inject

The inject command is a text transform that modifies Kubernetes manifests passed to it either as a file or as a stream (-) to adds a linkerd.io/inject: enabled annotation to eligible resources in the manifest. When the resulting annotated manifest is applied to the Kubernetes cluster, Linkerd’s proxy autoinjector automatically adds the Linkerd data plane proxies to the corresponding pods.

Note that there is no a priori reason to use this command. In production, these annotations may be instead set by a CI/CD system, or any other deploy-time mechanism.

Manual injection

Alternatively, this command can also perform the full injection purely on the client side, by enabling with the --manual flag. (Prior to Linkerd 2.4, this was the default behavior.)

Examples

# Inject all the deployments in the default namespace.
kubectl get deploy -o yaml | linkerd inject - | kubectl apply -f -

# Injecting a file from a remote URL
linkerd inject http://url.to/yml | kubectl apply -f -

# Inject all the resources inside a folder and its sub-folders.
linkerd inject <folder> | kubectl apply -f -

Flags

Flag Usage
--admin-port Proxy port to serve metrics on
--control-port Proxy port to use for control
--disable-identity Disables resources from participating in TLS identity
--disable-tap Disables resources from being tapped
--enable-debug-sidecar Inject a debug sidecar for data plane debugging
--enable-external-profiles Enable service profiles for non-Kubernetes services
--ignore-cluster Ignore the current Kubernetes cluster when checking for existing cluster configuration (default false)
--image-pull-policy Docker image pull policy
--inbound-port Proxy port to use for inbound traffic
--init-image Linkerd init container image name
--init-image-version Linkerd init container image version
--manual Include the proxy sidecar container spec in the YAML output (the auto-injector won’t pick it up, so config annotations aren’t supported) (default false)
--outbound-port Proxy port to use for outbound traffic
--proxy-cpu Amount of CPU units that the proxy sidecar requests
--proxy-cpu-limit Maximum amount of CPU units that the proxy sidecar can use
--proxy-cpu-request Amount of CPU units that the proxy sidecar requests
--proxy-image Linkerd proxy container image name
--proxy-log-level Log level for the proxy
--proxy-memory Amount of Memory that the proxy sidecar requests
--proxy-memory-limit Maximum amount of Memory that the proxy sidecar can use
--proxy-memory-request Amount of Memory that the proxy sidecar requests
--proxy-uid Run the proxy under this user ID
--proxy-version
-v
Tag to be used for the Linkerd proxy images
--registry Docker registry to pull images from
--skip-inbound-ports Ports that should skip the proxy and send directly to the application
--skip-outbound-ports Outbound ports that should skip the proxy
--trace-collector Collector Service address for the proxies to send Trace Data
--trace-collector-svc-account Service account associated with the Trace collector instance