inject
The inject command is a text transform that modifies Kubernetes manifests
passed to it either as a file or as a stream (-) to adds a
linkerd.io/inject: enabled annotation to eligible resources in the manifest.
When the resulting annotated manifest is applied to the Kubernetes cluster,
Linkerd’s proxy autoinjector automatically
adds the Linkerd data plane proxies to the corresponding pods.
Note that there is no a priori reason to use this command. In production, these annotations may be instead set by a CI/CD system, or any other deploy-time mechanism.
Manual injection
Alternatively, this command can also perform the full injection purely on the
client side, by enabling with the --manual flag. (Prior to Linkerd 2.4, this
was the default behavior.)
Examples
# Inject all the deployments in the default namespace.
kubectl get deploy -o yaml | linkerd inject - | kubectl apply -f -
# Injecting a file from a remote URL
linkerd inject http://url.to/yml | kubectl apply -f -
# Inject all the resources inside a folder and its sub-folders.
linkerd inject <folder> | kubectl apply -f -Flags
| Flag | Usage |
|---|---|
--admin-port | Proxy port to serve metrics on |
--control-port | Proxy port to use for control |
--disable-identity | Disables resources from participating in TLS identity |
--disable-tap | Disables resources from being tapped |
--enable-debug-sidecar | Inject a debug sidecar for data plane debugging |
--enable-external-profiles | Enable service profiles for non-Kubernetes services |
--ignore-cluster | Ignore the current Kubernetes cluster when checking for existing cluster configuration (default false) |
--image-pull-policy | Docker image pull policy |
--inbound-port | Proxy port to use for inbound traffic |
--init-image | Linkerd init container image name |
--init-image-version | Linkerd init container image version |
--manual | Include the proxy sidecar container spec in the YAML output (the auto-injector won’t pick it up, so config annotations aren’t supported) (default false) |
--outbound-port | Proxy port to use for outbound traffic |
--proxy-cpu | Amount of CPU units that the proxy sidecar requests |
--proxy-cpu-limit | Maximum amount of CPU units that the proxy sidecar can use |
--proxy-cpu-request | Amount of CPU units that the proxy sidecar requests |
--proxy-image | Linkerd proxy container image name |
--proxy-log-level | Log level for the proxy |
--proxy-memory | Amount of Memory that the proxy sidecar requests |
--proxy-memory-limit | Maximum amount of Memory that the proxy sidecar can use |
--proxy-memory-request | Amount of Memory that the proxy sidecar requests |
--proxy-uid | Run the proxy under this user ID |
--proxy-version-v | Tag to be used for the Linkerd proxy images |
--registry | Docker registry to pull images from |
--skip-inbound-ports | Ports and/or port ranges (inclusive) that should skip the proxy and send directly to the application |
--skip-outbound-ports | Outbound ports and/or port ranges (inclusive) that should skip the proxy |
--trace-collector | Collector Service address for the proxies to send Trace Data |
--trace-collector-svc-account | Service account associated with the Trace collector instance |
--wait-before-exit-seconds | The period during which the proxy sidecar must stay alive while its pod is terminating. Must be smaller than terminationGracePeriodSeconds for the pod (default 0) |