Copy disabled (too large)
Download .txt
Showing preview only (16,134K chars total). Download the full file to get everything.
Repository: linkerd/linkerd2
Branch: main
Commit: f3311c7391ef
Files: 1442
Total size: 15.1 MB
Directory structure:
gitextract_99izrum5/
├── .devcontainer/
│ ├── README.md
│ └── devcontainer.json
├── .dockerignore
├── .editorconfig
├── .gitattributes
├── .github/
│ ├── CODEOWNERS
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.yml
│ │ ├── config.yml
│ │ └── feature_request.yml
│ ├── PULL_REQUEST_TEMPLATE.md
│ ├── actions/
│ │ ├── cli-setup/
│ │ │ └── action.yaml
│ │ ├── docker-build/
│ │ │ └── action.yml
│ │ └── helm-publish/
│ │ └── action.yml
│ ├── dco.yml
│ ├── dependabot.yml
│ ├── stale.yml
│ └── workflows/
│ ├── actions.yml
│ ├── cli-build.yml
│ ├── codecov.yml
│ ├── codeql.yml
│ ├── devcontainer.yml
│ ├── go.yml
│ ├── integration.yml
│ ├── js.yml
│ ├── lock.yml
│ ├── markdown.yml
│ ├── proto.yml
│ ├── release.yml
│ ├── rerun.yml
│ ├── rust.yml
│ ├── shell.yml
│ └── sync-proxy.yml
├── .gitignore
├── .golangci.yml
├── .helmdocsignore
├── .markdownlint.yaml
├── .proxy-version
├── ADOPTERS.md
├── AMBASSADORS.md
├── BUILD.md
├── CHANGES.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── Cargo.toml
├── DCO
├── Dockerfile-debug
├── Dockerfile.controller
├── Dockerfile.proxy
├── EXTENSIONS.md
├── GOVERNANCE.md
├── LICENSE
├── MAINTAINERS.md
├── README.md
├── RELEASE.md
├── SECURITY.md
├── STEERING.md
├── TEST.md
├── bin/
│ ├── _docker.sh
│ ├── _log.sh
│ ├── _os.sh
│ ├── _tag.sh
│ ├── _test-helpers.sh
│ ├── build-cli-bin
│ ├── certs-openssl
│ ├── compute-edge-version
│ ├── docker
│ ├── docker-build
│ ├── docker-build-cli-bin
│ ├── docker-build-controller
│ ├── docker-build-debug
│ ├── docker-build-metrics-api
│ ├── docker-build-proxy
│ ├── docker-build-tap
│ ├── docker-build-web
│ ├── docker-pull
│ ├── docker-push
│ ├── docker-retag-all
│ ├── docker-test-proxy
│ ├── fetch-proxy
│ ├── fmt
│ ├── go-mod-tree
│ ├── go-mod-versions
│ ├── go-mod-why
│ ├── go-run
│ ├── goimports
│ ├── helm
│ ├── helm-build
│ ├── image-load
│ ├── install-deps
│ ├── k3d
│ ├── kind
│ ├── kubectl
│ ├── linkerd
│ ├── minikube-start-hyperv.bat
│ ├── protoc-go.sh
│ ├── root-tag
│ ├── rust-toolchain-version
│ ├── scurl
│ ├── shellcheck
│ ├── shellcheck-all
│ ├── test-cleanup
│ ├── test-clouds
│ ├── test-clouds-cleanup
│ ├── test-scale
│ ├── tests
│ ├── update-codegen.sh
│ └── web
├── charts/
│ ├── artifacthub-repo-edge.yml
│ ├── artifacthub-repo-stable.yml
│ ├── linkerd-control-plane/
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md.gotmpl
│ │ ├── templates/
│ │ │ ├── NOTES.txt
│ │ │ ├── config-rbac.yaml
│ │ │ ├── config.yaml
│ │ │ ├── destination-rbac.yaml
│ │ │ ├── destination.yaml
│ │ │ ├── heartbeat-rbac.yaml
│ │ │ ├── heartbeat.yaml
│ │ │ ├── identity-rbac.yaml
│ │ │ ├── identity.yaml
│ │ │ ├── namespace.yaml
│ │ │ ├── podmonitor.yaml
│ │ │ ├── proxy-injector-rbac.yaml
│ │ │ ├── proxy-injector.yaml
│ │ │ └── psp.yaml
│ │ ├── values-ha.yaml
│ │ └── values.yaml
│ ├── linkerd-crds/
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md.gotmpl
│ │ ├── templates/
│ │ │ ├── NOTES.txt
│ │ │ ├── gateway.networking.k8s.io_grpcroutes.yaml
│ │ │ ├── gateway.networking.k8s.io_httproutes.yaml
│ │ │ ├── gateway.networking.k8s.io_tcproutes.yaml
│ │ │ ├── gateway.networking.k8s.io_tlsroutes.yaml
│ │ │ ├── policy/
│ │ │ │ ├── authorization-policy.yaml
│ │ │ │ ├── egress-network.yaml
│ │ │ │ ├── http-local-ratelimit-policy.yaml
│ │ │ │ ├── httproute.yaml
│ │ │ │ ├── meshtls-authentication.yaml
│ │ │ │ ├── network-authentication.yaml
│ │ │ │ ├── server-authorization.yaml
│ │ │ │ └── server.yaml
│ │ │ ├── serviceprofile.yaml
│ │ │ └── workload/
│ │ │ └── external-workload.yaml
│ │ └── values.yaml
│ ├── linkerd2-cni/
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md.gotmpl
│ │ ├── requirements.yaml
│ │ ├── templates/
│ │ │ └── cni-plugin.yaml
│ │ └── values.yaml
│ ├── partials/
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md.gotmpl
│ │ ├── templates/
│ │ │ ├── NOTES.txt
│ │ │ ├── _affinity.tpl
│ │ │ ├── _capabilities.tpl
│ │ │ ├── _debug.tpl
│ │ │ ├── _helpers.tpl
│ │ │ ├── _metadata.tpl
│ │ │ ├── _network-validator.tpl
│ │ │ ├── _nodeselector.tpl
│ │ │ ├── _proxy-config-ann.tpl
│ │ │ ├── _proxy-init.tpl
│ │ │ ├── _proxy.tpl
│ │ │ ├── _pull-secrets.tpl
│ │ │ ├── _resources.tpl
│ │ │ ├── _tolerations.tpl
│ │ │ ├── _trace.tpl
│ │ │ ├── _validate.tpl
│ │ │ └── _volumes.tpl
│ │ └── values.yaml
│ ├── patch/
│ │ ├── Chart.yaml
│ │ ├── requirements.yaml
│ │ └── templates/
│ │ └── patch.json
│ └── templates.go
├── cli/
│ ├── Dockerfile
│ ├── cmd/
│ │ ├── authz.go
│ │ ├── check.go
│ │ ├── check_extensions.go
│ │ ├── check_extensions_test.go
│ │ ├── check_test.go
│ │ ├── completion.go
│ │ ├── completion_test.go
│ │ ├── controller-metrics.go
│ │ ├── diagnostics.go
│ │ ├── diagnostics_profile.go
│ │ ├── doc.go
│ │ ├── endpoints.go
│ │ ├── endpoints_test.go
│ │ ├── identity.go
│ │ ├── inject.go
│ │ ├── inject_test.go
│ │ ├── inject_util.go
│ │ ├── install-cni-plugin.go
│ │ ├── install-cni-plugin_test.go
│ │ ├── install.go
│ │ ├── install_cni_helm_test.go
│ │ ├── install_helm_test.go
│ │ ├── install_test.go
│ │ ├── main_test.go
│ │ ├── metrics.go
│ │ ├── metrics_diagnostics_util.go
│ │ ├── metrics_diagnostics_util_test.go
│ │ ├── options.go
│ │ ├── policy.go
│ │ ├── profile.go
│ │ ├── profile_test.go
│ │ ├── prune.go
│ │ ├── range_slice.go
│ │ ├── range_slice_test.go
│ │ ├── root.go
│ │ ├── test_helper.go
│ │ ├── testdata/
│ │ │ ├── addon_config.yaml
│ │ │ ├── addon_config_overwrite.yaml
│ │ │ ├── check_output.golden
│ │ │ ├── check_output_json.golden
│ │ │ ├── endpoints_one_output.golden
│ │ │ ├── endpoints_one_output_json.golden
│ │ │ ├── endpoints_two_outputs.golden
│ │ │ ├── expired-crt.pem
│ │ │ ├── expired-key.pem
│ │ │ ├── expired-trust-anchors.pem
│ │ │ ├── inject-filepath/
│ │ │ │ ├── expected/
│ │ │ │ │ ├── injected_nginx.stderr
│ │ │ │ │ ├── injected_nginx.stderr.verbose
│ │ │ │ │ ├── injected_nginx.yaml
│ │ │ │ │ ├── injected_nginx_redis.stderr
│ │ │ │ │ ├── injected_nginx_redis.stderr.verbose
│ │ │ │ │ ├── injected_nginx_redis.yaml
│ │ │ │ │ ├── injected_redis.stderr
│ │ │ │ │ ├── injected_redis.stderr.verbose
│ │ │ │ │ └── injected_redis.yaml
│ │ │ │ └── resources/
│ │ │ │ ├── db/
│ │ │ │ │ └── redis.yaml
│ │ │ │ └── nginx.yaml
│ │ │ ├── inject_contour.golden.yml
│ │ │ ├── inject_contour.input.yml
│ │ │ ├── inject_contour.report
│ │ │ ├── inject_contour.report.verbose
│ │ │ ├── inject_contour_uninject.report
│ │ │ ├── inject_emojivoto_already_injected.golden.yml
│ │ │ ├── inject_emojivoto_already_injected.input.yml
│ │ │ ├── inject_emojivoto_already_injected.report
│ │ │ ├── inject_emojivoto_already_injected.report.verbose
│ │ │ ├── inject_emojivoto_cronjob.golden.yml
│ │ │ ├── inject_emojivoto_cronjob.input.yml
│ │ │ ├── inject_emojivoto_cronjob.report
│ │ │ ├── inject_emojivoto_cronjob.report.verbose
│ │ │ ├── inject_emojivoto_cronjob_nometa.golden.yml
│ │ │ ├── inject_emojivoto_cronjob_nometa.input.yml
│ │ │ ├── inject_emojivoto_deployment.golden.yml
│ │ │ ├── inject_emojivoto_deployment.input.yml
│ │ │ ├── inject_emojivoto_deployment.report
│ │ │ ├── inject_emojivoto_deployment.report.verbose
│ │ │ ├── inject_emojivoto_deployment_access_log.golden.yml
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false.golden.stderr
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false.golden.stderr.verbose
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false.input.yml
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false_volumeProjection_disabled.golden.stderr
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false_volumeProjection_disabled.golden.stderr.verbose
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false_volumeProjection_disabled.golden.yml
│ │ │ ├── inject_emojivoto_deployment_capabilities.golden.yml
│ │ │ ├── inject_emojivoto_deployment_capabilities.input.yml
│ │ │ ├── inject_emojivoto_deployment_config_overrides.golden.yml
│ │ │ ├── inject_emojivoto_deployment_config_overrides.input.yml
│ │ │ ├── inject_emojivoto_deployment_controller_name.golden.yml
│ │ │ ├── inject_emojivoto_deployment_controller_name.input.yml
│ │ │ ├── inject_emojivoto_deployment_controller_name.report
│ │ │ ├── inject_emojivoto_deployment_controller_name.report.verbose
│ │ │ ├── inject_emojivoto_deployment_controller_name_uninject.report
│ │ │ ├── inject_emojivoto_deployment_debug.golden.yml
│ │ │ ├── inject_emojivoto_deployment_default_inbound_policy.golden.report
│ │ │ ├── inject_emojivoto_deployment_default_inbound_policy.golden.report.verbose
│ │ │ ├── inject_emojivoto_deployment_default_inbound_policy.golden.yml
│ │ │ ├── inject_emojivoto_deployment_empty_resources.golden.yml
│ │ │ ├── inject_emojivoto_deployment_empty_resources.input.yml
│ │ │ ├── inject_emojivoto_deployment_empty_resources.report
│ │ │ ├── inject_emojivoto_deployment_empty_resources.report.verbose
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_false.golden.yml
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_false.input.yml
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_false.report
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_false.report.verbose
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true.golden.stderr
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true.golden.stderr.verbose
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true.golden.yml
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true.input.yml
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true_uninject.report
│ │ │ ├── inject_emojivoto_deployment_injectDisabled.input.yml
│ │ │ ├── inject_emojivoto_deployment_injectDisabled.report
│ │ │ ├── inject_emojivoto_deployment_injectDisabled.report.verbose
│ │ │ ├── inject_emojivoto_deployment_injectDisabled_uninject.report
│ │ │ ├── inject_emojivoto_deployment_native_sidecar.golden.yml
│ │ │ ├── inject_emojivoto_deployment_no_init_container.golden.yml
│ │ │ ├── inject_emojivoto_deployment_opaque_ports.golden.yml
│ │ │ ├── inject_emojivoto_deployment_opaque_ports.report
│ │ │ ├── inject_emojivoto_deployment_opaque_ports.report.verbose
│ │ │ ├── inject_emojivoto_deployment_overridden.golden.yml
│ │ │ ├── inject_emojivoto_deployment_overridden_noinject.golden.yml
│ │ │ ├── inject_emojivoto_deployment_params.golden.yml
│ │ │ ├── inject_emojivoto_deployment_proxyignores.golden.yml
│ │ │ ├── inject_emojivoto_deployment_udp.golden.yml
│ │ │ ├── inject_emojivoto_deployment_udp.input.yml
│ │ │ ├── inject_emojivoto_deployment_udp.report
│ │ │ ├── inject_emojivoto_deployment_udp.report.verbose
│ │ │ ├── inject_emojivoto_deployment_udp_uninject.report
│ │ │ ├── inject_emojivoto_deployment_uninject.report
│ │ │ ├── inject_emojivoto_deployment_uninjected.input.yml
│ │ │ ├── inject_emojivoto_istio.golden.stderr
│ │ │ ├── inject_emojivoto_istio.golden.stderr.verbose
│ │ │ ├── inject_emojivoto_istio.golden.yml
│ │ │ ├── inject_emojivoto_istio.input.yml
│ │ │ ├── inject_emojivoto_istio_uninject.report
│ │ │ ├── inject_emojivoto_list.golden.yml
│ │ │ ├── inject_emojivoto_list.input.yml
│ │ │ ├── inject_emojivoto_list.report
│ │ │ ├── inject_emojivoto_list.report.verbose
│ │ │ ├── inject_emojivoto_list_empty_resources.golden.yml
│ │ │ ├── inject_emojivoto_list_empty_resources.input.yml
│ │ │ ├── inject_emojivoto_list_empty_resources.report
│ │ │ ├── inject_emojivoto_list_empty_resources.report.verbose
│ │ │ ├── inject_emojivoto_list_uninject.report
│ │ │ ├── inject_emojivoto_namespace_good.golden.report
│ │ │ ├── inject_emojivoto_namespace_good.golden.report.verbose
│ │ │ ├── inject_emojivoto_namespace_good.golden.yml
│ │ │ ├── inject_emojivoto_namespace_good.input.yml
│ │ │ ├── inject_emojivoto_namespace_overidden_good.golden.yml
│ │ │ ├── inject_emojivoto_namespace_uninjected_good.golden.report
│ │ │ ├── inject_emojivoto_namespace_uninjected_good.golden.yml
│ │ │ ├── inject_emojivoto_pod.golden.yml
│ │ │ ├── inject_emojivoto_pod.input.yml
│ │ │ ├── inject_emojivoto_pod.report
│ │ │ ├── inject_emojivoto_pod.report.verbose
│ │ │ ├── inject_emojivoto_pod_default_inbound_policy.golden.report
│ │ │ ├── inject_emojivoto_pod_default_inbound_policy.golden.report.verbose
│ │ │ ├── inject_emojivoto_pod_default_inbound_policy.golden.yml
│ │ │ ├── inject_emojivoto_pod_ingress.golden.yml
│ │ │ ├── inject_emojivoto_pod_ingress.report
│ │ │ ├── inject_emojivoto_pod_ingress.report.verbose
│ │ │ ├── inject_emojivoto_pod_nativesidecar.golden.yml
│ │ │ ├── inject_emojivoto_pod_proxyignores.golden.yml
│ │ │ ├── inject_emojivoto_pod_uninject.report
│ │ │ ├── inject_emojivoto_pod_with_requests.golden.yml
│ │ │ ├── inject_emojivoto_pod_with_requests.input.yml
│ │ │ ├── inject_emojivoto_pod_with_requests.report
│ │ │ ├── inject_emojivoto_pod_with_requests.report.verbose
│ │ │ ├── inject_emojivoto_pod_with_requests_uninject.report
│ │ │ ├── inject_emojivoto_statefulset.golden.yml
│ │ │ ├── inject_emojivoto_statefulset.input.yml
│ │ │ ├── inject_emojivoto_statefulset.report
│ │ │ ├── inject_emojivoto_statefulset.report.verbose
│ │ │ ├── inject_emojivoto_statefulset_uninject.report
│ │ │ ├── inject_gettest_deployment.bad.golden
│ │ │ ├── inject_gettest_deployment.bad.golden.verbose
│ │ │ ├── inject_gettest_deployment.bad.input.yml
│ │ │ ├── inject_gettest_deployment.good.golden.stderr
│ │ │ ├── inject_gettest_deployment.good.golden.stderr.verbose
│ │ │ ├── inject_gettest_deployment.good.golden.yml
│ │ │ ├── inject_gettest_deployment.good.input.yml
│ │ │ ├── inject_tap_deployment.bad.golden
│ │ │ ├── inject_tap_deployment.bad.golden.verbose
│ │ │ ├── inject_tap_deployment.input.yml
│ │ │ ├── inject_tap_deployment_debug.golden.yml
│ │ │ ├── inject_tap_deployment_debug.report
│ │ │ ├── inject_tap_deployment_debug.report.verbose
│ │ │ ├── install-cni-plugin_default.golden
│ │ │ ├── install-cni-plugin_fully_configured.golden
│ │ │ ├── install-cni-plugin_fully_configured_equal_dsts.golden
│ │ │ ├── install-cni-plugin_fully_configured_no_namespace.golden
│ │ │ ├── install-cni-plugin_skip_ports.golden
│ │ │ ├── install_cni_helm_default_output.golden
│ │ │ ├── install_cni_helm_override_output.golden
│ │ │ ├── install_config.yaml
│ │ │ ├── install_controlplane_tracing_output.golden
│ │ │ ├── install_crds.golden
│ │ │ ├── install_crds_with_gateway_api.golden
│ │ │ ├── install_custom_domain.golden
│ │ │ ├── install_custom_registry.golden
│ │ │ ├── install_default.golden
│ │ │ ├── install_default_override_dst_get_nets.golden
│ │ │ ├── install_default_token.golden
│ │ │ ├── install_gid_output.golden
│ │ │ ├── install_ha_output.golden
│ │ │ ├── install_ha_with_overrides_output.golden
│ │ │ ├── install_heartbeat_disabled_output.golden
│ │ │ ├── install_helm_control_plane_output.golden
│ │ │ ├── install_helm_control_plane_output_ha.golden
│ │ │ ├── install_helm_control_plane_output_ha_with_gid.golden
│ │ │ ├── install_helm_crds_output.golden
│ │ │ ├── install_helm_crds_output_ha.golden
│ │ │ ├── install_helm_crds_without_gateway_output.golden
│ │ │ ├── install_helm_output_ha_labels.golden
│ │ │ ├── install_helm_output_ha_namespace_selector.golden
│ │ │ ├── install_no_init_container.golden
│ │ │ ├── install_output.golden
│ │ │ ├── install_proxy_ignores.golden
│ │ │ ├── install_tracing.golden
│ │ │ ├── install_values_file.golden
│ │ │ ├── not-valid-yet-crt.pem
│ │ │ ├── not-valid-yet-key.pem
│ │ │ ├── not-valid-yet-trust-anchors.pem
│ │ │ ├── obfuscate-diagnostics-proxy-metrics.golden
│ │ │ ├── obfuscate-diagnostics-proxy-metrics.input
│ │ │ ├── prom-config.yaml
│ │ │ ├── upgrade_crds_with_gateway_api.golden
│ │ │ ├── upgrade_crds_without_gateway_api.golden
│ │ │ ├── valid-crt.pem
│ │ │ ├── valid-key.pem
│ │ │ ├── valid-trust-anchors.pem
│ │ │ ├── valid-with-rsa-anchor-crt.pem
│ │ │ ├── valid-with-rsa-anchor-key.pem
│ │ │ ├── valid-with-rsa-anchor-trust-anchors.pem
│ │ │ ├── wrong-algo-crt.pem
│ │ │ ├── wrong-algo-key.pem
│ │ │ ├── wrong-algo-trust-anchors.pem
│ │ │ ├── wrong-domain-crt.pem
│ │ │ ├── wrong-domain-key.pem
│ │ │ └── wrong-domain-trust-anchors.pem
│ │ ├── uninject.go
│ │ ├── uninject_test.go
│ │ ├── uninstall.go
│ │ ├── upgrade.go
│ │ ├── upgrade_test.go
│ │ └── version.go
│ ├── flag/
│ │ └── flag.go
│ ├── main.go
│ └── table/
│ └── table.go
├── controller/
│ ├── api/
│ │ ├── destination/
│ │ │ ├── client.go
│ │ │ ├── dedup_profile_listener.go
│ │ │ ├── default_profile_listener.go
│ │ │ ├── destination_fuzzer.go
│ │ │ ├── endpoint_profile_translator.go
│ │ │ ├── endpoint_profile_translator_test.go
│ │ │ ├── endpoint_translator.go
│ │ │ ├── endpoint_translator_test.go
│ │ │ ├── external-workload/
│ │ │ │ ├── controller_util.go
│ │ │ │ ├── endpoints_controller.go
│ │ │ │ ├── endpoints_controller_test.go
│ │ │ │ ├── endpoints_reconciler.go
│ │ │ │ ├── endpoints_reconciler_test.go
│ │ │ │ └── queue_metrics.go
│ │ │ ├── fallback_profile_listener.go
│ │ │ ├── fallback_profile_listener_test.go
│ │ │ ├── federated_service_watcher.go
│ │ │ ├── federated_service_watcher_test.go
│ │ │ ├── opaque_ports_adaptor.go
│ │ │ ├── profile_translator.go
│ │ │ ├── profile_translator_test.go
│ │ │ ├── server.go
│ │ │ ├── server_ipv6_test.go
│ │ │ ├── server_test.go
│ │ │ ├── syncronized_get_stream.go
│ │ │ ├── syncronized_get_stream_test.go
│ │ │ ├── test_util.go
│ │ │ └── watcher/
│ │ │ ├── cluster_store.go
│ │ │ ├── cluster_store_test.go
│ │ │ ├── endpoints_watcher.go
│ │ │ ├── endpoints_watcher_test.go
│ │ │ ├── k8s.go
│ │ │ ├── opaque_ports_watcher.go
│ │ │ ├── opaque_ports_watcher_test.go
│ │ │ ├── profile_watcher.go
│ │ │ ├── profile_watcher_test.go
│ │ │ ├── prometheus.go
│ │ │ ├── test_util.go
│ │ │ ├── workload_watcher.go
│ │ │ └── workload_watcher_test.go
│ │ └── util/
│ │ └── test_util.go
│ ├── cmd/
│ │ ├── destination/
│ │ │ └── main.go
│ │ ├── heartbeat/
│ │ │ └── main.go
│ │ ├── identity/
│ │ │ └── main.go
│ │ ├── main.go
│ │ ├── proxy-injector/
│ │ │ └── main.go
│ │ └── sp-validator/
│ │ └── main.go
│ ├── gen/
│ │ ├── apis/
│ │ │ ├── externalworkload/
│ │ │ │ ├── register.go
│ │ │ │ └── v1beta1/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ ├── link/
│ │ │ │ ├── register.go
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ ├── v1alpha2/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ └── v1alpha3/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ ├── policy/
│ │ │ │ ├── register.go
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── httproute.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ └── v1beta3/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ ├── server/
│ │ │ │ ├── register.go
│ │ │ │ ├── v1beta1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ ├── v1beta2/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ └── v1beta3/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ ├── serverauthorization/
│ │ │ │ ├── register.go
│ │ │ │ └── v1beta1/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ └── serviceprofile/
│ │ │ ├── register.go
│ │ │ └── v1alpha2/
│ │ │ ├── doc.go
│ │ │ ├── register.go
│ │ │ ├── types.go
│ │ │ └── zz_generated.deepcopy.go
│ │ ├── boilerplate.go.txt
│ │ ├── client/
│ │ │ ├── clientset/
│ │ │ │ └── versioned/
│ │ │ │ ├── clientset.go
│ │ │ │ ├── fake/
│ │ │ │ │ ├── clientset_generated.go
│ │ │ │ │ ├── doc.go
│ │ │ │ │ └── register.go
│ │ │ │ ├── scheme/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ └── register.go
│ │ │ │ └── typed/
│ │ │ │ ├── externalworkload/
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── externalworkload.go
│ │ │ │ │ ├── externalworkload_client.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_externalworkload.go
│ │ │ │ │ │ └── fake_externalworkload_client.go
│ │ │ │ │ └── generated_expansion.go
│ │ │ │ ├── link/
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_link.go
│ │ │ │ │ │ │ └── fake_link_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── link.go
│ │ │ │ │ │ └── link_client.go
│ │ │ │ │ ├── v1alpha2/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_link.go
│ │ │ │ │ │ │ └── fake_link_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── link.go
│ │ │ │ │ │ └── link_client.go
│ │ │ │ │ └── v1alpha3/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_link.go
│ │ │ │ │ │ └── fake_link_client.go
│ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ ├── link.go
│ │ │ │ │ └── link_client.go
│ │ │ │ ├── policy/
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── authorizationpolicy.go
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_authorizationpolicy.go
│ │ │ │ │ │ │ ├── fake_httproute.go
│ │ │ │ │ │ │ ├── fake_meshtlsauthentication.go
│ │ │ │ │ │ │ ├── fake_networkauthentication.go
│ │ │ │ │ │ │ └── fake_policy_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── httproute.go
│ │ │ │ │ │ ├── meshtlsauthentication.go
│ │ │ │ │ │ ├── networkauthentication.go
│ │ │ │ │ │ └── policy_client.go
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_httproute.go
│ │ │ │ │ │ └── fake_policy_client.go
│ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ ├── httproute.go
│ │ │ │ │ └── policy_client.go
│ │ │ │ ├── server/
│ │ │ │ │ ├── v1beta1/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_server.go
│ │ │ │ │ │ │ └── fake_server_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── server.go
│ │ │ │ │ │ └── server_client.go
│ │ │ │ │ ├── v1beta2/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_server.go
│ │ │ │ │ │ │ └── fake_server_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── server.go
│ │ │ │ │ │ └── server_client.go
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_server.go
│ │ │ │ │ │ └── fake_server_client.go
│ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ ├── server.go
│ │ │ │ │ └── server_client.go
│ │ │ │ ├── serverauthorization/
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_serverauthorization.go
│ │ │ │ │ │ └── fake_serverauthorization_client.go
│ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ ├── serverauthorization.go
│ │ │ │ │ └── serverauthorization_client.go
│ │ │ │ └── serviceprofile/
│ │ │ │ └── v1alpha2/
│ │ │ │ ├── doc.go
│ │ │ │ ├── fake/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake_serviceprofile.go
│ │ │ │ │ └── fake_serviceprofile_client.go
│ │ │ │ ├── generated_expansion.go
│ │ │ │ ├── serviceprofile.go
│ │ │ │ └── serviceprofile_client.go
│ │ │ ├── informers/
│ │ │ │ └── externalversions/
│ │ │ │ ├── externalworkload/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── externalworkload.go
│ │ │ │ │ └── interface.go
│ │ │ │ ├── factory.go
│ │ │ │ ├── generic.go
│ │ │ │ ├── internalinterfaces/
│ │ │ │ │ └── factory_interfaces.go
│ │ │ │ ├── link/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── link.go
│ │ │ │ │ ├── v1alpha2/
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── link.go
│ │ │ │ │ └── v1alpha3/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── link.go
│ │ │ │ ├── policy/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── authorizationpolicy.go
│ │ │ │ │ │ ├── httproute.go
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ ├── meshtlsauthentication.go
│ │ │ │ │ │ └── networkauthentication.go
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── httproute.go
│ │ │ │ │ └── interface.go
│ │ │ │ ├── server/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ ├── v1beta1/
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── server.go
│ │ │ │ │ ├── v1beta2/
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── server.go
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── server.go
│ │ │ │ ├── serverauthorization/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── serverauthorization.go
│ │ │ │ └── serviceprofile/
│ │ │ │ ├── interface.go
│ │ │ │ └── v1alpha2/
│ │ │ │ ├── interface.go
│ │ │ │ └── serviceprofile.go
│ │ │ └── listers/
│ │ │ ├── externalworkload/
│ │ │ │ └── v1beta1/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── externalworkload.go
│ │ │ ├── link/
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ └── link.go
│ │ │ │ ├── v1alpha2/
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ └── link.go
│ │ │ │ └── v1alpha3/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── link.go
│ │ │ ├── policy/
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── authorizationpolicy.go
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ ├── httproute.go
│ │ │ │ │ ├── meshtlsauthentication.go
│ │ │ │ │ └── networkauthentication.go
│ │ │ │ └── v1beta3/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── httproute.go
│ │ │ ├── server/
│ │ │ │ ├── v1beta1/
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ └── server.go
│ │ │ │ ├── v1beta2/
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ └── server.go
│ │ │ │ └── v1beta3/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── server.go
│ │ │ ├── serverauthorization/
│ │ │ │ └── v1beta1/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── serverauthorization.go
│ │ │ └── serviceprofile/
│ │ │ └── v1alpha2/
│ │ │ ├── expansion_generated.go
│ │ │ └── serviceprofile.go
│ │ └── common/
│ │ └── net/
│ │ └── net.pb.go
│ ├── heartbeat/
│ │ ├── heartbeat.go
│ │ └── heartbeat_test.go
│ ├── identity/
│ │ ├── domain.go
│ │ └── validator.go
│ ├── k8s/
│ │ ├── api.go
│ │ ├── api_resource.go
│ │ ├── api_test.go
│ │ ├── clientset.go
│ │ ├── k8s.go
│ │ ├── metadata_api.go
│ │ ├── prometheus.go
│ │ └── test_helper.go
│ ├── proxy-injector/
│ │ ├── fake/
│ │ │ ├── client.go
│ │ │ ├── data/
│ │ │ │ ├── annotation.patch.json
│ │ │ │ ├── deployment-inject-disabled.yaml
│ │ │ │ ├── deployment-with-injected-proxy.yaml
│ │ │ │ ├── filter-pod-opaque-ports.yaml
│ │ │ │ ├── filter-service-opaque-ports.yaml
│ │ │ │ ├── filtered-pod-opaque-ports.json
│ │ │ │ ├── filtered-service-opaque-ports.json
│ │ │ │ ├── inject-init-container-spec.yaml
│ │ │ │ ├── inject-linkerd-secrets-volume-spec.yaml
│ │ │ │ ├── namespace-inject-disabled.yaml
│ │ │ │ ├── namespace-inject-enabled.yaml
│ │ │ │ ├── namespace-with-opaque-ports.yaml
│ │ │ │ ├── pod-cpu-ratio.json
│ │ │ │ ├── pod-inject-empty.yaml
│ │ │ │ ├── pod-inject-enabled-cpu-ratio.yaml
│ │ │ │ ├── pod-inject-enabled-log-level.yaml
│ │ │ │ ├── pod-inject-enabled.yaml
│ │ │ │ ├── pod-log-level.json
│ │ │ │ ├── pod-nativesidecar-inject-enabled.yaml
│ │ │ │ ├── pod-with-custom-debug-tag.yaml
│ │ │ │ ├── pod-with-custom-debug.patch.json
│ │ │ │ ├── pod-with-debug-disabled.yaml
│ │ │ │ ├── pod-with-debug-enabled.yaml
│ │ │ │ ├── pod-with-debug.patch.json
│ │ │ │ ├── pod-with-ns-annotations.patch.json
│ │ │ │ ├── pod-with-opaque-ports.yaml
│ │ │ │ ├── pod-without-opaque-ports.yaml
│ │ │ │ ├── pod.nativesidecar.patch.json
│ │ │ │ ├── pod.patch.json
│ │ │ │ ├── service-with-opaque-ports.yaml
│ │ │ │ └── service-without-opaque-ports.yaml
│ │ │ └── factory.go
│ │ ├── metrics.go
│ │ ├── webhook.go
│ │ └── webhook_test.go
│ ├── script/
│ │ ├── destination-client/
│ │ │ └── main.go
│ │ └── policy-client/
│ │ └── main.go
│ ├── sp-validator/
│ │ └── webhook.go
│ └── webhook/
│ ├── launcher.go
│ ├── server.go
│ ├── server_test.go
│ └── util.go
├── deny.toml
├── go.mod
├── go.sum
├── grafana/
│ ├── README.md
│ ├── authzpolicy-grafana.yaml
│ ├── dashboards/
│ │ ├── authority.json
│ │ ├── cronjob.json
│ │ ├── daemonset.json
│ │ ├── deployment.json
│ │ ├── health.json
│ │ ├── job.json
│ │ ├── kubernetes.json
│ │ ├── multicluster.json
│ │ ├── namespace.json
│ │ ├── pod.json
│ │ ├── prometheus-2-stats.json
│ │ ├── prometheus-benchmark.json
│ │ ├── replicaset.json
│ │ ├── replicationcontroller.json
│ │ ├── route.json
│ │ ├── service.json
│ │ ├── statefulset.json
│ │ └── top-line.json
│ └── values.yaml
├── justfile
├── multicluster/
│ ├── charts/
│ │ ├── linkerd-multicluster/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── NOTES.txt
│ │ │ ├── README.md.gotmpl
│ │ │ ├── requirements.yaml
│ │ │ ├── templates/
│ │ │ │ ├── controller/
│ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ ├── pdb.yaml
│ │ │ │ │ ├── probe-svc.yaml
│ │ │ │ │ └── rbac.yaml
│ │ │ │ ├── controller-clusterrole.yaml
│ │ │ │ ├── gateway-policy.yaml
│ │ │ │ ├── gateway.yaml
│ │ │ │ ├── link-crd.yaml
│ │ │ │ ├── local-service-mirror.yaml
│ │ │ │ ├── namespace-metadata-rbac.yaml
│ │ │ │ ├── namespace-metadata.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ ├── psp.yaml
│ │ │ │ ├── remote-access-service-mirror-rbac.yaml
│ │ │ │ └── service-mirror-policy.yaml
│ │ │ ├── values-ha.yaml
│ │ │ └── values.yaml
│ │ ├── linkerd-multicluster-link/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── README.md.gotmpl
│ │ │ ├── requirements.yaml
│ │ │ ├── templates/
│ │ │ │ ├── gateway-mirror.yaml
│ │ │ │ ├── psp.yaml
│ │ │ │ └── service-mirror.yaml
│ │ │ ├── values-ha.yaml
│ │ │ └── values.yaml
│ │ └── templates.go
│ ├── cmd/
│ │ ├── allow.go
│ │ ├── check.go
│ │ ├── gateways.go
│ │ ├── install.go
│ │ ├── install_test.go
│ │ ├── link-gen.go
│ │ ├── link.go
│ │ ├── link_test.go
│ │ ├── main_test.go
│ │ ├── root.go
│ │ ├── service-mirror/
│ │ │ └── main.go
│ │ ├── testdata/
│ │ │ ├── install_default.golden
│ │ │ ├── install_ha.golden
│ │ │ ├── install_psp.golden
│ │ │ ├── service_mirror_default.golden
│ │ │ └── service_mirror_ha.golden
│ │ ├── uninstall.go
│ │ └── unlink.go
│ ├── service-mirror/
│ │ ├── cluster_watcher.go
│ │ ├── cluster_watcher_headless.go
│ │ ├── cluster_watcher_mirroring_test.go
│ │ ├── cluster_watcher_test_util.go
│ │ ├── events_formatting.go
│ │ ├── jittered_ticker.go
│ │ ├── link_handlers.go
│ │ ├── link_handlers_test.go
│ │ ├── metrics.go
│ │ └── probe_worker.go
│ ├── static/
│ │ └── generated_multicluster_templates.gogen.go
│ └── values/
│ └── values.go
├── pkg/
│ ├── addr/
│ │ ├── addr.go
│ │ └── addr_test.go
│ ├── admin/
│ │ └── admin.go
│ ├── charts/
│ │ ├── charts.go
│ │ ├── charts_test.go
│ │ ├── cni/
│ │ │ └── values.go
│ │ └── linkerd2/
│ │ ├── values.go
│ │ └── values_test.go
│ ├── cmd/
│ │ └── cmd.go
│ ├── config/
│ │ └── config.go
│ ├── filesonly/
│ │ └── filesonly.go
│ ├── flags/
│ │ └── flags.go
│ ├── healthcheck/
│ │ ├── healthcheck.go
│ │ ├── healthcheck_fuzzer.go
│ │ ├── healthcheck_labels.go
│ │ ├── healthcheck_output.go
│ │ ├── healthcheck_test.go
│ │ ├── sidecar.go
│ │ ├── sidecar_test.go
│ │ └── version.go
│ ├── identity/
│ │ ├── identity_fuzzer.go
│ │ ├── service.go
│ │ ├── service_test.go
│ │ └── test_util.go
│ ├── inject/
│ │ ├── annotation_patch.go
│ │ ├── inject.go
│ │ ├── inject_fuzzer.go
│ │ ├── inject_test.go
│ │ ├── report.go
│ │ ├── report_test.go
│ │ └── uninject.go
│ ├── issuercerts/
│ │ └── issuercerts.go
│ ├── k8s/
│ │ ├── api.go
│ │ ├── api_test.go
│ │ ├── authz.go
│ │ ├── authz_test.go
│ │ ├── completion.go
│ │ ├── fake.go
│ │ ├── fake_test.go
│ │ ├── k8s.go
│ │ ├── k8s_test.go
│ │ ├── labels.go
│ │ ├── labels_test.go
│ │ ├── metrics.go
│ │ ├── policy.go
│ │ ├── portforward.go
│ │ ├── portforward_test.go
│ │ ├── resource/
│ │ │ ├── resource.go
│ │ │ └── resource_test.go
│ │ ├── testdata/
│ │ │ ├── config.test
│ │ │ ├── kubectl_cluster-info.output
│ │ │ └── kubectl_config.output
│ │ ├── version.go
│ │ └── version_test.go
│ ├── profiles/
│ │ ├── openapi.go
│ │ ├── openapi_test.go
│ │ ├── profiles.go
│ │ ├── profiles_fuzzer.go
│ │ ├── profiles_test.go
│ │ ├── proto.go
│ │ ├── proto_test.go
│ │ ├── template.go
│ │ └── test_helper.go
│ ├── prometheus/
│ │ ├── prometheus.go
│ │ └── test_helper.go
│ ├── protohttp/
│ │ ├── protohttp.go
│ │ └── protohttp_test.go
│ ├── servicemirror/
│ │ └── util.go
│ ├── tls/
│ │ ├── ca.go
│ │ ├── ca_test.go
│ │ ├── codec.go
│ │ ├── codec_test.go
│ │ ├── cred.go
│ │ ├── cred_test.go
│ │ └── creds_watcher.go
│ ├── trace/
│ │ └── trace.go
│ ├── tree/
│ │ ├── tree.go
│ │ └── tree_test.go
│ ├── util/
│ │ ├── http.go
│ │ ├── http_test.go
│ │ ├── parsing.go
│ │ ├── parsing_test.go
│ │ ├── portrange.go
│ │ └── portrange_test.go
│ └── version/
│ ├── channels.go
│ ├── channels_test.go
│ ├── channelversion.go
│ ├── channelversion_test.go
│ ├── version.go
│ └── version_test.go
├── policy-controller/
│ ├── .dockerignore
│ ├── Cargo.toml
│ ├── core/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── identity_match.rs
│ │ ├── inbound.rs
│ │ ├── lib.rs
│ │ ├── network_match.rs
│ │ ├── outbound/
│ │ │ ├── policy.rs
│ │ │ └── target.rs
│ │ ├── outbound.rs
│ │ └── routes.rs
│ ├── grpc/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── inbound/
│ │ │ ├── grpc.rs
│ │ │ └── http.rs
│ │ ├── inbound.rs
│ │ ├── lib.rs
│ │ ├── metrics.rs
│ │ ├── outbound/
│ │ │ ├── grpc.rs
│ │ │ ├── http.rs
│ │ │ ├── tcp.rs
│ │ │ └── tls.rs
│ │ ├── outbound.rs
│ │ ├── routes/
│ │ │ ├── grpc.rs
│ │ │ └── http.rs
│ │ ├── routes.rs
│ │ └── workload.rs
│ ├── k8s/
│ │ ├── api/
│ │ │ ├── Cargo.toml
│ │ │ └── src/
│ │ │ ├── duration.rs
│ │ │ ├── external_workload.rs
│ │ │ ├── labels.rs
│ │ │ ├── lib.rs
│ │ │ ├── policy/
│ │ │ │ ├── authorization_policy.rs
│ │ │ │ ├── egress_network.rs
│ │ │ │ ├── grpcroute.rs
│ │ │ │ ├── httproute.rs
│ │ │ │ ├── meshtls_authentication.rs
│ │ │ │ ├── network.rs
│ │ │ │ ├── network_authentication.rs
│ │ │ │ ├── ratelimit_policy.rs
│ │ │ │ ├── server.rs
│ │ │ │ ├── server_authorization.rs
│ │ │ │ ├── target_ref.rs
│ │ │ │ ├── tcproute.rs
│ │ │ │ └── tlsroute.rs
│ │ │ └── policy.rs
│ │ ├── index/
│ │ │ ├── Cargo.toml
│ │ │ └── src/
│ │ │ ├── cluster_info.rs
│ │ │ ├── defaults.rs
│ │ │ ├── inbound/
│ │ │ │ ├── authorization_policy.rs
│ │ │ │ ├── index/
│ │ │ │ │ ├── grpc.rs
│ │ │ │ │ ├── http.rs
│ │ │ │ │ └── metrics.rs
│ │ │ │ ├── index.rs
│ │ │ │ ├── meshtls_authentication.rs
│ │ │ │ ├── network_authentication.rs
│ │ │ │ ├── ratelimit_policy.rs
│ │ │ │ ├── routes.rs
│ │ │ │ ├── server.rs
│ │ │ │ ├── server_authorization.rs
│ │ │ │ ├── tests/
│ │ │ │ │ ├── annotation.rs
│ │ │ │ │ ├── authorization_policy.rs
│ │ │ │ │ ├── grpc_routes.rs
│ │ │ │ │ ├── http_routes.rs
│ │ │ │ │ ├── ratelimit_policy.rs
│ │ │ │ │ ├── server.rs
│ │ │ │ │ └── server_authorization.rs
│ │ │ │ ├── tests.rs
│ │ │ │ └── workload.rs
│ │ │ ├── inbound.rs
│ │ │ ├── lib.rs
│ │ │ ├── outbound/
│ │ │ │ ├── index/
│ │ │ │ │ ├── egress_network.rs
│ │ │ │ │ ├── grpc.rs
│ │ │ │ │ ├── http.rs
│ │ │ │ │ ├── metrics.rs
│ │ │ │ │ ├── tcp.rs
│ │ │ │ │ └── tls.rs
│ │ │ │ ├── index.rs
│ │ │ │ ├── tests/
│ │ │ │ │ ├── routes/
│ │ │ │ │ │ ├── grpc.rs
│ │ │ │ │ │ ├── http.rs
│ │ │ │ │ │ ├── tcp.rs
│ │ │ │ │ │ └── tls.rs
│ │ │ │ │ └── routes.rs
│ │ │ │ └── tests.rs
│ │ │ ├── outbound.rs
│ │ │ ├── ports.rs
│ │ │ ├── routes/
│ │ │ │ ├── grpc.rs
│ │ │ │ └── http.rs
│ │ │ └── routes.rs
│ │ └── status/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── index.rs
│ │ ├── lib.rs
│ │ ├── ratelimit.rs
│ │ ├── resource_id.rs
│ │ ├── routes/
│ │ │ ├── grpc.rs
│ │ │ ├── http.rs
│ │ │ ├── tcp.rs
│ │ │ └── tls.rs
│ │ ├── routes.rs
│ │ ├── service.rs
│ │ ├── tests/
│ │ │ ├── conflict.rs
│ │ │ ├── egress_network.rs
│ │ │ ├── ratelimit.rs
│ │ │ ├── routes/
│ │ │ │ ├── grpc.rs
│ │ │ │ ├── helpers.rs
│ │ │ │ ├── http.rs
│ │ │ │ ├── tcp.rs
│ │ │ │ └── tls.rs
│ │ │ └── routes.rs
│ │ └── tests.rs
│ ├── runtime/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── admission.rs
│ │ ├── args.rs
│ │ ├── index_list.rs
│ │ ├── lease.rs
│ │ ├── lib.rs
│ │ └── validation.rs
│ └── src/
│ └── main.rs
├── policy-test/
│ ├── Cargo.toml
│ ├── README.md
│ ├── src/
│ │ ├── admission.rs
│ │ ├── bb.rs
│ │ ├── curl.rs
│ │ ├── grpc.rs
│ │ ├── lib.rs
│ │ ├── outbound_api.rs
│ │ ├── test_route.rs
│ │ └── web.rs
│ └── tests/
│ ├── admit_authorization_policy.rs
│ ├── admit_egress_networks.rs
│ ├── admit_grpc_route.rs
│ ├── admit_http_local_ratelimit_policy.rs
│ ├── admit_http_route.rs
│ ├── admit_http_route_gateway.rs
│ ├── admit_meshtls_authentication.rs
│ ├── admit_network_authentication.rs
│ ├── admit_server.rs
│ ├── admit_server_authorization.rs
│ ├── admit_tcp_route.rs
│ ├── admit_tls_route.rs
│ ├── e2e_appprotocol.rs
│ ├── e2e_audit.rs
│ ├── e2e_authorization_policy.rs
│ ├── e2e_egress_network.rs
│ ├── e2e_failure_accrual.rs
│ ├── e2e_http_local_ratelimit_policy.rs
│ ├── e2e_http_routing.rs
│ ├── e2e_server_authorization.rs
│ ├── inbound_api.rs
│ ├── inbound_api_external_workload.rs
│ ├── inbound_http_route_status.rs
│ ├── outbound_api.rs
│ ├── outbound_api_app_protocol.rs
│ ├── outbound_api_egress_network.rs
│ ├── outbound_api_failure_accrual.rs
│ ├── outbound_api_grpc.rs
│ ├── outbound_api_http.rs
│ ├── outbound_api_tcp.rs
│ └── outbound_http_route_status.rs
├── proto/
│ ├── common/
│ │ └── net.proto
│ └── google/
│ └── protobuf/
│ └── duration.proto
├── proxy-identity/
│ ├── main.go
│ ├── run_proxy_unix.go
│ └── run_proxy_windows.go
├── proxy-runtime.yml
├── rust-toolchain.toml
├── test/
│ ├── cli/
│ │ └── cli_install_static_test.go
│ ├── fuzzing/
│ │ ├── README.md
│ │ └── fuzzers.go
│ └── integration/
│ ├── deep/
│ │ ├── appprotocol/
│ │ │ ├── appprotocol_test.go
│ │ │ ├── assertions.go
│ │ │ └── testdata/
│ │ │ ├── appprotocol_application.yaml
│ │ │ └── appprotocol_client.yaml
│ │ ├── dualstack/
│ │ │ ├── dualstack_test.go
│ │ │ └── testdata/
│ │ │ ├── ipfamilies-policy.yml
│ │ │ ├── ipfamilies-server-client.yml
│ │ │ └── ipfamilies-server.go
│ │ ├── egress/
│ │ │ ├── egress_test.go
│ │ │ └── testdata/
│ │ │ └── proxy.yaml
│ │ ├── endpoints/
│ │ │ ├── endpoints_test.go
│ │ │ └── testdata/
│ │ │ └── nginx.yaml
│ │ ├── hostname/
│ │ │ ├── assertions.go
│ │ │ ├── hostname_test.go
│ │ │ └── testdata/
│ │ │ ├── hostname_application.yaml
│ │ │ └── hostname_client.yaml
│ │ ├── install_test.go
│ │ ├── kind-dualstack.yml
│ │ ├── kind-ipv6.yml
│ │ ├── localhost/
│ │ │ ├── localhost_test.go
│ │ │ └── testdata/
│ │ │ ├── nginx-and-curl.yaml
│ │ │ ├── nginx.yaml
│ │ │ └── slow-cooker.yaml
│ │ ├── norelay/
│ │ │ ├── norelay_test.go
│ │ │ └── testdata/
│ │ │ ├── client.yml
│ │ │ ├── server-hello.yml
│ │ │ └── server-relay.yml
│ │ ├── opaqueports/
│ │ │ ├── assertions.go
│ │ │ ├── opaque_ports_test.go
│ │ │ └── testdata/
│ │ │ ├── opaque_ports_application.yaml
│ │ │ └── opaque_ports_client.yaml
│ │ ├── serviceaccounts/
│ │ │ └── serviceaccounts_test.go
│ │ └── skipports/
│ │ ├── skip_ports_test.go
│ │ └── testdata/
│ │ └── skip_ports_application.yaml
│ ├── external/
│ │ ├── externalissuer/
│ │ │ ├── external_issuer_test.go
│ │ │ └── testdata/
│ │ │ └── external_issuer_application.yaml
│ │ ├── externalresources/
│ │ │ ├── rabbitmq_test.go
│ │ │ └── testdata/
│ │ │ ├── check.rabbitmq.golden
│ │ │ ├── rabbitmq-client.yaml
│ │ │ └── rabbitmq-server.yaml
│ │ ├── install_test.go
│ │ ├── stat/
│ │ │ ├── stat_test.go
│ │ │ └── testdata/
│ │ │ └── application.yaml
│ │ └── testdata/
│ │ └── external_prometheus.yaml
│ ├── install/
│ │ ├── inject/
│ │ │ ├── inject_test.go
│ │ │ └── testdata/
│ │ │ ├── inject_test.yaml
│ │ │ ├── pods.yaml
│ │ │ └── services.yaml
│ │ ├── install_test.go
│ │ ├── smoke/
│ │ │ ├── install_smoke_test.go
│ │ │ └── testdata/
│ │ │ ├── check.proxy.golden
│ │ │ ├── inject.report.golden
│ │ │ └── smoke_test.yaml
│ │ ├── testdata/
│ │ │ ├── check.proxy.golden
│ │ │ ├── inject.report.golden
│ │ │ ├── smoke_test.yaml
│ │ │ └── upgrade_test.yaml
│ │ └── uninstall/
│ │ └── uninstall_test.go
│ ├── multicluster/
│ │ ├── install_test.go
│ │ ├── multicluster-traffic/
│ │ │ ├── federated_test.go
│ │ │ ├── mc_traffic_test.go
│ │ │ ├── pod_to_pod_test.go
│ │ │ └── testdata/
│ │ │ ├── emojivoto-no-bot.yml
│ │ │ ├── federated-client.yml
│ │ │ ├── nginx-gateway-deploy.yaml
│ │ │ ├── nginx-ss.yml
│ │ │ ├── slow-cooker.yml
│ │ │ └── vote-bot.yml
│ │ └── testdata/
│ │ └── allow.golden
│ ├── rsa-ca/
│ │ ├── install_rsa_ca_test.go
│ │ └── testdata/
│ │ ├── ca.crt
│ │ ├── ca.key
│ │ ├── issuer.crt
│ │ └── issuer.key
│ ├── tracing/
│ │ ├── install_test.go
│ │ ├── testdata/
│ │ │ └── tracing-values.yaml
│ │ └── tracing/
│ │ ├── testdata/
│ │ │ ├── emojivoto.yaml
│ │ │ ├── jaeger-aio-values.yaml
│ │ │ ├── otel-values.yaml
│ │ │ └── tracing.yaml
│ │ └── tracing_test.go
│ ├── upgrade-edge/
│ │ ├── testdata/
│ │ │ └── emoji.yaml
│ │ └── upgrade_edge_test.go
│ └── viz/
│ ├── edges/
│ │ ├── edges_test.go
│ │ └── testdata/
│ │ ├── direct_edges.golden
│ │ ├── linkerd_edges.golden
│ │ ├── slow-cooker.yaml
│ │ └── terminus.yaml
│ ├── install_test.go
│ ├── policy/
│ │ ├── policy_test.go
│ │ └── testdata/
│ │ ├── emoji-policy.yaml
│ │ └── emojivoto.yaml
│ ├── routes/
│ │ └── routes_test.go
│ ├── serviceprofiles/
│ │ ├── serviceprofiles_test.go
│ │ └── testdata/
│ │ ├── hello_world.yaml
│ │ ├── t3.swagger
│ │ ├── tap_application.yaml
│ │ └── world.swagger
│ ├── stat/
│ │ └── stat_test.go
│ ├── tap/
│ │ ├── tap_test.go
│ │ └── testdata/
│ │ └── tap_application.yaml
│ └── trafficsplit/
│ ├── testdata/
│ │ ├── application.yaml
│ │ └── applications-at-diff-ports.yaml
│ └── trafficsplit_test.go
├── testutil/
│ ├── annotations.go
│ ├── annotations_test.go
│ ├── doc.go
│ ├── inject.go
│ ├── inject_validator.go
│ ├── install.go
│ ├── kubernetes_helper.go
│ ├── prommatch/
│ │ ├── common.go
│ │ ├── prommatch.go
│ │ ├── prommatch_test.go
│ │ ├── suite.go
│ │ └── testdata/
│ │ └── sampleMetrics.txt
│ ├── stream.go
│ ├── tap.go
│ ├── test_data_diff.go
│ ├── test_helper.go
│ └── test_helper_check.go
├── tools.go
├── viz/
│ ├── charts/
│ │ ├── linkerd-viz/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── README.md.gotmpl
│ │ │ ├── requirements.yaml
│ │ │ ├── templates/
│ │ │ │ ├── NOTES.txt
│ │ │ │ ├── admin-policy.yaml
│ │ │ │ ├── metrics-api-policy.yaml
│ │ │ │ ├── metrics-api-rbac.yaml
│ │ │ │ ├── metrics-api.yaml
│ │ │ │ ├── namespace-metadata-rbac.yaml
│ │ │ │ ├── namespace-metadata.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ ├── prometheus-policy.yaml
│ │ │ │ ├── prometheus-rbac.yaml
│ │ │ │ ├── prometheus.yaml
│ │ │ │ ├── psp.yaml
│ │ │ │ ├── service-profiles.yaml
│ │ │ │ ├── tap-injector-policy.yaml
│ │ │ │ ├── tap-injector-rbac.yaml
│ │ │ │ ├── tap-injector.yaml
│ │ │ │ ├── tap-policy.yaml
│ │ │ │ ├── tap-rbac.yaml
│ │ │ │ ├── tap.yaml
│ │ │ │ ├── web-rbac.yaml
│ │ │ │ └── web.yaml
│ │ │ ├── values-ha.yaml
│ │ │ └── values.yaml
│ │ └── templates.go
│ ├── cmd/
│ │ ├── allow-scrapes.go
│ │ ├── authz.go
│ │ ├── check.go
│ │ ├── dashboard.go
│ │ ├── edges.go
│ │ ├── edges_test.go
│ │ ├── install.go
│ │ ├── install_test.go
│ │ ├── list.go
│ │ ├── main_test.go
│ │ ├── profile.go
│ │ ├── profile_test.go
│ │ ├── prune.go
│ │ ├── root.go
│ │ ├── routes.go
│ │ ├── routes_test.go
│ │ ├── stat-inbound.go
│ │ ├── stat-outbound.go
│ │ ├── stat.go
│ │ ├── stat_test.go
│ │ ├── tap.go
│ │ ├── tap_test.go
│ │ ├── testdata/
│ │ │ ├── edges_one_output.golden
│ │ │ ├── edges_one_output_json.golden
│ │ │ ├── edges_wide_output.golden
│ │ │ ├── install_default.golden
│ │ │ ├── install_default_overrides.golden
│ │ │ ├── install_prometheus_disabled.golden
│ │ │ ├── install_prometheus_loglevel_from_args.golden
│ │ │ ├── install_proxy_resources.golden
│ │ │ ├── routes_one_output.golden
│ │ │ ├── routes_one_output_json.golden
│ │ │ ├── routes_one_output_wide.golden
│ │ │ ├── stat_all_output.golden
│ │ │ ├── stat_all_output_json.golden
│ │ │ ├── stat_one_output.golden
│ │ │ ├── stat_one_output_json.golden
│ │ │ ├── stat_one_pod_output.golden
│ │ │ ├── stat_one_tcp_output.golden
│ │ │ ├── stat_one_ts_output.golden
│ │ │ ├── stat_one_ts_output_json.golden
│ │ │ ├── tap_busy_output.golden
│ │ │ ├── tap_busy_output_json.golden
│ │ │ ├── tap_busy_output_jsonpath.golden
│ │ │ ├── tap_busy_output_wide.golden
│ │ │ └── tap_empty_output.golden
│ │ ├── top.go
│ │ └── uninstall.go
│ ├── main.go
│ ├── metrics-api/
│ │ ├── Dockerfile
│ │ ├── authz.go
│ │ ├── client/
│ │ │ └── client.go
│ │ ├── cmd/
│ │ │ └── main.go
│ │ ├── edges.go
│ │ ├── edges_test.go
│ │ ├── gateways.go
│ │ ├── gen/
│ │ │ └── viz/
│ │ │ ├── viz.pb.go
│ │ │ └── viz_grpc.pb.go
│ │ ├── grpc_server.go
│ │ ├── grpc_server_test.go
│ │ ├── policy.go
│ │ ├── prometheus.go
│ │ ├── prometheus_test.go
│ │ ├── proto/
│ │ │ └── viz.proto
│ │ ├── stat_summary.go
│ │ ├── stat_summary_test.go
│ │ ├── test_helper.go
│ │ ├── top_routes.go
│ │ ├── top_routes_test.go
│ │ └── util/
│ │ ├── api_utils.go
│ │ └── api_utils_test.go
│ ├── pkg/
│ │ ├── api/
│ │ │ └── api.go
│ │ ├── healthcheck/
│ │ │ ├── healthcheck.go
│ │ │ └── healthcheck_test.go
│ │ ├── jsonpath/
│ │ │ └── jsonpath.go
│ │ ├── labels/
│ │ │ └── labels.go
│ │ ├── prometheus/
│ │ │ └── prometheus.go
│ │ └── util/
│ │ ├── util.go
│ │ └── util_test.go
│ └── tap/
│ ├── Dockerfile
│ ├── api/
│ │ ├── client.go
│ │ ├── grpc_server.go
│ │ ├── grpc_server_test.go
│ │ ├── handlers.go
│ │ ├── handlers_test.go
│ │ ├── main.go
│ │ ├── server.go
│ │ └── server_test.go
│ ├── cmd/
│ │ └── main.go
│ ├── gen/
│ │ └── tap/
│ │ ├── viz_tap.pb.go
│ │ └── viz_tap_grpc.pb.go
│ ├── injector/
│ │ ├── main.go
│ │ ├── patch.go
│ │ └── webhook.go
│ ├── pkg/
│ │ ├── events.go
│ │ ├── protohttp.go
│ │ ├── protohttp_test.go
│ │ ├── reader.go
│ │ └── requests.go
│ └── proto/
│ └── viz_tap.proto
└── web/
├── Dockerfile
├── app/
│ ├── .eslintrc
│ ├── .linguirc
│ ├── __mocks__/
│ │ ├── fileMock.js
│ │ └── styleMock.js
│ ├── babel.config.json
│ ├── css/
│ │ ├── styles.css
│ │ └── svg-wrappers.css
│ ├── gh_ann_reporter.js
│ ├── index_bundle.js.lodash.tmpl
│ ├── js/
│ │ ├── components/
│ │ │ ├── AddResources.jsx
│ │ │ ├── BaseTable.jsx
│ │ │ ├── BaseTable.test.js
│ │ │ ├── BreadcrumbHeader.jsx
│ │ │ ├── BreadcrumbHeader.test.jsx
│ │ │ ├── CallToAction.jsx
│ │ │ ├── CheckModal.jsx
│ │ │ ├── Community.jsx
│ │ │ ├── Community.test.jsx
│ │ │ ├── ConfigureProfilesMsg.jsx
│ │ │ ├── EdgesTable.jsx
│ │ │ ├── EmptyCard.jsx
│ │ │ ├── ErrorBanner.jsx
│ │ │ ├── ErrorModal.jsx
│ │ │ ├── ExpandableTable.jsx
│ │ │ ├── Extensions.jsx
│ │ │ ├── Gateway.jsx
│ │ │ ├── GrafanaLink.jsx
│ │ │ ├── GrafanaLink.test.jsx
│ │ │ ├── JaegerLink.jsx
│ │ │ ├── MeshedStatusTable.jsx
│ │ │ ├── MetricsTable.jsx
│ │ │ ├── MetricsTable.test.js
│ │ │ ├── Namespace.jsx
│ │ │ ├── NamespaceConfirmationModal.jsx
│ │ │ ├── Navigation.jsx
│ │ │ ├── Navigation.test.jsx
│ │ │ ├── NetworkGraph.jsx
│ │ │ ├── NetworkGraph.test.jsx
│ │ │ ├── NoMatch.jsx
│ │ │ ├── Octopus.jsx
│ │ │ ├── Popover.jsx
│ │ │ ├── QueryToCliCmd.jsx
│ │ │ ├── QueryToCliCmd.test.jsx
│ │ │ ├── ResourceDetail.jsx
│ │ │ ├── ResourceList.jsx
│ │ │ ├── ResourceList.test.jsx
│ │ │ ├── ServiceDetail.jsx
│ │ │ ├── ServiceMesh.jsx
│ │ │ ├── ServiceMesh.test.jsx
│ │ │ ├── StatusTable.jsx
│ │ │ ├── Tap.jsx
│ │ │ ├── TapEnabledWarning.jsx
│ │ │ ├── TapEventHeadersTable.jsx
│ │ │ ├── TapEventTable.jsx
│ │ │ ├── TapLink.jsx
│ │ │ ├── TapQueryForm.jsx
│ │ │ ├── Top.jsx
│ │ │ ├── TopEventTable.jsx
│ │ │ ├── TopModule.jsx
│ │ │ ├── TopRoutes.jsx
│ │ │ ├── TopRoutesModule.jsx
│ │ │ ├── TopRoutesTable.jsx
│ │ │ ├── TopRoutesTable.test.js
│ │ │ ├── TopRoutesTabs.jsx
│ │ │ ├── Version.jsx
│ │ │ ├── Version.test.js
│ │ │ └── util/
│ │ │ ├── ApiHelpers.jsx
│ │ │ ├── ApiHelpers.test.jsx
│ │ │ ├── AppContext.jsx
│ │ │ ├── Chip.jsx
│ │ │ ├── CliQueryUtils.js
│ │ │ ├── CopyUtils.jsx
│ │ │ ├── EdgesUtils.jsx
│ │ │ ├── MetricUtils.jsx
│ │ │ ├── MetricUtils.test.js
│ │ │ ├── OctopusArms.jsx
│ │ │ ├── PageVisibility.jsx
│ │ │ ├── Percentage.js
│ │ │ ├── Progress.jsx
│ │ │ ├── Spinner.jsx
│ │ │ ├── SuccessRateDot.jsx
│ │ │ ├── SuccessRateMiniChart.jsx
│ │ │ ├── SvgWrappers.jsx
│ │ │ ├── TapUtils.jsx
│ │ │ ├── Utils.js
│ │ │ ├── Utils.test.js
│ │ │ ├── theme.js
│ │ │ └── withREST.jsx
│ │ ├── index.js
│ │ └── locales/
│ │ ├── en/
│ │ │ └── messages.json
│ │ └── es/
│ │ └── messages.json
│ ├── package.json
│ ├── setupTests.js
│ ├── test/
│ │ ├── fixtures/
│ │ │ ├── allRollup.json
│ │ │ ├── deployRollup.json
│ │ │ ├── emojivotoPods.json
│ │ │ ├── gateway.json
│ │ │ ├── multiDeployRollup.json
│ │ │ ├── namespaces.json
│ │ │ └── podRollup.json
│ │ └── testHelpers.jsx
│ └── webpack.config.js
├── main.go
├── srv/
│ ├── api_handlers.go
│ ├── api_handlers_test.go
│ ├── check_same_origin.go
│ ├── handlers.go
│ ├── handlers_test.go
│ ├── reverse_proxy.go
│ ├── server.go
│ ├── test_helpers.go
│ └── testdata/
│ ├── api_check_output.json
│ └── api_gateway_output.json
└── templates/
├── app.tmpl.html
└── includes/
└── base.tmpl.html
================================================
FILE CONTENTS
================================================
================================================
FILE: .devcontainer/README.md
================================================
# devcontainer
This directory provides a _devcontainer_ configuration that configures a
reproducible development environment for this project.
The devcontainer configuration is maintained in the
[linkerd/dev](https://github.com/linkerd/dev) repository.
## Docker
This configuration currently uses the parent host's Docker daemon (rather than
running a separate docker daemon within in the container). It creates
devcontainers on the host network so it's easy to use k3d clusters hosted in the
parent host's docker daemon.
## Customizing
This configuration is supposed to provide a minimal setup without catering to
any one developer's personal tastes. Devcontainers can be extended with per-user
configuration.
To add your own extensions to the devcontainer, configure default extensions in
your VS Code settings:
```jsonc
"remote.containers.defaultExtensions": [
"eamodio.gitlens",
"GitHub.copilot",
"GitHub.vscode-pull-request-github",
"mutantdino.resourcemonitor",
"stateful.edge"
],
```
Furthermore, you can configure a _dotfiles_ repository to perform customizations
with a configuration like:
```jsonc
"dotfiles.repository": "https://github.com/olix0r/dotfiles.git",
```
================================================
FILE: .devcontainer/devcontainer.json
================================================
{
"name": "linkerd2",
"image": "ghcr.io/linkerd/dev:v48",
// "dockerFile": "./Dockerfile",
// "context": "..",
"features": {
"ghcr.io/devcontainers/features/github-cli:1": {}
},
"customizations": {
"vscode": {
"extensions": [
"DavidAnson.vscode-markdownlint",
"golang.go",
"kokakiwi.vscode-just",
"ms-kubernetes-tools.vscode-kubernetes-tools",
"NathanRidley.autotrim",
"rust-lang.rust-analyzer",
"samverschueren.final-newline",
"tamasfe.even-better-toml",
"zxh404.vscode-proto3"
],
"settings": {
"go.lintTool": "golangci-lint",
// TODO(ver) Find a way to enforce YAML formatting.
// See https://github.com/redhat-developer/vscode-yaml/discussions/839
"yaml.format.enable": false
}
}
},
"runArgs": [
"--init",
// Limit container memory usage.
"--memory=12g",
"--memory-swap=12g",
// Use the host network so we can access k3d, etc.
"--net=host",
// For lldb
"--cap-add=SYS_PTRACE",
"--security-opt=seccomp=unconfined"
],
"overrideCommand": false,
"remoteUser": "code",
"mounts": [
"source=/var/run/docker.sock,target=/var/run/docker-host.sock,type=bind"
]
}
================================================
FILE: .dockerignore
================================================
.git
.github
**/.idea
**/cmake-*
**/CMakeLists.txt
*.iml
**/node_modules
bin
!bin/action-dev-check
!bin/fetch-proxy
!bin/install-deps
!bin/scurl
!bin/web
**/Dockerfile*
Dockerfile*
**/target
target
!target/docker-build
web/app/dist
web/app/yarn-error.log
vendor
================================================
FILE: .editorconfig
================================================
# top-most EditorConfig file
root = true
[*]
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
charset = utf-8
indent_style = space
indent_size = 4
# Go code uses tabs. Display with 4 space indentation in editors and on GitHub
# (see https://github.com/isaacs/github/issues/170#issuecomment-150489692).
[*.go]
indent_style = tab
[*.jsx]
indent_size = 2
indent_style = space
[*.js]
indent_size = 2
indent_style = space
[*.css]
indent_size = 2
indent_style = space
[*.yml]
indent_size = 2
[*.yaml]
indent_size = 2
[*.proto]
indent_size = 2
indent_style = space
================================================
FILE: .gitattributes
================================================
# Expand these files in PRs:
go.sum linguist-generated=false
**/Cargo.lock linguist-generated=false
# Collapse these files in PRs:
controller/gen/**/*.pb.go linguist-generated=true
**/*.golden linguist-generated=true
**/*.golden.yml linguist-generated=true
controller/proxy-injector/fake/data/* linguist-generated=true
================================================
FILE: .github/CODEOWNERS
================================================
# By default, the maintainers group is responsible for everything.
* @linkerd/maintainers
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.yml
================================================
name: "🐛 Bug Report"
description: If you've found a reproducible bug
labels: ["bug"]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to file a bug report!
We're most likely to fix bugs that are easy to reproduce, so please try
to provide enough information for us to understand how to reproduce the
issue. Example Kubernetes manifests are encouraged!
- type: textarea
attributes:
label: What is the issue?
description: |
A clear and concise description of what Linkerd is doing and what you
would expect.
validations:
required: true
- type: textarea
attributes:
label: How can it be reproduced?
validations:
required: true
- type: textarea
attributes:
label: Logs, error output, etc
description: |
If the output is long, please create a [gist](https://gist.github.com/)
and paste the link here.
validations:
required: true
- type: textarea
attributes:
label: output of `linkerd check -o short`
placeholder: |
```text
your output here ...
```
validations:
required: true
- type: textarea
attributes:
label: Environment
placeholder: |
- Kubernetes Version:
- Cluster Environment: (GKE, AKS, kops, ...)
- Host OS:
- Linkerd version:
validations:
required: true
- type: textarea
attributes:
label: Possible solution
description: "If you have suggestions on a fix for the bug."
- type: textarea
attributes:
label: Additional context
description: "Add any other context about the problem here. Or a screenshot if applicable."
- type: dropdown
attributes:
label: Would you like to work on fixing this bug?
description: We are more than happy to help you through the process.
options:
- "yes"
- "no"
- "maybe"
================================================
FILE: .github/ISSUE_TEMPLATE/config.yml
================================================
blank_issues_enabled: false
contact_links:
- name: 🙋🏾 Question
url: https://github.com/linkerd/linkerd2/discussions/new
about: If you need help debugging something or have a general question about Linkerd
================================================
FILE: .github/ISSUE_TEMPLATE/feature_request.yml
================================================
name: "💡 Feature Request"
description: If you have a suggestion for how to improve Linkerd
labels: ["enhancement"]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to suggest a new feature! Please fill out this form as completely as possible.
Please search to see if an issue already exists for the feature you are suggesting.
- type: textarea
attributes:
label: What problem are you trying to solve?
description: A concise description of what the problem is.
placeholder: I have an issue when [...]
validations:
required: true
- type: textarea
attributes:
label: How should the problem be solved?
description: What do you want to happen? Add any considered drawbacks.
validations:
required: true
- type: textarea
attributes:
label: Any alternatives you've considered?
description: Is there another way to solve this problem that isn't as good a solution?
validations:
required: true
- type: textarea
attributes:
label: How would users interact with this feature?
description: If you can, explain how users will be able to use this. Maybe come sample CLI output?
- type: dropdown
attributes:
label: Would you like to work on this feature?
description: We are more than happy to help you through the process.
options:
- "yes"
- "no"
- "maybe"
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
<!-- Thanks for sending a pull request!
If you already have a well-structured git commit message, chances are GitHub
set the title and description of this PR to the git commit message subject and
body, respectively. If so, you may delete these instructions and submit your PR.
If this is your first time, please read our contributor guide:
https://github.com/linkerd/linkerd2/blob/main/CONTRIBUTING.md
The title and description of your Pull Request should match the git commit
subject and body, respectively. Git commit messages are structured as follows:
```
Subject
Problem
Solution
Validation
Fixes #[GitHub issue ID]
DCO Sign off
```
Example git commit message:
```
Introduce Pull Request Template
GitHub's community guidelines recommend a pull request template, the repo was
lacking one.
Introduce a `PULL_REQUEST_TEMPLATE.md` file.
Once merged, the
[Community profile checklist](https://github.com/linkerd/linkerd2/community)
should indicate the repo now provides a pull request template.
Fixes #3321
Signed-off-by: Jane Smith <jane.smith@example.com>
```
Note the git commit message subject becomes the pull request title.
For more details around git commits, see the section on Committing in our
contributor guide:
https://github.com/linkerd/linkerd2/blob/main/CONTRIBUTING.md#committing
-->
================================================
FILE: .github/actions/cli-setup/action.yaml
================================================
name: CLI Setup
description: Fetches the Linkerd CLI from an artifact and installs it into the target.
inputs:
artifact-id:
description: The ID of the artifact to download.
required: true
target:
description: The path to install the CLI into.
required: true
runs:
using: composite
steps:
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
with:
artifact-ids: ${{ inputs.artifact-id }}
path: ${{ runner.temp }}/cli
- run: mv ${{ runner.temp }}/cli/linkerd2-cli-*-linux-amd64 ${{ inputs.target }} && chmod 755 ${{ inputs.target }}
shell: bash
================================================
FILE: .github/actions/docker-build/action.yml
================================================
name: Docker Build
description: Builds linkerd's docker images
inputs:
docker-registry:
description: The docker registry used to tag the images
required: false
default: cr.l5d.io/linkerd
docker-target:
description: The OS-arch the docker build will be targeted to
required: false
default: linux-amd64
docker-push:
description: Whether to push the built images to the registry
required: false
default: ''
component:
description: Component to build
required: true
tag:
description: Tag to use for the built image
required: true
runs:
using: composite
steps:
# populate ACTIONS_CACHE_URL and ACTIONS_RUNTIME_TOKEN
- uses: crazy-max/ghaction-github-runtime@04d248b84655b509d8c44dc1d6f990c879747487
- uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
with:
driver-opts: network=host
- env:
DOCKER_REGISTRY: ${{ inputs.docker-registry }}
DOCKER_TARGET: ${{ inputs.docker-target }}
DOCKER_PUSH: ${{ inputs.docker-push }}
TAG: ${{ inputs.tag }}
RUNTIME_IMAGE: localhost:5000/linkerd/proxy-runtime:${{ inputs.tag }}
PUSH_RUNTIME_IMAGE: true
shell: bash
run: bin/docker-build-${{ inputs.component }}
- name: Output Image Digest
shell: bash
id: image_digest
run: |
image_digest=$(cat target/metadata-${{ inputs.component }}.json | jq -r '."containerimage.digest"')
echo "${image_digest}"
echo "DIGEST=${{ inputs.docker-registry }}/${{ inputs.component }}@${image_digest}" >> "$GITHUB_OUTPUT"
outputs:
image:
description: The image that was built
value: ${{ inputs.docker-registry }}/${{ inputs.component }}:${{ inputs.tag }}
digest:
description: The image digest
value: ${{ steps.image_digest.outputs.DIGEST }}
================================================
FILE: .github/actions/helm-publish/action.yml
================================================
name: Helm publish
description: Helm chart creation and uploading
runs:
using: composite
steps:
- name: Set up Cloud SDK
uses: 'google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db'
- uses: linkerd/dev/actions/setup-tools@v48
- shell: bash
run: |
mkdir -p target/helm
gsutil cp gs://helm.linkerd.io/edge/index.yaml target/helm/index-pre.yaml
bin/compute-edge-version update-charts
helm-docs
bin/helm-build package
cp charts/artifacthub-repo-edge.yml target/helm/artifacthub-repo.yml
gsutil rsync target/helm gs://helm.linkerd.io/edge
================================================
FILE: .github/dco.yml
================================================
require:
members: false
================================================
FILE: .github/dependabot.yml
================================================
# Dependabot are scheduled to avoid contention with normal workday CI usage. We
# start running updates at 3AM UTC (7PM PST, 8AM IST) and stagger each
# subsequent update by 30m.
#
# JS updates are run weekly.
version: 2
updates:
- package-ecosystem: gomod
directory: "/"
schedule:
interval: daily
time: "03:00"
timezone: Etc/UTC
ignore:
# TODO(ver): Remove this once we update our Gateway API dependencies.
- dependency-name: sigs.k8s.io/gateway-api
update-types: [version-update:semver-major, version-update:semver-minor]
groups:
kube:
patterns:
- k8s.io/*
- package-ecosystem: cargo
directory: "/"
schedule:
interval: daily
time: "03:30"
timezone: Etc/UTC
allow:
- dependency-type: all
ignore:
# These dependencies are for platforms that we don't support:
- dependency-name: redox*
- dependency-name: js-sys
- dependency-name: wasm-bindgen
- dependency-name: web-sys
# These dependencies are updated via kubert, so only accept patch updates.
- dependency-name: clap
update-types: [version-update:semver-major, version-update:semver-minor]
- dependency-name: clap_*
update-types: [version-update:semver-major, version-update:semver-minor]
- dependency-name: kube
update-types: [version-update:semver-major, version-update:semver-minor]
- dependency-name: kube-*
update-types: [version-update:semver-major, version-update:semver-minor]
- dependency-name: k8s-openapi
update-types: [version-update:semver-major, version-update:semver-minor]
# These dependencies are updated via linkerd2-proxy-api, so only accept patch updates.
- dependency-name: prost
update-types: [version-update:semver-major, version-update:semver-minor]
- dependency-name: prost-*
update-types: [version-update:semver-major, version-update:semver-minor]
- dependency-name: tonic
update-types: [version-update:semver-major, version-update:semver-minor]
groups:
clap:
patterns:
- clap
- clap_*
update-types: [minor, patch]
futures:
patterns:
- futures
- futures-*
kube-patch:
patterns:
- k8s-openapi
- kube
- kube-*
- gateway-api
update-types: [patch]
kube:
patterns:
- kubert
- kubert-*
- k8s-openapi
- kube
- kube-*
- gateway-api
update-types: [major, minor]
grpc:
patterns:
- prost
- prost-*
- tonic
update-types: [patch]
tracing:
patterns:
- tracing
- tracing-*
serde:
patterns:
- serde
- serde_*
pest:
patterns:
- pest
- pest_*
- package-ecosystem: "github-actions"
directories:
- "/"
- ".github/actions/*"
schedule:
interval: "daily"
time: "04:00"
timezone: Etc/UTC
- package-ecosystem: "npm"
directory: "/web/app"
schedule:
# JS dependencies tend to be pretty noisy, so only check once per week.
interval: "weekly"
day: "sunday"
ignore:
# v6 is backwards-incompatible and requires lots of changes.
# A compatibility layer should come out at some point
# see https://reactrouter.com/docs/en/v6/upgrading/v5
- dependency-name: "react-router-dom"
update-types: ["version-update:semver-major"]
================================================
FILE: .github/stale.yml
================================================
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 90
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 14
# Issues with these labels will never be considered stale
exemptLabels:
- pinned
- area/security
- area/tls
- area/docs
- area/test
- good first issue
- benchmarking
- help wanted
- epic
- rfc
- roadmap
# Label to use when marking an issue as stale
staleLabel: wontfix
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed in 14 days if no further activity occurs. Thank you
for your contributions.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false
================================================
FILE: .github/workflows/actions.yml
================================================
name: Actions
on:
pull_request:
paths:
- .devcontainer/devcontainer.json
- .github/workflows/**
permissions:
contents: read
jobs:
actionlint:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 10
steps:
- uses: linkerd/dev/actions/setup-tools@v48
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: just-dev lint-actions
devcontainer-versions:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- uses: linkerd/dev/actions/setup-tools@v48
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: just-dev check-action-images
================================================
FILE: .github/workflows/cli-build.yml
================================================
on:
workflow_call:
inputs:
version:
type: string
required: true
target:
type: string
required: false
default: 'multi-arch'
outputs:
artifact-id:
value: ${{ jobs.build.outputs.artifact-id }}
jobs:
build:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 20
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
- uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
id: build
with:
build-args: |
LINKERD_VERSION=${{ inputs.version }}
target: ${{ inputs.target }}
context: .
file: cli/Dockerfile
cache-from: type=gha,scope=${{ github.ref_name }}-cli
cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-cli
push: false
load: false
outputs: type=local,dest=.
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
id: upload
with:
name: cli-bin-${{ inputs.version }}-${{ inputs.target }}
path: linkerd2-cli-${{ inputs.version }}-*
outputs:
artifact-id: ${{ steps.upload.outputs.artifact-id }}
================================================
FILE: .github/workflows/codecov.yml
================================================
name: Coverage
# Run weekly on Sunday at midnight (UTC).
on:
schedule:
- cron: "0 0 * * 0"
permissions:
contents: read
jobs:
go:
name: Go
timeout-minutes: 30
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container:
image: golang:1.25
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: go install gotest.tools/gotestsum@v0.4.2
- run: gotestsum -- -cover -coverprofile=coverage.out -v -mod=readonly ./...
- uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad
with:
files: ./coverage.out
flags: unittests,golang
js:
name: JS
timeout-minutes: 30
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container:
image: node:20-stretch
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Yarn setup
shell: bash
run: bin/scurl -o- https://yarnpkg.com/install.sh | bash -s -- --version 1.21.1 --network-concurrency 1
- name: Unit tests
run: |
export PATH="$HOME/.yarn/bin:$PATH"
export NODE_ENV=test
bin/web --frozen-lockfile
bin/web test --reporters="jest-progress-bar-reporter" --reporters="./gh_ann_reporter.js" --coverage
- uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad
with:
directory: ./web/app/coverage
flags: unittests,javascript
rust:
name: Rust
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 15
container:
image: docker://rust:1.90.0
options: --security-opt seccomp=unconfined
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- shell: bash
run: mkdir -p target && cd target && bin/scurl -v https://github.com/xd009642/tarpaulin/releases/download/0.27.3/cargo-tarpaulin-x86_64-unknown-linux-musl.tar.gz | tar zxvf - && chmod 755 cargo-tarpaulin
- run: target/cargo-tarpaulin tarpaulin --workspace --out Xml
- uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad
with:
flags: unittests,rust
================================================
FILE: .github/workflows/codeql.yml
================================================
# See https://github.com/github/codeql-action/tree/v1 for more information.
name: CodeQL
on:
push:
branches: [main, stable-*]
paths:
- .github/workflows/codeql.yml
- "**/*.go"
- "**/*.js"
- "**/*.jsx"
pull_request:
# The branches below must be a subset of the branches above
branches: [main, stable-*]
paths:
- .github/workflows/codeql.yml
- "**/*.go"
- "**/*.js"
- "**/*.jsx"
jobs:
analyze:
name: Analyze
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language:
- go
- javascript
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
with:
go-version-file: go.mod
- name: Initialize
# Unpinned action version so that we automatically get analyzer updates.
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
- name: Analyze
uses: github/codeql-action/analyze@v4
================================================
FILE: .github/workflows/devcontainer.yml
================================================
name: Devcontainer
# When a pull request is opened that changes the Devcontainer configuration,
# ensure that the container continues to build properly.
on:
pull_request:
paths:
- .devcontainer/devcontainer.json
- .github/workflows/devcontainer.yml
- rust-toolchain
permissions:
contents: read
jobs:
rust-version:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container: ghcr.io/linkerd/dev:v48-rust
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- shell: bash
run: |
# Extract current Rust version from the toolchain file.
version_regex='channel = "([0-9]+\.[0-9]+\.[0-9]+)"'
toolchain=$(cat rust-toolchain.toml)
if [[ $toolchain =~ $version_regex ]]; then
tc=${BASH_REMATCH[1]}
else
echo "::error file=rust-toolchain.toml::failed to parse rust-toolchain.toml"
exit 1
fi
dev=$(cargo version | cut -d' ' -f2)
if [ "$dev" != "$tc" ]; then
echo "::error file=rust-toolchain.toml,line=2::rust-toolchain ($tc) does not match devcontainer ($dev)"
exit 1
fi
devcontainer-image:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- uses: linkerd/dev/actions/setup-tools@v48
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: just-dev pull-dev-image
================================================
FILE: .github/workflows/go.yml
================================================
name: Go
on: pull_request
permissions:
contents: read
jobs:
meta:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323
id: changed
with:
files: |
.github/workflows/go.yml
go.sum
**/*.go
**/*.golden
**/charts/**
files_ignore: |
**/Chart.yaml
**/README*
outputs:
changed: ${{ steps.changed.outputs.any_changed }}
go-lint:
needs: meta
if: needs.meta.outputs.changed == 'true'
timeout-minutes: 10
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container: ghcr.io/linkerd/dev:v48-go
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
with:
go-version-file: go.mod
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: just go-lint --verbose --timeout=10m
go-format:
needs: meta
if: needs.meta.outputs.changed == 'true'
timeout-minutes: 10
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container: ghcr.io/linkerd/dev:v48-go
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
with:
go-version-file: go.mod
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: just go-fmt
go-test:
needs: meta
if: needs.meta.outputs.changed == 'true'
timeout-minutes: 30
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container: ghcr.io/linkerd/dev:v48-go
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
with:
go-version-file: go.mod
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: just go-fetch
- run: just go-test
# There's currently one flakey test we want to retry in particular:
# TestEndpointProfileTranslator/Handles_overflow
go-test-retry:
needs: go-test
if: failure() && fromJSON(github.run_attempt) < 3
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
permissions:
actions: write
env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
GH_DEBUG: api
REF: ${{ github.head_ref }}
steps:
- run: gh workflow run rerun.yml -F 'run_id=${{ github.run_id }}' --ref "$REF"
go-ok:
needs: [go-lint, go-format, go-test]
if: always()
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- name: Results
run: |
echo 'go-lint: ${{ needs.go-lint.result }}'
echo 'go-format: ${{ needs.go-format.result }}'
echo 'go-test: ${{ needs.go-test.result }}'
- name: Verify jobs
# All jobs must succeed or be skipped.
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: exit 1
================================================
FILE: .github/workflows/integration.yml
================================================
name: Integration tests
on: pull_request
permissions:
contents: read
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
CARGO_NEXTEST_VERSION: 0.9.100
DOCKER_REGISTRY: ghcr.io/linkerd
GH_ANNOTATION: true
K3D_VERSION: v5.8.3
RUST_BACKTRACE: short
RUSTUP_MAX_RETRIES: 10
YQ_VERSION: v4.44.5
LINKERD2_PROXY_REPO: ${{ vars.LINKERD2_PROXY_REPO || 'linkerd/linkerd2-proxy' }}
LINKERD2_PROXY_RELEASE_PREFIX: ${{ vars.LINKERD2_PROXY_RELEASE_PREFIX || 'release/' }}
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref }}
cancel-in-progress: true
jobs:
meta:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- id: tag
run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT"
- uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323
id: core
with:
files: |
.github/workflows/integration.yml
.proxy-version
go.sum
**/*.go
**/*.rs
**/Dockerfile*
charts/**
multicluster/charts/**
justfile
bin/fetch-proxy
bin/_test-helper.sh
files_ignore: |
.devcontainer/**
**/Chart.yaml
**/README*
outputs:
tag: ${{ steps.tag.outputs.tag }}
changed: ${{ steps.core.outputs.any_changed }}
info:
needs: meta
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 2
steps:
- name: Info
run: |
echo "tag=${{ needs.meta.outputs.tag }}"
echo "changed=${{ needs.meta.outputs.changed }}"
build-cli:
needs: meta
if: needs.meta.outputs.changed == 'true'
uses: ./.github/workflows/cli-build.yml
with:
version: ${{ needs.meta.outputs.tag }}
target: linux-amd64
##
## Core: Test the core control plane
##
## TODO(ver) CNI configurations should be tested separately.
##
build-core:
needs: meta
if: needs.meta.outputs.changed == 'true'
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
services:
registry:
image: registry:3
ports:
- 5000:5000
strategy:
matrix:
component:
- controller
- proxy
timeout-minutes: 20
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/docker-build
id: build
env:
LINKERD2_PROXY_GITHUB_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }}
with:
docker-registry: ${{ env.DOCKER_REGISTRY }}
docker-target: linux-amd64
component: ${{ matrix.component }}
tag: ${{ needs.meta.outputs.tag }}
- name: Run docker save
run: |
mkdir -p /home/runner/archives
docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar'
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
with:
name: image-archives-${{ matrix.component }}
path: /home/runner/archives
test-core:
needs: [meta, build-cli, build-core]
if: needs.meta.outputs.changed == 'true'
strategy:
fail-fast: false
matrix:
test:
- cni-calico-deep
- deep
- deep-native-sidecar
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
with:
go-version-file: go.mod
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- run: find image-archives -ls
- uses: ./.github/actions/cli-setup
with:
artifact-id: ${{ needs.build-cli.outputs.artifact-id }}
target: ${{ runner.temp }}/linkerd
- run: bin/tests --images archive --cleanup-docker --name ${{ matrix.test }} ${{ runner.temp }}/linkerd
env:
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
TAG: ${{ needs.meta.outputs.tag }}
##
## Policy: Only run policy tests when the policy controller or proxy changes
##
test-policy:
needs: [meta, build-cli, build-core]
if: needs.meta.outputs.changed == 'true'
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
# Test the latest Kubernetes version with the latest Gateway API
# version, as well as the vendored Gateway API CRDs.
k8s:
- v1.34
gateway-api:
- version: linkerd
channel: experimental
- version: v1.4.0
channel: experimental
# Also test the Minimum Supported Kubernetes Version with the Minimum
# Supported Gateway API version.
include:
- k8s: v1.23
gateway-api:
version: v1.1.1
channel: standard
env:
GATEWAY_API_VERSION: ${{ matrix.gateway-api.version }}
GATEWAY_API_CHANNEL: ${{ matrix.gateway-api.channel }}
steps:
- uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: olix0r/cargo-action-fmt/setup@9269f3aa1ff01775d95efc97037e2cbdb41d9684
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- run: find image-archives -ls
- uses: ./.github/actions/cli-setup
with:
artifact-id: ${{ needs.build-cli.outputs.artifact-id }}
target: ${{ runner.temp }}/linkerd
- name: Setup deps
shell: bash
run: |
rm -rf "$HOME/.cargo"
bin/scurl -v https://sh.rustup.rs | sh -s -- -y --default-toolchain "$(./bin/rust-toolchain-version)"
# shellcheck disable=SC1090
source ~/.cargo/env
echo "PATH=$PATH" >> "$GITHUB_ENV"
bin/scurl -v "https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh" | bash
bin/scurl -vo /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && chmod +x /usr/local/bin/yq
bin/scurl -v "https://github.com/nextest-rs/nextest/releases/download/cargo-nextest-${CARGO_NEXTEST_VERSION}/cargo-nextest-${CARGO_NEXTEST_VERSION}-x86_64-unknown-linux-musl.tar.gz" -o nextest.tar.gz
tar -xzf nextest.tar.gz
mv cargo-nextest ~/.cargo/bin/
chmod +x ~/.cargo/bin/cargo-nextest
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
- run: just policy-test-build
- run: just k3d-k8s='${{ matrix.k8s }}' k3d-create
- run: docker load <image-archives/controller.tar
- run: docker load <image-archives/proxy.tar
- run: docker image ls
- run: just linkerd-tag='${{ needs.meta.outputs.tag }}' linkerd-exec="${{ runner.temp }}/linkerd" linkerd-install
- name: Load images
run: |
# Image loading is flakey in CI, so retry!
for _ in {1..6} ; do
if just linkerd-tag='${{ needs.meta.outputs.tag }}' policy-test-deps-load ; then exit 0 ; fi
sleep 10
echo retrying...
done
exit 1
- run: just policy-test-run --jobs=1
env:
# https://nexte.st/book/retries.html
NEXTEST_RETRIES: 3
##
## Ext: Run tests that require non-core components.
##
build-ext:
needs: meta
if: needs.meta.outputs.changed == 'true'
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
strategy:
matrix:
component:
- metrics-api
- tap
- web
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/docker-build
id: build
with:
docker-registry: ${{ env.DOCKER_REGISTRY }}
docker-target: linux-amd64
component: ${{ matrix.component }}
tag: ${{ needs.meta.outputs.tag }}
- name: Run docker save
run: |
mkdir -p /home/runner/archives
docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar'
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
with:
name: image-archives-${{ matrix.component }}
path: /home/runner/archives
# These tests exercise core functionality, but need the viz extension.
test-ext:
needs: [meta, build-cli, build-core, build-ext]
if: needs.meta.outputs.changed == 'true'
strategy:
fail-fast: false
matrix:
integration_test:
- cluster-domain
- default-policy-deny
- external
- rsa-ca
- tracing
- helm-upgrade
- uninstall
- upgrade-edge
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
with:
go-version-file: go.mod
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- run: find image-archives -ls
- uses: ./.github/actions/cli-setup
with:
artifact-id: ${{ needs.build-cli.outputs.artifact-id }}
target: ${{ runner.temp }}/linkerd
- run: bin/tests --images archive --cleanup-docker --name '${{ matrix.integration_test }}' ${{ runner.temp }}/linkerd
env:
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
##
## Viz: Run the (flakey) `viz` suite only when the `viz` extension is updated.
##
test-viz:
needs: [meta, build-cli, build-core, build-ext]
if: needs.meta.outputs.changed == 'true'
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 30
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
with:
go-version-file: go.mod
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- uses: ./.github/actions/cli-setup
with:
artifact-id: ${{ needs.build-cli.outputs.artifact-id }}
target: ${{ runner.temp }}/linkerd
- run: bin/tests --images archive --cleanup-docker --name viz ${{ runner.temp }}/linkerd
env:
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
##
## Multicluster: Run 'multicluster' suite only when the 'multicluster' extension is updated.
## Tests are run on min and max k8s versions
##
test-multicluster:
needs: [meta, build-cli, build-core, build-ext]
if: needs.meta.outputs.changed == 'true'
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
cases:
- {k8s: "v1.23", manage-controllers: false, install-gwapi: true}
# for v1.34 onwards, gwapi gets installed by Traefik on the target cluster
- {k8s: "v1.34", manage-controllers: false, install-gwapi: false}
- {k8s: "v1.34", manage-controllers: true, install-gwapi: false}
name: "test-multicluster(${{ matrix.cases.k8s }}, ${{ matrix.cases.manage-controllers && 'managed-controllers' || 'unmanaged-controllers' }})"
steps:
- uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
with:
go-version-file: go.mod
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- run: find image-archives -ls
- uses: ./.github/actions/cli-setup
with:
artifact-id: ${{ needs.build-cli.outputs.artifact-id }}
target: ${{ runner.temp }}/linkerd
- name: Setup deps
shell: bash
run: |
echo "PATH=$PATH" >> "$GITHUB_ENV"
bin/scurl -v "https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh" | bash
- name: Load docker images
run: |
for img in controller proxy; do
docker load <"image-archives/${img}.tar"
done
- run: docker image ls
- run: just mc-test-build
- name: Run just mc-load
run: |
just linkerd-tag='${{ needs.meta.outputs.tag }}' \
k3d-k8s='${{ matrix.cases.k8s }}' \
mc-load
- run: just mc-install-gwapi
- name: Run just mc-target-load
run: |
just linkerd-tag='${{ needs.meta.outputs.tag }}' \
k3d-k8s='${{ matrix.cases.k8s }}' \
mc-target-load
- name: Run just mc-install-gwapi
if: ${{ matrix.cases.install-gwapi }}
run: just k3d-name='l5d-test-target' mc-install-gwapi
- run: just mc-flat-network-init
- name: Run just mc-test-run
run: |
just linkerd-tag='${{ needs.meta.outputs.tag }}' \
k3d-k8s='${{ matrix.cases.k8s }}' \
mc-test-run -multicluster-manage-controllers=${{ matrix.cases.manage-controllers }}
build-ok:
needs: [build-cli, build-core, build-ext]
if: always()
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- name: Results
run: |
echo 'needs.build-cli.result: ${{ needs.build-cli.result }}'
echo 'needs.build-core.result: ${{ needs.build-core.result }}'
echo 'needs.build-ext.result: ${{ needs.build-ext.result }}'
- name: Verify jobs
# All jobs must succeed or be skipped.
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: exit 1
# Try to re-run the integration tests if they fail, but only up to 3 times.
integrations-retry:
needs:
[build-ok, test-core, test-policy, test-ext, test-viz, test-multicluster]
if: failure() && fromJSON(github.run_attempt) < 3 && needs.build-ok.result == 'success'
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
permissions:
actions: write
env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
GH_DEBUG: api
REF: ${{ github.head_ref }}
steps:
- run: gh workflow run rerun.yml -F 'run_id=${{ github.run_id }}' --ref "$REF"
integrations-ok:
needs:
[build-ok, test-core, test-policy, test-ext, test-viz, test-multicluster]
if: always()
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- name: Results
run: |
echo 'needs.build-ok.result: ${{ needs.build-ok.result }}'
echo 'needs.test-core.result: ${{ needs.test-core.result }}'
echo 'needs.test-policy.result: ${{ needs.test-policy.result }}'
echo 'needs.test-ext.result: ${{ needs.test-ext.result }}'
echo 'needs.test-viz.result: ${{ needs.test-viz.result }}'
echo 'needs.test-multicluster.result: ${{ needs.test-multicluster.result }}'
- name: Verify jobs
# All jobs must succeed or be skipped.
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: exit 1
================================================
FILE: .github/workflows/js.yml
================================================
name: JS
on:
pull_request:
paths:
- .github/workflows/js.yml
- bin/web*
- web/app/**
permissions:
contents: read
jobs:
js-web-test:
timeout-minutes: 30
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container:
image: node:20-bookworm
env:
NODE_ENV: test
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Yarn setup
shell: bash
run: |
bin/scurl --retry 2 https://yarnpkg.com/install.sh | bash -s -- --version 1.21.1 --network-concurrency 1
echo PATH="$HOME/.yarn/bin:$PATH" >> "$GITHUB_ENV"
- run: bin/web --frozen-lockfile
- run: bin/web test --reporters="jest-progress-bar-reporter" --reporters="./gh_ann_reporter.js"
================================================
FILE: .github/workflows/lock.yml
================================================
name: "Lock Threads"
on:
schedule:
- cron: "0 1 * * *"
permissions:
issues: write
jobs:
action:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7
with:
issue-inactive-days: "30"
process-only: "issues"
================================================
FILE: .github/workflows/markdown.yml
================================================
name: markdown
permissions:
contents: read
on:
pull_request:
paths:
- .github/workflows/markdown.yml
- "**/*.md"
jobs:
markdownlint:
timeout-minutes: 5
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101
with:
globs: |
**/*.md
!**/node_modules/**
!target/**
================================================
FILE: .github/workflows/proto.yml
================================================
name: Proto
on:
pull_request:
paths:
- .github/workflows/proto.yml
- bin/protoc*
- "**/*.proto"
- "**/gen/**/*.go"
permissions:
contents: read
jobs:
proto-diff:
timeout-minutes: 10
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container: ghcr.io/linkerd/dev:v48-go
steps:
- run: apt update && apt install -y unzip
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: bin/protoc-go.sh
- run: git diff --exit-code
================================================
FILE: .github/workflows/release.yml
================================================
name: Release
on:
push:
tags:
- "edge-*"
permissions:
contents: read
env:
GH_ANNOTATION: true
DOCKER_REGISTRY: ghcr.io/linkerd
K3D_VERSION: v5.8.3
LINKERD2_PROXY_REPO: ${{ vars.LINKERD2_PROXY_REPO }}
jobs:
# TODO(ver) We should stop relying so heavily on the environment,
# especially the TAG variable. And it would be great to stop relying
# on the root-tag script altogether.
tag:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT"
id: tag
- name: Validate edge version
run: bin/compute-edge-version
outputs:
tag: ${{ steps.tag.outputs.tag }}
docker_build:
name: Docker build
needs: [tag]
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
permissions:
contents: read
packages: write # for docker/login-action
id-token: write # for cosign
services:
registry:
image: registry:3
ports:
- 5000:5000
strategy:
matrix:
component:
- controller
- debug
- metrics-api
- proxy
- tap
- web
timeout-minutes: 45
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Set tag
run: echo 'TAG=${{ needs.tag.outputs.tag }}' >> "$GITHUB_ENV"
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2
with:
registry: ghcr.io
username: ${{ secrets.DOCKER_GHCR_USERNAME }}
password: ${{ secrets.DOCKER_GHCR_PAT }}
- uses: ./.github/actions/docker-build
id: build
with:
docker-registry: ${{ env.DOCKER_REGISTRY }}
docker-target: multi-arch
docker-push: 1
component: ${{ matrix.component }}
tag: ${{ needs.tag.outputs.tag }}
env:
LINKERD2_PROXY_GITHUB_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN }}
- uses: sigstore/cosign-installer@v3
- run: cosign sign '${{ steps.build.outputs.digest }}'
env:
COSIGN_YES: true
cli:
needs: tag
uses: ./.github/workflows/cli-build.yml
with:
version: ${{ needs.tag.outputs.tag }}
integration_tests:
name: Integration tests
needs: [tag, cli, docker_build]
strategy:
matrix:
integration_test:
- cluster-domain
- cni-calico-deep
- deep
- viz
- tracing
- default-policy-deny
- external
- rsa-ca
- helm-upgrade
- uninstall
- upgrade-edge
timeout-minutes: 60
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
with:
go-version-file: go.mod
- uses: ./.github/actions/cli-setup
with:
artifact-id: ${{ needs.cli.outputs.artifact-id }}
target: ${{ runner.temp }}/linkerd
- run: echo TAG="${{ needs.tag.outputs.tag }}" >> "$GITHUB_ENV"
- name: Validate the CLI version matches the current build tag.
run: |
[[ "$TAG" == "$(${{ runner.temp }}/linkerd version --short --client)" ]]
- run: bin/tests --images preload --name ${{ matrix.integration_test }} "${{ runner.temp }}/linkerd"
env:
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
gh_release:
name: Create GH release
needs:
- tag
- cli
- integration_tests
timeout-minutes: 30
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
permissions:
contents: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
with:
artifact-ids: ${{ needs.cli.outputs.artifact-id }}
path: cli
- name: Create release
id: create_release
uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe
with:
name: "${{ needs.tag.outputs.tag }}"
generate_release_notes: true
draft: false
prerelease: false
files: |
./cli/linkerd2-cli-*
website_publish:
name: Linkerd website publish
needs: [chart_deploy]
if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge')
timeout-minutes: 30
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
permissions:
contents: write
steps:
- name: Create linkerd/website repository dispatch event
uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697
with:
token: ${{ secrets.RELEASE_TOKEN }}
repository: linkerd/website
event-type: release
website_publish_check:
name: Linkerd website publish check
needs: [tag, website_publish]
timeout-minutes: 30
if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge')
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Set install target for stable
if: startsWith(github.ref, 'refs/tags/stable')
run: echo "INSTALL=install" >> "$GITHUB_ENV"
- name: Set install target for edge
if: startsWith(github.ref, 'refs/tags/edge')
run: echo "INSTALL=install-edge" >> "$GITHUB_ENV"
- name: Check published version
shell: bash
run: |
TAG='${{ needs.tag.outputs.tag }}'
until RES=$(bin/scurl "https://run.linkerd.io/$INSTALL" | grep "LINKERD2_VERSION=\${LINKERD2_VERSION:-$TAG}") \
|| (( count++ >= 10 ))
do
sleep 30
done
if [[ -z "$RES" ]]; then
echo "::error::The version '$TAG' was NOT found published in the website"
exit 1
fi
chart_deploy:
name: Helm chart deploy
needs: [gh_release]
timeout-minutes: 30
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Log into GCP
uses: "google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093"
with:
credentials_json: ${{ secrets.LINKERD_SITE_TOKEN }}
- name: Edge Helm chart creation and upload
uses: ./.github/actions/helm-publish
================================================
FILE: .github/workflows/rerun.yml
================================================
# This can be invoked from any other workflow to re-run itself on failure.
# From https://github.com/orgs/community/discussions/67654#discussioncomment-8038649
name: Re-run failed workflow
on:
workflow_dispatch:
inputs:
run_id:
description: "The ID of the run to rerun"
required: true
concurrency:
group: ${{ github.workflow }}-${{ inputs.run_id }}
cancel-in-progress: true
jobs:
rerun:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 5
permissions:
actions: write
env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
GH_DEBUG: api
steps:
- run: gh run watch ${{ inputs.run_id }}
- run: gh run rerun ${{ inputs.run_id }} --failed
================================================
FILE: .github/workflows/rust.yml
================================================
name: Rust
on:
pull_request:
paths:
- .github/workflows/rust.yml
- Cargo.lock
- "**/Cargo.toml"
- justfile
- deny.toml
- "**/*.rs"
- policy-*/Dockerfile
- rust-toolchain.toml
- bin/rust-toolchain-version
permissions:
contents: read
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
PROTOC_NO_VENDOR: 1
RUST_BACKTRACE: short
RUSTUP_MAX_RETRIES: 10
jobs:
audit:
timeout-minutes: 10
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container: ghcr.io/linkerd/dev:v48-rust
strategy:
matrix:
checks:
- advisories
- bans licenses sources
# Prevent sudden announcement of a new advisory from failing Ci.
continue-on-error: ${{ matrix.checks == 'advisories' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: cargo deny --all-features check ${{ matrix.checks }}
fmt:
timeout-minutes: 5
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container: ghcr.io/linkerd/dev:v48-rust
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: just rs-check-fmt
clippy:
timeout-minutes: 20
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container: ghcr.io/linkerd/dev:v48-rust
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: just rs-fetch
- run: just rs-clippy
- run: just rs-doc --no-deps
check:
timeout-minutes: 20
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
container: ghcr.io/linkerd/dev:v48-rust
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: just rs-fetch
- run: just rs-check-dirs
test:
name: test
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 15
container: ghcr.io/linkerd/dev:v48-rust
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: just rs-fetch
- run: just rs-test-build
- run: just rs-test
rust-toolchain:
name: rust toolchain
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 2
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- shell: bash
run: |
toolchain_version="$(./bin/rust-toolchain-version)"
ex=0
# Check this workflow against the version in rust-toolchain.
versions=$(sed -nE 's|.*docker://(.*/)?rust:([^ #]+).*|\2|p' .github/workflows/*)
for mismatch in $(echo "$versions" | grep -vF "$toolchain_version" || true) ; do
echo "::error file=.github/workflows/rust.yml::Workflow uses incorrect rust version(s): $mismatch (expected '$toolchain_version)')"
ex=$((ex + 1))
done
exit $ex
================================================
FILE: .github/workflows/shell.yml
================================================
name: Shell
on:
pull_request:
paths:
- .github/workflows/shell.yml
- "**/*.sh"
permissions:
contents: read
jobs:
# For more information on shellcheck failures:
# https://github.com/koalaman/shellcheck/wiki/Checks
shellcheck:
timeout-minutes: 10
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
steps:
- uses: linkerd/dev/actions/setup-tools@v48
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- run: just sh-lint
================================================
FILE: .github/workflows/sync-proxy.yml
================================================
name: Sync proxy
on:
workflow_dispatch:
inputs:
version:
description: "The version of the proxy to sync"
required: true
default: "latest"
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref }}
cancel-in-progress: true
jobs:
meta:
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 5
env:
GH_REPO: ${{ vars.LINKERD2_PROXY_REPO || 'linkerd/linkerd2-proxy' }}
GH_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }}
steps:
- if: inputs.version == 'latest' || inputs.version == ''
id: latest
run: gh release view --json tagName,name,url | jq -r 'to_entries[] | (.key + "=" + .value)' >> "$GITHUB_OUTPUT"
- name: steps.latest.outputs.tagName=${{ steps.latest.outputs.tagName }}
run: "true"
- name: steps.latest.outputs.name=${{ steps.latest.outputs.name }}
run: "true"
- name: steps.latest.outputs.url=${{ steps.latest.outputs.url }}
run: "true"
- if: inputs.version != 'latest' && inputs.version != ''
id: known
env:
VERSION: ${{ inputs.version }}
run: gh release view "$VERSION" --json tagName,name,url | jq -r 'to_entries[] | (.key + "=" + .value)' >> "$GITHUB_OUTPUT"
- name: steps.known.outputs.tagName=${{ steps.known.outputs.tagName }}
run: "true"
- name: steps.known.outputs.name=${{ steps.known.outputs.name }}
run: "true"
- name: steps.known.outputs.url=${{ steps.known.outputs.url }}
run: "true"
- name: Verify tagName
if: steps.latest.outputs.tagName == '' && steps.known.outputs.tagName == ''
run: exit 1
- name: Verify name
if: steps.latest.outputs.name == '' && steps.known.outputs.name == ''
run: exit 1
- name: Verify url
if: steps.latest.outputs.url == '' && steps.known.outputs.url == ''
run: exit 1
outputs:
tagName: ${{ steps.latest.outputs.tagName || steps.known.outputs.tagName }}
name: ${{ steps.latest.outputs.name || steps.known.outputs.name }}
url: ${{ steps.latest.outputs.url || steps.known.outputs.url }}
changed:
needs: meta
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 5
env:
VERSION: ${{ needs.meta.outputs.name }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
token: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }}
- name: Check if proxy version has changed
id: changed
run: |
if [ "$(cat .proxy-version)" != "$VERSION" ]; then
echo changed=true >> "$GITHUB_OUTPUT"
fi
- name: steps.changed.outputs.changed=${{ steps.changed.outputs.changed == 'true' }}
run: "true"
outputs:
changed: ${{ steps.changed.outputs.changed == 'true' }}
sync-proxy:
needs: [meta, changed]
if: needs.changed.outputs.changed == 'true'
runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }}
timeout-minutes: 5
permissions:
checks: read
contents: write
pull-requests: write
env:
VERSION: ${{ needs.meta.outputs.name }}
URL: ${{ needs.meta.outputs.url }}
steps:
- name: Configure git
env:
GITHUB_USERNAME: ${{ vars.LINKERD2_PROXY_GITHUB_USERNAME || 'github-actions[bot]' }}
run: |
git config --global --add safe.directory "$PWD" # actions/runner#2033
git config --global user.name "$GITHUB_USERNAME"
git config --global user.email "$GITHUB_USERNAME"@users.noreply.github.com
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
token: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }}
- name: Commit proxy version
run: |
set -eu
git fetch origin bot/sync-proxy/"$VERSION" || true
git switch -c bot/sync-proxy/"$VERSION"
echo "$VERSION" > .proxy-version
git add .proxy-version
(
echo "proxy: $VERSION"
echo
echo "Release notes: $URL"
) >"$RUNNER_TEMP"/commit.txt
git commit --signoff -F "$RUNNER_TEMP"/commit.txt
git push origin bot/sync-proxy/"$VERSION"
- env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }}
run: |
gh pr create --title "proxy: $VERSION" --body "Release notes: $URL" --label bot/sync-proxy
================================================
FILE: .gitignore
================================================
**/disco
target
tmp.discovery
**/.idea
**/cmake-*
**/CMakeLists.txt
*.iml
**/node_modules
web/web
web/app/dist
web/app/js/locales/_build
web/app/js/locales/**/*.js
web/app/yarn-error.log
vendor
**/*.swp
**/charts/**/charts
package-lock.json
.vscode
**/coverage*
================================================
FILE: .golangci.yml
================================================
# This file specifies which linters golangci-lint should run.
#
# For descriptions of all available linters, run:
# ./.golangci-lint-1.17.1 linters
# or browse to:
# https://github.com/golangci/golangci-lint#supported-linters
run:
deadline: 5m
exclude-dirs:
- controller/gen
linters:
enable:
- bodyclose
#TODO - copyloopvar
- errcheck
- errorlint
- gocritic
- gosec
- gosimple
- govet
- ineffassign
- misspell
- nakedret
- revive
- staticcheck
- stylecheck
- typecheck
- unconvert
- unparam
- unused
# TODO: enable more linters!
# - depguard
# - dupl
# - gochecknoglobals
# - gochecknoinits
# - gocyclo
# - interfacer
# - lll
# - maligned
# - prealloc
disable: []
linters-settings:
revive:
rules:
- name: package-comments
disabled: true
stylecheck:
checks: ["ST1019"]
errcheck:
exclude-functions:
- fmt.Fprint
- fmt.Fprintf
- fmt.Fprintln
gosec:
excludes:
- G115 # Potential integer overflow when converting between integer types
issues:
exclude-use-default: false
exclude-rules:
# Ignore errors when performing the following file operations. If these are
# not handled separately already, they tend to be insignificant.
- linters:
- errcheck
text: Error return value of `.*\.(Copy|Flush|Write|WriteTo)` is not checked
# Ignore error values when closing file or HTTP response bodies. These
# generally happen as cleanup and are part of defer statements.
- linters:
- errcheck
text: Error return value of `.*\.Close` is not checked
# Ignore error values when closing file or HTTP response bodies. These
# generally happen as cleanup and are part of defer statements.
- linters:
- gosec
text: Deferring unsafe method "Close" on type
# Ignore error checks for CLI output.
- linters:
- errcheck
text: Error return value of `(plugin|spin|termbox)\.(Clear|Color|Flush|Run)` is not checked
# The errcheck linter catches these instances and we exclude them with the
# rule above; therefore we'll ignore redundant warnings through gosec.
- linters:
- gosec
text: "G104: Errors unhandled"
# This gives false negatives if a variable name is too close to the pattern
# used to determine if a variable is a credential.
- linters:
- gosec
text: "G101: Potential hardcoded credentials"
# Temporarily disable this check until the next golang-ci upgrade (greater
# than v1.50.1) which upgrades gosec from v2.13.1 to v2.14.0. The fix is in
# this commit, that refers to G404 but it seems it also affects G402:
# https://github.com/securego/gosec/commit/dfde579243e1bfe0856ddafc5fc6aebb29c0edf6
- linters:
- gosec
text: "G402: TLS MinVersion too low"
# Flag operations are fallible if the flag does not exist. We assume these
# exist as they are generally flags we are deprecating or use only for
# development.
- linters:
- errcheck
text: Error return value of `(.*)\.(MarkDeprecated|MarkHidden|Set)` is not checked
# Flag completion is not critical to the CLI and errors are ignored if
# registration fails.
- linters:
- errcheck
text: Error return value of `.*\.RegisterFlagCompletionFunc` is not checked
# Errors that occur when gracefully shutting down control plane components
# are insignificant.
- linters:
- errcheck
text: Error return value of `(adminServer|apiServer|server)\.Shutdown` is not checked
# Append should be able to assign to a different var/slice.
- linters:
- gocritic
text: "appendAssign: append result not assigned to the same slice"
# This does not always result in more readable code.
- linters:
- gocritic
text: "singleCaseSwitch: should rewrite switch statement to if statement"
# This does not always result in more readable code.
- linters:
- gocritic
text: "ifElseChain: rewrite if-else to switch statement"
# Test/fuzzing do not need to be tested for security issues.
- linters:
- gosec
path: .*(test|fuzzer).*\.go
# In tests/fuzzing we are usually mocking components or have a good idea
# about the errors that we expect. For this reason, we ignore unchecked
# errors in all test files.
- path: .*(test|fuzzer).*\.go
text: Error return value of `.*` is not checked
# In tests we'll ignore unchecked filename operations because the values
# are not dynamic.
- path: (.*test.*\.go|fake)
text: "G304: Potential file inclusion via variable"
# This ignores the errors returned from AddToScheme operations.
- path: pkg/k8s/fake.go
text: Error return value is not checked
# Ignore NewSimpleClientset, Endpoints, EndpointSubset, and NewGone
# deprecation warnings for now.
- linters:
- staticcheck
text: "corev1.Endpoints is deprecated: This API is deprecated in v1.33+"
- linters:
- staticcheck
text: "corev1.EndpointSubset is deprecated: This API is deprecated in v1.33+"
- linters:
- staticcheck
text: "fake.NewSimpleClientset is deprecated"
- linters:
- staticcheck
text: "k8sError.NewGone is deprecated"
================================================
FILE: .helmdocsignore
================================================
# Add potential chart ignores here
================================================
FILE: .markdownlint.yaml
================================================
default: true
line_length:
code_blocks: false
tables: false
headings:
siblings_only: true
================================================
FILE: .proxy-version
================================================
v2.344.0
================================================
FILE: ADOPTERS.md
================================================
# Linkerd 2.x adopters
- [Ada](http://www.ada.cx)
- [Adidas](https://www.adidas-group.com)
- [Advance Latam](http://www.advlatam.com)
- [Allotrac](https://allotrac.com.au)
- [AlphaSights](https://www.alphasights.com)
- [Altinn](https://www.altinn.no/en/)
- [ANNA Money](https://anna.money)
- [Apester](https://apester.com)
- [AppddictionStudio](https://appddicitonstudio.com)
- [Applause](https://www.applause.com)
- [AT&T](<https://il.att.com/>)
- [Attest](https://www.askattest.com)
- [Bede Gaming](https://bedegaming.com)
- [Bink](https://bink.com)
- [Bitfactory](https://www.bitfactory.nl/)
- [Boomin](https://www.boomin.com)
- [Bosch Thermotecnology](https://www.bosch-thermotechnology.com)
- [Buoyant](https://buoyant.io)
- [Cabify](https://cabify.com)
- [Candide](https://candidegardening.com)
- [Celonis](https://celonis.com)
- [CloverHealth](https://www.cloverhealth.com/)
- [Cohere](https://cohere.ai/)
- [Commonbond](https://www.commonbond.co/)
- [Crayon](https://crayon.com)
- [Docker](https://docker.com)
- [Doji](https://www.doji.cn/)
- [Dukaan](https://mydukaan.io/)
- [Expedia](https://www.expedia.com)
- [Facelift](https://www.facelift-bbt.com/en)
- [Favrit](https://www.favrit.com)
- [Figure](https://www.figure.com)
- [finleap connect](https://connect.finleap.com/)
- [Giant Swarm](https://www.giantswarm.io)
- [Gotin](https://www.gotin.online)
- [HomeChoice](https://www.homechoice.co.za/)
- [HP Inc](https://www8.hp.com/us/en/home.html)
- [In Loco](https://inloco.com.br/en/)
- [Info Support](https://infosupport.com/)
- [Ingrid](https://ingrid.com/)
- [Inscripta](https://inscripta.io)
- [Jimdo](https://www.jimdo.com/)
- [Just Football](https://justfootball.io)
- [K3 Business Technologies](https://www.k3btg.com)
- [Kairos](https://kairos.com)
- [Kurio](https://kurio.id)
- [LeadIQ](https://leadiq.com)
- [LeanNet](https://leannet.eu/)
- [Lendico](https://www.lendico.de/)
- [Livspace](https://www.livspace.com/)
- [Lumoa](https://www.lumoa.me/)
- [M1 Finance](https://www.m1finance.com/)
- [manager.cl](https://www.manager.cl/)
- [MattePaint](https://www.mattepaint.com/)
- [Mentum](https://mentumqr.com/)
- [MercedesBenz.io](https://www.mercedes-benz.io/)
- [Microsoft](https://www.microsoft.com/)
- [Mulligan Funding](https://www.mulliganfunding.com/)
- [Mythical Games](https://mythicalgames.com/)
- [National Information Solutions Cooperative (NISC)](https://nisc.coop/)
- [NAV](https://nav.no/)
- [Nordstrom](https://nordstrom.com/)
- [Novolabs](https://novolabs.com)
- [OLX Brasil](https://www.olx.com.br)
- [p3r](https://www.p3r.one/)
- [Pangea](https://pangea.cloud)
- [Parklab](https://parklab.app/)
- [Paybase](https://paybase.io/)
- [Pento](https://pento.io/)
- [Personio](https://www.personio.com/)
- [PITS Global Data Recovery Services](https://www.pitsdatarecovery.net/)
- [PlayStudios Asia](https://www.playstudios.asia)
- [PlexTrac](https://plextrac.com)
- [PriceKinetics (GVC Australia)](https://www.pricekinetics.com.au/)
- [Projector](https://projector.com)
- [Purdue University Global](https://www.purdueglobal.edu/)
- [reDock](https://www.redock.com/)
- [ReliMail](https://relimail.com/)
- [S&P Global Platts](https://www.spglobal.com/platts/en)
- [Salt Security](https://salt.security/)
- [Samarkand Global](https://www.samarkand.global/)
- [SCA](https://sca.com.au)
- [Search365](https://search365.ai/)
- [Skit](https://skit.ai/)
- [Sophotech](https://sopho.tech)
- [Split](https://www.split.io/)
- [StackPulse](https://stackpulse.com)
- [Studyo](https://studyo.co)
- [Sue](https://sue.nl)
- [The Zebra](https://www.thezebra.com)
- [Timescale](https://www.timescale.com)
- [Tradeshift](https://tradeshift.com/)
- [Transit](https://transit.app)
- [True Tickets](https://true-tickets.com)
- [Web Summit](https://websummit.com)
- [Winuall](https://www.winuall.com)
- [Wiz Security](https://www.wiz.io/)
- [xCloud](https://www.xbox.com/en-US/xbox-game-streaming/project-xcloud)
- [YouMail](https://www.youmail.com)
- [ZeroFlucs](https://zeroflucs.io/)
- [Zimpler](https://www.zimpler.com/)
If you're using Linkerd 2.x and aren't on this list, please [submit a pull
request](https://github.com/linkerd/linkerd2/edit/main/ADOPTERS.md)!
================================================
FILE: AMBASSADORS.md
================================================
# Linkerd Ambassadors
The Linkerd Ambassador badge is a distinction awarded to those community
members who are experts in their field and who demonstrate expertise, passion,
engagement, and a commitment to sharing their Linkerd experience with the
broader community. Linkerd Ambassadors are hand-picked by the Linkerd
maintainers.
Interested in becoming a Linkerd Ambassador? Learn more at
<https://linkerd.io/community/ambassadors/>.
## Current Ambassadors
- 🇺🇸 Chris Campbell, @campbel
- 🇩🇪 Christian Hüning, @christianhuening
- 🇭🇺 Dominik Táskai, @dtaskai
- 🇮🇱 Eli Goldberg, @Eli-Goldberg
- 🇬🇧 Mahendran Selvakumar, @skmahe1077
- 🇬🇹 Sergio Méndez, @sergioarmgpl
- 🇳🇱 William Rizzo, @wrkode
## Ambassadors Emeriti
- 🇺🇸 Charles Pretzer, @cpretzer
- 🇳🇴 Fredrik Klingenberg, @fredrkl
- 🇩🇰 Kasper Nissen, @kaspernissen
- 🇵🇹 María Teresa Rojas, @mtrojas
- 🇦🇺 Steve Gray
================================================
FILE: BUILD.md
================================================
<!-- markdownlint-disable-file code-block-style -->
# Linkerd2 Development Guide
:balloon: Welcome to the Linkerd2 development guide! :wave:
This document will help you build and run Linkerd2 from source. More information
about testing from source can be found in the [TEST.md](TEST.md) guide.
## Table of contents
- [Repo Layout](#repo-layout)
- [Control Plane (Go/React)](#control-plane-goreact)
- [Data Plane (Rust)](#data-plane-rust)
- [Components](#components)
- [Development configurations](#development-configurations)
- [Comprehensive](#comprehensive)
- [Deploying Control Plane components with Tracing](#deploying-control-plane-components-with-tracing)
- [Publishing Images](#publishing-images)
- [Go](#go)
- [A note about Go run](#a-note-about-go-run)
- [Lint](#lint)
- [Formatting](#formatting)
- [Building the CLI for development](#building-the-cli-for-development)
- [Running the control plane for development](#running-the-control-plane-for-development)
- [Running the Tap APIService for development](#debugging-the-tap-apiservice-for-development)
- [Generating CLI docs](#generating-cli-docs)
- [Web](#web)
- [First time setup](#first-time-setup)
- [Run web standalone](#run-web-standalone)
- [Webpack dev server](#webpack-dev-server)
- [JavaScript dependencies](#javascript-dependencies)
- [Translations](#translations)
- [Rust](#rust)
- [Docker](#docker)
- [Dependencies](#dependencies)
- [Updating protobuf dependencies](#updating-protobuf-dependencies)
- [Updating ServiceProfile generated
code](#updating-serviceprofile-generated-code)
- [Linkerd Helm Chart](#linkerd-helm-chart)
- [Extensions Helm charts](#extensions-helm-charts)
- [Making changes to the chart templates](#making-changes-to-the-chart-templates)
- [Annotating values.yaml](#annotating-valuesyaml)
- [Markdown templates](#markdown-templates)
## Repo layout
Linkerd2 is primarily written in Rust, Go, and React. At its core is a
high-performance data plane written in Rust. The control plane components and
its extensions are written in Go. The dashboard UI is a React application.
### Control Plane (Go/React)
- [`cli`](cli): Command-line `linkerd` utility, view and drive the control
plane.
- [`controller`](controller)
- [`destination`](controller/api/destination): Accepts requests from `proxy`
instances and serves service discovery information.
- [`proxy-injector`](controller/proxy-injector): Mutating webhook triggered by
pods creation, that injects the proxy container as a sidecar.
- [`identity`](controller/identity): Provides a CA to distribute certificates
to proxies for them to establish mTLS connections between them.
- [`viz extension`](viz)
- [`metrics-api`](viz/metrics-api): Accepts requests from API clients such as
cli and web, serving metrics from the proxies in the cluster through
Prometheus queries.
- [`tap`](viz/tap/api): Provides a live pipeline of requests.
- [`tap-injector`](viz/tap/injector): Mutating webhook triggered by pods
creation, that injects metadata into the proxy container in order to enable
tap.
- [`web`](web): Provides a UI dashboard to view and drive the control plane.
- [`multicluster extension`](multicluster)
- [`linkerd-gateway`]: Accepts requests from other clusters and forwards them
to the appropriate destination in the local cluster.
- [`linkerd-service-mirror-xxx`](multicluster/service-mirror): Controller
observing the labeling of exported services in the target cluster, each one
for which it will create a mirrored service in the local cluster.
### Data Plane (Rust)
- [`linkerd2-proxy`](https://github.com/linkerd/linkerd2-proxy): Rust source
code for the proxy lives in the linkerd2-proxy repo.
- [`linkerd2-proxy-api`](https://github.com/linkerd/linkerd2-proxy-api):
Protobuf definitions for the data plane APIs live in the linkerd2-proxy-api
repo.
## Components
<!-- markdownlint-disable no-inline-html -->
<details>
<summary></summary>
linkerd2_components
digraph G {
rankdir=LR;
node [style=filled, shape=rect];
"cli" [color=lightblue];
"destination" [color=lightblue];
"identity" [color=lightblue];
"metrics-api" [color=lightblue];
"tap" [color=lightblue];
"web" [color=lightblue];
"proxy" [color=orange];
"cli" -> "metrics-api";
"cli" -> "tap";
"web" -> "metrics-api";
"web" -> "tap";
"web" -> "grafana";
"metrics-api" -> "prometheus";
"tap" -> "proxy";
"proxy" -> "destination";
"proxy" -> "identity";
"identity" -> "kubernetes api"
"destination" -> "kubernetes api";
"grafana" -> "prometheus";
"prometheus" -> "proxy";
}
linkerd2_components
</details>
<!-- markdownlint-enable no-inline-html -->
## Development configurations
Depending on use case, there are several configurations with which to develop
and run Linkerd2:
- [Comprehensive](#comprehensive): Integrated configuration using k3d, most
closely matches release.
- [Web](#web): Development of the Linkerd2 Dashboard.
### Comprehensive
This configuration builds all Linkerd2 components in Docker images, and deploys
them onto a k3d cluster. This setup most closely parallels our recommended
production installation, documented in [Getting
Started](https://linkerd.io/2/getting-started/).
Note that you need to have first installed docker buildx, as explained
[buildx docs](https://github.com/docker/buildx).
```bash
# create the k3d cluster
bin/k3d cluster create
# build all docker images
bin/docker-build
# load all the images into k3d
bin/image-load --k3d
# install linkerd
bin/linkerd install --crds | kubectl apply -f -
bin/linkerd install | kubectl apply -f -
# wait for the core components to be ready, then install linkerd-viz
bin/linkerd viz install | kubectl apply -f -
# in order to use `linkerd viz tap` against control plane components, you need
# to restart them (so that the tap-injector enables tap on their proxies)
kubectl -n linkerd rollout restart deploy
# verify cli and server versions
bin/linkerd version
# validate installation
bin/linkerd check --expected-version $(bin/root-tag)
# view linkerd dashboard
bin/linkerd viz dashboard
# install the demo app
curl https://run.linkerd.io/emojivoto.yml | bin/linkerd inject - | kubectl apply -f -
# port-forward the demo app's frontend to see it at http://localhost:8080
kubectl -n emojivoto port-forward svc/web-svc 8080:80
# view details per deployment
bin/linkerd viz -n emojivoto stat deployments
# view a live pipeline of requests
bin/linkerd viz -n emojivoto tap deploy voting
```
#### Deploying Control Plane components with Tracing
Control Plane components have the `trace-collector` flag used to enable
[Distributed Tracing](https://opentracing.io/docs/overview/what-is-tracing/)
for development purposes. It can be enabled globally i.e Control plane
components and their proxies by using the
`--set controller.tracing.enable=true` installation flag.
This will configure all the components to send the traces to the collector you
have configured for your cluster.
```bash
# install Linkerd with tracing
linkerd install \
--set controller.tracing.enable=true \
--set controller.tracing.collector.endpoint=<your trace collector endpoint> \
| kubectl apply -f -
```
### Publishing images
The example above builds and loads the docker images into k3d. For testing your
built images outside your local environment, you need to publish your images so
they become accessible in those external environments.
To signal `bin/docker-build` or any of the more specific scripts
`bin/docker-build-*` what registry to use, just set the environment variable
`DOCKER_REGISTRY` (which defaults to the official registry `cr.l5d.io/linkerd`).
After having pushed those images through the usual means (`docker push`) you'll
have to pass the `--registry` flag to `linkerd install` with a value matching
your registry. Extensions don't have that flag and instead you need to use the
equivalent Helm value; e.g. for Viz `linkerd viz install --set
defaultRegistry=...`.
### Go
#### A note about Go run
Our instructions use a [`bin/go-run`](bin/go-run) script in lieu `go run`. This
is a convenience script that leverages caching via `go build` to make your
build/run/debug loop faster.
In general, replace commands like this:
```bash
go run cli/main.go check
```
with this:
```bash
bin/go-run cli check
```
That is equivalent to running `linkerd check` using the code on your branch.
#### Lint
To analyze and lint the Go code using golangci-lint, run:
```bash
golangci-lint run
```
#### Formatting
All Go source code is formatted with `goimports`. The version of `goimports`
used by this project is specified in `go.mod`. To ensure you have the same
version installed, run `go install -mod=readonly
golang.org/x/tools/cmd/goimports`. It's recommended that you set your IDE or
other development tools to use `goimports`. Formatting is checked during CI by
the `bin/fmt` script.
#### Building the CLI for development
The script for building the CLI binaries using docker is
`bin/docker-build-cli-bin`. This will also be called indirectly when calling
`bin/docker-build`. By default it creates binaries for your current host's
OS/arch.
To cross-build targeting a different OS or architecture, set the environment
variable `DOCKER_TARGET` according to any of the final stages available in
[cli/Dockerfile](cli/Dockerfile).
For local development and a faster edit-build-test cycle you can build directly
without going through a docker container by calling `bin/build-cli-bin`.
If you set the environment variable `LINKERD_LOCAL_BUILD_CLI=1` then
`bin/docker-build` will use this last method for the step that builds the CLI.
#### Running the control plane for development
Linkerd2's control plane is composed of several Go microservices. You can run
these components in a Kubernetes cluster, or even locally.
To run an individual component locally, you can use the `go-run` command, and
pass in valid Kubernetes credentials via the `-kubeconfig` flag. For instance,
to run the destination service locally, run:
```bash
bin/go-run controller/cmd destination -kubeconfig ~/.kube/config -log-level debug
```
You can send test requests to the destination service using the
`destination-client` in the `controller/script` directory. For instance:
```bash
bin/go-run controller/script/destination-client -path hello.default.svc.cluster.local:80
```
##### Debugging the Tap APIService for development
The Tap APIService is a Kubernetes extension API server, so it can be
challenging to run outside the cluster. The most straightforward workflow is to
simply test changes by building and loading the container image as explained in
the [comprehensive configuration](#comprehensive) section above (in order to
just build this component use `bin/docker-build-tap`).
#### Generating CLI docs
The [documentation](https://linkerd.io/2/cli/) for the CLI tool is partially
generated from YAML. This can be generated by running the `linkerd doc` command.
### Web
This is a React app fronting a Go process. It uses webpack to bundle assets, and
postcss to transform css.
These commands assume working [Go](https://golang.org) and
[Yarn](https://yarnpkg.com) environments.
#### First time setup
1. Install [Yarn](https://yarnpkg.com) and use it to install JS dependencies:
```bash
brew install yarn
bin/web setup
```
2. Install Linkerd on a Kubernetes cluster.
#### Run web standalone
```bash
bin/web run
```
The web server will be running on `localhost:7777`.
#### Webpack dev server
To develop with a webpack dev server:
1. Start the development server.
```bash
bin/web dev
```
Note: this will start up:
- `web` on :7777. This is the golang process that serves the dashboard.
- `webpack-dev-server` on :8080 to manage rebuilding/reloading of the
javascript.
- `metrics-api` is port-forwarded from the Kubernetes cluster via `kubectl`
on :8085
2. Go to [http://localhost:7777](http://localhost:7777) to see everything
running.
#### JavaScript dependencies
To add a JS dependency:
```bash
cd web/app
yarn add [dep]
```
#### Translations
To add a locale:
```bash
cd web/app
yarn lingui add-locale [locales...] # will create a messages.json file for new locale(s)
```
To extract message keys from existing components:
```bash
cd web/app
yarn lingui extract
...
yarn lingui compile # done automatically in bin/web run
```
Finally, make sure the new locale is also referred in the following places:
- Under the `lingui` section in `package.json`
- In the `make-plural/plurals` import in `index.js`
- In the `langOptions` object in `index.js`
### Rust
All Rust development happens in the
[`linkerd2-proxy`](https://github.com/linkerd/linkerd2-proxy) repo.
#### Docker
The `bin/docker-build-proxy` script builds the proxy by pulling a pre-published
proxy binary:
```bash
bin/docker-build-proxy
```
#### Locally built proxy
If you want to deploy a locally built proxy, you can build it in the
[`linkerd2-proxy`](https://github.com/linkerd/linkerd2-proxy) repo by running:
```bash
DOCKER_TAG=cr.l5d.io/linkerd/proxy:dev make docker
```
Then, in this repo, run:
```bash
./bin/k3d image import cr.l5d.io/linkerd/proxy:dev
```
Now, to make a pod use your image, add the following annotations to it:
```yaml
config.linkerd.io/proxy-version: dev
```
## Dependencies
### Updating protobuf dependencies
If you make Protobuf changes, run:
```bash
bin/protoc-go.sh
```
### Updating ServiceProfile generated code
The [ServiceProfile client code](./controller/gen/client) is generated by
[`bin/update-codegen.sh`](bin/update-codegen.sh), which depends on [K8s
code-generator](https://github.com/kubernetes/code-generator), which does not
yet support Go Modules. To re-generate this code, check out this repo into your
`GOPATH`:
```bash
go get -u github.com/linkerd/linkerd2
cd $GOPATH/src/github.com/linkerd/linkerd2
bin/update-codegen.sh
```
## Linkerd Helm chart
The Linkerd control plane chart is located in the
[`charts/linkerd2`](charts/linkerd2) folder. The [`charts/patch`](charts/patch)
chart consists of the Linkerd proxy specification, which is used by the proxy
injector to inject the proxy container. Both charts depend on the partials
subchart which can be found in the [`charts/partials`](charts/partials) folder.
Note that the `charts/linkerd2/values.yaml` file contains a placeholder
`linkerdVersionValue` that you need to replace with an appropriate string (like
`edge-20.2.2`) before proceeding.
During development, please use the [`bin/helm`](bin/helm) wrapper script to
invoke the Helm commands. For example,
```bash
bin/helm install linkerd2 charts/linkerd2
```
This ensures that you use the same Helm version as that of the Linkerd CI
system.
For general instructions on how to install the charts check out the
[docs](https://linkerd.io/2/tasks/install-helm/). You also need to supply or
generate your own certificates to use the chart, as explained in the
[Generate Certificates task](https://linkerd.io/2/tasks/generate-certificates/).
### Extensions Helm charts
Extensions provide each their own chart:
- Viz: [`viz/charts/linkerd-viz`](viz/charts/linkerd-viz)
- Multicluster:
[`multicluster/charts/linkerd-multicluster`](multicluster/charts/linkerd-multicluster)
### Making changes to the chart templates
Whenever you make changes to the files under
[`charts/linkerd2/templates`](charts/linkerd2/templates) or its dependency
[`charts/partials`](charts/partials), make sure to run
[`bin/helm-build`](bin/helm-build) which will refresh the dependencies and lint
the templates.
### Annotating values.yaml
To allow helm-docs to properly document the values in `values.yaml` a descriptive
comment is required. This can be done in two ways.
Either comment the value directly above with
`# -- This is a really nice value` where the double dashes automatically
annotates the value. Another explicit usage is to type out the value name.
`# global.MyNiceValue -- I really like this value`
### Markdown templates
In order to accommodate for extra data that might not have a proper place in the
´values.yaml´ file the corresponding ´README.md.gotmpl´ can be modified for each
chart. This template allows the standard markdown syntax as well as the go
templating functions. Checkout
[helm-docs](https://github.com/norwoodj/helm-docs) for more info.
================================================
FILE: CHANGES.md
================================================
<!-- markdownlint-disable-file MD059 -->
# Changes
Please visit Linkerd's [Release page][gh-releases] for for the latest release
notes moving forward!
[gh-releases]: https://github.com/linkerd/linkerd2/releases
## edge-24.2.5
* Migrated edge release change notes to use GitHub's automated release notes
feature.
## edge-24.2.4
* Updated the ExternalWorkload CRD to v1beta1, renaming the meshTls field to
meshTLS ([#12098])
* Updated the proxy to address some logging and metrics inconsistencies
([#12099])
[#12098]: https://github.com/linkerd/linkerd2/pull/12098
[#12099]: https://github.com/linkerd/linkerd2/pull/12099
## edge-24.2.3
* Allowed the `MutatingWebhookConfig` timeout value to be configured ([#12028])
(thanks @mikebell90)
* Added a counter for items dropped from destination controller workqueue
([#12079])
* Fixed a spurious `linkerd check` error when using container images with
digests ([#12059])
* Fixed an issue where inbound policy could be incorrect after certain policy
resources are deleted ([#12088])
[#12028]: https://github.com/linkerd/linkerd2/pull/12028
[#12079]: https://github.com/linkerd/linkerd2/pull/12079
[#12059]: https://github.com/linkerd/linkerd2/pull/12059
[#12088]: https://github.com/linkerd/linkerd2/pull/12088
## edge-24.2.2
This release addresses some issues in the destination service that could cause
it to behave unexpectedly when processing updates.
* Fixed a race condition in the destination service that could cause panics
under very specific conditions ([#12022]; fixes [#12010])
* Changed how updates to a `Server` selector are handled in the destination
service. When a `Server` that marks a port as opaque no longer selects a
resource, the resource's opaqueness will reverted to default settings
([#12031]; fixes [#11995])
* Introduced Helm configuration values for liveness and readiness probe
timeouts and delays ([#11458]; fixes [#11453]) (thanks @jan-kantert!)
[#12010]: https://github.com/linkerd/linkerd2/issues/12010
[#12022]: https://github.com/linkerd/linkerd2/pull/12022
[#11995]: https://github.com/linkerd/linkerd2/issues/11995
[#12031]: https://github.com/linkerd/linkerd2/pull/12031
[#11453]: https://github.com/linkerd/linkerd2/issues/11453
[#11458]: https://github.com/linkerd/linkerd2/pull/11458
## edge-24.2.1
This edge release contains performance and stability improvements to the
Destination controller, and continues stabilizing support for ExternalWorkloads.
* Reduced the load on the Destination controller by only processing Server
updates on workloads affected by the Server ([#12017])
* Changed how the Destination controller reacts to target clusters (in
multicluster pod-to-pod mode) whose Server CRD is outdated: skip them and log
an error instead of panicking ([#12008])
* Improved the leader election of the ExternalWorkloads Endpoints controller to
avoid missing events ([#12021])
* Improved naming of EndpointSlices generated by ExternWorkloads ([#12016])
* Restriced the number of IPs an ExternalWorkload can have ([#12026])
[#12017]: https://github.com/linkerd/linkerd2/pull/12017
[#12008]: https://github.com/linkerd/linkerd2/pull/12008
[#12021]: https://github.com/linkerd/linkerd2/pull/12021
[#12016]: https://github.com/linkerd/linkerd2/pull/12016
[#12026]: https://github.com/linkerd/linkerd2/pull/12026
## edge-24.1.3
This release continues support for ExternalWorkload resources throughout the
control and data planes.
* Updated the proxy to use SPIRE to instrument identity outside of Kubernetes.
* Updated the Destination controller to return `INVALID_ARGUMENT` status codes
properly when a `ServiceProfile` is requested for a service that does not
exist. (#11980)
* An ExternalWorkload EndpointSlice controller has been added to the
Destination controller.
* Added a `createNamespaceMetadataJob` Helm value to control whether the
namespace-metadata job is run during install (#11782)
## edge-24.1.2
This edge release incrementally improves support for ExternalWorkload resources
throughout the control plane.
## edge-24.1.1
This edge release introduces a number of different fixes and improvements. More
notably, it introduces a new `cni-repair-controller` binary to the CNI plugin
image. The controller will automatically restart pods that have not received
their iptables configuration.
* Removed shortnames from Tap API resources to avoid colliding with existing
Kubernetes resources ([#11816]; fixes [#11784])
* Introduced a new ExternalWorkload CRD to support upcoming mesh expansion
feature ([#11805])
* Changed `MeshTLSAuthentication` resource validation to allow SPIFFE URI
identities ([#11882])
* Introduced a new `cni-repair-controller` to the `linkerd-cni` DaemonSet to
automatically restart misconfigured pods that are missing iptables rules
([#11699]; fixes [#11073])
* Fixed a `"duplicate metrics"` warning in the multicluster service-mirror
component ([#11875]; fixes [#11839])
* Added metric labels and weights to `linkerd diagnostics endpoints` json
output ([#11889])
* Changed how `Server` updates are handled in the destination service. The
change will ensure that during a cluster resync, consumers won't be
overloaded by redundant updates ([#11907])
* Changed `linkerd install` error output to add a newline when a Kubernetes
client cannot be successfully initialised ([#11917])
[#11816]: https://github.com/linkerd/linkerd2/pull/11816
[#11784]: https://github.com/linkerd/linkerd2/issues/11784
[#11805]: https://github.com/linkerd/linkerd2/pull/11805
[#11882]: https://github.com/linkerd/linkerd2/pull/11882
[#11699]: https://github.com/linkerd/linkerd2/pull/11699
[#11073]: https://github.com/linkerd/linkerd2/issues/11073
[#11875]: https://github.com/linkerd/linkerd2/pull/11875
[#11839]: https://github.com/linkerd/linkerd2/issues/11839
[#11889]: https://github.com/linkerd/linkerd2/pull/11889
[#11907]: https://github.com/linkerd/linkerd2/pull/11907
[#11917]: https://github.com/linkerd/linkerd2/pull/11917
## edge-23.12.4
This edge release includes fixes and improvements to the destination
controller's endpoint resolution API.
* Fixed an issue in the control plane where discovery for pod IP addresses could
hang indefinitely ([#11815])
* Updated the proxy to enforce time limits on control plane response streams so
that proxies more naturally distribute load over control plane replicas
([#11837])
* Fixed the policy's controller service metadata responses so that proxy logs
and metrics have informative values ([#11842])
[#11842]: https://github.com/linkerd/linkerd2/pull/11842
[#11837]: https://github.com/linkerd/linkerd2/pull/11837
[#11815]: https://github.com/linkerd/linkerd2/pull/11815
## edge-23.12.3
This edge release contains improvements to the logging and diagnostics of the
destination controller.
* Added a control plane metric to count errors talking to the Kubernetes API
([#11774])
* Fixed an issue causing spurious destination controller error messages for
profile lookups on unmeshed pods with port in default opaque list ([#11550])
[#11774]: https://github.com/linkerd/linkerd2/pull/11774
[#11550]: https://github.com/linkerd/linkerd2/pull/11550
## edge-23.12.2
This edge release includes a restructuring of the proxy's balancer along with
accompanying new metrics. The new minimum supported Kubernetes version is 1.22.
* Restructured the proxy's balancer ([#11750]): balancer changes may now occur
independently of request processing. Fail-fast circuit breaking is enforced on
the balancer's queue so that requests can't get stuck in a queue indefinitely.
This new balancer is instrumented with new metrics: request (in-queue) latency
histograms, failfast states, discovery updates counts, and balancer endpoint
pool sizes.
* Changed how the policy controller updates HTTPRoute status so that it doesn't
affect statuses from other non-linkerd controllers ([#11705]; fixes [#11659])
[#11750]: https://github.com/linkerd/linkerd2/pull/11750
[#11705]: https://github.com/linkerd/linkerd2/pull/11705
[#11659]: https://github.com/linkerd/linkerd2/pull/11659
## edge-23.12.1
This edge release introduces new configuration values in the identity
controller for client-go's `QPS` and `Burst` settings. Default values for these
settings have also been raised from `5` (QPS) and `10` (Burst) to `100` and
`200` respectively.
* Added `namespaceSelector` fields for the tap-injector and jaeger-injector
webhooks. The webhooks are now configured to skip `kube-system` by default
([#11649]; fixes [#11647]) (thanks @mikutas!)
* Added the ability to configure client-go's `QPS` and `Burst` settings in the
identity controller ([#11644])
* Improved client-go logging visibility throughout the control plane's
components ([#11632])
* Introduced `PodDisruptionBudgets` in the linkerd-viz Helm chart for tap and
tap-injector ([#11628]; fixes [#11248]) (thanks @mcharriere!)
[#11649]: https://github.com/linkerd/linkerd2/pull/11649
[#11647]: https://github.com/linkerd/linkerd2/issues/11647
[#11644]: https://github.com/linkerd/linkerd2/pull/11644
[#11632]: https://github.com/linkerd/linkerd2/pull/11632
[#11628]: https://github.com/linkerd/linkerd2/pull/11628
[#11248]: https://github.com/linkerd/linkerd2/issues/11248
## edge-23.11.4
This edge release introduces support for the native sidecar containers entering
beta support in Kubernetes 1.29. This improves the startup and shutdown ordering
for the proxy relative to other containers, fixing the long-standing
shutdown issue with injected `Job`s. Furthermore, traffic from other
`initContainer`s can now be proxied by Linkerd.
In addition, this edge release includes Helm chart improvements, and improvements
to the multicluster extension.
* Added a new `config.alpha.linkerd.io/proxy-enable-native-sidecar` annotation
and `Proxy.NativeSidecar` Helm option that causes the proxy container to run
as an init-container (thanks @teejaded!) ([#11465]; fixes [#11461])
* Fixed broken affinity rules for the multicluster `service-mirror` when running
in HA mode ([#11609]; fixes [#11603])
* Added a new check to `linkerd check` that ensures all extension namespaces are
configured properly ([#11629]; fixes [#11509])
* Updated the Prometheus Docker image used by the `linkerd-viz` extension to
v2.48.0, resolving a number of CVEs in older Prometheus versions ([#11633])
* Added `nodeAffinity` to `deployment` templates in the `linkerd-viz` and
`linkerd-jaeger` Helm charts (thanks @naing2victor!) ([#11464]; fixes
[#10680])
[#11465]: https://github.com/linkerd/linkerd2/pull/11465
[#11461]: https://github.com/linkerd/linkerd2/issues/11461
[#11609]: https://github.com/linkerd/linkerd2/pull/11609
[#11603]: https://github.com/linkerd/linkerd2/issues/11603
[#11629]: https://github.com/linkerd/linkerd2/pull/11629
[#11509]: https://github.com/linkerd/linkerd2/issues/11509
[#11633]: https://github.com/linkerd/linkerd2/pull/11633
[#11464]: https://github.com/linkerd/linkerd2/pull/11464
[#10680]: https://github.com/linkerd/linkerd2/issues/10680
## edge-23.11.3
This edge release fixes a bug where Linkerd could cause EOF errors during bursts
of TCP connections.
* Fixed a bug where the `linkerd multicluster link` command's
`--gateway-addresses` flag was not respected when a remote gateway exists
([#11564])
* proxy: Increased DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY to prevent EOF errors
during bursts of TCP connections
[#11564]: https://github.com/linkerd/linkerd2/pull/11564
## edge-23.11.2
This edge release contains observability improvements and bug fixes to the
Destination controller, and a refinement to the multicluster gateway resolution
logic.
* Fixed an issue where the Destination controller could stop processing service
profile updates, if a proxy subscribed to those updates stops reading them;
this is a followup to the issue [#11491] fixed in [edge-23.10.3] ([#11546])
* In the Destination controller, added informer lag histogram metrics to track
whenever the Kubernetes objects watched by the controller are falling behind
the state in the kube-apiserver ([#11534])
* In the multicluster service mirror, extended the target gateway resolution
logic to take into account all the possible IPs a hostname might resolve to,
rather than just the first one (thanks @MrFreezeex!) ([#11499])
* Added probes to the debug container to appease environments requiring probes
for all containers ([#11308])
[edge-23.10.3]: https://github.com/linkerd/linkerd2/releases/tag/edge-23.10.3
[#11546]: https://github.com/linkerd/linkerd2/pull/11546
[#11534]: https://github.com/linkerd/linkerd2/pull/11534
[#11499]: https://github.com/linkerd/linkerd2/pull/11499
[#11308]: https://github.com/linkerd/linkerd2/pull/11308
## edge-23.11.1
This edge release fixes two bugs in the Destination controller that could cause
outbound connections to hang indefinitely.
* helm: Introduce configurable values for protocol detection ([#11536])
* destination: Fix GetProfiles error when address is opaque and unmeshed ([#11556])
* destination: Return NotFound for unknown pod names ([#11540])
* proxy: Log controller errors at WARN
* proxy: Fix grpc_status metric labels for inbound traffic
[#11536]: https://github.com/linkerd/linkerd2/pull/11536
[#11556]: https://github.com/linkerd/linkerd2/pull/11556
[#11540]: https://github.com/linkerd/linkerd2/pull/11540
## edge-23.10.4
This edge release includes a fix for the `ServiceProfile` CRD resource schema.
The schema incorrectly required `not` response matches to be arrays, while the
in-cluster validator parsed `not` response matches as objects. In addition, an
issues has been fixed in `linkerd profile`. When used with the `--open-api`
flag, it would not strip trailing slashes when generating a resource from
swagger specifications.
* Fixed an issue where trailing slashes wouldn't be stripped when generating
`ServiceProfile` resources through `linkerd profile --open-api` ([#11519])
* Fixed an issue in the `ServiceProfile` CRD schema. The schema incorrectly
required that a `not` response match should be an array, which the service
profile validator rejected since it expected an object. The schema has been
updated to properly indicate that `not` values should be an object ([#11510];
fixes [#11483])
* Improved logging in the destination controller by adding the client pod's
name to the logging context. This will improve visibility into the messages
sent and received by the control plane from a specific proxy ([#11532])
* Fixed an issue in the destination controller where the metadata API would not
initialize a `Job` informer. The destination controller uses the metadata API
to retrieve `Job` metadata, and relies mostly on informers. Without an
initialized informer, an error message would be logged, and the controller
relied on direct API calls ([#11541]; fixes [#11531])
[#11541]: https://github.com/linkerd/linkerd2/pull/11541
[#11532]: https://github.com/linkerd/linkerd2/pull/11532
[#11531]: https://github.com/linkerd/linkerd2/issues/11531
[#11519]: https://github.com/linkerd/linkerd2/pull/11519
[#11510]: https://github.com/linkerd/linkerd2/pull/11510
[#11483]: https://github.com/linkerd/linkerd2/issues/11483
## edge-23.10.3
This edge release fixes issues in the proxy and Destination controller which can
result in Linkerd proxies sending traffic to stale endpoints. In addition, it
contains other bugfixes and updates dependencies to include patches for the
security advisories [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3 and GHSA-c827-hfw6-qwvm.
* Fixed an issue where the Destination controller could stop processing
changes in the endpoints of a destination, if a proxy subscribed to that
destination stops reading service discovery updates. This issue results in
proxies attempting to send traffic for that destination to stale endpoints
([#11491], fixes [#11480], [#11279], and [#10590])
* Fixed a regression introduced in stable-2.13.0 where proxies would not
terminate unused service discovery watches, exerting backpressure on the
Destination controller which could cause it to become stuck
([linkerd2-proxy#2484] and [linkerd2-proxy#2486])
* Added `INFO`-level logging to the proxy when endpoints are added or removed
from a load balancer. These logs are enabled by default, and can be disabled
by [setting the proxy log level][proxy-log-level] to
`warn,linkerd=info,linkerd_proxy_balance=warn` or similar
([linkerd2-proxy#2486])
* Fixed a regression where the proxy rendered `grpc_status` metric labels as a
string rather than as the numeric status code ([linkerd2-proxy#2480]; fixes
[#11449])
* Extended `linkerd-jaeger`'s `imagePullSecrets` Helm value to also apply to
the `namespace-metadata` ServiceAccount ([#11504])
* Updated the control plane's dependency on the `golang.google.org/grpc` Go
package to include patches for [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3 ([#11496])
* Updated dependencies on `rustix` to include patches for GHSA-c827-hfw6-qwvm
([linkerd2-proxy#2488] and [#11512]).
[#10590]: https://github.com/linkerd/linkerd2/issues/10590
[#11279]: https://github.com/linkerd/linkerd2/issues/11279
[#11491]: https://github.com/linkerd/linkerd2/pull/11491
[#11449]: https://github.com/linkerd/linkerd2/issues/11449
[#11480]: https://github.com/linkerd/linkerd2/issues/11480
[#11504]: https://github.com/linkerd/linkerd2/issues/11504
[#11512]: https://github.com/linkerd/linkerd2/issues/11512
[linkerd2-proxy#2480]: https://github.com/linkerd/linkerd2-proxy/pull/2480
[linkerd2-proxy#2484]: https://github.com/linkerd/linkerd2-proxy/pull/2484
[linkerd2-proxy#2486]: https://github.com/linkerd/linkerd2-proxy/pull/2486
[linkerd2-proxy#2488]: https://github.com/linkerd/linkerd2-proxy/pull/2488
[proxy-log-level]: https://linkerd.io/2.14/tasks/modifying-proxy-log-level/
[CVE-2023-44487]: https://github.com/advisories/GHSA-qppj-fm5r-hxr3
## edge-23.10.2
This edge release includes a fix addressing an issue during upgrades for
instances not relying on automated webhook certificate management (like
cert-manager provides).
* Added a `checksum/config` annotation to the destination and proxy injector
deployment manifests, to force restarting those workloads whenever their
webhook secrets change during upgrade (thanks @iAnomaly!) ([#11440])
* Fixed policy controller error when deleting a Gateway API HTTPRoute resource
([#11471])
[#11440]: https://github.com/linkerd/linkerd2/pull/11440
[#11471]: https://github.com/linkerd/linkerd2/pull/11471
## edge-23.10.1
This edge release adds additional configurability to Linkerd's viz and
multicluster extensions.
* Added a `podAnnotations` Helm value to allow adding additional annotations to
the Linkerd-Viz Prometheus Deployment ([#11365]) (thanks @cemenson)
* Added `imagePullSecrets` Helm values to the multicluster chart so that it can
be installed in an air-gapped environment. ([#11285]) (thanks @lhaussknecht)
[#11365]: https://github.com/linkerd/linkerd2/issues/11365
[#11285]: https://github.com/linkerd/linkerd2/issues/11285
## edge-23.9.4
This edge release makes Linkerd even better.
* Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart
to support including SHA256 image digests in Linkerd manifests (thanks
@cromulentbanana!) ([#11406])
* Improved `linkerd viz check` to attempt to validate that the Prometheus scrape
interval will work well with the CLI and Web query parameters ([#11376])
* Improved CLI error handling to print differentiated error information when
versioncheck.linkerd.io cannot be resolved (thanks @dtaskai) ([#11377])
* Fixed an issue where the destination controller would not update pod metadata
for profile resolutions for a pod accessed via the host network (e.g.
HostPort endpoints) ([#11334]).
* Added a validating webhook config for httproutes.gateway.networking.k8s.io
resources (thanks @mikutas!) ([#11150])
* Introduced a new `multicluster check --timeout` flag to limit the time
allowed for Kubernetes API calls (thanks @moki1202) ([#11420])
[#11150]: https://github.com/linkerd/linkerd2/pull/11150
[#11334]: https://github.com/linkerd/linkerd2/pull/11334
[#11376]: https://github.com/linkerd/linkerd2/pull/11376
[#11377]: https://github.com/linkerd/linkerd2/pull/11377
[#11406]: https://github.com/linkerd/linkerd2/pull/11406
[#11420]: https://github.com/linkerd/linkerd2/pull/11420
## edge-23.9.3
This edge release updates the proxy's dependency on the `rustls` library to
patch security vulnerability [RUSTSEC-2023-0052][RUSTSEC-2023-0052-0]
(GHSA-8qv2-5vq6-g2g7), a potential CPU usage denial-of-service attack when
acceting a TLS handshake from an untrusted peer with a maliciously-crafted
certificate. Furthermore, this edge release contains a few improvements to the
control plane and jaeger extension Helm charts.
* Addressed security vulnerability [RUSTSEC-2023-0052][RUSTSEC-2023-0052-0] in
the proxy by updating its dependency on the `rustls` library
* Added a `prometheusUrl` field for the heartbeat job in the control plane Helm
chart (thanks @david972!) ([#11343]; fixes [#11342])
* Introduced support for arbitrary labels in the `podMonitors` field in the
control plane Helm chart (thanks @jseiser!) ([#11222]; fixes [#11175])
* Added support for config merge and Deployment environment to
`opentelemetry-collector` in the jaeger extension (thanks @iAnomaly!)
([#11283])
[#11283]: https://github.com/linkerd/linkerd2/pull/11283
[#11222]: https://github.com/linkerd/linkerd2/pull/11222
[#11175]: https://github.com/linkerd/linkerd2/issues/11175
[#11343]: https://github.com/linkerd/linkerd2/pull/11343
[#11342]: https://github.com/linkerd/linkerd2/issues/11342
[RUSTSEC-2023-0052-0]: https://rustsec.org/advisories/RUSTSEC-2023-0052.html
## edge-23.9.2
This edge release updates the proxy's dependency on the `webpki` library to
patch security vulnerability [RUSTSEC-2023-0052] (GHSA-8qv2-5vq6-g2g7), a
potential CPU usage denial-of-service attack when accepting a TLS handshake from
an untrusted peer with a maliciously-crafted certificate.
* Addressed security vulnerability [RUSTSEC-2023-0052] in the proxy ([#11361])
* Fixed `linkerd check --proxy` incorrectly checking the proxy version of pods
in the `completed` state (thanks @mikutas!) ([#11295]; fixes [#11280])
* Removed unnecessary `linkerd.io/helm-release-version` annotation from the
`linkerd-control-plane` Helm chart (thanks @mikutas!) ([#11329]; fixes
[#10778])
[RUSTSEC-2023-0052]: https://rustsec.org/advisories/RUSTSEC-2023-0052.html
[#11295]: https://github.com/linkerd/linkerd2/pull/11295
[#11280]: https://github.com/linkerd/linkerd2/issues/11280
[#11361]: https://github.com/linkerd/linkerd2/pull/11361
[#11329]: https://github.com/linkerd/linkerd2/pull/11329
[#10778]: https://github.com/linkerd/linkerd2/issues/10778
## edge-23.9.1
This edge release introduces a fix for service discovery on endpoints that use
hostPorts. Previously, the destination service would return the pod IP for the
discovery request which could break connectivity on pod restart. To fix this,
direct pod communication for a pod bound on a hostPort will always return the
hostIP. In addition, this release fixes a security vulnerability (CVE-2023-2603)
detected in the CNI plugin and proxy-init images, and includes a number of other
fixes and small improvements.
* Addressed security vulnerability CVE-2023-2603 in proxy-init and CNI plugin
([#11296])
* Introduced resource requests/limits for the policy controller resource in the
control plane helm chart ([#11301])
* Fixed an issue where an empty `remoteDiscoverySelector` field in a
multicluster link would cause all services to be mirrored ([#11309])
* Removed time out from `linkerd multicluster gateways` command; when no
metrics exist the command will return instantly ([#11265])
* Improved help messaging for `linkerd multicluster link` ([#11265])
* Changed how hostPort lookups are handled in the destination service.
Previously, when doing service discovery for an endpoint bound on a hostPort,
the destination service would return the corresponding pod IP. On pod
restart, this could lead to loss of connectivity on the client's side. The
destination service now always returns host IPs for service discovery on an
endpoint that uses hostPorts ([#11328])
* Updated HTTPRoute webhook rule to validate all apiVersions of the resource
(thanks @mikutas!) ([#11149])
* Fixed erroneous `skipped` messages when injecting namespaces with `linkerd
inject` (thanks @mikutas!) ([#10231])
[#11309]: https://github.com/linkerd/linkerd2/issues/11309
[#11296]: https://github.com/linkerd/linkerd2/discussions/11296
[#11328]: https://github.com/linkerd/linkerd2/pull/11328
[#11301]: https://github.com/linkerd/linkerd2/issues/11301
[#11265]: https://github.com/linkerd/linkerd2/pull/11265
[#11149]: https://github.com/linkerd/linkerd2/pull/11149
[#10231]: https://github.com/linkerd/linkerd2/issues/10231
## stable-2.14.0
This release introduces direct pod-to-pod multicluster service mirroring. When
clusters are deployed on a flat network, Linkerd can export multicluster
services in a way where cross-cluster traffic does not need to go through the
gateway. This enhances multicluster authentication and can reduce the need for
provisioning public load balancers.
In addition, this release adds support for the
[Gateway API](https://gateway-api.sigs.k8s.io/) HTTPRoute resource (in the
`gateway.networking.k8s.io` api group). This improves compatibility with other
tools that use these resources such as [Flagger](https://flagger.app/) and
[Argo Rollouts](https://argoproj.github.io/rollouts/). The release also includes
a large number of features and improvements to HTTPRoute including the ability
to set timeouts and the ability to define consumer-namespace HTTPRoutes.
Finally, this release includes a number of bugfixes, performance improvements,
and other smaller additions.
**Upgrade notes**: Please see the
[upgrade instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2140).
* Multicluster
* Remove namespace field from cluster scoped resources to fix pruning
* Added -o json flag for the `linkerd multicluster gateways` command (thanks
@hiteshwani29)
* Introduced `logFormat` value to the multicluster `Link` Helm Chart (thanks
@bunnybilou!)
* Added leader-election capabilities to the service-mirror controller
* Added high-availability (HA) mode for the multicluster service-mirror
* Added a new `remoteDiscoverySelector` field to the multicluster `Link` CRD,
which enables a service mirroring mode where the control plane
performs discovery for the mirrored service from the remote cluster, rather
than creating Endpoints for the mirrored service in the source cluster
* HTTPRoute
* Fixed `linkerd uninstall` issue for HTTPRoute
* Added support for `gateway.networking.k8s.io` HTTPRoutes in the policy
controller
* Added support for RequestHeaderModifier and RequestRedirect HTTP filters in
outbound policy; filters may be added at the route or backend level
* Added support for the `ResponseHeaderModifier` HTTPRoute filter
* Added support for HTTPRoutes defined in the consumer namespace
* Added support for HTTPRoute `parent_refs` that do not specify a port
* CRDs
* Patched the MeshTLSAuthentication CRD to force providing at least one
identity/identityRef
* Control Plane
* Send Opaque protocol hint for opaque ports in destination controller
* Replaced deprecated `failure-domain.beta.kubernetes.io/zone` labels in Helm
charts with `topology.kubernetes.io/zone` labels (thanks @piyushsingariya!)
* Replaced `server_port_subscribers` Destination controller gauge metric with
`server_port_subscribes` and `server_port_unsubscribes` counter metrics
* Proxy
* Handle Opaque protocol hints on endpoints
* Added `outbound_http_balancer_endpoints` metric
* Fixed missing route_ metrics for requests with ServiceProfiles
* Fixed proxy startup failure when using the `config.linkerd.io/admin-port`
annotation (thanks @jclegras!)
* Added distinguishable version information to proxy logs and metrics
* CLI
* The `linkerd diagnostics policy` command now displays outbound policy when
the target resource is a Service
* A fix for HA validation checks when Linkerd is installed with Helm. Thanks
@mikutas!!
* Viz
* Add the `kubelet` NetworkAuthentication back since it is used by the
`linkerd viz allow-scrapes` subcommand.
* Fixed the `linkerd viz check` command so that it will wait until the viz
extension becomes ready
* Fixed an issue where specifying a `remote_write` config would cause the
Prometheus config to be invalid (thanks @hiteshwani29)
* Improved validation of the `--to` and `--from` flags for the `linkerd viz stat`
command (thanks @pranoyk)
* Added `-o jsonpath` flag to `linkerd viz tap` to allow filtering output fields
(thanks @hiteshwani29!)
* Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!)
* Fixed missing "Services" menu item in the Spanish localization for the
`linkerd-viz` web dashboard (thanks @mclavel!)
* Extensions
* Added missing label `linkerd.io/extension` to certain resources to ensure they
pruned when appropriate (thanks @ClementRepo)
* Added tolerations and nodeSelector support in extensions `namespace-metadata`
Jobs (thanks @pssalman!)
* Init Containers
* Added an option for disabling the network validator's security context for
environments that provide their own
* CNI
* Added --set flag to install-cni plugin (thanks @amit-62!)
* Fixed missing resource-cni labels on linkerd-cni, this blocked the
linkerd-cni pods from coming up when the injector was broken (thanks
@migueleliasweb!)
* Build
* Build improvements for multi-arch build artifacts. Thanks @MarkSRobinson!!
This release includes changes from a massive list of contributors! A special
thank-you to everyone who helped make this release possible:
* Amir Karimi @AMK9978
* Amit Kumar @amit-62
* Andre Marcelo-Tanner @kzap
* Andrew @andrew-gropyus
* Arnaud Beun @bunnybilou
* Clement @proxfly
* Dima @krabradosty
* Grégoire Bellon-Gervais @albundy83
* Harsh Soni @harsh020
* Jean-Charles Legras @jclegras
* Loong Dai @daixiang0
* Mark Robinson @MarkSRobinson
* Miguel Elias dos Santos @migueleliasweb
* Pranoy Kumar Kundu @pranoyk
* Ryan Hristovski @ryanhristovski
* Takumi Sue @mikutas
* Zakhar Bessarab @zekker6
* hiteshwani29 @hiteshwani29
* pheianox
* pssalman @pssalman
## edge-23.8.3
This is a release candidate for stable-2.14.0; we encourage you to help trying
it out!
This edge release contains a number of improvements over the multi-cluster
features introduced in the last edge release supporting flat networks. It also
hardens the containers security stance by removing write access to the root
filesystem.
* Enhanced `linkerd multicluster link` to allow clusters to be linked without a
gateway ([#11226])
* Added cluster store size gauge metric ([#11256])
* Disabled local traffic policy for remote discovery ([#11257])
* Fixed various innocuous multi-cluster warnings ([#11251], [#11246], [#11253])
* Set `readOnlyRootFilesystem: true` in all the containers, as they don't
require write permissions ([#11221]; fixes [#11142]) (thanks @mikutas!)
[#11226]: https://github.com/linkerd/linkerd2/pull/11226
[#11256]: https://github.com/linkerd/linkerd2/pull/11256
[#11257]: https://github.com/linkerd/linkerd2/pull/11257
[#11251]: https://github.com/linkerd/linkerd2/pull/11251
[#11246]: https://github.com/linkerd/linkerd2/pull/11246
[#11253]: https://github.com/linkerd/linkerd2/pull/11253
[#11221]: https://github.com/linkerd/linkerd2/pull/11221
[#11142]: https://github.com/linkerd/linkerd2/issues/11142
## edge-23.8.2
This edge release adds improvements to Linkerd's multi-cluster features as part
of the [flat network support] planned for Linkerd stable-2.14.0. In addition, it
fixes an issue ([#10764]) where warnings about an invalid metric were logged
frequently by the Destination controller.
* Added a new `remoteDiscoverySelector` field to the multicluster `Link` CRD,
which enables a service mirroring mode where the control plane
performs discovery for the mirrored service from the remote cluster, rather
than creating Endpoints for the mirrored service in the source cluster
([#11190], [#11201], [#11220], and [#11224])
* Fixed missing "Services" menu item in the Spanish localization for the
`linkerd-viz` web dashboard ([#11229]) (thanks @mclavel!)
* Replaced `server_port_subscribers` Destination controller gauge metric with
`server_port_subscribes` and `server_port_unsubscribes` counter metrics
([#11206]; fixes [#10764])
* Replaced deprecated `failure-domain.beta.kubernetes.io/zone` labels in Helm
charts with `topology.kubernetes.io/zone` labels ([#11148]; fixes [#11114])
(thanks @piyushsingariya!)
[#10764]: https://github.com/linkerd/linkerd2/issues/10764
[#11114]: https://github.com/linkerd/linkerd2/issues/11114
[#11148]: https://github.com/linkerd/linkerd2/issues/11148
[#11190]: https://github.com/linkerd/linkerd2/issues/11190
[#11201]: https://github.com/linkerd/linkerd2/issues/11201
[#11206]: https://github.com/linkerd/linkerd2/issues/11206
[#11220]: https://github.com/linkerd/linkerd2/issues/11220
[#11224]: https://github.com/linkerd/linkerd2/issues/11224
[#11229]: https://github.com/linkerd/linkerd2/issues/11229
[flat network support]: https://linkerd.io/2023/07/20/enterprise-multi-cluster-at-scale-supporting-flat-networks-in-linkerd/
## edge-23.8.1
This edge release restores a proxy setting for it to shed load less aggressively
while under high load, which should result in lower error rates (see #11055). It
also removes the usage of host networking in the linkerd-cni extension.
* Changed the default HTTP request queue capacities for the inbound and outbound
proxies back to 10,000 requests (see #11055 and #11198)
* Lifted need of using host networking in the linkerd-cni Daemonset (#11141)
(thanks @abhijeetgauravm!)
## edge-23.7.3
This edge release improves Linkerd's support for HttpRoute by allowing
`parent_ref` ports to be optional, allowing HttpRoutes to be defined in a
consumer's namespace, and adding support for the `ResponseHeaderModifier` filter.
It also fixes a panic in the destination controller.
* Added an option for disabling the network validator's security context for
environments that provide their own
* Added high-availability (HA) mode for the multicluster service-mirror
* Added support for HttpRoute `parent_refs` that do not specify a port
* Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!)
* Added support for HttpRoutes defined in the consumer namespace
* Improved the granularity of logging levels in the control plane
* Fixed a race condition in the destination controller that could cause it to
panic
* Added support for the `ResponseHeaderModifier` HttpRoute filter
* Updated extension CLI commands to prefer the `--register` flag over the
`LINKERD_DOCKER_REGISTRY` environment variable, making the precedence more
consistent (thanks @harsh020!)
## edge-23.7.2
This edge release introduces support for HTTP filters configured through both
`policy.linkerd.io` and `gateway.networking.k8s.io` HTTPRoute resources.
Currently, RequestHeaderModifier and RequestRedirect HTTP filters are
supported. Additionally, this release fixes an issue with the linkerd-cni
chart.
* Added support for RequestHeaderModifier and RequestRedirect HTTP filters in
outbound policy; filters may be added at the route or backend level
* Fixed missing resource-cni labels on linkerd-cni, this blocked the
linkerd-cni pods from coming up when the injector was broken (thanks
@migueleliasweb!)
## edge-23.7.1
This edge release adds support for the upstream `gateway.networking.k8s.io`
HTTPRoute resource (in addition to the `policy.linkerd.io` CRD installed by
Linkerd). Furthermore, it fixes a bug where the ingress-mode proxy would fail to
fall back to ServiceProfiles for destinations without HTTPRoutes.
* Added support for `gateway.networking.k8s.io` HTTPRoutes in the policy
controller
* Added distinguishable version information to proxy logs and metrics
* Fixed incorrect handling of `NotFound` client policies in ingress-mode proxies
## edge-23.6.3
This edge release adds leader-election capabilities to the service-mirror
controller under the hood, as a precursor to HA mode in an upcoming release. It
also includes a `linkerd viz tap` improvement and a proxy startup bugfix, both
contributed by the community!
* Added leader-election capabilities to the service-mirror controller
* Added `-o jsonpath` flag to `linkerd viz tap` to allow filtering output fields
(thanks @hiteshwani29!)
* Fixed proxy startup failure when using the `config.linkerd.io/admin-port`
annotation (thanks @jclegras!)
## edge-23.6.2
This edge release introduces timeout capabilities for HTTPRoutes in a manner
compatible with the proposed changes to HTTPRoute in
[kubernetes-sigs/gateway-api#1997](https://github.com/kubernetes-sigs/gateway-api/pull/1997).
This release also includes several small improvements and fixes:
* A fix for HA validation checks when Linkerd is installed with Helm. Thanks
@mikutas!!
* Build improvements for multi-arch build artifacts. Thanks @MarkSRobinson!!
## edge-23.6.1
This edge release changes the behavior of the CNI plugin to run exclusively in
"chained mode". Instead of creating its own configuration file, the CNI plugin
will now wait until a `conf` file exists before appending its configuration.
Additionally, this change includes a bug fix for topology aware service
routing.
* Changed the CNI plugin installer to always run in 'chained' mode; the plugin will
now wait until another CNI plugin is installed before appending its
configuration
* Fixed bug where topology routing would not disable while service was under
load (thanks @MarkSRobinson!)
* Introduced `logFormat` value to the multicluster `Link` Helm Chart (thanks
@bunnybilou!)
## edge-23.5.3
This edge release includes fixes for several bugs related to HTTPRoute handling.
* Fixed an issue where the `namespace` field on HTTPRoute `backendRef`s was
ignored, and the backend Service would always be assumed to be in the
namespace as the parent Service
* Fixed an issue where default authorizations generated for readiness and
liveness probes would fail if the probe path included URI query parameters
* Fixed the proxy not using gRPC response classification for gRPC requests to
destinations without ServiceProfiles
## edge-23.5.2
This edge release adds some minor improvements in the MeshTLSAuthentication CRD
and the extensions charts, and fixes an issue with `linkerd multicluster check`.
* Added tolerations and nodeSelector support in extensions `namespace-metadata`
Jobs (thanks @pssalman!)
* Patched the MeshTLSAuthentication CRD to force providing at least one
identity/identityRef
* Fixed the `linkerd multicluster check` command failing in the presence of lots
of mirrored services
## edge-23.5.1
This edge release introduces the ability to configure the proxy's discovery cache
timeouts via annotations. While most users will not need to do this, it can be
useful to improve the mesh's resilience to control plane failures. This release
also includes a number of other important improvements and bug fixes.
* Added -o json flag for the `linkerd multicluster gateways` command (thanks
@hiteshwani29)
* Added missing label `linkerd.io/extension` to certain resources to ensure they
pruned when appropriate (thanks @ClementRepo)
* Fixed a memory leak in the service mirror controller
* Improved validation of the `--to` and `--from` flags for the `linkerd viz stat`
command (thanks @pranoyk)
* Fixed an issue with W3C trace context propagation which caused proxy spans to
be siblings rather than children of their original parent (thanks
@whiskeysierra)
* Updated the Linkerd CNI plugin base docker image from Debian to Alpine
* Fixed an issue where specifying a `remote_write` config would cause the
Prometheus config to be invalid (thanks @hiteshwani29)
* Added the ability to configure the proxy's discovery cache timeouts with the
`config.linkerd.io/proxy-outbound-discovery-cache-unused-timeout` and
`config.linkerd.io/proxy-inbound-discovery-cache-unused-timeout` annotations
* Fixed the `linkerd viz check` command so that it will wait until the viz
extension becomes ready
* Fixed an issue where meshed pods could not communicate with themselves through
a ClusterIP Service
## edge-23.4.3
This edge release improves compatibility with ArgoCD by changing the Linkerd
control plane to create Lease resources at runtime rather than including them
in the Helm chart. It also addresses a CVE by upgrading an underlying
dependency.
* Upgraded `h2` dependency to address CVE-2023-26964
* Fixed an issue where `server_port_subscribers` metric in the Destination
controller was sometimes absent
* Removed the policy-controller-write Lease from the control plane Helm chart in
favor of creating it at runtime
* Updated the proxy-injector to pass opaque port lists to the proxy as ranges
rather than individually, greatly reducing the size of proxy manifests when
large opaque port ranges are set
* Fixed an issue where the proxy was performing protocol detection on ports
marked as opaque
* Improved backwards compatibility between 2.13 proxies and 2.12 control planes
## edge-23.4.2
This edge release contains a number of bug fixes.
* CLI
* Fixed `linkerd uninstall` issue for HttpRoute
* The `linkerd diagnostics policy` command now displays outbound policy when
the target resource is a Service
* CNI
* Fixed incompatibility issue with AWS CNI addon in EKS, that was
forbidding pods to acquire networking after scaling up nodes.
(thanks @frimik!)
* Added --set flag to install-cni plugin (thanks @amit-62!)
* Control Plane
* Fixed an issue where the policy controller always used the default
`cluster.local` domain
* Send Opaque protocol hint for opaque ports in destination controller
* Helm
* Fixed an issue in the viz Helm chart where the namespace metadata template
would throw `unexpected argument found` errors
* Fixed Jaeger chart installation failure
* Multicluster
* Remove namespace field from cluster scoped resources to fix pruning
* Proxy
* Updated `h2` dependency to include a patch for a theoretical
denial-of-service vulnerability discovered in CVE-2023-26964
* Handle Opaque protocol hints on endpoints
* Changed the proxy's default log level to silence warnings from
`trust_dns_proto` that are generally spurious.
* Added `outbound_http_balancer_endpoints` metric
* Fixed missing route_ metrics for requests with ServiceProfiles
* Viz
* Bump prometheus image to v2.43.0
* Add the `kubelet` NetworkAuthentication back since it is used by the
`linkerd viz allow-scrapes` subcommand.
## stable-2.13.1
This stable release fixes an issue in the policy controller where a non-default
cluster domain would return incorrect authorities in the outbound policy API.
Additionally, this release updates a proxy dependency to fix CVE-2023-2694.
* Proxy
* Updated `h2` dependency to include a patch for a theoretical
denial-of-service vulnerability discovered in CVE-2023-26964
* Control Plane
* Fixed an issue where the policy controller always used the default
`cluster.local` domain
* Helm
* Fixed an issue in the viz Helm chart where the namespace metadata template
would throw `unexpected argument found` errors
## stable-2.13.0
This release introduces client-side policy to Linkerd, including dynamic routing
and circuit breaking. [Gateway API](https://gateway-api.sigs.k8s.io/) HTTPRoutes
can now be used to configure policy for outbound (client) proxies as well as
inbound (server) proxies, by creating HTTPRoutes with Service resources as their
`parentRef`. See the Linkerd documentation for tutorials on [dynamic request
routing] and [circuit breaking]. New functionality for debugging HTTPRoute-based
policy is also included in this release, including [new proxy metrics] and the
ability to display outbound policies in the `linkerd diagnostics policy` CLI
command.
In addition, this release adds `network-validator`, a new init container to be
used when CNI is enabled. `network-validator` ensures that local iptables rules
are working as expected. It will validate this before linkerd-proxy starts.
`network-validator` replaces the `noop` container, runs as `nobody`, and drops
all capabilities before starting.
Finally, this release includes a number of bugfixes, performance improvements,
and other smaller additions.
**Upgrade notes**: Please see the [upgrade instructions][upgrade-2130].
* CRDs
* HTTPRoutes may now have Service parents, to configure outbound policy
* Updated HTTPRoute version from `v1alpha1` to `v1beta2`
* CLI
* Added a new `linkerd prune` command to the CLI (including most extensions) to
remove resources which are no longer part of Linkerd's manifests
* Added additional shortnames for Linkerd policy resources (thanks @javaducky!)
* The `linkerd diagnostics policy` command now displays outbound policy when
the target resource is a Service
* Control Plane
* The policy controller now discovers outbound policy configurations from
HTTPRoutes that target Services.
* Added OutboundPolicies API, for use by `linkerd-proxy` to route
outbound traffic
* Added Prometheus `/metrics` endpoint to the admin server, with process
metrics
* Fixed QueryParamMatch parsing for HTTPRoutes
* Added the policy status controller which writes the `status` field to
HTTPRoutes when a parent reference Server accepts or rejects it
* Added KubeAPI server ports to `ignoreOutboundPorts` of `proxy-injector`
* No longer apply `waitBeforeExitSeconds` to control plane, viz and jaeger
extension pods
* Added support for the `internalTrafficPolicy` of a service (thanks @yc185050!)
* Added block chomping to strip trailing new lines in ConfigMap (thanks @avdicl!)
* Added protection against nil dereference in resources helm template
* Added support for Pod Security Admission (Pod Security Policy resources are
still supported but disabled by default)
* Lowered non-actionable error messages in the Destination log to debug-level
entries to avoid triggering false alarms (thanks @siddharthshubhampal!)
* Fixed an issue with EndpointSlice endpoint reconciliation on slice deletion;
when using more than one slice, a `NoEndpoints` event would be sent to the
proxy regardless of the amount of endpoints that were still available
(thanks @utay!)
* Improved diagnostic log messages
* Fixed sending of spurious profile updates
* Removed unnecessary Namespaces access from the destination controller RBAC
* Added the server_port_subscribers metric to track the number of subscribers
to Server changes associated with a pod's port
* Added the service_subscribers metric to track the number of subscribers to
Service changes
* Fixed a small memory leak in the opaque ports watcher
* Proxy
* Use the new OutboundPolicies API, supporting Gateway API-style routes
in the outbound proxy
* Added support for dynamic request routing based on HTTPRoutes
* Added HTTP circuit breaking
* Added `outbound_route_backend_http_requests_total`,
`outbound_route_backend_grpc_requests_total`, and
`outbound_http_balancer_endpoints` metrics
* Changed the proxy's behavior when traffic splitting so that only services
that are not in failfast are used. This will enable the proxy to manage
failover without external coordination
* Updated tokio (async runtime) in the proxy which should reduce CPU usage,
especially for proxy's pod local (i.e in the same network namespace)
communication
* linkerd-proxy-init
* Changed `proxy-init` iptables rules to be idempotent upon init pod
restart (thanks @jim-minter!)
* Improved logging in `proxy-init` and `linkerd-cni`
* Added a `proxyInit.privileged` setting to control whether the `proxy-init`
initContainer runs as a privileged process
* CNI
* Added static and dynamic port overrides for CNI eBPF to work with socket-level
load balancing
* Added `network-validator` init container to ensure that iptables rules are
working as expected
* Added a `resources` field in the linkerd-cni chart (thanks @jcogilvie!)
* Viz
* Added `tap.ignoredHeaders` Helm value to the linkerd-viz chart. This value
allows users to specify a comma-separated list of header names which will be
ignored by Linkerd Tap (thanks @ryanhristovski!)
* Removed duplicate SecurityContext in Prometheus manifest
* Added new flag `--viz-namespace` which avoids requiring permissions for
listing all namespaces in `linkerd viz` subcommands (thanks @danibaeyens!)
* Removed the TrafficSplit page from the Linkerd viz dashboard (thanks
@h-dav!)
* Introduced new values in the `viz` chart to allow for arbitrary annotations
on the `Service` objects (thanks @sgrzemski!)
* Added an optional AuthorizationPolicy to authorize Grafana to Prometheus
in the Viz extension
* Multicluster
* Removed duplicate AuthorizationPolicy for probes from the multicluster
gateway Helm chart
* Updated wording for linkerd-multicluster cluster when it fails to probe a
remote gateway mirror
* Added multicluster gateway `nodeSelector` and `tolerations` helm parameters
* Added new configuration options for the multicluster gateway:
* `gateway.deploymentAnnotations`
* `gateway.terminationGracePeriodSeconds` (thanks @bunnybilou!)
* `gateway.loadBalancerSourceRanges` (thanks @Tyrion85!)
* Extensions
* Removed dependency on the `curlimages/curl` 3rd-party image used to initialize
extensions namespaces metadata (so they are visible by `linkerd check`),
replaced by the new `extension-init` image
* Converted `ServerAuthorization` resources to `AuthorizationPolicy` resources
in Linkerd extensions
* Removed policy resources bound to admin servers in extensions (previously
these resources were used to authorize probes but now are authorized by
default)
* Fixed the link to the Jaeger dashboard the in viz dashboard (thanks
@eugenegoncharuk!)
* Updated linkerd-jaeger's collector to expose port 4318 in order support HTTP
alongside gRPC (thanks @uralsemih!)
* Among other dependency updates, the no-longer maintained ghodss/yaml library
was replaced with sigs.k8s.io/yaml (thanks @Juneezee!)
This release includes changes from a massive list of contributors! A special
thank-you to everyone who helped make this release possible:
* Andrew Pinkham [@jambonrose](https://github.com/jambonrose)
* Arnaud Beun [@bunnybilou](https://github.com/bunnybilou)
* Carlos Tadeu Panato Junior [@cpanato](https://github.com/cpanato)
* Christian Segundo [@someone-stole-my-name](https://github.com/someone-stole-my-name)
* Dani Baeyens [@danibaeyens](https://github.com/danibaeyens)
* Duc Tran [@ductnn](https://github.com/ductnn)
* Eng Zer Jun [@Juneezee](https://github.com/Juneezee)
* Ivan Ivic [@Tyrion85](https://github.com/Tyrion85)
* Joe Bowbeer [@joebowbeer](https://github.com/joebowbeer)
* Jonathan Ogilvie [@jcogilvie](https://github.com/jcogilvie)
* Jun [@junnplus](https://github.com/junnplus)
* Loong Dai [@daixiang0](https://github.com/daixiang0)
* María Teresa Rojas [@mtrojas](https://github.com/mtrojas)
* Mo Sattler [@MoSattler](https://github.com/MoSattler)
* Oleg Vorobev [@olegy2008](https://github.com/olegy2008)
* Paul Balogh [@javaducky](https://github.com/javaducky)
* Peter Smit [@psmit](https://github.com/psmit)
* Ryan Hristovski [@ryanhristovski](https://github.com/ryanhristovski)
* Semih Ural [@uralsemih](https://github.com/uralsemih)
* Shubhodeep Mukherjee [@shubhodeep9](https://github.com/shubhodeep9)
* Siddharth S Pal [@siddharthshubhampal](https://github.com/siddharthshubhampal)
* Subhash Choudhary [@subhashchy](https://github.com/subhashchy)
* Szymon Grzemski [@sgrzemski](https://github.com/sgrzemski)
* Takumi Sue [@mikutas](https://github.com/mikutas)
* Yannick Utard [@utay](https://github.com/utay)
* Yu Cao [@yc185050](https://github.com/yc185050)
* anoxape [@anoxape](https://github.com/anoxape)
* bastienbosser [@bastienbosser](https://github.com/bastienbosser)
* bitfactory-sem-denbroeder [@bitfactory-sem-denbroeder](https://github.com/bitfactory-sem-denbroeder)
* cui fliter [@cuishuang](https://github.com/cuishuang)
* eugenegoncharuk [@eugenegoncharuk](https://github.com/eugenegoncharuk)
* h-dav @[h-dav](https://github.com/h-dav)
* martinkubrak [@martinkubra](https://github.com/martinkubra)
* verbotenj [@verbotenj](https://github.com/verbotenj)
* ziollek [@ziollek](https://github.com/ziollek)
[dynamic request routing]: https://linkerd.io/2.13/tasks/configuring-dynamic-request-routing
[circuit breaking]: https://linkerd.io/2.13/tasks/circuit-breakers
[new proxy metrics]: https://linkerd.io/2.13/reference/proxy-metrics/#outbound-xroute-metrics
[upgrade-2130]: https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2130
## edge-23.4.1
This is a release candidate for stable-2.13.0 — we encourage you to help
try it out!
This edge release introduces request-level HTTP circuit-breaking
using a consecutive failures failure accrual policy. Circuit breaking can be
configured by adding failure accrual annotations to a Service. In addition, this
release adds new `outbound_route_backend_http_requests_total` and
`outbound_route_backend_grpc_requests_total` proxy metrics, which can be
used to track how routing rules and backend distributions apply to
requests. These metrics contain labels describing the route's parent
(i.e. a Service), the route resource being used, and the backend
resource being used by each request.
* Proxy
* Added discovery of failure accrual policies from the OutboundPolicy API
* Implemented consecutive failures failure accrual policy
* Added INFO-level logging on failure accrual changes
* Added `outbound_route_backend_http_requests_total` and
`outbound_route_backend_grpc_requests_total` metrics
* Policy Controller
* Added failure accrual configuration to the OutboundPolicy API
* Added Prometheus `/metrics` endpoint to the admin server, with process
metrics
* Changed the policy controller to only accept HTTPRoutes when the parentRef
is a ClusterIP Service
* Added ports to service references in the OutboundPolicy API
* Viz
* Added `tap.ignoredHeaders` Helm value to the linkerd-viz chart. This value
allows users to specify a comma-separated list of header names which will be
ignored by Linkerd Tap (thanks @ryanhristovski!)
* Removed duplicate SecurityContext in Prometheus manifest
* Multicluster
* Removed duplicate AuthorizationPolicy for probes from the multicluster
gateway Helm chart
## edge-23.3.4
This edge release further enhances the OutboundPolicies API used by the proxy to
route outbound traffic, and continues extending the HTTPRoute resource's Status
field. It also starts integrating circuit-breaking functionality into the proxy,
which will be configurable in a subsequent iteration.
* Continued iterating on the HTTPRoute's Status field, by extending support for
routes parented to Services, and adding a ResolvedRefs condition reflecting
the status of BackendRefs
* Updated the OutboundPolicies API such that only HTTPRoutes with an Accepted
status of `true` are considered when routing outbound requests
* Improved handling of invalid backends, allowing the configuration of error
responses
* Added new flag `--viz-namespace` which avoids requiring permissions for
listing all namespaces in `linkerd viz` subcommands (thanks @danibaeyens!)
* Among other dependency updates, the no-longer maintained ghodss/yaml library
was replaced with sigs.k8s.io/yaml (thanks @Juneezee!)
## edge-23.3.3
This edge release removes TrafficSplits from the Linkerd dashboard as well as
fixing a number of issues in the policy controller.
* Removed the TrafficSplit page from the Linkerd viz dashboard
* Fixed an issue where the policy controller was not returning the correct
status for non-Service authorities
* Fixed an issue where the policy controller could use large amounts of CPU
when lease API calls failed
## edge-23.3.2
This edge release continues to improve dynamic Policy statuses and
introduces support for header-based routing.
* Destination Controller
* Added OutboundPolicies API, for use by `linkerd-proxy` to route
outbound traffic
* Improved diagnostic log messages
* Fixed sending of spurious profile updates
* Proxy
* Use the new OutboundPolicies API, supporting Gateway API-style routes
in the outbound proxy
* Policy Controller
* Support highly available Policy Controller by utilizing
`policy-controller-write` Lease when patching HTTPRoutes
* Consider the `status` field and filter out HTTPRoutes which have not
been accepted
* Added KubeAPI server ports to `ignoreOutboundPorts` of `proxy-injector`
* Updated HTTPRoute version from `v1alpha1` to `v1beta2`
* Updated `network-validator` helm charts to use `proxy-init` resources
* Fixed Grafana regular expression, enabling monitoring of filesystem
usage (thanks @h-dav!)
## edge-23.3.1
This edge release continues to build support under the hood for the upcoming
features in 2.13. Also included are several dependency updates and less verbose
logging.
* Removed dependency on the `curlimages/curl` 3rd-party image used to initialize
extensions namespaces metadata (so they are visible by `linkerd check`),
replaced by the new `extension-init` image
* Lowered non-actionable error messages in the Destination log to debug-level
entries to avoid triggering false alarms (thanks @siddharthshubhampal!)
## edge-23.2.3
This edge release includes a number of fixes and introduces a new CLI command,
`linkerd prune`. The new `prune` command should be used to remove resources
which are no longer part of the Linkerd manifest when doing an upgrade.
Previously, the recommendation was to use `linkerd upgrade` in conjunction with
`kubectl apply --prune`, however, that will not remove resources which are not
part of the input manifest, and it will not detect cluster scoped resources,
`linkerd prune` (included in all core extensions) should be preferred over it.
Additionally, this change contains a few fixes from our external contributors,
and a change to the `viz` Helm chart which allows for arbitrary annotations on
`Service` objects. Last but not least, the release contains a few proxy
internal changes to prepare for the new client policy API.
* Added a new `linkerd prune` command to the CLI (including extensions) to
remove resources which are no longer part of Linkerd's manifests
* Introduced new values in the `viz` chart to allow for arbitrary annotations
on the `Service` objects (thanks @sgrzemski!)
* Fixed up a comment in k8s API wrapper (thanks @ductnn!)
* Fixed an issue with EndpointSlice endpoint reconciliation on slice deletion;
when using more than one slice, a `NoEndpoints` event would be sent to the
proxy regardless of the amount of endpoints that were still available (thanks
@utay!)
## edge-23.2.2
This edge release adds the policy status controller which writes the `status`
field to HTTPRoutes when a parent reference Server accepts or rejects the
HTTPRoute. This field is currently not consumed by the policy controller, but
acts as the first step for considering HTTPRoute `status` when serving policy.
Additionally, the destination controller now uses the Kubernetes metadata API
for resources which it only needs to track the metadata for — Nodes and
ReplicaSets. For all other resources it tracks, it uses additional information
so continues to use the API as before.
* Fixed error message to include the colliding Server in the policy controller's
admission webhook validation
* Updated wording for linkerd-multicluster cluster when it fails to probe a
remote gateway mirror
* Removed unnecessary Namespaces access from the destination controller RBAC
* Added Kubernetes metadata API in the destination controller for watching Nodes
and ReplicaSets
* Fixed QueryParamMatch parsing for HTTPRoutes
* Added the policy status controller which writes the `status` field to
HTTPRoutes when a parent reference Server accepts or rejects it
## edge-23.2.1
This edge release sees the `linkerd-cni` plugin moved to
`linkerd2-proxy-init` and released from that repository. An iptables
improvement to `linkerd-cni` and `proxy-init` is the main focus. Other
minor fixes are also included.
* Changed `proxy-init` iptables rules to be idempotent upon init pod
restart (thanks @jim-minter!)
* Improved logging in `proxy-init` and `linkerd-cni`
* Added the server_port_subscribers metric to track the number of subscribers
to Server changes associated with a pod's port
* Added the service_subscribers metric to track the number of subscribers to
Service changes
* Fixed a small memory leak in the opaque ports watcher
* No longer apply `waitBeforeExitSeconds` to control plane, viz and jaeger
extension pods
* Added support for the `internalTrafficPolicy` of a service (thanks @yc185050!)
* Added `limits` and `requests` to network-validator for ResourceQuota interop
* Added block chomping to strip trailing new lines in ConfigMap (thanks @avdicl!)
* Added multicluster gateway `nodeSelector` and `tolerations` helm parameters
* Added protection against nil dereference in resources helm template
## edge-23.1.2
This edge release fixes a memory leak in the Linkerd control plane that could
occur when many many pods were created. It also adds a number of new
configuration options Multicluster extension's gateway.
* Added additional shortnames for Linkerd policy resources (thanks @javaducky!)
* Added new configuration options for the multicluster gateway:
* `gateway.deploymentAnnotations`
* `gateway.terminationGracePeriodSeconds` (thanks @bunnybilou!)
* `gateway.loadBalancerSourceRanges` (thanks @Tyrion85!)
* Added an optional AuthorizationPolicy to authorize Grafana to Prometheus
in the Viz extension
* Fixed the link to the Jaeger dashboard the in viz dashboard (thanks @eugenegoncharuk!)
* Fixed an issue where control plane components could fail to start on large
clusters because of failing readiness probes while caches were being
initialized
* Fixed a memory leak in the Destination controller
* Fixed an issue where PodSecurityPolicies could reject Linkerd control plane
components due to the `seccompProfile`
## edge-23.1.1
This edge release fixes a caching issue in the destination controller, converts
deprecated policy resources, and introduces several changes to how the proxy
works.
A bug in the destination controller that could potentially lead to stale pods
being considered in the load balancer has been fixed.
Several Linkerd extensions were still using the now deprecated
ServerAuthorization resource. These instances have now been converted to using
AuthorizationPolicy. Additionally, removed several policy resources that
authenticated probes, since probes are now authenticated by default.
As part of ongoing policy work, there are several changes with how the proxy
works. Routes are now lazily initialized so that service profile routes will
not show up in metrics until the route is used. Furthermore, the proxy’s
traffic splitting behavior has changed so that only available resources are
used, resulting in less failfast errors.
Finally, this edge release contains a number of fixes and improvements from our
contributors.
* Converted `ServerAuthorization` resources to `AuthorizationPolicy` resources
in Linkerd extensions
* Removed policy resources bound to admin servers in extensions (previously
these resources were used to authorize probes but now are authorized by
default)
* Added a `resources` field in the linkerd-cni chart (thanks @jcogilvie!)
* Fixed an issue in the CLI where `--identity-external-ca` would set an
incorrect field (thanks @anoxape!)
* Fixed an issue in the destination controller's cache that could result in
stale endpoints when using EndpointSlice objects
* Added namespace to namespace-metadata resources in Helm (thanks @joebowbeer!)
* Added support for Pod Security Admission (Pod Security Policy resources are
still supported but disabled by default)
* Changed routes to be initialized lazily. Service Profile routes will no
longer show up in metrics until the route is used (default routes are always
available when no Service Profile is defined for a service)
* Changed the proxy's behavior when traffic splitting so that only services
that are not in failfast are used. This will enable the proxy to manage
failover without external coordination
* Updated tokio (async runtime) in the proxy which should reduce CPU usage,
especially for proxy's pod local (i.e in the same network namespace)
communication
* Fixed an issue where `linkerd viz tap` would display wrong latency/duration
value (thanks @olegy2008!)
## edge-22.12.1
This edge release introduces static and dynamic port overrides for CNI eBPF
socket-level load balancing. In certain installations when CNI plugins run in
eBPF mode, socket-level load balancing rewrites packet destinations to port
6443; as with 443 already, this port is now skipped as well on control plane
components so that they can communicate with the Kubernetes API before their
proxies are running.
Additionally, a potential panic and false warning have been fixed in the
destination controller.
* Updated linkerd-jaeger's collector to expose port 4318 in order support HTTP
alongside gRPC (thanks @uralsemih!)
* Added a `proxyInit.privileged` setting to control whether the `proxy-init`
initContainer runs as a privileged process
* Fixed a potential panic in the destination controller caused by concurrent
writes when dealing with Endpoint updates
* Fixed false warning when looking up HostPort mappings on Pods
* Added static and dynamic port overrides for CNI eBPF to work with socket-level
load balancing
## edge-22.11.3
This edge release fixes connection errors to pods that use `hostPort`
configurations. The CNI `network-validator` init container features
improved error logging, and the default `linkerd-cni` DaemonSet
configuration is updated to tolerate all node taints so that the CNI
runs on all nodes in a cluster.
* Fixed `destination` service to properly discover targets using a `hostPort`
different than their `containerPort`, which was causing 502 errors
* Upgraded the `network-validator` with better logging allowing users to
determine whether failures occur as a result of their environment or the tool
itself
* Added default `Exists` toleration to the `linkerd-cni` DaemonSet, allowing it
to be deployed in all nodes by default, regardless of taints
## edge-22.11.2
This edge release introduces the use of the Kubernetes metadata API in the
proxy-injector and tap-injector components. This can reduce the IO and memory
footprint for those components as they now only need to track the metadata for
certain resources, rather than the entire resource itself. Similar changes will
be made for the destination component in an upcoming release.
* Bumped HTTP dependencies to fix a potential deadlock in HTTP/2 clients
* Changed the proxy-injector and tap-injector components to use the metadata API
which should result in less memory consumption
## edge-22.11.1
This edge releases ships a few fixes in Linkerd's dashboard, and the
multicluster extension. Additionally, a regression has been fixed in the CLI
that blocked upgrades from versions older than 2.12.0, due to missing CRDs
(even if the CRDs were present in-cluster). Finally, the release includes
changes to the helm charts to allow for arbitrary (user-provided) labels on
Linkerd workloads.
* Fixed an issue in the CLI where upgrades from any version prior to
stable-2.12.0 would fail when using the `--from-manifest` flag
* Removed un-injectable namespaces, such as kube-system from unmeshed resource
notification in the dashboard (thanks @MoSattler!)
* Fixed an issue where the dashboard would respond to requests with 404 due to
wrong root paths in the HTML script (thanks @junnplus!)
* Removed the proxyProtocol field in the multicluster gateway policy; this has
the effect of changing the protocol from 'HTTP/1.1' to 'unknown' (thanks
@psmit!)
* Fixed the multicluster gateway UID when installing through the CLI, prior to
this change the 'runAsUser' field would be empty
* Changed the helm chart for the control plane and all extensions to support
arbitrary labels on resources (thanks @bastienbosser!)
## edge-22.10.3
This edge release adds `network-validator`, a new init container to be used when
CNI is enabled. `network-validator` ensures that local iptables rules are
working as expected. It will validate this before linkerd-proxy starts.
`network-validator` replaces the `noop` container, runs as `nobody`, and drops
all capabilities before starting.
* Validate CNI `iptables` configuration during pod startup
* Fix "cluster networks contains all services" fails with services with no
ClusterIP
* Remove kubectl version check from `linkerd check` (thanks @ziollek!)
* Set `readOnlyRootFilesystem: true` in viz chart (thanks @mikutas!)
* Fix `linkerd multicluster install` by re-adding `pause` container image
in chart
* linkerd-viz have hardcoded image value in namespace-metadata.yml template
bug correction (thanks @bastienbosser!)
## edge-22.10.2
This edge release fixes an issue with CNI chaining that was preventing the
Linkerd CNI plugin from working with other CNI plugins such as Cilium. It also
includes several other fixes.
* Updated Grafana dashboards to use variable duration parameter so that they can
be used when Prometheus has a longer scrape interval (thanks @TarekAS)
* Fixed handling of .conf files in the CNI plugin so that the Linkerd CNI plugin
can be used alongside other CNI plugins such as Cilium
* Added a `linkerd diagnostics policy` command to inspect Linkerd policy state
* Added a check that ClusterIP services are in the cluster networks
* Added a noop init container to injected pods when the CNI plugin is enabled
to prevent certain scenarios where a pod can get stuck without an IP address
* Fixed a bug where the`config.linkerd.io/proxy-version` annotation could be empty
## edge-22.10.1
This edge release fixes some sections of the Viz dashboard appearing blank, and
adds an optional PodMonitor resource to the Helm chart to enable easier
integration with the Prometheus Operator. It also includes many fixes submitted
by our contributors.
* Fixed the dashboard sections Tap, Top, and Routes appearing blank (thanks
@MoSattler!)
* Added an optional PodMonitor resource to the main Helm chart (thanks
@jaygridley!)
* Fixed the CLI ignoring the `--api-addr` flag (thanks @mikutas!)
* Expanded the `linkerd authz` command to display AuthorizationPolicy resources
that target namespaces (thanks @aatarasoff!)
* Fixed the `NotIn` label selector operator in the policy resources, being
erroneously treated as `In`.
* Fixed warning logic around the "linkerd-viz ClusterRoles exist" and
"linkerd-viz ClusterRoleBindings exist" checks in `linkerd viz check`
* Fixed proxies emitting some duplicate inbound metrics
## stable-2.12.1
This release includes several control plane and proxy fixes for `stable-2.12.0`.
In particular, it fixes issues related to control plane HTTP servers' header
read timeouts resulting in decreased controller success rates, lowers the
inbound connection pool idle timeout in the proxy, and fixes an issue where the
jaeger injector would put pods into an error state when upgrading from
stable-2.11.x.
Additionally, this release adds the `linkerd.io/trust-root-sha256` annotation to
all injected workloads allowing predictable comparison of all workloads' trust
anchors via the Kubernetes API.
For Windows users, note that the Linkerd CLI's `nupkg` file for Chocolatey is
once again included in the release assets (it was previously removed in
stable-2.10.0).
* Proxy
* Lowered inbound connection pool idle timeout to 3s
* Control Plane
* Updated AdmissionRegistration API version usage to v1
* Added `linkerd.io/trust-root-sha256` annotation on all injected workloads
to indicate certifcate bundle
* Updated fields in `AuthorizationPolicy` and `MeshTLSAuthentication` to
conform to specification (thanks @aatarasoff!)
* Updated the identity controller to not require a `ClusterRoleBinding`
to read all deployment resources
* Increased servers' header read timeouts so they no longer match default
probe and Prometheus scrape intervals
* Helm
* Restored `namespace` field in Linkerd helm charts
* Updated `PodDisruptionBudget` `apiVersion` from `policy/v1beta1` to
`policy/v1` (thanks @Vrx555!)
* Extensions
* Fixed jaeger injector interfering with upgrades to 2.12.x
## edge-22.9.2
This release fixes an issue where the jaeger injector would put pods into an
error state when upgrading from stable-2.11.x.
* Updated AdmissionRegistration API version usage to v1
* Fixed jaeger injector interfering with upgrades to 2.12.x
## edge-22.9.1
This release adds the `linkerd.io/trust-root-sha256` annotation to all injected
workloads allowing predictable comparison of all workloads' trust anchors via
the Kubernetes API.
Additionally, this release lowers the inbound connection pool idle timeout to
3s. This should help avoid socket errors, especially for Kubernetes probes.
* Added `linkerd.io/trust-root-sha256` annotation on all injected workloads
to indicate certifcate bundle
* Lowered inbound connection pool idle timeout to 3s
* Restored `namespace` field in Linkerd helm charts
* Updated fields in `AuthorizationPolicy` and `MeshTLSAuthentication` to
conform to specification (thanks @aatarasoff!)
* Updated the identity controller to not require a `ClusterRoleBinding`
to read all deployment resources.
## edge-22.8.3
Increased control plane HTTP servers' read timeouts so that they no longer
match the default probe intervals. This was leading to closed connections
and decreased controller success rate.
## stable-2.12.0
This release introduces route-based policy to Linkerd, allowing users to define
and enforce authorization policies based on HTTP routes in a fully zero-trust
way. These policies are built on Linkerd's strong workload identities, secured
by mutual TLS, and configured using types from the Kubernetes [Gateway
API](https://gateway-api.sigs.k8s.io/).
The 2.12 release also introduces optional request logging ("access logging"
after its name in webservers), optional support for `iptables-nft`, and a host
of other improvements and performance enhancements.
Additionally, the `linkerd-smi` extension is now required to use TrafficSplit,
and the installation process has been updated to separate management of the
Linkerd CRDs from the main installation process. With the CLI, you'll need to
`linkerd install --crds` before running `linkerd install`; with Helm, you'll
install the new `linkerd-crds` chart, then the `linkerd-control-plane` chart.
These charts are now versioned using [SemVer](https://semver.org) independently
of Linkerd releases. For more information, see the [upgrade
notes][upgrade-2120].
**Upgrade notes**: Please see the [upgrade instructions][upgrade-2120].
* Proxy
* Added a `config.linkerd.io/shutdown-grace-period` annotation to limit the
duration that the proxy may wait for graceful shutdown
* Added a `config.linkerd.io/access-log` annotation to enable logging of
workload requests
* Added a new `iptables-nft` mode for the `proxy-init` initContainer
* Added support for non-HTTP traffic forwarding within the mesh in `ingress`
mode
* Added the `/env.json` log diagnostic endpoint
* Added a new `process_uptime_seconds_total` metric to track proxy uptime in
seconds
* Added support for dynamically discovering policies for ports that are not
documented in a pod's `containerPorts`
* Added support for route-based inbound HTTP metrics
(`route_group`/`route_kind`/`route_name`)
* Added a new annotation to configure skipping subnets in the init container
(`config.linkerd.io/skip-subnets`), needed e.g. in Docker-in-Docker
workloads (thanks @michaellzc!)
* Control Plane
* Added support for per-route policy by supporting AuthorizationPolicy
resources which can target HttpRoute or Server resources
* Added support for bound service account token volumes for the control plane
and injected workloads
* Removed kube-system exclusions from watchers to fix service discovery for
workloads in the kube-system namespace (thanks @JacobHenner!)
* Updated healthcheck to ignore `Terminated` state for pods (thanks
@AgrimPrasad!)
* Updated the default policy controller log level to `info`; the controller
will now emit INFO level logs for some of its dependencies
* Added probe authorization by default, allowing clusters that use a default
`deny` policy to not explicitly need to authorize probes
* Fixed an issue where the proxy-injector would break when using
`nodeAffinity` values for the control plane
* Fixed an issue where certain control plane components were not restarting as
necessary after a trust root rotation
* Removed SMI functionality in the default Linkerd installation; this is now
part of the `linkerd-smi` extension
* CLI
* Fixed the `linkerd check` command crashing when unexpected pods are found in
a Linkerd namespace
* Updated the `linkerd authz` command to support AuthorizationPolicy and
HttpRoute resources
* Updated `linkerd check` to allow RSA signed trust anchors (thanks
@danibaeyens!)
* `linkerd install --crds` must be run before `linkerd install`
* `linkerd upgrade --crds` must be run before `linkerd upgrade`
* Fixed invalid yaml syntax in the viz extension's tap-injector template
(thanks @wc-s!)
* Fixed an issue where the `--default-inbound-policy` setting was not being
respected
* Added support for AuthorizationPolicy and HttpRoute to `viz authz` command
* Added support for AuthorizationPolicy and HttpRoute to `viz stat` command
* Added support for policy metadata in `linkerd viz tap`
* Helm
* Split the `linkerd2` chart into `linkerd-crds` and `linkerd-control-plane`
* Charts are now versioned using [SemVer](https://semver.org) independently of
Linkerd releases
* Added missing port in the Linkerd viz chart documentation (thanks @haswalt!)
* Changed the `proxy.await` Helm value so that users can now disable
`linkerd-await` on control plane components
* Added the `policyController.probeNetworks` Helm value for configuring the
networks that probes are expected to be performed from
* Extensions
* Added annotations to allow Linkerd extension deployments to be evicted by
the autoscaler when necessary
* Added ability to run the Linkerd CNI plugin in non-chained (stand-alone)
mode
* Added a ServiceAccount token Secret to the multicluster extension to support
Kubernetes versions >= v1.24
This release includes changes from a massive list of contributors, including
engineers from Adidas, Intel, Red Hat, Shopify, Sourcegraph, Timescale, and
others. A special thank-you to everyone who helped make this release possible:
Agrim Prasad [@AgrimPrasad](https://github.com/AgrimPrasad)
Ahmed Al-Hulaibi [@ahmedalhulaibi](https://github.com/ahmedalhulaibi)
Aleksandr Tarasov [@aatarasoff](https://github.com/aatarasoff)
Alexander Berger [@alex-berger](https://github.com/alex-berger)
Ao Chen [@chenaoxd](https://github.com/chenaoxd)
Badis Merabet [@badis](https://github.com/badis)
Bjørn [@Crevil](https://github.com/Crevil)
Brian Dunnigan [@bdun1013](https://github.com/bdun1013)
Christian Schlotter [@chrischdi](https://github.com/chrischdi)
Dani Baeyens [@danibaeyens](https://github.com/danibaeyens)
David Symons [@multimac](https://github.com/multimac)
Dmitrii Ermakov [@ErmakovDmitriy](https://github.com/ErmakovDmitriy)
Elvin Efendi [@ElvinEfendi](https://github.com/ElvinEfendi)
Evan Hines [@evan-hines-firebolt](https://github.com/evan-hines-firebolt)
Eng Zer Jun [@Juneezee](https://github.com/Juneezee)
Gustavo Fernandes de Carvalho [@gusfcarvalho](https://github.com/gusfcarvalho)
Harry Walter [@haswalt](https://github.com/haswalt)
Israel Miller [@imiller31](https://github.com/imiller31)
Jack Gill [@jackgill](https://github.com/jackgill)
Jacob Henner [@JacobHenner](https://github.com/JacobHenner)
Jacob Lorenzen [@Jaxwood](https://github.com/Jaxwood)
Joakim Roubert [@joakimr-axis](https://github.com/joakimr-axis)
Josh Ault [@jault-figure](https://github.com/jault-figure)
João Soares [@jasoares](https://github.com/jasoares)
jtcarnes [@jtcarnes](https://github.com/jtcarnes)
Kim Christensen [@kichristensen](https://github.com/kichristensen)
Krzysztof Dryś [@krzysztofdrys](https://github.com/krzysztofdrys)
Lior Yantovski [@lioryantov](https://github.com/lioryantov)
Martin Anker Have [@mahlunar](https://github.com/mahlunar)
Michael Lin [@michaellzc](https://github.com/michaellzc)
Michał Romanowski [@michalrom089](https://github.com/michalrom089)
Naveen Nalam [@nnalam](https://github.com/nnalam)
Nick Calibey [@ncalibey](https://github.com/ncalibey)
Nikola Brdaroski [@nikolabrdaroski](https://github.com/nikolabrdaroski)
Or Shachar [@or-shachar](https://github.com/or-shachar)
Pål-Magnus Slåtto [@dev-slatto](https://github.com/dev-slatto)
Raman Gupta [@rocketraman](https://github.com/rocketraman)
Ricardo Gândara Pinto [@rmgpinto](https://github.com/rmgpinto)
Roberth Strand [@roberthstrand](https://github.com/roberthstrand)
Sankalp Rangare [@sankalp-r](https://github.com/sankalp-r)
Sascha Grunert [@saschagrunert](https://github.com/saschagrunert)
Steve Gray [@steve-gray](https://github.com/steve-gray)
Steve Zhang [@zhlsunshine](https://github.com/zhlsunshine)
Takumi Sue [@mikutas](https://github.com/mikutas)
Tanmay Bhat [@tanmay-bhat](https://github.com/tanmay-bhat)
Táskai Dominik [@dtaskai](https://github.com/dtaskai)
Ujjwal Goyal [@importhuman](https://github.com/importhuman)
Weichung Shaw [@wc-s](https://github.com/wc-s)
Wim de Groot [@wim-de-groot](https://github.com/wim-de-groot)
Yannick Utard [@utay](https://github.com/utay)
Yurii Dzobak [@yuriydzobak](https://github.com/yuriydzobak)
罗泽轩 [@spacewander](https://github.com/spacewander)
[upgrade-2120]: https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2120
## stable-2.12.0-rc2
This release is the second release candidate for stable-2.12.0.
At this point the Helm charts can be retrieved from the stable repo:
```sh
helm repo add linkerd https://helm.linkerd.io/stable
helm repo up
helm install linkerd-crds -n linkerd --create-namespace linkerd/linkerd-crds
helm install linkerd-control-plane \
-n linkerd \
--set-file identityTrustAnchorsPEM=ca.crt \
--set-file identity.issuer.tls.crtPEM=issuer.crt \
--set-file identity.issuer.tls.keyPEM=issuer.key \
linkerd/linkerd-control-plane
```
The following lists all the changes since edge-22.8.2:
* Fixed inheritance of the `linkerd.io/inject` annotation from Namespace to
Workloads when its value is `ingress`
* Added the `config.linkerd.io/default-inbound-policy: all-authenticated`
annotation to linkerd-multicluster’s Gateway deployment so that all clients
are required to be authenticated
* Added a `ReadHeaderTimeout` of 10s to all the go `http.Server` instances, to
avoid being vulnerable to "slowrolis" attacks
* Added check in `linkerd viz check --proxy` to warn in case namespace have the
`config.linkerd.io/default-inbound-policy: deny` annotation, which would not
authorize scrapes coming from the linkerd-viz Prometheus instance
* Added validation for accepted values for the `--default-inbound-policy` flag
* Fixed invalid URL in the `linkerd install --help` output
* Added `--destination-pod` flag to `linkerd diagnostics endpoints` subcommand
* Added `proxyInit.runAsUser` in `values.yaml` defaulting to non-zero, to
complement the new default `proxyInit.runAsRoot: false` that was rencently
changed
## edge-22.8.2
This release is considered a release candidate for stable-2.12.0 and we
encourage you to try it out! It includes an update to the multicluster extension
which adds support for Kubernetes v1.24 and also updates many CLI commands to
support the new policy resources: ServerAuthorization and HTTPRoute.
* Updated linkerd check to allow RSA signed trust anchors (thanks @danibaeyens!)
* Fixed some invalid yaml in the viz extension's tap-injector template (thanks @wc-s!)
* Added support for AuthorizationPolicy and HttpRoute to viz authz command
* Added support for AuthorizationPolicy and HttpRoute to viz stat
* Added support for policy metadata in linkerd tap
* Fixed an issue where certain control plane components were not restarting as
necessary after a trust root rotation
* Added a ServiceAccount token Secret to the multicluster extension to support
Kubernetes versions >= v1.24
* Fixed an issue where the --default-inbound-policy setting was not being
respected
## edge-22.8.1
This releases introduces default probe authorization. This means that on
clusters that use a default `deny` policy, probes do not have to be explicitly
authorized using policy resources. Additionally, the
`policyController.probeNetworks` Helm value has been added, which allows users
to configure the networks that probes are expected to be performed from.
Additionally, the `linkerd authz` command has been updated to support the policy
resources AuthorizationPolicy and HttpRoute.
Finally, some smaller changes include allowing to disable `linkerd-await` on
control plane components (using the existing `proxy.await` configuration) and
changing the default iptables mode back to `legacy` to support more cluster
environments by default.
* Updated the `linkerd authz` command to support AuthorizationPolicy and
HttpRoute resources
* Changed the `proxy.await` Helm value so that users can now disable
`linkerd-await` on control plane components
* Added probe authorization by default allowing clusters that use a default
`deny` policy to not explicitly need to authorize probes
* Added ability to run the Linkerd CNI plugin in non-chained (stand-alone) mode
* Added the `policyController.probeNetworks` Helm value for configuring the
networks that probes are expected to be performed from
* Changed the default iptables mode to `legacy`
## edge-22.7.3
This release adds a new `nft` iptables mode, used by default in proxy-init.
When used, firewall configuration will be set-up through the `iptables-nft`
binary; this should allow hosts that do not support `iptables-legacy` (such as
RHEL based environments) to make use of the init container. The older
`iptables-legacy` mode is still supported, but it must be explictly turned on.
Moreover, this release also replaces the `HTTPRoute` CRD with Linkerd's own
version, and includes a number of fixes and improvements.
* Added a new `iptables-nft` mode for proxy-init. When running in this mode,
the firewall will be configured with `nft` kernel API; this should allow
users to run the init container on RHEL-family hosts
* Fixed an issue where the proxy-injector would break when using `nodeAffinity`
values for the control plane
* Updated healthcheck to ignore `Terminated` state for pods (thanks
@AgrimPrasad!)
* Replaced `HTTRoute` CRD version from `gateway.networking.k8s.io` with a
similar version from the `policy.linkerd.io` API group. While the CRD is
similar, it does not support the `Gateway` type, does not contain the
`backendRefs` fields, and does not support `RequestMirror` and `ExtensionRef`
filter types.
* Updated the default policy controller log level to `info`; the controller
will now emit INFO level logs for some of its dependencies
* Added validation to ensure `HTTPRoute` paths are absolute; relative paths are
not supported by the proxy and the policy controller admission server will
reject any routes that use paths which do not start with `/`
## edge-22.7.2
This release adds support for per-route authorization policy using the
AuthorizationPolicy and HttpRoute resources. It also adds a configurable
shutdown grace period to the proxy which can be used to ensure that proxy
graceful shutdown completes within a certain time, even if there are outstanding
open connections.
* Removed kube-system exclusions from watchers to fix service discovery for
workloads in the kube-system namespace (thanks @JacobHenner!)
* Added annotations to allow Linkerd extension deployments to be evicted by the
autoscaler when necessary
* Added missing port in the Linkerd viz chart documentation (thanks @haswalt!)
* Added support for per-route policy by supporting AuthorizationPolicy resources
which target HttpRoute resources
* Fixed the `linkerd check` command crashing when unexpected pods are found in
a Linkerd namespace
* Added a `config.linkerd.io/shutdown-grace-period` annotation to configure the
proxy's maximum grace period for graceful shutdown
## edge-22.7.1
This release includes a security improvement. When a user manually specified the
`policyValidator.keyPEM` setting, the value was incorrectly included in the
`linkerd-config` configmap. This means that this private key was erroneously
exposed to service accounts with read access to this configmap. Practically,
this means that the Linkerd `proxy-injector`, `identity`, and `heartbeat` pods
could read this value. This should **not** have exposed this private key to
other unauthorized users unless additional role bindings were added outside of
Linkerd. Nevertheless, we recommend that users who manually set control plane
certificates update the credentials for the policy validator after upgrading
Linkerd.
Additionally, the linkerd-multicluster extensions has several fixes related to
fail fast errors during link watch restarts, improper label matching for
mirrored services, and properly cleaning up mirrored endpoints in certain
situations.
Lastly, the proxy can now retry gRPC requests that have responses with a
TRAILERS frame. A fix to reduce redundant load balancer updates should also
result in less connection churn.
* Changed unit tests to use newly introduced `prommatch` package for asserting
expected metrics (thanks @krzysztofdrys!)
* Fixed Docker container runtime check to only during `linkerd install` rather
than `linkerd check --pre`
* Changed linkerd-multicluster's remote cluster watcher to assume the gateway is
alive when starting—fixing fail fast errors from occurring during restarts
(thanks @chenaoxd!)
* Added `matchLabels` and `matchExpressions` to linkerd-multicluster's Link CRD
* Fixed linkerd-multicluster's label selector to properly select resources that
match the expected label value, rather than just the presence of the label
* Fixed linkerd-multicluster's cluster watcher to properly clean up endpoints
belonging to remote headless services that are no longer mirrored
* Added the HttpRoute CRD which will be used by future policy features
* Fixed CNI plugin event processing where file updates could sometimes be
skipped leading to the update not being acknowledged
* Fixed redundant load balancer updates in the proxy that could cause
unnecessary connection churn
* Fixed gRPC request retries for responses that contain a TRAILERS frame
* Fixed the dashboard's `linkerd check` due to missing RBAC for listing pods in
the cluster
* Fixed API check that ensures access to the Server CRD (thanks @aatarasoff!)
* Changed `linkerd authz` to match the labels of pre-fetched Pods rather than
the multiple API calls it was doing—resulting in significant speed-up (thanks
@aatarasoff!)
* Unset `policyValidtor.keyPEM` in `linkerd-config` ConfigMap
## edge-22.6.2
This edge release bumps the minimum supported Kubernetes version from `v1.20`
to `v1.21`, introduces some new changes, and includes a few bug fixes. Most
notably, a bug has been fixed in the proxy's outbound load balancer that could
cause panics, especially when the balancer would process many service discovery
updates in a short period of time. This release also fixes a panic in the
proxy-injector, and introduces a change that will include HTTP probe ports in
the proxy's inbound ports configuration, to be used for policy discovery.
* Fixed a bug in the proxy's outbound load balancer that could cause panics
when many discovery updates were processed in short time periods
* Added `runtimeClassName` options to Linkerd's Helm chart (thanks @jtcarnes!)
* Introduced a change in the proxy-injector that will configure the inbound
ports proxy configuration with the pod's probe ports (HTTPGet)
* Added godoc links in the project README file (thanks @spacewander!)
* Increased minimum supported Kubernetes version to `v1.21` from `v1.20`
* Fixed an issue where the proxy-injector would not emit events for resources
that receive annotation patches but are skipped for injection
* Refactored `PublicIPToString` to handle both IPv4 and IPv6 addresses in a
similar behavior (thanks @zhlsunshine!)
* Replaced the usage of branch with tags, and pinned `cosign-installer` action
to `v1` (thanks @saschagrunert!)
* Fixed an issue where the proxy-injector would panic if resources have an
unsupported owner kind
## edge-22.6.1
This edge release fixes an issue where Linkerd injected pods could not be
evicted by Cluster Autoscaler. It also adds the `--crds` flag to `linkerd check`
which validates that the Linkerd CRDs have been installed with the proper
versions.
The previously noisy "cluster networks can be verified" check has been replaced
with one that now verifies each running Pod IP is contained within the current
`clusterNetworks` configuration value.
Additionally, linkerd-viz is no longer required for linkerd-multicluster's
`gateways` command — allowing the `Gateways` API to marked as deprecated for
2.12.
Finally, several security issues have been patched in the Docker images now that
the builds are pinned only to minor — rather than patch — versions.
* Replaced manual IP address parsing with functions available in the Go standard
library (thanks @zhlsunshine!)
* Removed linkerd-multicluster's `gateway` command dependency on the linkerd-viz
extension
* Fixed issue where Linkerd injected pods were prevented from being evicted by
Cluster Autoscaler
* Added the `dst_target_cluster` metric to linkerd-multicluster's service-mirror
controller probe traffic
* Added the `--crds` flag to `linkerd check` which validates that the Linkerd
CRDs have been installed
* Removed the Docker image's hardcoded patch versions so that builds pick up
patch releases without manual intervention
* Replaced the "cluster networks can be verified check" check with a "cluster
networks contains all pods" check which ensures that all currently running Pod
IPs are contained by the current `clusterNetworks` configuration
* Added IPv6 compatible IP address generation in certain control plane
components that were only generating IPv4 (thanks @zhlsunshine!)
* Deprecated linkerd-viz's `Gateways` API which is no longer used by
linkerd-multicluster
* Added the `promm` package for making programatic Prometheus assertions in
tests (thanks @krzysztofdrys!)
* Added the `runAsUser` configuration to extensions to fix a PodSecurityPolicy
violation when CNI is enabled
## edge-22.5.3
This edge release fixes a few proxy issues, improves the upgrade process, and
introduces proto retries to Service Profiles. Also included are updates to the
bash scripts to ensure that they follow best practices.
* Polished the shell scripts (thanks @joakimr-axis)
* Introduced retries to Service Profiles based on the idempotency option of the
method by adding an isRetryable function to the proto definition
(thanks @mahlunar)
* Fixed proxy responses to CONNECT requests by removing the content-length
and/or transfer-encoding headers from the response
* Fixed DNS lookups in the proxy to consistently use A records when SRV records
cannot be resolved
* Added dynamic policy discovery to the proxy by evaluating traffic on ports
not included in the LINKERD2_PROXY_INBOUND_PORTS environment variable
* Added logic to require that the linkerd CRDs are installed when running
the `linkerd upgrade` command
## edge-22.5.2
This edge release ships a few changes to the chart values, a fix for
multicluster headless services, and notable proxy features. HA functionality,
such as PDBs, deployment strategies, and pod anti-affinity, have been split
from the HA values and are now configurable for the control plane. On the proxy
side, non-HTTP traffic will now be forwarded on the outbound side within the
cluster when the proxy runs in ingress mode.
* Updated `ingress-mode` proxies to forward non-HTTP traffic within the cluster
(protocol detection will always be attempted for outbound connections)
* Added a new proxy metric `process_uptime_seconds_total` to keep track of the
number of seconds since the proxy started
* Fixed an issue with multicluster headless service mirroring, where exported
endpoints would be mirrored with a delay, or when changes to the export label
would be ignored
* Split HA functionality, such as PodDisruptionBudgets, into multiple
configurable values (thanks @evan-hines-firebolt for the initial work)
## edge-22.5.1
This edge release adds more flexibility to the MeshTLSAuthentication and
AuthorizationPolicy policy resources by allowing them to target entire
namespaces. It also fixes a race condition when multiple CNI plugins are
installed together as well as a number of other bug fixes.
* Added support for MeshTLSAuthentication resources to target an entire
namespace, authenticating all ServiceAccounts in that namespace
* Fixed a panic in `linkerd install` when the `--ignore-cluster` flag is passed
* Fixed issue where pods would fail to start when `enablePSP` and
`proxyInit.runAsRoot` are set
* Added support for AuthorizationPolicy resources to target namespaces, applying
to all Servers in that namespace
* Fixed a race condition where the Linkerd CNI configuration could be
overwritten when multiple CNI plugins are installed
* Added test for opaque ports using Service and Pod IPs (thanks @krzysztofdrys!)
* Fixed an error in the linkerd-viz Helm chart in HA mode
## edge-22.4.1
In order to support having custom resources in the default Linkerd installation,
the CLI install flow is now always a 2-step process where `linkerd install
--crds` must be run first to install CRDs only and then `linkerd install` is run
to install everything else. This more closely aligns the CLI install flow with
the Helm install flow where the CRDs are a separate chart. This also applies to
`linkerd upgrade`. Also, the `config` and `control-plane` sub-commands have been
removed from both `linkerd install` and `linkerd upgrade`.
On the proxy side, this release fixes an issue where proxies would not honor the
cluster's opaqueness settings for non-pod/service addresses. This could cause
protocol detection to be peformed, for instance, when using off-cluster
databases.
This release also disables the use of regexes in Linkerd log filters (i.e., as
set by `LINKERD2_PROXY_LOG`). Malformed log directives could, in theory, cause a
proxy to stop responding.
The `helm.sh/chart` label in some of the CRDs had its formatting fixed, which
avoids issues when installing/upgrading through external tools that make use of
it, such as recent versions of Flux.
* Added `--crds` flag to install/upgrade and remove config/control-plane stages
* Allowed the `AuthorizationPolicy` CRD to have an empty
`requiredAuthenticationRefs` entry that allows all traffic
* Introduced `nodeAffinity` config in all the charts for enhanced control on the
pods scheduling (thanks @michalrom089!)
* Introduced `resources`, `nodeSelector` and `tolerations` configs in the
`linkerd-multicluster-link` chart for enhanced control on the service mirror
deployment (thanks @utay!)
* Fixed formatting of the `helm.sh/chart` label in CRDs
* Updated container base images from buster to bullseye
* Added support for spaces in the `config.linkerd.io/opaque-ports` annotation
## edge-22.3.5
This edge release introduces new policy CRDs that allow for more generalized
authorization policies.
The `AuthorizationPolicy` CRD authorizes clients that satisfy all the required
authentications to communicate with the Linkerd `Server` that it targets.
Required authentications are specified through the new `MeshTLSAuthentication`
and `NetworkAuthentication` CRDs.
A `MeshTLSAuthentication` defines a list of authenticated client IDs—specified
directly by proxy identity strings or referencing resources such as
`ServiceAccount`s.
A `NetworkAuthentication` defines a list of client networks that will be
authenticated.
Additionally, to support the new CRDs, policy-related labels have been changed
to better categorize policy metrics. A `srv_kind` label has been introduced
which splits the current `srv_name` value—formatted as `kind:name`—into separate
labels. The `saz_name` label has been removed and is replaced by the new
`authz_kind` and `authz_name` labels.
* Introduced the `srv_kind` label which allowed splitting the value of the
current `srv_name` label
* Removed the `saz_name` label and replaced it with the new `authz_kind` and
`authz_name` labels
* Fixed an issue in the destination controller where an update would not be sent
after an endpoint was discovered for a currently empty service
* Introduced the following custom resource types to support generalized
authorization policies: `AuthorizationPolicy`, `MeshTLSAuthentication`,
`NetworkAuthentication`
* Deprecated the `--proxy-version` flag (thanks @importhuman!)
* Updated linkerd-viz to use new policy CRDs
## edge-22.3.4
* Disabled pprof endpoints on Linkerd control plane components by default
* Fixed an issue where mirror service endpoints of headless services were always
ready regardless of gateway liveness
* Added server side validation for ServerAuthorization resources
* Fixed an "origin not allowed" issue when using the latest Grafana with the
Linkerd Viz extension
## edge-22.3.3
This edge release ensures that in multicluster installations, mirror service
endpoints have their readiness tied to gateway liveness. When the gateway for a
target cluster is not alive, the endpoints that point to it on a source cluster
will properly indicate that they are not ready.
* Fixed tap controller logging errors that were succeptible to log forgery by
ensuring special characters are escaped
* Fixed issue where mirror service endpoints were always ready regardless of
gateway liveness
* Removed unused `namespace` entry in `linkerd-control-plane` chart
## edge-22.3.2
This edge release includes a few fixes and quality of life improvements. An
issue has been fixed in the proxy allowing HTTP Upgrade requests to work
through multi-cluster gateways, and the init container's resource limits and
requests have been revised. Additionally, more Go linters have been enabled and
improvements have been made to the devcontainer.
* Changed `linkerd-init` resource (CPU/memory) limits and requests to ensure by
default the init container does not break a pod's `Guaranteed` QOS class
* Added a new check condition to skip pods whose status is `NodeShutdown`
during validation as they will not have a proxy container
* Fixed an issue that would prevent proxies from sending HTTP Upgrade requests
(used in websockets) through multi-cluster gateways
## edge-22.3.1
This edge release includes updates to dependencies, CI, and rust 1.59.0. It also
includes changes to the `linkerd-jaeger` chart to ensure that namespace labels
are preserved and adds support for `imagePullSecrets`, along with improvements
to the multicluster and policy functionality.
* Added note to `multicluster link` command to clarify that the link is
one-direction
* Introduced `imagePullSecrets` to Jaeger Helm chart
* Updated Rust to v1.59.0
* Fixed a bug where labels can be overwritten in the `linkerd-jaeger` chart
* Fix broken mirrored headles services after `repairEndpoints` runs
* Updated `Server` CRD to handle an empty `PodSelector`
## edge-22.2.4
This edge release continues to address several security related lints and
ensures they are checked by CI.
* Add `linkerd check` warning for clusters that cannot verify their
`clusterNetworks` due to Nodes missing the `podCIDR` field
* Changed `Server` CRD to allow having an empty `PodSelector`
* Modified `linkerd inject` to only support `https` URLs to mitigate security
risks
* Fixed potential goroutine leak in the port forwarding used by several CLI
commands and control plane components
* Fixed timeouts in the policiy validator which could lead to failures if
`failurePolicy` was set to `Fail`
## edge-22.2.3
This edge release fixes some `Instant`-related proxy panics that occur on Amazon
Linux. It also includes many behind the scenes improvements to the project's
CI and linting.
* Removed the `--controller-image-version` install flag to simplify the way that
image versions are handled. The controller image version can be set using the
`--set linkerdVersion` flag or Helm value
* Lowercased logs and removed redundant lines from the Linkerd2 proxy init
container
* Prevented the proxy from logging spurious errors when its pod does not define
any container ports
* Added workarounds to reduce the likelihood of `Instant`-related proxy panics
that occur on Amazon Linux
## edge-22.2.2
This edge release updates the jaeger extension to be available in ARM
ar
gitextract_99izrum5/
├── .devcontainer/
│ ├── README.md
│ └── devcontainer.json
├── .dockerignore
├── .editorconfig
├── .gitattributes
├── .github/
│ ├── CODEOWNERS
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.yml
│ │ ├── config.yml
│ │ └── feature_request.yml
│ ├── PULL_REQUEST_TEMPLATE.md
│ ├── actions/
│ │ ├── cli-setup/
│ │ │ └── action.yaml
│ │ ├── docker-build/
│ │ │ └── action.yml
│ │ └── helm-publish/
│ │ └── action.yml
│ ├── dco.yml
│ ├── dependabot.yml
│ ├── stale.yml
│ └── workflows/
│ ├── actions.yml
│ ├── cli-build.yml
│ ├── codecov.yml
│ ├── codeql.yml
│ ├── devcontainer.yml
│ ├── go.yml
│ ├── integration.yml
│ ├── js.yml
│ ├── lock.yml
│ ├── markdown.yml
│ ├── proto.yml
│ ├── release.yml
│ ├── rerun.yml
│ ├── rust.yml
│ ├── shell.yml
│ └── sync-proxy.yml
├── .gitignore
├── .golangci.yml
├── .helmdocsignore
├── .markdownlint.yaml
├── .proxy-version
├── ADOPTERS.md
├── AMBASSADORS.md
├── BUILD.md
├── CHANGES.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── Cargo.toml
├── DCO
├── Dockerfile-debug
├── Dockerfile.controller
├── Dockerfile.proxy
├── EXTENSIONS.md
├── GOVERNANCE.md
├── LICENSE
├── MAINTAINERS.md
├── README.md
├── RELEASE.md
├── SECURITY.md
├── STEERING.md
├── TEST.md
├── bin/
│ ├── _docker.sh
│ ├── _log.sh
│ ├── _os.sh
│ ├── _tag.sh
│ ├── _test-helpers.sh
│ ├── build-cli-bin
│ ├── certs-openssl
│ ├── compute-edge-version
│ ├── docker
│ ├── docker-build
│ ├── docker-build-cli-bin
│ ├── docker-build-controller
│ ├── docker-build-debug
│ ├── docker-build-metrics-api
│ ├── docker-build-proxy
│ ├── docker-build-tap
│ ├── docker-build-web
│ ├── docker-pull
│ ├── docker-push
│ ├── docker-retag-all
│ ├── docker-test-proxy
│ ├── fetch-proxy
│ ├── fmt
│ ├── go-mod-tree
│ ├── go-mod-versions
│ ├── go-mod-why
│ ├── go-run
│ ├── goimports
│ ├── helm
│ ├── helm-build
│ ├── image-load
│ ├── install-deps
│ ├── k3d
│ ├── kind
│ ├── kubectl
│ ├── linkerd
│ ├── minikube-start-hyperv.bat
│ ├── protoc-go.sh
│ ├── root-tag
│ ├── rust-toolchain-version
│ ├── scurl
│ ├── shellcheck
│ ├── shellcheck-all
│ ├── test-cleanup
│ ├── test-clouds
│ ├── test-clouds-cleanup
│ ├── test-scale
│ ├── tests
│ ├── update-codegen.sh
│ └── web
├── charts/
│ ├── artifacthub-repo-edge.yml
│ ├── artifacthub-repo-stable.yml
│ ├── linkerd-control-plane/
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md.gotmpl
│ │ ├── templates/
│ │ │ ├── NOTES.txt
│ │ │ ├── config-rbac.yaml
│ │ │ ├── config.yaml
│ │ │ ├── destination-rbac.yaml
│ │ │ ├── destination.yaml
│ │ │ ├── heartbeat-rbac.yaml
│ │ │ ├── heartbeat.yaml
│ │ │ ├── identity-rbac.yaml
│ │ │ ├── identity.yaml
│ │ │ ├── namespace.yaml
│ │ │ ├── podmonitor.yaml
│ │ │ ├── proxy-injector-rbac.yaml
│ │ │ ├── proxy-injector.yaml
│ │ │ └── psp.yaml
│ │ ├── values-ha.yaml
│ │ └── values.yaml
│ ├── linkerd-crds/
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md.gotmpl
│ │ ├── templates/
│ │ │ ├── NOTES.txt
│ │ │ ├── gateway.networking.k8s.io_grpcroutes.yaml
│ │ │ ├── gateway.networking.k8s.io_httproutes.yaml
│ │ │ ├── gateway.networking.k8s.io_tcproutes.yaml
│ │ │ ├── gateway.networking.k8s.io_tlsroutes.yaml
│ │ │ ├── policy/
│ │ │ │ ├── authorization-policy.yaml
│ │ │ │ ├── egress-network.yaml
│ │ │ │ ├── http-local-ratelimit-policy.yaml
│ │ │ │ ├── httproute.yaml
│ │ │ │ ├── meshtls-authentication.yaml
│ │ │ │ ├── network-authentication.yaml
│ │ │ │ ├── server-authorization.yaml
│ │ │ │ └── server.yaml
│ │ │ ├── serviceprofile.yaml
│ │ │ └── workload/
│ │ │ └── external-workload.yaml
│ │ └── values.yaml
│ ├── linkerd2-cni/
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md.gotmpl
│ │ ├── requirements.yaml
│ │ ├── templates/
│ │ │ └── cni-plugin.yaml
│ │ └── values.yaml
│ ├── partials/
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md.gotmpl
│ │ ├── templates/
│ │ │ ├── NOTES.txt
│ │ │ ├── _affinity.tpl
│ │ │ ├── _capabilities.tpl
│ │ │ ├── _debug.tpl
│ │ │ ├── _helpers.tpl
│ │ │ ├── _metadata.tpl
│ │ │ ├── _network-validator.tpl
│ │ │ ├── _nodeselector.tpl
│ │ │ ├── _proxy-config-ann.tpl
│ │ │ ├── _proxy-init.tpl
│ │ │ ├── _proxy.tpl
│ │ │ ├── _pull-secrets.tpl
│ │ │ ├── _resources.tpl
│ │ │ ├── _tolerations.tpl
│ │ │ ├── _trace.tpl
│ │ │ ├── _validate.tpl
│ │ │ └── _volumes.tpl
│ │ └── values.yaml
│ ├── patch/
│ │ ├── Chart.yaml
│ │ ├── requirements.yaml
│ │ └── templates/
│ │ └── patch.json
│ └── templates.go
├── cli/
│ ├── Dockerfile
│ ├── cmd/
│ │ ├── authz.go
│ │ ├── check.go
│ │ ├── check_extensions.go
│ │ ├── check_extensions_test.go
│ │ ├── check_test.go
│ │ ├── completion.go
│ │ ├── completion_test.go
│ │ ├── controller-metrics.go
│ │ ├── diagnostics.go
│ │ ├── diagnostics_profile.go
│ │ ├── doc.go
│ │ ├── endpoints.go
│ │ ├── endpoints_test.go
│ │ ├── identity.go
│ │ ├── inject.go
│ │ ├── inject_test.go
│ │ ├── inject_util.go
│ │ ├── install-cni-plugin.go
│ │ ├── install-cni-plugin_test.go
│ │ ├── install.go
│ │ ├── install_cni_helm_test.go
│ │ ├── install_helm_test.go
│ │ ├── install_test.go
│ │ ├── main_test.go
│ │ ├── metrics.go
│ │ ├── metrics_diagnostics_util.go
│ │ ├── metrics_diagnostics_util_test.go
│ │ ├── options.go
│ │ ├── policy.go
│ │ ├── profile.go
│ │ ├── profile_test.go
│ │ ├── prune.go
│ │ ├── range_slice.go
│ │ ├── range_slice_test.go
│ │ ├── root.go
│ │ ├── test_helper.go
│ │ ├── testdata/
│ │ │ ├── addon_config.yaml
│ │ │ ├── addon_config_overwrite.yaml
│ │ │ ├── check_output.golden
│ │ │ ├── check_output_json.golden
│ │ │ ├── endpoints_one_output.golden
│ │ │ ├── endpoints_one_output_json.golden
│ │ │ ├── endpoints_two_outputs.golden
│ │ │ ├── expired-crt.pem
│ │ │ ├── expired-key.pem
│ │ │ ├── expired-trust-anchors.pem
│ │ │ ├── inject-filepath/
│ │ │ │ ├── expected/
│ │ │ │ │ ├── injected_nginx.stderr
│ │ │ │ │ ├── injected_nginx.stderr.verbose
│ │ │ │ │ ├── injected_nginx.yaml
│ │ │ │ │ ├── injected_nginx_redis.stderr
│ │ │ │ │ ├── injected_nginx_redis.stderr.verbose
│ │ │ │ │ ├── injected_nginx_redis.yaml
│ │ │ │ │ ├── injected_redis.stderr
│ │ │ │ │ ├── injected_redis.stderr.verbose
│ │ │ │ │ └── injected_redis.yaml
│ │ │ │ └── resources/
│ │ │ │ ├── db/
│ │ │ │ │ └── redis.yaml
│ │ │ │ └── nginx.yaml
│ │ │ ├── inject_contour.golden.yml
│ │ │ ├── inject_contour.input.yml
│ │ │ ├── inject_contour.report
│ │ │ ├── inject_contour.report.verbose
│ │ │ ├── inject_contour_uninject.report
│ │ │ ├── inject_emojivoto_already_injected.golden.yml
│ │ │ ├── inject_emojivoto_already_injected.input.yml
│ │ │ ├── inject_emojivoto_already_injected.report
│ │ │ ├── inject_emojivoto_already_injected.report.verbose
│ │ │ ├── inject_emojivoto_cronjob.golden.yml
│ │ │ ├── inject_emojivoto_cronjob.input.yml
│ │ │ ├── inject_emojivoto_cronjob.report
│ │ │ ├── inject_emojivoto_cronjob.report.verbose
│ │ │ ├── inject_emojivoto_cronjob_nometa.golden.yml
│ │ │ ├── inject_emojivoto_cronjob_nometa.input.yml
│ │ │ ├── inject_emojivoto_deployment.golden.yml
│ │ │ ├── inject_emojivoto_deployment.input.yml
│ │ │ ├── inject_emojivoto_deployment.report
│ │ │ ├── inject_emojivoto_deployment.report.verbose
│ │ │ ├── inject_emojivoto_deployment_access_log.golden.yml
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false.golden.stderr
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false.golden.stderr.verbose
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false.input.yml
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false_volumeProjection_disabled.golden.stderr
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false_volumeProjection_disabled.golden.stderr.verbose
│ │ │ ├── inject_emojivoto_deployment_automountServiceAccountToken_false_volumeProjection_disabled.golden.yml
│ │ │ ├── inject_emojivoto_deployment_capabilities.golden.yml
│ │ │ ├── inject_emojivoto_deployment_capabilities.input.yml
│ │ │ ├── inject_emojivoto_deployment_config_overrides.golden.yml
│ │ │ ├── inject_emojivoto_deployment_config_overrides.input.yml
│ │ │ ├── inject_emojivoto_deployment_controller_name.golden.yml
│ │ │ ├── inject_emojivoto_deployment_controller_name.input.yml
│ │ │ ├── inject_emojivoto_deployment_controller_name.report
│ │ │ ├── inject_emojivoto_deployment_controller_name.report.verbose
│ │ │ ├── inject_emojivoto_deployment_controller_name_uninject.report
│ │ │ ├── inject_emojivoto_deployment_debug.golden.yml
│ │ │ ├── inject_emojivoto_deployment_default_inbound_policy.golden.report
│ │ │ ├── inject_emojivoto_deployment_default_inbound_policy.golden.report.verbose
│ │ │ ├── inject_emojivoto_deployment_default_inbound_policy.golden.yml
│ │ │ ├── inject_emojivoto_deployment_empty_resources.golden.yml
│ │ │ ├── inject_emojivoto_deployment_empty_resources.input.yml
│ │ │ ├── inject_emojivoto_deployment_empty_resources.report
│ │ │ ├── inject_emojivoto_deployment_empty_resources.report.verbose
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_false.golden.yml
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_false.input.yml
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_false.report
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_false.report.verbose
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true.golden.stderr
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true.golden.stderr.verbose
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true.golden.yml
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true.input.yml
│ │ │ ├── inject_emojivoto_deployment_hostNetwork_true_uninject.report
│ │ │ ├── inject_emojivoto_deployment_injectDisabled.input.yml
│ │ │ ├── inject_emojivoto_deployment_injectDisabled.report
│ │ │ ├── inject_emojivoto_deployment_injectDisabled.report.verbose
│ │ │ ├── inject_emojivoto_deployment_injectDisabled_uninject.report
│ │ │ ├── inject_emojivoto_deployment_native_sidecar.golden.yml
│ │ │ ├── inject_emojivoto_deployment_no_init_container.golden.yml
│ │ │ ├── inject_emojivoto_deployment_opaque_ports.golden.yml
│ │ │ ├── inject_emojivoto_deployment_opaque_ports.report
│ │ │ ├── inject_emojivoto_deployment_opaque_ports.report.verbose
│ │ │ ├── inject_emojivoto_deployment_overridden.golden.yml
│ │ │ ├── inject_emojivoto_deployment_overridden_noinject.golden.yml
│ │ │ ├── inject_emojivoto_deployment_params.golden.yml
│ │ │ ├── inject_emojivoto_deployment_proxyignores.golden.yml
│ │ │ ├── inject_emojivoto_deployment_udp.golden.yml
│ │ │ ├── inject_emojivoto_deployment_udp.input.yml
│ │ │ ├── inject_emojivoto_deployment_udp.report
│ │ │ ├── inject_emojivoto_deployment_udp.report.verbose
│ │ │ ├── inject_emojivoto_deployment_udp_uninject.report
│ │ │ ├── inject_emojivoto_deployment_uninject.report
│ │ │ ├── inject_emojivoto_deployment_uninjected.input.yml
│ │ │ ├── inject_emojivoto_istio.golden.stderr
│ │ │ ├── inject_emojivoto_istio.golden.stderr.verbose
│ │ │ ├── inject_emojivoto_istio.golden.yml
│ │ │ ├── inject_emojivoto_istio.input.yml
│ │ │ ├── inject_emojivoto_istio_uninject.report
│ │ │ ├── inject_emojivoto_list.golden.yml
│ │ │ ├── inject_emojivoto_list.input.yml
│ │ │ ├── inject_emojivoto_list.report
│ │ │ ├── inject_emojivoto_list.report.verbose
│ │ │ ├── inject_emojivoto_list_empty_resources.golden.yml
│ │ │ ├── inject_emojivoto_list_empty_resources.input.yml
│ │ │ ├── inject_emojivoto_list_empty_resources.report
│ │ │ ├── inject_emojivoto_list_empty_resources.report.verbose
│ │ │ ├── inject_emojivoto_list_uninject.report
│ │ │ ├── inject_emojivoto_namespace_good.golden.report
│ │ │ ├── inject_emojivoto_namespace_good.golden.report.verbose
│ │ │ ├── inject_emojivoto_namespace_good.golden.yml
│ │ │ ├── inject_emojivoto_namespace_good.input.yml
│ │ │ ├── inject_emojivoto_namespace_overidden_good.golden.yml
│ │ │ ├── inject_emojivoto_namespace_uninjected_good.golden.report
│ │ │ ├── inject_emojivoto_namespace_uninjected_good.golden.yml
│ │ │ ├── inject_emojivoto_pod.golden.yml
│ │ │ ├── inject_emojivoto_pod.input.yml
│ │ │ ├── inject_emojivoto_pod.report
│ │ │ ├── inject_emojivoto_pod.report.verbose
│ │ │ ├── inject_emojivoto_pod_default_inbound_policy.golden.report
│ │ │ ├── inject_emojivoto_pod_default_inbound_policy.golden.report.verbose
│ │ │ ├── inject_emojivoto_pod_default_inbound_policy.golden.yml
│ │ │ ├── inject_emojivoto_pod_ingress.golden.yml
│ │ │ ├── inject_emojivoto_pod_ingress.report
│ │ │ ├── inject_emojivoto_pod_ingress.report.verbose
│ │ │ ├── inject_emojivoto_pod_nativesidecar.golden.yml
│ │ │ ├── inject_emojivoto_pod_proxyignores.golden.yml
│ │ │ ├── inject_emojivoto_pod_uninject.report
│ │ │ ├── inject_emojivoto_pod_with_requests.golden.yml
│ │ │ ├── inject_emojivoto_pod_with_requests.input.yml
│ │ │ ├── inject_emojivoto_pod_with_requests.report
│ │ │ ├── inject_emojivoto_pod_with_requests.report.verbose
│ │ │ ├── inject_emojivoto_pod_with_requests_uninject.report
│ │ │ ├── inject_emojivoto_statefulset.golden.yml
│ │ │ ├── inject_emojivoto_statefulset.input.yml
│ │ │ ├── inject_emojivoto_statefulset.report
│ │ │ ├── inject_emojivoto_statefulset.report.verbose
│ │ │ ├── inject_emojivoto_statefulset_uninject.report
│ │ │ ├── inject_gettest_deployment.bad.golden
│ │ │ ├── inject_gettest_deployment.bad.golden.verbose
│ │ │ ├── inject_gettest_deployment.bad.input.yml
│ │ │ ├── inject_gettest_deployment.good.golden.stderr
│ │ │ ├── inject_gettest_deployment.good.golden.stderr.verbose
│ │ │ ├── inject_gettest_deployment.good.golden.yml
│ │ │ ├── inject_gettest_deployment.good.input.yml
│ │ │ ├── inject_tap_deployment.bad.golden
│ │ │ ├── inject_tap_deployment.bad.golden.verbose
│ │ │ ├── inject_tap_deployment.input.yml
│ │ │ ├── inject_tap_deployment_debug.golden.yml
│ │ │ ├── inject_tap_deployment_debug.report
│ │ │ ├── inject_tap_deployment_debug.report.verbose
│ │ │ ├── install-cni-plugin_default.golden
│ │ │ ├── install-cni-plugin_fully_configured.golden
│ │ │ ├── install-cni-plugin_fully_configured_equal_dsts.golden
│ │ │ ├── install-cni-plugin_fully_configured_no_namespace.golden
│ │ │ ├── install-cni-plugin_skip_ports.golden
│ │ │ ├── install_cni_helm_default_output.golden
│ │ │ ├── install_cni_helm_override_output.golden
│ │ │ ├── install_config.yaml
│ │ │ ├── install_controlplane_tracing_output.golden
│ │ │ ├── install_crds.golden
│ │ │ ├── install_crds_with_gateway_api.golden
│ │ │ ├── install_custom_domain.golden
│ │ │ ├── install_custom_registry.golden
│ │ │ ├── install_default.golden
│ │ │ ├── install_default_override_dst_get_nets.golden
│ │ │ ├── install_default_token.golden
│ │ │ ├── install_gid_output.golden
│ │ │ ├── install_ha_output.golden
│ │ │ ├── install_ha_with_overrides_output.golden
│ │ │ ├── install_heartbeat_disabled_output.golden
│ │ │ ├── install_helm_control_plane_output.golden
│ │ │ ├── install_helm_control_plane_output_ha.golden
│ │ │ ├── install_helm_control_plane_output_ha_with_gid.golden
│ │ │ ├── install_helm_crds_output.golden
│ │ │ ├── install_helm_crds_output_ha.golden
│ │ │ ├── install_helm_crds_without_gateway_output.golden
│ │ │ ├── install_helm_output_ha_labels.golden
│ │ │ ├── install_helm_output_ha_namespace_selector.golden
│ │ │ ├── install_no_init_container.golden
│ │ │ ├── install_output.golden
│ │ │ ├── install_proxy_ignores.golden
│ │ │ ├── install_tracing.golden
│ │ │ ├── install_values_file.golden
│ │ │ ├── not-valid-yet-crt.pem
│ │ │ ├── not-valid-yet-key.pem
│ │ │ ├── not-valid-yet-trust-anchors.pem
│ │ │ ├── obfuscate-diagnostics-proxy-metrics.golden
│ │ │ ├── obfuscate-diagnostics-proxy-metrics.input
│ │ │ ├── prom-config.yaml
│ │ │ ├── upgrade_crds_with_gateway_api.golden
│ │ │ ├── upgrade_crds_without_gateway_api.golden
│ │ │ ├── valid-crt.pem
│ │ │ ├── valid-key.pem
│ │ │ ├── valid-trust-anchors.pem
│ │ │ ├── valid-with-rsa-anchor-crt.pem
│ │ │ ├── valid-with-rsa-anchor-key.pem
│ │ │ ├── valid-with-rsa-anchor-trust-anchors.pem
│ │ │ ├── wrong-algo-crt.pem
│ │ │ ├── wrong-algo-key.pem
│ │ │ ├── wrong-algo-trust-anchors.pem
│ │ │ ├── wrong-domain-crt.pem
│ │ │ ├── wrong-domain-key.pem
│ │ │ └── wrong-domain-trust-anchors.pem
│ │ ├── uninject.go
│ │ ├── uninject_test.go
│ │ ├── uninstall.go
│ │ ├── upgrade.go
│ │ ├── upgrade_test.go
│ │ └── version.go
│ ├── flag/
│ │ └── flag.go
│ ├── main.go
│ └── table/
│ └── table.go
├── controller/
│ ├── api/
│ │ ├── destination/
│ │ │ ├── client.go
│ │ │ ├── dedup_profile_listener.go
│ │ │ ├── default_profile_listener.go
│ │ │ ├── destination_fuzzer.go
│ │ │ ├── endpoint_profile_translator.go
│ │ │ ├── endpoint_profile_translator_test.go
│ │ │ ├── endpoint_translator.go
│ │ │ ├── endpoint_translator_test.go
│ │ │ ├── external-workload/
│ │ │ │ ├── controller_util.go
│ │ │ │ ├── endpoints_controller.go
│ │ │ │ ├── endpoints_controller_test.go
│ │ │ │ ├── endpoints_reconciler.go
│ │ │ │ ├── endpoints_reconciler_test.go
│ │ │ │ └── queue_metrics.go
│ │ │ ├── fallback_profile_listener.go
│ │ │ ├── fallback_profile_listener_test.go
│ │ │ ├── federated_service_watcher.go
│ │ │ ├── federated_service_watcher_test.go
│ │ │ ├── opaque_ports_adaptor.go
│ │ │ ├── profile_translator.go
│ │ │ ├── profile_translator_test.go
│ │ │ ├── server.go
│ │ │ ├── server_ipv6_test.go
│ │ │ ├── server_test.go
│ │ │ ├── syncronized_get_stream.go
│ │ │ ├── syncronized_get_stream_test.go
│ │ │ ├── test_util.go
│ │ │ └── watcher/
│ │ │ ├── cluster_store.go
│ │ │ ├── cluster_store_test.go
│ │ │ ├── endpoints_watcher.go
│ │ │ ├── endpoints_watcher_test.go
│ │ │ ├── k8s.go
│ │ │ ├── opaque_ports_watcher.go
│ │ │ ├── opaque_ports_watcher_test.go
│ │ │ ├── profile_watcher.go
│ │ │ ├── profile_watcher_test.go
│ │ │ ├── prometheus.go
│ │ │ ├── test_util.go
│ │ │ ├── workload_watcher.go
│ │ │ └── workload_watcher_test.go
│ │ └── util/
│ │ └── test_util.go
│ ├── cmd/
│ │ ├── destination/
│ │ │ └── main.go
│ │ ├── heartbeat/
│ │ │ └── main.go
│ │ ├── identity/
│ │ │ └── main.go
│ │ ├── main.go
│ │ ├── proxy-injector/
│ │ │ └── main.go
│ │ └── sp-validator/
│ │ └── main.go
│ ├── gen/
│ │ ├── apis/
│ │ │ ├── externalworkload/
│ │ │ │ ├── register.go
│ │ │ │ └── v1beta1/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ ├── link/
│ │ │ │ ├── register.go
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ ├── v1alpha2/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ └── v1alpha3/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ ├── policy/
│ │ │ │ ├── register.go
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── httproute.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ └── v1beta3/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ ├── server/
│ │ │ │ ├── register.go
│ │ │ │ ├── v1beta1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ ├── v1beta2/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ │ └── v1beta3/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ ├── serverauthorization/
│ │ │ │ ├── register.go
│ │ │ │ └── v1beta1/
│ │ │ │ ├── doc.go
│ │ │ │ ├── register.go
│ │ │ │ ├── types.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ │ └── serviceprofile/
│ │ │ ├── register.go
│ │ │ └── v1alpha2/
│ │ │ ├── doc.go
│ │ │ ├── register.go
│ │ │ ├── types.go
│ │ │ └── zz_generated.deepcopy.go
│ │ ├── boilerplate.go.txt
│ │ ├── client/
│ │ │ ├── clientset/
│ │ │ │ └── versioned/
│ │ │ │ ├── clientset.go
│ │ │ │ ├── fake/
│ │ │ │ │ ├── clientset_generated.go
│ │ │ │ │ ├── doc.go
│ │ │ │ │ └── register.go
│ │ │ │ ├── scheme/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ └── register.go
│ │ │ │ └── typed/
│ │ │ │ ├── externalworkload/
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── externalworkload.go
│ │ │ │ │ ├── externalworkload_client.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_externalworkload.go
│ │ │ │ │ │ └── fake_externalworkload_client.go
│ │ │ │ │ └── generated_expansion.go
│ │ │ │ ├── link/
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_link.go
│ │ │ │ │ │ │ └── fake_link_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── link.go
│ │ │ │ │ │ └── link_client.go
│ │ │ │ │ ├── v1alpha2/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_link.go
│ │ │ │ │ │ │ └── fake_link_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── link.go
│ │ │ │ │ │ └── link_client.go
│ │ │ │ │ └── v1alpha3/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_link.go
│ │ │ │ │ │ └── fake_link_client.go
│ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ ├── link.go
│ │ │ │ │ └── link_client.go
│ │ │ │ ├── policy/
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── authorizationpolicy.go
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_authorizationpolicy.go
│ │ │ │ │ │ │ ├── fake_httproute.go
│ │ │ │ │ │ │ ├── fake_meshtlsauthentication.go
│ │ │ │ │ │ │ ├── fake_networkauthentication.go
│ │ │ │ │ │ │ └── fake_policy_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── httproute.go
│ │ │ │ │ │ ├── meshtlsauthentication.go
│ │ │ │ │ │ ├── networkauthentication.go
│ │ │ │ │ │ └── policy_client.go
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_httproute.go
│ │ │ │ │ │ └── fake_policy_client.go
│ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ ├── httproute.go
│ │ │ │ │ └── policy_client.go
│ │ │ │ ├── server/
│ │ │ │ │ ├── v1beta1/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_server.go
│ │ │ │ │ │ │ └── fake_server_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── server.go
│ │ │ │ │ │ └── server_client.go
│ │ │ │ │ ├── v1beta2/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake/
│ │ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ │ ├── fake_server.go
│ │ │ │ │ │ │ └── fake_server_client.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── server.go
│ │ │ │ │ │ └── server_client.go
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_server.go
│ │ │ │ │ │ └── fake_server_client.go
│ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ ├── server.go
│ │ │ │ │ └── server_client.go
│ │ │ │ ├── serverauthorization/
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake/
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_serverauthorization.go
│ │ │ │ │ │ └── fake_serverauthorization_client.go
│ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ ├── serverauthorization.go
│ │ │ │ │ └── serverauthorization_client.go
│ │ │ │ └── serviceprofile/
│ │ │ │ └── v1alpha2/
│ │ │ │ ├── doc.go
│ │ │ │ ├── fake/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake_serviceprofile.go
│ │ │ │ │ └── fake_serviceprofile_client.go
│ │ │ │ ├── generated_expansion.go
│ │ │ │ ├── serviceprofile.go
│ │ │ │ └── serviceprofile_client.go
│ │ │ ├── informers/
│ │ │ │ └── externalversions/
│ │ │ │ ├── externalworkload/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── externalworkload.go
│ │ │ │ │ └── interface.go
│ │ │ │ ├── factory.go
│ │ │ │ ├── generic.go
│ │ │ │ ├── internalinterfaces/
│ │ │ │ │ └── factory_interfaces.go
│ │ │ │ ├── link/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── link.go
│ │ │ │ │ ├── v1alpha2/
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── link.go
│ │ │ │ │ └── v1alpha3/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── link.go
│ │ │ │ ├── policy/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── authorizationpolicy.go
│ │ │ │ │ │ ├── httproute.go
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ ├── meshtlsauthentication.go
│ │ │ │ │ │ └── networkauthentication.go
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── httproute.go
│ │ │ │ │ └── interface.go
│ │ │ │ ├── server/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ ├── v1beta1/
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── server.go
│ │ │ │ │ ├── v1beta2/
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── server.go
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── server.go
│ │ │ │ ├── serverauthorization/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── serverauthorization.go
│ │ │ │ └── serviceprofile/
│ │ │ │ ├── interface.go
│ │ │ │ └── v1alpha2/
│ │ │ │ ├── interface.go
│ │ │ │ └── serviceprofile.go
│ │ │ └── listers/
│ │ │ ├── externalworkload/
│ │ │ │ └── v1beta1/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── externalworkload.go
│ │ │ ├── link/
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ └── link.go
│ │ │ │ ├── v1alpha2/
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ └── link.go
│ │ │ │ └── v1alpha3/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── link.go
│ │ │ ├── policy/
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── authorizationpolicy.go
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ ├── httproute.go
│ │ │ │ │ ├── meshtlsauthentication.go
│ │ │ │ │ └── networkauthentication.go
│ │ │ │ └── v1beta3/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── httproute.go
│ │ │ ├── server/
│ │ │ │ ├── v1beta1/
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ └── server.go
│ │ │ │ ├── v1beta2/
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ └── server.go
│ │ │ │ └── v1beta3/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── server.go
│ │ │ ├── serverauthorization/
│ │ │ │ └── v1beta1/
│ │ │ │ ├── expansion_generated.go
│ │ │ │ └── serverauthorization.go
│ │ │ └── serviceprofile/
│ │ │ └── v1alpha2/
│ │ │ ├── expansion_generated.go
│ │ │ └── serviceprofile.go
│ │ └── common/
│ │ └── net/
│ │ └── net.pb.go
│ ├── heartbeat/
│ │ ├── heartbeat.go
│ │ └── heartbeat_test.go
│ ├── identity/
│ │ ├── domain.go
│ │ └── validator.go
│ ├── k8s/
│ │ ├── api.go
│ │ ├── api_resource.go
│ │ ├── api_test.go
│ │ ├── clientset.go
│ │ ├── k8s.go
│ │ ├── metadata_api.go
│ │ ├── prometheus.go
│ │ └── test_helper.go
│ ├── proxy-injector/
│ │ ├── fake/
│ │ │ ├── client.go
│ │ │ ├── data/
│ │ │ │ ├── annotation.patch.json
│ │ │ │ ├── deployment-inject-disabled.yaml
│ │ │ │ ├── deployment-with-injected-proxy.yaml
│ │ │ │ ├── filter-pod-opaque-ports.yaml
│ │ │ │ ├── filter-service-opaque-ports.yaml
│ │ │ │ ├── filtered-pod-opaque-ports.json
│ │ │ │ ├── filtered-service-opaque-ports.json
│ │ │ │ ├── inject-init-container-spec.yaml
│ │ │ │ ├── inject-linkerd-secrets-volume-spec.yaml
│ │ │ │ ├── namespace-inject-disabled.yaml
│ │ │ │ ├── namespace-inject-enabled.yaml
│ │ │ │ ├── namespace-with-opaque-ports.yaml
│ │ │ │ ├── pod-cpu-ratio.json
│ │ │ │ ├── pod-inject-empty.yaml
│ │ │ │ ├── pod-inject-enabled-cpu-ratio.yaml
│ │ │ │ ├── pod-inject-enabled-log-level.yaml
│ │ │ │ ├── pod-inject-enabled.yaml
│ │ │ │ ├── pod-log-level.json
│ │ │ │ ├── pod-nativesidecar-inject-enabled.yaml
│ │ │ │ ├── pod-with-custom-debug-tag.yaml
│ │ │ │ ├── pod-with-custom-debug.patch.json
│ │ │ │ ├── pod-with-debug-disabled.yaml
│ │ │ │ ├── pod-with-debug-enabled.yaml
│ │ │ │ ├── pod-with-debug.patch.json
│ │ │ │ ├── pod-with-ns-annotations.patch.json
│ │ │ │ ├── pod-with-opaque-ports.yaml
│ │ │ │ ├── pod-without-opaque-ports.yaml
│ │ │ │ ├── pod.nativesidecar.patch.json
│ │ │ │ ├── pod.patch.json
│ │ │ │ ├── service-with-opaque-ports.yaml
│ │ │ │ └── service-without-opaque-ports.yaml
│ │ │ └── factory.go
│ │ ├── metrics.go
│ │ ├── webhook.go
│ │ └── webhook_test.go
│ ├── script/
│ │ ├── destination-client/
│ │ │ └── main.go
│ │ └── policy-client/
│ │ └── main.go
│ ├── sp-validator/
│ │ └── webhook.go
│ └── webhook/
│ ├── launcher.go
│ ├── server.go
│ ├── server_test.go
│ └── util.go
├── deny.toml
├── go.mod
├── go.sum
├── grafana/
│ ├── README.md
│ ├── authzpolicy-grafana.yaml
│ ├── dashboards/
│ │ ├── authority.json
│ │ ├── cronjob.json
│ │ ├── daemonset.json
│ │ ├── deployment.json
│ │ ├── health.json
│ │ ├── job.json
│ │ ├── kubernetes.json
│ │ ├── multicluster.json
│ │ ├── namespace.json
│ │ ├── pod.json
│ │ ├── prometheus-2-stats.json
│ │ ├── prometheus-benchmark.json
│ │ ├── replicaset.json
│ │ ├── replicationcontroller.json
│ │ ├── route.json
│ │ ├── service.json
│ │ ├── statefulset.json
│ │ └── top-line.json
│ └── values.yaml
├── justfile
├── multicluster/
│ ├── charts/
│ │ ├── linkerd-multicluster/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── NOTES.txt
│ │ │ ├── README.md.gotmpl
│ │ │ ├── requirements.yaml
│ │ │ ├── templates/
│ │ │ │ ├── controller/
│ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ ├── pdb.yaml
│ │ │ │ │ ├── probe-svc.yaml
│ │ │ │ │ └── rbac.yaml
│ │ │ │ ├── controller-clusterrole.yaml
│ │ │ │ ├── gateway-policy.yaml
│ │ │ │ ├── gateway.yaml
│ │ │ │ ├── link-crd.yaml
│ │ │ │ ├── local-service-mirror.yaml
│ │ │ │ ├── namespace-metadata-rbac.yaml
│ │ │ │ ├── namespace-metadata.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ ├── psp.yaml
│ │ │ │ ├── remote-access-service-mirror-rbac.yaml
│ │ │ │ └── service-mirror-policy.yaml
│ │ │ ├── values-ha.yaml
│ │ │ └── values.yaml
│ │ ├── linkerd-multicluster-link/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── README.md.gotmpl
│ │ │ ├── requirements.yaml
│ │ │ ├── templates/
│ │ │ │ ├── gateway-mirror.yaml
│ │ │ │ ├── psp.yaml
│ │ │ │ └── service-mirror.yaml
│ │ │ ├── values-ha.yaml
│ │ │ └── values.yaml
│ │ └── templates.go
│ ├── cmd/
│ │ ├── allow.go
│ │ ├── check.go
│ │ ├── gateways.go
│ │ ├── install.go
│ │ ├── install_test.go
│ │ ├── link-gen.go
│ │ ├── link.go
│ │ ├── link_test.go
│ │ ├── main_test.go
│ │ ├── root.go
│ │ ├── service-mirror/
│ │ │ └── main.go
│ │ ├── testdata/
│ │ │ ├── install_default.golden
│ │ │ ├── install_ha.golden
│ │ │ ├── install_psp.golden
│ │ │ ├── service_mirror_default.golden
│ │ │ └── service_mirror_ha.golden
│ │ ├── uninstall.go
│ │ └── unlink.go
│ ├── service-mirror/
│ │ ├── cluster_watcher.go
│ │ ├── cluster_watcher_headless.go
│ │ ├── cluster_watcher_mirroring_test.go
│ │ ├── cluster_watcher_test_util.go
│ │ ├── events_formatting.go
│ │ ├── jittered_ticker.go
│ │ ├── link_handlers.go
│ │ ├── link_handlers_test.go
│ │ ├── metrics.go
│ │ └── probe_worker.go
│ ├── static/
│ │ └── generated_multicluster_templates.gogen.go
│ └── values/
│ └── values.go
├── pkg/
│ ├── addr/
│ │ ├── addr.go
│ │ └── addr_test.go
│ ├── admin/
│ │ └── admin.go
│ ├── charts/
│ │ ├── charts.go
│ │ ├── charts_test.go
│ │ ├── cni/
│ │ │ └── values.go
│ │ └── linkerd2/
│ │ ├── values.go
│ │ └── values_test.go
│ ├── cmd/
│ │ └── cmd.go
│ ├── config/
│ │ └── config.go
│ ├── filesonly/
│ │ └── filesonly.go
│ ├── flags/
│ │ └── flags.go
│ ├── healthcheck/
│ │ ├── healthcheck.go
│ │ ├── healthcheck_fuzzer.go
│ │ ├── healthcheck_labels.go
│ │ ├── healthcheck_output.go
│ │ ├── healthcheck_test.go
│ │ ├── sidecar.go
│ │ ├── sidecar_test.go
│ │ └── version.go
│ ├── identity/
│ │ ├── identity_fuzzer.go
│ │ ├── service.go
│ │ ├── service_test.go
│ │ └── test_util.go
│ ├── inject/
│ │ ├── annotation_patch.go
│ │ ├── inject.go
│ │ ├── inject_fuzzer.go
│ │ ├── inject_test.go
│ │ ├── report.go
│ │ ├── report_test.go
│ │ └── uninject.go
│ ├── issuercerts/
│ │ └── issuercerts.go
│ ├── k8s/
│ │ ├── api.go
│ │ ├── api_test.go
│ │ ├── authz.go
│ │ ├── authz_test.go
│ │ ├── completion.go
│ │ ├── fake.go
│ │ ├── fake_test.go
│ │ ├── k8s.go
│ │ ├── k8s_test.go
│ │ ├── labels.go
│ │ ├── labels_test.go
│ │ ├── metrics.go
│ │ ├── policy.go
│ │ ├── portforward.go
│ │ ├── portforward_test.go
│ │ ├── resource/
│ │ │ ├── resource.go
│ │ │ └── resource_test.go
│ │ ├── testdata/
│ │ │ ├── config.test
│ │ │ ├── kubectl_cluster-info.output
│ │ │ └── kubectl_config.output
│ │ ├── version.go
│ │ └── version_test.go
│ ├── profiles/
│ │ ├── openapi.go
│ │ ├── openapi_test.go
│ │ ├── profiles.go
│ │ ├── profiles_fuzzer.go
│ │ ├── profiles_test.go
│ │ ├── proto.go
│ │ ├── proto_test.go
│ │ ├── template.go
│ │ └── test_helper.go
│ ├── prometheus/
│ │ ├── prometheus.go
│ │ └── test_helper.go
│ ├── protohttp/
│ │ ├── protohttp.go
│ │ └── protohttp_test.go
│ ├── servicemirror/
│ │ └── util.go
│ ├── tls/
│ │ ├── ca.go
│ │ ├── ca_test.go
│ │ ├── codec.go
│ │ ├── codec_test.go
│ │ ├── cred.go
│ │ ├── cred_test.go
│ │ └── creds_watcher.go
│ ├── trace/
│ │ └── trace.go
│ ├── tree/
│ │ ├── tree.go
│ │ └── tree_test.go
│ ├── util/
│ │ ├── http.go
│ │ ├── http_test.go
│ │ ├── parsing.go
│ │ ├── parsing_test.go
│ │ ├── portrange.go
│ │ └── portrange_test.go
│ └── version/
│ ├── channels.go
│ ├── channels_test.go
│ ├── channelversion.go
│ ├── channelversion_test.go
│ ├── version.go
│ └── version_test.go
├── policy-controller/
│ ├── .dockerignore
│ ├── Cargo.toml
│ ├── core/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── identity_match.rs
│ │ ├── inbound.rs
│ │ ├── lib.rs
│ │ ├── network_match.rs
│ │ ├── outbound/
│ │ │ ├── policy.rs
│ │ │ └── target.rs
│ │ ├── outbound.rs
│ │ └── routes.rs
│ ├── grpc/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── inbound/
│ │ │ ├── grpc.rs
│ │ │ └── http.rs
│ │ ├── inbound.rs
│ │ ├── lib.rs
│ │ ├── metrics.rs
│ │ ├── outbound/
│ │ │ ├── grpc.rs
│ │ │ ├── http.rs
│ │ │ ├── tcp.rs
│ │ │ └── tls.rs
│ │ ├── outbound.rs
│ │ ├── routes/
│ │ │ ├── grpc.rs
│ │ │ └── http.rs
│ │ ├── routes.rs
│ │ └── workload.rs
│ ├── k8s/
│ │ ├── api/
│ │ │ ├── Cargo.toml
│ │ │ └── src/
│ │ │ ├── duration.rs
│ │ │ ├── external_workload.rs
│ │ │ ├── labels.rs
│ │ │ ├── lib.rs
│ │ │ ├── policy/
│ │ │ │ ├── authorization_policy.rs
│ │ │ │ ├── egress_network.rs
│ │ │ │ ├── grpcroute.rs
│ │ │ │ ├── httproute.rs
│ │ │ │ ├── meshtls_authentication.rs
│ │ │ │ ├── network.rs
│ │ │ │ ├── network_authentication.rs
│ │ │ │ ├── ratelimit_policy.rs
│ │ │ │ ├── server.rs
│ │ │ │ ├── server_authorization.rs
│ │ │ │ ├── target_ref.rs
│ │ │ │ ├── tcproute.rs
│ │ │ │ └── tlsroute.rs
│ │ │ └── policy.rs
│ │ ├── index/
│ │ │ ├── Cargo.toml
│ │ │ └── src/
│ │ │ ├── cluster_info.rs
│ │ │ ├── defaults.rs
│ │ │ ├── inbound/
│ │ │ │ ├── authorization_policy.rs
│ │ │ │ ├── index/
│ │ │ │ │ ├── grpc.rs
│ │ │ │ │ ├── http.rs
│ │ │ │ │ └── metrics.rs
│ │ │ │ ├── index.rs
│ │ │ │ ├── meshtls_authentication.rs
│ │ │ │ ├── network_authentication.rs
│ │ │ │ ├── ratelimit_policy.rs
│ │ │ │ ├── routes.rs
│ │ │ │ ├── server.rs
│ │ │ │ ├── server_authorization.rs
│ │ │ │ ├── tests/
│ │ │ │ │ ├── annotation.rs
│ │ │ │ │ ├── authorization_policy.rs
│ │ │ │ │ ├── grpc_routes.rs
│ │ │ │ │ ├── http_routes.rs
│ │ │ │ │ ├── ratelimit_policy.rs
│ │ │ │ │ ├── server.rs
│ │ │ │ │ └── server_authorization.rs
│ │ │ │ ├── tests.rs
│ │ │ │ └── workload.rs
│ │ │ ├── inbound.rs
│ │ │ ├── lib.rs
│ │ │ ├── outbound/
│ │ │ │ ├── index/
│ │ │ │ │ ├── egress_network.rs
│ │ │ │ │ ├── grpc.rs
│ │ │ │ │ ├── http.rs
│ │ │ │ │ ├── metrics.rs
│ │ │ │ │ ├── tcp.rs
│ │ │ │ │ └── tls.rs
│ │ │ │ ├── index.rs
│ │ │ │ ├── tests/
│ │ │ │ │ ├── routes/
│ │ │ │ │ │ ├── grpc.rs
│ │ │ │ │ │ ├── http.rs
│ │ │ │ │ │ ├── tcp.rs
│ │ │ │ │ │ └── tls.rs
│ │ │ │ │ └── routes.rs
│ │ │ │ └── tests.rs
│ │ │ ├── outbound.rs
│ │ │ ├── ports.rs
│ │ │ ├── routes/
│ │ │ │ ├── grpc.rs
│ │ │ │ └── http.rs
│ │ │ └── routes.rs
│ │ └── status/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── index.rs
│ │ ├── lib.rs
│ │ ├── ratelimit.rs
│ │ ├── resource_id.rs
│ │ ├── routes/
│ │ │ ├── grpc.rs
│ │ │ ├── http.rs
│ │ │ ├── tcp.rs
│ │ │ └── tls.rs
│ │ ├── routes.rs
│ │ ├── service.rs
│ │ ├── tests/
│ │ │ ├── conflict.rs
│ │ │ ├── egress_network.rs
│ │ │ ├── ratelimit.rs
│ │ │ ├── routes/
│ │ │ │ ├── grpc.rs
│ │ │ │ ├── helpers.rs
│ │ │ │ ├── http.rs
│ │ │ │ ├── tcp.rs
│ │ │ │ └── tls.rs
│ │ │ └── routes.rs
│ │ └── tests.rs
│ ├── runtime/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── admission.rs
│ │ ├── args.rs
│ │ ├── index_list.rs
│ │ ├── lease.rs
│ │ ├── lib.rs
│ │ └── validation.rs
│ └── src/
│ └── main.rs
├── policy-test/
│ ├── Cargo.toml
│ ├── README.md
│ ├── src/
│ │ ├── admission.rs
│ │ ├── bb.rs
│ │ ├── curl.rs
│ │ ├── grpc.rs
│ │ ├── lib.rs
│ │ ├── outbound_api.rs
│ │ ├── test_route.rs
│ │ └── web.rs
│ └── tests/
│ ├── admit_authorization_policy.rs
│ ├── admit_egress_networks.rs
│ ├── admit_grpc_route.rs
│ ├── admit_http_local_ratelimit_policy.rs
│ ├── admit_http_route.rs
│ ├── admit_http_route_gateway.rs
│ ├── admit_meshtls_authentication.rs
│ ├── admit_network_authentication.rs
│ ├── admit_server.rs
│ ├── admit_server_authorization.rs
│ ├── admit_tcp_route.rs
│ ├── admit_tls_route.rs
│ ├── e2e_appprotocol.rs
│ ├── e2e_audit.rs
│ ├── e2e_authorization_policy.rs
│ ├── e2e_egress_network.rs
│ ├── e2e_failure_accrual.rs
│ ├── e2e_http_local_ratelimit_policy.rs
│ ├── e2e_http_routing.rs
│ ├── e2e_server_authorization.rs
│ ├── inbound_api.rs
│ ├── inbound_api_external_workload.rs
│ ├── inbound_http_route_status.rs
│ ├── outbound_api.rs
│ ├── outbound_api_app_protocol.rs
│ ├── outbound_api_egress_network.rs
│ ├── outbound_api_failure_accrual.rs
│ ├── outbound_api_grpc.rs
│ ├── outbound_api_http.rs
│ ├── outbound_api_tcp.rs
│ └── outbound_http_route_status.rs
├── proto/
│ ├── common/
│ │ └── net.proto
│ └── google/
│ └── protobuf/
│ └── duration.proto
├── proxy-identity/
│ ├── main.go
│ ├── run_proxy_unix.go
│ └── run_proxy_windows.go
├── proxy-runtime.yml
├── rust-toolchain.toml
├── test/
│ ├── cli/
│ │ └── cli_install_static_test.go
│ ├── fuzzing/
│ │ ├── README.md
│ │ └── fuzzers.go
│ └── integration/
│ ├── deep/
│ │ ├── appprotocol/
│ │ │ ├── appprotocol_test.go
│ │ │ ├── assertions.go
│ │ │ └── testdata/
│ │ │ ├── appprotocol_application.yaml
│ │ │ └── appprotocol_client.yaml
│ │ ├── dualstack/
│ │ │ ├── dualstack_test.go
│ │ │ └── testdata/
│ │ │ ├── ipfamilies-policy.yml
│ │ │ ├── ipfamilies-server-client.yml
│ │ │ └── ipfamilies-server.go
│ │ ├── egress/
│ │ │ ├── egress_test.go
│ │ │ └── testdata/
│ │ │ └── proxy.yaml
│ │ ├── endpoints/
│ │ │ ├── endpoints_test.go
│ │ │ └── testdata/
│ │ │ └── nginx.yaml
│ │ ├── hostname/
│ │ │ ├── assertions.go
│ │ │ ├── hostname_test.go
│ │ │ └── testdata/
│ │ │ ├── hostname_application.yaml
│ │ │ └── hostname_client.yaml
│ │ ├── install_test.go
│ │ ├── kind-dualstack.yml
│ │ ├── kind-ipv6.yml
│ │ ├── localhost/
│ │ │ ├── localhost_test.go
│ │ │ └── testdata/
│ │ │ ├── nginx-and-curl.yaml
│ │ │ ├── nginx.yaml
│ │ │ └── slow-cooker.yaml
│ │ ├── norelay/
│ │ │ ├── norelay_test.go
│ │ │ └── testdata/
│ │ │ ├── client.yml
│ │ │ ├── server-hello.yml
│ │ │ └── server-relay.yml
│ │ ├── opaqueports/
│ │ │ ├── assertions.go
│ │ │ ├── opaque_ports_test.go
│ │ │ └── testdata/
│ │ │ ├── opaque_ports_application.yaml
│ │ │ └── opaque_ports_client.yaml
│ │ ├── serviceaccounts/
│ │ │ └── serviceaccounts_test.go
│ │ └── skipports/
│ │ ├── skip_ports_test.go
│ │ └── testdata/
│ │ └── skip_ports_application.yaml
│ ├── external/
│ │ ├── externalissuer/
│ │ │ ├── external_issuer_test.go
│ │ │ └── testdata/
│ │ │ └── external_issuer_application.yaml
│ │ ├── externalresources/
│ │ │ ├── rabbitmq_test.go
│ │ │ └── testdata/
│ │ │ ├── check.rabbitmq.golden
│ │ │ ├── rabbitmq-client.yaml
│ │ │ └── rabbitmq-server.yaml
│ │ ├── install_test.go
│ │ ├── stat/
│ │ │ ├── stat_test.go
│ │ │ └── testdata/
│ │ │ └── application.yaml
│ │ └── testdata/
│ │ └── external_prometheus.yaml
│ ├── install/
│ │ ├── inject/
│ │ │ ├── inject_test.go
│ │ │ └── testdata/
│ │ │ ├── inject_test.yaml
│ │ │ ├── pods.yaml
│ │ │ └── services.yaml
│ │ ├── install_test.go
│ │ ├── smoke/
│ │ │ ├── install_smoke_test.go
│ │ │ └── testdata/
│ │ │ ├── check.proxy.golden
│ │ │ ├── inject.report.golden
│ │ │ └── smoke_test.yaml
│ │ ├── testdata/
│ │ │ ├── check.proxy.golden
│ │ │ ├── inject.report.golden
│ │ │ ├── smoke_test.yaml
│ │ │ └── upgrade_test.yaml
│ │ └── uninstall/
│ │ └── uninstall_test.go
│ ├── multicluster/
│ │ ├── install_test.go
│ │ ├── multicluster-traffic/
│ │ │ ├── federated_test.go
│ │ │ ├── mc_traffic_test.go
│ │ │ ├── pod_to_pod_test.go
│ │ │ └── testdata/
│ │ │ ├── emojivoto-no-bot.yml
│ │ │ ├── federated-client.yml
│ │ │ ├── nginx-gateway-deploy.yaml
│ │ │ ├── nginx-ss.yml
│ │ │ ├── slow-cooker.yml
│ │ │ └── vote-bot.yml
│ │ └── testdata/
│ │ └── allow.golden
│ ├── rsa-ca/
│ │ ├── install_rsa_ca_test.go
│ │ └── testdata/
│ │ ├── ca.crt
│ │ ├── ca.key
│ │ ├── issuer.crt
│ │ └── issuer.key
│ ├── tracing/
│ │ ├── install_test.go
│ │ ├── testdata/
│ │ │ └── tracing-values.yaml
│ │ └── tracing/
│ │ ├── testdata/
│ │ │ ├── emojivoto.yaml
│ │ │ ├── jaeger-aio-values.yaml
│ │ │ ├── otel-values.yaml
│ │ │ └── tracing.yaml
│ │ └── tracing_test.go
│ ├── upgrade-edge/
│ │ ├── testdata/
│ │ │ └── emoji.yaml
│ │ └── upgrade_edge_test.go
│ └── viz/
│ ├── edges/
│ │ ├── edges_test.go
│ │ └── testdata/
│ │ ├── direct_edges.golden
│ │ ├── linkerd_edges.golden
│ │ ├── slow-cooker.yaml
│ │ └── terminus.yaml
│ ├── install_test.go
│ ├── policy/
│ │ ├── policy_test.go
│ │ └── testdata/
│ │ ├── emoji-policy.yaml
│ │ └── emojivoto.yaml
│ ├── routes/
│ │ └── routes_test.go
│ ├── serviceprofiles/
│ │ ├── serviceprofiles_test.go
│ │ └── testdata/
│ │ ├── hello_world.yaml
│ │ ├── t3.swagger
│ │ ├── tap_application.yaml
│ │ └── world.swagger
│ ├── stat/
│ │ └── stat_test.go
│ ├── tap/
│ │ ├── tap_test.go
│ │ └── testdata/
│ │ └── tap_application.yaml
│ └── trafficsplit/
│ ├── testdata/
│ │ ├── application.yaml
│ │ └── applications-at-diff-ports.yaml
│ └── trafficsplit_test.go
├── testutil/
│ ├── annotations.go
│ ├── annotations_test.go
│ ├── doc.go
│ ├── inject.go
│ ├── inject_validator.go
│ ├── install.go
│ ├── kubernetes_helper.go
│ ├── prommatch/
│ │ ├── common.go
│ │ ├── prommatch.go
│ │ ├── prommatch_test.go
│ │ ├── suite.go
│ │ └── testdata/
│ │ └── sampleMetrics.txt
│ ├── stream.go
│ ├── tap.go
│ ├── test_data_diff.go
│ ├── test_helper.go
│ └── test_helper_check.go
├── tools.go
├── viz/
│ ├── charts/
│ │ ├── linkerd-viz/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── README.md.gotmpl
│ │ │ ├── requirements.yaml
│ │ │ ├── templates/
│ │ │ │ ├── NOTES.txt
│ │ │ │ ├── admin-policy.yaml
│ │ │ │ ├── metrics-api-policy.yaml
│ │ │ │ ├── metrics-api-rbac.yaml
│ │ │ │ ├── metrics-api.yaml
│ │ │ │ ├── namespace-metadata-rbac.yaml
│ │ │ │ ├── namespace-metadata.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ ├── prometheus-policy.yaml
│ │ │ │ ├── prometheus-rbac.yaml
│ │ │ │ ├── prometheus.yaml
│ │ │ │ ├── psp.yaml
│ │ │ │ ├── service-profiles.yaml
│ │ │ │ ├── tap-injector-policy.yaml
│ │ │ │ ├── tap-injector-rbac.yaml
│ │ │ │ ├── tap-injector.yaml
│ │ │ │ ├── tap-policy.yaml
│ │ │ │ ├── tap-rbac.yaml
│ │ │ │ ├── tap.yaml
│ │ │ │ ├── web-rbac.yaml
│ │ │ │ └── web.yaml
│ │ │ ├── values-ha.yaml
│ │ │ └── values.yaml
│ │ └── templates.go
│ ├── cmd/
│ │ ├── allow-scrapes.go
│ │ ├── authz.go
│ │ ├── check.go
│ │ ├── dashboard.go
│ │ ├── edges.go
│ │ ├── edges_test.go
│ │ ├── install.go
│ │ ├── install_test.go
│ │ ├── list.go
│ │ ├── main_test.go
│ │ ├── profile.go
│ │ ├── profile_test.go
│ │ ├── prune.go
│ │ ├── root.go
│ │ ├── routes.go
│ │ ├── routes_test.go
│ │ ├── stat-inbound.go
│ │ ├── stat-outbound.go
│ │ ├── stat.go
│ │ ├── stat_test.go
│ │ ├── tap.go
│ │ ├── tap_test.go
│ │ ├── testdata/
│ │ │ ├── edges_one_output.golden
│ │ │ ├── edges_one_output_json.golden
│ │ │ ├── edges_wide_output.golden
│ │ │ ├── install_default.golden
│ │ │ ├── install_default_overrides.golden
│ │ │ ├── install_prometheus_disabled.golden
│ │ │ ├── install_prometheus_loglevel_from_args.golden
│ │ │ ├── install_proxy_resources.golden
│ │ │ ├── routes_one_output.golden
│ │ │ ├── routes_one_output_json.golden
│ │ │ ├── routes_one_output_wide.golden
│ │ │ ├── stat_all_output.golden
│ │ │ ├── stat_all_output_json.golden
│ │ │ ├── stat_one_output.golden
│ │ │ ├── stat_one_output_json.golden
│ │ │ ├── stat_one_pod_output.golden
│ │ │ ├── stat_one_tcp_output.golden
│ │ │ ├── stat_one_ts_output.golden
│ │ │ ├── stat_one_ts_output_json.golden
│ │ │ ├── tap_busy_output.golden
│ │ │ ├── tap_busy_output_json.golden
│ │ │ ├── tap_busy_output_jsonpath.golden
│ │ │ ├── tap_busy_output_wide.golden
│ │ │ └── tap_empty_output.golden
│ │ ├── top.go
│ │ └── uninstall.go
│ ├── main.go
│ ├── metrics-api/
│ │ ├── Dockerfile
│ │ ├── authz.go
│ │ ├── client/
│ │ │ └── client.go
│ │ ├── cmd/
│ │ │ └── main.go
│ │ ├── edges.go
│ │ ├── edges_test.go
│ │ ├── gateways.go
│ │ ├── gen/
│ │ │ └── viz/
│ │ │ ├── viz.pb.go
│ │ │ └── viz_grpc.pb.go
│ │ ├── grpc_server.go
│ │ ├── grpc_server_test.go
│ │ ├── policy.go
│ │ ├── prometheus.go
│ │ ├── prometheus_test.go
│ │ ├── proto/
│ │ │ └── viz.proto
│ │ ├── stat_summary.go
│ │ ├── stat_summary_test.go
│ │ ├── test_helper.go
│ │ ├── top_routes.go
│ │ ├── top_routes_test.go
│ │ └── util/
│ │ ├── api_utils.go
│ │ └── api_utils_test.go
│ ├── pkg/
│ │ ├── api/
│ │ │ └── api.go
│ │ ├── healthcheck/
│ │ │ ├── healthcheck.go
│ │ │ └── healthcheck_test.go
│ │ ├── jsonpath/
│ │ │ └── jsonpath.go
│ │ ├── labels/
│ │ │ └── labels.go
│ │ ├── prometheus/
│ │ │ └── prometheus.go
│ │ └── util/
│ │ ├── util.go
│ │ └── util_test.go
│ └── tap/
│ ├── Dockerfile
│ ├── api/
│ │ ├── client.go
│ │ ├── grpc_server.go
│ │ ├── grpc_server_test.go
│ │ ├── handlers.go
│ │ ├── handlers_test.go
│ │ ├── main.go
│ │ ├── server.go
│ │ └── server_test.go
│ ├── cmd/
│ │ └── main.go
│ ├── gen/
│ │ └── tap/
│ │ ├── viz_tap.pb.go
│ │ └── viz_tap_grpc.pb.go
│ ├── injector/
│ │ ├── main.go
│ │ ├── patch.go
│ │ └── webhook.go
│ ├── pkg/
│ │ ├── events.go
│ │ ├── protohttp.go
│ │ ├── protohttp_test.go
│ │ ├── reader.go
│ │ └── requests.go
│ └── proto/
│ └── viz_tap.proto
└── web/
├── Dockerfile
├── app/
│ ├── .eslintrc
│ ├── .linguirc
│ ├── __mocks__/
│ │ ├── fileMock.js
│ │ └── styleMock.js
│ ├── babel.config.json
│ ├── css/
│ │ ├── styles.css
│ │ └── svg-wrappers.css
│ ├── gh_ann_reporter.js
│ ├── index_bundle.js.lodash.tmpl
│ ├── js/
│ │ ├── components/
│ │ │ ├── AddResources.jsx
│ │ │ ├── BaseTable.jsx
│ │ │ ├── BaseTable.test.js
│ │ │ ├── BreadcrumbHeader.jsx
│ │ │ ├── BreadcrumbHeader.test.jsx
│ │ │ ├── CallToAction.jsx
│ │ │ ├── CheckModal.jsx
│ │ │ ├── Community.jsx
│ │ │ ├── Community.test.jsx
│ │ │ ├── ConfigureProfilesMsg.jsx
│ │ │ ├── EdgesTable.jsx
│ │ │ ├── EmptyCard.jsx
│ │ │ ├── ErrorBanner.jsx
│ │ │ ├── ErrorModal.jsx
│ │ │ ├── ExpandableTable.jsx
│ │ │ ├── Extensions.jsx
│ │ │ ├── Gateway.jsx
│ │ │ ├── GrafanaLink.jsx
│ │ │ ├── GrafanaLink.test.jsx
│ │ │ ├── JaegerLink.jsx
│ │ │ ├── MeshedStatusTable.jsx
│ │ │ ├── MetricsTable.jsx
│ │ │ ├── MetricsTable.test.js
│ │ │ ├── Namespace.jsx
│ │ │ ├── NamespaceConfirmationModal.jsx
│ │ │ ├── Navigation.jsx
│ │ │ ├── Navigation.test.jsx
│ │ │ ├── NetworkGraph.jsx
│ │ │ ├── NetworkGraph.test.jsx
│ │ │ ├── NoMatch.jsx
│ │ │ ├── Octopus.jsx
│ │ │ ├── Popover.jsx
│ │ │ ├── QueryToCliCmd.jsx
│ │ │ ├── QueryToCliCmd.test.jsx
│ │ │ ├── ResourceDetail.jsx
│ │ │ ├── ResourceList.jsx
│ │ │ ├── ResourceList.test.jsx
│ │ │ ├── ServiceDetail.jsx
│ │ │ ├── ServiceMesh.jsx
│ │ │ ├── ServiceMesh.test.jsx
│ │ │ ├── StatusTable.jsx
│ │ │ ├── Tap.jsx
│ │ │ ├── TapEnabledWarning.jsx
│ │ │ ├── TapEventHeadersTable.jsx
│ │ │ ├── TapEventTable.jsx
│ │ │ ├── TapLink.jsx
│ │ │ ├── TapQueryForm.jsx
│ │ │ ├── Top.jsx
│ │ │ ├── TopEventTable.jsx
│ │ │ ├── TopModule.jsx
│ │ │ ├── TopRoutes.jsx
│ │ │ ├── TopRoutesModule.jsx
│ │ │ ├── TopRoutesTable.jsx
│ │ │ ├── TopRoutesTable.test.js
│ │ │ ├── TopRoutesTabs.jsx
│ │ │ ├── Version.jsx
│ │ │ ├── Version.test.js
│ │ │ └── util/
│ │ │ ├── ApiHelpers.jsx
│ │ │ ├── ApiHelpers.test.jsx
│ │ │ ├── AppContext.jsx
│ │ │ ├── Chip.jsx
│ │ │ ├── CliQueryUtils.js
│ │ │ ├── CopyUtils.jsx
│ │ │ ├── EdgesUtils.jsx
│ │ │ ├── MetricUtils.jsx
│ │ │ ├── MetricUtils.test.js
│ │ │ ├── OctopusArms.jsx
│ │ │ ├── PageVisibility.jsx
│ │ │ ├── Percentage.js
│ │ │ ├── Progress.jsx
│ │ │ ├── Spinner.jsx
│ │ │ ├── SuccessRateDot.jsx
│ │ │ ├── SuccessRateMiniChart.jsx
│ │ │ ├── SvgWrappers.jsx
│ │ │ ├── TapUtils.jsx
│ │ │ ├── Utils.js
│ │ │ ├── Utils.test.js
│ │ │ ├── theme.js
│ │ │ └── withREST.jsx
│ │ ├── index.js
│ │ └── locales/
│ │ ├── en/
│ │ │ └── messages.json
│ │ └── es/
│ │ └── messages.json
│ ├── package.json
│ ├── setupTests.js
│ ├── test/
│ │ ├── fixtures/
│ │ │ ├── allRollup.json
│ │ │ ├── deployRollup.json
│ │ │ ├── emojivotoPods.json
│ │ │ ├── gateway.json
│ │ │ ├── multiDeployRollup.json
│ │ │ ├── namespaces.json
│ │ │ └── podRollup.json
│ │ └── testHelpers.jsx
│ └── webpack.config.js
├── main.go
├── srv/
│ ├── api_handlers.go
│ ├── api_handlers_test.go
│ ├── check_same_origin.go
│ ├── handlers.go
│ ├── handlers_test.go
│ ├── reverse_proxy.go
│ ├── server.go
│ ├── test_helpers.go
│ └── testdata/
│ ├── api_check_output.json
│ └── api_gateway_output.json
└── templates/
├── app.tmpl.html
└── includes/
└── base.tmpl.html
Showing preview only (666K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (7110 symbols across 712 files)
FILE: cli/cmd/authz.go
function newCmdAuthz (line 13) | func newCmdAuthz() *cobra.Command {
FILE: cli/cmd/check.go
type checkOptions (line 25) | type checkOptions struct
method nonConfigFlagSet (line 52) | func (options *checkOptions) nonConfigFlagSet() *pflag.FlagSet {
method checkFlagSet (line 65) | func (options *checkOptions) checkFlagSet() *pflag.FlagSet {
method validate (line 76) | func (options *checkOptions) validate() error {
function newCheckOptions (line 37) | func newCheckOptions() *checkOptions {
function newCmdCheck (line 92) | func newCmdCheck() *cobra.Command {
function configureAndRunChecks (line 129) | func configureAndRunChecks(cmd *cobra.Command, wout io.Writer, werr io.W...
function runExtensionChecks (line 229) | func runExtensionChecks(cmd *cobra.Command, wout io.Writer, werr io.Writ...
function getExtensionCheckFlags (line 260) | func getExtensionCheckFlags(lf *pflag.FlagSet) []string {
function renderInstallManifest (line 279) | func renderInstallManifest(ctx context.Context) (*charts.Values, string,...
FILE: cli/cmd/check_extensions.go
type glob (line 24) | type glob
type extension (line 29) | type extension struct
function findExtensions (line 43) | func findExtensions(pathEnv string, glob glob, exec utilsexec.Interface,...
function findCLIExtensionsOnPath (line 102) | func findCLIExtensionsOnPath(pathEnv string, glob glob, exec utilsexec.I...
function findAlwaysChecks (line 135) | func findAlwaysChecks(cliExtensions []string, exec utilsexec.Interface) ...
function isAlwaysCheck (line 149) | func isAlwaysCheck(path string, exec utilsexec.Interface) bool {
function parseJSONMetadataOutput (line 174) | func parseJSONMetadataOutput(data []byte) (healthcheck.ExtensionMetadata...
function runExtensionsChecks (line 186) | func runExtensionsChecks(
function parseJSONCheckOutput (line 277) | func parseJSONCheckOutput(data []byte) (healthcheck.CheckResults, error) {
function suffix (line 307) | func suffix(s string) string {
FILE: cli/cmd/check_extensions_test.go
function TestFindExtensions (line 14) | func TestFindExtensions(t *testing.T) {
function TestRunExtensionsChecks (line 70) | func TestRunExtensionsChecks(t *testing.T) {
function TestSuffix (line 352) | func TestSuffix(t *testing.T) {
FILE: cli/cmd/check_test.go
function TestCheckStatus (line 13) | func TestCheckStatus(t *testing.T) {
FILE: cli/cmd/completion.go
function newCmdCompletion (line 13) | func newCmdCompletion() *cobra.Command {
function getCompletion (line 77) | func getCompletion(sh string, parent *cobra.Command) (string, error) {
FILE: cli/cmd/completion_test.go
function TestCompletion (line 7) | func TestCompletion(t *testing.T) {
FILE: cli/cmd/controller-metrics.go
type ControllerMetricsOptions (line 15) | type ControllerMetricsOptions struct
function newControllerMetricsOptions (line 23) | func newControllerMetricsOptions() *ControllerMetricsOptions {
function newCmdControllerMetrics (line 30) | func newCmdControllerMetrics() *cobra.Command {
FILE: cli/cmd/diagnostics.go
function newCmdDiagnostics (line 8) | func newCmdDiagnostics() *cobra.Command {
FILE: cli/cmd/diagnostics_profile.go
type diagProfileOptions (line 18) | type diagProfileOptions struct
method validate (line 25) | func (o *diagProfileOptions) validate() error {
function newDiagProfileOptions (line 29) | func newDiagProfileOptions() *diagProfileOptions {
function newCmdDiagnosticsProfile (line 33) | func newCmdDiagnosticsProfile() *cobra.Command {
function requestProfileFromAPI (line 98) | func requestProfileFromAPI(client destinationPb.DestinationClient, token...
function writeProfileJSON (line 112) | func writeProfileJSON(w io.Writer, profile *destinationPb.DestinationPro...
FILE: cli/cmd/doc.go
type references (line 16) | type references struct
type cmdOption (line 21) | type cmdOption struct
type cmdDoc (line 28) | type cmdDoc struct
type annotationDoc (line 38) | type annotationDoc struct
function newCmdDoc (line 43) | func newCmdDoc(rootCmd *cobra.Command) *cobra.Command {
function generateCLIDocs (line 78) | func generateCLIDocs(cmd *cobra.Command) ([]cmdDoc, error) {
function generateAnnotationsDocs (line 117) | func generateAnnotationsDocs() []annotationDoc {
FILE: cli/cmd/endpoints.go
type endpointsOptions (line 28) | type endpointsOptions struct
method validate (line 55) | func (o *endpointsOptions) validate() error {
type endpointsInfo (line 36) | type endpointsInfo
type podData (line 37) | type podData struct
constant podHeader (line 48) | podHeader = "POD"
constant namespaceHeader (line 49) | namespaceHeader = "NAMESPACE"
constant padding (line 50) | padding = 3
function newEndpointsOptions (line 63) | func newEndpointsOptions() *endpointsOptions {
function newCmdEndpoints (line 69) | func newCmdEndpoints() *cobra.Command {
function requestEndpointsFromAPI (line 144) | func requestEndpointsFromAPI(client destinationPb.DestinationClient, tok...
function getIP (line 225) | func getIP(tcpAddr *netPb.TcpAddress) string {
function renderEndpoints (line 233) | func renderEndpoints(endpoints endpointsInfo, options *endpointsOptions)...
type rowEndpoint (line 242) | type rowEndpoint struct
function writeEndpointsToBuffer (line 255) | func writeEndpointsToBuffer(endpoints endpointsInfo, w *tabwriter.Writer...
function printEndpointsTables (line 311) | func printEndpointsTables(endpointsTables map[string][]rowEndpoint, w *t...
function printEndpointsTable (line 323) | func printEndpointsTable(namespace string, rows []rowEndpoint, w *tabwri...
function printEndpointsJSON (line 351) | func printEndpointsJSON(endpointsTables map[string][]rowEndpoint, w *tab...
function sortNamespaceKeys (line 366) | func sortNamespaceKeys(endpointsTables map[string][]rowEndpoint) []string {
FILE: cli/cmd/endpoints_test.go
type endpointsExp (line 10) | type endpointsExp struct
function TestEndpoints (line 17) | func TestEndpoints(t *testing.T) {
function testEndpointsCall (line 118) | func testEndpointsCall(exp endpointsExp, t *testing.T) {
FILE: cli/cmd/identity.go
type certificate (line 22) | type certificate struct
type identityOptions (line 29) | type identityOptions struct
function newIdentityOptions (line 35) | func newIdentityOptions() *identityOptions {
function newCmdIdentity (line 42) | func newCmdIdentity() *cobra.Command {
function getCertificate (line 136) | func getCertificate(k8sAPI *k8s.KubernetesAPI, pods []corev1.Pod, portNa...
function getContainerWithPort (line 158) | func getContainerWithPort(pod corev1.Pod, portName string) (corev1.Conta...
function getContainerCertificate (line 178) | func getContainerCertificate(k8sAPI *k8s.KubernetesAPI, pod corev1.Pod, ...
function getCertResponse (line 194) | func getCertResponse(url string, pod corev1.Pod) ([]*x509.Certificate, e...
function getPods (line 217) | func getPods(ctx context.Context, clientset kubernetes.Interface, namesp...
FILE: cli/cmd/inject.go
constant hostNetworkDesc (line 27) | hostNetworkDesc = "pods do not use host networking"
constant sidecarDesc (line 28) | sidecarDesc = "pods do not have a 3rd party proxy o...
constant injectDisabledDesc (line 29) | injectDisabledDesc = "pods are not annotated to disable in...
constant unsupportedDesc (line 30) | unsupportedDesc = "at least one resource can be injecte...
constant udpDesc (line 31) | udpDesc = "pod specs do not include UDP ports"
constant automountServiceAccountTokenDesc (line 32) | automountServiceAccountTokenDesc = "pods do not have automountServiceAcc...
constant slash (line 33) | slash = "/"
type resourceTransformerInject (line 36) | type resourceTransformerInject struct
method transform (line 154) | func (rt resourceTransformerInject) transform(bytes []byte) ([]byte, [...
method generateReport (line 239) | func (resourceTransformerInject) generateReport(reports []inject.Repor...
function runInjectCmd (line 46) | func runInjectCmd(inputs []io.Reader, errWriter, outWriter io.Writer, tr...
function NewCmdInject (line 50) | func NewCmdInject(overrider inject.ValueOverrider) *cobra.Command {
function uninjectAndInject (line 146) | func uninjectAndInject(inputs []io.Reader, errWriter, outWriter io.Write...
function fetchConfigs (line 359) | func fetchConfigs(ctx context.Context) (*linkerd2.Values, error) {
function getOverrideAnnotations (line 385) | func getOverrideAnnotations(values *linkerd2.Values, base *linkerd2.Valu...
function uintToString (line 507) | func uintToString(v uint64) string {
FILE: cli/cmd/inject_test.go
type testCase (line 20) | type testCase struct
function mkFilename (line 29) | func mkFilename(filename string, verbose bool) string {
function testUninjectAndInject (line 36) | func testUninjectAndInject(t *testing.T, tc testCase) {
function defaultConfig (line 68) | func defaultConfig() *linkerd2.Values {
function TestUninjectAndInject (line 80) | func TestUninjectAndInject(t *testing.T) {
type injectCmd (line 403) | type injectCmd struct
function testInjectCmd (line 412) | func testInjectCmd(t *testing.T, tc injectCmd) {
function TestRunInjectCmd (line 452) | func TestRunInjectCmd(t *testing.T) {
type injectFilePath (line 521) | type injectFilePath struct
function testInjectFilePath (line 528) | func testInjectFilePath(t *testing.T, tc injectFilePath) {
function testReadFromFolder (line 556) | func testReadFromFolder(t *testing.T, resourceFolder string, expectedFol...
function TestInjectFilePath (line 586) | func TestInjectFilePath(t *testing.T) {
function TestToURL (line 631) | func TestToURL(t *testing.T) {
function TestWalk (line 655) | func TestWalk(t *testing.T) {
function TestProxyConfigurationAnnotations (line 700) | func TestProxyConfigurationAnnotations(t *testing.T) {
function TestProxyImageAnnotations (line 759) | func TestProxyImageAnnotations(t *testing.T) {
function TestNoAnnotations (line 785) | func TestNoAnnotations(t *testing.T) {
function TestOverwriteRegistry (line 802) | func TestOverwriteRegistry(t *testing.T) {
function diffOverrides (line 855) | func diffOverrides(t *testing.T, expectedOverrides map[string]string, ac...
FILE: cli/cmd/inject_util.go
type resourceTransformer (line 23) | type resourceTransformer interface
function transformInput (line 29) | func transformInput(inputs []io.Reader, errWriter, outWriter io.Writer, ...
function processYAML (line 54) | func processYAML(in io.Reader, out io.Writer, report io.Writer, rt resou...
function kindIsList (line 117) | func kindIsList(bytes []byte) (bool, error) {
function processList (line 125) | func processList(bytes []byte, rt resourceTransformer) ([]byte, []inject...
function read (line 162) | func read(path string) ([]io.Reader, error) {
function toURL (line 195) | func toURL(path string) (*url.URL, bool) {
function walk (line 206) | func walk(path string) ([]io.Reader, error) {
function concatErrors (line 250) | func concatErrors(errs []error, delimiter string) error {
FILE: cli/cmd/install-cni-plugin.go
constant helmCNIDefaultChartName (line 24) | helmCNIDefaultChartName = "linkerd2-cni"
constant helmCNIDefaultChartDir (line 25) | helmCNIDefaultChartDir = "linkerd2-cni"
type cniPluginImage (line 28) | type cniPluginImage struct
type cniPluginOptions (line 34) | type cniPluginOptions struct
method validate (line 54) | func (options *cniPluginOptions) validate() error {
method pluginImage (line 77) | func (options *cniPluginOptions) pluginImage() cnicharts.Image {
method buildValues (line 190) | func (options *cniPluginOptions) buildValues() (*cnicharts.Values, err...
function newCmdInstallCNIPlugin (line 95) | func newCmdInstallCNIPlugin() *cobra.Command {
function newCNIInstallOptionsWithDefaults (line 149) | func newCNIInstallOptionsWithDefaults() (*cniPluginOptions, error) {
function renderCNIPlugin (line 217) | func renderCNIPlugin(w io.Writer, valOpts values.Options, config *cniPlu...
FILE: cli/cmd/install-cni-plugin_test.go
function TestRenderCNIPlugin (line 11) | func TestRenderCNIPlugin(t *testing.T) {
FILE: cli/cmd/install.go
constant helmDefaultChartNameCrds (line 39) | helmDefaultChartNameCrds = "linkerd-crds"
constant helmDefaultChartNameCP (line 40) | helmDefaultChartNameCP = "linkerd-control-plane"
constant errMsgCannotInitializeClient (line 42) | errMsgCannotInitializeClient = `Unable to install the Linkerd control pl...
constant errMsgLinkerdConfigResourceConflict (line 49) | errMsgLinkerdConfigResourceConflict = "Can't install the Linkerd control...
function newCmdInstall (line 90) | func newCmdInstall() *cobra.Command {
function checkNoConfig (line 190) | func checkNoConfig(ctx context.Context, k8sAPI *k8s.KubernetesAPI) error {
type GatewayAPICRDs (line 209) | type GatewayAPICRDs
constant Absent (line 212) | Absent GatewayAPICRDs = iota
constant Linkerd (line 213) | Linkerd
constant External (line 214) | External
function checkGatewayAPICRDs (line 219) | func checkGatewayAPICRDs(ctx context.Context, k8sAPI *k8s.KubernetesAPI)...
function crdIncludesV1 (line 245) | func crdIncludesV1(crd *v1.CustomResourceDefinition) bool {
function installCRDs (line 254) | func installCRDs(ctx context.Context, k8sAPI *k8s.KubernetesAPI, w io.Wr...
function installControlPlane (line 262) | func installControlPlane(ctx context.Context, k8sAPI *k8s.KubernetesAPI,...
function isRunAsRoot (line 319) | func isRunAsRoot(values map[string]interface{}) bool {
function renderChartToBuffer (line 333) | func renderChartToBuffer(files []*loader.BufferedFile, values map[string...
function updateDefaultValues (line 378) | func updateDefaultValues(installed GatewayAPICRDs, defaultValues map[str...
function validateFinalValues (line 393) | func validateFinalValues(installed GatewayAPICRDs, finalValues map[strin...
function renderCRDs (line 428) | func renderCRDs(ctx context.Context, k *k8s.KubernetesAPI, w io.Writer, ...
function renderControlPlane (line 485) | func renderControlPlane(w io.Writer, values *l5dcharts.Values, valuesOve...
function renderOverrides (line 526) | func renderOverrides(values chartutil.Values, stringData bool) ([]byte, ...
function errAfterRunningChecks (line 571) | func errAfterRunningChecks(cniEnabled bool) error {
function getApiServerPorts (line 599) | func getApiServerPorts(ctx context.Context, api *k8s.KubernetesAPI) stri...
FILE: cli/cmd/install_cni_helm_test.go
function TestRenderCniHelm (line 16) | func TestRenderCniHelm(t *testing.T) {
function testRenderCniHelm (line 60) | func testRenderCniHelm(t *testing.T, chart *chart.Chart, overrideConfig ...
function chartCniPlugin (line 100) | func chartCniPlugin(t *testing.T) *chart.Chart {
function readCniTestValues (line 142) | func readCniTestValues(t *testing.T) ([]byte, error) {
FILE: cli/cmd/install_helm_test.go
function TestRenderHelm (line 20) | func TestRenderHelm(t *testing.T) {
function testRenderHelm (line 99) | func testRenderHelm(t *testing.T, linkerd2Chart *chart.Chart, additional...
function chartCrds (line 204) | func chartCrds(t *testing.T) *chart.Chart {
function chartControlPlane (line 261) | func chartControlPlane(t *testing.T, ha bool, additionalConfig string, i...
function chartPartials (line 328) | func chartPartials(paths []string) *chart.Chart {
function readTestValues (line 353) | func readTestValues(ha bool, ignoreOutboundPorts string, ignoreInboundPo...
FILE: cli/cmd/install_test.go
constant installProxyVersion (line 22) | installProxyVersion = "install-proxy-version"
constant installControlPlaneVersion (line 23) | installControlPlaneVersion = "install-control-plane-version"
constant installDebugVersion (line 24) | installDebugVersion = "install-debug-version"
constant externalGatewayAPIManifest (line 26) | externalGatewayAPIManifest = `---
function TestRender (line 37) | func TestRender(t *testing.T) {
function TestIgnoreCluster (line 317) | func TestIgnoreCluster(t *testing.T) {
function TestGWApi (line 330) | func TestGWApi(t *testing.T) {
function TestValidateAndBuild_Errors (line 463) | func TestValidateAndBuild_Errors(t *testing.T) {
function testInstallOptionsFakeCerts (line 489) | func testInstallOptionsFakeCerts() (*charts.Values, error) {
function testInstallOptions (line 498) | func testInstallOptions() (*charts.Values, error) {
function testInstallOptionsHA (line 502) | func testInstallOptionsHA(ha bool) (*charts.Values, error) {
function testInstallOptionsNoCerts (line 534) | func testInstallOptionsNoCerts(ha bool) (*charts.Values, error) {
function testInstallValues (line 553) | func testInstallValues() (*charts.Values, error) {
function TestValidate (line 583) | func TestValidate(t *testing.T) {
function fakeHeartbeatSchedule (line 785) | func fakeHeartbeatSchedule() string {
function addFakeTLSSecrets (line 789) | func addFakeTLSSecrets(values *charts.Values) {
FILE: cli/cmd/main_test.go
function TestMain (line 16) | func TestMain(m *testing.M) {
FILE: cli/cmd/metrics.go
type metricsOptions (line 13) | type metricsOptions struct
function newMetricsOptions (line 19) | func newMetricsOptions() *metricsOptions {
function newCmdMetrics (line 26) | func newCmdMetrics() *cobra.Command {
FILE: cli/cmd/metrics_diagnostics_util.go
type metricsResult (line 19) | type metricsResult struct
type byResult (line 25) | type byResult
method Len (line 27) | func (s byResult) Len() int {
method Swap (line 30) | func (s byResult) Swap(i, j int) {
method Less (line 33) | func (s byResult) Less(i, j int) bool {
function getAllContainersWithPortSuffix (line 39) | func getAllContainersWithPortSuffix(
function getMetrics (line 61) | func getMetrics(
function obfuscateMetrics (line 134) | func obfuscateMetrics(metrics []byte) ([]byte, error) {
function obfuscate (line 162) | func obfuscate(s string) string {
FILE: cli/cmd/metrics_diagnostics_util_test.go
function TestGetAllContainersWithPort (line 15) | func TestGetAllContainersWithPort(t *testing.T) {
function Test_obfuscateMetrics (line 67) | func Test_obfuscateMetrics(t *testing.T) {
FILE: cli/cmd/options.go
function makeInstallUpgradeFlags (line 33) | func makeInstallUpgradeFlags(defaults *l5dcharts.Values) ([]flag.Flag, *...
function loadCrtPEM (line 176) | func loadCrtPEM(path string) (string, error) {
function loadKeyPEM (line 189) | func loadKeyPEM(path string) (string, error) {
function makeInstallFlags (line 206) | func makeInstallFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.F...
function makeProxyFlags (line 246) | func makeProxyFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.Fla...
function makeInjectFlags (line 429) | func makeInjectFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.Fl...
function validateValues (line 477) | func validateValues(ctx context.Context, k *k8s.KubernetesAPI, values *l...
function validateProxyValues (line 548) | func validateProxyValues(values *l5dcharts.Values) error {
function validatePolicy (line 622) | func validatePolicy(policy string) error {
function initializeIssuerCredentials (line 636) | func initializeIssuerCredentials(ctx context.Context, k *k8s.KubernetesA...
function issuerName (line 673) | func issuerName(trustDomain string) string {
FILE: cli/cmd/policy.go
constant policyPort (line 24) | policyPort = 8090
constant policyDeployment (line 25) | policyDeployment = "linkerd-destination"
function newCmdPolicy (line 28) | func newCmdPolicy() *cobra.Command {
FILE: cli/cmd/profile.go
type profileOptions (line 20) | type profileOptions struct
method validate (line 41) | func (options *profileOptions) validate() error {
function newProfileOptions (line 30) | func newProfileOptions() *profileOptions {
function newCmdProfile (line 73) | func newCmdProfile() *cobra.Command {
function writeProfile (line 148) | func writeProfile(profile *sp.ServiceProfile, w io.Writer, format string...
FILE: cli/cmd/profile_test.go
function TestParseProfile (line 14) | func TestParseProfile(t *testing.T) {
function TestValidateOptions (line 36) | func TestValidateOptions(t *testing.T) {
FILE: cli/cmd/prune.go
function newCmdPrune (line 16) | func newCmdPrune() *cobra.Command {
FILE: cli/cmd/range_slice.go
function validateRangeSlice (line 12) | func validateRangeSlice(rangeSlice []string) error {
function isValidPort (line 41) | func isValidPort(port int) bool {
FILE: cli/cmd/range_slice_test.go
function TestValidateRangeSlice (line 8) | func TestValidateRangeSlice(t *testing.T) {
function assertNoError (line 25) | func assertNoError(t *testing.T, err error) {
function assertError (line 32) | func assertError(t *testing.T, err error, containing string) {
FILE: cli/cmd/root.go
constant defaultLinkerdNamespace (line 22) | defaultLinkerdNamespace = "linkerd"
constant defaultCNINamespace (line 23) | defaultCNINamespace = "linkerd-cni"
constant defaultClusterDomain (line 24) | defaultClusterDomain = "cluster.local"
constant jsonOutput (line 26) | jsonOutput = pkgcmd.JsonOutput
constant yamlOutput (line 27) | yamlOutput = pkgcmd.YamlOutput
constant tableOutput (line 28) | tableOutput = healthcheck.TableOutput
constant shortOutput (line 29) | shortOutput = healthcheck.ShortOutput
function NewRootCmd (line 71) | func NewRootCmd() *cobra.Command {
function deprecateCmd (line 145) | func deprecateCmd(cmd *cobra.Command) *cobra.Command {
function flattenFlags (line 150) | func flattenFlags(flags ...[]flag.Flag) []flag.Flag {
FILE: cli/cmd/test_helper.go
type diff (line 14) | type diff struct
method String (line 50) | func (d diff) String() string {
function splitManifests (line 21) | func splitManifests(manifest string) []string {
function isManifestEmpty (line 32) | func isManifestEmpty(manifest string) bool {
function manifestKey (line 43) | func manifestKey(m manifest) string {
function parseManifestList (line 56) | func parseManifestList(in string) map[string]manifest {
function diffManifest (line 67) | func diffManifest(a manifest, b manifest, path []string) []diff {
function diffArray (line 137) | func diffArray(a, b []interface{}, path []string) []diff {
function diffManifestLists (line 182) | func diffManifestLists(a map[string]manifest, b map[string]manifest) map...
function extend (line 212) | func extend(slice []string, next string) []string {
FILE: cli/cmd/uninject.go
type resourceTransformerUninject (line 13) | type resourceTransformerUninject struct
method transform (line 69) | func (rt resourceTransformerUninject) transform(bytes []byte) ([]byte,...
method generateReport (line 93) | func (resourceTransformerUninject) generateReport(reports []inject.Rep...
type resourceTransformerUninjectSilent (line 17) | type resourceTransformerUninjectSilent struct
method transform (line 89) | func (rt resourceTransformerUninjectSilent) transform(bytes []byte) ([...
method generateReport (line 113) | func (resourceTransformerUninjectSilent) generateReport(reports []inje...
function runUninjectCmd (line 21) | func runUninjectCmd(inputs []io.Reader, errWriter, outWriter io.Writer, ...
function runUninjectSilentCmd (line 25) | func runUninjectSilentCmd(inputs []io.Reader, errWriter, outWriter io.Wr...
function newCmdUninject (line 29) | func newCmdUninject() *cobra.Command {
FILE: cli/cmd/uninject_test.go
function TestUninjectYAML (line 16) | func TestUninjectYAML(t *testing.T) {
FILE: cli/cmd/uninstall.go
constant yamlSep (line 15) | yamlSep = "---\n"
function newCmdUninstall (line 18) | func newCmdUninstall() *cobra.Command {
FILE: cli/cmd/upgrade.go
constant failMessage (line 29) | failMessage = "For troubleshooting help, visit: https://linke...
constant trustRootChangeMessage (line 30) | trustRootChangeMessage = "Rotating the trust anchors will affect existin...
function newCmdUpgrade (line 48) | func newCmdUpgrade() *cobra.Command {
function makeConfigClient (line 131) | func makeConfigClient(k *k8s.KubernetesAPI, localManifestPath string) (*...
function makeUpgradeFlags (line 153) | func makeUpgradeFlags() *pflag.FlagSet {
function upgradeControlPlaneRunE (line 167) | func upgradeControlPlaneRunE(ctx context.Context, k *k8s.KubernetesAPI, ...
function upgradeCRDs (line 201) | func upgradeCRDs(ctx context.Context, k *k8s.KubernetesAPI, options valu...
function upgradeControlPlane (line 209) | func upgradeControlPlane(ctx context.Context, k *k8s.KubernetesAPI, flag...
function loadStoredValues (line 264) | func loadStoredValues(ctx context.Context, k *k8s.KubernetesAPI) (*l5dch...
function upgradeErrorf (line 301) | func upgradeErrorf(format string, a ...interface{}) {
function ensureIssuerCertWorksWithAllProxies (line 307) | func ensureIssuerCertWorksWithAllProxies(ctx context.Context, k *k8s.Kub...
FILE: cli/cmd/upgrade_test.go
constant upgradeProxyVersion (line 24) | upgradeProxyVersion = "UPGRADE-PROXY-VERSION"
constant upgradeControlPlaneVersion (line 25) | upgradeControlPlaneVersion = "UPGRADE-CONTROL-PLANE-VERSION"
constant upgradeDebugVersion (line 26) | upgradeDebugVersion = "UPGRADE-DEBUG-VERSION"
constant overridesSecret (line 27) | overridesSecret = "Secret/linkerd-config-overrides"
constant linkerdConfigMap (line 28) | linkerdConfigMap = "ConfigMap/linkerd-config"
type issuerCerts (line 32) | type issuerCerts struct
method cleanup (line 589) | func (ic issuerCerts) cleanup() {
type flagOptions (line 41) | type flagOptions struct
function TestUpgradeDefault (line 56) | func TestUpgradeDefault(t *testing.T) {
function TestUpgradeHA (line 76) | func TestUpgradeHA(t *testing.T) {
function TestUpgradeExternalIssuer (line 97) | func TestUpgradeExternalIssuer(t *testing.T) {
function TestUpgradeIssuerWithExternalIssuerFails (line 137) | func TestUpgradeIssuerWithExternalIssuerFails(t *testing.T) {
function TestUpgradeOverwriteIssuer (line 166) | func TestUpgradeOverwriteIssuer(t *testing.T) {
function TestUpgradeFailsWithOnlyIssuerCert (line 249) | func TestUpgradeFailsWithOnlyIssuerCert(t *testing.T) {
function TestUpgradeFailsWithOnlyIssuerKey (line 267) | func TestUpgradeFailsWithOnlyIssuerKey(t *testing.T) {
function TestUpgradeRootFailsWithOldPods (line 285) | func TestUpgradeRootFailsWithOldPods(t *testing.T) {
function TestUpgradeWebhookCrtsNameChange (line 309) | func TestUpgradeWebhookCrtsNameChange(t *testing.T) {
function TestUpgradeCRDsWithGatewayAPI (line 348) | func TestUpgradeCRDsWithGatewayAPI(t *testing.T) {
function TestUpgradeCRDsWithExternalGatewayAPI (line 369) | func TestUpgradeCRDsWithExternalGatewayAPI(t *testing.T) {
function TestUpgradeCRDsWithUnsupportedGatewayAPIVersion (line 400) | func TestUpgradeCRDsWithUnsupportedGatewayAPIVersion(t *testing.T) {
function replaceK8sSecrets (line 429) | func replaceK8sSecrets(input string) string {
function TestUpgradeTwoLevelWebhookCrts (line 440) | func TestUpgradeTwoLevelWebhookCrts(t *testing.T) {
function testUpgradeOptions (line 478) | func testUpgradeOptions() (flagOptions, error) {
function testOptions (line 507) | func testOptions(t *testing.T) (*charts.Values, flagOptions) {
function replaceVersions (line 521) | func replaceVersions(manifest string) string {
function generateIssuerCerts (line 528) | func generateIssuerCerts(t *testing.T, b64encode bool) issuerCerts {
function generateCerts (line 533) | func generateCerts(t *testing.T, name string, b64encode bool) issuerCerts {
function externalIssuerSecret (line 595) | func externalIssuerSecret(certs issuerCerts) string {
function indentLines (line 610) | func indentLines(s string, prefix string) string {
function podWithSidecar (line 618) | func podWithSidecar(certs issuerCerts) string {
function isProxyEnvDiff (line 641) | func isProxyEnvDiff(path []string) bool {
function pathMatch (line 646) | func pathMatch(path []string, template []string) bool {
function renderInstall (line 658) | func renderInstall(t *testing.T, values *charts.Values) *bytes.Buffer {
function renderUpgrade (line 671) | func renderUpgrade(installManifest string, upgradeOpts []flag.Flag, temp...
function renderInstallAndUpgrade (line 686) | func renderInstallAndUpgrade(t *testing.T, installOpts *charts.Values, u...
function ignorableDiff (line 699) | func ignorableDiff(id string, diff diff) bool {
FILE: cli/cmd/version.go
constant defaultVersionString (line 17) | defaultVersionString = "unavailable"
type versionOptions (line 19) | type versionOptions struct
function newVersionOptions (line 26) | func newVersionOptions() *versionOptions {
function newCmdVersion (line 35) | func newCmdVersion() *cobra.Command {
function configureAndRunVersion (line 65) | func configureAndRunVersion(
FILE: cli/flag/flag.go
type Flag (line 15) | type Flag interface
type UintFlag (line 22) | type UintFlag struct
method Apply (line 155) | func (flag *UintFlag) Apply(values *charts.Values) error {
method IsSet (line 160) | func (flag *UintFlag) IsSet() bool {
method Name (line 165) | func (flag *UintFlag) Name() string {
type Int64Flag (line 30) | type Int64Flag struct
method Apply (line 170) | func (flag *Int64Flag) Apply(values *charts.Values) error {
method IsSet (line 175) | func (flag *Int64Flag) IsSet() bool {
method Name (line 180) | func (flag *Int64Flag) Name() string {
type StringFlag (line 38) | type StringFlag struct
method Apply (line 185) | func (flag *StringFlag) Apply(values *charts.Values) error {
method Set (line 190) | func (flag *StringFlag) Set(value string) error {
method IsSet (line 195) | func (flag *StringFlag) IsSet() bool {
method Name (line 200) | func (flag *StringFlag) Name() string {
type StringSliceFlag (line 46) | type StringSliceFlag struct
method Apply (line 205) | func (flag *StringSliceFlag) Apply(values *charts.Values) error {
method IsSet (line 210) | func (flag *StringSliceFlag) IsSet() bool {
method Name (line 215) | func (flag *StringSliceFlag) Name() string {
type BoolFlag (line 54) | type BoolFlag struct
method Apply (line 220) | func (flag *BoolFlag) Apply(values *charts.Values) error {
method IsSet (line 225) | func (flag *BoolFlag) IsSet() bool {
method Name (line 230) | func (flag *BoolFlag) Name() string {
type DurationFlag (line 62) | type DurationFlag struct
method Apply (line 235) | func (flag *DurationFlag) Apply(values *charts.Values) error {
method IsSet (line 240) | func (flag *DurationFlag) IsSet() bool {
method Name (line 245) | func (flag *DurationFlag) Name() string {
function NewUintFlag (line 72) | func NewUintFlag(flagSet *pflag.FlagSet, name string, defaultValue uint,...
function NewInt64Flag (line 84) | func NewInt64Flag(flagSet *pflag.FlagSet, name string, defaultValue int6...
function NewStringFlag (line 96) | func NewStringFlag(flagSet *pflag.FlagSet, name string, defaultValue str...
function NewStringSliceFlag (line 108) | func NewStringSliceFlag(flagSet *pflag.FlagSet, name string, defaultValu...
function NewStringFlagP (line 120) | func NewStringFlagP(flagSet *pflag.FlagSet, name string, short string, d...
function NewBoolFlag (line 132) | func NewBoolFlag(flagSet *pflag.FlagSet, name string, defaultValue bool,...
function NewDurationFlag (line 144) | func NewDurationFlag(flagSet *pflag.FlagSet, name string, defaultValue t...
function ApplySetFlags (line 252) | func ApplySetFlags(values *charts.Values, flags []Flag) error {
FILE: cli/main.go
function main (line 12) | func main() {
FILE: cli/table/table.go
type Table (line 13) | type Table struct
method Render (line 63) | func (t *Table) Render(w io.Writer) {
method columnWidths (line 72) | func (t *Table) columnWidths() []int {
method sort (line 88) | func (t *Table) sort() {
method renderRow (line 104) | func (t *Table) renderRow(w io.Writer, row Row, columnWidths []int) {
method headerRow (line 133) | func (t *Table) headerRow() Row {
type Column (line 24) | type Column struct
method WithLeftAlign (line 57) | func (c Column) WithLeftAlign() Column {
constant defaultColumnSpacing (line 35) | defaultColumnSpacing = " "
function NewTable (line 38) | func NewTable(cols []Column, data []Row) Table {
function NewColumn (line 48) | func NewColumn(header string) Column {
FILE: controller/api/destination/client.go
constant destinationPort (line 14) | destinationPort = 8086
constant destinationDeployment (line 15) | destinationDeployment = "linkerd-destination"
function NewClient (line 20) | func NewClient(addr string) (pb.DestinationClient, *grpc.ClientConn, err...
function NewExternalClient (line 31) | func NewExternalClient(ctx context.Context, controlPlaneNamespace string...
FILE: controller/api/destination/dedup_profile_listener.go
type dedupProfileListener (line 9) | type dedupProfileListener struct
method Update (line 23) | func (p *dedupProfileListener) Update(profile *sp.ServiceProfile) {
function newDedupProfileListener (line 16) | func newDedupProfileListener(
FILE: controller/api/destination/default_profile_listener.go
type defaultProfileListener (line 9) | type defaultProfileListener struct
method Update (line 23) | func (p *defaultProfileListener) Update(profile *sp.ServiceProfile) {
function newDefaultProfileListener (line 15) | func newDefaultProfileListener(
FILE: controller/api/destination/destination_fuzzer.go
function init (line 14) | func init() {
function FuzzAdd (line 19) | func FuzzAdd(data []byte) int {
function FuzzGet (line 36) | func FuzzGet(data []byte) int {
function FuzzGetProfile (line 67) | func FuzzGetProfile(data []byte) int {
function FuzzProfileTranslatorUpdate (line 86) | func FuzzProfileTranslatorUpdate(data []byte) int {
FILE: controller/api/destination/endpoint_profile_translator.go
type endpointProfileTranslator (line 14) | type endpointProfileTranslator struct
method Start (line 81) | func (ept *endpointProfileTranslator) Start() {
method Stop (line 95) | func (ept *endpointProfileTranslator) Stop() {
method Update (line 101) | func (ept *endpointProfileTranslator) Update(address *watcher.Address)...
method queueLen (line 122) | func (ept *endpointProfileTranslator) queueLen() int {
method update (line 126) | func (ept *endpointProfileTranslator) update(address *watcher.Address) {
method createEndpoint (line 161) | func (ept *endpointProfileTranslator) createEndpoint(address watcher.A...
function newEndpointProfileTranslator (line 47) | func newEndpointProfileTranslator(
FILE: controller/api/destination/endpoint_profile_translator_test.go
function TestEndpointProfileTranslator (line 17) | func TestEndpointProfileTranslator(t *testing.T) {
FILE: controller/api/destination/endpoint_translator.go
constant defaultWeight (line 22) | defaultWeight uint32 = 10000
constant envInboundListenAddr (line 26) | envInboundListenAddr = "LINKERD2_PROXY_INBOUND_LISTEN_ADDR"
constant envAdminListenAddr (line 27) | envAdminListenAddr = "LINKERD2_PROXY_ADMIN_LISTEN_ADDR"
constant envControlListenAddr (line 28) | envControlListenAddr = "LINKERD2_PROXY_CONTROL_LISTEN_ADDR"
constant defaultProxyInboundPort (line 30) | defaultProxyInboundPort = 4143
type endpointTranslator (line 36) | type endpointTranslator struct
method Add (line 146) | func (et *endpointTranslator) Add(set watcher.AddressSet) {
method Remove (line 150) | func (et *endpointTranslator) Remove(set watcher.AddressSet) {
method NoEndpoints (line 154) | func (et *endpointTranslator) NoEndpoints(exists bool) {
method enqueueUpdate (line 164) | func (et *endpointTranslator) enqueueUpdate(update interface{}) {
method Start (line 187) | func (et *endpointTranslator) Start() {
method Stop (line 204) | func (et *endpointTranslator) Stop() {
method DrainAndStop (line 210) | func (et *endpointTranslator) DrainAndStop() {
method processUpdate (line 214) | func (et *endpointTranslator) processUpdate(update interface{}) {
method add (line 225) | func (et *endpointTranslator) add(set watcher.AddressSet) {
method remove (line 236) | func (et *endpointTranslator) remove(set watcher.AddressSet) {
method noEndpoints (line 244) | func (et *endpointTranslator) noEndpoints(exists bool) {
method sendFilteredUpdate (line 252) | func (et *endpointTranslator) sendFilteredUpdate() {
method selectAddressFamily (line 267) | func (et *endpointTranslator) selectAddressFamily(addresses watcher.Ad...
method filterAddresses (line 300) | func (et *endpointTranslator) filterAddresses() watcher.AddressSet {
method diffEndpoints (line 383) | func (et *endpointTranslator) diffEndpoints(filtered watcher.AddressSe...
method sendClientAdd (line 412) | func (et *endpointTranslator) sendClientAdd(set watcher.AddressSet) {
method sendClientRemove (line 509) | func (et *endpointTranslator) sendClientRemove(set watcher.AddressSet) {
type addUpdate (line 63) | type addUpdate struct
type removeUpdate (line 67) | type removeUpdate struct
type noEndpointsUpdate (line 71) | type noEndpointsUpdate struct
function newEndpointTranslator (line 86) | func newEndpointTranslator(
function toAddr (line 532) | func toAddr(address watcher.Address) (*net.TcpAddress, error) {
function createWeightedAddrForExternalWorkload (line 543) | func createWeightedAddrForExternalWorkload(
function createWeightedAddr (line 614) | func createWeightedAddr(
function getNodeTopologyZone (line 716) | func getNodeTopologyZone(k8sAPI *k8s.MetadataAPI, srcNode string) (strin...
function newEmptyAddressSet (line 727) | func newEmptyAddressSet() watcher.AddressSet {
function getInboundPort (line 736) | func getInboundPort(podSpec *corev1.PodSpec) (uint32, error) {
function getPodMetaPorts (line 748) | func getPodMetaPorts(podSpec *corev1.PodSpec) (map[uint32]struct{}, erro...
function getPodPorts (line 763) | func getPodPorts(podSpec *corev1.PodSpec, addrEnvNames map[string]struct...
function getInboundPortFromExternalWorkload (line 799) | func getInboundPortFromExternalWorkload(ewSpec *ewv1beta1.ExternalWorklo...
FILE: controller/api/destination/endpoint_translator_test.go
function TestEndpointTranslatorForRemoteGateways (line 511) | func TestEndpointTranslatorForRemoteGateways(t *testing.T) {
function TestEndpointTranslatorForPods (line 645) | func TestEndpointTranslatorForPods(t *testing.T) {
function TestEndpointTranslatorExternalWorkloads (line 881) | func TestEndpointTranslatorExternalWorkloads(t *testing.T) {
function TestEndpointTranslatorTopologyAwareFilter (line 1066) | func TestEndpointTranslatorTopologyAwareFilter(t *testing.T) {
function TestEndpointTranslatorExperimentalZoneWeights (line 1087) | func TestEndpointTranslatorExperimentalZoneWeights(t *testing.T) {
function TestEndpointTranslatorForLocalTrafficPolicy (line 1140) | func TestEndpointTranslatorForLocalTrafficPolicy(t *testing.T) {
function TestConcurrency (line 1188) | func TestConcurrency(t *testing.T) {
function TestGetInboundPort (line 1206) | func TestGetInboundPort(t *testing.T) {
function mkAddressSetForServices (line 1239) | func mkAddressSetForServices(gatewayAddresses ...watcher.Address) watche...
function mkAddressSetForPods (line 1258) | func mkAddressSetForPods(t *testing.T, podAddresses ...watcher.Address) ...
function mkAddressSetForExternalWorkloads (line 1287) | func mkAddressSetForExternalWorkloads(ewAddresses ...watcher.Address) wa...
function checkAddressAndWeight (line 1299) | func checkAddressAndWeight(t *testing.T, actual *pb.WeightedAddr, expect...
function checkAddress (line 1308) | func checkAddress(t *testing.T, actual *net.TcpAddress, expected watcher...
FILE: controller/api/destination/external-workload/controller_util.go
method getServicesToUpdateOnExternalWorkloadChange (line 13) | func (ec *EndpointsController) getServicesToUpdateOnExternalWorkloadChan...
function determineNeededServiceUpdates (line 56) | func determineNeededServiceUpdates(oldServices, services sets.Set[string...
method getExternalWorkloadSvcMembership (line 71) | func (ec *EndpointsController) getExternalWorkloadSvcMembership(workload...
method getEndpointSliceFromDeleteAction (line 102) | func (ec *EndpointsController) getEndpointSliceFromDeleteAction(obj inte...
method getExternalWorkloadFromDeleteAction (line 123) | func (ec *EndpointsController) getExternalWorkloadFromDeleteAction(obj i...
function ewEndpointsChanged (line 146) | func ewEndpointsChanged(oldEw, newEw *ewv1beta1.ExternalWorkload) (bool,...
function managedByController (line 205) | func managedByController(es *discoveryv1.EndpointSlice) bool {
function managedByChanged (line 210) | func managedByChanged(endpointSlice1, endpointSlice2 *discoveryv1.Endpoi...
function IsEwReady (line 214) | func IsEwReady(ew *ewv1beta1.ExternalWorkload) bool {
FILE: controller/api/destination/external-workload/endpoints_controller.go
constant leaseName (line 28) | leaseName = "linkerd-destination-endpoint-write"
constant leaseDuration (line 32) | leaseDuration = 30 * time.Second
constant leaseRenewDeadline (line 36) | leaseRenewDeadline = 10 * time.Second
constant leaseRetryPeriod (line 40) | leaseRetryPeriod = 2 * time.Second
constant managedBy (line 44) | managedBy = "linkerd-external-workloads-controller"
constant maxEndpointsQuota (line 47) | maxEndpointsQuota = 100
constant maxRetryBudget (line 50) | maxRetryBudget = 15
type EndpointsController (line 56) | type EndpointsController struct
method addHandlers (line 174) | func (ec *EndpointsController) addHandlers() error {
method removeHandlers (line 219) | func (ec *EndpointsController) removeHandlers() error {
method Start (line 252) | func (ec *EndpointsController) Start() {
method processQueue (line 298) | func (ec *EndpointsController) processQueue() {
method handleError (line 323) | func (ec *EndpointsController) handleError(err error, key string) {
method syncService (line 344) | func (ec *EndpointsController) syncService(update string) error {
method onServiceUpdate (line 409) | func (ec *EndpointsController) onServiceUpdate(obj interface{}) {
method onEndpointSliceAdd (line 432) | func (ec *EndpointsController) onEndpointSliceAdd(obj interface{}) {
method onEndpointSliceUpdate (line 448) | func (ec *EndpointsController) onEndpointSliceUpdate(prevObj, obj inte...
method onEndpointSliceDelete (line 476) | func (ec *EndpointsController) onEndpointSliceDelete(obj interface{}) {
method queueServiceForEndpointSlice (line 489) | func (ec *EndpointsController) queueServiceForEndpointSlice(endpointSl...
method onAddExternalWorkload (line 499) | func (ec *EndpointsController) onAddExternalWorkload(obj interface{}) {
method onUpdateExternalWorkload (line 517) | func (ec *EndpointsController) onUpdateExternalWorkload(old, cur inter...
method onDeleteExternalWorkload (line 525) | func (ec *EndpointsController) onDeleteExternalWorkload(obj interface{...
type informerHandlers (line 73) | type informerHandlers struct
function NewEndpointsController (line 96) | func NewEndpointsController(k8sAPI *k8s.API, hostname, controllerNs stri...
function dropEndpointSlicesPendingDeletion (line 532) | func dropEndpointSlicesPendingDeletion(endpointSlices []*discoveryv1.End...
FILE: controller/api/destination/external-workload/endpoints_controller_test.go
type endpointSliceController (line 24) | type endpointSliceController struct
function newController (line 31) | func newController(t *testing.T) (*k8s.API, func() []k8stesting.Action, ...
function newExternalWorkload (line 53) | func newExternalWorkload(n int, namespace string, ready bool, terminatin...
function TestSyncServiceNoSelector (line 100) | func TestSyncServiceNoSelector(t *testing.T) {
function TestServiceExternalNameTypeSync (line 121) | func TestServiceExternalNameTypeSync(t *testing.T) {
function TestSyncServicePendingDeletion (line 206) | func TestSyncServicePendingDeletion(t *testing.T) {
function TestSyncServiceExternalWorkloadSelection (line 229) | func TestSyncServiceExternalWorkloadSelection(t *testing.T) {
function TestSyncServiceEndpointSlicePendingDeletion (line 263) | func TestSyncServiceEndpointSlicePendingDeletion(t *testing.T) {
function makeExternalWorkload (line 312) | func makeExternalWorkload(resVersion, name string, labels map[string]str...
function TestSyncService (line 358) | func TestSyncService(t *testing.T) {
function TestEwEndpointsChanged (line 905) | func TestEwEndpointsChanged(t *testing.T) {
function TestWorkloadServicesToUpdate (line 1087) | func TestWorkloadServicesToUpdate(t *testing.T) {
function TestLeaderElectionSyncsState (line 1268) | func TestLeaderElectionSyncsState(t *testing.T) {
function protoPtr (line 1337) | func protoPtr(proto v1.Protocol) *v1.Protocol {
function newStatusCondition (line 1341) | func newStatusCondition(ready bool) ewv1beta1.WorkloadCondition {
function expectActions (line 1359) | func expectActions(t *testing.T, actions []k8stesting.Action, num int, v...
function createService (line 1377) | func createService(t *testing.T, esController *endpointSliceController, ...
function standardSyncService (line 1400) | func standardSyncService(t *testing.T, esController *endpointSliceContro...
FILE: controller/api/destination/external-workload/endpoints_reconciler.go
type endpointsReconciler (line 27) | type endpointsReconciler struct
method reconcile (line 73) | func (r *endpointsReconciler) reconcile(svc *corev1.Service, ews []*ew...
method reconcileByAddressType (line 121) | func (r *endpointsReconciler) reconcileByAddressType(svc *corev1.Servi...
method reconcileEndpointsByPortMap (line 202) | func (r *endpointsReconciler) reconcileEndpointsByPortMap(svc *corev1....
method finalize (line 353) | func (r *endpointsReconciler) finalize(svc *corev1.Service, slicesToCr...
method findEndpointPorts (line 603) | func (r *endpointsReconciler) findEndpointPorts(svc *corev1.Service, e...
type endpointMeta (line 42) | type endpointMeta struct
function newEndpointsReconciler (line 49) | func newEndpointsReconciler(k8sAPI *k8s.API, controllerName string, maxE...
function newEndpointSlice (line 430) | func newEndpointSlice(svc *corev1.Service, meta *endpointMeta, controlle...
function getSliceToFill (line 452) | func getSliceToFill(slices []*discoveryv1.EndpointSlice, numEndpoints, m...
function setEndpointSliceLabels (line 477) | func setEndpointSliceLabels(es *discoveryv1.EndpointSlice, service *core...
function externalWorkloadToEndpoint (line 537) | func externalWorkloadToEndpoint(addrType discoveryv1.AddressType, ew *ew...
function ownedBy (line 592) | func ownedBy(slice *discoveryv1.EndpointSlice, svc *corev1.Service) bool {
function findWorkloadPort (line 642) | func findWorkloadPort(ew *ewv1beta1.ExternalWorkload, svcPort *corev1.Se...
function getSupportedAddressTypes (line 669) | func getSupportedAddressTypes(svc *corev1.Service) map[discoveryv1.Addre...
FILE: controller/api/destination/external-workload/endpoints_reconciler_test.go
type IP (line 28) | type IP struct
function TestReconcilerCreatesNewEndpointSlices (line 58) | func TestReconcilerCreatesNewEndpointSlices(t *testing.T) {
function TestReconcilerCreatesNewEndpointSliceHeadless (line 143) | func TestReconcilerCreatesNewEndpointSliceHeadless(t *testing.T) {
function TestReconcilerUpdatesEndpointSlice (line 195) | func TestReconcilerUpdatesEndpointSlice(t *testing.T) {
function getEndpoints (line 256) | func getEndpoints(
function TestReconcilerUpdatesEndpointSliceInPlace (line 280) | func TestReconcilerUpdatesEndpointSliceInPlace(t *testing.T) {
function TestReconcileEndpointSlicesNamedPorts (line 343) | func TestReconcileEndpointSlicesNamedPorts(t *testing.T) {
function TestReconcileManyWorkloads (line 396) | func TestReconcileManyWorkloads(t *testing.T) {
function TestReconcileEndpointSlicesSomePreexisting (line 424) | func TestReconcileEndpointSlicesSomePreexisting(t *testing.T) {
function TestReconcileEndpointSlicesUpdatingSvc (line 482) | func TestReconcileEndpointSlicesUpdatingSvc(t *testing.T) {
function TestReconcileEndpointSlicesLabelsUpdatingSvc (line 521) | func TestReconcileEndpointSlicesLabelsUpdatingSvc(t *testing.T) {
function TestReconcileEndpointSlicesReservedLabelsSvc (line 561) | func TestReconcileEndpointSlicesReservedLabelsSvc(t *testing.T) {
function TestEndpointSlicesAreRecycled (line 609) | func TestEndpointSlicesAreRecycled(t *testing.T) {
function newClientset (line 669) | func newClientset(t *testing.T, k8sConfigs []string) (*k8s.API, func() [...
function makeDualEndpointSlices (line 679) | func makeDualEndpointSlices(svc *corev1.Service, ports []discoveryv1.End...
function makeEndpointSlice (line 685) | func makeEndpointSlice(svc *corev1.Service, addrType discoveryv1.Address...
function expectSlicesWithLengths (line 706) | func expectSlicesWithLengths(t *testing.T, expectedLengths []int, es []d...
function diffEndpointSlicePorts (line 730) | func diffEndpointSlicePorts(t *testing.T, expected, actual []discoveryv1...
function endpointSliceAsYaml (line 770) | func endpointSliceAsYaml(t *testing.T, es *discoveryv1.EndpointSlice) st...
function makeService (line 789) | func makeService(
function makeEndpoint (line 811) | func makeEndpoint(addrs []string, isReady bool, ew *ewv1beta1.ExternalWo...
function fetchEndpointSlices (line 831) | func fetchEndpointSlices(t *testing.T, k8sAPI *k8s.API, svc *corev1.Serv...
function diffEndpoints (line 847) | func diffEndpoints(t *testing.T, actual, expected discoveryv1.Endpoint) {
type cacheMutationCheck (line 911) | type cacheMutationCheck struct
method Add (line 933) | func (cmc *cacheMutationCheck) Add(o runtime.Object) {
method Check (line 941) | func (cmc *cacheMutationCheck) Check(t *testing.T) {
type cacheObject (line 917) | type cacheObject struct
function newCacheMutationCheck (line 923) | func newCacheMutationCheck(endpointSlices []*discoveryv1.EndpointSlice) ...
function toSet (line 951) | func toSet(s []string) map[string]struct{} {
FILE: controller/api/destination/external-workload/queue_metrics.go
constant WorkQueueSubsystem (line 18) | WorkQueueSubsystem = "workqueue"
constant DepthKey (line 19) | DepthKey = "depth"
constant AddsKey (line 20) | AddsKey = "adds_total"
constant QueueLatencyKey (line 21) | QueueLatencyKey = "queue_duration_seconds"
constant WorkDurationKey (line 22) | WorkDurationKey = "work_duration_seconds"
constant UnfinishedWorkKey (line 23) | UnfinishedWorkKey = "unfinished_work_seconds"
constant LongestRunningProcessorKey (line 24) | LongestRunningProcessorKey = "longest_running_processor_seconds"
constant RetriesKey (line 25) | RetriesKey = "retries_total"
constant DropsTotalKey (line 26) | DropsTotalKey = "drops_total"
type queueMetricsProvider (line 29) | type queueMetricsProvider struct
method NewDepthMetric (line 97) | func (p queueMetricsProvider) NewDepthMetric(name string) workqueue.Ga...
method NewAddsMetric (line 101) | func (p queueMetricsProvider) NewAddsMetric(name string) workqueue.Cou...
method NewLatencyMetric (line 105) | func (p queueMetricsProvider) NewLatencyMetric(name string) workqueue....
method NewWorkDurationMetric (line 109) | func (p queueMetricsProvider) NewWorkDurationMetric(name string) workq...
method NewUnfinishedWorkSecondsMetric (line 113) | func (p queueMetricsProvider) NewUnfinishedWorkSecondsMetric(name stri...
method NewLongestRunningProcessorSecondsMetric (line 117) | func (p queueMetricsProvider) NewLongestRunningProcessorSecondsMetric(...
method NewRetriesMetric (line 121) | func (p queueMetricsProvider) NewRetriesMetric(name string) workqueue....
method NewDropsMetric (line 125) | func (p queueMetricsProvider) NewDropsMetric(name string) workqueue.Co...
function newWorkQueueMetricsProvider (line 40) | func newWorkQueueMetricsProvider() *queueMetricsProvider {
type noopCounterMetric (line 129) | type noopCounterMetric struct
method Inc (line 131) | func (noopCounterMetric) Inc() {}
FILE: controller/api/destination/fallback_profile_listener.go
type fallbackProfileListener (line 11) | type fallbackProfileListener struct
method publish (line 67) | func (f *fallbackProfileListener) publish() {
type childListener (line 18) | type childListener struct
method Update (line 87) | func (p *childListener) Update(profile *sp.ServiceProfile) {
function newFallbackProfileListener (line 40) | func newFallbackProfileListener(
FILE: controller/api/destination/fallback_profile_listener_test.go
type mockListener (line 12) | type mockListener struct
method Update (line 16) | func (m *mockListener) Update(profile *sp.ServiceProfile) {
method ClientClose (line 20) | func (m *mockListener) ClientClose() <-chan struct{} {
method ServerClose (line 24) | func (m *mockListener) ServerClose() <-chan struct{} {
method Stop (line 28) | func (m *mockListener) Stop() {}
function TestFallbackProfileListener (line 30) | func TestFallbackProfileListener(t *testing.T) {
function newListeners (line 100) | func newListeners() (watcher.ProfileUpdateListener, watcher.ProfileUpdat...
function assertEq (line 109) | func assertEq(t *testing.T, received []*sp.ServiceProfile, expected []*s...
FILE: controller/api/destination/federated_service_watcher.go
type federatedServiceWatcher (line 21) | type federatedServiceWatcher struct
method Subscribe (line 104) | func (fsw *federatedServiceWatcher) Subscribe(
method Unsubscribe (line 126) | func (fsw *federatedServiceWatcher) Unsubscribe(
method addService (line 142) | func (fsw *federatedServiceWatcher) addService(obj interface{}) {
method updateService (line 175) | func (fsw *federatedServiceWatcher) updateService(oldObj interface{}, ...
method deleteService (line 179) | func (fsw *federatedServiceWatcher) deleteService(obj interface{}) {
method newFederatedService (line 209) | func (fsw *federatedServiceWatcher) newFederatedService(service *corev...
type remoteDiscoveryID (line 34) | type remoteDiscoveryID struct
type federatedService (line 42) | type federatedService struct
method update (line 225) | func (fs *federatedService) update(service *corev1.Service) {
method delete (line 264) | func (fs *federatedService) delete() {
method subscribe (line 286) | func (fs *federatedService) subscribe(
method unsubscribe (line 318) | func (fs *federatedService) unsubscribe(
method remoteDiscoverySubscribe (line 341) | func (fs *federatedService) remoteDiscoverySubscribe(
method remoteDiscoveryUnsubscribe (line 384) | func (fs *federatedService) remoteDiscoveryUnsubscribe(
method localDiscoverySubscribe (line 402) | func (fs *federatedService) localDiscoverySubscribe(
method localDiscoveryUnsubscribe (line 438) | func (fs *federatedService) localDiscoveryUnsubscribe(
type federatedServiceSubscriber (line 60) | type federatedServiceSubscriber struct
function newFederatedServiceWatcher (line 72) | func newFederatedServiceWatcher(
function remoteDiscoveryIDs (line 452) | func remoteDiscoveryIDs(service *corev1.Service, log *logging.Entry) []r...
function isFederatedService (line 479) | func isFederatedService(service *corev1.Service) bool {
FILE: controller/api/destination/federated_service_watcher_test.go
function TestFederatedService (line 20) | func TestFederatedService(t *testing.T) {
function TestRemoteJoinFederatedService (line 37) | func TestRemoteJoinFederatedService(t *testing.T) {
function TestRemoteLeaveFederatedService (line 65) | func TestRemoteLeaveFederatedService(t *testing.T) {
function TestLocalLeaveFederatedService (line 93) | func TestLocalLeaveFederatedService(t *testing.T) {
function mockFederatedServiceWatcher (line 129) | func mockFederatedServiceWatcher(t *testing.T) (*federatedServiceWatcher...
function assertUpdatesContains (line 180) | func assertUpdatesContains(t *testing.T, updates []*pb.Update, pod, addr...
function assertUpdatesRemoves (line 193) | func assertUpdatesRemoves(t *testing.T, updates []*pb.Update, address st...
FILE: controller/api/destination/opaque_ports_adaptor.go
type opaquePortsAdaptor (line 12) | type opaquePortsAdaptor struct
method Update (line 24) | func (opa *opaquePortsAdaptor) Update(profile *sp.ServiceProfile) {
method UpdateService (line 29) | func (opa *opaquePortsAdaptor) UpdateService(ports map[uint32]struct{}) {
method publish (line 34) | func (opa *opaquePortsAdaptor) publish() {
function newOpaquePortsAdaptor (line 18) | func newOpaquePortsAdaptor(listener watcher.ProfileUpdateListener) *opaq...
FILE: controller/api/destination/profile_translator.go
constant millisPerDecimilli (line 21) | millisPerDecimilli = 10
type profileTranslator (line 24) | type profileTranslator struct
method Update (line 90) | func (pt *profileTranslator) Update(profile *sp.ServiceProfile) {
method Start (line 113) | func (pt *profileTranslator) Start() {
method Stop (line 127) | func (pt *profileTranslator) Stop() {
method update (line 131) | func (pt *profileTranslator) update(profile *sp.ServiceProfile) {
method defaultServiceProfile (line 151) | func (pt *profileTranslator) defaultServiceProfile() *pb.DestinationPr...
method createDestinationProfile (line 181) | func (pt *profileTranslator) createDestinationProfile(profile *sp.Serv...
function newProfileTranslator (line 49) | func newProfileTranslator(serviceID watcher.ServiceID, stream pb.Destina...
function newProfileTranslatorWithCapacity (line 53) | func newProfileTranslatorWithCapacity(serviceID watcher.ServiceID, strea...
function defaultRetryBudget (line 159) | func defaultRetryBudget() *pb.RetryBudget {
function toDuration (line 169) | func toDuration(d time.Duration) *duration.Duration {
function toDstOverrides (line 228) | func toDstOverrides(dsts []*sp.WeightedDst, port uint32) []*pb.WeightedD...
function toRoute (line 248) | func toRoute(profile *sp.ServiceProfile, route *sp.RouteSpec) (*pb.Route...
function toResponseClass (line 285) | func toResponseClass(rc *sp.ResponseClass) (*pb.ResponseClass, error) {
function toResponseMatch (line 298) | func toResponseMatch(rspMatch *sp.ResponseMatch) (*pb.ResponseMatch, err...
function toRequestMatch (line 385) | func toRequestMatch(reqMatch *sp.RequestMatch) (*pb.RequestMatch, error) {
FILE: controller/api/destination/profile_translator_test.go
function newMockTranslator (line 480) | func newMockTranslator(t *testing.T) (*profileTranslator, chan *pb.Desti...
function TestProfileTranslator (line 491) | func TestProfileTranslator(t *testing.T) {
FILE: controller/api/destination/server.go
constant DefaultStreamQueueCapacity (line 29) | DefaultStreamQueueCapacity = 100
type Config (line 32) | type Config struct
type server (line 50) | type server struct
method Get (line 142) | func (s *server) Get(dest *pb.GetDestination, stream pb.Destination_Ge...
method GetProfile (line 299) | func (s *server) GetProfile(dest *pb.GetDestination, stream pb.Destina...
method getProfileByIP (line 348) | func (s *server) getProfileByIP(
method getProfileByName (line 369) | func (s *server) getProfileByName(
method subscribeToServiceProfile (line 395) | func (s *server) subscribeToServiceProfile(
method subscribeToServicesWithContext (line 457) | func (s *server) subscribeToServicesWithContext(
method subscribeToServiceWithoutContext (line 510) | func (s *server) subscribeToServiceWithoutContext(
method subscribeToEndpointProfile (line 543) | func (s *server) subscribeToEndpointProfile(
method parseContextToken (line 625) | func (s *server) parseContextToken(token string) contextToken {
function NewServer (line 81) | func NewServer(
function getSvcID (line 587) | func getSvcID(k8sAPI *k8s.API, clusterIP string, log *logging.Entry) (*w...
type contextToken (line 619) | type contextToken struct
function profileID (line 645) | func profileID(authority string, ctxToken contextToken, clusterDomain st...
function getHostAndPort (line 664) | func getHostAndPort(authority string) (string, watcher.Port, error) {
function parseK8sServiceName (line 691) | func parseK8sServiceName(fqdn, clusterDomain string) (watcher.ServiceID,...
function hasSuffix (line 722) | func hasSuffix(slice []string, suffix []string) bool {
function getPodSkippedInboundPortsAnnotations (line 734) | func getPodSkippedInboundPortsAnnotations(pod *corev1.Pod) map[uint32]st...
FILE: controller/api/destination/server_ipv6_test.go
function TestIPv6 (line 16) | func TestIPv6(t *testing.T) {
FILE: controller/api/destination/server_test.go
constant fullyQualifiedName (line 30) | fullyQualifiedName = "name1.ns.svc.mycluster.local"
constant fullyQualifiedNameIPv6 (line 31) | fullyQualifiedNameIPv6 = "name-ipv6.ns.svc.mycluster.local"
constant fullyQualifiedNameDual (line 32) | fullyQualifiedNameDual = "name-ds.ns.svc.mycluster.local"
constant fullyQualifiedNameOpaque (line 33) | fullyQualifiedNameOpaque = "name3.ns.svc.mycluster.local"
constant fullyQualifiedNameOpaqueService (line 34) | fullyQualifiedNameOpaqueService = "name4.ns.svc.mycluster.local"
constant fullyQualifiedNameSkipped (line 35) | fullyQualifiedNameSkipped = "name5.ns.svc.mycluster.local"
constant fullyQualifiedPodDNS (line 36) | fullyQualifiedPodDNS = "pod-0.statefulset-svc.ns.svc.mycluster.local"
constant clusterIP (line 37) | clusterIP = "172.17.12.0"
constant clusterIPv6 (line 38) | clusterIPv6 = "2001:db8::88"
constant clusterIPOpaque (line 39) | clusterIPOpaque = "172.17.12.1"
constant podIP1 (line 40) | podIP1 = "172.17.0.12"
constant podIP1v6 (line 41) | podIP1v6 = "2001:db8::68"
constant podIPv6Dual (line 42) | podIPv6Dual = "2001:db8::94"
constant podIP2 (line 43) | podIP2 = "172.17.0.13"
constant podIP3 (line 44) | podIP3 = "172.17.0.20"
constant podIP4 (line 45) | podIP4 = "172.17.0.21"
constant podIPOpaque (line 46) | podIPOpaque = "172.17.0.14"
constant podIPSkipped (line 47) | podIPSkipped = "172.17.0.15"
constant podIPPolicy (line 48) | podIPPolicy = "172.17.0.16"
constant podIPStatefulSet (line 49) | podIPStatefulSet = "172.17.13.15"
constant externalIP (line 50) | externalIP = "192.168.1.20"
constant externalIPv6 (line 51) | externalIPv6 = "2001:db8::78"
constant externalWorkloadIP (line 52) | externalWorkloadIP = "200.1.1.1"
constant externalWorkloadIPPolicy (line 53) | externalWorkloadIPPolicy = "200.1.1.2"
constant port (line 54) | port uint32 = 8989
constant linkerdAdminPort (line 55) | linkerdAdminPort uint32 = 4191
constant opaquePort (line 56) | opaquePort uint32 = 4242
constant skippedPort (line 57) | skippedPort uint32 = 24224
function TestGet (line 59) | func TestGet(t *testing.T) {
function testOpaque (line 273) | func testOpaque(t *testing.T, name string) {
function TestGetProfiles (line 364) | func TestGetProfiles(t *testing.T) {
function TestTokenStructure (line 1137) | func TestTokenStructure(t *testing.T) {
function updateAddAddress (line 1174) | func updateAddAddress(t *testing.T, update *pb.Update) []string {
function updateRemoveAddress (line 1187) | func updateRemoveAddress(t *testing.T, update *pb.Update) []string {
function toAddress (line 1200) | func toAddress(path string, port uint32) (*net.TcpAddress, error) {
function TestIpWatcherGetSvcID (line 1211) | func TestIpWatcherGetSvcID(t *testing.T) {
function testReturnEndpoints (line 1282) | func testReturnEndpoints(t *testing.T, fqdn, ip string, port uint32) {
function testReturnEndpointsForServer (line 1296) | func testReturnEndpointsForServer(t *testing.T, server *server, stream *...
function assertSingleProfile (line 1332) | func assertSingleProfile(t *testing.T, updates []*pb.DestinationProfile)...
function profileStream (line 1344) | func profileStream(t *testing.T, server *server, host string, port uint3...
function getLastProfileUpdate (line 1368) | func getLastProfileUpdate(t *testing.T, stream *bufferingGetProfileStrea...
FILE: controller/api/destination/syncronized_get_stream.go
type synchronizedGetStream (line 18) | type synchronizedGetStream struct
method SetHeader (line 36) | func (s *synchronizedGetStream) SetHeader(metadata.MD) error {
method SendHeader (line 39) | func (s *synchronizedGetStream) SendHeader(metadata.MD) error {
method SetTrailer (line 42) | func (s *synchronizedGetStream) SetTrailer(metadata.MD) {
method Context (line 45) | func (s synchronizedGetStream) Context() context.Context {
method SendMsg (line 48) | func (s *synchronizedGetStream) SendMsg(m any) error {
method RecvMsg (line 51) | func (s *synchronizedGetStream) RecvMsg(m any) error {
method Send (line 55) | func (s *synchronizedGetStream) Send(update *pb.Update) error {
method Start (line 64) | func (s *synchronizedGetStream) Start() {
method Stop (line 80) | func (s *synchronizedGetStream) Stop() {
function newSyncronizedGetStream (line 27) | func newSyncronizedGetStream(stream pb.Destination_GetServer, log *loggi...
FILE: controller/api/destination/syncronized_get_stream_test.go
type blockingDestinationGetServer (line 14) | type blockingDestinationGetServer struct
method Send (line 28) | func (b *blockingDestinationGetServer) Send(update *pb.Update) error {
method unblock (line 36) | func (b *blockingDestinationGetServer) unblock() {
function newBlockingDestinationGetServer (line 21) | func newBlockingDestinationGetServer() *blockingDestinationGetServer {
function TestSynchronizedGetStreamSendAfterStop (line 43) | func TestSynchronizedGetStreamSendAfterStop(t *testing.T) {
function TestSynchronizedGetStreamStopWhileInnerSendBlocked (line 66) | func TestSynchronizedGetStreamStopWhileInnerSendBlocked(t *testing.T) {
FILE: controller/api/destination/test_util.go
function makeServer (line 16) | func makeServer(t *testing.T) *server {
function getServerWithClient (line 22) | func getServerWithClient(t *testing.T) (*server, l5dcrdclient.Interface) {
type bufferingGetStream (line 1100) | type bufferingGetStream struct
method Send (line 1105) | func (bgs *bufferingGetStream) Send(update *pb.Update) error {
type bufferingGetProfileStream (line 1110) | type bufferingGetProfileStream struct
method Send (line 1116) | func (bgps *bufferingGetProfileStream) Send(profile *pb.DestinationPro...
method Updates (line 1123) | func (bgps *bufferingGetProfileStream) Updates() []*pb.DestinationProf...
type mockDestinationGetServer (line 1129) | type mockDestinationGetServer struct
method Send (line 1134) | func (m *mockDestinationGetServer) Send(update *pb.Update) error {
type mockDestinationGetProfileServer (line 1139) | type mockDestinationGetProfileServer struct
method Send (line 1144) | func (m *mockDestinationGetProfileServer) Send(profile *pb.Destination...
function makeEndpointTranslator (line 1149) | func makeEndpointTranslator(t *testing.T) (*mockDestinationGetServer, *e...
function makeEndpointTranslatorWithOpaqueTransport (line 1154) | func makeEndpointTranslatorWithOpaqueTransport(t *testing.T, forceOpaque...
FILE: controller/api/destination/watcher/cluster_store.go
type ClusterStore (line 25) | type ClusterStore struct
method Sync (line 76) | func (cs *ClusterStore) Sync(stopCh <-chan struct{}) {
method Get (line 173) | func (cs *ClusterStore) Get(clusterName string) (*EndpointsWatcher, Cl...
method removeCluster (line 183) | func (cs *ClusterStore) removeCluster(clusterName string) {
method addCluster (line 202) | func (cs *ClusterStore) addCluster(clusterName string, secret *v1.Secr...
type remoteCluster (line 40) | type remoteCluster struct
type ClusterConfig (line 49) | type ClusterConfig struct
constant clusterNameLabel (line 61) | clusterNameLabel = "multicluster.linkerd.io/cluster-name"
constant trustDomainAnnotation (line 62) | trustDomainAnnotation = "multicluster.linkerd.io/trust-domain"
constant clusterDomainAnnotation (line 63) | clusterDomainAnnotation = "multicluster.linkerd.io/cluster-domain"
function NewClusterStore (line 72) | func NewClusterStore(client kubernetes.Interface, namespace string, enab...
function NewClusterStoreWithDecoder (line 82) | func NewClusterStoreWithDecoder(
function decodeK8sConfigFromSecret (line 259) | func decodeK8sConfigFromSecret(data []byte, cluster string, enableEndpoi...
FILE: controller/api/destination/watcher/cluster_store_test.go
function TestClusterStoreHandlers (line 13) | func TestClusterStoreHandlers(t *testing.T) {
FILE: controller/api/destination/watcher/endpoints_watcher.go
constant service (line 30) | service = "service"
constant namespace (line 31) | namespace = "namespace"
constant targetCluster (line 32) | targetCluster = "target_cluster"
constant targetService (line 33) | targetService = "target_service"
constant targetServiceNamespace (line 34) | targetServiceNamespace = "target_service_namespace"
constant opaqueProtocol (line 36) | opaqueProtocol = "opaque"
constant endpointTargetRefPod (line 39) | endpointTargetRefPod = "Pod"
constant endpointTargetRefExternalWorkload (line 40) | endpointTargetRefExternalWorkload = "ExternalWorkload"
type Address (line 48) | type Address struct
type AddressSet (line 69) | type AddressSet struct
method shallowCopy (line 166) | func (addr AddressSet) shallowCopy() AddressSet {
type portAndHostname (line 75) | type portAndHostname struct
type EndpointsWatcher (line 84) | type EndpointsWatcher struct
method Subscribe (line 250) | func (ew *EndpointsWatcher) Subscribe(id ServiceID, port Port, hostnam...
method Unsubscribe (line 268) | func (ew *EndpointsWatcher) Unsubscribe(id ServiceID, port Port, hostn...
method removeHandlers (line 285) | func (ew *EndpointsWatcher) removeHandlers() {
method addService (line 314) | func (ew *EndpointsWatcher) addService(obj interface{}) {
method updateService (line 326) | func (ew *EndpointsWatcher) updateService(oldObj interface{}, newObj i...
method deleteService (line 340) | func (ew *EndpointsWatcher) deleteService(obj interface{}) {
method addEndpoints (line 366) | func (ew *EndpointsWatcher) addEndpoints(obj interface{}) {
method updateEndpoints (line 378) | func (ew *EndpointsWatcher) updateEndpoints(oldObj interface{}, newObj...
method deleteEndpoints (line 402) | func (ew *EndpointsWatcher) deleteEndpoints(obj interface{}) {
method addEndpointSlice (line 428) | func (ew *EndpointsWatcher) addEndpointSlice(obj interface{}) {
method updateEndpointSlice (line 445) | func (ew *EndpointsWatcher) updateEndpointSlice(oldObj interface{}, ne...
method deleteEndpointSlice (line 475) | func (ew *EndpointsWatcher) deleteEndpointSlice(obj interface{}) {
method getOrNewServicePublisher (line 502) | func (ew *EndpointsWatcher) getOrNewServicePublisher(id ServiceID) *se...
method getServicePublisher (line 528) | func (ew *EndpointsWatcher) getServicePublisher(id ServiceID) (sp *ser...
method addServer (line 535) | func (ew *EndpointsWatcher) addServer(obj interface{}) {
method updateServer (line 544) | func (ew *EndpointsWatcher) updateServer(oldObj interface{}, newObj in...
method deleteServer (line 575) | func (ew *EndpointsWatcher) deleteServer(obj interface{}) {
type informerHandlers (line 101) | type informerHandlers struct
type servicePublisher (line 116) | type servicePublisher struct
method updateEndpoints (line 588) | func (sp *servicePublisher) updateEndpoints(newEndpoints *corev1.Endpo...
method deleteEndpoints (line 597) | func (sp *servicePublisher) deleteEndpoints() {
method addEndpointSlice (line 606) | func (sp *servicePublisher) addEndpointSlice(newSlice *discovery.Endpo...
method updateEndpointSlice (line 616) | func (sp *servicePublisher) updateEndpointSlice(oldSlice *discovery.En...
method deleteEndpointSlice (line 626) | func (sp *servicePublisher) deleteEndpointSlice(es *discovery.Endpoint...
method updateService (line 636) | func (sp *servicePublisher) updateService(newService *corev1.Service) {
method subscribe (line 661) | func (sp *servicePublisher) subscribe(srcPort Port, hostname string, l...
method unsubscribe (line 682) | func (sp *servicePublisher) unsubscribe(srcPort Port, hostname string,...
method newPortPublisher (line 700) | func (sp *servicePublisher) newPortPublisher(srcPort Port, hostname st...
method metricsLabels (line 758) | func (sp *servicePublisher) metricsLabels(port Port, hostname string) ...
method updateServer (line 762) | func (sp *servicePublisher) updateServer(oldServer, newServer *v1beta3...
type portPublisher (line 135) | type portPublisher struct
method updateEndpoints (line 779) | func (pp *portPublisher) updateEndpoints(endpoints *corev1.Endpoints) {
method addEndpointSlice (line 803) | func (pp *portPublisher) addEndpointSlice(slice *discovery.EndpointSli...
method updateEndpointSlice (line 830) | func (pp *portPublisher) updateEndpointSlice(oldSlice *discovery.Endpo...
method endpointSliceToAddresses (line 903) | func (pp *portPublisher) endpointSliceToAddresses(es *discovery.Endpoi...
method endpointSliceToIDs (line 1014) | func (pp *portPublisher) endpointSliceToIDs(es *discovery.EndpointSlic...
method endpointsToAddresses (line 1067) | func (pp *portPublisher) endpointsToAddresses(endpoints *corev1.Endpoi...
method newServiceRefAddress (line 1119) | func (pp *portPublisher) newServiceRefAddress(endpointPort Port, endpo...
method newPodRefAddress (line 1132) | func (pp *portPublisher) newPodRefAddress(
method newExtRefAddress (line 1163) | func (pp *portPublisher) newExtRefAddress(endpointPort Port, endpointI...
method resolveESTargetPort (line 1190) | func (pp *portPublisher) resolveESTargetPort(slicePorts []discovery.En...
method resolveTargetPort (line 1212) | func (pp *portPublisher) resolveTargetPort(subset corev1.EndpointSubse...
method updateLocalTrafficPolicy (line 1226) | func (pp *portPublisher) updateLocalTrafficPolicy(localTrafficPolicy b...
method updatePort (line 1234) | func (pp *portPublisher) updatePort(targetPort namedPort) {
method deleteEndpointSlice (line 1260) | func (pp *portPublisher) deleteEndpointSlice(es *discovery.EndpointSli...
method noEndpoints (line 1280) | func (pp *portPublisher) noEndpoints(exists bool) {
method subscribe (line 1292) | func (pp *portPublisher) subscribe(listener EndpointUpdateListener) {
method unsubscribe (line 1307) | func (pp *portPublisher) unsubscribe(listener EndpointUpdateListener) {
method updateServer (line 1320) | func (pp *portPublisher) updateServer(oldServer, newServer *v1beta3.Se...
method isAddressSelected (line 1344) | func (pp *portPublisher) isAddressSelected(address Address, server *v1...
type EndpointUpdateListener (line 152) | type EndpointUpdateListener interface
function NewEndpointsWatcher (line 187) | func NewEndpointsWatcher(k8sAPI *k8s.API, metadataAPI *k8s.MetadataAPI, ...
function metricLabels (line 867) | func metricLabels(resource interface{}) map[string]string {
function getTargetPort (line 1411) | func getTargetPort(service *corev1.Service, port Port) namedPort {
function addressChanged (line 1430) | func addressChanged(oldAddress Address, newAddress Address) bool {
function diffAddresses (line 1468) | func diffAddresses(oldAddresses, newAddresses AddressSet) (add, remove A...
function getEndpointSliceServiceID (line 1500) | func getEndpointSliceServiceID(es *discovery.EndpointSlice) (ServiceID, ...
function isValidSlice (line 1518) | func isValidSlice(es *discovery.EndpointSlice) bool {
function SetToServerProtocol (line 1531) | func SetToServerProtocol(k8sAPI *k8s.API, address *Address, log *logging...
function SetToServerProtocolExternalWorkload (line 1575) | func SetToServerProtocolExternalWorkload(k8sAPI *k8s.API, address *Addre...
function latestUpdated (line 1614) | func latestUpdated(managedFields []metav1.ManagedFieldsEntry) time.Time {
FILE: controller/api/destination/watcher/endpoints_watcher_test.go
type bufferingEndpointListener (line 22) | type bufferingEndpointListener struct
method ExpectAdded (line 50) | func (bel *bufferingEndpointListener) ExpectAdded(expected []string, t...
method ExpectRemoved (line 58) | func (bel *bufferingEndpointListener) ExpectRemoved(expected []string,...
method endpointsAreNotCalled (line 66) | func (bel *bufferingEndpointListener) endpointsAreNotCalled() bool {
method endpointsDoNotExist (line 72) | func (bel *bufferingEndpointListener) endpointsDoNotExist() bool {
method Add (line 78) | func (bel *bufferingEndpointListener) Add(set AddressSet) {
method Remove (line 87) | func (bel *bufferingEndpointListener) Remove(set AddressSet) {
method NoEndpoints (line 96) | func (bel *bufferingEndpointListener) NoEndpoints(exists bool) {
function newBufferingEndpointListener (line 31) | func newBufferingEndpointListener() *bufferingEndpointListener {
function addressString (line 39) | func addressString(address Address) string {
type bufferingEndpointListenerWithResVersion (line 103) | type bufferingEndpointListenerWithResVersion struct
method ExpectAdded (line 121) | func (bel *bufferingEndpointListenerWithResVersion) ExpectAdded(expect...
method ExpectRemoved (line 128) | func (bel *bufferingEndpointListenerWithResVersion) ExpectRemoved(expe...
method Add (line 135) | func (bel *bufferingEndpointListenerWithResVersion) Add(set AddressSet) {
method Remove (line 143) | func (bel *bufferingEndpointListenerWithResVersion) Remove(set Address...
method NoEndpoints (line 151) | func (bel *bufferingEndpointListenerWithResVersion) NoEndpoints(exists...
function newBufferingEndpointListenerWithResVersion (line 109) | func newBufferingEndpointListenerWithResVersion() *bufferingEndpointList...
function addressStringWithResVersion (line 117) | func addressStringWithResVersion(address Address) string {
function TestEndpointsWatcher (line 153) | func TestEndpointsWatcher(t *testing.T) {
function TestEndpointsWatcherWithEndpointSlices (line 711) | func TestEndpointsWatcherWithEndpointSlices(t *testing.T) {
function TestEndpointsWatcherWithEndpointSlicesExternalWorkload (line 1343) | func TestEndpointsWatcherWithEndpointSlicesExternalWorkload(t *testing.T) {
function TestEndpointsWatcherDeletion (line 1755) | func TestEndpointsWatcherDeletion(t *testing.T) {
function TestEndpointsWatcherDeletionWithEndpointSlices (line 1877) | func TestEndpointsWatcherDeletionWithEndpointSlices(t *testing.T) {
function TestEndpointsWatcherDeletionWithEndpointSlicesExternalWorkload (line 2047) | func TestEndpointsWatcherDeletionWithEndpointSlicesExternalWorkload(t *t...
function TestEndpointsWatcherServiceMirrors (line 2217) | func TestEndpointsWatcherServiceMirrors(t *testing.T) {
function testPod (line 2460) | func testPod(resVersion string) *corev1.Pod {
function endpoints (line 2478) | func endpoints(identity string) *corev1.Endpoints {
function createTestEndpointSlice (line 2512) | func createTestEndpointSlice(targetRefKind string) *dv1.EndpointSlice {
function TestEndpointsChangeDetection (line 2532) | func TestEndpointsChangeDetection(t *testing.T) {
function TestPodChangeDetection (line 2622) | func TestPodChangeDetection(t *testing.T) {
function TestEndpointSliceScaleDown (line 2760) | func TestEndpointSliceScaleDown(t *testing.T) {
function TestEndpointSliceChangeNotReady (line 2898) | func TestEndpointSliceChangeNotReady(t *testing.T) {
function TestEndpointSliceChangeToReady (line 3041) | func TestEndpointSliceChangeToReady(t *testing.T) {
function TestEndpointSliceAddHints (line 3230) | func TestEndpointSliceAddHints(t *testing.T) {
function TestEndpointSliceRemoveHints (line 3347) | func TestEndpointSliceRemoveHints(t *testing.T) {
FILE: controller/api/destination/watcher/k8s.go
constant PodIPIndex (line 18) | PodIPIndex = "ip"
constant HostIPIndex (line 20) | HostIPIndex = "hostIP"
constant ExternalWorkloadIPIndex (line 22) | ExternalWorkloadIPIndex = "externalWorkloadIP"
type IPPort (line 27) | type IPPort struct
type ID (line 33) | type ID struct
method String (line 73) | func (i ID) String() string {
type InvalidService (line 55) | type InvalidService struct
method Error (line 65) | func (is InvalidService) Error() string {
method Labels (line 61) | func (id ServiceID) Labels() prometheus.Labels {
function invalidService (line 69) | func invalidService(authority string) InvalidService {
function InitializeIndexers (line 78) | func InitializeIndexers(k8sAPI *k8s.API) error {
function getIndexedPods (line 187) | func getIndexedPods(k8sAPI *k8s.API, indexName string, key string) ([]*c...
function getIndexedExternalWorkloads (line 203) | func getIndexedExternalWorkloads(k8sAPI *k8s.API, indexName string, key ...
function podNotTerminating (line 216) | func podNotTerminating(pod *corev1.Pod) bool {
FILE: controller/api/destination/watcher/opaque_ports_watcher.go
type OpaquePortsWatcher (line 22) | type OpaquePortsWatcher struct
method Subscribe (line 75) | func (opw *OpaquePortsWatcher) Subscribe(id ServiceID, listener Opaque...
method Unsubscribe (line 113) | func (opw *OpaquePortsWatcher) Unsubscribe(id ServiceID, listener Opaq...
method updateService (line 147) | func (opw *OpaquePortsWatcher) updateService(oldObj interface{}, newOb...
method addService (line 160) | func (opw *OpaquePortsWatcher) addService(obj interface{}) {
method deleteService (line 199) | func (opw *OpaquePortsWatcher) deleteService(obj interface{}) {
type svcSubscriptions (line 31) | type svcSubscriptions struct
type OpaquePortsUpdateListener (line 37) | type OpaquePortsUpdateListener interface
function NewOpaquePortsWatcher (line 52) | func NewOpaquePortsWatcher(k8sAPI *k8s.API, log *logging.Entry, opaquePo...
function getServiceOpaquePortsAnnotation (line 234) | func getServiceOpaquePortsAnnotation(svc *corev1.Service) (map[uint32]st...
function parseServiceOpaquePorts (line 252) | func parseServiceOpaquePorts(annotation string, sps []corev1.ServicePort...
function isNamed (line 276) | func isNamed(pr string, sps []corev1.ServicePort) (int32, bool) {
function portsEqual (line 285) | func portsEqual(x, y map[uint32]struct{}) bool {
FILE: controller/api/destination/watcher/opaque_ports_watcher_test.go
type testOpaquePortsListener (line 94) | type testOpaquePortsListener struct
method UpdateService (line 104) | func (bopl *testOpaquePortsListener) UpdateService(ports map[uint32]st...
function newTestOpaquePortsListener (line 98) | func newTestOpaquePortsListener() *testOpaquePortsListener {
function TestOpaquePortsWatcher (line 108) | func TestOpaquePortsWatcher(t *testing.T) {
FILE: controller/api/destination/watcher/profile_watcher.go
type ProfileWatcher (line 20) | type ProfileWatcher struct
method Subscribe (line 76) | func (pw *ProfileWatcher) Subscribe(id ProfileID, listener ProfileUpda...
method Unsubscribe (line 90) | func (pw *ProfileWatcher) Unsubscribe(id ProfileID, listener ProfileUp...
method addProfile (line 100) | func (pw *ProfileWatcher) addProfile(obj interface{}) {
method updateProfile (line 116) | func (pw *ProfileWatcher) updateProfile(old interface{}, new interface...
method deleteProfile (line 130) | func (pw *ProfileWatcher) deleteProfile(obj interface{}) {
method getOrNewProfilePublisher (line 156) | func (pw *ProfileWatcher) getOrNewProfilePublisher(id ProfileID, profi...
method getProfilePublisher (line 196) | func (pw *ProfileWatcher) getProfilePublisher(id ProfileID) (publisher...
type profilePublisher (line 28) | type profilePublisher struct
method subscribe (line 207) | func (pp *profilePublisher) subscribe(listener ProfileUpdateListener) {
method unsubscribe (line 219) | func (pp *profilePublisher) unsubscribe(listener ProfileUpdateListener) {
method update (line 237) | func (pp *profilePublisher) update(profile *sp.ServiceProfile) {
type ProfileUpdateListener (line 39) | type ProfileUpdateListener interface
function NewProfileWatcher (line 48) | func NewProfileWatcher(k8sAPI *k8s.API, log *logging.Entry) (*ProfileWat...
FILE: controller/api/destination/watcher/profile_watcher_test.go
function TestProfileWatcherUpdates (line 56) | func TestProfileWatcherUpdates(t *testing.T) {
function TestProfileWatcherDeletes (line 115) | func TestProfileWatcherDeletes(t *testing.T) {
FILE: controller/api/destination/watcher/prometheus.go
type metricsVecs (line 12) | type metricsVecs struct
method newMetrics (line 176) | func (mv metricsVecs) newMetrics(labels prometheus.Labels) (metrics, e...
type metrics (line 18) | type metrics struct
method setSubscribers (line 232) | func (m metrics) setSubscribers(n int) {
method incUpdates (line 236) | func (m metrics) incUpdates() {
type endpointsMetricsVecs (line 24) | type endpointsMetricsVecs struct
method newEndpointsMetrics (line 194) | func (emv endpointsMetricsVecs) newEndpointsMetrics(labels prometheus....
method unregister (line 217) | func (emv endpointsMetricsVecs) unregister(labels prometheus.Labels) {
type endpointsMetrics (line 30) | type endpointsMetrics struct
method setPods (line 240) | func (em endpointsMetrics) setPods(n int) {
method setExists (line 244) | func (em endpointsMetrics) setExists(exists bool) {
function newMetricsVecs (line 107) | func newMetricsVecs(name string, labels []string) metricsVecs {
function endpointsLabels (line 131) | func endpointsLabels(cluster, namespace, service, port string, hostname ...
function labelNames (line 141) | func labelNames(labels prometheus.Labels) []string {
function newEndpointsMetricsVecs (line 149) | func newEndpointsMetricsVecs() endpointsMetricsVecs {
FILE: controller/api/destination/watcher/test_util.go
type DeletingProfileListener (line 15) | type DeletingProfileListener struct
method Update (line 27) | func (dpl *DeletingProfileListener) Update(profile *sp.ServiceProfile) {
function NewDeletingProfileListener (line 20) | func NewDeletingProfileListener() *DeletingProfileListener {
type BufferingProfileListener (line 35) | type BufferingProfileListener struct
method Update (line 86) | func (bpl *BufferingProfileListener) Update(profile *sp.ServiceProfile) {
function NewBufferingProfileListener (line 41) | func NewBufferingProfileListener() *BufferingProfileListener {
function CreateMockDecoder (line 47) | func CreateMockDecoder(configs ...string) configDecoder {
function CreateMulticlusterDecoder (line 65) | func CreateMulticlusterDecoder(configs map[string][]string) configDecoder {
function testCompare (line 92) | func testCompare(t *testing.T, expected interface{}, actual interface{}) {
FILE: controller/api/destination/watcher/workload_watcher.go
type WorkloadWatcher (line 31) | type WorkloadWatcher struct
method Subscribe (line 123) | func (ww *WorkloadWatcher) Subscribe(service *ServiceID, hostname, ip ...
method Unsubscribe (line 147) | func (ww *WorkloadWatcher) Unsubscribe(ip string, port Port, listener ...
method updateSubscriberCount (line 166) | func (ww *WorkloadWatcher) updateSubscriberCount() {
method addPod (line 171) | func (ww *WorkloadWatcher) addPod(obj any) {
method deletePod (line 178) | func (ww *WorkloadWatcher) deletePod(obj any) {
method updatePod (line 197) | func (ww *WorkloadWatcher) updatePod(oldObj any, newObj any) {
method addExternalWorkload (line 217) | func (ww *WorkloadWatcher) addExternalWorkload(obj any) {
method deleteExternalWorkload (line 224) | func (ww *WorkloadWatcher) deleteExternalWorkload(obj any) {
method updateExternalWorkload (line 243) | func (ww *WorkloadWatcher) updateExternalWorkload(oldObj any, newObj a...
method submitPodUpdate (line 262) | func (ww *WorkloadWatcher) submitPodUpdate(pod *corev1.Pod, remove boo...
method submitExternalWorkloadUpdate (line 302) | func (ww *WorkloadWatcher) submitExternalWorkloadUpdate(externalWorklo...
method updateServer (line 320) | func (ww *WorkloadWatcher) updateServer(oldObj interface{}, newObj int...
method addOrDeleteServer (line 335) | func (ww *WorkloadWatcher) addOrDeleteServer(obj interface{}) {
method updateServers (line 356) | func (ww *WorkloadWatcher) updateServers(servers ...*v1beta3.Server) {
method isPodSelectedByAny (line 412) | func (ww *WorkloadWatcher) isPodSelectedByAny(pod *corev1.Pod, servers...
method isExternalWorkloadSelectedByAny (line 426) | func (ww *WorkloadWatcher) isExternalWorkloadSelectedByAny(ew *ext.Ext...
method getOrNewWorkloadPublisher (line 442) | func (ww *WorkloadWatcher) getOrNewWorkloadPublisher(service *ServiceI...
method getWorkloadPublisher (line 504) | func (ww *WorkloadWatcher) getWorkloadPublisher(ip string, port Port) ...
method getPodByPodIP (line 511) | func (ww *WorkloadWatcher) getPodByPodIP(podIP string, port uint32) (*...
method getPodByHostIP (line 535) | func (ww *WorkloadWatcher) getPodByHostIP(hostIP string, port uint32) ...
method getExternalWorkloadByIP (line 559) | func (ww *WorkloadWatcher) getExternalWorkloadByIP(ip string, port uin...
method getEndpointByHostname (line 589) | func (ww *WorkloadWatcher) getEndpointByHostname(hostname string, svcI...
type workloadPublisher (line 48) | type workloadPublisher struct
method subscribe (line 644) | func (wp *workloadPublisher) subscribe(listener WorkloadUpdateListener...
method unsubscribe (line 658) | func (wp *workloadPublisher) unsubscribe(listener WorkloadUpdateListen...
method updatePod (line 689) | func (wp *workloadPublisher) updatePod(pod *corev1.Pod) {
method updateExternalWorkload (line 760) | func (wp *workloadPublisher) updateExternalWorkload(externalWorkload *...
type WorkloadUpdateListener (line 62) | type WorkloadUpdateListener interface
function NewWorkloadWatcher (line 69) | func NewWorkloadWatcher(k8sAPI *k8s.API, metadataAPI *k8s.MetadataAPI, l...
function GetAnnotatedOpaquePorts (line 788) | func GetAnnotatedOpaquePorts(pod *corev1.Pod, defaultPorts map[uint32]st...
function GetAnnotatedOpaquePortsForExternalWorkload (line 810) | func GetAnnotatedOpaquePortsForExternalWorkload(ew *ext.ExternalWorkload...
function parseExternalWorkloadOpaquePorts (line 829) | func parseExternalWorkloadOpaquePorts(override string, ew *ext.ExternalW...
function isNamedInExternalWorkload (line 848) | func isNamedInExternalWorkload(pr string, ew *ext.ExternalWorkload) (int...
function isRunning (line 858) | func isRunning(pod *corev1.Pod) bool {
FILE: controller/api/destination/watcher/workload_watcher_test.go
function TestIpWatcherGetPod (line 11) | func TestIpWatcherGetPod(t *testing.T) {
FILE: controller/api/util/test_util.go
type mockStream (line 15) | type mockStream struct
method Context (line 25) | func (ms mockStream) Context() context.Context { return ms.ctx }
method SendMsg (line 26) | func (ms mockStream) SendMsg(m interface{}) error { return nil }
method RecvMsg (line 27) | func (ms mockStream) RecvMsg(m interface{}) error { return nil }
function newMockStream (line 20) | func newMockStream() mockStream {
type MockServerStream (line 30) | type MockServerStream struct
method SetHeader (line 33) | func (mss MockServerStream) SetHeader(metadata.MD) error { return nil }
method SendHeader (line 36) | func (mss MockServerStream) SendHeader(metadata.MD) error { return nil }
method SetTrailer (line 39) | func (mss MockServerStream) SetTrailer(metadata.MD) {}
function NewMockServerStream (line 42) | func NewMockServerStream() MockServerStream {
type MockAPIClient (line 47) | type MockAPIClient struct
method Get (line 53) | func (c *MockAPIClient) Get(ctx context.Context, in *destinationPb.Get...
method GetProfile (line 58) | func (c *MockAPIClient) GetProfile(ctx context.Context, _ *destination...
type MockDestinationGetClient (line 64) | type MockDestinationGetClient struct
method Recv (line 72) | func (a *MockDestinationGetClient) Recv() (*destinationPb.Update, erro...
type AuthorityEndpoints (line 91) | type AuthorityEndpoints struct
type PodDetails (line 98) | type PodDetails struct
function BuildAddrSet (line 105) | func BuildAddrSet(endpoint AuthorityEndpoints) *destinationPb.WeightedAd...
FILE: controller/cmd/destination/main.go
function Main (line 28) | func Main(args []string) {
FILE: controller/cmd/heartbeat/main.go
function Main (line 19) | func Main(args []string) {
FILE: controller/cmd/identity/main.go
function Main (line 32) | func Main(args []string) {
FILE: controller/cmd/main.go
function main (line 15) | func main() {
FILE: controller/cmd/proxy-injector/main.go
function Main (line 16) | func Main(args []string) {
FILE: controller/cmd/sp-validator/main.go
function Main (line 14) | func Main(args []string) {
FILE: controller/gen/apis/externalworkload/register.go
constant GroupName (line 4) | GroupName = "workload.linkerd.io"
FILE: controller/gen/apis/externalworkload/v1beta1/register.go
function Kind (line 31) | func Kind(kind string) schema.GroupKind {
function Resource (line 37) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 42) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/externalworkload/v1beta1/types.go
type ExternalWorkload (line 17) | type ExternalWorkload struct
type ExternalWorkloadList (line 39) | type ExternalWorkloadList struct
type ExternalWorkloadSpec (line 47) | type ExternalWorkloadSpec struct
type MeshTLS (line 62) | type MeshTLS struct
type PortSpec (line 72) | type PortSpec struct
type WorkloadIP (line 90) | type WorkloadIP struct
type ExternalWorkloadStatus (line 96) | type ExternalWorkloadStatus struct
type WorkloadCondition (line 103) | type WorkloadCondition struct
type WorkloadConditionType (line 127) | type WorkloadConditionType
constant WorkloadReady (line 131) | WorkloadReady WorkloadConditionType = "Ready"
type WorkloadConditionStatus (line 135) | type WorkloadConditionStatus
constant ConditionTrue (line 138) | ConditionTrue WorkloadConditionStatus = "True"
constant ConditionFalse (line 139) | ConditionFalse WorkloadConditionStatus = "False"
constant ConditionUnknown (line 140) | ConditionUnknown WorkloadConditionStatus = "Unknown"
FILE: controller/gen/apis/externalworkload/v1beta1/zz_generated.deepcopy.go
method DeepCopyInto (line 29) | func (in *ExternalWorkload) DeepCopyInto(out *ExternalWorkload) {
method DeepCopy (line 39) | func (in *ExternalWorkload) DeepCopy() *ExternalWorkload {
method DeepCopyObject (line 49) | func (in *ExternalWorkload) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 57) | func (in *ExternalWorkloadList) DeepCopyInto(out *ExternalWorkloadList) {
method DeepCopy (line 72) | func (in *ExternalWorkloadList) DeepCopy() *ExternalWorkloadList {
method DeepCopyObject (line 82) | func (in *ExternalWorkloadList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 90) | func (in *ExternalWorkloadSpec) DeepCopyInto(out *ExternalWorkloadSpec) {
method DeepCopy (line 107) | func (in *ExternalWorkloadSpec) DeepCopy() *ExternalWorkloadSpec {
method DeepCopyInto (line 117) | func (in *ExternalWorkloadStatus) DeepCopyInto(out *ExternalWorkloadStat...
method DeepCopy (line 130) | func (in *ExternalWorkloadStatus) DeepCopy() *ExternalWorkloadStatus {
method DeepCopyInto (line 140) | func (in *MeshTLS) DeepCopyInto(out *MeshTLS) {
method DeepCopy (line 146) | func (in *MeshTLS) DeepCopy() *MeshTLS {
method DeepCopyInto (line 156) | func (in *PortSpec) DeepCopyInto(out *PortSpec) {
method DeepCopy (line 162) | func (in *PortSpec) DeepCopy() *PortSpec {
method DeepCopyInto (line 172) | func (in *WorkloadCondition) DeepCopyInto(out *WorkloadCondition) {
method DeepCopy (line 180) | func (in *WorkloadCondition) DeepCopy() *WorkloadCondition {
method DeepCopyInto (line 190) | func (in *WorkloadIP) DeepCopyInto(out *WorkloadIP) {
method DeepCopy (line 196) | func (in *WorkloadIP) DeepCopy() *WorkloadIP {
FILE: controller/gen/apis/link/register.go
constant GroupName (line 4) | GroupName = "multicluster.linkerd.io"
FILE: controller/gen/apis/link/v1alpha1/register.go
function Kind (line 30) | func Kind(kind string) schema.GroupKind {
function Resource (line 36) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 41) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/link/v1alpha1/types.go
type Link (line 12) | type Link struct
type LinkSpec (line 30) | type LinkSpec struct
type ProbeSpec (line 44) | type ProbeSpec struct
type LinkList (line 55) | type LinkList struct
FILE: controller/gen/apis/link/v1alpha1/zz_generated.deepcopy.go
method DeepCopyInto (line 29) | func (in *Link) DeepCopyInto(out *Link) {
method DeepCopy (line 38) | func (in *Link) DeepCopy() *Link {
method DeepCopyObject (line 48) | func (in *Link) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 56) | func (in *LinkList) DeepCopyInto(out *LinkList) {
method DeepCopy (line 71) | func (in *LinkList) DeepCopy() *LinkList {
method DeepCopyObject (line 81) | func (in *LinkList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 89) | func (in *LinkSpec) DeepCopyInto(out *LinkSpec) {
method DeepCopy (line 98) | func (in *LinkSpec) DeepCopy() *LinkSpec {
method DeepCopyInto (line 108) | func (in *ProbeSpec) DeepCopyInto(out *ProbeSpec) {
method DeepCopy (line 114) | func (in *ProbeSpec) DeepCopy() *ProbeSpec {
FILE: controller/gen/apis/link/v1alpha2/register.go
function Kind (line 30) | func Kind(kind string) schema.GroupKind {
function Resource (line 36) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 41) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/link/v1alpha2/types.go
type Link (line 12) | type Link struct
type LinkSpec (line 33) | type LinkSpec struct
type ProbeSpec (line 48) | type ProbeSpec struct
type LinkStatus (line 58) | type LinkStatus struct
type ServiceStatus (line 65) | type ServiceStatus struct
type LinkCondition (line 72) | type LinkCondition struct
type ObjectRef (line 95) | type ObjectRef struct
type LinkList (line 105) | type LinkList struct
FILE: controller/gen/apis/link/v1alpha2/zz_generated.deepcopy.go
method DeepCopyInto (line 30) | func (in *Link) DeepCopyInto(out *Link) {
method DeepCopy (line 40) | func (in *Link) DeepCopy() *Link {
method DeepCopyObject (line 50) | func (in *Link) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 58) | func (in *LinkCondition) DeepCopyInto(out *LinkCondition) {
method DeepCopy (line 67) | func (in *LinkCondition) DeepCopy() *LinkCondition {
method DeepCopyInto (line 77) | func (in *LinkList) DeepCopyInto(out *LinkList) {
method DeepCopy (line 92) | func (in *LinkList) DeepCopy() *LinkList {
method DeepCopyObject (line 102) | func (in *LinkList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 110) | func (in *LinkSpec) DeepCopyInto(out *LinkSpec) {
method DeepCopy (line 132) | func (in *LinkSpec) DeepCopy() *LinkSpec {
method DeepCopyInto (line 142) | func (in *LinkStatus) DeepCopyInto(out *LinkStatus) {
method DeepCopy (line 162) | func (in *LinkStatus) DeepCopy() *LinkStatus {
method DeepCopyInto (line 172) | func (in *ObjectRef) DeepCopyInto(out *ObjectRef) {
method DeepCopy (line 178) | func (in *ObjectRef) DeepCopy() *ObjectRef {
method DeepCopyInto (line 188) | func (in *ProbeSpec) DeepCopyInto(out *ProbeSpec) {
method DeepCopy (line 194) | func (in *ProbeSpec) DeepCopy() *ProbeSpec {
method DeepCopyInto (line 204) | func (in *ServiceStatus) DeepCopyInto(out *ServiceStatus) {
method DeepCopy (line 218) | func (in *ServiceStatus) DeepCopy() *ServiceStatus {
FILE: controller/gen/apis/link/v1alpha3/register.go
function Kind (line 30) | func Kind(kind string) schema.GroupKind {
function Resource (line 36) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 41) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/link/v1alpha3/types.go
type Link (line 12) | type Link struct
type LinkSpec (line 33) | type LinkSpec struct
type ProbeSpec (line 50) | type ProbeSpec struct
type LinkStatus (line 60) | type LinkStatus struct
type ServiceStatus (line 67) | type ServiceStatus struct
type LinkCondition (line 74) | type LinkCondition struct
type ObjectRef (line 97) | type ObjectRef struct
type LinkList (line 107) | type LinkList struct
FILE: controller/gen/apis/link/v1alpha3/zz_generated.deepcopy.go
method DeepCopyInto (line 30) | func (in *Link) DeepCopyInto(out *Link) {
method DeepCopy (line 40) | func (in *Link) DeepCopy() *Link {
method DeepCopyObject (line 50) | func (in *Link) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 58) | func (in *LinkCondition) DeepCopyInto(out *LinkCondition) {
method DeepCopy (line 71) | func (in *LinkCondition) DeepCopy() *LinkCondition {
method DeepCopyInto (line 81) | func (in *LinkList) DeepCopyInto(out *LinkList) {
method DeepCopy (line 96) | func (in *LinkList) DeepCopy() *LinkList {
method DeepCopyObject (line 106) | func (in *LinkList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 114) | func (in *LinkSpec) DeepCopyInto(out *LinkSpec) {
method DeepCopy (line 146) | func (in *LinkSpec) DeepCopy() *LinkSpec {
method DeepCopyInto (line 156) | func (in *LinkStatus) DeepCopyInto(out *LinkStatus) {
method DeepCopy (line 176) | func (in *LinkStatus) DeepCopy() *LinkStatus {
method DeepCopyInto (line 186) | func (in *ObjectRef) DeepCopyInto(out *ObjectRef) {
method DeepCopy (line 192) | func (in *ObjectRef) DeepCopy() *ObjectRef {
method DeepCopyInto (line 202) | func (in *ProbeSpec) DeepCopyInto(out *ProbeSpec) {
method DeepCopy (line 208) | func (in *ProbeSpec) DeepCopy() *ProbeSpec {
method DeepCopyInto (line 218) | func (in *ServiceStatus) DeepCopyInto(out *ServiceStatus) {
method DeepCopy (line 232) | func (in *ServiceStatus) DeepCopy() *ServiceStatus {
FILE: controller/gen/apis/policy/register.go
constant GroupName (line 4) | GroupName = "policy.linkerd.io"
FILE: controller/gen/apis/policy/v1alpha1/httproute.go
type HTTPRoute (line 31) | type HTTPRoute struct
type HTTPRouteList (line 45) | type HTTPRouteList struct
type HTTPRouteSpec (line 52) | type HTTPRouteSpec struct
type HTTPRouteRule (line 109) | type HTTPRouteRule struct
type PathMatchType (line 219) | type PathMatchType
constant PathMatchExact (line 223) | PathMatchExact PathMatchType = "Exact"
constant PathMatchPathPrefix (line 235) | PathMatchPathPrefix PathMatchType = "PathPrefix"
constant PathMatchRegularExpression (line 244) | PathMatchRegularExpression PathMatchType = "RegularExpression"
type HTTPPathMatch (line 248) | type HTTPPathMatch struct
type HeaderMatchType (line 281) | type HeaderMatchType
constant HeaderMatchExact (line 285) | HeaderMatchExact HeaderMatchType = "Exact"
constant HeaderMatchRegularExpression (line 286) | HeaderMatchRegularExpression HeaderMatchType = "RegularExpression"
type HTTPHeaderName (line 305) | type HTTPHeaderName
type HTTPHeaderMatch (line 309) | type HTTPHeaderMatch struct
type QueryParamMatchType (line 362) | type QueryParamMatchType
constant QueryParamMatchExact (line 366) | QueryParamMatchExact QueryParamMatchType = "Exact"
constant QueryParamMatchRegularExpression (line 367) | QueryParamMatchRegularExpression QueryParamMatchType = "RegularExpression"
type HTTPQueryParamMatch (line 372) | type HTTPQueryParamMatch struct
type HTTPMethod (line 421) | type HTTPMethod
constant HTTPMethodGet (line 424) | HTTPMethodGet HTTPMethod = "GET"
constant HTTPMethodHead (line 425) | HTTPMethodHead HTTPMethod = "HEAD"
constant HTTPMethodPost (line 426) | HTTPMethodPost HTTPMethod = "POST"
constant HTTPMethodPut (line 427) | HTTPMethodPut HTTPMethod = "PUT"
constant HTTPMethodDelete (line 428) | HTTPMethodDelete HTTPMethod = "DELETE"
constant HTTPMethodConnect (line 429) | HTTPMethodConnect HTTPMethod = "CONNECT"
constant HTTPMethodOptions (line 430) | HTTPMethodOptions HTTPMethod = "OPTIONS"
constant HTTPMethodTrace (line 431) | HTTPMethodTrace HTTPMethod = "TRACE"
constant HTTPMethodPatch (line 432) | HTTPMethodPatch HTTPMethod = "PATCH"
type HTTPRouteMatch (line 450) | type HTTPRouteMatch struct
type HTTPRouteFilter (line 494) | type HTTPRouteFilter struct
type HTTPRouteFilterType (line 550) | type HTTPRouteFilterType
constant HTTPRouteFilterRequestHeaderModifier (line 559) | HTTPRouteFilterRequestHeaderModifier HTTPRouteFilterType = "RequestHeade...
constant HTTPRouteFilterRequestRedirect (line 569) | HTTPRouteFilterRequestRedirect HTTPRouteFilterType = "RequestRedirect"
type HTTPHeader (line 573) | type HTTPHeader struct
type HTTPRequestHeaderFilter (line 593) | type HTTPRequestHeaderFilter struct
type HTTPPathModifierType (line 664) | type HTTPPathModifierType
type HTTPPathModifier (line 668) | type HTTPPathModifier struct
type HTTPRequestRedirectFilter (line 709) | type HTTPRequestRedirectFilter struct
type HTTPRouteStatus (line 773) | type HTTPRouteStatus struct
FILE: controller/gen/apis/policy/v1alpha1/register.go
function Kind (line 30) | func Kind(kind string) schema.GroupKind {
function Resource (line 36) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 41) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/policy/v1alpha1/types.go
type AuthorizationPolicy (line 13) | type AuthorizationPolicy struct
type AuthorizationPolicySpec (line 31) | type AuthorizationPolicySpec struct
type AuthorizationPolicyList (line 42) | type AuthorizationPolicyList struct
type MeshTLSAuthentication (line 56) | type MeshTLSAuthentication struct
type MeshTLSAuthenticationSpec (line 73) | type MeshTLSAuthenticationSpec struct
type MeshTLSAuthenticationList (line 81) | type MeshTLSAuthenticationList struct
type NetworkAuthentication (line 95) | type NetworkAuthentication struct
type NetworkAuthenticationSpec (line 114) | type NetworkAuthenticationSpec struct
type Network (line 118) | type Network struct
type NetworkAuthenticationList (line 126) | type NetworkAuthenticationList struct
FILE: controller/gen/apis/policy/v1alpha1/zz_generated.deepcopy.go
method DeepCopyInto (line 31) | func (in *AuthorizationPolicy) DeepCopyInto(out *AuthorizationPolicy) {
method DeepCopy (line 40) | func (in *AuthorizationPolicy) DeepCopy() *AuthorizationPolicy {
method DeepCopyObject (line 50) | func (in *AuthorizationPolicy) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 58) | func (in *AuthorizationPolicyList) DeepCopyInto(out *AuthorizationPolicy...
method DeepCopy (line 73) | func (in *AuthorizationPolicyList) DeepCopy() *AuthorizationPolicyList {
method DeepCopyObject (line 83) | func (in *AuthorizationPolicyList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 91) | func (in *AuthorizationPolicySpec) DeepCopyInto(out *AuthorizationPolicy...
method DeepCopy (line 105) | func (in *AuthorizationPolicySpec) DeepCopy() *AuthorizationPolicySpec {
method DeepCopyInto (line 115) | func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) {
method DeepCopy (line 121) | func (in *HTTPHeader) DeepCopy() *HTTPHeader {
method DeepCopyInto (line 131) | func (in *HTTPHeaderMatch) DeepCopyInto(out *HTTPHeaderMatch) {
method DeepCopy (line 142) | func (in *HTTPHeaderMatch) DeepCopy() *HTTPHeaderMatch {
method DeepCopyInto (line 152) | func (in *HTTPPathMatch) DeepCopyInto(out *HTTPPathMatch) {
method DeepCopy (line 168) | func (in *HTTPPathMatch) DeepCopy() *HTTPPathMatch {
method DeepCopyInto (line 178) | func (in *HTTPPathModifier) DeepCopyInto(out *HTTPPathModifier) {
method DeepCopy (line 194) | func (in *HTTPPathModifier) DeepCopy() *HTTPPathModifier {
method DeepCopyInto (line 204) | func (in *HTTPQueryParamMatch) DeepCopyInto(out *HTTPQueryParamMatch) {
method DeepCopy (line 215) | func (in *HTTPQueryParamMatch) DeepCopy() *HTTPQueryParamMatch {
method DeepCopyInto (line 225) | func (in *HTTPRequestHeaderFilter) DeepCopyInto(out *HTTPRequestHeaderFi...
method DeepCopy (line 246) | func (in *HTTPRequestHeaderFilter) DeepCopy() *HTTPRequestHeaderFilter {
method DeepCopyInto (line 256) | func (in *HTTPRequestRedirectFilter) DeepCopyInto(out *HTTPRequestRedire...
method DeepCopy (line 287) | func (in *HTTPRequestRedirectFilter) DeepCopy() *HTTPRequestRedirectFilt...
method DeepCopyInto (line 297) | func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) {
method DeepCopy (line 307) | func (in *HTTPRoute) DeepCopy() *HTTPRoute {
method DeepCopyObject (line 317) | func (in *HTTPRoute) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 325) | func (in *HTTPRouteFilter) DeepCopyInto(out *HTTPRouteFilter) {
method DeepCopy (line 341) | func (in *HTTPRouteFilter) DeepCopy() *HTTPRouteFilter {
method DeepCopyInto (line 351) | func (in *HTTPRouteList) DeepCopyInto(out *HTTPRouteList) {
method DeepCopy (line 366) | func (in *HTTPRouteList) DeepCopy() *HTTPRouteList {
method DeepCopyObject (line 376) | func (in *HTTPRouteList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 384) | func (in *HTTPRouteMatch) DeepCopyInto(out *HTTPRouteMatch) {
method DeepCopy (line 414) | func (in *HTTPRouteMatch) DeepCopy() *HTTPRouteMatch {
method DeepCopyInto (line 424) | func (in *HTTPRouteRule) DeepCopyInto(out *HTTPRouteRule) {
method DeepCopy (line 444) | func (in *HTTPRouteRule) DeepCopy() *HTTPRouteRule {
method DeepCopyInto (line 454) | func (in *HTTPRouteSpec) DeepCopyInto(out *HTTPRouteSpec) {
method DeepCopy (line 473) | func (in *HTTPRouteSpec) DeepCopy() *HTTPRouteSpec {
method DeepCopyInto (line 483) | func (in *HTTPRouteStatus) DeepCopyInto(out *HTTPRouteStatus) {
method DeepCopy (line 490) | func (in *HTTPRouteStatus) DeepCopy() *HTTPRouteStatus {
method DeepCopyInto (line 500) | func (in *MeshTLSAuthentication) DeepCopyInto(out *MeshTLSAuthentication) {
method DeepCopy (line 509) | func (in *MeshTLSAuthentication) DeepCopy() *MeshTLSAuthentication {
method DeepCopyObject (line 519) | func (in *MeshTLSAuthentication) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 527) | func (in *MeshTLSAuthenticationList) DeepCopyInto(out *MeshTLSAuthentica...
method DeepCopy (line 542) | func (in *MeshTLSAuthenticationList) DeepCopy() *MeshTLSAuthenticationLi...
method DeepCopyObject (line 552) | func (in *MeshTLSAuthenticationList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 560) | func (in *MeshTLSAuthenticationSpec) DeepCopyInto(out *MeshTLSAuthentica...
method DeepCopy (line 578) | func (in *MeshTLSAuthenticationSpec) DeepCopy() *MeshTLSAuthenticationSp...
method DeepCopyInto (line 588) | func (in *Network) DeepCopyInto(out *Network) {
method DeepCopy (line 599) | func (in *Network) DeepCopy() *Network {
method DeepCopyInto (line 609) | func (in *NetworkAuthentication) DeepCopyInto(out *NetworkAuthentication) {
method DeepCopy (line 618) | func (in *NetworkAuthentication) DeepCopy() *NetworkAuthentication {
method DeepCopyObject (line 628) | func (in *NetworkAuthentication) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 636) | func (in *NetworkAuthenticationList) DeepCopyInto(out *NetworkAuthentica...
method DeepCopy (line 651) | func (in *NetworkAuthenticationList) DeepCopy() *NetworkAuthenticationLi...
method DeepCopyObject (line 661) | func (in *NetworkAuthenticationList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 669) | func (in *NetworkAuthenticationSpec) DeepCopyInto(out *NetworkAuthentica...
method DeepCopy (line 686) | func (in *NetworkAuthenticationSpec) DeepCopy() *NetworkAuthenticationSp...
FILE: controller/gen/apis/policy/v1beta3/register.go
function Kind (line 30) | func Kind(kind string) schema.GroupKind {
function Resource (line 36) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 41) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/policy/v1beta3/types.go
type HTTPRoute (line 37) | type HTTPRoute struct
type HTTPRouteList (line 51) | type HTTPRouteList struct
type HTTPRouteSpec (line 58) | type HTTPRouteSpec struct
type HTTPRouteRule (line 115) | type HTTPRouteRule struct
type PathMatchType (line 263) | type PathMatchType
constant PathMatchExact (line 267) | PathMatchExact PathMatchType = "Exact"
constant PathMatchPathPrefix (line 279) | PathMatchPathPrefix PathMatchType = "PathPrefix"
constant PathMatchRegularExpression (line 288) | PathMatchRegularExpression PathMatchType = "RegularExpression"
type HTTPPathMatch (line 292) | type HTTPPathMatch struct
type HeaderMatchType (line 325) | type HeaderMatchType
constant HeaderMatchExact (line 329) | HeaderMatchExact HeaderMatchType = "Exact"
constant HeaderMatchRegularExpression (line 330) | HeaderMatchRegularExpression HeaderMatchType = "RegularExpression"
type HTTPHeaderName (line 349) | type HTTPHeaderName
type HTTPHeaderMatch (line 353) | type HTTPHeaderMatch struct
type QueryParamMatchType (line 406) | type QueryParamMatchType
constant QueryParamMatchExact (line 410) | QueryParamMatchExact QueryParamMatchType = "Exact"
constant QueryParamMatchRegularExpression (line 411) | QueryParamMatchRegularExpression QueryParamMatchType = "RegularExpression"
type HTTPQueryParamMatch (line 416) | type HTTPQueryParamMatch struct
type HTTPMethod (line 465) | type HTTPMethod
constant HTTPMethodGet (line 468) | HTTPMethodGet HTTPMethod = "GET"
constant HTTPMethodHead (line 469) | HTTPMethodHead HTTPMethod = "HEAD"
constant HTTPMethodPost (line 470) | HTTPMethodPost HTTPMethod = "POST"
constant HTTPMethodPut (line 471) | HTTPMethodPut HTTPMethod = "PUT"
constant HTTPMethodDelete (line 472) | HTTPMethodDelete HTTPMethod = "DELETE"
constant HTTPMethodConnect (line 473) | HTTPMethodConnect HTTPMethod = "CONNECT"
constant HTTPMethodOptions (line 474) | HTTPMethodOptions HTTPMethod = "OPTIONS"
constant HTTPMethodTrace (line 475) | HTTPMethodTrace HTTPMethod = "TRACE"
constant HTTPMethodPatch (line 476) | HTTPMethodPatch HTTPMethod = "PATCH"
type HTTPRouteMatch (line 495) | type HTTPRouteMatch struct
type HTTPRouteFilter (line 539) | type HTTPRouteFilter struct
type HTTPRouteFilterType (line 595) | type HTTPRouteFilterType
constant HTTPRouteFilterRequestHeaderModifier (line 604) | HTTPRouteFilterRequestHeaderModifier HTTPRouteFilterType = "RequestHeade...
constant HTTPRouteFilterRequestRedirect (line 614) | HTTPRouteFilterRequestRedirect HTTPRouteFilterType = "RequestRedirect"
type HTTPHeader (line 618) | type HTTPHeader struct
type HTTPRequestHeaderFilter (line 638) | type HTTPRequestHeaderFilter struct
type HTTPPathModifierType (line 709) | type HTTPPathModifierType
type HTTPPathModifier (line 713) | type HTTPPathModifier struct
type HTTPRequestRedirectFilter (line 754) | type HTTPRequestRedirectFilter struct
type HTTPRouteStatus (line 818) | type HTTPRouteStatus struct
type HTTPRouteTimeouts (line 825) | type HTTPRouteTimeouts struct
FILE: controller/gen/apis/policy/v1beta3/zz_generated.deepcopy.go
method DeepCopyInto (line 31) | func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) {
method DeepCopy (line 37) | func (in *HTTPHeader) DeepCopy() *HTTPHeader {
method DeepCopyInto (line 47) | func (in *HTTPHeaderMatch) DeepCopyInto(out *HTTPHeaderMatch) {
method DeepCopy (line 58) | func (in *HTTPHeaderMatch) DeepCopy() *HTTPHeaderMatch {
method DeepCopyInto (line 68) | func (in *HTTPPathMatch) DeepCopyInto(out *HTTPPathMatch) {
method DeepCopy (line 84) | func (in *HTTPPathMatch) DeepCopy() *HTTPPathMatch {
method DeepCopyInto (line 94) | func (in *HTTPPathModifier) DeepCopyInto(out *HTTPPathModifier) {
method DeepCopy (line 110) | func (in *HTTPPathModifier) DeepCopy() *HTTPPathModifier {
method DeepCopyInto (line 120) | func (in *HTTPQueryParamMatch) DeepCopyInto(out *HTTPQueryParamMatch) {
method DeepCopy (line 131) | func (in *HTTPQueryParamMatch) DeepCopy() *HTTPQueryParamMatch {
method DeepCopyInto (line 141) | func (in *HTTPRequestHeaderFilter) DeepCopyInto(out *HTTPRequestHeaderFi...
method DeepCopy (line 162) | func (in *HTTPRequestHeaderFilter) DeepCopy() *HTTPRequestHeaderFilter {
method DeepCopyInto (line 172) | func (in *HTTPRequestRedirectFilter) DeepCopyInto(out *HTTPRequestRedire...
method DeepCopy (line 203) | func (in *HTTPRequestRedirectFilter) DeepCopy() *HTTPRequestRedirectFilt...
method DeepCopyInto (line 213) | func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) {
method DeepCopy (line 223) | func (in *HTTPRoute) DeepCopy() *HTTPRoute {
method DeepCopyObject (line 233) | func (in *HTTPRoute) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 241) | func (in *HTTPRouteFilter) DeepCopyInto(out *HTTPRouteFilter) {
method DeepCopy (line 257) | func (in *HTTPRouteFilter) DeepCopy() *HTTPRouteFilter {
method DeepCopyInto (line 267) | func (in *HTTPRouteList) DeepCopyInto(out *HTTPRouteList) {
method DeepCopy (line 282) | func (in *HTTPRouteList) DeepCopy() *HTTPRouteList {
method DeepCopyObject (line 292) | func (in *HTTPRouteList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 300) | func (in *HTTPRouteMatch) DeepCopyInto(out *HTTPRouteMatch) {
method DeepCopy (line 330) | func (in *HTTPRouteMatch) DeepCopy() *HTTPRouteMatch {
method DeepCopyInto (line 340) | func (in *HTTPRouteRule) DeepCopyInto(out *HTTPRouteRule) {
method DeepCopy (line 372) | func (in *HTTPRouteRule) DeepCopy() *HTTPRouteRule {
method DeepCopyInto (line 382) | func (in *HTTPRouteSpec) DeepCopyInto(out *HTTPRouteSpec) {
method DeepCopy (line 401) | func (in *HTTPRouteSpec) DeepCopy() *HTTPRouteSpec {
method DeepCopyInto (line 411) | func (in *HTTPRouteStatus) DeepCopyInto(out *HTTPRouteStatus) {
method DeepCopy (line 418) | func (in *HTTPRouteStatus) DeepCopy() *HTTPRouteStatus {
method DeepCopyInto (line 428) | func (in *HTTPRouteTimeouts) DeepCopyInto(out *HTTPRouteTimeouts) {
method DeepCopy (line 444) | func (in *HTTPRouteTimeouts) DeepCopy() *HTTPRouteTimeouts {
FILE: controller/gen/apis/server/register.go
constant GroupName (line 4) | GroupName = "policy.linkerd.io"
FILE: controller/gen/apis/server/v1beta1/register.go
function Kind (line 31) | func Kind(kind string) schema.GroupKind {
function Resource (line 37) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 42) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/server/v1beta1/types.go
type Server (line 13) | type Server struct
type ServerSpec (line 31) | type ServerSpec struct
type ServerList (line 40) | type ServerList struct
FILE: controller/gen/apis/server/v1beta1/zz_generated.deepcopy.go
method DeepCopyInto (line 30) | func (in *Server) DeepCopyInto(out *Server) {
method DeepCopy (line 39) | func (in *Server) DeepCopy() *Server {
method DeepCopyObject (line 49) | func (in *Server) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 57) | func (in *ServerList) DeepCopyInto(out *ServerList) {
method DeepCopy (line 72) | func (in *ServerList) DeepCopy() *ServerList {
method DeepCopyObject (line 82) | func (in *ServerList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 90) | func (in *ServerSpec) DeepCopyInto(out *ServerSpec) {
method DeepCopy (line 102) | func (in *ServerSpec) DeepCopy() *ServerSpec {
FILE: controller/gen/apis/server/v1beta2/register.go
function Kind (line 31) | func Kind(kind string) schema.GroupKind {
function Resource (line 37) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 42) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/server/v1beta2/types.go
type Server (line 13) | type Server struct
type ServerSpec (line 31) | type ServerSpec struct
type ServerList (line 41) | type ServerList struct
FILE: controller/gen/apis/server/v1beta2/zz_generated.deepcopy.go
method DeepCopyInto (line 30) | func (in *Server) DeepCopyInto(out *Server) {
method DeepCopy (line 39) | func (in *Server) DeepCopy() *Server {
method DeepCopyObject (line 49) | func (in *Server) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 57) | func (in *ServerList) DeepCopyInto(out *ServerList) {
method DeepCopy (line 72) | func (in *ServerList) DeepCopy() *ServerList {
method DeepCopyObject (line 82) | func (in *ServerList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 90) | func (in *ServerSpec) DeepCopyInto(out *ServerSpec) {
method DeepCopy (line 107) | func (in *ServerSpec) DeepCopy() *ServerSpec {
FILE: controller/gen/apis/server/v1beta3/register.go
function Kind (line 31) | func Kind(kind string) schema.GroupKind {
function Resource (line 37) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 42) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/server/v1beta3/types.go
type Server (line 13) | type Server struct
type ServerSpec (line 31) | type ServerSpec struct
type ServerList (line 42) | type ServerList struct
FILE: controller/gen/apis/server/v1beta3/zz_generated.deepcopy.go
method DeepCopyInto (line 30) | func (in *Server) DeepCopyInto(out *Server) {
method DeepCopy (line 39) | func (in *Server) DeepCopy() *Server {
method DeepCopyObject (line 49) | func (in *Server) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 57) | func (in *ServerList) DeepCopyInto(out *ServerList) {
method DeepCopy (line 72) | func (in *ServerList) DeepCopy() *ServerList {
method DeepCopyObject (line 82) | func (in *ServerList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 90) | func (in *ServerSpec) DeepCopyInto(out *ServerSpec) {
method DeepCopy (line 107) | func (in *ServerSpec) DeepCopy() *ServerSpec {
FILE: controller/gen/apis/serverauthorization/register.go
constant GroupName (line 4) | GroupName = "policy.linkerd.io"
FILE: controller/gen/apis/serverauthorization/v1beta1/register.go
function Kind (line 31) | func Kind(kind string) schema.GroupKind {
function Resource (line 37) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 42) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/serverauthorization/v1beta1/types.go
type ServerAuthorization (line 12) | type ServerAuthorization struct
type ServerAuthorizationSpec (line 30) | type ServerAuthorizationSpec struct
type Server (line 36) | type Server struct
type Client (line 42) | type Client struct
type Cidr (line 49) | type Cidr struct
type MeshTLS (line 55) | type MeshTLS struct
type ServiceAccountName (line 63) | type ServiceAccountName struct
type ServerAuthorizationList (line 71) | type ServerAuthorizationList struct
FILE: controller/gen/apis/serverauthorization/v1beta1/zz_generated.deepcopy.go
method DeepCopyInto (line 30) | func (in *Cidr) DeepCopyInto(out *Cidr) {
method DeepCopy (line 41) | func (in *Cidr) DeepCopy() *Cidr {
method DeepCopyInto (line 51) | func (in *Client) DeepCopyInto(out *Client) {
method DeepCopy (line 73) | func (in *Client) DeepCopy() *Client {
method DeepCopyInto (line 83) | func (in *MeshTLS) DeepCopyInto(out *MeshTLS) {
method DeepCopy (line 105) | func (in *MeshTLS) DeepCopy() *MeshTLS {
method DeepCopyInto (line 115) | func (in *Server) DeepCopyInto(out *Server) {
method DeepCopy (line 126) | func (in *Server) DeepCopy() *Server {
method DeepCopyInto (line 136) | func (in *ServerAuthorization) DeepCopyInto(out *ServerAuthorization) {
method DeepCopy (line 145) | func (in *ServerAuthorization) DeepCopy() *ServerAuthorization {
method DeepCopyObject (line 155) | func (in *ServerAuthorization) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 163) | func (in *ServerAuthorizationList) DeepCopyInto(out *ServerAuthorization...
method DeepCopy (line 178) | func (in *ServerAuthorizationList) DeepCopy() *ServerAuthorizationList {
method DeepCopyObject (line 188) | func (in *ServerAuthorizationList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 196) | func (in *ServerAuthorizationSpec) DeepCopyInto(out *ServerAuthorization...
method DeepCopy (line 204) | func (in *ServerAuthorizationSpec) DeepCopy() *ServerAuthorizationSpec {
method DeepCopyInto (line 214) | func (in *ServiceAccountName) DeepCopyInto(out *ServiceAccountName) {
method DeepCopy (line 220) | func (in *ServiceAccountName) DeepCopy() *ServiceAccountName {
FILE: controller/gen/apis/serviceprofile/register.go
constant GroupName (line 4) | GroupName = "linkerd.io"
FILE: controller/gen/apis/serviceprofile/v1alpha2/register.go
function Kind (line 19) | func Kind(kind string) schema.GroupKind {
function Resource (line 24) | func Resource(resource string) schema.GroupResource {
function addKnownTypes (line 41) | func addKnownTypes(scheme *runtime.Scheme) error {
FILE: controller/gen/apis/serviceprofile/v1alpha2/types.go
type ServiceProfile (line 13) | type ServiceProfile struct
type ServiceProfileSpec (line 30) | type ServiceProfileSpec struct
type RouteSpec (line 38) | type RouteSpec struct
type RequestMatch (line 47) | type RequestMatch struct
type ResponseClass (line 57) | type ResponseClass struct
type ResponseMatch (line 63) | type ResponseMatch struct
type Range (line 71) | type Range struct
type RetryBudget (line 78) | type RetryBudget struct
type WeightedDst (line 85) | type WeightedDst struct
type ServiceProfileList (line 93) | type ServiceProfileList struct
FILE: controller/gen/apis/serviceprofile/v1alpha2/zz_generated.deepcopy.go
method DeepCopyInto (line 29) | func (in *Range) DeepCopyInto(out *Range) {
method DeepCopy (line 35) | func (in *Range) DeepCopy() *Range {
method DeepCopyInto (line 45) | func (in *RequestMatch) DeepCopyInto(out *RequestMatch) {
method DeepCopy (line 78) | func (in *RequestMatch) DeepCopy() *RequestMatch {
method DeepCopyInto (line 88) | func (in *ResponseClass) DeepCopyInto(out *ResponseClass) {
method DeepCopy (line 99) | func (in *ResponseClass) DeepCopy() *ResponseClass {
method DeepCopyInto (line 109) | func (in *ResponseMatch) DeepCopyInto(out *ResponseMatch) {
method DeepCopy (line 147) | func (in *ResponseMatch) DeepCopy() *ResponseMatch {
method DeepCopyInto (line 157) | func (in *RetryBudget) DeepCopyInto(out *RetryBudget) {
method DeepCopy (line 163) | func (in *RetryBudget) DeepCopy() *RetryBudget {
method DeepCopyInto (line 173) | func (in *RouteSpec) DeepCopyInto(out *RouteSpec) {
method DeepCopy (line 195) | func (in *RouteSpec) DeepCopy() *RouteSpec {
method DeepCopyInto (line 205) | func (in *ServiceProfile) DeepCopyInto(out *ServiceProfile) {
method DeepCopy (line 214) | func (in *ServiceProfile) DeepCopy() *ServiceProfile {
method DeepCopyObject (line 224) | func (in *ServiceProfile) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 232) | func (in *ServiceProfileList) DeepCopyInto(out *ServiceProfileList) {
method DeepCopy (line 247) | func (in *ServiceProfileList) DeepCopy() *ServiceProfileList {
method DeepCopyObject (line 257) | func (in *ServiceProfileList) DeepCopyObject() runtime.Object {
method DeepCopyInto (line 265) | func (in *ServiceProfileSpec) DeepCopyInto(out *ServiceProfileSpec) {
method DeepCopy (line 305) | func (in *ServiceProfileSpec) DeepCopy() *ServiceProfileSpec {
method DeepCopyInto (line 315) | func (in *WeightedDst) DeepCopyInto(out *WeightedDst) {
method DeepCopy (line 322) | func (in *WeightedDst) DeepCopy() *WeightedDst {
FILE: controller/gen/client/clientset/versioned/clientset.go
type Interface (line 41) | type Interface interface
type Clientset (line 57) | type Clientset struct
method ExternalworkloadV1beta1 (line 73) | func (c *Clientset) ExternalworkloadV1beta1() externalworkloadv1beta1....
method LinkV1alpha1 (line 78) | func (c *Clientset) LinkV1alpha1() linkv1alpha1.LinkV1alpha1Interface {
method LinkV1alpha2 (line 83) | func (c *Clientset) LinkV1alpha2() linkv1alpha2.LinkV1alpha2Interface {
method LinkV1alpha3 (line 88) | func (c *Clientset) LinkV1alpha3() linkv1alpha3.LinkV1alpha3Interface {
method PolicyV1alpha1 (line 93) | func (c *Clientset) PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Inte...
method PolicyV1beta3 (line 98) | func (c *Clientset) PolicyV1beta3() policyv1beta3.PolicyV1beta3Interfa...
method ServerV1beta1 (line 103) | func (c *Clientset) ServerV1beta1() serverv1beta1.ServerV1beta1Interfa...
method ServerV1beta2 (line 108) | func (c *Clientset) ServerV1beta2() serverv1beta2.ServerV1beta2Interfa...
method ServerV1beta3 (line 113) | func (c *Clientset) ServerV1beta3() serverv1beta3.ServerV1beta3Interfa...
method ServerauthorizationV1beta1 (line 118) | func (c *Clientset) ServerauthorizationV1beta1() serverauthorizationv1...
method LinkerdV1alpha2 (line 123) | func (c *Clientset) LinkerdV1alpha2() linkerdv1alpha2.LinkerdV1alpha2I...
method Discovery (line 128) | func (c *Clientset) Discovery() discovery.DiscoveryInterface {
function NewForConfig (line 140) | func NewForConfig(c *rest.Config) (*Clientset, error) {
function NewForConfigAndClient (line 160) | func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Cl...
function NewForConfigOrDie (line 225) | func NewForConfigOrDie(c *rest.Config) *Clientset {
function New (line 234) | func New(c rest.Interface) *Clientset {
FILE: controller/gen/client/clientset/versioned/fake/clientset_generated.go
function NewSimpleClientset (line 61) | func NewSimpleClientset(objects ...runtime.Object) *Clientset {
type Clientset (line 92) | type Clientset struct
method Discovery (line 98) | func (c *Clientset) Discovery() discovery.DiscoveryInterface {
method Tracker (line 102) | func (c *Clientset) Tracker() testing.ObjectTracker {
method IsWatchListSemanticsUnSupported (line 113) | func (c *Clientset) IsWatchListSemanticsUnSupported() bool {
method ExternalworkloadV1beta1 (line 123) | func (c *Clientset) ExternalworkloadV1beta1() externalworkloadv1beta1....
method LinkV1alpha1 (line 128) | func (c *Clientset) LinkV1alpha1() linkv1alpha1.LinkV1alpha1Interface {
method LinkV1alpha2 (line 133) | func (c *Clientset) LinkV1alpha2() linkv1alpha2.LinkV1alpha2Interface {
method LinkV1alpha3 (line 138) | func (c *Clientset) LinkV1alpha3() linkv1alpha3.LinkV1alpha3Interface {
method PolicyV1alpha1 (line 143) | func (c *Clientset) PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Inte...
method PolicyV1beta3 (line 148) | func (c *Clientset) PolicyV1beta3() policyv1beta3.PolicyV1beta3Interfa...
method ServerV1beta1 (line 153) | func (c *Clientset) ServerV1beta1() serverv1beta1.ServerV1beta1Interfa...
method ServerV1beta2 (line 158) | func (c *Clientset) ServerV1beta2() serverv1beta2.ServerV1beta2Interfa...
method ServerV1beta3 (line 163) | func (c *Clientset) ServerV1beta3() serverv1beta3.ServerV1beta3Interfa...
method ServerauthorizationV1beta1 (line 168) | func (c *Clientset) ServerauthorizationV1beta1() serverauthorizationv1...
method LinkerdV1alpha2 (line 173) | func (c *Clientset) LinkerdV1alpha2() linkerdv1alpha2.LinkerdV1alpha2I...
FILE: controller/gen/client/clientset/versioned/fake/register.go
function init (line 73) | func init() {
FILE: controller/gen/client/clientset/versioned/scheme/register.go
function init (line 73) | func init() {
FILE: controller/gen/client/clientset/versioned/typed/externalworkload/v1beta1/externalworkload.go
type ExternalWorkloadsGetter (line 34) | type ExternalWorkloadsGetter interface
type ExternalWorkloadInterface (line 39) | type ExternalWorkloadInterface interface
type externalWorkloads (line 52) | type externalWorkloads struct
function newExternalWorkloads (line 57) | func newExternalWorkloads(c *ExternalworkloadV1beta1Client, namespace st...
FILE: controller/gen/client/clientset/versioned/typed/externalworkload/v1beta1/externalworkload_client.go
type ExternalworkloadV1beta1Interface (line 29) | type ExternalworkloadV1beta1Interface interface
type ExternalworkloadV1beta1Client (line 35) | type ExternalworkloadV1beta1Client struct
method ExternalWorkloads (line 39) | func (c *ExternalworkloadV1beta1Client) ExternalWorkloads(namespace st...
method RESTClient (line 96) | func (c *ExternalworkloadV1beta1Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*ExternalworkloadV1beta1Client, error) {
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*Externalwor...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *ExternalworkloadV1beta1Client {
function New (line 79) | func New(c rest.Interface) *ExternalworkloadV1beta1Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/externalworkload/v1beta1/fake/fake_externalworkload.go
type fakeExternalWorkloads (line 28) | type fakeExternalWorkloads struct
function newFakeExternalWorkloads (line 33) | func newFakeExternalWorkloads(fake *FakeExternalworkloadV1beta1, namespa...
FILE: controller/gen/client/clientset/versioned/typed/externalworkload/v1beta1/fake/fake_externalworkload_client.go
type FakeExternalworkloadV1beta1 (line 27) | type FakeExternalworkloadV1beta1 struct
method ExternalWorkloads (line 31) | func (c *FakeExternalworkloadV1beta1) ExternalWorkloads(namespace stri...
method RESTClient (line 37) | func (c *FakeExternalworkloadV1beta1) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/externalworkload/v1beta1/generated_expansion.go
type ExternalWorkloadExpansion (line 21) | type ExternalWorkloadExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha1/fake/fake_link.go
type fakeLinks (line 28) | type fakeLinks struct
function newFakeLinks (line 33) | func newFakeLinks(fake *FakeLinkV1alpha1, namespace string) linkv1alpha1...
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha1/fake/fake_link_client.go
type FakeLinkV1alpha1 (line 27) | type FakeLinkV1alpha1 struct
method Links (line 31) | func (c *FakeLinkV1alpha1) Links(namespace string) v1alpha1.LinkInterf...
method RESTClient (line 37) | func (c *FakeLinkV1alpha1) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha1/generated_expansion.go
type LinkExpansion (line 21) | type LinkExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha1/link.go
type LinksGetter (line 34) | type LinksGetter interface
type LinkInterface (line 39) | type LinkInterface interface
type links (line 52) | type links struct
function newLinks (line 57) | func newLinks(c *LinkV1alpha1Client, namespace string) *links {
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha1/link_client.go
type LinkV1alpha1Interface (line 29) | type LinkV1alpha1Interface interface
type LinkV1alpha1Client (line 35) | type LinkV1alpha1Client struct
method Links (line 39) | func (c *LinkV1alpha1Client) Links(namespace string) LinkInterface {
method RESTClient (line 96) | func (c *LinkV1alpha1Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*LinkV1alpha1Client, error) {
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*LinkV1alpha...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *LinkV1alpha1Client {
function New (line 79) | func New(c rest.Interface) *LinkV1alpha1Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha2/fake/fake_link.go
type fakeLinks (line 28) | type fakeLinks struct
function newFakeLinks (line 33) | func newFakeLinks(fake *FakeLinkV1alpha2, namespace string) linkv1alpha2...
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha2/fake/fake_link_client.go
type FakeLinkV1alpha2 (line 27) | type FakeLinkV1alpha2 struct
method Links (line 31) | func (c *FakeLinkV1alpha2) Links(namespace string) v1alpha2.LinkInterf...
method RESTClient (line 37) | func (c *FakeLinkV1alpha2) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha2/generated_expansion.go
type LinkExpansion (line 21) | type LinkExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha2/link.go
type LinksGetter (line 34) | type LinksGetter interface
type LinkInterface (line 39) | type LinkInterface interface
type links (line 52) | type links struct
function newLinks (line 57) | func newLinks(c *LinkV1alpha2Client, namespace string) *links {
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha2/link_client.go
type LinkV1alpha2Interface (line 29) | type LinkV1alpha2Interface interface
type LinkV1alpha2Client (line 35) | type LinkV1alpha2Client struct
method Links (line 39) | func (c *LinkV1alpha2Client) Links(namespace string) LinkInterface {
method RESTClient (line 96) | func (c *LinkV1alpha2Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*LinkV1alpha2Client, error) {
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*LinkV1alpha...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *LinkV1alpha2Client {
function New (line 79) | func New(c rest.Interface) *LinkV1alpha2Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha3/fake/fake_link.go
type fakeLinks (line 28) | type fakeLinks struct
function newFakeLinks (line 33) | func newFakeLinks(fake *FakeLinkV1alpha3, namespace string) linkv1alpha3...
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha3/fake/fake_link_client.go
type FakeLinkV1alpha3 (line 27) | type FakeLinkV1alpha3 struct
method Links (line 31) | func (c *FakeLinkV1alpha3) Links(namespace string) v1alpha3.LinkInterf...
method RESTClient (line 37) | func (c *FakeLinkV1alpha3) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha3/generated_expansion.go
type LinkExpansion (line 21) | type LinkExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha3/link.go
type LinksGetter (line 34) | type LinksGetter interface
type LinkInterface (line 39) | type LinkInterface interface
type links (line 52) | type links struct
function newLinks (line 57) | func newLinks(c *LinkV1alpha3Client, namespace string) *links {
FILE: controller/gen/client/clientset/versioned/typed/link/v1alpha3/link_client.go
type LinkV1alpha3Interface (line 29) | type LinkV1alpha3Interface interface
type LinkV1alpha3Client (line 35) | type LinkV1alpha3Client struct
method Links (line 39) | func (c *LinkV1alpha3Client) Links(namespace string) LinkInterface {
method RESTClient (line 96) | func (c *LinkV1alpha3Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*LinkV1alpha3Client, error) {
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*LinkV1alpha...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *LinkV1alpha3Client {
function New (line 79) | func New(c rest.Interface) *LinkV1alpha3Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/authorizationpolicy.go
type AuthorizationPoliciesGetter (line 34) | type AuthorizationPoliciesGetter interface
type AuthorizationPolicyInterface (line 39) | type AuthorizationPolicyInterface interface
type authorizationPolicies (line 52) | type authorizationPolicies struct
function newAuthorizationPolicies (line 57) | func newAuthorizationPolicies(c *PolicyV1alpha1Client, namespace string)...
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_authorizationpolicy.go
type fakeAuthorizationPolicies (line 28) | type fakeAuthorizationPolicies struct
function newFakeAuthorizationPolicies (line 33) | func newFakeAuthorizationPolicies(fake *FakePolicyV1alpha1, namespace st...
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_httproute.go
type fakeHTTPRoutes (line 28) | type fakeHTTPRoutes struct
function newFakeHTTPRoutes (line 33) | func newFakeHTTPRoutes(fake *FakePolicyV1alpha1, namespace string) polic...
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_meshtlsauthentication.go
type fakeMeshTLSAuthentications (line 28) | type fakeMeshTLSAuthentications struct
function newFakeMeshTLSAuthentications (line 33) | func newFakeMeshTLSAuthentications(fake *FakePolicyV1alpha1, namespace s...
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_networkauthentication.go
type fakeNetworkAuthentications (line 28) | type fakeNetworkAuthentications struct
function newFakeNetworkAuthentications (line 33) | func newFakeNetworkAuthentications(fake *FakePolicyV1alpha1, namespace s...
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_policy_client.go
type FakePolicyV1alpha1 (line 27) | type FakePolicyV1alpha1 struct
method AuthorizationPolicies (line 31) | func (c *FakePolicyV1alpha1) AuthorizationPolicies(namespace string) v...
method HTTPRoutes (line 35) | func (c *FakePolicyV1alpha1) HTTPRoutes(namespace string) v1alpha1.HTT...
method MeshTLSAuthentications (line 39) | func (c *FakePolicyV1alpha1) MeshTLSAuthentications(namespace string) ...
method NetworkAuthentications (line 43) | func (c *FakePolicyV1alpha1) NetworkAuthentications(namespace string) ...
method RESTClient (line 49) | func (c *FakePolicyV1alpha1) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/generated_expansion.go
type AuthorizationPolicyExpansion (line 21) | type AuthorizationPolicyExpansion interface
type HTTPRouteExpansion (line 23) | type HTTPRouteExpansion interface
type MeshTLSAuthenticationExpansion (line 25) | type MeshTLSAuthenticationExpansion interface
type NetworkAuthenticationExpansion (line 27) | type NetworkAuthenticationExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/httproute.go
type HTTPRoutesGetter (line 34) | type HTTPRoutesGetter interface
type HTTPRouteInterface (line 39) | type HTTPRouteInterface interface
type hTTPRoutes (line 52) | type hTTPRoutes struct
function newHTTPRoutes (line 57) | func newHTTPRoutes(c *PolicyV1alpha1Client, namespace string) *hTTPRoutes {
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/meshtlsauthentication.go
type MeshTLSAuthenticationsGetter (line 34) | type MeshTLSAuthenticationsGetter interface
type MeshTLSAuthenticationInterface (line 39) | type MeshTLSAuthenticationInterface interface
type meshTLSAuthentications (line 52) | type meshTLSAuthentications struct
function newMeshTLSAuthentications (line 57) | func newMeshTLSAuthentications(c *PolicyV1alpha1Client, namespace string...
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/networkauthentication.go
type NetworkAuthenticationsGetter (line 34) | type NetworkAuthenticationsGetter interface
type NetworkAuthenticationInterface (line 39) | type NetworkAuthenticationInterface interface
type networkAuthentications (line 52) | type networkAuthentications struct
function newNetworkAuthentications (line 57) | func newNetworkAuthentications(c *PolicyV1alpha1Client, namespace string...
FILE: controller/gen/client/clientset/versioned/typed/policy/v1alpha1/policy_client.go
type PolicyV1alpha1Interface (line 29) | type PolicyV1alpha1Interface interface
type PolicyV1alpha1Client (line 38) | type PolicyV1alpha1Client struct
method AuthorizationPolicies (line 42) | func (c *PolicyV1alpha1Client) AuthorizationPolicies(namespace string)...
method HTTPRoutes (line 46) | func (c *PolicyV1alpha1Client) HTTPRoutes(namespace string) HTTPRouteI...
method MeshTLSAuthentications (line 50) | func (c *PolicyV1alpha1Client) MeshTLSAuthentications(namespace string...
method NetworkAuthentications (line 54) | func (c *PolicyV1alpha1Client) NetworkAuthentications(namespace string...
method RESTClient (line 111) | func (c *PolicyV1alpha1Client) RESTClient() rest.Interface {
function NewForConfig (line 61) | func NewForConfig(c *rest.Config) (*PolicyV1alpha1Client, error) {
function NewForConfigAndClient (line 73) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*PolicyV1alp...
function NewForConfigOrDie (line 85) | func NewForConfigOrDie(c *rest.Config) *PolicyV1alpha1Client {
function New (line 94) | func New(c rest.Interface) *PolicyV1alpha1Client {
function setConfigDefaults (line 98) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/policy/v1beta3/fake/fake_httproute.go
type fakeHTTPRoutes (line 28) | type fakeHTTPRoutes struct
function newFakeHTTPRoutes (line 33) | func newFakeHTTPRoutes(fake *FakePolicyV1beta3, namespace string) policy...
FILE: controller/gen/client/clientset/versioned/typed/policy/v1beta3/fake/fake_policy_client.go
type FakePolicyV1beta3 (line 27) | type FakePolicyV1beta3 struct
method HTTPRoutes (line 31) | func (c *FakePolicyV1beta3) HTTPRoutes(namespace string) v1beta3.HTTPR...
method RESTClient (line 37) | func (c *FakePolicyV1beta3) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/policy/v1beta3/generated_expansion.go
type HTTPRouteExpansion (line 21) | type HTTPRouteExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/policy/v1beta3/httproute.go
type HTTPRoutesGetter (line 34) | type HTTPRoutesGetter interface
type HTTPRouteInterface (line 39) | type HTTPRouteInterface interface
type hTTPRoutes (line 52) | type hTTPRoutes struct
function newHTTPRoutes (line 57) | func newHTTPRoutes(c *PolicyV1beta3Client, namespace string) *hTTPRoutes {
FILE: controller/gen/client/clientset/versioned/typed/policy/v1beta3/policy_client.go
type PolicyV1beta3Interface (line 29) | type PolicyV1beta3Interface interface
type PolicyV1beta3Client (line 35) | type PolicyV1beta3Client struct
method HTTPRoutes (line 39) | func (c *PolicyV1beta3Client) HTTPRoutes(namespace string) HTTPRouteIn...
method RESTClient (line 96) | func (c *PolicyV1beta3Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*PolicyV1beta3Client, error) {
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*PolicyV1bet...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *PolicyV1beta3Client {
function New (line 79) | func New(c rest.Interface) *PolicyV1beta3Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta1/fake/fake_server.go
type fakeServers (line 28) | type fakeServers struct
function newFakeServers (line 33) | func newFakeServers(fake *FakeServerV1beta1, namespace string) serverv1b...
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta1/fake/fake_server_client.go
type FakeServerV1beta1 (line 27) | type FakeServerV1beta1 struct
method Servers (line 31) | func (c *FakeServerV1beta1) Servers(namespace string) v1beta1.ServerIn...
method RESTClient (line 37) | func (c *FakeServerV1beta1) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta1/generated_expansion.go
type ServerExpansion (line 21) | type ServerExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta1/server.go
type ServersGetter (line 34) | type ServersGetter interface
type ServerInterface (line 39) | type ServerInterface interface
type servers (line 52) | type servers struct
function newServers (line 57) | func newServers(c *ServerV1beta1Client, namespace string) *servers {
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta1/server_client.go
type ServerV1beta1Interface (line 29) | type ServerV1beta1Interface interface
type ServerV1beta1Client (line 35) | type ServerV1beta1Client struct
method Servers (line 39) | func (c *ServerV1beta1Client) Servers(namespace string) ServerInterface {
method RESTClient (line 96) | func (c *ServerV1beta1Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*ServerV1beta1Client, error) {
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*ServerV1bet...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *ServerV1beta1Client {
function New (line 79) | func New(c rest.Interface) *ServerV1beta1Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta2/fake/fake_server.go
type fakeServers (line 28) | type fakeServers struct
function newFakeServers (line 33) | func newFakeServers(fake *FakeServerV1beta2, namespace string) serverv1b...
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta2/fake/fake_server_client.go
type FakeServerV1beta2 (line 27) | type FakeServerV1beta2 struct
method Servers (line 31) | func (c *FakeServerV1beta2) Servers(namespace string) v1beta2.ServerIn...
method RESTClient (line 37) | func (c *FakeServerV1beta2) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta2/generated_expansion.go
type ServerExpansion (line 21) | type ServerExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta2/server.go
type ServersGetter (line 34) | type ServersGetter interface
type ServerInterface (line 39) | type ServerInterface interface
type servers (line 52) | type servers struct
function newServers (line 57) | func newServers(c *ServerV1beta2Client, namespace string) *servers {
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta2/server_client.go
type ServerV1beta2Interface (line 29) | type ServerV1beta2Interface interface
type ServerV1beta2Client (line 35) | type ServerV1beta2Client struct
method Servers (line 39) | func (c *ServerV1beta2Client) Servers(namespace string) ServerInterface {
method RESTClient (line 96) | func (c *ServerV1beta2Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*ServerV1beta2Client, error) {
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*ServerV1bet...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *ServerV1beta2Client {
function New (line 79) | func New(c rest.Interface) *ServerV1beta2Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta3/fake/fake_server.go
type fakeServers (line 28) | type fakeServers struct
function newFakeServers (line 33) | func newFakeServers(fake *FakeServerV1beta3, namespace string) serverv1b...
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta3/fake/fake_server_client.go
type FakeServerV1beta3 (line 27) | type FakeServerV1beta3 struct
method Servers (line 31) | func (c *FakeServerV1beta3) Servers(namespace string) v1beta3.ServerIn...
method RESTClient (line 37) | func (c *FakeServerV1beta3) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta3/generated_expansion.go
type ServerExpansion (line 21) | type ServerExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta3/server.go
type ServersGetter (line 34) | type ServersGetter interface
type ServerInterface (line 39) | type ServerInterface interface
type servers (line 52) | type servers struct
function newServers (line 57) | func newServers(c *ServerV1beta3Client, namespace string) *servers {
FILE: controller/gen/client/clientset/versioned/typed/server/v1beta3/server_client.go
type ServerV1beta3Interface (line 29) | type ServerV1beta3Interface interface
type ServerV1beta3Client (line 35) | type ServerV1beta3Client struct
method Servers (line 39) | func (c *ServerV1beta3Client) Servers(namespace string) ServerInterface {
method RESTClient (line 96) | func (c *ServerV1beta3Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*ServerV1beta3Client, error) {
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*ServerV1bet...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *ServerV1beta3Client {
function New (line 79) | func New(c rest.Interface) *ServerV1beta3Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/serverauthorization/v1beta1/fake/fake_serverauthorization.go
type fakeServerAuthorizations (line 28) | type fakeServerAuthorizations struct
function newFakeServerAuthorizations (line 33) | func newFakeServerAuthorizations(fake *FakeServerauthorizationV1beta1, n...
FILE: controller/gen/client/clientset/versioned/typed/serverauthorization/v1beta1/fake/fake_serverauthorization_client.go
type FakeServerauthorizationV1beta1 (line 27) | type FakeServerauthorizationV1beta1 struct
method ServerAuthorizations (line 31) | func (c *FakeServerauthorizationV1beta1) ServerAuthorizations(namespac...
method RESTClient (line 37) | func (c *FakeServerauthorizationV1beta1) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/serverauthorization/v1beta1/generated_expansion.go
type ServerAuthorizationExpansion (line 21) | type ServerAuthorizationExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/serverauthorization/v1beta1/serverauthorization.go
type ServerAuthorizationsGetter (line 34) | type ServerAuthorizationsGetter interface
type ServerAuthorizationInterface (line 39) | type ServerAuthorizationInterface interface
type serverAuthorizations (line 52) | type serverAuthorizations struct
function newServerAuthorizations (line 57) | func newServerAuthorizations(c *ServerauthorizationV1beta1Client, namesp...
FILE: controller/gen/client/clientset/versioned/typed/serverauthorization/v1beta1/serverauthorization_client.go
type ServerauthorizationV1beta1Interface (line 29) | type ServerauthorizationV1beta1Interface interface
type ServerauthorizationV1beta1Client (line 35) | type ServerauthorizationV1beta1Client struct
method ServerAuthorizations (line 39) | func (c *ServerauthorizationV1beta1Client) ServerAuthorizations(namesp...
method RESTClient (line 96) | func (c *ServerauthorizationV1beta1Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*ServerauthorizationV1beta1Client, er...
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*Serverautho...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *ServerauthorizationV1beta1Client {
function New (line 79) | func New(c rest.Interface) *ServerauthorizationV1beta1Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/clientset/versioned/typed/serviceprofile/v1alpha2/fake/fake_serviceprofile.go
type fakeServiceProfiles (line 28) | type fakeServiceProfiles struct
function newFakeServiceProfiles (line 33) | func newFakeServiceProfiles(fake *FakeLinkerdV1alpha2, namespace string)...
FILE: controller/gen/client/clientset/versioned/typed/serviceprofile/v1alpha2/fake/fake_serviceprofile_client.go
type FakeLinkerdV1alpha2 (line 27) | type FakeLinkerdV1alpha2 struct
method ServiceProfiles (line 31) | func (c *FakeLinkerdV1alpha2) ServiceProfiles(namespace string) v1alph...
method RESTClient (line 37) | func (c *FakeLinkerdV1alpha2) RESTClient() rest.Interface {
FILE: controller/gen/client/clientset/versioned/typed/serviceprofile/v1alpha2/generated_expansion.go
type ServiceProfileExpansion (line 21) | type ServiceProfileExpansion interface
FILE: controller/gen/client/clientset/versioned/typed/serviceprofile/v1alpha2/serviceprofile.go
type ServiceProfilesGetter (line 34) | type ServiceProfilesGetter interface
type ServiceProfileInterface (line 39) | type ServiceProfileInterface interface
type serviceProfiles (line 52) | type serviceProfiles struct
function newServiceProfiles (line 57) | func newServiceProfiles(c *LinkerdV1alpha2Client, namespace string) *ser...
FILE: controller/gen/client/clientset/versioned/typed/serviceprofile/v1alpha2/serviceprofile_client.go
type LinkerdV1alpha2Interface (line 29) | type LinkerdV1alpha2Interface interface
type LinkerdV1alpha2Client (line 35) | type LinkerdV1alpha2Client struct
method ServiceProfiles (line 39) | func (c *LinkerdV1alpha2Client) ServiceProfiles(namespace string) Serv...
method RESTClient (line 96) | func (c *LinkerdV1alpha2Client) RESTClient() rest.Interface {
function NewForConfig (line 46) | func NewForConfig(c *rest.Config) (*LinkerdV1alpha2Client, error) {
function NewForConfigAndClient (line 58) | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*LinkerdV1al...
function NewForConfigOrDie (line 70) | func NewForConfigOrDie(c *rest.Config) *LinkerdV1alpha2Client {
function New (line 79) | func New(c rest.Interface) *LinkerdV1alpha2Client {
function setConfigDefaults (line 83) | func setConfigDefaults(config *rest.Config) {
FILE: controller/gen/client/informers/externalversions/externalworkload/interface.go
type Interface (line 27) | type Interface interface
type group (line 32) | type group struct
method V1beta1 (line 44) | func (g *group) V1beta1() v1beta1.Interface {
function New (line 39) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/externalworkload/v1beta1/externalworkload.go
type ExternalWorkloadInformer (line 37) | type ExternalWorkloadInformer interface
type externalWorkloadInformer (line 42) | type externalWorkloadInformer struct
method defaultInformer (line 92) | func (f *externalWorkloadInformer) defaultInformer(client versioned.In...
method Informer (line 96) | func (f *externalWorkloadInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *externalWorkloadInformer) Lister() externalworkloadv1beta1.Ex...
function NewExternalWorkloadInformer (line 51) | func NewExternalWorkloadInformer(client versioned.Interface, namespace s...
function NewFilteredExternalWorkloadInformer (line 58) | func NewFilteredExternalWorkloadInformer(client versioned.Interface, nam...
FILE: controller/gen/client/informers/externalversions/externalworkload/v1beta1/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method ExternalWorkloads (line 43) | func (v *version) ExternalWorkloads() ExternalWorkloadInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/factory.go
type SharedInformerOption (line 41) | type SharedInformerOption
type sharedInformerFactory (line 43) | type sharedInformerFactory struct
method Start (line 130) | func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) {
method Shutdown (line 154) | func (f *sharedInformerFactory) Shutdown() {
method WaitForCacheSync (line 163) | func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{...
method InformerFor (line 186) | func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFun...
method Externalworkload (line 271) | func (f *sharedInformerFactory) Externalworkload() externalworkload.In...
method Link (line 275) | func (f *sharedInformerFactory) Link() link.Interface {
method Policy (line 279) | func (f *sharedInformerFactory) Policy() policy.Interface {
method Server (line 283) | func (f *sharedInformerFactory) Server() server.Interface {
method Serverauthorization (line 287) | func (f *sharedInformerFactory) Serverauthorization() serverauthorizat...
method Linkerd (line 291) | func (f *sharedInformerFactory) Linkerd() serviceprofile.Interface {
function WithCustomResyncConfig (line 64) | func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) Sh...
function WithTweakListOptions (line 74) | func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListO...
function WithNamespace (line 82) | func WithNamespace(namespace string) SharedInformerOption {
function WithTransform (line 90) | func WithTransform(transform cache.TransformFunc) SharedInformerOption {
function NewSharedInformerFactory (line 98) | func NewSharedInformerFactory(client versioned.Interface, defaultResync ...
function NewFilteredSharedInformerFactory (line 107) | func NewFilteredSharedInformerFactory(client versioned.Interface, defaul...
function NewSharedInformerFactoryWithOptions (line 112) | func NewSharedInformerFactoryWithOptions(client versioned.Interface, def...
type SharedInformerFactory (line 232) | type SharedInformerFactory interface
FILE: controller/gen/client/informers/externalversions/generic.go
type GenericInformer (line 41) | type GenericInformer interface
type genericInformer (line 46) | type genericInformer struct
method Informer (line 52) | func (f *genericInformer) Informer() cache.SharedIndexInformer {
method Lister (line 57) | func (f *genericInformer) Lister() cache.GenericLister {
method ForResource (line 63) | func (f *sharedInformerFactory) ForResource(resource schema.GroupVersion...
FILE: controller/gen/client/informers/externalversions/internalinterfaces/factory_interfaces.go
type NewInformerFunc (line 31) | type NewInformerFunc
type SharedInformerFactory (line 34) | type SharedInformerFactory interface
type TweakListOptionsFunc (line 40) | type TweakListOptionsFunc
FILE: controller/gen/client/informers/externalversions/link/interface.go
type Interface (line 29) | type Interface interface
type group (line 38) | type group struct
method V1alpha1 (line 50) | func (g *group) V1alpha1() v1alpha1.Interface {
method V1alpha2 (line 55) | func (g *group) V1alpha2() v1alpha2.Interface {
method V1alpha3 (line 60) | func (g *group) V1alpha3() v1alpha3.Interface {
function New (line 45) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/link/v1alpha1/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method Links (line 43) | func (v *version) Links() LinkInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/link/v1alpha1/link.go
type LinkInformer (line 37) | type LinkInformer interface
type linkInformer (line 42) | type linkInformer struct
method defaultInformer (line 92) | func (f *linkInformer) defaultInformer(client versioned.Interface, res...
method Informer (line 96) | func (f *linkInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *linkInformer) Lister() linkv1alpha1.LinkLister {
function NewLinkInformer (line 51) | func NewLinkInformer(client versioned.Interface, namespace string, resyn...
function NewFilteredLinkInformer (line 58) | func NewFilteredLinkInformer(client versioned.Interface, namespace strin...
FILE: controller/gen/client/informers/externalversions/link/v1alpha2/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method Links (line 43) | func (v *version) Links() LinkInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/link/v1alpha2/link.go
type LinkInformer (line 37) | type LinkInformer interface
type linkInformer (line 42) | type linkInformer struct
method defaultInformer (line 92) | func (f *linkInformer) defaultInformer(client versioned.Interface, res...
method Informer (line 96) | func (f *linkInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *linkInformer) Lister() linkv1alpha2.LinkLister {
function NewLinkInformer (line 51) | func NewLinkInformer(client versioned.Interface, namespace string, resyn...
function NewFilteredLinkInformer (line 58) | func NewFilteredLinkInformer(client versioned.Interface, namespace strin...
FILE: controller/gen/client/informers/externalversions/link/v1alpha3/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method Links (line 43) | func (v *version) Links() LinkInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/link/v1alpha3/link.go
type LinkInformer (line 37) | type LinkInformer interface
type linkInformer (line 42) | type linkInformer struct
method defaultInformer (line 92) | func (f *linkInformer) defaultInformer(client versioned.Interface, res...
method Informer (line 96) | func (f *linkInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *linkInformer) Lister() linkv1alpha3.LinkLister {
function NewLinkInformer (line 51) | func NewLinkInformer(client versioned.Interface, namespace string, resyn...
function NewFilteredLinkInformer (line 58) | func NewFilteredLinkInformer(client versioned.Interface, namespace strin...
FILE: controller/gen/client/informers/externalversions/policy/interface.go
type Interface (line 28) | type Interface interface
type group (line 35) | type group struct
method V1alpha1 (line 47) | func (g *group) V1alpha1() v1alpha1.Interface {
method V1beta3 (line 52) | func (g *group) V1beta3() v1beta3.Interface {
function New (line 42) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/policy/v1alpha1/authorizationpolicy.go
type AuthorizationPolicyInformer (line 37) | type AuthorizationPolicyInformer interface
type authorizationPolicyInformer (line 42) | type authorizationPolicyInformer struct
method defaultInformer (line 92) | func (f *authorizationPolicyInformer) defaultInformer(client versioned...
method Informer (line 96) | func (f *authorizationPolicyInformer) Informer() cache.SharedIndexInfo...
method Lister (line 100) | func (f *authorizationPolicyInformer) Lister() policyv1alpha1.Authoriz...
function NewAuthorizationPolicyInformer (line 51) | func NewAuthorizationPolicyInformer(client versioned.Interface, namespac...
function NewFilteredAuthorizationPolicyInformer (line 58) | func NewFilteredAuthorizationPolicyInformer(client versioned.Interface, ...
FILE: controller/gen/client/informers/externalversions/policy/v1alpha1/httproute.go
type HTTPRouteInformer (line 37) | type HTTPRouteInformer interface
type hTTPRouteInformer (line 42) | type hTTPRouteInformer struct
method defaultInformer (line 92) | func (f *hTTPRouteInformer) defaultInformer(client versioned.Interface...
method Informer (line 96) | func (f *hTTPRouteInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *hTTPRouteInformer) Lister() policyv1alpha1.HTTPRouteLister {
function NewHTTPRouteInformer (line 51) | func NewHTTPRouteInformer(client versioned.Interface, namespace string, ...
function NewFilteredHTTPRouteInformer (line 58) | func NewFilteredHTTPRouteInformer(client versioned.Interface, namespace ...
FILE: controller/gen/client/informers/externalversions/policy/v1alpha1/interface.go
type Interface (line 26) | type Interface interface
type version (line 37) | type version struct
method AuthorizationPolicies (line 49) | func (v *version) AuthorizationPolicies() AuthorizationPolicyInformer {
method HTTPRoutes (line 54) | func (v *version) HTTPRoutes() HTTPRouteInformer {
method MeshTLSAuthentications (line 59) | func (v *version) MeshTLSAuthentications() MeshTLSAuthenticationInform...
method NetworkAuthentications (line 64) | func (v *version) NetworkAuthentications() NetworkAuthenticationInform...
function New (line 44) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/policy/v1alpha1/meshtlsauthentication.go
type MeshTLSAuthenticationInformer (line 37) | type MeshTLSAuthenticationInformer interface
type meshTLSAuthenticationInformer (line 42) | type meshTLSAuthenticationInformer struct
method defaultInformer (line 92) | func (f *meshTLSAuthenticationInformer) defaultInformer(client version...
method Informer (line 96) | func (f *meshTLSAuthenticationInformer) Informer() cache.SharedIndexIn...
method Lister (line 100) | func (f *meshTLSAuthenticationInformer) Lister() policyv1alpha1.MeshTL...
function NewMeshTLSAuthenticationInformer (line 51) | func NewMeshTLSAuthenticationInformer(client versioned.Interface, namesp...
function NewFilteredMeshTLSAuthenticationInformer (line 58) | func NewFilteredMeshTLSAuthenticationInformer(client versioned.Interface...
FILE: controller/gen/client/informers/externalversions/policy/v1alpha1/networkauthentication.go
type NetworkAuthenticationInformer (line 37) | type NetworkAuthenticationInformer interface
type networkAuthenticationInformer (line 42) | type networkAuthenticationInformer struct
method defaultInformer (line 92) | func (f *networkAuthenticationInformer) defaultInformer(client version...
method Informer (line 96) | func (f *networkAuthenticationInformer) Informer() cache.SharedIndexIn...
method Lister (line 100) | func (f *networkAuthenticationInformer) Lister() policyv1alpha1.Networ...
function NewNetworkAuthenticationInformer (line 51) | func NewNetworkAuthenticationInformer(client versioned.Interface, namesp...
function NewFilteredNetworkAuthenticationInformer (line 58) | func NewFilteredNetworkAuthenticationInformer(client versioned.Interface...
FILE: controller/gen/client/informers/externalversions/policy/v1beta3/httproute.go
type HTTPRouteInformer (line 37) | type HTTPRouteInformer interface
type hTTPRouteInformer (line 42) | type hTTPRouteInformer struct
method defaultInformer (line 92) | func (f *hTTPRouteInformer) defaultInformer(client versioned.Interface...
method Informer (line 96) | func (f *hTTPRouteInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *hTTPRouteInformer) Lister() policyv1beta3.HTTPRouteLister {
function NewHTTPRouteInformer (line 51) | func NewHTTPRouteInformer(client versioned.Interface, namespace string, ...
function NewFilteredHTTPRouteInformer (line 58) | func NewFilteredHTTPRouteInformer(client versioned.Interface, namespace ...
FILE: controller/gen/client/informers/externalversions/policy/v1beta3/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method HTTPRoutes (line 43) | func (v *version) HTTPRoutes() HTTPRouteInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/server/interface.go
type Interface (line 29) | type Interface interface
type group (line 38) | type group struct
method V1beta1 (line 50) | func (g *group) V1beta1() v1beta1.Interface {
method V1beta2 (line 55) | func (g *group) V1beta2() v1beta2.Interface {
method V1beta3 (line 60) | func (g *group) V1beta3() v1beta3.Interface {
function New (line 45) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/server/v1beta1/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method Servers (line 43) | func (v *version) Servers() ServerInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/server/v1beta1/server.go
type ServerInformer (line 37) | type ServerInformer interface
type serverInformer (line 42) | type serverInformer struct
method defaultInformer (line 92) | func (f *serverInformer) defaultInformer(client versioned.Interface, r...
method Informer (line 96) | func (f *serverInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *serverInformer) Lister() serverv1beta1.ServerLister {
function NewServerInformer (line 51) | func NewServerInformer(client versioned.Interface, namespace string, res...
function NewFilteredServerInformer (line 58) | func NewFilteredServerInformer(client versioned.Interface, namespace str...
FILE: controller/gen/client/informers/externalversions/server/v1beta2/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method Servers (line 43) | func (v *version) Servers() ServerInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/server/v1beta2/server.go
type ServerInformer (line 37) | type ServerInformer interface
type serverInformer (line 42) | type serverInformer struct
method defaultInformer (line 92) | func (f *serverInformer) defaultInformer(client versioned.Interface, r...
method Informer (line 96) | func (f *serverInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *serverInformer) Lister() serverv1beta2.ServerLister {
function NewServerInformer (line 51) | func NewServerInformer(client versioned.Interface, namespace string, res...
function NewFilteredServerInformer (line 58) | func NewFilteredServerInformer(client versioned.Interface, namespace str...
FILE: controller/gen/client/informers/externalversions/server/v1beta3/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method Servers (line 43) | func (v *version) Servers() ServerInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/server/v1beta3/server.go
type ServerInformer (line 37) | type ServerInformer interface
type serverInformer (line 42) | type serverInformer struct
method defaultInformer (line 92) | func (f *serverInformer) defaultInformer(client versioned.Interface, r...
method Informer (line 96) | func (f *serverInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *serverInformer) Lister() serverv1beta3.ServerLister {
function NewServerInformer (line 51) | func NewServerInformer(client versioned.Interface, namespace string, res...
function NewFilteredServerInformer (line 58) | func NewFilteredServerInformer(client versioned.Interface, namespace str...
FILE: controller/gen/client/informers/externalversions/serverauthorization/interface.go
type Interface (line 27) | type Interface interface
type group (line 32) | type group struct
method V1beta1 (line 44) | func (g *group) V1beta1() v1beta1.Interface {
function New (line 39) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/serverauthorization/v1beta1/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method ServerAuthorizations (line 43) | func (v *version) ServerAuthorizations() ServerAuthorizationInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/serverauthorization/v1beta1/serverauthorization.go
type ServerAuthorizationInformer (line 37) | type ServerAuthorizationInformer interface
type serverAuthorizationInformer (line 42) | type serverAuthorizationInformer struct
method defaultInformer (line 92) | func (f *serverAuthorizationInformer) defaultInformer(client versioned...
method Informer (line 96) | func (f *serverAuthorizationInformer) Informer() cache.SharedIndexInfo...
method Lister (line 100) | func (f *serverAuthorizationInformer) Lister() serverauthorizationv1be...
function NewServerAuthorizationInformer (line 51) | func NewServerAuthorizationInformer(client versioned.Interface, namespac...
function NewFilteredServerAuthorizationInformer (line 58) | func NewFilteredServerAuthorizationInformer(client versioned.Interface, ...
FILE: controller/gen/client/informers/externalversions/serviceprofile/interface.go
type Interface (line 27) | type Interface interface
type group (line 32) | type group struct
method V1alpha2 (line 44) | func (g *group) V1alpha2() v1alpha2.Interface {
function New (line 39) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/serviceprofile/v1alpha2/interface.go
type Interface (line 26) | type Interface interface
type version (line 31) | type version struct
method ServiceProfiles (line 43) | func (v *version) ServiceProfiles() ServiceProfileInformer {
function New (line 38) | func New(f internalinterfaces.SharedInformerFactory, namespace string, t...
FILE: controller/gen/client/informers/externalversions/serviceprofile/v1alpha2/serviceprofile.go
type ServiceProfileInformer (line 37) | type ServiceProfileInformer interface
type serviceProfileInformer (line 42) | type serviceProfileInformer struct
method defaultInformer (line 92) | func (f *serviceProfileInformer) defaultInformer(client versioned.Inte...
method Informer (line 96) | func (f *serviceProfileInformer) Informer() cache.SharedIndexInformer {
method Lister (line 100) | func (f *serviceProfileInformer) Lister() serviceprofilev1alpha2.Servi...
function NewServiceProfileInformer (line 51) | func NewServiceProfileInformer(client versioned.Interface, namespace str...
function NewFilteredServiceProfileInformer (line 58) | func NewFilteredServiceProfileInformer(client versioned.Interface, names...
FILE: controller/gen/client/listers/externalworkload/v1beta1/expansion_generated.go
type ExternalWorkloadListerExpansion (line 23) | type ExternalWorkloadListerExpansion interface
type ExternalWorkloadNamespaceListerExpansion (line 27) | type ExternalWorkloadNamespaceListerExpansion interface
FILE: controller/gen/client/listers/externalworkload/v1beta1/externalworkload.go
type ExternalWorkloadLister (line 30) | type ExternalWorkloadLister interface
type externalWorkloadLister (line 40) | type externalWorkloadLister struct
method ExternalWorkloads (line 50) | func (s *externalWorkloadLister) ExternalWorkloads(namespace string) E...
function NewExternalWorkloadLister (line 45) | func NewExternalWorkloadLister(indexer cache.Indexer) ExternalWorkloadLi...
type ExternalWorkloadNamespaceLister (line 56) | type ExternalWorkloadNamespaceLister interface
type externalWorkloadNamespaceLister (line 68) | type externalWorkloadNamespaceLister struct
FILE: controller/gen/client/listers/link/v1alpha1/expansion_generated.go
type LinkListerExpansion (line 23) | type LinkListerExpansion interface
type LinkNamespaceListerExpansion (line 27) | type LinkNamespaceListerExpansion interface
FILE: controller/gen/client/listers/link/v1alpha1/link.go
type LinkLister (line 30) | type LinkLister interface
type linkLister (line 40) | type linkLister struct
method Links (line 50) | func (s *linkLister) Links(namespace string) LinkNamespaceLister {
function NewLinkLister (line 45) | func NewLinkLister(indexer cache.Indexer) LinkLister {
type LinkNamespaceLister (line 56) | type LinkNamespaceLister interface
type linkNamespaceLister (line 68) | type linkNamespaceLister struct
FILE: controller/gen/client/listers/link/v1alpha2/expansion_generated.go
type LinkListerExpansion (line 23) | type LinkListerExpansion interface
type LinkNamespaceListerExpansion (line 27) | type LinkNamespaceListerExpansion interface
FILE: controller/gen/client/listers/link/v1alpha2/link.go
type LinkLister (line 30) | type LinkLister interface
type linkLister (line 40) | type linkLister struct
method Links (line 50) | func (s *linkLister) Links(namespace string) LinkNamespaceLister {
function NewLinkLister (line 45) | func NewLinkLister(indexer cache.Indexer) LinkLister {
type LinkNamespaceLister (line 56) | type LinkNamespaceLister interface
type linkNamespaceLister (line 68) | type linkNamespaceLister struct
FILE: controller/gen/client/listers/link/v1alpha3/expansion_generated.go
type LinkListerExpansion (line 23) | type LinkListerExpansion interface
type LinkNamespaceListerExpansion (line 27) | type LinkNamespaceListerExpansion interface
FILE: controller/gen/client/listers/link/v1alpha3/link.go
type LinkLister (line 30) | type LinkLister interface
type linkLister (line 40) | type linkLister struct
method Links (line 50) | func (s *linkLister) Links(namespace string) LinkNamespaceLister {
function NewLinkLister (line 45) | func NewLinkLister(indexer cache.Indexer) LinkLister {
type LinkNamespaceLister (line 56) | type LinkNamespaceLister interface
type linkNamespaceLister (line 68) | type linkNamespaceLister struct
FILE: controller/gen/client/listers/policy/v1alpha1/authorizationpolicy.go
type AuthorizationPolicyLister (line 30) | type AuthorizationPolicyLister interface
type authorizationPolicyLister (line 40) | type authorizationPolicyLister struct
method AuthorizationPolicies (line 50) | func (s *authorizationPolicyLister) AuthorizationPolicies(namespace st...
function NewAuthorizationPolicyLister (line 45) | func NewAuthorizationPolicyLister(indexer cache.Indexer) AuthorizationPo...
type AuthorizationPolicyNamespaceLister (line 56) | type AuthorizationPolicyNamespaceLister interface
type authorizationPolicyNamespaceLister (line 68) | type authorizationPolicyNamespaceLister struct
FILE: controller/gen/client/listers/policy/v1alpha1/expansion_generated.go
type AuthorizationPolicyListerExpansion (line 23) | type AuthorizationPolicyListerExpansion interface
type AuthorizationPolicyNamespaceListerExpansion (line 27) | type AuthorizationPolicyNamespaceListerExpansion interface
type HTTPRouteListerExpansion (line 31) | type HTTPRouteListerExpansion interface
type HTTPRouteNamespaceListerExpansion (line 35) | type HTTPRouteNamespaceListerExpansion interface
type MeshTLSAuthenticationListerExpansion (line 39) | type MeshTLSAuthenticationListerExpansion interface
type MeshTLSAuthenticationNamespaceListerExpansion (line 43) | type MeshTLSAuthenticationNamespaceListerExpansion interface
type NetworkAuthenticationListerExpansion (line 47) | type NetworkAuthenticationListerExpansion interface
type NetworkAuthenticationNamespaceListerExpansion (line 51) | type NetworkAuthenticationNamespaceListerExpansion interface
FILE: controller/gen/client/listers/policy/v1alpha1/httproute.go
type HTTPRouteLister (line 30) | type HTTPRouteLister interface
type hTTPRouteLister (line 40) | type hTTPRouteLister struct
method HTTPRoutes (line 50) | func (s *hTTPRouteLister) HTTPRoutes(namespace string) HTTPRouteNamesp...
function NewHTTPRouteLister (line 45) | func NewHTTPRouteLister(indexer cache.Indexer) HTTPRouteLister {
type HTTPRouteNamespaceLister (line 56) | type HTTPRouteNamespaceLister interface
type hTTPRouteNamespaceLister (line 68) | type hTTPRouteNamespaceLister struct
FILE: controller/gen/client/listers/policy/v1alpha1/meshtlsauthentication.go
type MeshTLSAuthenticationLister (line 30) | type MeshTLSAuthenticationLister interface
type meshTLSAuthenticationLister (line 40) | type meshTLSAuthenticationLister struct
method MeshTLSAuthentications (line 50) | func (s *meshTLSAuthenticationLister) MeshTLSAuthentications(namespace...
function NewMeshTLSAuthenticationLister (line 45) | func NewMeshTLSAuthenticationLister(indexer cache.Indexer) MeshTLSAuthen...
type MeshTLSAuthenticationNamespaceLister (line 56) | type MeshTLSAuthenticationNamespaceLister interface
type meshTLSAuthenticationNamespaceLister (line 68) | type meshTLSAuthenticationNamespaceLister struct
FILE: controller/gen/client/listers/policy/v1alpha1/networkauthentication.go
type NetworkAuthenticationLister (line 30) | type NetworkAuthenticationLister interface
type networkAuthenticationLister (line 40) | type networkAuthenticationLister struct
method NetworkAuthentications (line 50) | func (s *networkAuthenticationLister) NetworkAuthentications(namespace...
function NewNetworkAuthenticationLister (line 45) | func NewNetworkAuthenticationLister(indexer cache.Indexer) NetworkAuthen...
type NetworkAuthenticationNamespaceLister (line 56) | type NetworkAuthenticationNamespaceLister interface
type networkAuthenticationNamespaceLister (line 68) | type networkAuthenticationNamespaceLister struct
FILE: controller/gen/client/listers/policy/v1beta3/expansion_generated.go
type HTTPRouteListerExpansion (line 23) | type HTTPRouteListerExpansion interface
type HTTPRouteNamespaceListerExpansion (line 27) | type HTTPRouteNamespaceListerExpansion interface
FILE: controller/gen/client/listers/policy/v1beta3/httproute.go
type HTTPRouteLister (line 30) | type HTTPRouteLister interface
type hTTPRouteLister (line 40) | type hTTPRouteLister struct
method HTTPRoutes (line 50) | func (s *hTTPRouteLister) HTTPRoutes(namespace string) HTTPRouteNamesp...
function NewHTTPRouteLister (line 45) | func NewHTTPRouteLister(indexer cache.Indexer) HTTPRouteLister {
type HTTPRouteNamespaceLister (line 56) | type HTTPRouteNamespaceLister interface
type hTTPRouteNamespaceLister (line 68) | type hTTPRouteNamespaceLister struct
FILE: controller/gen/client/listers/server/v1beta1/expansion_generated.go
type ServerListerExpansion (line 23) | type ServerListerExpansion interface
type ServerNamespaceListerExpansion (line 27) | type ServerNamespaceListerExpansion interface
FILE: controller/gen/client/listers/server/v1beta1/server.go
type ServerLister (line 30) | type ServerLister interface
type serverLister (line 40) | type serverLister struct
method Servers (line 50) | func (s *serverLister) Servers(namespace string) ServerNamespaceLister {
function NewServerLister (line 45) | func NewServerLister(indexer cache.Indexer) ServerLister {
type ServerNamespaceLister (line 56) | type ServerNamespaceLister interface
type serverNamespaceLister (line 68) | type serverNamespaceLister struct
FILE: controller/gen/client/listers/server/v1beta2/expansion_generated.go
type ServerListerExpansion (line 23) | type ServerListerExpansion interface
type ServerNamespaceListerExpansion (line 27) | type ServerNamespaceListerExpansion interface
FILE: controller/gen/client/listers/server/v1beta2/server.go
type ServerLister (line 30) | type ServerLister interface
type serverLister (line 40) | type serverLister struct
method Servers (line 50) | func (s *serverLister) Servers(namespace string) ServerNamespaceLister {
function NewServerLister (line 45) | func NewServerLister(indexer cache.Indexer) ServerLister {
type ServerNamespaceLister (line 56) | type ServerNamespaceLister interface
type serverNamespaceLister (line 68) | type serverNamespaceLister struct
FILE: controller/gen/client/listers/server/v1beta3/expansion_generated.go
type ServerListerExpansion (line 23) | type ServerListerExpansion interface
type ServerNamespaceListerExpansion (line 27) | type ServerNamespaceListerExpansion interface
FILE: controller/gen/client/listers/server/v1beta3/server.go
type ServerLister (line 30) | type ServerLister interface
type serverLister (line 40) | type serverLister struct
method Servers (line 50) | func (s *serverLister) Servers(namespace string) ServerNamespaceLister {
function NewServerLister (line 45) | func NewServerLister(indexer cache.Indexer) ServerLister {
type ServerNamespaceLister (line 56) | type ServerNamespaceLister interface
type serverNamespaceLister (line 68) | type serverNamespaceLister struct
FILE: controller/gen/client/listers/serverauthorization/v1beta1/expansion_generated.go
type ServerAuthorizationListerExpansion (line 23) | type ServerAuthorizationListerExpansion interface
type ServerAuthorizationNamespaceListerExpansion (line 27) | type ServerAuthorizationNamespaceListerExpansion interface
FILE: controller/gen/client/listers/serverauthorization/v1beta1/serverauthorization.go
type ServerAuthorizationLister (line 30) | type ServerAuthorizationLister interface
type serverAuthorizationLister (line 40) | type serverAuthorizationLister struct
method ServerAuthorizations (line 50) | func (s *serverAuthorizationLister) ServerAuthorizations(namespace str...
function NewServerAuthorizationLister (line 45) | func NewServerAuthorizationLister(indexer cache.Indexer) ServerAuthoriza...
type ServerAuthorizationNamespaceLister (line 56) | type ServerAuthorizationNamespaceLister interface
type serverAuthorizationNamespaceLister (line 68) | type serverAuthorizationNamespaceLister struct
FILE: controller/gen/client/listers/serviceprofile/v1alpha2/expansion_generated.go
type ServiceProfileListerExpansion (line 23) | type ServiceProfileListerExpansion interface
type ServiceProfileNamespaceListerExpansion (line 27) | type ServiceProfileNamespaceListerExpansion interface
FILE: controller/gen/client/listers/serviceprofile/v1alpha2/serviceprofile.go
type ServiceProfileLister (line 30) | type ServiceProfileLister interface
type serviceProfileLister (line 40) | type serviceProfileLister struct
method ServiceProfiles (line 50) | func (s *serviceProfileLister) ServiceProfiles(namespace string) Servi...
function NewServiceProfileLister (line 45) | func NewServiceProfileLister(indexer cache.Indexer) ServiceProfileLister {
type ServiceProfileNamespaceLister (line 56) | type ServiceProfileNamespaceLister interface
type serviceProfileNamespaceLister (line 68) | type serviceProfileNamespaceLister struct
FILE: controller/gen/common/net/net.pb.go
constant _ (line 18) | _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
constant _ (line 20) | _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
type IPAddress (line 23) | type IPAddress struct
method Reset (line 35) | func (x *IPAddress) Reset() {
method String (line 42) | func (x *IPAddress) String() string {
method ProtoMessage (line 46) | func (*IPAddress) ProtoMessage() {}
method ProtoReflect (line 48) | func (x *IPAddress) ProtoReflect() protoreflect.Message {
method Descriptor (line 61) | func (*IPAddress) Descriptor() ([]byte, []int) {
method GetIp (line 65) | func (m *IPAddress) GetIp() isIPAddress_Ip {
method GetIpv4 (line 72) | func (x *IPAddress) GetIpv4() uint32 {
method GetIpv6 (line 79) | func (x *IPAddress) GetIpv6() *IPv6 {
type isIPAddress_Ip (line 86) | type isIPAddress_Ip interface
type IPAddress_Ipv4 (line 90) | type IPAddress_Ipv4 struct
method isIPAddress_Ip (line 98) | func (*IPAddress_Ipv4) isIPAddress_Ip() {}
type IPAddress_Ipv6 (line 94) | type IPAddress_Ipv6 struct
method isIPAddress_Ip (line 100) | func (*IPAddress_Ipv6) isIPAddress_Ip() {}
type IPv6 (line 102) | type IPv6 struct
method Reset (line 111) | func (x *IPv6) Reset() {
method String (line 118) | func (x *IPv6) String() string {
method ProtoMessage (line 122) | func (*IPv6) ProtoMessage() {}
method ProtoReflect (line 124) | func (x *IPv6) ProtoReflect() protoreflect.Message {
method Descriptor (line 137) | func (*IPv6) Descriptor() ([]byte, []int) {
method GetFirst (line 141) | func (x *IPv6) GetFirst() uint64 {
method GetLast (line 148) | func (x *IPv6) GetLast() uint64 {
type TcpAddress (line 155) | type TcpAddress struct
method Reset (line 164) | func (x *TcpAddress) Reset() {
method String (line 171) | func (x *TcpAddress) String() string {
method ProtoMessage (line 175) | func (*TcpAddress) ProtoMessage() {}
method ProtoReflect (line 177) | func (x *TcpAddress) ProtoReflect() protoreflect.Message {
method Descriptor (line 190) | func (*TcpAddress) Descriptor() ([]byte, []int) {
method GetIp (line 194) | func (x *TcpAddress) GetIp() *IPAddress {
method GetPort (line 201) | func (x *TcpAddress) GetPort() uint32 {
function file_common_net_proto_rawDescGZIP (line 239) | func file_common_net_proto_rawDescGZIP() []byte {
function init (line 262) | func init() { file_common_net_proto_init() }
function file_common_net_proto_init (line 263) | func file_common_net_proto_init() {
FILE: controller/heartbeat/heartbeat.go
type containerMeta (line 23) | type containerMeta struct
function K8sValues (line 29) | func K8sValues(ctx context.Context, kubeAPI *k8s.KubernetesAPI, controlP...
function PromValues (line 81) | func PromValues(promAPI promv1.API, controlPlaneNamespace string) url.Va...
function getLabelSet (line 171) | func getLabelSet(container containerMeta, containerKey model.LabelName) ...
function promQuery (line 182) | func promQuery(promAPI promv1.API, query string, precision int) (string,...
function MergeValues (line 209) | func MergeValues(v1, v2 url.Values) url.Values {
function Send (line 221) | func Send(v url.Values) error {
function send (line 225) | func send(client *http.Client, baseURL string, v url.Values) error {
FILE: controller/heartbeat/heartbeat_test.go
function TestK8sValues (line 17) | func TestK8sValues(t *testing.T) {
function TestPromValues (line 100) | func TestPromValues(t *testing.T) {
function TestMergeValues (line 146) | func TestMergeValues(t *testing.T) {
function TestSend (line 184) | func TestSend(t *testing.T) {
FILE: controller/identity/domain.go
type TrustDomain (line 10) | type TrustDomain struct
method Identity (line 27) | func (d *TrustDomain) Identity(typ, nm, ns string) (string, error) {
function NewTrustDomain (line 15) | func NewTrustDomain(controlNS, domain string) (*TrustDomain, error) {
FILE: controller/identity/validator.go
constant LinkerdAudienceKey (line 22) | LinkerdAudienceKey = "identity.l5d.io"
type K8sTokenValidator (line 26) | type K8sTokenValidator struct
method Validate (line 51) | func (k *K8sTokenValidator) Validate(ctx context.Context, tok []byte) ...
function NewK8sTokenValidator (line 37) | func NewK8sTokenValidator(
function checkAccess (line 94) | func checkAccess(ctx context.Context, authz kauthz.AuthorizationV1Interf...
FILE: controller/k8s/api.go
type API (line 42) | type API struct
method Sync (line 359) | func (api *API) Sync(stopCh <-chan struct{}) {
method UnregisterGauges (line 372) | func (api *API) UnregisterGauges() {
method NS (line 377) | func (api *API) NS() coreinformers.NamespaceInformer {
method Deploy (line 385) | func (api *API) Deploy() appv1informers.DeploymentInformer {
method DS (line 393) | func (api *API) DS() appv1informers.DaemonSetInformer {
method SS (line 401) | func (api *API) SS() appv1informers.StatefulSetInformer {
method RS (line 409) | func (api *API) RS() appv1informers.ReplicaSetInformer {
method Pod (line 417) | func (api *API) Pod() coreinformers.PodInformer {
method RC (line 426) | func (api *API) RC() coreinformers.ReplicationControllerInformer {
method Svc (line 434) | func (api *API) Svc() coreinformers.ServiceInformer {
method Endpoint (line 442) | func (api *API) Endpoint() coreinformers.EndpointsInformer {
method ES (line 450) | func (api *API) ES() discoveryinformers.EndpointSliceInformer {
method ExtWorkload (line 459) | func (api *API) ExtWorkload() ewinformers.ExternalWorkloadInformer {
method CM (line 467) | func (api *API) CM() coreinformers.ConfigMapInformer {
method SP (line 475) | func (api *API) SP() spinformers.ServiceProfileInformer {
method Srv (line 483) | func (api *API) Srv() srvinformers.ServerInformer {
method MWC (line 491) | func (api *API) MWC() arinformers.MutatingWebhookConfigurationInformer {
method Job (line 499) | func (api *API) Job() batchv1informers.JobInformer {
method Link (line 506) | func (api *API) Link() linkinformers.LinkInformer {
method SPAvailable (line 515) | func (api *API) SPAvailable() bool {
method Node (line 520) | func (api *API) Node() coreinformers.NodeInformer {
method Secret (line 528) | func (api *API) Secret() coreinformers.SecretInformer {
method CJ (line 536) | func (api *API) CJ() batchv1informers.CronJobInformer {
method Ge
Copy disabled (too large)
Download .json
Condensed preview — 1442 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (16,798K chars).
[
{
"path": ".devcontainer/README.md",
"chars": 1239,
"preview": "# devcontainer\n\nThis directory provides a _devcontainer_ configuration that configures a\nreproducible development enviro"
},
{
"path": ".devcontainer/devcontainer.json",
"chars": 1472,
"preview": "{\n \"name\": \"linkerd2\",\n \"image\": \"ghcr.io/linkerd/dev:v48\",\n // \"dockerFile\": \"./Dockerfile\",\n // \"context\":"
},
{
"path": ".dockerignore",
"chars": 262,
"preview": ".git\n.github\n**/.idea\n**/cmake-*\n**/CMakeLists.txt\n*.iml\n**/node_modules\nbin\n!bin/action-dev-check\n!bin/fetch-proxy\n!bin"
},
{
"path": ".editorconfig",
"chars": 594,
"preview": "# top-most EditorConfig file\nroot = true\n\n[*]\nend_of_line = lf\ninsert_final_newline = true\ntrim_trailing_whitespace = tr"
},
{
"path": ".gitattributes",
"chars": 319,
"preview": "# Expand these files in PRs:\ngo.sum linguist-generated=false\n**/Cargo.lock linguist-generated=false\n# Collapse these fil"
},
{
"path": ".github/CODEOWNERS",
"chars": 92,
"preview": "# By default, the maintainers group is responsible for everything.\n* @linkerd/maintainers\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.yml",
"chars": 1984,
"preview": "name: \"🐛 Bug Report\"\ndescription: If you've found a reproducible bug\nlabels: [\"bug\"]\nbody:\n - type: markdown\n attrib"
},
{
"path": ".github/ISSUE_TEMPLATE/config.yml",
"chars": 209,
"preview": "blank_issues_enabled: false\ncontact_links:\n- name: 🙋🏾 Question\n url: https://github.com/linkerd/linkerd2/discussions/ne"
},
{
"path": ".github/ISSUE_TEMPLATE/feature_request.yml",
"chars": 1454,
"preview": "name: \"💡 Feature Request\"\ndescription: If you have a suggestion for how to improve Linkerd\nlabels: [\"enhancement\"]\nbody:"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 1319,
"preview": "<!-- Thanks for sending a pull request!\n\nIf you already have a well-structured git commit message, chances are GitHub\ns"
},
{
"path": ".github/actions/cli-setup/action.yaml",
"chars": 628,
"preview": "\nname: CLI Setup\ndescription: Fetches the Linkerd CLI from an artifact and installs it into the target.\n\ninputs:\n artif"
},
{
"path": ".github/actions/docker-build/action.yml",
"chars": 1928,
"preview": "name: Docker Build\ndescription: Builds linkerd's docker images\n\ninputs:\n docker-registry:\n description: The docker r"
},
{
"path": ".github/actions/helm-publish/action.yml",
"chars": 617,
"preview": "name: Helm publish\ndescription: Helm chart creation and uploading\nruns:\n using: composite\n steps:\n - name: Set up Clo"
},
{
"path": ".github/dco.yml",
"chars": 26,
"preview": "require:\n members: false\n"
},
{
"path": ".github/dependabot.yml",
"chars": 3624,
"preview": "# Dependabot are scheduled to avoid contention with normal workday CI usage. We\n# start running updates at 3AM UTC (7PM "
},
{
"path": ".github/stale.yml",
"chars": 827,
"preview": "# Number of days of inactivity before an issue becomes stale\ndaysUntilStale: 90\n# Number of days of inactivity before a "
},
{
"path": ".github/workflows/actions.yml",
"chars": 678,
"preview": "name: Actions\n\non:\n pull_request:\n paths:\n - .devcontainer/devcontainer.json\n - .github/workflows/**\n\nperm"
},
{
"path": ".github/workflows/cli-build.yml",
"chars": 1327,
"preview": "on:\n workflow_call:\n inputs:\n version:\n type: string\n required: true\n target:\n type: "
},
{
"path": ".github/workflows/codecov.yml",
"chars": 2188,
"preview": "name: Coverage\n\n# Run weekly on Sunday at midnight (UTC).\non:\n schedule:\n - cron: \"0 0 * * 0\"\n\npermissions:\n conten"
},
{
"path": ".github/workflows/codeql.yml",
"chars": 1245,
"preview": "# See https://github.com/github/codeql-action/tree/v1 for more information.\n\nname: CodeQL\n\non:\n push:\n branches: [ma"
},
{
"path": ".github/workflows/devcontainer.yml",
"chars": 1453,
"preview": "name: Devcontainer\n\n# When a pull request is opened that changes the Devcontainer configuration,\n# ensure that the conta"
},
{
"path": ".github/workflows/go.yml",
"chars": 3266,
"preview": "name: Go\non: pull_request\n\npermissions:\n contents: read\n\njobs:\n meta:\n runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu"
},
{
"path": ".github/workflows/integration.yml",
"chars": 16226,
"preview": "name: Integration tests\n\non: pull_request\n\npermissions:\n contents: read\n\nenv:\n CARGO_INCREMENTAL: 0\n CARGO_NET_RETRY:"
},
{
"path": ".github/workflows/js.yml",
"chars": 781,
"preview": "name: JS\n\non:\n pull_request:\n paths:\n - .github/workflows/js.yml\n - bin/web*\n - web/app/**\n\npermissio"
},
{
"path": ".github/workflows/lock.yml",
"chars": 338,
"preview": "name: \"Lock Threads\"\n\non:\n schedule:\n - cron: \"0 1 * * *\"\n\npermissions:\n issues: write\n\njobs:\n action:\n runs-on"
},
{
"path": ".github/workflows/markdown.yml",
"chars": 522,
"preview": "name: markdown\n\npermissions:\n contents: read\n\non:\n pull_request:\n paths:\n - .github/workflows/markdown.yml\n "
},
{
"path": ".github/workflows/proto.yml",
"chars": 601,
"preview": "name: Proto\n\non:\n pull_request:\n paths:\n - .github/workflows/proto.yml\n - bin/protoc*\n - \"**/*.proto\""
},
{
"path": ".github/workflows/release.yml",
"chars": 6723,
"preview": "name: Release\n\non:\n push:\n tags:\n - \"edge-*\"\n\npermissions:\n contents: read\n\nenv:\n GH_ANNOTATION: true\n DOCKE"
},
{
"path": ".github/workflows/rerun.yml",
"chars": 763,
"preview": "# This can be invoked from any other workflow to re-run itself on failure.\n# From https://github.com/orgs/community/disc"
},
{
"path": ".github/workflows/rust.yml",
"chars": 3294,
"preview": "name: Rust\n\non:\n pull_request:\n paths:\n - .github/workflows/rust.yml\n - Cargo.lock\n - \"**/Cargo.toml\""
},
{
"path": ".github/workflows/shell.yml",
"chars": 496,
"preview": "name: Shell\n\non:\n pull_request:\n paths:\n - .github/workflows/shell.yml\n - \"**/*.sh\"\n\npermissions:\n conten"
},
{
"path": ".github/workflows/sync-proxy.yml",
"chars": 4579,
"preview": "name: Sync proxy\n\non:\n workflow_dispatch:\n inputs:\n version:\n description: \"The version of the proxy to "
},
{
"path": ".gitignore",
"chars": 262,
"preview": "**/disco\ntarget\ntmp.discovery\n**/.idea\n**/cmake-*\n**/CMakeLists.txt\n*.iml\n**/node_modules\nweb/web\nweb/app/dist\nweb/app/j"
},
{
"path": ".golangci.yml",
"chars": 5134,
"preview": "# This file specifies which linters golangci-lint should run.\n#\n# For descriptions of all available linters, run:\n# ./.g"
},
{
"path": ".helmdocsignore",
"chars": 35,
"preview": "# Add potential chart ignores here\n"
},
{
"path": ".markdownlint.yaml",
"chars": 97,
"preview": "default: true\nline_length: \n code_blocks: false\n tables: false\nheadings:\n siblings_only: true\n"
},
{
"path": ".proxy-version",
"chars": 9,
"preview": "v2.344.0\n"
},
{
"path": "ADOPTERS.md",
"chars": 4180,
"preview": "# Linkerd 2.x adopters\n\n- [Ada](http://www.ada.cx)\n- [Adidas](https://www.adidas-group.com)\n- [Advance Latam](http://www"
},
{
"path": "AMBASSADORS.md",
"chars": 873,
"preview": "# Linkerd Ambassadors\n\nThe Linkerd Ambassador badge is a distinction awarded to those community\nmembers who are experts "
},
{
"path": "BUILD.md",
"chars": 16704,
"preview": "<!-- markdownlint-disable-file code-block-style -->\n# Linkerd2 Development Guide\n\n:balloon: Welcome to the Linkerd2 deve"
},
{
"path": "CHANGES.md",
"chars": 389645,
"preview": "<!-- markdownlint-disable-file MD059 -->\n# Changes\n\nPlease visit Linkerd's [Release page][gh-releases] for for the lates"
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 2198,
"preview": "# Linkerd Community Code of Conduct\n\nAs a CNCF project, we follow the [CNCF Contributor Code of\nConduct](https://github."
},
{
"path": "CONTRIBUTING.md",
"chars": 4569,
"preview": "# Contributing to Linkerd2 #\n\n:balloon: Thanks for your help improving the project!\n\n## Getting Help ##\n\nIf you have a q"
},
{
"path": "Cargo.toml",
"chars": 1582,
"preview": "[workspace]\nresolver = \"2\"\nmembers = [\n \"policy-controller\",\n \"policy-controller/core\",\n \"policy-controller/grp"
},
{
"path": "DCO",
"chars": 1421,
"preview": "Developer Certificate of Origin\nVersion 1.1\n\nCopyright (C) 2004, 2006 The Linux Foundation and its contributors.\n1 Lette"
},
{
"path": "Dockerfile-debug",
"chars": 484,
"preview": "FROM debian:bookworm-slim\nRUN apt-get update && apt-get install -y --no-install-recommends \\\n curl \\\n dnsutils \\\n "
},
{
"path": "Dockerfile.controller",
"chars": 2319,
"preview": "# Precompile key slow-to-build dependencies\nFROM --platform=$BUILDPLATFORM golang:1.25-alpine AS go-deps\nWORKDIR /linker"
},
{
"path": "Dockerfile.proxy",
"chars": 4106,
"preview": "ARG BUILDPLATFORM=linux/amd64\nARG RUNTIME_IMAGE=\"cr.l5d.io/linkerd/proxy-runtime:latest\"\nARG TARGETARCH\n\n# Precompile ke"
},
{
"path": "EXTENSIONS.md",
"chars": 5287,
"preview": "# Linkerd Extensions\n\nLinkerd has an extension model which allows 3rd parties to add functionality.\nEach extension consi"
},
{
"path": "GOVERNANCE.md",
"chars": 3327,
"preview": "# Linkerd Governance\n\nThis document defines project governance for Linkerd.\n\n> The Linkerd maintainers are 100% committe"
},
{
"path": "LICENSE",
"chars": 11357,
"preview": " Apache License\n Version 2.0, January 2004\n "
},
{
"path": "MAINTAINERS.md",
"chars": 1336,
"preview": "# Maintainers\n\nThe Linkerd maintainers are:\n\n* Alex Leong <alex@buoyant.io> @adleong\n* Alejandro Pedraza <alejandro@buoy"
},
{
"path": "README.md",
"chars": 4968,
"preview": "# Linkerd\n\n![Linkerd][logo]\n\n[](h"
},
{
"path": "RELEASE.md",
"chars": 2445,
"preview": "# Linkerd2 Release\n\nThis document contains instructions for releasing Linkerd2.\n\n## 1. Bump the proxy version\n\nDetermine"
},
{
"path": "SECURITY.md",
"chars": 2530,
"preview": "# Linkerd Security Policy\n\nSecurity is critical to Linkerd and we take it very seriously. Not only must\nLinkerd be secur"
},
{
"path": "STEERING.md",
"chars": 1960,
"preview": "# Linkerd Steering Committee Charter\n\nThe goal of the Linkerd Steering Committee is to ensure that Linkerd meets the\nnee"
},
{
"path": "TEST.md",
"chars": 9022,
"preview": "# Linkerd2 Test Guide\n\nThis document covers how to run all of the tests that are present in the\nLinkerd2 repo. Most of t"
},
{
"path": "bin/_docker.sh",
"chars": 3306,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\ndocker buildx &> /dev/null || { echo 'Please install docker buildx before proceeding'; exi"
},
{
"path": "bin/_log.sh",
"chars": 329,
"preview": "#!/usr/bin/env sh\nset -eu\n\n# build debug logging is disabled by default; enable with BUILD_DEBUG=1\n# shell trace logging"
},
{
"path": "bin/_os.sh",
"chars": 767,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\nexport OS_ARCH_ALL='linux-amd64 linux-arm64 darwin darwin-arm64 windows'\n\narchitecture() {\n "
},
{
"path": "bin/_tag.sh",
"chars": 739,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\ngit_sha_head() {\n git rev-parse --short=8 HEAD\n}\n\nclean_head() {\n [ \"${CI_FORCE_CLEA"
},
{
"path": "bin/_test-helpers.sh",
"chars": 13830,
"preview": "#!/usr/bin/env bash\n\n# Override CI's `set -e` default, so we can catch errors manually and display\n# proper messages\nset"
},
{
"path": "bin/build-cli-bin",
"chars": 710,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\n# Builds CLI binary for current platform. Suitable for local development.\n# Note: This scrip"
},
{
"path": "bin/certs-openssl",
"chars": 1019,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\n# Creates the root and issuer (intermediary) self-signed certificates for the control plane "
},
{
"path": "bin/compute-edge-version",
"chars": 1330,
"preview": "#!/usr/bin/env bash\n\n# This script bumps the patch version of all charts\n\nset -euo pipefail\nshopt -s globstar\n\nbindir=$("
},
{
"path": "bin/docker",
"chars": 641,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\ndockerversion=19.03.1\n\nbindir=$( cd \"${0%/*}\" && pwd )\ntargetbin=$( cd \"$bindir\"/.. && pwd )"
},
{
"path": "bin/docker-build",
"chars": 340,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\nif [ $# -ne 0 ]; then\n echo \"no arguments allowed for ${0##*/}, given: $*\" >&2\n exit 6"
},
{
"path": "bin/docker-build-cli-bin",
"chars": 978,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nif [ $# -ne 0 ]; then\n echo \"no arguments allowed for ${0##*/}, given: $*\" >&2\n exit"
},
{
"path": "bin/docker-build-controller",
"chars": 452,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nif [ $# -ne 0 ]; then\n echo \"no arguments allowed for ${0##*/}, given: $*\" >&2\n exit"
},
{
"path": "bin/docker-build-debug",
"chars": 411,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nif [ $# -ne 0 ]; then\n echo \"no arguments allowed for ${0##*/}, given: $*\" >&2\n exit"
},
{
"path": "bin/docker-build-metrics-api",
"chars": 427,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nif [ $# -ne 0 ]; then\n echo \"no arguments allowed for ${0##*/}, given: $*\" >&2\n exit"
},
{
"path": "bin/docker-build-proxy",
"chars": 1640,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\napko_version=v0.30.13\n\nif [ $# -ne 0 ]; then\n echo \"no arguments allowed for ${0##*/}, "
},
{
"path": "bin/docker-build-tap",
"chars": 410,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nif [ $# -ne 0 ]; then\n echo \"no arguments allowed for ${0##*/}, given: $*\" >&2\n exit"
},
{
"path": "bin/docker-build-web",
"chars": 461,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nif [ $# -ne 0 ]; then\n echo \"no arguments allowed for ${0##*/}, given: $*\" >&2\n exit"
},
{
"path": "bin/docker-pull",
"chars": 296,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nif [ $# -eq 1 ]; then\n tag=${1:-}\nelse\n echo \"usage: ${0##*/} tag\" >&2\n exit 64\nf"
},
{
"path": "bin/docker-push",
"chars": 296,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nif [ $# -eq 1 ]; then\n tag=${1:-}\nelse\n echo \"usage: ${0##*/} tag\" >&2\n exit 64\nf"
},
{
"path": "bin/docker-retag-all",
"chars": 310,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nif [ $# -ne 2 ]; then\n echo \"usage: ${0##*/} from-tag to-tag\" >&2\n exit 64\nfi\nfrom=$"
},
{
"path": "bin/docker-test-proxy",
"chars": 342,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nexport RUST_LOG=${RUST_LOG:-}\n\nbindir=$( cd \"${BASH_SOURCE[0]%/*}\" && pwd )\nrootdir=$( cd "
},
{
"path": "bin/fetch-proxy",
"chars": 2646,
"preview": "#!/usr/bin/env sh\n\n# If the first argument to this script is \"latest\" or unset, it fetches the\n# latest proxy binary fro"
},
{
"path": "bin/fmt",
"chars": 617,
"preview": "#!/usr/bin/env bash\n\nset -u\n\nwhile IFS= read -r line; do dirs+=(\"$line\"); done <<< \"$(go list -f \\{\\{.Dir\\}\\} ./...)\"\n\n#"
},
{
"path": "bin/go-mod-tree",
"chars": 1785,
"preview": "#!/usr/bin/env bash\n\n# Print all (transitive) dependencies of the specified go package.\n\nset -euo pipefail\n\nif [ $# -gt "
},
{
"path": "bin/go-mod-versions",
"chars": 447,
"preview": "#!/usr/bin/env bash\n\n# Print all versions of the specified go package.\n\nset -euo pipefail\n\nif [ $# -ne 1 ]; then\n ech"
},
{
"path": "bin/go-mod-why",
"chars": 1387,
"preview": "#!/usr/bin/env bash\n\n# Print all (transitive) dependenents of the specified go package.\n\nset -euo pipefail\n\nif [ $# -ne "
},
{
"path": "bin/go-run",
"chars": 405,
"preview": "#!/usr/bin/env sh\n\nset -eu\ncd \"$(pwd -P)\"\n\nbindir=$( cd \"${0%/*}\" && pwd )\n\nif [ $# -eq 0 ]; then\n echo \"Usage: bin/${0"
},
{
"path": "bin/goimports",
"chars": 476,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\ncd \"$(pwd -P)\"\n\nbindir=$( cd \"${0%/*}\" && pwd )\nrootdir=$( cd \"$bindir/..\" && pwd )\ntargetbi"
},
{
"path": "bin/helm",
"chars": 914,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\nif command -v helm >/dev/null ; then\n exec helm \"$@\"\nfi\n\nhelmversion=v3.18.4\nbindir=$( cd"
},
{
"path": "bin/helm-build",
"chars": 3221,
"preview": "#!/usr/bin/env bash\n\nset -e\n\nsetValues() {\n sed -i \"s/$1/$2/\" charts/linkerd-control-plane/values.yaml\n sed -i \"s/"
},
{
"path": "bin/image-load",
"chars": 3490,
"preview": "#!/usr/bin/env bash\n\nset -eo pipefail\n\nkind=''\nk3d=''\ncluster=''\narchive=''\npreload=''\nimages=()\n\nbindir=$( cd \"${BASH_S"
},
{
"path": "bin/install-deps",
"chars": 2860,
"preview": "#!/usr/bin/env sh\n\n# This script is used in the multiple Dockerfiles for caching\n# some of the slow-to-build go dependen"
},
{
"path": "bin/k3d",
"chars": 573,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\nK3D_VERSION=v5.8.3\n\nbindir=$( cd \"${0%/*}\" && pwd )\n\n# shellcheck source=_os.sh\n. \"$bindir\"/"
},
{
"path": "bin/kind",
"chars": 629,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\nkindversion=v0.11.1\n\nbindir=$( cd \"${0%/*}\" && pwd )\ntargetbin=$( cd \"$bindir\"/.. && pwd )/t"
},
{
"path": "bin/kubectl",
"chars": 734,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\nkubectlversion=v1.15.3\n\nbindir=$( cd \"${0%/*}\" && pwd )\ntargetbin=$( cd \"$bindir\"/.. && pwd "
},
{
"path": "bin/linkerd",
"chars": 357,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\nbindir=$( cd \"${0%/*}\" && pwd )\nrootdir=$( cd \"$bindir\"/.. && pwd )\n# shellcheck source=_os."
},
{
"path": "bin/minikube-start-hyperv.bat",
"chars": 417,
"preview": "REM Starts minikube on Windows 10 using Hyper-V.\nREM\nREM Windows 10 version 1709 (Creator's Update) or later is required"
},
{
"path": "bin/protoc-go.sh",
"chars": 987,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\nrm -rf controller/gen/common controller/gen/config viz/metrics-api/gen viz/tap/gen\nmkdir -p "
},
{
"path": "bin/root-tag",
"chars": 117,
"preview": "#!/usr/bin/env bash\n\nbindir=$( cd \"${0%/*}\" && pwd )\n\n# shellcheck source=_tag.sh\n. \"$bindir\"/_tag.sh\n\nhead_root_tag\n"
},
{
"path": "bin/rust-toolchain-version",
"chars": 706,
"preview": "#! /usr/bin/env bash\n# Extracts the current Rust version from the toolchain file.\n\nbindir=$( cd \"${BASH_SOURCE[0]%/*}\" &"
},
{
"path": "bin/scurl",
"chars": 67,
"preview": "#!/usr/bin/env sh\n\nexec curl --proto '=https' --tlsv1.2 -sSfL \"$@\"\n"
},
{
"path": "bin/shellcheck",
"chars": 782,
"preview": "#!/usr/bin/env sh\n\nset -eu\n\nif command -v shellcheck >/dev/null ; then\n exec shellcheck \"$@\"\nfi\n\nscversion=v0.8.0\n\nbi"
},
{
"path": "bin/shellcheck-all",
"chars": 859,
"preview": "#!/usr/bin/env bash\n\nset -eu\n\nbindir=$( cd \"${0%/*}\" && pwd )\nrootdir=$( cd \"$bindir\"/.. && pwd )\n\nscripts() {\n find "
},
{
"path": "bin/test-cleanup",
"chars": 1847,
"preview": "#!/usr/bin/env bash\n\nset -eu -o pipefail\n\nbindir=$( cd \"${BASH_SOURCE[0]%/*}\" && pwd )\n\n# shellcheck source=_test-helper"
},
{
"path": "bin/test-clouds",
"chars": 2029,
"preview": "#!/usr/bin/env bash\n\n#\n# Run integration tests on 4 cloud providers:\n# - Amazon (EKS)\n# - DigitalOcean (DO)\n# - Google ("
},
{
"path": "bin/test-clouds-cleanup",
"chars": 682,
"preview": "#!/usr/bin/env bash\n\n#\n# Cleans up integration tests from 4 cloud providers:\n# - Amazon (EKS)\n# - DigitalOcean (DO)\n# - "
},
{
"path": "bin/test-scale",
"chars": 4765,
"preview": "#!/usr/bin/env bash\n\n# This test script deploys the following:\n# - 1 Linkerd control-plane\n# - 5 NAMESPACES x 5 REPLICAS"
},
{
"path": "bin/tests",
"chars": 641,
"preview": "#!/usr/bin/env bash\n\nbindir=$( cd \"${BASH_SOURCE[0]%/*}\" && pwd )\n\n# shellcheck source=_test-helpers.sh\n. \"$bindir\"/_tes"
},
{
"path": "bin/update-codegen.sh",
"chars": 2500,
"preview": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nSCRIPT_DIR=$(dirname \"${BASH_SOURCE[0]}\")\nSCRIPT_ROO"
},
{
"path": "bin/web",
"chars": 2725,
"preview": "#!/usr/bin/env bash\n\nset -o errexit -o nounset -o pipefail\n\nROOT=$( cd \"${BASH_SOURCE[0]%/*}\"/.. && pwd )\n\nDEV_PORT=8080"
},
{
"path": "charts/artifacthub-repo-edge.yml",
"chars": 340,
"preview": "repositoryID: 3f724e34-9d3c-459e-99ba-aa8f09620ff4\nowners:\n - name: olix0r\n email: ver@buoyant.io\n - name: alpeb\n "
},
{
"path": "charts/artifacthub-repo-stable.yml",
"chars": 340,
"preview": "repositoryID: d6ca06cd-6db1-4931-bdc6-c1d5d5d52624\nowners:\n - name: olix0r\n email: ver@buoyant.io\n - name: alpeb\n "
},
{
"path": "charts/linkerd-control-plane/.helmignore",
"chars": 340,
"preview": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation"
},
{
"path": "charts/linkerd-control-plane/Chart.yaml",
"chars": 775,
"preview": "apiVersion: \"v2\"\n# this version will be updated by the CI before publishing the Helm tarball\nappVersion: edge-XX.X.X\ndes"
},
{
"path": "charts/linkerd-control-plane/README.md.gotmpl",
"chars": 4935,
"preview": "{{ template \"chart.header\" . }}\n{{ template \"chart.description\" . }}\n\n{{ template \"chart.versionBadge\" . }}\n{{ template "
},
{
"path": "charts/linkerd-control-plane/templates/NOTES.txt",
"chars": 562,
"preview": "The Linkerd control plane was successfully installed 🎉\n\nTo help you manage your Linkerd service mesh you can install the"
},
{
"path": "charts/linkerd-control-plane/templates/config-rbac.yaml",
"chars": 1064,
"preview": "---\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n labels:\n linkerd.io/control-plane-ns: {{.Release."
},
{
"path": "charts/linkerd-control-plane/templates/config.yaml",
"chars": 1392,
"preview": "---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: linkerd-config\n namespace: {{ .Release.Namespace }}\n labels:\n "
},
{
"path": "charts/linkerd-control-plane/templates/destination-rbac.yaml",
"chars": 10787,
"preview": "---\n###\n### Destination Controller Service\n###\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n na"
},
{
"path": "charts/linkerd-control-plane/templates/destination.yaml",
"chars": 17711,
"preview": "---\n###\n### Destination Controller Service\n###\nkind: Service\napiVersion: v1\nmetadata:\n name: linkerd-dst\n namespace: {"
},
{
"path": "charts/linkerd-control-plane/templates/heartbeat-rbac.yaml",
"chars": 2138,
"preview": "{{ if not .Values.disableHeartBeat -}}\n---\n###\n### Heartbeat RBAC\n###\napiVersion: rbac.authorization.k8s.io/v1\nkind: Rol"
},
{
"path": "charts/linkerd-control-plane/templates/heartbeat.yaml",
"chars": 3961,
"preview": "{{ if not .Values.disableHeartBeat -}}\n---\n###\n### Heartbeat\n###\napiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: li"
},
{
"path": "charts/linkerd-control-plane/templates/identity-rbac.yaml",
"chars": 1544,
"preview": "---\n###\n### Identity Controller Service RBAC\n###\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n "
},
{
"path": "charts/linkerd-control-plane/templates/identity.yaml",
"chars": 11329,
"preview": "{{if .Values.identity -}}\n---\n###\n### Identity Controller Service\n###\n{{ if and (.Values.identity.issuer) (eq .Values.id"
},
{
"path": "charts/linkerd-control-plane/templates/namespace.yaml",
"chars": 552,
"preview": "{{- if eq .Release.Service \"CLI\" -}}\n---\n###\n### Linkerd Namespace\n###\nkind: Namespace\napiVersion: v1\nmetadata:\n name: "
},
{
"path": "charts/linkerd-control-plane/templates/podmonitor.yaml",
"chars": 4825,
"preview": "{{- $podMonitor := .Values.podMonitor -}}\n{{- if and $podMonitor.enabled $podMonitor.controller.enabled }}\n---\n###\n### P"
},
{
"path": "charts/linkerd-control-plane/templates/proxy-injector-rbac.yaml",
"chars": 4484,
"preview": "---\n###\n### Proxy Injector RBAC\n###\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: linkerd"
},
{
"path": "charts/linkerd-control-plane/templates/proxy-injector.yaml",
"chars": 9494,
"preview": "---\n###\n### Proxy Injector\n###\n{{- $tree := deepCopy . }}\n{{ $_ := set $tree.Values.proxy \"workloadKind\" \"deployment\" -}"
},
{
"path": "charts/linkerd-control-plane/templates/psp.yaml",
"chars": 2802,
"preview": "{{ if .Values.enablePSP -}}\n---\n###\n### Control Plane PSP\n###\napiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadat"
},
{
"path": "charts/linkerd-control-plane/values-ha.yaml",
"chars": 1467,
"preview": "# This values.yaml file contains the values needed to enable HA mode.\n# Usage:\n# helm install -f values-ha.yaml\n\n# -- "
},
{
"path": "charts/linkerd-control-plane/values.yaml",
"chars": 29568,
"preview": "# Default values for linkerd.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\n# "
},
{
"path": "charts/linkerd-crds/.helmignore",
"chars": 340,
"preview": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation"
},
{
"path": "charts/linkerd-crds/Chart.yaml",
"chars": 666,
"preview": "apiVersion: \"v2\"\ndescription: |\n Linkerd gives you observability, reliability, and security\n for your microservices — "
},
{
"path": "charts/linkerd-crds/README.md.gotmpl",
"chars": 1846,
"preview": "{{ template \"chart.header\" . }}\n{{ template \"chart.description\" . }}\n\n{{ template \"chart.versionBadge\" . }}\n{{ template "
},
{
"path": "charts/linkerd-crds/templates/NOTES.txt",
"chars": 264,
"preview": "The linkerd-crds chart was successfully installed 🎉\n\nTo complete the linkerd core installation, please now proceed to in"
},
{
"path": "charts/linkerd-crds/templates/gateway.networking.k8s.io_grpcroutes.yaml",
"chars": 249171,
"preview": "{{- if (ternary .Values.enableHttpRoutes .Values.installGatewayAPI (hasKey .Values \"enableHttpRoutes\")) }}\n---\napiVersio"
},
{
"path": "charts/linkerd-crds/templates/gateway.networking.k8s.io_httproutes.yaml",
"chars": 359302,
"preview": "{{- if (ternary .Values.enableHttpRoutes .Values.installGatewayAPI (hasKey .Values \"enableHttpRoutes\")) }}\n---\napiVersio"
},
{
"path": "charts/linkerd-crds/templates/gateway.networking.k8s.io_tcproutes.yaml",
"chars": 42162,
"preview": "{{- if (ternary .Values.enableTcpRoutes .Values.installGatewayAPI (hasKey .Values \"enableTcpRoutes\")) }}\n---\napiVersion:"
},
{
"path": "charts/linkerd-crds/templates/gateway.networking.k8s.io_tlsroutes.yaml",
"chars": 45977,
"preview": "{{- if (ternary .Values.enableTlsRoutes .Values.installGatewayAPI (hasKey .Values \"enableTlsRoutes\")) }}\n---\napiVersion:"
},
{
"path": "charts/linkerd-crds/templates/policy/authorization-policy.yaml",
"chars": 4039,
"preview": "---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: authorizationpolicies.policy.li"
},
{
"path": "charts/linkerd-crds/templates/policy/egress-network.yaml",
"chars": 4648,
"preview": "---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: egressnetworks.policy.linkerd.i"
},
{
"path": "charts/linkerd-crds/templates/policy/http-local-ratelimit-policy.yaml",
"chars": 9121,
"preview": "---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: httplocalratelimitpolicies.poli"
},
{
"path": "charts/linkerd-crds/templates/policy/httproute.yaml",
"chars": 352265,
"preview": "---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: httproutes.policy.linkerd.io\n "
},
{
"path": "charts/linkerd-crds/templates/policy/meshtls-authentication.yaml",
"chars": 3433,
"preview": "---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: meshtlsauthentications.policy.l"
},
{
"path": "charts/linkerd-crds/templates/policy/network-authentication.yaml",
"chars": 1822,
"preview": "---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: networkauthentications.policy.l"
},
{
"path": "charts/linkerd-crds/templates/policy/server-authorization.yaml",
"chars": 11625,
"preview": "---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: serverauthorizations.policy.lin"
},
{
"path": "charts/linkerd-crds/templates/policy/server.yaml",
"chars": 11566,
"preview": "---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: servers.policy.linkerd.io\n ann"
},
{
"path": "charts/linkerd-crds/templates/serviceprofile.yaml",
"chars": 10477,
"preview": "---\n###\n### Service Profile CRD\n###\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name:"
},
{
"path": "charts/linkerd-crds/templates/workload/external-workload.yaml",
"chars": 11897,
"preview": "---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: externalworkloads.workload.link"
},
{
"path": "charts/linkerd-crds/values.yaml",
"chars": 673,
"preview": "# -- Controls if Linkerd should install the Gateway API CRDs. This value acts\n# as a default and can be overridden by th"
},
{
"path": "charts/linkerd2-cni/.helmignore",
"chars": 340,
"preview": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation"
},
{
"path": "charts/linkerd2-cni/Chart.yaml",
"chars": 586,
"preview": "apiVersion: v1\nappVersion: edge-XX.X.X\ndescription: |\n Linkerd is a *service mesh*, designed to give platform-wide obse"
},
{
"path": "charts/linkerd2-cni/README.md.gotmpl",
"chars": 353,
"preview": "{{ template \"chart.header\" . }}\n{{ template \"chart.description\" . }}\n\n{{ template \"chart.versionBadge\" . }}\n{{ template "
},
{
"path": "charts/linkerd2-cni/requirements.yaml",
"chars": 81,
"preview": "dependencies:\n- name: partials\n version: 0.1.0\n repository: file://../partials\n"
},
{
"path": "charts/linkerd2-cni/templates/cni-plugin.yaml",
"chars": 11371,
"preview": "{{- /*\nCopyright 2017 CNI authors\nModifications copyright (c) Linkerd authors\n\nLicensed under the Apache License, Versio"
},
{
"path": "charts/linkerd2-cni/values.yaml",
"chars": 5229,
"preview": "# -- Inbound port for the proxy container\ninboundProxyPort: 4143\n# -- Outbound port for the proxy container\noutboundProx"
},
{
"path": "charts/partials/.helmignore",
"chars": 333,
"preview": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation"
},
{
"path": "charts/partials/Chart.yaml",
"chars": 161,
"preview": "apiVersion: v1\ndescription: |\n A Helm chart containing Linkerd partial templates,\n depended by the 'linkerd' and 'patc"
},
{
"path": "charts/partials/README.md.gotmpl",
"chars": 353,
"preview": "{{ template \"chart.header\" . }}\n{{ template \"chart.description\" . }}\n\n{{ template \"chart.versionBadge\" . }}\n{{ template "
},
{
"path": "charts/partials/templates/NOTES.txt",
"chars": 0,
"preview": ""
},
{
"path": "charts/partials/templates/_affinity.tpl",
"chars": 1107,
"preview": "{{ define \"linkerd.pod-affinity\" -}}\npodAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - podAffinity"
},
{
"path": "charts/partials/templates/_capabilities.tpl",
"chars": 462,
"preview": "{{- define \"partials.proxy.capabilities\" -}}\ncapabilities:\n {{- if .Values.proxy.capabilities.add }}\n add:\n {{- toYam"
},
{
"path": "charts/partials/templates/_debug.tpl",
"chars": 508,
"preview": "{{- define \"partials.debug\" -}}\nimage: {{.Values.debugContainer.image.name}}:{{.Values.debugContainer.image.version | de"
},
{
"path": "charts/partials/templates/_helpers.tpl",
"chars": 436,
"preview": "{{/* vim: set filetype=mustache: */}}\n{{/*\nSplits a coma separated list into a list of string values.\nFor example \"11,22"
},
{
"path": "charts/partials/templates/_metadata.tpl",
"chars": 804,
"preview": "{{- define \"partials.annotations.created-by\" -}}\nlinkerd.io/created-by: {{ .Values.cliVersion | default (printf \"linkerd"
},
{
"path": "charts/partials/templates/_network-validator.tpl",
"chars": 1496,
"preview": "{{- define \"partials.network-validator\" -}}\nname: linkerd-network-validator\nimage: {{.Values.proxy.image.name}}:{{.Value"
},
{
"path": "charts/partials/templates/_nodeselector.tpl",
"chars": 119,
"preview": "{{- define \"linkerd.node-selector\" -}}\nnodeSelector:\n{{- toYaml .Values.nodeSelector | trim | nindent 2 }}\n{{- end -}}\n"
},
{
"path": "charts/partials/templates/_proxy-config-ann.tpl",
"chars": 445,
"preview": "{{- define \"partials.proxy.config.annotations\" -}}\n{{- with .cpu }}\n{{- with .request -}}\nconfig.linkerd.io/proxy-cpu-re"
},
{
"path": "charts/partials/templates/_proxy-init.tpl",
"chars": 3704,
"preview": "{{- define \"partials.proxy-init\" -}}\nargs:\n{{- if (.Values.proxyInit.iptablesMode | default \"legacy\" | eq \"nft\") }}\n- --"
},
{
"path": "charts/partials/templates/_proxy.tpl",
"chars": 14113,
"preview": "{{ define \"partials.proxy\" -}}\n{{ if and .Values.proxy.nativeSidecar .Values.proxy.waitBeforeExitSeconds }}\n{{ fail \"pro"
},
{
"path": "charts/partials/templates/_pull-secrets.tpl",
"chars": 122,
"preview": "{{- define \"partials.image-pull-secrets\"}}\n{{- if . }}\nimagePullSecrets:\n{{ toYaml . | indent 2 }}\n{{- end }}\n{{- end -}"
},
{
"path": "charts/partials/templates/_resources.tpl",
"chars": 783,
"preview": "{{- define \"partials.resources\" -}}\n{{- $ephemeralStorage := index . \"ephemeral-storage\" -}}\nresources:\n {{- if or (.cp"
},
{
"path": "charts/partials/templates/_tolerations.tpl",
"chars": 113,
"preview": "{{- define \"linkerd.tolerations\" -}}\ntolerations:\n{{ toYaml .Values.tolerations | trim | indent 2 }}\n{{- end -}}\n"
},
{
"path": "charts/partials/templates/_trace.tpl",
"chars": 520,
"preview": "{{ define \"partials.linkerd.trace\" -}}\n{{ if ((.Values.controller.tracing).enabled) -}}\n{{- if (.Values.controller.traci"
},
{
"path": "charts/partials/templates/_validate.tpl",
"chars": 763,
"preview": "{{- define \"linkerd.webhook.validation\" -}}\n\n{{- if and (.injectCaFrom) (.injectCaFromSecret) -}}\n{{- fail \"injectCaFrom"
},
{
"path": "charts/partials/templates/_volumes.tpl",
"chars": 1225,
"preview": "{{ define \"partials.proxy.volumes.identity\" -}}\nemptyDir:\n medium: Memory\nname: linkerd-identity-end-entity\n{{- end -}}"
},
{
"path": "charts/partials/values.yaml",
"chars": 0,
"preview": ""
},
{
"path": "charts/patch/Chart.yaml",
"chars": 220,
"preview": "apiVersion: \"v1\"\nname: \"patch\"\nversion: 0.1.0\ndescription: This chart generates the JSON patch necessary to inject the p"
},
{
"path": "charts/patch/requirements.yaml",
"chars": 81,
"preview": "dependencies:\n- name: partials\n version: 0.1.0\n repository: file://../partials\n"
},
{
"path": "charts/patch/templates/patch.json",
"chars": 3854,
"preview": "{{ $prefix := .Values.pathPrefix -}}\n{{/*\n$initIndex represents the patch insertion index of the next initContainer when"
},
{
"path": "charts/templates.go",
"chars": 138,
"preview": "package charts\n\nimport (\n\t\"embed\"\n)\n\n//go:embed linkerd-control-plane linkerd-crds linkerd2-cni all:partials patch\nvar T"
},
{
"path": "cli/Dockerfile",
"chars": 2258,
"preview": "ARG BUILDPLATFORM=linux/amd64\n\n# Precompile key slow-to-build dependencies\nFROM --platform=$BUILDPLATFORM golang:1.25-al"
},
{
"path": "cli/cmd/authz.go",
"chars": 2608,
"preview": "package cmd\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/linkerd/linkerd2/cli/table\"\n\tpkgcmd \"github.com/linkerd/linkerd2/pkg/cm"
},
{
"path": "cli/cmd/check.go",
"chars": 10318,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"time\"\n\n\tcharts \"git"
},
{
"path": "cli/cmd/check_extensions.go",
"chars": 9268,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t\"sort\"\n\t\"strin"
},
{
"path": "cli/cmd/check_extensions_test.go",
"chars": 8511,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"errors\"\n\t\"path/filepath\"\n\t\"reflect\"\n\t\"testing\"\n\n\t\"k8s.io/utils/exec\"\n\tfakeexec \"k8s.io/"
},
{
"path": "cli/cmd/check_test.go",
"chars": 2103,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"fmt\"\n\t\"os\"\n\t\"testing\"\n\n\t\"github.com/linkerd/linkerd2/pkg/healthcheck\"\n)\n\nfun"
},
{
"path": "cli/cmd/completion.go",
"chars": 2758,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/spf13/cobra\"\n)\n\n// newCmdCompletion creates a new cobra co"
},
{
"path": "cli/cmd/completion_test.go",
"chars": 571,
"preview": "package cmd\n\nimport (\n\t\"testing\"\n)\n\nfunc TestCompletion(t *testing.T) {\n\trootCmd := NewRootCmd()\n\tt.Run(\"Returns complet"
},
{
"path": "cli/cmd/controller-metrics.go",
"chars": 2288,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/linkerd/linkerd2/pkg/k8s\"\n\t\"github.com/spf13/cobra\"\n\tmetav1 "
},
{
"path": "cli/cmd/diagnostics.go",
"chars": 1167,
"preview": "package cmd\n\nimport (\n\t\"github.com/spf13/cobra\"\n)\n\n// newCmdDiagnostics creates a new cobra command `diagnostics` which "
},
{
"path": "cli/cmd/diagnostics_profile.go",
"chars": 3405,
"preview": "package cmd\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\n\tdestinationPb \"github.com/linkerd/linkerd2-proxy-"
},
{
"path": "cli/cmd/doc.go",
"chars": 9398,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"io\"\n\t\"strings\"\n\n\t\"github.com/spf13/cobra\"\n\tcobradoc \"github.com/spf13/cobra/doc\""
},
{
"path": "cli/cmd/endpoints.go",
"chars": 10496,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"sort\"\n\t\"strings\"\n\t\"text/tabwri"
},
{
"path": "cli/cmd/endpoints_test.go",
"chars": 3336,
"preview": "package cmd\n\nimport (\n\t\"testing\"\n\n\tpb \"github.com/linkerd/linkerd2-proxy-api/go/destination\"\n\t\"github.com/linkerd/linker"
},
{
"path": "cli/cmd/identity.go",
"chars": 6843,
"preview": "package cmd\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"crypto/x509\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/grantae/certinfo\"\n\tp"
},
{
"path": "cli/cmd/inject.go",
"chars": 16942,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\n\tjsonpatch \"github"
},
{
"path": "cli/cmd/inject_test.go",
"chars": 27431,
"preview": "package cmd\n\nimport (\n\t\"bufio\"\n\t\"bytes\"\n\t\"fmt\"\n\t\"io\"\n\t\"log\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\n\t\"github.com/linkerd/link"
},
{
"path": "cli/cmd/inject_util.go",
"chars": 6035,
"preview": "package cmd\n\nimport (\n\t\"bufio\"\n\t\"bytes\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n"
},
{
"path": "cli/cmd/install-cni-plugin.go",
"chars": 9801,
"preview": "package cmd\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/linkerd/linkerd2/charts\"\n\tchartspkg \"github.com/linker"
},
{
"path": "cli/cmd/install-cni-plugin_test.go",
"chars": 3789,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"helm.sh/helm/v3/pkg/cli/values\"\n)\n\nfunc TestRenderCNIPlugin(t *testi"
},
{
"path": "cli/cmd/install.go",
"chars": 19202,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path\"\n\t\"strconv\"\n\t\"strings\"\n\t\"text/template\"\n\t\""
},
{
"path": "cli/cmd/install_cni_helm_test.go",
"chars": 4170,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"path/filepath\"\n\t\"testing\"\n\n\tcnicharts \"github.com/linkerd/linkerd2/pkg/charts/cni\"\n\t\"gi"
}
]
// ... and 1242 more files (download for full content)
About this extraction
This page contains the full source code of the linkerd/linkerd2 GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 1442 files (15.1 MB), approximately 4.0M tokens, and a symbol index with 7110 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.