diff --git a/charts/linkerd-control-plane/README.md b/charts/linkerd-control-plane/README.md index 523ca5ce23132..dbe7aacbc31bc 100644 --- a/charts/linkerd-control-plane/README.md +++ b/charts/linkerd-control-plane/README.md @@ -161,6 +161,7 @@ Kubernetes: `>=1.22.0-0` | disableHeartBeat | bool | `false` | Set to true to not start the heartbeat cronjob | | enableEndpointSlices | bool | `true` | enables the use of EndpointSlice informers for the destination service; enableEndpointSlices should be set to true only if EndpointSlice K8s feature gate is on | | enableH2Upgrade | bool | `true` | Allow proxies to perform transparent HTTP/2 upgrading | +| enableIPv6 | bool | `true` | enables routing IPv6 traffic in addition to IPv4 traffic through the proxy | | enablePSP | bool | `false` | Add a PSP resource and bind it to the control plane ServiceAccounts. Note PSP has been deprecated since k8s v1.21 | | enablePodAntiAffinity | bool | `false` | enables pod anti affinity creation on deployments for high availability | | enablePodDisruptionBudget | bool | `false` | enables the creation of pod disruption budgets for control plane components | @@ -269,9 +270,9 @@ Kubernetes: `>=1.22.0-0` | proxyInit.closeWaitTimeoutSecs | int | `0` | | | proxyInit.ignoreInboundPorts | string | `"4567,4568"` | Default set of inbound ports to skip via iptables - Galera (4567,4568) | | proxyInit.ignoreOutboundPorts | string | `"4567,4568"` | Default set of outbound ports to skip via iptables - Galera (4567,4568) | -| proxyInit.image.name | string | `"cr.l5d.io/linkerd/proxy-init"` | Docker image for the proxy-init container | +| proxyInit.image.name | string | `"ghcr.io/alpeb/proxy-init"` | Docker image for the proxy-init container | | proxyInit.image.pullPolicy | string | imagePullPolicy | Pull policy for the proxy-init container image | -| proxyInit.image.version | string | `"v2.2.4"` | Tag for the proxy-init container image | +| proxyInit.image.version | string | `"ipv6"` | Tag for the proxy-init container image | | proxyInit.iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing. Currently, proxy-init can be run either in 'nft' or in 'legacy' mode. The mode will control which utility binary will be called. The host must support whichever mode will be used | | proxyInit.kubeAPIServerPorts | string | `"443,6443"` | Default set of ports to skip via iptables for control plane components so they can communicate with the Kubernetes API Server | | proxyInit.logFormat | string | plain | Log format (`plain` or `json`) for the proxy-init | diff --git a/charts/linkerd-control-plane/values.yaml b/charts/linkerd-control-plane/values.yaml index b44751dd15197..1f7cf7ea3924c 100644 --- a/charts/linkerd-control-plane/values.yaml +++ b/charts/linkerd-control-plane/values.yaml @@ -32,6 +32,8 @@ deploymentStrategy: # enableEndpointSlices should be set to true only if EndpointSlice K8s feature # gate is on enableEndpointSlices: true +# -- enables routing IPv6 traffic in addition to IPv4 traffic through the proxy +enableIPv6: true # -- enables pod anti affinity creation on deployments for high availability enablePodAntiAffinity: false # -- enables the use of pprof endpoints on control plane component's admin @@ -259,12 +261,12 @@ proxyInit: logFormat: "" image: # -- Docker image for the proxy-init container - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init # -- Pull policy for the proxy-init container image # @default -- imagePullPolicy pullPolicy: "" # -- Tag for the proxy-init container image - version: v2.2.4 + version: ipv6 resources: cpu: # -- Maximum amount of CPU units that the proxy-init container can use diff --git a/charts/linkerd2-cni/README.md b/charts/linkerd2-cni/README.md index b8cbff96636a8..75a25c51190fa 100644 --- a/charts/linkerd2-cni/README.md +++ b/charts/linkerd2-cni/README.md @@ -25,15 +25,17 @@ Kubernetes: `>=1.22.0-0` | commonLabels | object | `{}` | Labels to apply to all resources | | destCNIBinDir | string | `"/opt/cni/bin"` | Directory on the host where the CNI configuration will be placed | | destCNINetDir | string | `"/etc/cni/net.d"` | Directory on the host where the CNI plugin binaries reside | +| enableIPv6 | bool | `true` | Enables adding IPv6 rules on top of IPv4 rules | | enablePSP | bool | `false` | Add a PSP resource and bind it to the linkerd-cni ServiceAccounts. Note PSP has been deprecated since k8s v1.21 | | extraInitContainers | list | `[]` | Add additional initContainers to the daemonset | | ignoreInboundPorts | string | `""` | Default set of inbound ports to skip via iptables | | ignoreOutboundPorts | string | `""` | Default set of outbound ports to skip via iptables | -| image.name | string | `"cr.l5d.io/linkerd/cni-plugin"` | Docker image for the CNI plugin | +| image.name | string | `"ghcr.io/alpeb/cni-plugin"` | Docker image for the CNI plugin | | image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the linkerd-cni container | -| image.version | string | `"v1.3.0"` | Tag for the CNI container Docker image | +| image.version | string | `"ipv6"` | Tag for the CNI container Docker image | | imagePullSecrets | list | `[]` | | | inboundProxyPort | int | `4143` | Inbound port for the proxy container | +| iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing | | logLevel | string | `"info"` | Log level for the CNI plugin | | outboundProxyPort | int | `4140` | Outbound port for the proxy container | | podLabels | object | `{}` | Additional labels to add to all pods | diff --git a/charts/linkerd2-cni/templates/cni-plugin.yaml b/charts/linkerd2-cni/templates/cni-plugin.yaml index 54072411eaca0..1da03d1455ffe 100644 --- a/charts/linkerd2-cni/templates/cni-plugin.yaml +++ b/charts/linkerd2-cni/templates/cni-plugin.yaml @@ -176,7 +176,9 @@ data: ], {{- end }} "simulate": false, - "use-wait-flag": {{.Values.useWaitFlag}} + "use-wait-flag": {{.Values.useWaitFlag}}, + "iptables-mode": {{.Values.iptablesMode | quote}}, + "ipv6": {{.Values.enableIPv6}} } } --- diff --git a/charts/linkerd2-cni/values.yaml b/charts/linkerd2-cni/values.yaml index a9f9e8fd48781..cd027b0702194 100644 --- a/charts/linkerd2-cni/values.yaml +++ b/charts/linkerd2-cni/values.yaml @@ -26,6 +26,10 @@ destCNINetDir: "/etc/cni/net.d" destCNIBinDir: "/opt/cni/bin" # -- Configures the CNI plugin to use the -w flag for the iptables command useWaitFlag: false +# -- Variant of iptables that will be used to configure routing +iptablesMode: "legacy" +# -- Enables adding IPv6 rules on top of IPv4 rules +enableIPv6: true # -- Kubernetes priorityClassName for the CNI plugin's Pods priorityClassName: "" @@ -51,9 +55,9 @@ tolerations: # -|- Image section image: # -- Docker image for the CNI plugin - name: "cr.l5d.io/linkerd/cni-plugin" + name: "ghcr.io/alpeb/cni-plugin" # -- Tag for the CNI container Docker image - version: "v1.3.0" + version: "ipv6" # -- Pull policy for the linkerd-cni container pullPolicy: IfNotPresent diff --git a/charts/partials/templates/_proxy-init.tpl b/charts/partials/templates/_proxy-init.tpl index 91cc96e0a63df..ef080c3865845 100644 --- a/charts/partials/templates/_proxy-init.tpl +++ b/charts/partials/templates/_proxy-init.tpl @@ -1,12 +1,11 @@ {{- define "partials.proxy-init" -}} -args: -{{- if (.Values.proxyInit.iptablesMode | default "legacy" | eq "nft") }} -- --firewall-bin-path -- "iptables-nft" -- --firewall-save-bin-path -- "iptables-nft-save" -{{- else if not (eq .Values.proxyInit.iptablesMode "legacy") }} +{{ if not (has .Values.proxyInit.iptablesMode (list "nft" "legacy")) -}} {{ fail (printf "Unsupported value \"%s\" for proxyInit.iptablesMode\nValid values: [\"nft\", \"legacy\"]" .Values.proxyInit.iptablesMode) }} +{{end -}} +args: +- --iptables-mode={{.Values.proxyInit.iptablesMode}} +{{- if .Values.enableIPv6 }} +- --ipv6 {{- end }} - --incoming-proxy-port - {{.Values.proxy.ports.inbound | quote}} diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml index 0db1ef7dd900a..42be3bdab1a4c 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml @@ -171,6 +171,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -181,7 +183,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml index c3e7b5ad6a90d..111294af16af6 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml @@ -171,6 +171,8 @@ spec: name: server initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -181,7 +183,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -394,6 +396,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -404,7 +408,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml index b4cfacb0bf59e..f3ec936b0d38c 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml @@ -171,6 +171,8 @@ spec: name: server initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -181,7 +183,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_contour.golden.yml b/cli/cmd/testdata/inject_contour.golden.yml index 12ec248bcc02e..655cc2510e705 100644 --- a/cli/cmd/testdata/inject_contour.golden.yml +++ b/cli/cmd/testdata/inject_contour.golden.yml @@ -211,6 +211,8 @@ spec: - mountPath: /config name: contour-config - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -221,7 +223,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml index ccdba275c0d0e..418d18183eb20 100644 --- a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml @@ -182,6 +182,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -192,7 +194,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -416,6 +418,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -426,7 +430,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -650,6 +654,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -660,7 +666,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -884,6 +890,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -894,7 +902,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml index f1c55ca55c70b..a7bada9db663e 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml @@ -182,6 +182,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -192,7 +194,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml index 059ae11fc9716..f252853ce6e71 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml @@ -185,6 +185,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -195,7 +197,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml index 65418f9319f39..b0cc5245e4346 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml @@ -174,6 +174,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -184,7 +186,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml index c98d03cd854b1..64cbaf804aac4 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml @@ -195,6 +195,8 @@ spec: runAsUser: 33 initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -205,7 +207,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml index a28192bd11252..7ad9fcc79d840 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml @@ -199,6 +199,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -209,7 +211,7 @@ spec: - 4190,9998,7777,8888 - --outbound-ports-to-ignore - "9999" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml index d2a627b67add2..279e7c5e6508a 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml @@ -182,6 +182,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -192,7 +194,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -416,6 +418,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -426,7 +430,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml index 0c31f157a3f7a..9bb1cae9a9095 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml @@ -195,6 +195,8 @@ spec: terminationMessagePolicy: FallbackToLogsOnError initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -205,7 +207,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml index abc406a4a5ec8..56b04c0cec22e 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml @@ -182,6 +182,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -192,7 +194,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml index 598a40ba35cd8..3a5692b295239 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml @@ -183,6 +183,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -193,7 +195,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml index 13cbb04a494af..5dfde6ec326b7 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml @@ -38,6 +38,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -48,7 +50,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml index bc9ae6952a4df..ec646055466bd 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml @@ -183,6 +183,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -193,7 +195,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml index cbb0a8d32e67f..4718b6780c4c9 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml @@ -183,6 +183,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -193,7 +195,7 @@ spec: - 4190,1234,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml index b0c69e88cb4f1..ebef5a82b12df 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml @@ -184,6 +184,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +196,7 @@ spec: - 4190,4191,22,8100-8102 - --outbound-ports-to-ignore - "5432" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml index 0c929bb746e32..d3a4b73948d54 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml @@ -184,6 +184,8 @@ spec: protocol: UDP initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +196,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_list.golden.yml b/cli/cmd/testdata/inject_emojivoto_list.golden.yml index 129c201dfdf94..a0f1b783130b8 100644 --- a/cli/cmd/testdata/inject_emojivoto_list.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list.golden.yml @@ -184,6 +184,8 @@ items: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +196,7 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -412,6 +414,8 @@ items: protocol: TCP initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -422,7 +426,7 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml index 71be56d2722bc..1fd0256baae17 100644 --- a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml @@ -184,6 +184,8 @@ items: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +196,7 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -412,6 +414,8 @@ items: protocol: TCP initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -422,7 +426,7 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml index bece820398911..ce84682a65732 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml @@ -166,6 +166,8 @@ spec: name: vote-bot initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -176,7 +178,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml index 9d3807bc0778c..f85a4ede22c15 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml @@ -169,6 +169,8 @@ spec: name: vote-bot initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -179,7 +181,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml index c058f1d2bee1d..8eefea0cdb9c4 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml @@ -168,6 +168,8 @@ spec: name: vote-bot initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -178,7 +180,7 @@ spec: - 4190,4191,22,8100-8102 - --outbound-ports-to-ignore - "5432" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml index 34ebd667b00e8..c65d942407fa4 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml @@ -177,6 +177,8 @@ spec: name: vote-bot initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -187,7 +189,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml index e279928d361c4..5873ba1da09b9 100644 --- a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml @@ -183,6 +183,8 @@ spec: name: http initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -193,7 +195,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml index 2b6be9717c93f..c9928429a9cbc 100644 --- a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml +++ b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml @@ -184,6 +184,8 @@ spec: - containerPort: 9090 initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +196,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -420,6 +422,8 @@ spec: - containerPort: 9090 initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -430,7 +434,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml index 884384a22364d..75bff09626273 100644 --- a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml @@ -244,6 +244,8 @@ spec: dnsPolicy: ClusterFirst initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -254,7 +256,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install-cni-plugin_default.golden b/cli/cmd/testdata/install-cni-plugin_default.golden index b53078e535d99..217d84cdd42ad 100644 --- a/cli/cmd/testdata/install-cni-plugin_default.golden +++ b/cli/cmd/testdata/install-cni-plugin_default.golden @@ -73,7 +73,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- @@ -118,7 +120,7 @@ spec: # script copies the files into place and then sleeps so # that Kubernetes doesn't keep trying to restart it. - name: install-cni - image: cr.l5d.io/linkerd/cni-plugin:v1.3.0 + image: cr.l5d.io/linkerd/cni-plugin:ipv6 imagePullPolicy: env: - name: DEST_CNI_NET_DIR diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured.golden index b64981de55e70..d75966fd0e343 100644 --- a/cli/cmd/testdata/install-cni-plugin_fully_configured.golden +++ b/cli/cmd/testdata/install-cni-plugin_fully_configured.golden @@ -73,7 +73,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden index 0bea8074d9255..7f707606f91ac 100644 --- a/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden +++ b/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden @@ -73,7 +73,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden index b64981de55e70..d75966fd0e343 100644 --- a/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden +++ b/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden @@ -73,7 +73,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- diff --git a/cli/cmd/testdata/install-cni-plugin_skip_ports.golden b/cli/cmd/testdata/install-cni-plugin_skip_ports.golden index d1b14c150448e..a94f85ca9f132 100644 --- a/cli/cmd/testdata/install-cni-plugin_skip_ports.golden +++ b/cli/cmd/testdata/install-cni-plugin_skip_ports.golden @@ -74,7 +74,9 @@ data: "inbound-ports-to-ignore": ["4191","4190","80","8080"], "outbound-ports-to-ignore": ["443","1000"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- @@ -119,7 +121,7 @@ spec: # script copies the files into place and then sleeps so # that Kubernetes doesn't keep trying to restart it. - name: install-cni - image: cr.l5d.io/linkerd/cni-plugin:v1.3.0 + image: cr.l5d.io/linkerd/cni-plugin:ipv6 imagePullPolicy: env: - name: DEST_CNI_NET_DIR diff --git a/cli/cmd/testdata/install_cni_helm_default_output.golden b/cli/cmd/testdata/install_cni_helm_default_output.golden index 566534f1efea5..e679988f25bb4 100644 --- a/cli/cmd/testdata/install_cni_helm_default_output.golden +++ b/cli/cmd/testdata/install_cni_helm_default_output.golden @@ -66,7 +66,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- @@ -111,7 +113,7 @@ spec: # script copies the files into place and then sleeps so # that Kubernetes doesn't keep trying to restart it. - name: install-cni - image: cr.l5d.io/linkerd/cni-plugin:v1.3.0 + image: ghcr.io/alpeb/cni-plugin:ipv6 imagePullPolicy: IfNotPresent env: - name: DEST_CNI_NET_DIR diff --git a/cli/cmd/testdata/install_cni_helm_override_output.golden b/cli/cmd/testdata/install_cni_helm_override_output.golden index 2fd31eac240c3..4c70d4aa1c27c 100644 --- a/cli/cmd/testdata/install_cni_helm_override_output.golden +++ b/cli/cmd/testdata/install_cni_helm_override_output.golden @@ -66,7 +66,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": true + "use-wait-flag": true, + "iptables-mode": "legacy", + "ipv6": true } } --- diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index 0c7855c80f363..242578693eec5 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -704,9 +705,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1074,6 +1075,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1084,7 +1087,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1545,6 +1548,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1555,7 +1560,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1895,6 +1900,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1905,7 +1912,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_custom_domain.golden b/cli/cmd/testdata/install_custom_domain.golden index 966848a7f103a..bac4dccaf814a 100644 --- a/cli/cmd/testdata/install_custom_domain.golden +++ b/cli/cmd/testdata/install_custom_domain.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -704,9 +705,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1086,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1546,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1558,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1898,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1910,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index 992698beebc50..e898c99a79948 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: my.custom.registry/linkerd-io/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1086,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: my.custom.registry/linkerd-io/proxy-init:v2.2.4 + image: my.custom.registry/linkerd-io/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1546,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1558,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: my.custom.registry/linkerd-io/proxy-init:v2.2.4 + image: my.custom.registry/linkerd-io/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1898,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1910,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: my.custom.registry/linkerd-io/proxy-init:v2.2.4 + image: my.custom.registry/linkerd-io/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index 966848a7f103a..bac4dccaf814a 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -704,9 +705,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1086,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1546,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1558,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1898,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1910,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_default_override_dst_get_nets.golden b/cli/cmd/testdata/install_default_override_dst_get_nets.golden index 70d55e742fe28..29c8a4915a702 100644 --- a/cli/cmd/testdata/install_default_override_dst_get_nets.golden +++ b/cli/cmd/testdata/install_default_override_dst_get_nets.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -704,9 +705,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1086,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1546,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1558,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1898,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1910,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_default_token.golden b/cli/cmd/testdata/install_default_token.golden index bfafddf89aae6..6e29b92947880 100644 --- a/cli/cmd/testdata/install_default_token.golden +++ b/cli/cmd/testdata/install_default_token.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -704,9 +705,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1071,6 +1072,8 @@ spec: name: linkerd-identity-end-entity initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1081,7 +1084,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1532,6 +1535,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1542,7 +1547,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1873,6 +1878,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1883,7 +1890,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index d6181093b7658..d945d8a669657 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -527,6 +527,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -731,9 +732,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1155,6 +1156,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1165,7 +1168,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1671,6 +1674,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1681,7 +1686,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2057,6 +2062,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2067,7 +2074,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 6066124c1a1ce..47a54fb088063 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -527,6 +527,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -731,9 +732,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1155,6 +1156,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1165,7 +1168,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1671,6 +1674,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1681,7 +1686,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2057,6 +2062,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2067,7 +2074,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index aaae91aabe9e5..a3be94b755f68 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -449,6 +449,7 @@ data: disableHeartBeat: true enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -635,9 +636,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1004,6 +1005,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1014,7 +1017,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1474,6 +1477,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1484,7 +1489,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1764,6 +1769,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1774,7 +1781,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_control_plane_output.golden b/cli/cmd/testdata/install_helm_control_plane_output.golden index dfcdfec49fe01..165a30617fd69 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output.golden @@ -519,6 +519,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -681,7 +682,7 @@ data: ignoreInboundPorts: "222" ignoreOutboundPorts: "111" image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" version: test-proxy-init-version iptablesMode: legacy @@ -1046,6 +1047,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1056,7 +1059,7 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1518,6 +1521,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1528,7 +1533,7 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1872,6 +1877,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1882,7 +1889,7 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden index 04f8fad67b242..db401ee455acf 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden @@ -528,6 +528,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -708,7 +709,7 @@ data: ignoreInboundPorts: "222" ignoreOutboundPorts: "111" image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" version: test-proxy-init-version iptablesMode: legacy @@ -1128,6 +1129,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1138,7 +1141,7 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1646,6 +1649,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1656,7 +1661,7 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2036,6 +2041,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2046,7 +2053,7 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_output_ha_labels.golden b/cli/cmd/testdata/install_helm_output_ha_labels.golden index fb4620b9b1e65..6d2a521ea821a 100644 --- a/cli/cmd/testdata/install_helm_output_ha_labels.golden +++ b/cli/cmd/testdata/install_helm_output_ha_labels.golden @@ -528,6 +528,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -712,7 +713,7 @@ data: ignoreInboundPorts: "444" ignoreOutboundPorts: "333" image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" version: test-proxy-init-version iptablesMode: legacy @@ -1136,6 +1137,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1146,7 +1149,7 @@ spec: - "4190,4191,444" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1658,6 +1661,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1668,7 +1673,7 @@ spec: - "4190,4191,444" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2056,6 +2061,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2066,7 +2073,7 @@ spec: - "4190,4191,444" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden index bfb58e5ab2471..731b4183817de 100644 --- a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden +++ b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden @@ -523,6 +523,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -703,7 +704,7 @@ data: ignoreInboundPorts: "222" ignoreOutboundPorts: "111" image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" version: test-proxy-init-version iptablesMode: legacy @@ -1118,6 +1119,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1128,7 +1131,7 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1636,6 +1639,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1646,7 +1651,7 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2026,6 +2031,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2036,7 +2043,7 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: ghcr.io/alpeb/proxy-init:test-proxy-init-version imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index 51c2f51014287..0884b30411090 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -704,9 +705,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index eebff2e712c83..4d3638dfd7047 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -509,6 +509,7 @@ data: disableHeartBeat: false enableEndpointSlices: false enableH2Upgrade: true + enableIPv6: false enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -1042,6 +1043,7 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1515,6 +1517,7 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1863,6 +1866,7 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1947,7 +1951,7 @@ spec: --- apiVersion: v1 data: - linkerd-config-overrides: Y2xpVmVyc2lvbjogQ2xpVmVyc2lvbgpjbHVzdGVyTmV0d29ya3M6IENsdXN0ZXJOZXR3b3Jrcwpjb250cm9sUGxhbmVUcmFjaW5nTmFtZXNwYWNlOiAiIgpjb250cm9sbGVyOiBudWxsCmNvbnRyb2xsZXJJbWFnZTogQ29udHJvbGxlckltYWdlCmNvbnRyb2xsZXJMb2dGb3JtYXQ6IENvbnRyb2xsZXJMb2dGb3JtYXQKY29udHJvbGxlckxvZ0xldmVsOiBDb250cm9sbGVyTG9nTGV2ZWwKZGVidWdDb250YWluZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBEZWJ1Z0ltYWdlTmFtZQogICAgcHVsbFBvbGljeTogRGVidWdJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IERlYnVnVmVyc2lvbgplbmFibGVFbmRwb2ludFNsaWNlczogZmFsc2UKaGVhcnRiZWF0U2NoZWR1bGU6IDEgMiAzIDQgNQppZGVudGl0eToKICBpc3N1ZXI6CiAgICB0bHM6CiAgICAgIGNydFBFTTogfAogICAgICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgICAgIE1JSUJ3RENDQVdlZ0F3SUJBZ0lSQUpSSWdaOFJ0TzhFd2cxWGVwZjhUNDR3Q2dZSUtvWkl6ajBFQXdJd0tURW4KICAgICAgICBNQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1YTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUI0WERUSXdNRGd5CiAgICAgICAgT0RBM01UTTBOMW9YRFRNd01EZ3lOakEzTVRNME4xb3dLVEVuTUNVR0ExVUVBeE1lYVdSbGJuUnBkSGt1YkdsdQogICAgICAgIGEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTEvRnAKICAgICAgICBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzJkUXZSYVlhbnV4RDM2RHQxCiAgICAgICAgMi9KeHlpU2d4S1dSZG9heSthTndNRzR3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJTUFZQgogICAgICAgIEFmOENBUUF3SFFZRFZSME9CQllFRkkxV25ycU1ZS2FISE9vK3pweWlpRHEycE8wS01Da0dBMVVkRVFRaU1DQ0MKICAgICAgICBIbWxrWlc1MGFYUjVMbXhwYm10bGNtUXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFCiAgICAgICAgQWlBdHVvSTVYdUN0ckdWUnpTbVJUbDJyYTI4YVY5TXlUVTdkNXFuVEFGSEtTZ0lnUktDdmx1T1NnQTVPMjFwNQogICAgICAgIDUxdGRybWtIRVpScjBxbExTSmRIWWdFZk16az0KICAgICAgICAtLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiAgICAgIGtleVBFTTogfAogICAgICAgIC0tLS0tQkVHSU4gRUMgUFJJVkFURSBLRVktLS0tLQogICAgICAgIE1IY0NBUUVFSUFBZThuZmJ6WnU5Yy9PQjIrOHhKTTBGejdOVXdUUWF6dWxrRk5zNFRJNStvQW9HQ0NxR1NNNDkKICAgICAgICBBd0VIb1VRRFFnQUUxL0ZwZmNSbkRjZWRMNkFqVWFYWVB2NERJTUJhSnVmT0k1Tld0eStYU1g3SmpYZ1p0TTcyCiAgICAgICAgZFF2UmFZYW51eEQzNkR0MTIvSnh5aVNneEtXUmRvYXkrUT09CiAgICAgICAgLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQppZGVudGl0eVRydXN0QW5jaG9yc1BFTTogfAogIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogIE1JSUJ3VENDQVdhZ0F3SUJBZ0lRZURacDVsRGFJeWdRNVVmTUtackZBVEFLQmdncWhrak9QUVFEQWpBcE1TY3cKICBKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyWlhKa0xtTnNkWE4wWlhJdWJHOWpZV3d3SGhjTk1qQXdPREk0CiAgTURjeE1qUTNXaGNOTXpBd09ESTJNRGN4TWpRM1dqQXBNU2N3SlFZRFZRUURFeDVwWkdWdWRHbDBlUzVzYVc1cgogIFpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFScWM3MFoKICBsMXZndzc5cmpCNXVTSVRJQ1VBNkd5ZnZTRmZjdUlpczdCL1hGU2trd0FIVTVTL3MxQUFQK1IwVFg3SEJXVUM0CiAgdWFHNFdXc2l3SktObjdtZ28zQXdiakFPQmdOVkhROEJBZjhFQkFNQ0FRWXdFZ1lEVlIwVEFRSC9CQWd3QmdFQgogIC93SUJBVEFkQmdOVkhRNEVGZ1FVNVl0alZWUGZkN0k3TkxIc24yQzI2RUJ5R1Ywd0tRWURWUjBSQkNJd0lJSWUKICBhV1JsYm5ScGRIa3ViR2x1YTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUFvR0NDcUdTTTQ5QkFNQ0Ewa0FNRVlDCiAgSVFDTjdsQkZMRER2ang2VjArWGtqcEtFUlJzSllmNWFkTXZubG9GbDQ4aWxKZ0loQU50eGhuZGNyK1FKUHVDOAogIHZnVUMwZDIvOUZNdWVJVk1iKzQ2V1RDT2pzcXIKICAtLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCmltYWdlUHVsbFBvbGljeTogSW1hZ2VQdWxsUG9saWN5CmltYWdlUHVsbFNlY3JldHM6IG51bGwKbGlua2VyZFZlcnNpb246IExpbmtlcmRWZXJzaW9uCm5ldHdvcmtWYWxpZGF0b3I6CiAgZW5hYmxlU2VjdXJpdHlDb250ZXh0OiBmYWxzZQpwb2RNb25pdG9yOiBudWxsCnBvbGljeUNvbnRyb2xsZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBQb2xpY3lDb250cm9sbGVySW1hZ2VOYW1lCiAgICBwdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IFBvbGljeUNvbnRyb2xsZXJWZXJzaW9uCiAgbG9nTGV2ZWw6IGxvZy1sZXZlbAogIHJlc291cmNlczoKICAgIGNwdToKICAgICAgbGltaXQ6IGNwdS1saW1pdAogICAgICByZXF1ZXN0OiBjcHUtcmVxdWVzdAogICAgbWVtb3J5OgogICAgICBsaW1pdDogbWVtb3J5LWxpbWl0CiAgICAgIHJlcXVlc3Q6IG1lbW9yeS1yZXF1ZXN0CnBvbGljeVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcG9saWN5IHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcmlvcml0eUNsYXNzTmFtZTogUHJpb3JpdHlDbGFzc05hbWUKcHJvZmlsZVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcHJvZmlsZSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJveHk6CiAgY29udHJvbDogbnVsbAogIGRlZmF1bHRJbmJvdW5kUG9saWN5OiBkZWZhdWx0LWFsbG93LXBvbGljeQogIGltYWdlOgogICAgbmFtZTogUHJveHlJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlWZXJzaW9uCiAgaW5ib3VuZENvbm5lY3RUaW1lb3V0OiAiIgogIGluYm91bmREaXNjb3ZlcnlDYWNoZVVudXNlZFRpbWVvdXQ6ICIiCiAgbG9nTGV2ZWw6IHdhcm4sbGlua2VyZD1pbmZvCiAgb3BhcXVlUG9ydHM6IDI1LDQ0Myw1ODcsMzMwNiw1NDMyLDExMjExCiAgb3V0Ym91bmRDb25uZWN0VGltZW91dDogIiIKICBvdXRib3VuZERpc2NvdmVyeUNhY2hlVW51c2VkVGltZW91dDogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIGxpbWl0OiBjcHUtbGltaXQKICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgIG1lbW9yeToKICAgICAgbGltaXQ6IG1lbW9yeS1saW1pdAogICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdAogIHN0YXJ0dXBQcm9iZTogbnVsbApwcm94eUNvbnRhaW5lck5hbWU6IFByb3h5Q29udGFpbmVyTmFtZQpwcm94eUluaXQ6CiAgaWdub3JlSW5ib3VuZFBvcnRzOiAiIgogIGlnbm9yZU91dGJvdW5kUG9ydHM6ICI0NDMiCiAgaW1hZ2U6CiAgICBuYW1lOiBQcm94eUluaXRJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlJbml0VmVyc2lvbgogIGt1YmVBUElTZXJ2ZXJQb3J0czogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIHJlcXVlc3Q6IDEwbQogICAgbWVtb3J5OgogICAgICBsaW1pdDogNTBNaQogICAgICByZXF1ZXN0OiAxME1pCnByb3h5SW5qZWN0b3I6CiAgY2FCdW5kbGU6IHByb3h5IGluamVjdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCndlYmhvb2tGYWlsdXJlUG9saWN5OiBXZWJob29rRmFpbHVyZVBvbGljeQo= + linkerd-config-overrides: Y2xpVmVyc2lvbjogQ2xpVmVyc2lvbgpjbHVzdGVyTmV0d29ya3M6IENsdXN0ZXJOZXR3b3Jrcwpjb250cm9sUGxhbmVUcmFjaW5nTmFtZXNwYWNlOiAiIgpjb250cm9sbGVyOiBudWxsCmNvbnRyb2xsZXJJbWFnZTogQ29udHJvbGxlckltYWdlCmNvbnRyb2xsZXJMb2dGb3JtYXQ6IENvbnRyb2xsZXJMb2dGb3JtYXQKY29udHJvbGxlckxvZ0xldmVsOiBDb250cm9sbGVyTG9nTGV2ZWwKZGVidWdDb250YWluZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBEZWJ1Z0ltYWdlTmFtZQogICAgcHVsbFBvbGljeTogRGVidWdJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IERlYnVnVmVyc2lvbgplbmFibGVFbmRwb2ludFNsaWNlczogZmFsc2UKZW5hYmxlSVB2NjogZmFsc2UKaGVhcnRiZWF0U2NoZWR1bGU6IDEgMiAzIDQgNQppZGVudGl0eToKICBpc3N1ZXI6CiAgICB0bHM6CiAgICAgIGNydFBFTTogfAogICAgICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgICAgIE1JSUJ3RENDQVdlZ0F3SUJBZ0lSQUpSSWdaOFJ0TzhFd2cxWGVwZjhUNDR3Q2dZSUtvWkl6ajBFQXdJd0tURW4KICAgICAgICBNQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1YTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUI0WERUSXdNRGd5CiAgICAgICAgT0RBM01UTTBOMW9YRFRNd01EZ3lOakEzTVRNME4xb3dLVEVuTUNVR0ExVUVBeE1lYVdSbGJuUnBkSGt1YkdsdQogICAgICAgIGEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTEvRnAKICAgICAgICBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzJkUXZSYVlhbnV4RDM2RHQxCiAgICAgICAgMi9KeHlpU2d4S1dSZG9heSthTndNRzR3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJTUFZQgogICAgICAgIEFmOENBUUF3SFFZRFZSME9CQllFRkkxV25ycU1ZS2FISE9vK3pweWlpRHEycE8wS01Da0dBMVVkRVFRaU1DQ0MKICAgICAgICBIbWxrWlc1MGFYUjVMbXhwYm10bGNtUXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFCiAgICAgICAgQWlBdHVvSTVYdUN0ckdWUnpTbVJUbDJyYTI4YVY5TXlUVTdkNXFuVEFGSEtTZ0lnUktDdmx1T1NnQTVPMjFwNQogICAgICAgIDUxdGRybWtIRVpScjBxbExTSmRIWWdFZk16az0KICAgICAgICAtLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiAgICAgIGtleVBFTTogfAogICAgICAgIC0tLS0tQkVHSU4gRUMgUFJJVkFURSBLRVktLS0tLQogICAgICAgIE1IY0NBUUVFSUFBZThuZmJ6WnU5Yy9PQjIrOHhKTTBGejdOVXdUUWF6dWxrRk5zNFRJNStvQW9HQ0NxR1NNNDkKICAgICAgICBBd0VIb1VRRFFnQUUxL0ZwZmNSbkRjZWRMNkFqVWFYWVB2NERJTUJhSnVmT0k1Tld0eStYU1g3SmpYZ1p0TTcyCiAgICAgICAgZFF2UmFZYW51eEQzNkR0MTIvSnh5aVNneEtXUmRvYXkrUT09CiAgICAgICAgLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQppZGVudGl0eVRydXN0QW5jaG9yc1BFTTogfAogIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogIE1JSUJ3VENDQVdhZ0F3SUJBZ0lRZURacDVsRGFJeWdRNVVmTUtackZBVEFLQmdncWhrak9QUVFEQWpBcE1TY3cKICBKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyWlhKa0xtTnNkWE4wWlhJdWJHOWpZV3d3SGhjTk1qQXdPREk0CiAgTURjeE1qUTNXaGNOTXpBd09ESTJNRGN4TWpRM1dqQXBNU2N3SlFZRFZRUURFeDVwWkdWdWRHbDBlUzVzYVc1cgogIFpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFScWM3MFoKICBsMXZndzc5cmpCNXVTSVRJQ1VBNkd5ZnZTRmZjdUlpczdCL1hGU2trd0FIVTVTL3MxQUFQK1IwVFg3SEJXVUM0CiAgdWFHNFdXc2l3SktObjdtZ28zQXdiakFPQmdOVkhROEJBZjhFQkFNQ0FRWXdFZ1lEVlIwVEFRSC9CQWd3QmdFQgogIC93SUJBVEFkQmdOVkhRNEVGZ1FVNVl0alZWUGZkN0k3TkxIc24yQzI2RUJ5R1Ywd0tRWURWUjBSQkNJd0lJSWUKICBhV1JsYm5ScGRIa3ViR2x1YTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUFvR0NDcUdTTTQ5QkFNQ0Ewa0FNRVlDCiAgSVFDTjdsQkZMRER2ang2VjArWGtqcEtFUlJzSllmNWFkTXZubG9GbDQ4aWxKZ0loQU50eGhuZGNyK1FKUHVDOAogIHZnVUMwZDIvOUZNdWVJVk1iKzQ2V1RDT2pzcXIKICAtLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCmltYWdlUHVsbFBvbGljeTogSW1hZ2VQdWxsUG9saWN5CmltYWdlUHVsbFNlY3JldHM6IG51bGwKbGlua2VyZFZlcnNpb246IExpbmtlcmRWZXJzaW9uCm5ldHdvcmtWYWxpZGF0b3I6CiAgZW5hYmxlU2VjdXJpdHlDb250ZXh0OiBmYWxzZQpwb2RNb25pdG9yOiBudWxsCnBvbGljeUNvbnRyb2xsZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBQb2xpY3lDb250cm9sbGVySW1hZ2VOYW1lCiAgICBwdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IFBvbGljeUNvbnRyb2xsZXJWZXJzaW9uCiAgbG9nTGV2ZWw6IGxvZy1sZXZlbAogIHJlc291cmNlczoKICAgIGNwdToKICAgICAgbGltaXQ6IGNwdS1saW1pdAogICAgICByZXF1ZXN0OiBjcHUtcmVxdWVzdAogICAgbWVtb3J5OgogICAgICBsaW1pdDogbWVtb3J5LWxpbWl0CiAgICAgIHJlcXVlc3Q6IG1lbW9yeS1yZXF1ZXN0CnBvbGljeVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcG9saWN5IHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcmlvcml0eUNsYXNzTmFtZTogUHJpb3JpdHlDbGFzc05hbWUKcHJvZmlsZVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcHJvZmlsZSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJveHk6CiAgY29udHJvbDogbnVsbAogIGRlZmF1bHRJbmJvdW5kUG9saWN5OiBkZWZhdWx0LWFsbG93LXBvbGljeQogIGltYWdlOgogICAgbmFtZTogUHJveHlJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlWZXJzaW9uCiAgaW5ib3VuZENvbm5lY3RUaW1lb3V0OiAiIgogIGluYm91bmREaXNjb3ZlcnlDYWNoZVVudXNlZFRpbWVvdXQ6ICIiCiAgbG9nTGV2ZWw6IHdhcm4sbGlua2VyZD1pbmZvCiAgb3BhcXVlUG9ydHM6IDI1LDQ0Myw1ODcsMzMwNiw1NDMyLDExMjExCiAgb3V0Ym91bmRDb25uZWN0VGltZW91dDogIiIKICBvdXRib3VuZERpc2NvdmVyeUNhY2hlVW51c2VkVGltZW91dDogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIGxpbWl0OiBjcHUtbGltaXQKICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgIG1lbW9yeToKICAgICAgbGltaXQ6IG1lbW9yeS1saW1pdAogICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdAogIHN0YXJ0dXBQcm9iZTogbnVsbApwcm94eUNvbnRhaW5lck5hbWU6IFByb3h5Q29udGFpbmVyTmFtZQpwcm94eUluaXQ6CiAgaWdub3JlSW5ib3VuZFBvcnRzOiAiIgogIGlnbm9yZU91dGJvdW5kUG9ydHM6ICI0NDMiCiAgaW1hZ2U6CiAgICBuYW1lOiBQcm94eUluaXRJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlJbml0VmVyc2lvbgogIGt1YmVBUElTZXJ2ZXJQb3J0czogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIHJlcXVlc3Q6IDEwbQogICAgbWVtb3J5OgogICAgICBsaW1pdDogNTBNaQogICAgICByZXF1ZXN0OiAxME1pCnByb3h5SW5qZWN0b3I6CiAgY2FCdW5kbGU6IHByb3h5IGluamVjdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCndlYmhvb2tGYWlsdXJlUG9saWN5OiBXZWJob29rRmFpbHVyZVBvbGljeQo= kind: Secret metadata: creationTimestamp: null diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index cba2a4a2d3610..37d0e04e54482 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -704,9 +705,9 @@ data: ignoreInboundPorts: 22,8100-8102 ignoreOutboundPorts: "5432" image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1086,7 @@ spec: - "4190,4191,22,8100-8102" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1546,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1558,7 @@ spec: - "4190,4191,22,8100-8102" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1898,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1910,7 @@ spec: - "4190,4191,22,8100-8102" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_values_file.golden b/cli/cmd/testdata/install_values_file.golden index 2e63e2914e1c0..d1a1fcada82cc 100644 --- a/cli/cmd/testdata/install_values_file.golden +++ b/cli/cmd/testdata/install_values_file.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -704,9 +705,9 @@ data: ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 image: - name: cr.l5d.io/linkerd/proxy-init + name: ghcr.io/alpeb/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1086,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1546,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1558,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1898,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode=legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1910,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: ghcr.io/alpeb/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/controller/proxy-injector/fake/data/pod-with-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-debug.patch.json index 443bdc19f634b..b5e88cc0193d9 100644 --- a/controller/proxy-injector/fake/data/pod-with-debug.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-debug.patch.json @@ -47,6 +47,8 @@ "path": "/spec/initContainers/-", "value": { "args": [ + "--iptables-mode=legacy", + "--ipv6", "--incoming-proxy-port", "4143", "--outgoing-proxy-port", @@ -58,7 +60,7 @@ "--outbound-ports-to-ignore", "4567,4568" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.2.4", + "image": "ghcr.io/alpeb/proxy-init:ipv6", "imagePullPolicy": "IfNotPresent", "name": "linkerd-init", "resources": { diff --git a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json index cdab04c39b850..6844f8b9295c3 100644 --- a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json @@ -57,6 +57,8 @@ "path": "/spec/initContainers/-", "value": { "args": [ + "--iptables-mode=legacy", + "--ipv6", "--incoming-proxy-port", "4143", "--outgoing-proxy-port", @@ -68,7 +70,7 @@ "--outbound-ports-to-ignore", "34567" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.2.4", + "image": "ghcr.io/alpeb/proxy-init:ipv6", "imagePullPolicy": "IfNotPresent", "name": "linkerd-init", "resources": { diff --git a/controller/proxy-injector/fake/data/pod.patch.json b/controller/proxy-injector/fake/data/pod.patch.json index 3352a7c65e430..85c267b3115f4 100644 --- a/controller/proxy-injector/fake/data/pod.patch.json +++ b/controller/proxy-injector/fake/data/pod.patch.json @@ -47,6 +47,8 @@ "path": "/spec/initContainers/-", "value": { "args": [ + "--iptables-mode=legacy", + "--ipv6", "--incoming-proxy-port", "4143", "--outgoing-proxy-port", @@ -58,7 +60,7 @@ "--outbound-ports-to-ignore", "4567,4568" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.2.4", + "image": "ghcr.io/alpeb/proxy-init:ipv6", "imagePullPolicy": "IfNotPresent", "name": "linkerd-init", "resources": { diff --git a/pkg/charts/cni/values.go b/pkg/charts/cni/values.go index 46e29d23d567e..cbd72be7d370a 100644 --- a/pkg/charts/cni/values.go +++ b/pkg/charts/cni/values.go @@ -66,6 +66,8 @@ type Values struct { CommonLabels map[string]string `json:"commonLabels"` ImagePullSecrets []map[string]string `json:"imagePullSecrets"` ExtraInitContainers []interface{} `json:"extraInitContainers"` + IptablesMode string `json:"iptablesMode"` + EnableIPv6 bool `json:"enableIPv6"` EnablePSP bool `json:"enablePSP"` Privileged bool `json:"privileged"` Resources Resources `json:"resources"` diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index bf1968ca700c2..26bdd2d2d4e97 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -49,6 +49,7 @@ type ( HighAvailability bool `json:"highAvailability"` CNIEnabled bool `json:"cniEnabled"` EnableEndpointSlices bool `json:"enableEndpointSlices"` + EnableIPv6 bool `json:"enableIPv6"` ControlPlaneTracing bool `json:"controlPlaneTracing"` ControlPlaneTracingNamespace string `json:"controlPlaneTracingNamespace"` IdentityTrustAnchorsPEM string `json:"identityTrustAnchorsPEM"` diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index c83b81240702f..e72a457bfe5a9 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -66,6 +66,7 @@ func TestNewValues(t *testing.T) { PodAnnotations: map[string]string{}, PodLabels: map[string]string{}, EnableEndpointSlices: true, + EnableIPv6: true, EnablePodDisruptionBudget: false, Controller: &Controller{ PodDisruptionBudget: &PodDisruptionBudget{ @@ -168,7 +169,7 @@ func TestNewValues(t *testing.T) { LogLevel: "", LogFormat: "", Image: &Image{ - Name: "cr.l5d.io/linkerd/proxy-init", + Name: "ghcr.io/alpeb/proxy-init", Version: testVersion, }, Resources: &Resources{ diff --git a/pkg/version/version.go b/pkg/version/version.go index 503897705382a..9bfe9385d8be2 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -15,8 +15,8 @@ var Version = undefinedVersion // ProxyInitVersion is the pinned version of the proxy-init, from // https://github.com/linkerd/linkerd2-proxy-init This has to be kept in sync // with the default version in the control plane's values.yaml. -var ProxyInitVersion = "v2.2.4" -var LinkerdCNIVersion = "v1.3.0" +var ProxyInitVersion = "ipv6" +var LinkerdCNIVersion = "ipv6" const ( // undefinedVersion should take the form `channel-version` to conform to