From 04f2ce511a95f4b481d6994fd251cb8fd881a787 Mon Sep 17 00:00:00 2001 From: Oliver Gould Date: Wed, 27 Dec 2023 16:24:33 -0800 Subject: [PATCH] inject: Configure proxy stream lifetime limits (#11837) linkerd/linkerd2-proxy#2587 adds configuration parameters that bound the lifetime and idle times of control plane streams. This change helps to mitigate imbalanced control plane replica usage and to generally prevent scenarios where a stream becomes "stuck," as has been observed when a control plane replica is unhealthy. This change adds helm values to control this behavior. Default values are provided. --- charts/linkerd-control-plane/README.md | 3 ++ charts/linkerd-control-plane/values.yaml | 11 ++++++++ charts/partials/templates/_proxy.tpl | 6 ++++ cli/cmd/inject_test.go | 2 ++ .../expected/injected_nginx.yaml | 6 ++++ .../expected/injected_nginx_redis.yaml | 12 ++++++++ .../expected/injected_redis.yaml | 6 ++++ cli/cmd/testdata/inject_contour.golden.yml | 6 ++++ ...ject_emojivoto_already_injected.golden.yml | 24 ++++++++++++++++ .../inject_emojivoto_deployment.golden.yml | 6 ++++ ...emojivoto_deployment_access_log.golden.yml | 6 ++++ ...omountServiceAccountToken_false.golden.yml | 6 ++++ ...ojivoto_deployment_capabilities.golden.yml | 6 ++++ ...oto_deployment_config_overrides.golden.yml | 6 ++++ ...voto_deployment_controller_name.golden.yml | 12 ++++++++ ...ject_emojivoto_deployment_debug.golden.yml | 6 ++++ ...voto_deployment_empty_resources.golden.yml | 6 ++++ ...to_deployment_hostNetwork_false.golden.yml | 6 ++++ ...ivoto_deployment_native_sidecar.golden.yml | 6 ++++ ...to_deployment_no_init_container.golden.yml | 6 ++++ ...ojivoto_deployment_opaque_ports.golden.yml | 6 ++++ ...emojivoto_deployment_overridden.golden.yml | 6 ++++ ...ojivoto_deployment_proxyignores.golden.yml | 6 ++++ ...inject_emojivoto_deployment_udp.golden.yml | 6 ++++ .../testdata/inject_emojivoto_list.golden.yml | 12 ++++++++ ..._emojivoto_list_empty_resources.golden.yml | 12 ++++++++ .../testdata/inject_emojivoto_pod.golden.yml | 6 ++++ .../inject_emojivoto_pod_ingress.golden.yml | 6 ++++ ...ject_emojivoto_pod_proxyignores.golden.yml | 6 ++++ ...ect_emojivoto_pod_with_requests.golden.yml | 6 ++++ .../inject_emojivoto_statefulset.golden.yml | 6 ++++ .../inject_gettest_deployment.good.golden.yml | 12 ++++++++ .../inject_tap_deployment_debug.golden.yml | 6 ++++ ...install_controlplane_tracing_output.golden | 23 +++++++++++++++ cli/cmd/testdata/install_custom_domain.golden | 23 +++++++++++++++ .../testdata/install_custom_registry.golden | 23 +++++++++++++++ cli/cmd/testdata/install_default.golden | 23 +++++++++++++++ ...stall_default_override_dst_get_nets.golden | 23 +++++++++++++++ cli/cmd/testdata/install_default_token.golden | 23 +++++++++++++++ cli/cmd/testdata/install_ha_output.golden | 23 +++++++++++++++ .../install_ha_with_overrides_output.golden | 23 +++++++++++++++ .../install_heartbeat_disabled_output.golden | 23 +++++++++++++++ .../install_helm_control_plane_output.golden | 23 +++++++++++++++ ...nstall_helm_control_plane_output_ha.golden | 23 +++++++++++++++ .../install_helm_output_ha_labels.golden | 23 +++++++++++++++ ...l_helm_output_ha_namespace_selector.golden | 23 +++++++++++++++ .../testdata/install_no_init_container.golden | 23 +++++++++++++++ cli/cmd/testdata/install_output.golden | 21 +++++++++++++- cli/cmd/testdata/install_proxy_ignores.golden | 23 +++++++++++++++ cli/cmd/testdata/install_values_file.golden | 23 +++++++++++++++ .../fake/data/pod-with-debug.patch.json | 28 +++++++++++++++---- .../data/pod-with-ns-annotations.patch.json | 12 ++++++++ .../proxy-injector/fake/data/pod.patch.json | 12 ++++++++ controller/proxy-injector/webhook_test.go | 6 ++-- pkg/charts/linkerd2/values.go | 11 ++++++++ pkg/charts/linkerd2/values_test.go | 7 +++++ testutil/test_data_diff.go | 1 + 57 files changed, 699 insertions(+), 11 deletions(-) diff --git a/charts/linkerd-control-plane/README.md b/charts/linkerd-control-plane/README.md index 9ed9a3b7ebaff..ef0f04dd405dc 100644 --- a/charts/linkerd-control-plane/README.md +++ b/charts/linkerd-control-plane/README.md @@ -231,6 +231,9 @@ Kubernetes: `>=1.22.0-0` | profileValidator.namespaceSelector | object | `{"matchExpressions":[{"key":"config.linkerd.io/admission-webhooks","operator":"NotIn","values":["disabled"]}]}` | Namespace selector used by admission webhook | | prometheusUrl | string | `""` | url of external prometheus instance (used for the heartbeat) | | proxy.await | bool | `true` | If set, the application container will not start until the proxy is ready | +| proxy.control.streams.idleTimeout | string | `"5m"` | The timeout between consecutive updates from the control plane. | +| proxy.control.streams.initialTimeout | string | `"3s"` | The timeout for the first update from the control plane. | +| proxy.control.streams.lifetime | string | `"1h"` | The maximum duration for a response stream (i.e. before it will be reinitialized). | | proxy.cores | int | `0` | The `cpu.limit` and `cores` should be kept in sync. The value of `cores` must be an integer and should typically be set by rounding up from the limit. E.g. if cpu.limit is '1500m', cores should be 2. | | proxy.defaultInboundPolicy | string | "all-unauthenticated" | The default allow policy to use when no `Server` selects a pod. One of: "all-authenticated", "all-unauthenticated", "cluster-authenticated", "cluster-unauthenticated", "deny" | | proxy.disableInboundProtocolDetectTimeout | bool | `false` | When set to true, disables the protocol detection timeout on the inbound side of the proxy by setting it to a very high value | diff --git a/charts/linkerd-control-plane/values.yaml b/charts/linkerd-control-plane/values.yaml index 519585a08230a..54e7522d68f47 100644 --- a/charts/linkerd-control-plane/values.yaml +++ b/charts/linkerd-control-plane/values.yaml @@ -207,6 +207,17 @@ proxy: initialDelaySeconds: 0 periodSeconds: 1 failureThreshold: 120 + # Configures general properties of the proxy's control plane clients. + control: + # Configures limits on API response streams. + streams: + # -- The timeout for the first update from the control plane. + initialTimeout: "3s" + # -- The timeout between consecutive updates from the control plane. + idleTimeout: "5m" + # -- The maximum duration for a response stream (i.e. before it will be + # reinitialized). + lifetime: "1h" # proxy-init configuration proxyInit: diff --git a/charts/partials/templates/_proxy.tpl b/charts/partials/templates/_proxy.tpl index da0d10b6c73e8..de9638f519d77 100644 --- a/charts/partials/templates/_proxy.tpl +++ b/charts/partials/templates/_proxy.tpl @@ -44,6 +44,12 @@ env: value: {{.Values.proxy.defaultInboundPolicy}} - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: {{.Values.clusterNetworks | quote}} +- name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: {{((.Values.proxy.control).streams).initialTimeout | default "" | quote}} +- name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: {{((.Values.proxy.control).streams).idleTimeout | default "" | quote}} +- name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: {{((.Values.proxy.control).streams).lifetime | default "" | quote}} {{ if .Values.proxy.inboundConnectTimeout -}} - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: {{.Values.proxy.inboundConnectTimeout | quote}} diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index 709526f466d25..6ed75fd8e95df 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -33,6 +33,8 @@ func mkFilename(filename string, verbose bool) string { } func testUninjectAndInject(t *testing.T, tc testCase) { + t.Helper() + file, err := os.Open("testdata/" + tc.inputFileName) if err != nil { t.Errorf("error opening test input file: %v\n", err) diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml index a035e8a45f1fd..f54302b0c4c4a 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml @@ -48,6 +48,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml index 2202a79c4b3c1..c29b1c15c5d20 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml @@ -48,6 +48,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -262,6 +268,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml index 7da2ca85f5d2f..64f843149b165 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml @@ -48,6 +48,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_contour.golden.yml b/cli/cmd/testdata/inject_contour.golden.yml index f8144419e3ee3..f0fbe708a3c83 100644 --- a/cli/cmd/testdata/inject_contour.golden.yml +++ b/cli/cmd/testdata/inject_contour.golden.yml @@ -56,6 +56,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml index 3f4085bd42575..066d61ef5e19a 100644 --- a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml @@ -50,6 +50,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -275,6 +281,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -500,6 +512,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -725,6 +743,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml index 0733e684aea19..a5e12f6180e80 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml @@ -50,6 +50,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml index b3904a4c9e139..7fa9baab5e9d0 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml @@ -51,6 +51,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml index 4469e39273153..6cda7e09671ff 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml @@ -51,6 +51,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml index 6c4417e1f3f44..af2980a20cfa0 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml @@ -50,6 +50,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml index d159bc91db81e..bd541fcbb9464 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml @@ -60,6 +60,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml index a13909723583e..31af59bc8b3ff 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml @@ -50,6 +50,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -275,6 +281,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml index acdf2fbec2978..a03614bc19fd4 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml @@ -51,6 +51,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml index c23e17076bab5..d9da3231f904e 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml @@ -50,6 +50,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml index 03dfa74d1df6c..296d130fc961f 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml @@ -50,6 +50,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml index 9ba6815059764..a02eb5b1c25e5 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml @@ -103,6 +103,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml index 54097aa8891fe..fff2448b4d245 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_no_init_container.golden.yml @@ -50,6 +50,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml index ff17eb4d92c75..6f005e6a2c0a7 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml @@ -51,6 +51,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml index 22e3edaa69fa0..86912d6cadce7 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml @@ -51,6 +51,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml index c0c8e0ec57fde..76890e12da561 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml @@ -52,6 +52,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml index 699d96513c400..fe22f43193928 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml @@ -50,6 +50,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_list.golden.yml b/cli/cmd/testdata/inject_emojivoto_list.golden.yml index 6bb7c4dbbf272..f9e54ec3862b9 100644 --- a/cli/cmd/testdata/inject_emojivoto_list.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list.golden.yml @@ -52,6 +52,12 @@ items: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -276,6 +282,12 @@ items: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml index 8667ce0c48157..72fcf66e2774c 100644 --- a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml @@ -52,6 +52,12 @@ items: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -276,6 +282,12 @@ items: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml index 9a16bade90643..93c5c02110218 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml @@ -42,6 +42,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml index 618d5e1d898bf..ff85a2a5ec33c 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml @@ -43,6 +43,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml index 182c240b42b8e..7ce5d234f8e0d 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml @@ -44,6 +44,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml index c9ebe123ff3a8..745c45dc4bbd3 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml @@ -46,6 +46,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml index f789363fde9cd..f2f51c98baae0 100644 --- a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml @@ -51,6 +51,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml index 45f17705766a7..bc660d7ad717b 100644 --- a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml +++ b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml @@ -46,6 +46,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -273,6 +279,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml index 6028117f1d8f4..05fb2b80db4e0 100644 --- a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml @@ -67,6 +67,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16 + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: 3s + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: 5m + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: 1h - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: 100ms - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index 24455534cfffc..0f2f2055224aa 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -623,6 +623,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -937,6 +942,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1264,6 +1275,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1691,6 +1708,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_custom_domain.golden b/cli/cmd/testdata/install_custom_domain.golden index 82a717f27badd..d688677801f62 100644 --- a/cli/cmd/testdata/install_custom_domain.golden +++ b/cli/cmd/testdata/install_custom_domain.golden @@ -623,6 +623,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -936,6 +941,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1263,6 +1274,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1689,6 +1706,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index e4ec8f65e7050..05cfd4fdc5412 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -623,6 +623,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -936,6 +941,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1263,6 +1274,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1689,6 +1706,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index 82a717f27badd..d688677801f62 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -623,6 +623,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -936,6 +941,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1263,6 +1274,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1689,6 +1706,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_default_override_dst_get_nets.golden b/cli/cmd/testdata/install_default_override_dst_get_nets.golden index 0f8b0fecfa000..3afaf65302ab3 100644 --- a/cli/cmd/testdata/install_default_override_dst_get_nets.golden +++ b/cli/cmd/testdata/install_default_override_dst_get_nets.golden @@ -623,6 +623,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -936,6 +941,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.0.0.0/8" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1263,6 +1274,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.0.0.0/8" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1689,6 +1706,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.0.0.0/8" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_default_token.golden b/cli/cmd/testdata/install_default_token.golden index 3ecf3dfcaa94f..fa9d202c9aee8 100644 --- a/cli/cmd/testdata/install_default_token.golden +++ b/cli/cmd/testdata/install_default_token.golden @@ -623,6 +623,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -936,6 +941,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1254,6 +1265,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1671,6 +1688,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index 11f6737676b8b..d6f0d339dc1d6 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -650,6 +650,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -1013,6 +1018,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1380,6 +1391,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1842,6 +1859,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 1f673b836bdea..b0960bc9b32f6 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -650,6 +650,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -1013,6 +1018,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1380,6 +1391,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1842,6 +1859,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index b07b29ece6399..c2d91d5793e9f 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -554,6 +554,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -867,6 +872,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1194,6 +1205,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1560,6 +1577,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_helm_control_plane_output.golden b/cli/cmd/testdata/install_helm_control_plane_output.golden index d117cc5e10b70..0cf0ad39ef6fe 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output.golden @@ -600,6 +600,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -909,6 +914,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1238,6 +1249,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1668,6 +1685,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden index cdeb883091f95..d774ffe6ae174 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden @@ -627,6 +627,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -986,6 +991,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1355,6 +1366,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1821,6 +1838,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_helm_output_ha_labels.golden b/cli/cmd/testdata/install_helm_output_ha_labels.golden index 1e7a450fba502..9eb5090299574 100644 --- a/cli/cmd/testdata/install_helm_output_ha_labels.golden +++ b/cli/cmd/testdata/install_helm_output_ha_labels.golden @@ -631,6 +631,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -994,6 +999,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1367,6 +1378,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1841,6 +1858,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden index 1a5d0a6979455..71561024a2134 100644 --- a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden +++ b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden @@ -622,6 +622,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -976,6 +981,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1345,6 +1356,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1811,6 +1828,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index ee3cdf3252979..7ee03fd3f9f09 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -623,6 +623,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -936,6 +941,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1257,6 +1268,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1677,6 +1694,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index a7b92eafefaf1..7d7c514e3f01e 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -603,6 +603,7 @@ data: accessLog: "" await: true capabilities: null + control: null defaultInboundPolicy: default-allow-policy disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -909,6 +910,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "ClusterNetworks" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "" - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT value: "5s" - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT @@ -1233,6 +1240,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "ClusterNetworks" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "" - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT value: "5s" - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT @@ -1663,6 +1676,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "ClusterNetworks" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "" - name: LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT value: "5s" - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT @@ -1895,7 +1914,7 @@ spec: --- apiVersion: v1 data: - linkerd-config-overrides: Y2xpVmVyc2lvbjogQ2xpVmVyc2lvbgpjbHVzdGVyTmV0d29ya3M6IENsdXN0ZXJOZXR3b3Jrcwpjb250cm9sUGxhbmVUcmFjaW5nTmFtZXNwYWNlOiAiIgpjb250cm9sbGVySW1hZ2U6IENvbnRyb2xsZXJJbWFnZQpjb250cm9sbGVyTG9nRm9ybWF0OiBDb250cm9sbGVyTG9nRm9ybWF0CmNvbnRyb2xsZXJMb2dMZXZlbDogQ29udHJvbGxlckxvZ0xldmVsCmRlYnVnQ29udGFpbmVyOgogIGltYWdlOgogICAgbmFtZTogRGVidWdJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IERlYnVnSW1hZ2VQdWxsUG9saWN5CiAgICB2ZXJzaW9uOiBEZWJ1Z1ZlcnNpb24KZW5hYmxlRW5kcG9pbnRTbGljZXM6IGZhbHNlCmhlYXJ0YmVhdFNjaGVkdWxlOiAxIDIgMyA0IDUKaWRlbnRpdHk6CiAgaXNzdWVyOgogICAgdGxzOgogICAgICBjcnRQRU06IHwKICAgICAgICAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KICAgICAgICBNSUlCd0RDQ0FXZWdBd0lCQWdJUkFKUklnWjhSdE84RXdnMVhlcGY4VDQ0d0NnWUlLb1pJemowRUF3SXdLVEVuCiAgICAgICAgTUNVR0ExVUVBeE1lYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01CNFhEVEl3TURneQogICAgICAgIE9EQTNNVE0wTjFvWERUTXdNRGd5TmpBM01UTTBOMW93S1RFbk1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHUKICAgICAgICBhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUxL0ZwCiAgICAgICAgZmNSbkRjZWRMNkFqVWFYWVB2NERJTUJhSnVmT0k1Tld0eStYU1g3SmpYZ1p0TTcyZFF2UmFZYW51eEQzNkR0MQogICAgICAgIDIvSnh5aVNneEtXUmRvYXkrYU53TUc0d0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUIKICAgICAgICBBZjhDQVFBd0hRWURWUjBPQkJZRUZJMVducnFNWUthSEhPbyt6cHlpaURxMnBPMEtNQ2tHQTFVZEVRUWlNQ0NDCiAgICAgICAgSG1sa1pXNTBhWFI1TG14cGJtdGxjbVF1WTJ4MWMzUmxjaTVzYjJOaGJEQUtCZ2dxaGtqT1BRUURBZ05IQURCRQogICAgICAgIEFpQXR1b0k1WHVDdHJHVlJ6U21SVGwycmEyOGFWOU15VFU3ZDVxblRBRkhLU2dJZ1JLQ3ZsdU9TZ0E1TzIxcDUKICAgICAgICA1MXRkcm1rSEVaUnIwcWxMU0pkSFlnRWZNems9CiAgICAgICAgLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQogICAgICBrZXlQRU06IHwKICAgICAgICAtLS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KICAgICAgICBNSGNDQVFFRUlBQWU4bmZielp1OWMvT0IyKzh4Sk0wRno3TlV3VFFhenVsa0ZOczRUSTUrb0FvR0NDcUdTTTQ5CiAgICAgICAgQXdFSG9VUURRZ0FFMS9GcGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MgogICAgICAgIGRRdlJhWWFudXhEMzZEdDEyL0p4eWlTZ3hLV1Jkb2F5K1E9PQogICAgICAgIC0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0KaWRlbnRpdHlUcnVzdEFuY2hvcnNQRU06IHwKICAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KICBNSUlCd1RDQ0FXYWdBd0lCQWdJUWVEWnA1bERhSXlnUTVVZk1LWnJGQVRBS0JnZ3Foa2pPUFFRREFqQXBNU2N3CiAgSlFZRFZRUURFeDVwWkdWdWRHbDBlUzVzYVc1clpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d0hoY05NakF3T0RJNAogIE1EY3hNalEzV2hjTk16QXdPREkyTURjeE1qUTNXakFwTVNjd0pRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXIKICBaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBUnFjNzBaCiAgbDF2Z3c3OXJqQjV1U0lUSUNVQTZHeWZ2U0ZmY3VJaXM3Qi9YRlNra3dBSFU1Uy9zMUFBUCtSMFRYN0hCV1VDNAogIHVhRzRXV3Npd0pLTm43bWdvM0F3YmpBT0JnTlZIUThCQWY4RUJBTUNBUVl3RWdZRFZSMFRBUUgvQkFnd0JnRUIKICAvd0lCQVRBZEJnTlZIUTRFRmdRVTVZdGpWVlBmZDdJN05MSHNuMkMyNkVCeUdWMHdLUVlEVlIwUkJDSXdJSUllCiAgYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Bb0dDQ3FHU000OUJBTUNBMGtBTUVZQwogIElRQ043bEJGTEREdmp4NlYwK1hranBLRVJSc0pZZjVhZE12bmxvRmw0OGlsSmdJaEFOdHhobmRjcitRSlB1QzgKICB2Z1VDMGQyLzlGTXVlSVZNYis0NldUQ09qc3FyCiAgLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQppbWFnZVB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQppbWFnZVB1bGxTZWNyZXRzOiBudWxsCmxpbmtlcmRWZXJzaW9uOiBMaW5rZXJkVmVyc2lvbgpuZXR3b3JrVmFsaWRhdG9yOgogIGVuYWJsZVNlY3VyaXR5Q29udGV4dDogZmFsc2UKcG9kTW9uaXRvcjogbnVsbApwb2xpY3lDb250cm9sbGVyOgogIGltYWdlOgogICAgbmFtZTogUG9saWN5Q29udHJvbGxlckltYWdlTmFtZQogICAgcHVsbFBvbGljeTogSW1hZ2VQdWxsUG9saWN5CiAgICB2ZXJzaW9uOiBQb2xpY3lDb250cm9sbGVyVmVyc2lvbgogIGxvZ0xldmVsOiBsb2ctbGV2ZWwKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIGxpbWl0OiBjcHUtbGltaXQKICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgIG1lbW9yeToKICAgICAgbGltaXQ6IG1lbW9yeS1saW1pdAogICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdApwb2xpY3lWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHBvbGljeSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJpb3JpdHlDbGFzc05hbWU6IFByaW9yaXR5Q2xhc3NOYW1lCnByb2ZpbGVWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHByb2ZpbGUgdmFsaWRhdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCnByb3h5OgogIGRlZmF1bHRJbmJvdW5kUG9saWN5OiBkZWZhdWx0LWFsbG93LXBvbGljeQogIGltYWdlOgogICAgbmFtZTogUHJveHlJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlWZXJzaW9uCiAgaW5ib3VuZENvbm5lY3RUaW1lb3V0OiAiIgogIGluYm91bmREaXNjb3ZlcnlDYWNoZVVudXNlZFRpbWVvdXQ6ICIiCiAgbG9nTGV2ZWw6IHdhcm4sbGlua2VyZD1pbmZvCiAgb3BhcXVlUG9ydHM6IDI1LDQ0Myw1ODcsMzMwNiw1NDMyLDExMjExCiAgb3V0Ym91bmRDb25uZWN0VGltZW91dDogIiIKICBvdXRib3VuZERpc2NvdmVyeUNhY2hlVW51c2VkVGltZW91dDogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIGxpbWl0OiBjcHUtbGltaXQKICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgIG1lbW9yeToKICAgICAgbGltaXQ6IG1lbW9yeS1saW1pdAogICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdAogIHN0YXJ0dXBQcm9iZTogbnVsbApwcm94eUNvbnRhaW5lck5hbWU6IFByb3h5Q29udGFpbmVyTmFtZQpwcm94eUluaXQ6CiAgaWdub3JlSW5ib3VuZFBvcnRzOiAiIgogIGlnbm9yZU91dGJvdW5kUG9ydHM6ICI0NDMiCiAgaW1hZ2U6CiAgICBuYW1lOiBQcm94eUluaXRJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlJbml0VmVyc2lvbgogIGt1YmVBUElTZXJ2ZXJQb3J0czogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIHJlcXVlc3Q6IDEwbQogICAgbWVtb3J5OgogICAgICBsaW1pdDogNTBNaQogICAgICByZXF1ZXN0OiAxME1pCnByb3h5SW5qZWN0b3I6CiAgY2FCdW5kbGU6IHByb3h5IGluamVjdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCndlYmhvb2tGYWlsdXJlUG9saWN5OiBXZWJob29rRmFpbHVyZVBvbGljeQo= + linkerd-config-overrides: Y2xpVmVyc2lvbjogQ2xpVmVyc2lvbgpjbHVzdGVyTmV0d29ya3M6IENsdXN0ZXJOZXR3b3Jrcwpjb250cm9sUGxhbmVUcmFjaW5nTmFtZXNwYWNlOiAiIgpjb250cm9sbGVySW1hZ2U6IENvbnRyb2xsZXJJbWFnZQpjb250cm9sbGVyTG9nRm9ybWF0OiBDb250cm9sbGVyTG9nRm9ybWF0CmNvbnRyb2xsZXJMb2dMZXZlbDogQ29udHJvbGxlckxvZ0xldmVsCmRlYnVnQ29udGFpbmVyOgogIGltYWdlOgogICAgbmFtZTogRGVidWdJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IERlYnVnSW1hZ2VQdWxsUG9saWN5CiAgICB2ZXJzaW9uOiBEZWJ1Z1ZlcnNpb24KZW5hYmxlRW5kcG9pbnRTbGljZXM6IGZhbHNlCmhlYXJ0YmVhdFNjaGVkdWxlOiAxIDIgMyA0IDUKaWRlbnRpdHk6CiAgaXNzdWVyOgogICAgdGxzOgogICAgICBjcnRQRU06IHwKICAgICAgICAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KICAgICAgICBNSUlCd0RDQ0FXZWdBd0lCQWdJUkFKUklnWjhSdE84RXdnMVhlcGY4VDQ0d0NnWUlLb1pJemowRUF3SXdLVEVuCiAgICAgICAgTUNVR0ExVUVBeE1lYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01CNFhEVEl3TURneQogICAgICAgIE9EQTNNVE0wTjFvWERUTXdNRGd5TmpBM01UTTBOMW93S1RFbk1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHUKICAgICAgICBhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUxL0ZwCiAgICAgICAgZmNSbkRjZWRMNkFqVWFYWVB2NERJTUJhSnVmT0k1Tld0eStYU1g3SmpYZ1p0TTcyZFF2UmFZYW51eEQzNkR0MQogICAgICAgIDIvSnh5aVNneEtXUmRvYXkrYU53TUc0d0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUIKICAgICAgICBBZjhDQVFBd0hRWURWUjBPQkJZRUZJMVducnFNWUthSEhPbyt6cHlpaURxMnBPMEtNQ2tHQTFVZEVRUWlNQ0NDCiAgICAgICAgSG1sa1pXNTBhWFI1TG14cGJtdGxjbVF1WTJ4MWMzUmxjaTVzYjJOaGJEQUtCZ2dxaGtqT1BRUURBZ05IQURCRQogICAgICAgIEFpQXR1b0k1WHVDdHJHVlJ6U21SVGwycmEyOGFWOU15VFU3ZDVxblRBRkhLU2dJZ1JLQ3ZsdU9TZ0E1TzIxcDUKICAgICAgICA1MXRkcm1rSEVaUnIwcWxMU0pkSFlnRWZNems9CiAgICAgICAgLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQogICAgICBrZXlQRU06IHwKICAgICAgICAtLS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KICAgICAgICBNSGNDQVFFRUlBQWU4bmZielp1OWMvT0IyKzh4Sk0wRno3TlV3VFFhenVsa0ZOczRUSTUrb0FvR0NDcUdTTTQ5CiAgICAgICAgQXdFSG9VUURRZ0FFMS9GcGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MgogICAgICAgIGRRdlJhWWFudXhEMzZEdDEyL0p4eWlTZ3hLV1Jkb2F5K1E9PQogICAgICAgIC0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0KaWRlbnRpdHlUcnVzdEFuY2hvcnNQRU06IHwKICAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KICBNSUlCd1RDQ0FXYWdBd0lCQWdJUWVEWnA1bERhSXlnUTVVZk1LWnJGQVRBS0JnZ3Foa2pPUFFRREFqQXBNU2N3CiAgSlFZRFZRUURFeDVwWkdWdWRHbDBlUzVzYVc1clpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d0hoY05NakF3T0RJNAogIE1EY3hNalEzV2hjTk16QXdPREkyTURjeE1qUTNXakFwTVNjd0pRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXIKICBaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBUnFjNzBaCiAgbDF2Z3c3OXJqQjV1U0lUSUNVQTZHeWZ2U0ZmY3VJaXM3Qi9YRlNra3dBSFU1Uy9zMUFBUCtSMFRYN0hCV1VDNAogIHVhRzRXV3Npd0pLTm43bWdvM0F3YmpBT0JnTlZIUThCQWY4RUJBTUNBUVl3RWdZRFZSMFRBUUgvQkFnd0JnRUIKICAvd0lCQVRBZEJnTlZIUTRFRmdRVTVZdGpWVlBmZDdJN05MSHNuMkMyNkVCeUdWMHdLUVlEVlIwUkJDSXdJSUllCiAgYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Bb0dDQ3FHU000OUJBTUNBMGtBTUVZQwogIElRQ043bEJGTEREdmp4NlYwK1hranBLRVJSc0pZZjVhZE12bmxvRmw0OGlsSmdJaEFOdHhobmRjcitRSlB1QzgKICB2Z1VDMGQyLzlGTXVlSVZNYis0NldUQ09qc3FyCiAgLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQppbWFnZVB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQppbWFnZVB1bGxTZWNyZXRzOiBudWxsCmxpbmtlcmRWZXJzaW9uOiBMaW5rZXJkVmVyc2lvbgpuZXR3b3JrVmFsaWRhdG9yOgogIGVuYWJsZVNlY3VyaXR5Q29udGV4dDogZmFsc2UKcG9kTW9uaXRvcjogbnVsbApwb2xpY3lDb250cm9sbGVyOgogIGltYWdlOgogICAgbmFtZTogUG9saWN5Q29udHJvbGxlckltYWdlTmFtZQogICAgcHVsbFBvbGljeTogSW1hZ2VQdWxsUG9saWN5CiAgICB2ZXJzaW9uOiBQb2xpY3lDb250cm9sbGVyVmVyc2lvbgogIGxvZ0xldmVsOiBsb2ctbGV2ZWwKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIGxpbWl0OiBjcHUtbGltaXQKICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgIG1lbW9yeToKICAgICAgbGltaXQ6IG1lbW9yeS1saW1pdAogICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdApwb2xpY3lWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHBvbGljeSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJpb3JpdHlDbGFzc05hbWU6IFByaW9yaXR5Q2xhc3NOYW1lCnByb2ZpbGVWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHByb2ZpbGUgdmFsaWRhdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCnByb3h5OgogIGNvbnRyb2w6IG51bGwKICBkZWZhdWx0SW5ib3VuZFBvbGljeTogZGVmYXVsdC1hbGxvdy1wb2xpY3kKICBpbWFnZToKICAgIG5hbWU6IFByb3h5SW1hZ2VOYW1lCiAgICBwdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IFByb3h5VmVyc2lvbgogIGluYm91bmRDb25uZWN0VGltZW91dDogIiIKICBpbmJvdW5kRGlzY292ZXJ5Q2FjaGVVbnVzZWRUaW1lb3V0OiAiIgogIGxvZ0xldmVsOiB3YXJuLGxpbmtlcmQ9aW5mbwogIG9wYXF1ZVBvcnRzOiAyNSw0NDMsNTg3LDMzMDYsNTQzMiwxMTIxMQogIG91dGJvdW5kQ29ubmVjdFRpbWVvdXQ6ICIiCiAgb3V0Ym91bmREaXNjb3ZlcnlDYWNoZVVudXNlZFRpbWVvdXQ6ICIiCiAgcmVzb3VyY2VzOgogICAgY3B1OgogICAgICBsaW1pdDogY3B1LWxpbWl0CiAgICAgIHJlcXVlc3Q6IGNwdS1yZXF1ZXN0CiAgICBtZW1vcnk6CiAgICAgIGxpbWl0OiBtZW1vcnktbGltaXQKICAgICAgcmVxdWVzdDogbWVtb3J5LXJlcXVlc3QKICBzdGFydHVwUHJvYmU6IG51bGwKcHJveHlDb250YWluZXJOYW1lOiBQcm94eUNvbnRhaW5lck5hbWUKcHJveHlJbml0OgogIGlnbm9yZUluYm91bmRQb3J0czogIiIKICBpZ25vcmVPdXRib3VuZFBvcnRzOiAiNDQzIgogIGltYWdlOgogICAgbmFtZTogUHJveHlJbml0SW1hZ2VOYW1lCiAgICBwdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IFByb3h5SW5pdFZlcnNpb24KICBrdWJlQVBJU2VydmVyUG9ydHM6ICIiCiAgcmVzb3VyY2VzOgogICAgY3B1OgogICAgICByZXF1ZXN0OiAxMG0KICAgIG1lbW9yeToKICAgICAgbGltaXQ6IDUwTWkKICAgICAgcmVxdWVzdDogMTBNaQpwcm94eUluamVjdG9yOgogIGNhQnVuZGxlOiBwcm94eSBpbmplY3RvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQp3ZWJob29rRmFpbHVyZVBvbGljeTogV2ViaG9va0ZhaWx1cmVQb2xpY3kK kind: Secret metadata: creationTimestamp: null diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index 9b03fd192e5b5..a7807508bfea3 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -623,6 +623,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -936,6 +941,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1263,6 +1274,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1689,6 +1706,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/cli/cmd/testdata/install_values_file.golden b/cli/cmd/testdata/install_values_file.golden index c7ce41706edc8..d6e76a37a5dca 100644 --- a/cli/cmd/testdata/install_values_file.golden +++ b/cli/cmd/testdata/install_values_file.golden @@ -623,6 +623,11 @@ data: accessLog: "" await: true capabilities: null + control: + streams: + idleTimeout: 5m + initialTimeout: 3s + lifetime: 1h defaultInboundPolicy: all-unauthenticated disableInboundProtocolDetectTimeout: false disableOutboundProtocolDetectTimeout: false @@ -936,6 +941,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1263,6 +1274,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT @@ -1689,6 +1706,12 @@ spec: value: all-unauthenticated - name: LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS value: "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" + - name: LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT + value: "3s" + - name: LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT + value: "5m" + - name: LINKERD2_PROXY_CONTROL_STREAM_LIFETIME + value: "1h" - name: LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT value: "100ms" - name: LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT diff --git a/controller/proxy-injector/fake/data/pod-with-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-debug.patch.json index 6a4f234a6fec4..6e31779122c46 100644 --- a/controller/proxy-injector/fake/data/pod-with-debug.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-debug.patch.json @@ -105,14 +105,18 @@ "name": "linkerd-debug", "terminationMessagePolicy": "FallbackToLogsOnError", "livenessProbe": { - "exec": { - "command": ["true"] - } + "exec": { + "command": [ + "true" + ] + } }, "readinessProbe": { - "exec": { - "command": ["true"] - } + "exec": { + "command": [ + "true" + ] + } } } }, @@ -205,6 +209,18 @@ "name": "LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS", "value": "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT", + "value": "3s" + }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT", + "value": "5m" + }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_LIFETIME", + "value": "1h" + }, { "name": "LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT", "value": "100ms" diff --git a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json index 2716869a407a2..70e79bf01c1fa 100644 --- a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json @@ -195,6 +195,18 @@ "name": "LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS", "value": "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT", + "value": "3s" + }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT", + "value": "5m" + }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_LIFETIME", + "value": "1h" + }, { "name": "LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT", "value": "100ms" diff --git a/controller/proxy-injector/fake/data/pod.patch.json b/controller/proxy-injector/fake/data/pod.patch.json index 9017a44fe1248..85ab71faf0adf 100644 --- a/controller/proxy-injector/fake/data/pod.patch.json +++ b/controller/proxy-injector/fake/data/pod.patch.json @@ -185,6 +185,18 @@ "name": "LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS", "value": "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16" }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT", + "value": "3s" + }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT", + "value": "5m" + }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_LIFETIME", + "value": "1h" + }, { "name": "LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT", "value": "100ms" diff --git a/controller/proxy-injector/webhook_test.go b/controller/proxy-injector/webhook_test.go index 1ef380b0dcd5f..3370d1fc101c1 100644 --- a/controller/proxy-injector/webhook_test.go +++ b/controller/proxy-injector/webhook_test.go @@ -2,7 +2,6 @@ package injector import ( "encoding/json" - "fmt" "path/filepath" "testing" @@ -111,9 +110,9 @@ func TestGetPodPatch(t *testing.T) { t.Fatalf("Unexpected error: %s", err) } - for id, testCase := range testCases { + for _, testCase := range testCases { testCase := testCase // pin - t.Run(fmt.Sprintf("%d", id), func(t *testing.T) { + t.Run(testCase.filename, func(t *testing.T) { pod, err := factory.FileContents(testCase.filename) if err != nil { t.Fatalf("Unexpected error: %s", err) @@ -139,7 +138,6 @@ func TestGetPodPatch(t *testing.T) { if diff := deep.Equal(expectedPatch, actualPatch); diff != nil { t.Fatalf("The actual patch didn't match what was expected.\n%+v", diff) } - }) } }) diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index 39445729a2e6c..b3e178d3cac94 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -121,6 +121,17 @@ type ( ShutdownGracePeriod string `json:"shutdownGracePeriod"` NativeSidecar bool `json:"nativeSidecar"` StartupProbe *StartupProbe `json:"startupProbe"` + Control *ProxyControl `json:"control"` + } + + ProxyControl struct { + Streams *ProxyControlStreams `json:"streams"` + } + + ProxyControlStreams struct { + InitialTimeout string `json:"initialTimeout"` + IdleTimeout string `json:"idleTimeout"` + Lifetime string `json:"lifetime"` } // ProxyInit contains the fields to set the proxy-init container diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index a6e17a7cb6fee..3b6487c86e8dd 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -139,6 +139,13 @@ func TestNewValues(t *testing.T) { InitialDelaySeconds: 0, PeriodSeconds: 1, }, + Control: &ProxyControl{ + Streams: &ProxyControlStreams{ + InitialTimeout: "3s", + IdleTimeout: "5m", + Lifetime: "1h", + }, + }, }, ProxyInit: &ProxyInit{ IptablesMode: "legacy", diff --git a/testutil/test_data_diff.go b/testutil/test_data_diff.go index 9e61f65d8a0bb..b3acb2dd5c7d8 100644 --- a/testutil/test_data_diff.go +++ b/testutil/test_data_diff.go @@ -66,6 +66,7 @@ func (td *TestDataDiffer) diffTestYAML(path, actualYAML, expectedYAML string) er // DiffTestdata generates the diff for actual w.r.the file in path func (td *TestDataDiffer) DiffTestdata(t *testing.T, path, actual string) { + t.Helper() expected := ReadTestdata(path) if actual == expected { return