Proxy Configuration

Linkerd provides a set of annotations that can be used to override the data plane proxy's configuration. This is useful for overriding the default configurations of auto-injected proxies.

The following is the list of supported annotations:

Annotation Description
config.alpha.linkerd.io/proxy-wait-before-exit-seconds The proxy sidecar will stay alive for at least the given period before receiving SIGTERM signal from Kubernetes but no longer than pod's terminationGracePeriodSeconds. If not provided, it will be defaulted to 0
config.alpha.linkerd.io/trace-collector-service-account The trace collector's service account name. E.g., tracing-service-account. If not provided, it will be defaulted to default.
config.linkerd.io/admin-port Proxy port to serve metrics on
config.linkerd.io/control-port Proxy port to use for control
config.linkerd.io/debug-image Linkerd debug container image name
config.linkerd.io/debug-image-pull-policy Docker image pull policy for debug image
config.linkerd.io/debug-image-version Linkerd debug container image version
config.linkerd.io/disable-identity Disables resources from participating in TLS identity
config.linkerd.io/disable-tap Disables resources from being tapped
config.linkerd.io/enable-debug-sidecar Inject a debug sidecar for data plane debugging
config.linkerd.io/enable-external-profiles Enable service profiles for non-Kubernetes services
config.linkerd.io/image-pull-policy Docker image pull policy
config.linkerd.io/inbound-port Proxy port to use for inbound traffic
config.linkerd.io/init-image Linkerd init container image name
config.linkerd.io/init-image-version Linkerd init container image version
config.linkerd.io/outbound-port Proxy port to use for outbound traffic
config.linkerd.io/proxy-cpu-limit Maximum amount of CPU units that the proxy sidecar can use
config.linkerd.io/proxy-cpu-request Amount of CPU units that the proxy sidecar requests
config.linkerd.io/proxy-image Linkerd proxy container image name
config.linkerd.io/proxy-log-level Log level for the proxy
config.linkerd.io/proxy-memory-limit Maximum amount of Memory that the proxy sidecar can use
config.linkerd.io/proxy-memory-request Amount of Memory that the proxy sidecar requests
config.linkerd.io/proxy-uid Run the proxy under this user ID
config.linkerd.io/proxy-version Tag to be used for the Linkerd proxy images
config.linkerd.io/skip-inbound-ports Ports that should skip the proxy and send directly to the application
config.linkerd.io/skip-outbound-ports Outbound ports that should skip the proxy
config.linkerd.io/trace-collector Service name of the trace collector. E.g. linkerd-collector.linkerd:55678

For example, to update an auto-injected proxy's CPU and memory resources, we insert the appropriate annotations into the spec.template.metadata.annotations of the owner's pod spec, using kubectl edit like this:

spec:
  template:
    metadata:
      annotations:
        config.linkerd.io/proxy-cpu-limit: "1.5"
        config.linkerd.io/proxy-cpu-request: "0.2"
        config.linkerd.io/proxy-memory-limit: 2Gi
        config.linkerd.io/proxy-memory-request: 128Mi

Note that configuration overrides on proxies injected using the linkerd inject command is planned for release 2.4. Follow this GitHub issue for progress.