简介
和大部分服务网格一样,linkerd分为控制平面和数据平面
安装linkerd cli
wget https://github.com/linkerd/linkerd2/releases/download/edge-22.10.3/linkerd2-cli-edge-22.10.3-darwin-arm64
chmod +x linkerd2-cli-edge-22.10.3-darwin-arm64
mv linkerd2-cli-edge-22.10.3-darwin-arm64 bin/linkerd
检查你的k8s连接状态
kubectl get pods -A
预先检查下环境
linkerd check --pre
如果都ok,那么输出应该类似于下面
Linkerd core checks
===================
kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API
kubernetes-version
------------------
√ is running the minimum Kubernetes API version
pre-kubernetes-setup
--------------------
√ control plane namespace does not already exist
√ can create non-namespaced resources
√ can create ServiceAccounts
√ can create Services
√ can create Deployments
√ can create CronJobs
√ can create ConfigMaps
√ can create Secrets
√ can read Secrets
√ can read extension-apiserver-authentication configmap
√ no clock skew detected
linkerd-version
---------------
√ can determine the latest version
√ cli is up-to-date
Status check results are √
安装控制平面
安装crd
linkerd install --crds >crd.yaml
linkerd install --crds | kubectl apply -f -
安装控制平面
linkerd install > res.yaml
linkerd install | kubectl apply -f -
检查安装状态
linkerd check
Linkerd core checks
===================
kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API
kubernetes-version
------------------
√ is running the minimum Kubernetes API version
linkerd-existence
-----------------
√ 'linkerd-config' config map exists
√ heartbeat ServiceAccount exist
√ control plane replica sets are ready
√ no unschedulable pods
√ control plane pods are ready
√ cluster networks contains all node podCIDRs
√ cluster networks contains all pods
√ cluster networks contains all services
linkerd-config
--------------
√ control plane Namespace exists
√ control plane ClusterRoles exist
√ control plane ClusterRoleBindings exist
√ control plane ServiceAccounts exist
√ control plane CustomResourceDefinitions exist
√ control plane MutatingWebhookConfigurations exist
√ control plane ValidatingWebhookConfigurations exist
√ proxy-init container runs as root user if docker container runtime is used
linkerd-identity
----------------
√ certificate config is valid
√ trust anchors are using supported crypto algorithm
√ trust anchors are within their validity period
√ trust anchors are valid for at least 60 days
√ issuer cert is using supported crypto algorithm
√ issuer cert is within its validity period
√ issuer cert is valid for at least 60 days
√ issuer cert is issued by the trust anchor
linkerd-webhooks-and-apisvc-tls
-------------------------------
√ proxy-injector webhook has valid cert
√ proxy-injector cert is valid for at least 60 days
√ sp-validator webhook has valid cert
√ sp-validator cert is valid for at least 60 days
√ policy-validator webhook has valid cert
√ policy-validator cert is valid for at least 60 days
linkerd-version
---------------
√ can determine the latest version
√ cli is up-to-date
control-plane-version
---------------------
√ can retrieve the control plane version
√ control plane is up-to-date
√ control plane and cli versions match
linkerd-control-plane-proxy
---------------------------
√ control plane proxies are healthy
√ control plane proxies are up-to-date
√ control plane proxies and cli versions match
Status check results are √
安装Viz扩展
linkerd viz install>viz.yaml
linkerd viz install|kubectl apply -f -
等viz扩展的相关pod都启动完成之后,查看dashboard
linkerd viz dashboard
安装演示程序
wget https://run.linkerd.io/emojivoto.yml
kubectl apply -f emojivoto.yml
注入数据平面组件
使用cli注入
kubectl get -n emojivoto deploy -o yaml \
| linkerd inject - \
| kubectl apply -f -
或者直接在你的deployment或者namespace中添加annotations
annotations:
linkerd.io/inject: enabled
卸载
删除示例程序
kubectl get -n emojivoto deploy -o yaml \
| linkerd uninject - \
| kubectl apply -f -
kubectl delete -f emojivoto.yml
卸载viz扩展
linkerd viz uninstall | kubectl delete -f -
卸载linkerd
linkerd uninstall | kubectl delete -f -
欢迎关注我的博客www.bboy.app
Have Fun