature we cover very large of deploy case without make difficult for the end user setup linkerd2, but we need configure what port haven't to be proxied so at this time we cannot use MySql over non standard port with auto inject feature.
How should the problem be solved?
The problem can be solved to add a custom annotation on kubernetes resources for specify what port must pass at the deployment level, the same things we already do for specify when the resource must not be injected with the sidecar proxy.
We can add two custom resource annotation:
linkerd.io/skip-inbound-ports: <uintSlice>
linkerd.io/skip-outbound-ports: <uintSlice>
We use the flag for the annotation and cli so is more easy for the user understand how this work and how to use it.
If the value aren't specified take the default.
This feature is allowed only in conjunction with auto injection, so we haven't to define who have the precedence in the configuration injection between the
linkerd inject
or annotation over the resource.The main drawback is the are more configuration, but this feature can be enabled only in some specific case, and is already configured per resource as other configuration for linkerd.
For this use case i suggest to use annotations over labels both are metadata associated to a resource but labels are preferred for query purpose, we don't need this feature so annotation are ok.
Any alternatives you've considered?
Maybe take this info on the control plane, but is really an hard work keep the sync between deployments and new proxy subscription.
How would users interact with this feature?
For example when deploy a new service:
I can use this deployment and auto inject feature detect the annotation and apply the option to the injected linkerd-proxy
Sorry for my bad english, i hope the intent are clear.
The text was updated successfully, but these errors were encountered: