forked from linkerd/linkerd
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Inject warns on UDP ports (linkerd#1617)
linkerd only routes TCP data, but `linkerd inject` does not warn when it injects into pods with ports set to `protocol: UDP`. Modify `linkerd inject` to warn when injected into a pod with `protocol: UDP`. The Linkerd sidecar will still be injected, but the stderr output will include a warning. Also add stderr checking on all inject unit tests. Part of linkerd#1516. Signed-off-by: Andrew Seigner <[email protected]>
- Loading branch information
Showing
17 changed files
with
331 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
cli/cmd/testdata/inject-filepath/expected/injected_nginx.stderr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.stderr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
cli/cmd/testdata/inject-filepath/expected/injected_redis.stderr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
|
||
hostNetwork: pods do not use host networking...............................[ok] | ||
supported: at least one resource injected..................................[ok] | ||
udp: pod specs do not include UDP ports....................................[ok] | ||
|
||
Summary: 1 of 1 YAML document(s) injected | ||
deployment/web | ||
|
9 changes: 9 additions & 0 deletions
9
cli/cmd/testdata/inject_emojivoto_deployment_controller_name.report
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
|
||
hostNetwork: pods do not use host networking...............................[ok] | ||
supported: at least one resource injected..................................[ok] | ||
udp: pod specs do not include UDP ports....................................[ok] | ||
|
||
Summary: 2 of 2 YAML document(s) injected | ||
deployment/controller | ||
deployment/not-controller | ||
|
8 changes: 8 additions & 0 deletions
8
cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.report
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
|
||
hostNetwork: pods do not use host networking...............................[ok] | ||
supported: at least one resource injected..................................[ok] | ||
udp: pod specs do not include UDP ports....................................[ok] | ||
|
||
Summary: 1 of 1 YAML document(s) injected | ||
deployment/web | ||
|
7 changes: 7 additions & 0 deletions
7
cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_true.report
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
|
||
hostNetwork: pods do not use host networking...............................[warn] -- deployment/web uses "hostNetwork: true" | ||
supported: at least one resource injected..................................[warn] -- no supported objects found | ||
udp: pod specs do not include UDP ports....................................[ok] | ||
|
||
Summary: 0 of 1 YAML document(s) injected | ||
|
104 changes: 104 additions & 0 deletions
104
cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
apiVersion: apps/v1beta1 | ||
kind: Deployment | ||
metadata: | ||
creationTimestamp: null | ||
name: web | ||
namespace: emojivoto | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app: web-svc | ||
strategy: {} | ||
template: | ||
metadata: | ||
annotations: | ||
linkerd.io/created-by: linkerd/cli undefined | ||
linkerd.io/proxy-version: testinjectversion | ||
creationTimestamp: null | ||
labels: | ||
app: web-svc | ||
linkerd.io/control-plane-ns: linkerd | ||
linkerd.io/proxy-deployment: web | ||
spec: | ||
containers: | ||
- env: | ||
- name: WEB_PORT | ||
value: "80" | ||
- name: EMOJISVC_HOST | ||
value: emoji-svc.emojivoto:8080 | ||
- name: VOTINGSVC_HOST | ||
value: voting-svc.emojivoto:8080 | ||
- name: INDEX_BUNDLE | ||
value: dist/index_bundle.js | ||
image: buoyantio/emojivoto-web:v3 | ||
name: web-svc | ||
ports: | ||
- containerPort: 9100 | ||
hostPort: 9100 | ||
name: http | ||
protocol: UDP | ||
resources: {} | ||
- env: | ||
- name: LINKERD2_PROXY_LOG | ||
value: warn,linkerd2_proxy=info | ||
- name: LINKERD2_PROXY_BIND_TIMEOUT | ||
value: 10s | ||
- name: LINKERD2_PROXY_CONTROL_URL | ||
value: tcp:https://proxy-api.linkerd.svc.cluster.local:8086 | ||
- name: LINKERD2_PROXY_CONTROL_LISTENER | ||
value: tcp:https://0.0.0.0:4190 | ||
- name: LINKERD2_PROXY_METRICS_LISTENER | ||
value: tcp:https://0.0.0.0:4191 | ||
- name: LINKERD2_PROXY_PRIVATE_LISTENER | ||
value: tcp:https://127.0.0.1:4140 | ||
- name: LINKERD2_PROXY_PUBLIC_LISTENER | ||
value: tcp:https://0.0.0.0:4143 | ||
- name: LINKERD2_PROXY_POD_NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
image: gcr.io/linkerd-io/proxy:testinjectversion | ||
imagePullPolicy: IfNotPresent | ||
livenessProbe: | ||
httpGet: | ||
path: /metrics | ||
port: 4191 | ||
initialDelaySeconds: 10 | ||
name: linkerd-proxy | ||
ports: | ||
- containerPort: 4143 | ||
name: linkerd-proxy | ||
- containerPort: 4191 | ||
name: linkerd-metrics | ||
readinessProbe: | ||
httpGet: | ||
path: /metrics | ||
port: 4191 | ||
initialDelaySeconds: 10 | ||
resources: {} | ||
securityContext: | ||
runAsUser: 2102 | ||
terminationMessagePolicy: FallbackToLogsOnError | ||
initContainers: | ||
- args: | ||
- --incoming-proxy-port | ||
- "4143" | ||
- --outgoing-proxy-port | ||
- "4140" | ||
- --proxy-uid | ||
- "2102" | ||
- --inbound-ports-to-ignore | ||
- 4190,4191 | ||
image: gcr.io/linkerd-io/proxy-init:testinjectversion | ||
imagePullPolicy: IfNotPresent | ||
name: linkerd-init | ||
resources: {} | ||
securityContext: | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
privileged: false | ||
terminationMessagePolicy: FallbackToLogsOnError | ||
status: {} | ||
--- |
Oops, something went wrong.