diff --git a/charts/add-ons/grafana/templates/grafana.yaml b/charts/add-ons/grafana/templates/grafana.yaml index 3227cb2badd79..c23569daa4d65 100644 --- a/charts/add-ons/grafana/templates/grafana.yaml +++ b/charts/add-ons/grafana/templates/grafana.yaml @@ -180,4 +180,7 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} diff --git a/charts/add-ons/tracing/templates/tracing.yaml b/charts/add-ons/tracing/templates/tracing.yaml index 64007be75ad8e..55d1476bdc4b9 100644 --- a/charts/add-ons/tracing/templates/tracing.yaml +++ b/charts/add-ons/tracing/templates/tracing.yaml @@ -121,7 +121,7 @@ spec: - mountPath: /conf name: {{ printf "%s-config-val" .Values.collector.name}} - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.global.noInitContainer -}} + {{ if not .Values.global.cniEnabled -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} @@ -136,6 +136,9 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} --- ### @@ -214,7 +217,7 @@ spec: {{- include "partials.resources" .Values.jaeger.resources | nindent 8 }} {{- end }} - {{- include "partials.proxy" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if not .Values.global.noInitContainer -}} + {{ if not .Values.global.cniEnabled -}} initContainers: - {{- include "partials.proxy-init" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} @@ -224,4 +227,7 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} diff --git a/charts/linkerd2/templates/controller.yaml b/charts/linkerd2/templates/controller.yaml index 540a5821bb3ed..ef75d482c8752 100644 --- a/charts/linkerd2/templates/controller.yaml +++ b/charts/linkerd2/templates/controller.yaml @@ -118,4 +118,7 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} diff --git a/charts/linkerd2/templates/destination.yaml b/charts/linkerd2/templates/destination.yaml index 84880e7e25c97..6e6110c4b928b 100644 --- a/charts/linkerd2/templates/destination.yaml +++ b/charts/linkerd2/templates/destination.yaml @@ -118,4 +118,7 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} diff --git a/charts/linkerd2/templates/identity.yaml b/charts/linkerd2/templates/identity.yaml index 08a42deb6fe41..523589743b1f9 100644 --- a/charts/linkerd2/templates/identity.yaml +++ b/charts/linkerd2/templates/identity.yaml @@ -140,5 +140,8 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} {{end -}} diff --git a/charts/linkerd2/templates/prometheus.yaml b/charts/linkerd2/templates/prometheus.yaml index f4d14a2a3b39f..606d796ca62cf 100644 --- a/charts/linkerd2/templates/prometheus.yaml +++ b/charts/linkerd2/templates/prometheus.yaml @@ -291,6 +291,9 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} {{- if .Values.prometheusPersistence.enabled }} --- diff --git a/charts/linkerd2/templates/proxy-injector.yaml b/charts/linkerd2/templates/proxy-injector.yaml index a642ec98d47f6..ec2f5630d52fb 100644 --- a/charts/linkerd2/templates/proxy-injector.yaml +++ b/charts/linkerd2/templates/proxy-injector.yaml @@ -102,6 +102,9 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} --- kind: Service diff --git a/charts/linkerd2/templates/smi-metrics.yaml b/charts/linkerd2/templates/smi-metrics.yaml index 82ead8ae5216d..1301b051fe506 100644 --- a/charts/linkerd2/templates/smi-metrics.yaml +++ b/charts/linkerd2/templates/smi-metrics.yaml @@ -98,6 +98,9 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - name: config configMap: name: linkerd-smi-metrics diff --git a/charts/linkerd2/templates/sp-validator.yaml b/charts/linkerd2/templates/sp-validator.yaml index fea9d5121b8af..ffd12d0cb1621 100644 --- a/charts/linkerd2/templates/sp-validator.yaml +++ b/charts/linkerd2/templates/sp-validator.yaml @@ -116,4 +116,7 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} diff --git a/charts/linkerd2/templates/tap.yaml b/charts/linkerd2/templates/tap.yaml index 9d93938f3b58b..a054baa3bf031 100644 --- a/charts/linkerd2/templates/tap.yaml +++ b/charts/linkerd2/templates/tap.yaml @@ -127,6 +127,9 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} - name: tls secret: diff --git a/charts/linkerd2/templates/web.yaml b/charts/linkerd2/templates/web.yaml index f0637c5a8d99f..17d90b03e22e4 100644 --- a/charts/linkerd2/templates/web.yaml +++ b/charts/linkerd2/templates/web.yaml @@ -125,4 +125,7 @@ spec: {{ if .Values.global.controlPlaneTracing -}} - {{- include "partials.proxy.volumes.labels" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} + {{ if not .Values.global.cniEnabled -}} + - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }} + {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} diff --git a/charts/linkerd2/values.yaml b/charts/linkerd2/values.yaml index e094c01215f1a..683879aa91a39 100644 --- a/charts/linkerd2/values.yaml +++ b/charts/linkerd2/values.yaml @@ -71,6 +71,9 @@ global: limit: 50Mi request: 10Mi closeWaitTimeoutSecs: 0 + xtMountPath: + mountPath: /run + name: linkerd-proxy-init-xtables-lock # control plane annotations - do not edit createdByAnnotation: linkerd.io/created-by diff --git a/charts/partials/templates/_proxy-init.tpl b/charts/partials/templates/_proxy-init.tpl index 69435db25b95c..59508e7cc1e81 100644 --- a/charts/partials/templates/_proxy-init.tpl +++ b/charts/partials/templates/_proxy-init.tpl @@ -50,10 +50,16 @@ securityContext: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError -{{- if .Values.global.proxyInit.saMountPath }} +{{- if or (not .Values.global.cniEnabled) .Values.global.proxyInit.saMountPath }} volumeMounts: +{{- end -}} +{{- if not .Values.global.cniEnabled }} +- mountPath: {{.Values.global.proxyInit.xtMountPath.mountPath}} + name: {{.Values.global.proxyInit.xtMountPath.name}} +{{- end -}} +{{- if .Values.global.proxyInit.saMountPath }} - mountPath: {{.Values.global.proxyInit.saMountPath.mountPath}} name: {{.Values.global.proxyInit.saMountPath.name}} readOnly: {{.Values.global.proxyInit.saMountPath.readOnly}} -{{- end -}} +{{- end -}} {{- end -}} diff --git a/charts/partials/templates/_volumes.tpl b/charts/partials/templates/_volumes.tpl index e033d6d92190d..bd5f10164114b 100644 --- a/charts/partials/templates/_volumes.tpl +++ b/charts/partials/templates/_volumes.tpl @@ -24,3 +24,8 @@ downwardAPI: path: "labels" name: podinfo {{- end -}} + +{{ define "partials.proxyInit.volumes.xtables" -}} +emptyDir: {} +name: linkerd-proxy-init-xtables-lock +{{- end -}} \ No newline at end of file diff --git a/charts/patch/templates/patch.json b/charts/patch/templates/patch.json index 91ed9dc5c45ad..710e0087bd5e3 100644 --- a/charts/patch/templates/patch.json +++ b/charts/patch/templates/patch.json @@ -35,6 +35,15 @@ "value": "{{$value}}" }, {{- end }} + {{- if or .Values.global.proxyInit .Values.global.proxy }} + {{- if .Values.addRootVolumes }} + { + "op": "add", + "path": "{{$prefix}}/spec/volumes", + "value": [] + }, + {{- end }} + {{- end}} {{- if .Values.global.proxyInit }} {{- if .Values.addRootInitContainers }} { @@ -43,6 +52,14 @@ "value": [] }, {{- end }} + { + "op": "add", + "path": "{{$prefix}}/spec/volumes/-", + "value": { + "emptyDir": {}, + "name": "linkerd-proxy-init-xtables-lock" + } + }, { "op": "add", "path": "{{$prefix}}/spec/initContainers/-", @@ -59,13 +76,6 @@ }, {{- end }} {{- if .Values.global.proxy }} - {{- if .Values.addRootVolumes }} - { - "op": "add", - "path": "{{$prefix}}/spec/volumes", - "value": [] - }, - {{- end }} {{- if (.Values.global.proxy.trace.collectorSvcAddr) }} { "op": "add", diff --git a/cli/cmd/install.go b/cli/cmd/install.go index 089b46f61fbcb..948b7d394fba5 100644 --- a/cli/cmd/install.go +++ b/cli/cmd/install.go @@ -824,6 +824,10 @@ func (options *installOptions) buildValuesWithoutIdentity(configs *pb.All) (*l5d installValues.Global.ProxyInit.Image.Version = options.initImageVersion installValues.Global.ProxyInit.IgnoreInboundPorts = strings.Join(options.ignoreInboundPorts, ",") installValues.Global.ProxyInit.IgnoreOutboundPorts = strings.Join(options.ignoreOutboundPorts, ",") + installValues.Global.ProxyInit.XTMountPath = &l5dcharts.VolumeMountPath{ + MountPath: k8s.MountPathXtablesLock, + Name: k8s.InitXtablesLockVolumeMountName, + } installValues.DebugContainer.Image.Name = registryOverride(options.debugImage, options.dockerRegistry) installValues.DebugContainer.Image.PullPolicy = options.imagePullPolicy diff --git a/cli/cmd/install_test.go b/cli/cmd/install_test.go index 8d223c9bcc032..fa39821484836 100644 --- a/cli/cmd/install_test.go +++ b/cli/cmd/install_test.go @@ -117,6 +117,10 @@ func TestRender(t *testing.T) { Request: "10Mi", }, }, + XTMountPath: &charts.VolumeMountPath{ + MountPath: "/run", + Name: "linkerd-proxy-init-xtables-lock", + }, }, }, Configs: charts.ConfigJSONs{ diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml index bb33d0a2e066f..cda72cd727863 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml @@ -146,7 +146,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml index 14cb5364896ec..8ba2538522564 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml @@ -146,7 +146,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -299,7 +304,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml index 27bbc05e872ae..f72fea8148244 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml @@ -146,7 +146,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_contour.golden.yml b/cli/cmd/testdata/inject_contour.golden.yml index 717ae5f9bf981..f91f2042e8e4b 100644 --- a/cli/cmd/testdata/inject_contour.golden.yml +++ b/cli/cmd/testdata/inject_contour.golden.yml @@ -186,7 +186,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml index c561d854479b3..9e4c96617a27d 100644 --- a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml @@ -157,7 +157,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -321,7 +326,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -485,7 +495,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -649,7 +664,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml index ca3b90d3541b1..82e423724e571 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml @@ -157,7 +157,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml index cfa3523683839..adb3c68694035 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml @@ -173,7 +173,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml index 3d845d2081e0f..52711486b4afb 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml @@ -175,7 +175,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml index 987dcb49bfcb8..9695791cdc7b9 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml @@ -157,7 +157,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -321,7 +326,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml index ac80955f720c1..3abe89d597080 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml @@ -162,7 +162,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_empty_proxy_version_config.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_empty_proxy_version_config.golden.yml index 859cf65d7a338..d7a4d1ac1954c 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_empty_proxy_version_config.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_empty_proxy_version_config.golden.yml @@ -157,7 +157,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml index 4d1e4ead64440..5a2fa53118062 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml @@ -157,7 +157,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_empty_version_config.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_empty_version_config.golden.yml index 4634ab9fede1d..d3233c803a4b7 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_empty_version_config.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_empty_version_config.golden.yml @@ -157,7 +157,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml index b82a6f8a6a8db..74853b5d16292 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml @@ -158,7 +158,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml index 0955ddaf6fa87..02c306b327fe3 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml @@ -158,7 +158,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml index d6ff99686d867..3259636881476 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml @@ -159,7 +159,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_trace.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_trace.golden.yml index 41162714fda29..43d3c5dadc646 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_trace.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_trace.golden.yml @@ -167,7 +167,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - downwardAPI: items: - fieldRef: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml index b75cd0ef605ed..c69004f04314b 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml @@ -159,7 +159,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_list.golden.yml b/cli/cmd/testdata/inject_emojivoto_list.golden.yml index 850e3fb208a3c..e880058fcad12 100644 --- a/cli/cmd/testdata/inject_emojivoto_list.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list.golden.yml @@ -159,7 +159,12 @@ items: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -317,7 +322,12 @@ items: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml index c7e64b345308c..f3288be060397 100644 --- a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml @@ -159,7 +159,12 @@ items: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -317,7 +322,12 @@ items: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml index 92f6fd453b928..98ef10d9123a7 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml @@ -142,7 +142,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml index b3d2f71a59f99..6d583c0a5018f 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml @@ -144,7 +144,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml index 2b1588d118ae8..f9094adee243f 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml @@ -149,7 +149,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml index b0dcbd256a4b5..f023c821f51d7 100644 --- a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml @@ -158,7 +158,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml index cfaa52a06e6b2..dbedc8b577a22 100644 --- a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml +++ b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml @@ -159,7 +159,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -325,7 +330,12 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml index 39ded26df8c91..37f094ecf47c2 100644 --- a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml @@ -213,6 +213,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock restartPolicy: Always schedulerName: default-scheduler securityContext: {} @@ -228,6 +231,8 @@ spec: secret: defaultMode: 420 secretName: linkerd-tap-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_addon_control-plane.golden b/cli/cmd/testdata/install_addon_control-plane.golden index 3699e0f3c90f7..238b575a31fa1 100644 --- a/cli/cmd/testdata/install_addon_control-plane.golden +++ b/cli/cmd/testdata/install_addon_control-plane.golden @@ -243,6 +243,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -251,6 +254,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -467,11 +472,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -688,11 +698,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -959,11 +974,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1333,6 +1353,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -1340,6 +1363,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1535,6 +1560,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -1543,6 +1571,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1774,11 +1804,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2001,11 +2036,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2286,6 +2326,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-collector volumes: - configMap: @@ -2294,6 +2337,8 @@ spec: path: linkerd-collector-config.yaml name: linkerd-collector-config name: linkerd-collector-config-val + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2493,9 +2538,14 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock dnsPolicy: ClusterFirst serviceAccountName: linkerd-jaeger volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2773,6 +2823,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -2787,6 +2840,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_control-plane.golden b/cli/cmd/testdata/install_control-plane.golden index 6d08344e54e63..df20c70591bd5 100644 --- a/cli/cmd/testdata/install_control-plane.golden +++ b/cli/cmd/testdata/install_control-plane.golden @@ -243,6 +243,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -251,6 +254,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -467,11 +472,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -688,11 +698,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -958,11 +973,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1332,6 +1352,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -1339,6 +1362,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1534,6 +1559,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -1542,6 +1570,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1773,11 +1803,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2000,11 +2035,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2311,6 +2351,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -2325,6 +2368,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index 9d8dd470d1d99..43001cb2634f8 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -1085,6 +1085,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1099,6 +1102,8 @@ spec: fieldPath: metadata.labels path: "labels" name: podinfo + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1324,6 +1329,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: @@ -1335,6 +1343,8 @@ spec: fieldPath: metadata.labels path: "labels" name: podinfo + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1560,6 +1570,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: @@ -1571,6 +1584,8 @@ spec: fieldPath: metadata.labels path: "labels" name: podinfo + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1845,6 +1860,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: @@ -1856,6 +1874,8 @@ spec: fieldPath: metadata.labels path: "labels" name: podinfo + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2233,6 +2253,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2246,6 +2269,8 @@ spec: fieldPath: metadata.labels path: "labels" name: podinfo + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2449,6 +2474,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2463,6 +2491,8 @@ spec: fieldPath: metadata.labels path: "labels" name: podinfo + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2702,6 +2732,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls @@ -2713,6 +2746,8 @@ spec: fieldPath: metadata.labels path: "labels" name: podinfo + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2944,6 +2979,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: @@ -2955,6 +2993,8 @@ spec: fieldPath: metadata.labels path: "labels" name: podinfo + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3282,6 +3322,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3302,6 +3345,8 @@ spec: fieldPath: metadata.labels path: "labels" name: podinfo + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index 8392e93e15fc6..1f630f41f1377 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -1076,6 +1076,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1084,6 +1087,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1300,11 +1305,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1521,11 +1531,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1791,11 +1806,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2165,6 +2185,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2172,6 +2195,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2367,6 +2392,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2375,6 +2403,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2606,11 +2636,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2833,11 +2868,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3157,6 +3197,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3171,6 +3214,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index 8c93b1264854e..d4aa70bf31642 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -1076,6 +1076,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1084,6 +1087,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1300,11 +1305,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1521,11 +1531,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1791,11 +1806,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2165,6 +2185,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2172,6 +2195,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2367,6 +2392,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2375,6 +2403,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2606,11 +2636,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2833,11 +2868,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3157,6 +3197,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3171,6 +3214,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_default_override_dst_get_nets.golden b/cli/cmd/testdata/install_default_override_dst_get_nets.golden index 0f2181977de1b..752cdd4b3e19a 100644 --- a/cli/cmd/testdata/install_default_override_dst_get_nets.golden +++ b/cli/cmd/testdata/install_default_override_dst_get_nets.golden @@ -1076,6 +1076,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1084,6 +1087,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1300,11 +1305,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1521,11 +1531,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1791,11 +1806,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2165,6 +2185,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2172,6 +2195,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2367,6 +2392,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2375,6 +2403,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2606,11 +2636,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2833,11 +2868,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3157,6 +3197,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3171,6 +3214,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_grafana_existing.golden b/cli/cmd/testdata/install_grafana_existing.golden index 6b0a8b46670f2..abb5e6116cea3 100644 --- a/cli/cmd/testdata/install_grafana_existing.golden +++ b/cli/cmd/testdata/install_grafana_existing.golden @@ -1073,6 +1073,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1081,6 +1084,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1297,11 +1302,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1518,11 +1528,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1788,11 +1803,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2153,6 +2173,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2160,6 +2183,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2355,6 +2380,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2363,6 +2391,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2594,11 +2624,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2821,11 +2856,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index f4e569f777e55..2c4bd2cc6fccb 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -1112,6 +1112,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1120,6 +1123,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1372,11 +1377,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1629,11 +1639,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1919,11 +1934,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2306,6 +2326,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2313,6 +2336,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2544,6 +2569,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2552,6 +2580,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2819,11 +2849,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3082,11 +3117,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3426,6 +3466,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3440,6 +3483,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 0aee6f370fda3..8416ddbd5875d 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -1112,6 +1112,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1120,6 +1123,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1372,11 +1377,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1629,11 +1639,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1919,11 +1934,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2306,6 +2326,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2313,6 +2336,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2544,6 +2569,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2552,6 +2580,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2819,11 +2849,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3082,11 +3117,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3426,6 +3466,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3440,6 +3483,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index 9b590c7242beb..c5ccc76bbfb26 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -1032,6 +1032,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1040,6 +1043,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1256,11 +1261,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1477,11 +1487,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1702,11 +1717,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2076,6 +2096,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2083,6 +2106,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2278,6 +2303,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2286,6 +2314,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2517,11 +2547,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2744,11 +2779,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3068,6 +3108,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3082,6 +3125,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_helm_output.golden b/cli/cmd/testdata/install_helm_output.golden index 953b2a6c4de5a..dad7dd1cbaca9 100644 --- a/cli/cmd/testdata/install_helm_output.golden +++ b/cli/cmd/testdata/install_helm_output.golden @@ -1159,6 +1159,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1167,6 +1170,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1376,11 +1381,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1590,11 +1600,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1855,11 +1870,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2222,6 +2242,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2229,6 +2252,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2418,6 +2443,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2426,6 +2454,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2651,11 +2681,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2872,11 +2907,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3195,6 +3235,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3209,6 +3252,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_helm_output_addons.golden b/cli/cmd/testdata/install_helm_output_addons.golden index a8253d435b3a8..bf4fbd8d8e077 100644 --- a/cli/cmd/testdata/install_helm_output_addons.golden +++ b/cli/cmd/testdata/install_helm_output_addons.golden @@ -1159,6 +1159,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1167,6 +1170,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1376,11 +1381,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1590,11 +1600,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1856,11 +1871,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2223,6 +2243,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2230,6 +2253,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2419,6 +2444,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2427,6 +2455,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2652,11 +2682,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2873,11 +2908,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3183,6 +3223,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-collector volumes: - configMap: @@ -3191,6 +3234,8 @@ spec: path: linkerd-collector-config.yaml name: linkerd-collector-config name: linkerd-collector-config-val + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3381,9 +3426,14 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock dnsPolicy: ClusterFirst serviceAccountName: linkerd-jaeger volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3669,6 +3719,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3683,6 +3736,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_helm_output_ha.golden b/cli/cmd/testdata/install_helm_output_ha.golden index 8afbbbbc6a145..d7db3a3559559 100644 --- a/cli/cmd/testdata/install_helm_output_ha.golden +++ b/cli/cmd/testdata/install_helm_output_ha.golden @@ -1195,6 +1195,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1203,6 +1206,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1448,11 +1453,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1698,11 +1708,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1983,11 +1998,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2363,6 +2383,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2370,6 +2393,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2595,6 +2620,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2603,6 +2631,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2864,11 +2894,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3121,11 +3156,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3464,6 +3504,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3478,6 +3521,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index c643e3c04c4cf..6c9f594bacbff 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -1075,6 +1075,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1083,6 +1086,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1298,11 +1303,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1518,11 +1528,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1787,11 +1802,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2160,6 +2180,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2167,6 +2190,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2361,6 +2386,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2369,6 +2397,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2599,11 +2629,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2825,11 +2860,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3148,6 +3188,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3162,6 +3205,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index 0cc49332ac46c..4165525d8a7aa 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -1076,6 +1076,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1084,6 +1087,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1300,11 +1305,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1521,11 +1531,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1791,11 +1806,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2165,6 +2185,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2172,6 +2195,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2367,6 +2392,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2375,6 +2403,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2606,11 +2636,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2833,11 +2868,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3157,6 +3197,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3171,6 +3214,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_restricted_dashboard.golden b/cli/cmd/testdata/install_restricted_dashboard.golden index f0c6c44e20019..11ac4cb673edf 100644 --- a/cli/cmd/testdata/install_restricted_dashboard.golden +++ b/cli/cmd/testdata/install_restricted_dashboard.golden @@ -1008,6 +1008,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1016,6 +1019,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1232,11 +1237,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1453,11 +1463,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1723,11 +1738,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2097,6 +2117,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2104,6 +2127,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2299,6 +2324,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2307,6 +2335,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2538,11 +2568,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2765,11 +2800,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3089,6 +3129,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3103,6 +3146,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_tracing.golden b/cli/cmd/testdata/install_tracing.golden index 257f1b6d73f36..49752f19f90db 100644 --- a/cli/cmd/testdata/install_tracing.golden +++ b/cli/cmd/testdata/install_tracing.golden @@ -1076,6 +1076,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1084,6 +1087,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1300,11 +1305,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1521,11 +1531,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1792,11 +1807,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2166,6 +2186,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2173,6 +2196,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2368,6 +2393,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2376,6 +2404,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2607,11 +2637,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2834,11 +2869,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3145,6 +3185,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-collector volumes: - configMap: @@ -3153,6 +3196,8 @@ spec: path: linkerd-collector-config.yaml name: linkerd-collector-config name: linkerd-collector-config-val + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3352,9 +3397,14 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock dnsPolicy: ClusterFirst serviceAccountName: linkerd-jaeger volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3645,6 +3695,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3659,6 +3712,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/install_tracing_overwrite.golden b/cli/cmd/testdata/install_tracing_overwrite.golden index a105ca587fa1d..3e93e9794c043 100644 --- a/cli/cmd/testdata/install_tracing_overwrite.golden +++ b/cli/cmd/testdata/install_tracing_overwrite.golden @@ -1076,6 +1076,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1084,6 +1087,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1300,11 +1305,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1521,11 +1531,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1792,11 +1807,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2166,6 +2186,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2173,6 +2196,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2368,6 +2393,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2376,6 +2404,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2607,11 +2637,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2834,11 +2869,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3143,6 +3183,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: overwrite-collector volumes: - configMap: @@ -3151,6 +3194,8 @@ spec: path: linkerd-collector-config.yaml name: overwrite-collector-config name: overwrite-collector-config-val + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3350,9 +3395,14 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock dnsPolicy: ClusterFirst serviceAccountName: linkerd-jaeger volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3643,6 +3693,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3657,6 +3710,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_add-on_controlplane.golden b/cli/cmd/testdata/upgrade_add-on_controlplane.golden index 356780c9097eb..48b163b80ef42 100644 --- a/cli/cmd/testdata/upgrade_add-on_controlplane.golden +++ b/cli/cmd/testdata/upgrade_add-on_controlplane.golden @@ -245,6 +245,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -253,6 +256,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -471,11 +476,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -694,11 +704,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -967,11 +982,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1343,6 +1363,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -1350,6 +1373,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1547,6 +1572,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -1555,6 +1583,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1788,11 +1818,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2017,11 +2052,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2304,6 +2344,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-collector volumes: - configMap: @@ -2312,6 +2355,8 @@ spec: path: linkerd-collector-config.yaml name: linkerd-collector-config name: linkerd-collector-config-val + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2513,9 +2558,14 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock dnsPolicy: ClusterFirst serviceAccountName: linkerd-jaeger volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2795,6 +2845,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -2809,6 +2862,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_add-on_overwrite.golden b/cli/cmd/testdata/upgrade_add-on_overwrite.golden index 3273282696aee..ff27f59304184 100644 --- a/cli/cmd/testdata/upgrade_add-on_overwrite.golden +++ b/cli/cmd/testdata/upgrade_add-on_overwrite.golden @@ -1078,6 +1078,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1086,6 +1089,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1304,11 +1309,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1527,11 +1537,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1800,11 +1815,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2176,6 +2196,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2183,6 +2206,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2380,6 +2405,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2388,6 +2416,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2621,11 +2651,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2850,11 +2885,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3163,6 +3203,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: overwrite-collector volumes: - configMap: @@ -3171,6 +3214,8 @@ spec: path: linkerd-collector-config.yaml name: overwrite-collector-config name: overwrite-collector-config-val + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3372,9 +3417,14 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock dnsPolicy: ClusterFirst serviceAccountName: linkerd-jaeger volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3667,6 +3717,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3681,6 +3734,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_add_add-on.golden b/cli/cmd/testdata/upgrade_add_add-on.golden index 659150fcb6634..d86402b23c9c4 100644 --- a/cli/cmd/testdata/upgrade_add_add-on.golden +++ b/cli/cmd/testdata/upgrade_add_add-on.golden @@ -1078,6 +1078,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1086,6 +1089,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1304,11 +1309,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1527,11 +1537,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1800,11 +1815,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2176,6 +2196,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2183,6 +2206,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2380,6 +2405,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2388,6 +2416,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2621,11 +2651,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2850,11 +2885,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3163,6 +3203,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-collector volumes: - configMap: @@ -3171,6 +3214,8 @@ spec: path: linkerd-collector-config.yaml name: linkerd-collector-config name: linkerd-collector-config-val + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3372,9 +3417,14 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock dnsPolicy: ClusterFirst serviceAccountName: linkerd-jaeger volumes: + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3667,6 +3717,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3681,6 +3734,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_default.golden b/cli/cmd/testdata/upgrade_default.golden index 223f2f10a9fb8..b571781bba24f 100644 --- a/cli/cmd/testdata/upgrade_default.golden +++ b/cli/cmd/testdata/upgrade_default.golden @@ -1078,6 +1078,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1086,6 +1089,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1304,11 +1309,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1527,11 +1537,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1799,11 +1814,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2175,6 +2195,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2182,6 +2205,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2379,6 +2404,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2387,6 +2415,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2620,11 +2650,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2849,11 +2884,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3175,6 +3215,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3189,6 +3232,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_external_issuer.golden b/cli/cmd/testdata/upgrade_external_issuer.golden index e0850d458c461..faba0ef392143 100644 --- a/cli/cmd/testdata/upgrade_external_issuer.golden +++ b/cli/cmd/testdata/upgrade_external_issuer.golden @@ -1064,6 +1064,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1072,6 +1075,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1290,11 +1295,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1513,11 +1523,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1785,11 +1800,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2161,6 +2181,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2168,6 +2191,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2365,6 +2390,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2373,6 +2401,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2606,11 +2636,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2835,11 +2870,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3161,6 +3201,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3175,6 +3218,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_grafana_addon_overwrite.yaml b/cli/cmd/testdata/upgrade_grafana_addon_overwrite.yaml index 3703dc116921c..d9bf6fa7b5824 100644 --- a/cli/cmd/testdata/upgrade_grafana_addon_overwrite.yaml +++ b/cli/cmd/testdata/upgrade_grafana_addon_overwrite.yaml @@ -1078,6 +1078,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1086,6 +1089,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1304,11 +1309,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1527,11 +1537,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1799,11 +1814,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2175,6 +2195,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2182,6 +2205,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2379,6 +2404,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2387,6 +2415,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2620,11 +2650,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2849,11 +2884,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3175,6 +3215,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3189,6 +3232,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_grafana_disabled.yaml b/cli/cmd/testdata/upgrade_grafana_disabled.yaml index 06562335aa777..97ccc21721ead 100644 --- a/cli/cmd/testdata/upgrade_grafana_disabled.yaml +++ b/cli/cmd/testdata/upgrade_grafana_disabled.yaml @@ -1075,6 +1075,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1083,6 +1086,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1301,11 +1306,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1524,11 +1534,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1795,11 +1810,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2162,6 +2182,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2169,6 +2192,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2366,6 +2391,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2374,6 +2402,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2607,11 +2637,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2836,11 +2871,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_grafana_enabled.yaml b/cli/cmd/testdata/upgrade_grafana_enabled.yaml index 3703dc116921c..d9bf6fa7b5824 100644 --- a/cli/cmd/testdata/upgrade_grafana_enabled.yaml +++ b/cli/cmd/testdata/upgrade_grafana_enabled.yaml @@ -1078,6 +1078,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1086,6 +1089,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1304,11 +1309,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1527,11 +1537,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1799,11 +1814,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2175,6 +2195,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2182,6 +2205,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2379,6 +2404,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2387,6 +2415,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2620,11 +2650,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2849,11 +2884,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3175,6 +3215,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3189,6 +3232,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_grafana_enabled_disabled.yaml b/cli/cmd/testdata/upgrade_grafana_enabled_disabled.yaml index 06562335aa777..97ccc21721ead 100644 --- a/cli/cmd/testdata/upgrade_grafana_enabled_disabled.yaml +++ b/cli/cmd/testdata/upgrade_grafana_enabled_disabled.yaml @@ -1075,6 +1075,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1083,6 +1086,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1301,11 +1306,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1524,11 +1534,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1795,11 +1810,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2162,6 +2182,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2169,6 +2192,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2366,6 +2391,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2374,6 +2402,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2607,11 +2637,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2836,11 +2871,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_grafana_overwrite.yaml b/cli/cmd/testdata/upgrade_grafana_overwrite.yaml index 10415aba39d18..1ce4f6f76e4db 100644 --- a/cli/cmd/testdata/upgrade_grafana_overwrite.yaml +++ b/cli/cmd/testdata/upgrade_grafana_overwrite.yaml @@ -1078,6 +1078,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1086,6 +1089,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1304,11 +1309,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1527,11 +1537,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1799,11 +1814,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2175,6 +2195,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2182,6 +2205,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2379,6 +2404,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2387,6 +2415,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2620,11 +2650,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2849,11 +2884,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3175,6 +3215,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana-overwrite volumes: - emptyDir: {} @@ -3189,6 +3232,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-overwrite-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_ha.golden b/cli/cmd/testdata/upgrade_ha.golden index 76595750a0633..75290f6e4d349 100644 --- a/cli/cmd/testdata/upgrade_ha.golden +++ b/cli/cmd/testdata/upgrade_ha.golden @@ -1114,6 +1114,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1122,6 +1125,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1376,11 +1381,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1635,11 +1645,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1927,11 +1942,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2316,6 +2336,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2323,6 +2346,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2556,6 +2581,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2564,6 +2592,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2833,11 +2863,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3098,11 +3133,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3444,6 +3484,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3458,6 +3501,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_keep_webhook_cabundle.golden b/cli/cmd/testdata/upgrade_keep_webhook_cabundle.golden index 12fe5818d59c2..812c0b1ead6dd 100644 --- a/cli/cmd/testdata/upgrade_keep_webhook_cabundle.golden +++ b/cli/cmd/testdata/upgrade_keep_webhook_cabundle.golden @@ -1078,6 +1078,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1086,6 +1089,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1304,11 +1309,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1527,11 +1537,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1799,11 +1814,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2175,6 +2195,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2182,6 +2205,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2379,6 +2404,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2387,6 +2415,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2620,11 +2650,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2849,11 +2884,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3175,6 +3215,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3189,6 +3232,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_nothing_addon.yaml b/cli/cmd/testdata/upgrade_nothing_addon.yaml index 3703dc116921c..d9bf6fa7b5824 100644 --- a/cli/cmd/testdata/upgrade_nothing_addon.yaml +++ b/cli/cmd/testdata/upgrade_nothing_addon.yaml @@ -1078,6 +1078,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1086,6 +1089,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1304,11 +1309,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1527,11 +1537,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1799,11 +1814,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2175,6 +2195,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2182,6 +2205,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2379,6 +2404,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2387,6 +2415,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2620,11 +2650,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2849,11 +2884,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3175,6 +3215,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3189,6 +3232,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_overwrite_issuer.golden b/cli/cmd/testdata/upgrade_overwrite_issuer.golden index 37aeebeea7588..46b8243d3baa8 100644 --- a/cli/cmd/testdata/upgrade_overwrite_issuer.golden +++ b/cli/cmd/testdata/upgrade_overwrite_issuer.golden @@ -1076,6 +1076,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1084,6 +1087,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1300,11 +1305,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1521,11 +1531,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1791,11 +1806,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2165,6 +2185,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2172,6 +2195,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2367,6 +2392,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2375,6 +2403,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2606,11 +2636,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2833,11 +2868,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3157,6 +3197,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3171,6 +3214,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden b/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden index 66cdd077ca280..a597f64f221a4 100644 --- a/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden +++ b/cli/cmd/testdata/upgrade_overwrite_trust_anchors-external-issuer.golden @@ -1062,6 +1062,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1070,6 +1073,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1286,11 +1291,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1507,11 +1517,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1777,11 +1792,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2151,6 +2171,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2158,6 +2181,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2353,6 +2378,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2361,6 +2389,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2592,11 +2622,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2819,11 +2854,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3143,6 +3183,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3157,6 +3200,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden index 37aeebeea7588..46b8243d3baa8 100644 --- a/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden +++ b/cli/cmd/testdata/upgrade_overwrite_trust_anchors.golden @@ -1076,6 +1076,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1084,6 +1087,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1300,11 +1305,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1521,11 +1531,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1791,11 +1806,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2165,6 +2185,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2172,6 +2195,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2367,6 +2392,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2375,6 +2403,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2606,11 +2636,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2833,11 +2868,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3157,6 +3197,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3171,6 +3214,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/cli/cmd/testdata/upgrade_two_level_webhook_cert.golden b/cli/cmd/testdata/upgrade_two_level_webhook_cert.golden index d9e8c53b75986..69abd15afb838 100644 --- a/cli/cmd/testdata/upgrade_two_level_webhook_cert.golden +++ b/cli/cmd/testdata/upgrade_two_level_webhook_cert.golden @@ -1078,6 +1078,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-identity volumes: - configMap: @@ -1086,6 +1089,8 @@ spec: - name: identity-issuer secret: secretName: linkerd-identity-issuer + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1304,11 +1309,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-controller volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1527,11 +1537,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-destination volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -1799,11 +1814,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-web volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2175,6 +2195,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-prometheus volumes: - name: data @@ -2182,6 +2205,8 @@ spec: - configMap: name: linkerd-prometheus-config name: prometheus-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2379,6 +2404,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-proxy-injector volumes: - configMap: @@ -2387,6 +2415,8 @@ spec: - name: tls secret: secretName: linkerd-proxy-injector-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2620,11 +2650,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-sp-validator volumes: - name: tls secret: secretName: linkerd-sp-validator-tls + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -2849,11 +2884,16 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-tap volumes: - configMap: name: linkerd-config name: config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity @@ -3175,6 +3215,9 @@ spec: runAsNonRoot: false runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /run + name: linkerd-proxy-init-xtables-lock serviceAccountName: linkerd-grafana volumes: - emptyDir: {} @@ -3189,6 +3232,8 @@ spec: path: provisioning/dashboards/dashboards.yaml name: linkerd-grafana-config name: grafana-config + - emptyDir: {} + name: linkerd-proxy-init-xtables-lock - emptyDir: medium: Memory name: linkerd-identity-end-entity diff --git a/controller/proxy-injector/fake/data/pod-with-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-debug.patch.json index bbad45fd9a587..1674408eb0aec 100644 --- a/controller/proxy-injector/fake/data/pod-with-debug.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-debug.patch.json @@ -23,12 +23,24 @@ "op": "add", "path": "/metadata/labels/linkerd.io~1workload-ns", "value": "kube-public" + },{ + "op": "add", + "path": "/spec/volumes", + "value": [] }, { "op": "add", "path": "/spec/initContainers", "value": [] }, + { + "op": "add", + "path": "/spec/volumes/-", + "value": { + "emptyDir": {}, + "name": "linkerd-proxy-init-xtables-lock" + } + }, { "op": "add", "path": "/spec/initContainers/-", @@ -69,7 +81,13 @@ "runAsNonRoot": false, "runAsUser": 0 }, - "terminationMessagePolicy": "FallbackToLogsOnError" + "terminationMessagePolicy": "FallbackToLogsOnError", + "volumeMounts": [ + { + "mountPath": "/run", + "name": "linkerd-proxy-init-xtables-lock" + } + ] } }, { @@ -82,11 +100,6 @@ "terminationMessagePolicy": "FallbackToLogsOnError" } }, - { - "op": "add", - "path": "/spec/volumes", - "value": [] - }, { "op": "add", "path": "/spec/containers/-", diff --git a/controller/proxy-injector/fake/data/pod.patch.json b/controller/proxy-injector/fake/data/pod.patch.json index c95e11b2ec31d..704f0784cee44 100644 --- a/controller/proxy-injector/fake/data/pod.patch.json +++ b/controller/proxy-injector/fake/data/pod.patch.json @@ -24,11 +24,24 @@ "path": "/metadata/labels/linkerd.io~1workload-ns", "value": "kube-public" }, + { + "op": "add", + "path": "/spec/volumes", + "value": [] + }, { "op": "add", "path": "/spec/initContainers", "value": [] }, + { + "op": "add", + "path": "/spec/volumes/-", + "value": { + "emptyDir": {}, + "name": "linkerd-proxy-init-xtables-lock" + } + }, { "op": "add", "path": "/spec/initContainers/-", @@ -69,14 +82,15 @@ "runAsNonRoot": false, "runAsUser": 0 }, - "terminationMessagePolicy": "FallbackToLogsOnError" + "terminationMessagePolicy": "FallbackToLogsOnError", + "volumeMounts": [ + { + "mountPath": "/run", + "name": "linkerd-proxy-init-xtables-lock" + } + ] } }, - { - "op": "add", - "path": "/spec/volumes", - "value": [] - }, { "op": "add", "path": "/spec/containers/-", diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index 20dbcc7e85b7f..92516795c2c87 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -111,34 +111,35 @@ type ( // Proxy contains the fields to set the proxy sidecar container Proxy struct { - Capabilities *Capabilities `json:"capabilities"` - Component string `json:"component"` - DisableIdentity bool `json:"disableIdentity"` - DisableTap bool `json:"disableTap"` - EnableExternalProfiles bool `json:"enableExternalProfiles"` - DestinationGetNetworks string `json:"destinationGetNetworks"` - Image *Image `json:"image"` - LogLevel string `json:"logLevel"` - LogFormat string `json:"logFormat"` - SAMountPath *SAMountPath `json:"saMountPath"` - Ports *Ports `json:"ports"` - Resources *Resources `json:"resources"` - Trace *Trace `json:"trace"` - UID int64 `json:"uid"` - WaitBeforeExitSeconds uint64 `json:"waitBeforeExitSeconds"` - IsGateway bool `json:"isGateway"` - RequireIdentityOnInboundPorts string `json:"requireIdentityOnInboundPorts"` + Capabilities *Capabilities `json:"capabilities"` + Component string `json:"component"` + DisableIdentity bool `json:"disableIdentity"` + DisableTap bool `json:"disableTap"` + EnableExternalProfiles bool `json:"enableExternalProfiles"` + DestinationGetNetworks string `json:"destinationGetNetworks"` + Image *Image `json:"image"` + LogLevel string `json:"logLevel"` + LogFormat string `json:"logFormat"` + SAMountPath *VolumeMountPath `json:"saMountPath"` + Ports *Ports `json:"ports"` + Resources *Resources `json:"resources"` + Trace *Trace `json:"trace"` + UID int64 `json:"uid"` + WaitBeforeExitSeconds uint64 `json:"waitBeforeExitSeconds"` + IsGateway bool `json:"isGateway"` + RequireIdentityOnInboundPorts string `json:"requireIdentityOnInboundPorts"` } // ProxyInit contains the fields to set the proxy-init container ProxyInit struct { - Capabilities *Capabilities `json:"capabilities"` - IgnoreInboundPorts string `json:"ignoreInboundPorts"` - IgnoreOutboundPorts string `json:"ignoreOutboundPorts"` - Image *Image `json:"image"` - SAMountPath *SAMountPath `json:"saMountPath"` - Resources *Resources `json:"resources"` - CloseWaitTimeoutSecs int64 `json:"closeWaitTimeoutSecs"` + Capabilities *Capabilities `json:"capabilities"` + IgnoreInboundPorts string `json:"ignoreInboundPorts"` + IgnoreOutboundPorts string `json:"ignoreOutboundPorts"` + Image *Image `json:"image"` + SAMountPath *VolumeMountPath `json:"saMountPath"` + XTMountPath *VolumeMountPath `json:"xtMountPath"` + Resources *Resources `json:"resources"` + CloseWaitTimeoutSecs int64 `json:"closeWaitTimeoutSecs"` } // DebugContainer contains the fields to set the debugging sidecar @@ -174,8 +175,8 @@ type ( Drop []string `json:"drop"` } - // SAMountPath contains the details for ServiceAccount volume mount - SAMountPath struct { + // VolumeMountPath contains the details for volume mounts + VolumeMountPath struct { Name string `json:"name"` MountPath string `json:"mountPath"` ReadOnly bool `json:"readOnly"` diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index 71cffb9c7d020..2a9460fc730fc 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -101,6 +101,10 @@ func TestNewValues(t *testing.T) { Request: "10Mi", }, }, + XTMountPath: &VolumeMountPath{ + Name: "linkerd-proxy-init-xtables-lock", + MountPath: "/run", + }, }, }, Identity: &Identity{ diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index ca4537fbf2759..a215c48bdbbe0 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -553,7 +553,7 @@ func (conf *ResourceConfig) injectPodSpec(values *patch) { } if saVolumeMount != nil { - values.Global.Proxy.SAMountPath = &l5dcharts.SAMountPath{ + values.Global.Proxy.SAMountPath = &l5dcharts.VolumeMountPath{ Name: saVolumeMount.Name, MountPath: saVolumeMount.MountPath, ReadOnly: saVolumeMount.ReadOnly, @@ -604,6 +604,10 @@ func (conf *ResourceConfig) injectProxyInit(values *patch) { }, Capabilities: values.Global.Proxy.Capabilities, SAMountPath: values.Global.Proxy.SAMountPath, + XTMountPath: &l5dcharts.VolumeMountPath{ + MountPath: k8s.MountPathXtablesLock, + Name: k8s.InitXtablesLockVolumeMountName, + }, } if v := conf.pod.meta.Annotations[k8s.CloseWaitTimeoutAnnotation]; v != "" { diff --git a/pkg/inject/uninject.go b/pkg/inject/uninject.go index 81579e7f06815..7fee0128f6291 100644 --- a/pkg/inject/uninject.go +++ b/pkg/inject/uninject.go @@ -56,7 +56,7 @@ func (conf *ResourceConfig) uninjectPodSpec(report *Report) { volumes := []v1.Volume{} for _, volume := range t.Volumes { - if volume.Name != k8s.IdentityEndEntityVolumeName && volume.Name != k8s.PodInfoVolumeName { + if volume.Name != k8s.IdentityEndEntityVolumeName && volume.Name != k8s.PodInfoVolumeName && volume.Name != k8s.InitXtablesLockVolumeMountName { volumes = append(volumes, volume) } } diff --git a/pkg/k8s/labels.go b/pkg/k8s/labels.go index 82d472514f473..b4478faeeaae4 100644 --- a/pkg/k8s/labels.go +++ b/pkg/k8s/labels.go @@ -261,6 +261,10 @@ const ( // InitContainerName is the name assigned to the injected init container. InitContainerName = "linkerd-init" + // InitXtablesLockVolumeMountName is the name of the volumeMount used by proxy-init + // to handle iptables-legacy + InitXtablesLockVolumeMountName = "linkerd-proxy-init-xtables-lock" + // ProxyContainerName is the name assigned to the injected proxy container. ProxyContainerName = "linkerd-proxy" @@ -350,6 +354,10 @@ const ( // MountPathTLSCrtPEM is the path at which the TLS cert PEM file is mounted. MountPathTLSCrtPEM = MountPathBase + "/tls/crt.pem" + // MountPathXtablesLock is the path at which the proxy init container mounts xtables + // This is necessary for xtables-legacy support + MountPathXtablesLock = "/run" + // IdentityServiceAccountTokenPath is the path to the kubernetes service // account token used by proxies to provision identity. //