我的书签
添加书签
移除书签Proxy Configuration
Linkerd provides a set of annotations that can be used to override the data plane proxy’s configuration. This is useful for overriding the default configurations of auto-injected proxies.
The following is the list of supported annotations:
| Annotation | Description |
|---|---|
config.alpha.linkerd.io/proxy-wait-before-exit-seconds | The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod’s terminationGracePeriodSeconds. If not provided, it will be defaulted to 0 |
config.linkerd.io/admin-port | Proxy port to serve metrics on |
config.linkerd.io/control-port | Proxy port to use for control |
config.linkerd.io/debug-image | Linkerd debug container image name |
config.linkerd.io/debug-image-pull-policy | Docker image pull policy for debug image |
config.linkerd.io/debug-image-version | Linkerd debug container image version |
config.linkerd.io/disable-identity | Disables resources from participating in TLS identity |
config.linkerd.io/enable-debug-sidecar | Inject a debug sidecar for data plane debugging |
config.linkerd.io/enable-external-profiles | Enable service profiles for non-Kubernetes services |
config.linkerd.io/image-pull-policy | Docker image pull policy |
config.linkerd.io/inbound-port | Proxy port to use for inbound traffic |
config.linkerd.io/init-image | Linkerd init container image name |
config.linkerd.io/init-image-version | Linkerd init container image version |
config.linkerd.io/opaque-ports | Ports that skip the proxy’s protocol detection mechanism and are proxied opaquely. Comma-separated list of values, where each value can be a port number or a range a-b. |
config.linkerd.io/outbound-port | Proxy port to use for outbound traffic |
config.linkerd.io/proxy-cpu-limit | Maximum amount of CPU units that the proxy sidecar can use |
config.linkerd.io/proxy-cpu-request | Amount of CPU units that the proxy sidecar requests |
config.linkerd.io/proxy-image | Linkerd proxy container image name |
config.linkerd.io/proxy-log-format | Log format (plain or json) for the proxy |
config.linkerd.io/proxy-log-level | Log level for the proxy |
config.linkerd.io/proxy-memory-limit | Maximum amount of Memory that the proxy sidecar can use |
config.linkerd.io/proxy-memory-request | Amount of Memory that the proxy sidecar requests |
config.linkerd.io/proxy-outbound-connect-timeout | Used to configure the outbound TCP connection timeout in the proxy |
config.linkerd.io/proxy-uid | Run the proxy under this user ID |
config.linkerd.io/proxy-version | Tag to be used for the Linkerd proxy images |
config.linkerd.io/skip-inbound-ports | Ports that should skip the proxy and send directly to the application. Comma-separated list of values, where each value can be a port number or a range a-b. |
config.linkerd.io/skip-outbound-ports | Outbound ports that should skip the proxy. Comma-separated list of values, where each value can be a port number or a range a-b. |
linkerd.io/inject | Controls whether or not a pod should be injected; accepted values are enabled, disabled and ingress |
For example, to update an auto-injected proxy’s CPU and memory resources, we insert the appropriate annotations into the spec.template.metadata.annotations of the owner’s pod spec, using kubectl edit like this:
spec:template:metadata:annotations:config.linkerd.io/proxy-cpu-limit: "1"config.linkerd.io/proxy-cpu-request: "0.2"config.linkerd.io/proxy-memory-limit: 2Giconfig.linkerd.io/proxy-memory-request: 128Mi
See here for details on tuning the proxy’s resource usage.
For proxies injected using the linkerd inject command, configuration can be overridden using the command-line flags.
