Proxy Configuration
Linkerd provides a set of annotations that can be used to override the data plane proxy’s configuration. This is useful for overriding the default configurations of auto-injected proxies.
The following is the list of supported annotations:
| Annotation | Description |
|---|---|
config.alpha.linkerd.io/proxy-wait-before-exit-seconds | The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod’s terminationGracePeriodSeconds. If not provided, it will be defaulted to 0 |
config.alpha.linkerd.io/trace-collector-service-account | The trace collector’s service account name. E.g., tracing-service-account. If not provided, it will be defaulted to default. |
config.linkerd.io/admin-port | Proxy port to serve metrics on |
config.linkerd.io/control-port | Proxy port to use for control |
config.linkerd.io/debug-image | Linkerd debug container image name |
config.linkerd.io/debug-image-pull-policy | Docker image pull policy for debug image |
config.linkerd.io/debug-image-version | Linkerd debug container image version |
config.linkerd.io/disable-identity | Disables resources from participating in TLS identity |
config.linkerd.io/disable-tap | Disables resources from being tapped |
config.linkerd.io/enable-debug-sidecar | Inject a debug sidecar for data plane debugging |
config.linkerd.io/enable-external-profiles | Enable service profiles for non-Kubernetes services |
config.linkerd.io/image-pull-policy | Docker image pull policy |
config.linkerd.io/inbound-port | Proxy port to use for inbound traffic |
config.linkerd.io/init-image | Linkerd init container image name |
config.linkerd.io/init-image-version | Linkerd init container image version |
config.linkerd.io/outbound-port | Proxy port to use for outbound traffic |
config.linkerd.io/proxy-cpu-limit | Maximum amount of CPU units that the proxy sidecar can use |
config.linkerd.io/proxy-cpu-request | Amount of CPU units that the proxy sidecar requests |
config.linkerd.io/proxy-image | Linkerd proxy container image name |
config.linkerd.io/proxy-log-level | Log level for the proxy |
config.linkerd.io/proxy-memory-limit | Maximum amount of Memory that the proxy sidecar can use |
config.linkerd.io/proxy-memory-request | Amount of Memory that the proxy sidecar requests |
config.linkerd.io/proxy-uid | Run the proxy under this user ID |
config.linkerd.io/proxy-version | Tag to be used for the Linkerd proxy images |
config.linkerd.io/skip-inbound-ports | Ports that should skip the proxy and send directly to the application. Comma-separated list of values, where each value can be a port number or a range a-b. |
config.linkerd.io/skip-outbound-ports | Outbound ports that should skip the proxy. Comma-separated list of values, where each value can be a port number or a range a-b. |
config.linkerd.io/trace-collector | Service name of the trace collector. E.g. collector.linkerd-jaeger:55678 |
For example, to update an auto-injected proxy’s CPU and memory resources, we
insert the appropriate annotations into the spec.template.metadata.annotations
of the owner’s pod spec, using kubectl edit like this:
spec:
template:
metadata:
annotations:
config.linkerd.io/proxy-cpu-limit: "1"
config.linkerd.io/proxy-cpu-request: "0.2"
config.linkerd.io/proxy-memory-limit: 2Gi
config.linkerd.io/proxy-memory-request: 128MiSee here for details on tuning the proxy’s resource usage.
Note that configuration overrides on proxies injected using the linkerd inject
command is planned for release 2.4. Follow this
GitHub issue for progress.