Proxy Configuration

Proxy Configuration

Linkerd provides a set of annotations that can be used to override the dataplane proxy’s configuration. This is useful for overriding the defaultconfigurations of auto-injected proxies.

The following is the list of supported annotations:

Annotation	Description
`config.linkerd.io/admin-port`	Proxy port to serve metrics on
`config.linkerd.io/control-port`	Proxy port to use for control
`config.linkerd.io/disable-identity`	Disables resources from participating in TLS identity
`config.linkerd.io/disable-tap`	Disables resources from being tapped
`config.linkerd.io/enable-debug-sidecar`	Inject a debug sidecar for data plane debugging
`config.linkerd.io/enable-external-profiles`	Enable service profiles for non-Kubernetes services
`config.linkerd.io/image-pull-policy`	Docker image pull policy
`config.linkerd.io/inbound-port`	Proxy port to use for inbound traffic
`config.linkerd.io/init-image`	Linkerd init container image name
`config.linkerd.io/init-image-version`	Linkerd init container image version
`config.linkerd.io/outbound-port`	Proxy port to use for outbound traffic
`config.linkerd.io/proxy-cpu-limit`	Maximum amount of CPU units that the proxy sidecar can use
`config.linkerd.io/proxy-cpu-request`	Amount of CPU units that the proxy sidecar requests
`config.linkerd.io/proxy-image`	Linkerd proxy container image name
`config.linkerd.io/proxy-log-level`	Log level for the proxy
`config.linkerd.io/proxy-memory-limit`	Maximum amount of Memory that the proxy sidecar can use
`config.linkerd.io/proxy-memory-request`	Amount of Memory that the proxy sidecar requests
`config.linkerd.io/proxy-uid`	Run the proxy under this user ID
`config.linkerd.io/proxy-version`	Tag to be used for the Linkerd proxy images
`config.linkerd.io/skip-inbound-ports`	Ports that should skip the proxy and send directly to the application
`config.linkerd.io/skip-outbound-ports`	Outbound ports that should skip the proxy
`config.linkerd.io/trace-collector`	Service name of the trace collector. E.g. `oc-collector.tracing:55678`
`config.alpha.linkerd.io/trace-collector-service-account`	The trace collector's service account name. E.g.,`tracing-service-account`. If not provided, it will bedefaulted to `default.`

For example, to update an auto-injected proxy’s CPU and memory resources, weinsert the appropriate annotations into the spec.template.metadata.annotationsof the owner’s pod spec, using kubectl edit like this:

spec:
  template:
    metadata:
      annotations:
        config.linkerd.io/proxy-cpu-limit: "1.5"
        config.linkerd.io/proxy-cpu-request: "0.2"
        config.linkerd.io/proxy-memory-limit: 2Gi
        config.linkerd.io/proxy-memory-request: 128Mi

Note that configuration overrides on proxies injected using the linkerd injectcommand is planned for release 2.4. Follow thisGitHub issue for progress.