In order for your services to leverage Linkerd, they also need to grid by injecting Linkerd’s Data Plane Proxy into their service’s POD.

Linkerd 2.10 中文 版

  • linkerd.hacker-linner.com/

Linkerd 2.10 series

  • Linkerd V2 Service Mesh
  • Tencent Cloud K8S deployment Service Mesh — Linkerd2 & Traefik2 deployment emojivoto application
  • Learn about the basic features of Linkerd 2.10 and step into the era of Service Mesh

Adding Linkerd’s control plane to your cluster will not change anything about your application. In order for your services to leverage Linkerd, they need to meshed by injecting Linkerd’s data plane proxy into their PODS.

For most applications, grid services are as simple as adding Kubernetes annotations. However, services that make network calls immediately upon startup may need to handle startup race conditions, while services that use MySQL, SMTP, Memcache, and similar protocols may need to handle the Server-migration-first protocol.

Read on to learn more!

Grid services using Annotations

Meshing Kubernetes resources is usually done by annotating the resource or its namespace using the Kubernetes annotation of Linkerd.io/Inject: Enabled. This annotation triggers automatic proxy injection when a resource is created or updated.

For convenience, Linkerd provides a Linkerd Inject text conversion command that adds this annotation to a given Kubernetes list. Of course, these annotations can be set by any other mechanism.

Simply adding annotations does not automatically mesh existing pods. After setting the annotations, you need to recreate or update any resources (for example, using kubectl rollout Restart) to trigger proxy injection. (Typically, rolling Update can be performed to inject the agent into the live service without interruption.)

The sample

To add Linkerd’s data plane proxy to the service defined in Kubernetes manifest, you can add Annotations using Linkerd Inject before applying the manifest to Kubernetes:

cat deployment.yml | linkerd inject - | kubectl apply -f -
Copy the code

This example transforms the deployment.yml file to add Injection annotations in the right place, and then applies them to the cluster.

Verify that data plane Pod has been injected

To verify that your service has been added to the grid, you can query Kubernetes for a list of containers in the POD and make sure the agents are listed:

kubectl -n MYNAMESPACE get po -o jsonpath='{.items[0].spec.containers[*].name}'
Copy the code

Here’s a look at the emojivoto app:

kubectl -n emojivoto get po -o jsonpath='{.items[0].spec.containers[*].name}'

If all goes well, you'll see 'Linkerd-proxy' in the output, for example:
linkerd-proxy emoji-svc
Copy the code

Description of Startup Race conditions

Although the agent starts very quickly, Kubernetes does not provide any guarantees about the order in which the container starts, so the application container may start before the agent is ready. This means that any connections made immediately when the application starts will likely fail until the agent is active.

In many cases, this can be ignored: ideally, the application will retry the connection, or Kubernetes will restart the container after a failure, and finally the agent will be ready. Alternatively, you can use linkerd-await to delay the application container until the agent is ready, or set up a skip-outbound ports to bypass these connected agents.

Description of the Server-moves-first agreement

Linkerd’s protocol detection determines the protocol of the connection by looking at the first few bytes of client data. Some protocols (such as MySQL, SMTP, and other server-first protocols) do not send these bytes. In some cases, this may require additional configuration to avoid a 10-second delay when establishing the first connection.