Linkerd is Kubernetes’ service grid. It makes running services easier and safer by giving you runtime debugging, observability, reliability, and security — all without making any changes to your code.
A service grid is a dedicated infrastructure layer that handles communication between services. It is responsible for reliably delivering requests through a complex service topology that includes modern cloud-native applications. In fact, service grids are typically implemented through a set of lightweight network agents that are deployed with application code without the need to be aware of the application itself. — William Morgan Buoyant CEO
Why do we need a Service Mesh?
- What’s a service mesh? And why do I need one?A detailed explanation is given in this article, which will not be repeated here. Embrace cloud native, microservices have entered
Service MeshEra.
Why Linkerd2 instead of Istio?
- Benchmarking Linkerd and Istio
The deployment environment
- Tencent Cloud TKE K8S Cluster (or your own private K8S cluster)
- CentOS 7.x
You can quickly start an official tutorial, this article is based on the actual combat in Tencent cloud detailed explanation.
- Linkerd V2 Service Mesh
- Getting Started
Viewing the Cluster Version
kubectl version --short
Client Version: v1.16.9
Server Version: v1.16.9
Copy the codeLinkerd2 CLI installation
First we need to download and install the latest version of Linkerd CLI.
Let’s go straight to the Linkerd2 release page and check out the latest version:
- Github.com/linkerd/lin…
Here we download Linkerd2-cli-edge-21.6.1 – Linux -amd64.
Installation:
Wget -c https://github.com/linkerd/linkerd2/releases/download/edge-21.6.1/linkerd2-cli-edge-21.6.1-linux-amd64 mv Linkerd2 - cli - edge - 21.6.1 - Linux - amd64 / usr /local/bin/linkerd
chmod 755 /usr/local/bin/linkerd
Copy the codeNow we run Linkerd and see the following:
Usage:
linkerd [command]
Available Commands:
check Check the Linkerd installation for potential problems
completion Output shell completion code for the specified shell (bash, zsh or fish)
diagnostics Commands used to diagnose Linkerd components
help Help about any commandidentity Display the certificate(s) of one or more selected pod(s) inject Add the Linkerd proxy to a Kubernetes config install Output Kubernetes configs to install Linkerd install-cni Output Kubernetes configs to install Linkerd CNI jaeger jaeger manages the jaeger extension of Linkerd service mesh multicluster Manages the multicluster setupfor Linkerd
profile Output service profile config for Kubernetes
repair Output the secret/linkerd-config-overrides resource ifit has been deleted uninject Remove the Linkerd proxy from a Kubernetes config uninstall Output Kubernetes resources to uninstall Linkerd control plane upgrade Output Kubernetes configs to upgrade an existing Linkerd control plane version Print the client and server version information viz viz manages the linkerd-viz extension of Linkerd service mesh Flags: --api-addr string Override kubeconfig and communicate directly with the control plane at host:port (mostlyfor testing)
--as string Username to impersonate for Kubernetes operations
--as-group stringArray Group to impersonate for Kubernetes operations
--cni-namespace string Namespace in which the Linkerd CNI plugin is installed (default "linkerd-cni")
--context string Name of the kubeconfig context to use
-h, --help help for linkerd
--kubeconfig string Path to the kubeconfig file to use for CLI requests
-L, --linkerd-namespace string Namespace in which Linkerd is installed ($LINKERD_NAMESPACE) (default "linkerd")
--verbose Turn on debug logging
Additional help topics:
linkerd alpha experimental subcommands for Linkerd
Use "linkerd [command] --help" for more information about a command.
Copy the codeInstall the Linkerd2 control plane
Linkerd check –pre: linkerd check –pre: linkerd check –pre
Linkerd core checks = = = = = = = = = = = = = = = = = = = kubernetes API -- -- -- -- -- -- -- -- -- -- -- -- -- -- square root can initialize the client) can query the Kubernetes API version ------------------ √ is running the minimum Kubernetes API version √ is running the Minimum kubectl version pre-kubernetes-setup -------------------- √ Control plane namespace does not already exist √ can Create non-Namespaced resources √ can create ServiceAccounts √ can create Services √ can create Deployments √ can Create CronJobs √ can create ConfigMaps √ Can create Secrets √ canreadCan Secrets)readExtension-apiserver - Authentication configmap √ No clock skew detected pre-kubernetes-capability -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --) from the NET_ADMIN capability) has NET_RAW capability linkerd - version -- -- -- -- -- -- -- -- -- -- -- -- -- -- --) can Determine the latest version √ CLI is up-to-date Status check results are √Copy the codeDeployment control plane:
linkerd install | kubectl apply -f -
Copy the codeSee pod deployment for linkerd namespace:
kubectl get po -n linkerd
NAME READY STATUS RESTARTS AGE
linkerd-destination-6c6bf4fc4-282gd 3/3 Running 0 5m
linkerd-identity-7cd9998969-cvzc8 2/2 Running 0 5m
linkerd-proxy-injector-855b9b6747-r8pcz 2/2 Running 0 5m
Copy the codeAgain, let’s use Linkerd Check to check.
Ok, let’s deploy some common extensions to enhance the functionality of our control plane.
Install Linkerd2 control plane common extension
Deployment of Grafana, Prometheus, Jaeger, etc. (related metrics for Linkerd 2)
Use the following command:
linkerd viz install | kubectl apply -f - # on-cluster metrics stack
kubectl get po -n linkerd-viz Check the namespace until all pods are ready
# grafana-5659477d88-txq5b 0/2 PodInitializing 0 14m
# metrics-api-6fcb849dc-k9sw5 2/2 Running 0 14m
# prometheus-798d8d4698-4x8h2 2/2 Running 0 14m
# tap-f5984d7f7-fkpf9 0/2 PodInitializing 0 14m
# tap-injector-6b455dd64b-2c82n 0/2 PodInitializing 0 14m
# web-657dbffb8f-7d2gr 0/2 PodInitializing 0 14m
Copy the codeKubectl describe Po can be used to obtain detailed error information, such as:
kubectl describe po grafana-5659477d88-txq5b -n linkerd-viz
Copy the codeFor example, I am stuck with the following image (Tencent cloud) :
Cr. L5d. IO/linkerd/grafana: edge - 21.6.1 cr. L5d. IO/linkerd/tap: edge - 21.6.1 cr. L5d. IO/linkerd/web: edge - 21.6.1Copy the codeYou can pull it manually.
Again, we deploy two optional extensions.
The deployment of jaeger:
## optional
linkerd jaeger install | kubectl apply -f - # Jaeger collector and UI
kubectl get po -n linkerd-jaeger Review # namespace
# OR:
# docker pull cr. L5d. IO/linkerd/jaeger - webhook: edge - 21.6.1
# docker pull jaegertracing/all - in - one: 1.19.2
Copy the codeDeploy multicluster:
linkerd multicluster install | kubectl apply -f - # multi-cluster components
kubectl get po -n linkerd-multicluster
# error
linkerd-gateway-bcb5888c5-ws6wz 1/2 ErrImagePull 0 21s
Copy the codeView error messages:
kubectl describe po linkerd-gateway-bcb5888c5-ws6wz -n linkerd-multicluster
# Normal BackOff 21s (x5 over 2m13s) kubelet, k8s-master-01 Back-off pulling image "gcr.io/google_containers/pause"
# Warning Failed 21s (x5 over 2m13s) kubelet, k8s-master-01 Error: ImagePullBackOff
Copy the codeIt was obvious (gcr. IO /google_containers/pause) that we needed scientific access to the Internet (there are too many tutorials to discuss how to do this).
Another tricky issue is that gcr. IO /google_containers/pause is pulled back to gCR. IO when deployed, even though it already exists locally.
So, here’s another way to do it (without an Internet connection).
usekustomizeTo solvelinkerd-gateway(Tencent cloud deployment) is not successful
Check out kustomize.io for details on how to install kustomize.
First, export the Linkerd Multicluster deployment YAML file.
linkerd multicluster install > linkerd-multicluster.yaml
Copy the codeThen, we’ll patch it with patch-linkerd-multicluster.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/cli The edge - 21.6.1
labels:
app.kubernetes.io/name: gateway
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: The edge - 21.6.1
linkerd.io/control-plane-component: gateway
app: linkerd-gateway
linkerd.io/extension: multicluster
name: linkerd-gateway
namespace: linkerd-multicluster
spec:
replicas: 1
selector:
matchLabels:
app: linkerd-gateway
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/cli The edge - 21.6.1
linkerd.io/inject: enabled
config.linkerd.io/proxy-require-identity-inbound-ports: "4191414"
config.linkerd.io/enable-gateway: "true"
labels:
app: linkerd-gateway
spec:
containers:
- name: pause
image: ccr.ccs.tencentyun.com/cloud-native/google-pause
serviceAccountName: linkerd-gateway
Copy the codeCcr.ccs.tencentyun.com/cloud-native/google-pause, this is I uploaded to the cloud of tencent’s public image.
New kustomization. Yaml:
resources:
- linkerd-multicluster.yaml
patchesStrategicMerge:
- patch-linkerd-multicluster.yaml
Copy the codeRedeploy using Kustomize:
kustomize build . | kubectl apply -f -
Copy the codeLook again:
kubectl get po -n linkerd-multicluster
# linkerd-gateway-6c8dc7bb49-6tghc 2/2 Running 0 92s
Copy the codePerfect solution.
Export linkerd- Web administration panel using Traefik Ingressroute
The deployment of traefik V2 will not be described here.
usekustomize 对 linkerd vizDeploy for updates
The domain I’m using here is linkerd-web.hacker-linner.com.
Export YAML files:
linkerd viz install > linkerd-viz.yaml
Copy the codePatch -linkerd-viz-web.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
linkerd.io/created-by: linkerd/helm The edge - 21.6.1
labels:
linkerd.io/extension: viz
app.kubernetes.io/name: web
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: The edge - 21.6.1
component: web
namespace: linkerd-viz
name: web
namespace: linkerd-viz
spec:
replicas: 1
selector:
matchLabels:
linkerd.io/extension: viz
component: web
namespace: linkerd-viz
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/helm The edge - 21.6.1
labels:
linkerd.io/extension: viz
component: web
namespace: linkerd-viz
spec:
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- args:
- -linkerd-metrics-api-addr=metrics-api.linkerd-viz.svc.cluster.local:8085
- -cluster-domain=cluster.local
- -grafana-addr=grafana.linkerd-viz.svc.cluster.local:3000
- -controller-namespace=linkerd
- -viz-namespace=linkerd-viz
- -log-level=info
- -enforced-host=^(linkerd-web\.hacker-linner\.com|localhost|127\.0\.0\.1|web\.linkerd-viz\.svc\.cluster\.local|web\.linke rd-viz\.svc|\[::1\])(:\d+)?$
image: Cr. L5d. IO/linkerd/web: edge - 21.6.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /ping
port: 9994
initialDelaySeconds: 10
name: web
ports:
- containerPort: 8084
name: http
- containerPort: 9994
name: admin-http
readinessProbe:
failureThreshold: 7
httpGet:
path: /ready
port: 9994
resources:
securityContext:
runAsUser: 2103
serviceAccountName: web
Copy the codeUpdate kustomization. Yaml:
resources:
- linkerd-viz.yaml
- linkerd-multicluster.yaml
patchesStrategicMerge:
- patch-linkerd-viz-web.yaml
- patch-linkerd-multicluster.yaml
Copy the coderedeploy
kustomize build . | kubectl apply -f -
Copy the codeSet Ingressroute & Basic Auth
ingressroute-viz.yaml
apiVersion: v1
kind: Secret
metadata:
name: linkerd-authsecret
namespace: linkerd-viz
type: Opaque
stringData:
users: Use htpasswd-nb for this setting
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: linkerd-basic-auth
namespace: linkerd-viz
spec:
basicAuth:
secret: linkerd-authsecret
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: l5d-header-middleware
namespace: linkerd-viz
spec:
headers:
customRequestHeaders:
l5d-dst-override: "web.linkerd-viz.svc.cluster.local:8084"
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: linkerd-web-ingress-route
namespace: linkerd-viz
spec:
entryPoints:
- websecure
tls:
secretName: hacker-linner-cert-tls
routes:
- match: Host(`linkerd-web.hacker-linner.com`)
kind: Rule
services:
- name: web
port: 8084
middlewares:
- name: l5d-header-middleware
- name: linkerd-basic-auth
Copy the codeDeployment:
kubectl apply -f ingressroute-viz.yaml
Copy the code
Deploy emojivoto
Run the following command:
curl -sL https://run.linkerd.io/emojivoto.yml \
| kubectl apply -f
Copy the codeReview deployment:
kubectl get po -n emojivoto
# OR
# docker pull docker.l5d.io/buoyantio/emojivoto-emoji-svc:v11
# docker pull docker.l5d.io/buoyantio/emojivoto-web:v11
# docker pull docker.l5d.io/buoyantio/emojivoto-voting-svc:v11
emoji-6b776684f5-nnflg 1/1 Running 0 6m4s
vote-bot-64695c4dc6-jn8ln 1/1 Running 0 6m4s
voting-7778876bdb-kdvsx 1/1 Running 0 6m4s
web-6f8d774656-9dsw7 1/1 Running 0 6m4s
Copy the codeSet the Ingressroute
Here’s emojivoto.hacker-linner.com
emojivoto-ingressroute.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: emojivoto-web-ingress-route
namespace: emojivoto
spec:
entryPoints:
- websecure
tls:
secretName: hacker-linner-cert-tls
routes:
- match: Host(`emojivoto.hacker-linner.com`)
kind: Rule
services:
- name: web-svc
port: 80
Copy the code
Service Mesh (Linkerd) injection
Add Linkerd to emojivoto:
kubectl get -n emojivoto deploy -o yaml \
| linkerd inject - \
| kubectl apply -f -
Copy the codeCheck to see if everything is ok:
linkerd -n emojivoto check --proxy
Copy the codeGo back to the panel to see emojivoto:
It was perfect. Everything was fine.
A final look at the Grafana panel:
Refs
- What’s a service mesh? And why do I need one?
- Linkerd V2 Service Mesh
- Getting Started
I am weishao wechat: uuhells123 public number: hackers afternoon tea add my wechat (mutual learning exchange), pay attention to the public number (for more learning materials ~)Copy the code