Instructions for integrating with Contour incomplete #6237
Labels
Milestone
Comments
|
Great catch, thanks @jroper! Are you interested in submitting a fix for this as a PR in the linkerd/website repo? |
alpeb
added a commit
to linkerd/website
that referenced
this issue
Jul 9, 2021
Fixes linkerd/linkerd2#6237 - Since a few releases ago, `linkerd inject` will fail outright if `automountServiceAccountToken` is not `true`. Reshuffled the instructions to account for that. - Added note about adding the `config.linkerd.io/skip-outbound-ports: 8001` annotation when in ingress mode. - Removed the `spec.routes.services.namespace` field from the sample `HTTPProxy` resource, which doesn't appear in the resource API doc. - Replaced `127.0.0.1.xip.io` with `127.0.0.1.nip.io` as the former is down.
cpretzer
added a commit
to linkerd/website
that referenced
this issue
Jul 13, 2021
Fixes linkerd/linkerd2#6237 - Since a few releases ago, `linkerd inject` will fail outright if `automountServiceAccountToken` is not `true`. Reshuffled the instructions to account for that. - Added note about adding the `config.linkerd.io/skip-outbound-ports: 8001` annotation when in ingress mode. - Removed the `spec.routes.services.namespace` field from the sample `HTTPProxy` resource, which doesn't appear in the resource API doc. - Replaced `127.0.0.1.xip.io` with `127.0.0.1.nip.io` as the former is down. Co-authored-by: cpretzer <cpretzer@users.noreply.github.com>
cpretzer
added a commit
to linkerd/website
that referenced
this issue
Jul 14, 2021
* update: june meetup - add video schema - add featured image Signed-off-by: Christian Mejlak <chris@mejlak.com> * Update Contour instructions (#1123) Fixes linkerd/linkerd2#6237 - Since a few releases ago, `linkerd inject` will fail outright if `automountServiceAccountToken` is not `true`. Reshuffled the instructions to account for that. - Added note about adding the `config.linkerd.io/skip-outbound-ports: 8001` annotation when in ingress mode. - Removed the `spec.routes.services.namespace` field from the sample `HTTPProxy` resource, which doesn't appear in the resource API doc. - Replaced `127.0.0.1.xip.io` with `127.0.0.1.nip.io` as the former is down. Co-authored-by: cpretzer <cpretzer@users.noreply.github.com> * update: june meetup - add video schema - add featured image Signed-off-by: Christian Mejlak <chris@mejlak.com> Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io> Co-authored-by: cpretzer <cpretzer@users.noreply.github.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
With the current instructions for integrating with Contour, Contour fails to start, because linkerd blocks traffic from the Contour envoy proxy to the Contour controller manager (an xDS server, uses gRPC with mTLS to communicate) because linkerd only allows HTTP traffic (but the xDS server traffic is TLS) when in ingress mode, the following error is output in the linkerd logs:
To fix this, communication with the xDS server must be excluded from going through the linkerd proxy, by adding the following annotation:
The text was updated successfully, but these errors were encountered: