Linkerd 2.10 series

  • Linkerd v2.10 Service Mesh
  • Tencent Cloud K8S deployment Service Mesh — Linkerd2 & Traefik2 deployment emojivoto application
  • Learn about the basic features of Linkerd 2.10 and step into the era of Service Mesh
  • Linkerd 2.10 – Add your service to Linkerd
  • Linkerd 2.10 — Automated Canary release
  • Linkerd 2.10 — Automatic rotation controls plane TLS and Webhook TLS credentials
  • Linkerd 2.10 — How do I configure external Prometheus instances
  • Linkerd 2.10 – Configure proxy concurrency
  • Linkerd 2.10 – Configure retry
  • Linkerd 2.10 — Configure timeout
  • Linkerd 2.10 – Controls the plane debug endpoint
  • Linkerd 2.10 – Use Kustomize to customize Linkerd configuration

Linkerd 2.10 中文 版

  • linkerd.hacker-linner.com

When Kubernetes starts terminating a Pod, it first sends a TERM signal to all containers in that Pod. When the Linkerd agent Sidecar receives this signal, it immediately begins normal shutdown, rejecting all new requests and allowing existing requests to complete before closing.

This means that if the main container of the Pod tries to make any new network calls after the agent receives the TERM signal, those network calls will fail. This also has an impact on terminating Pod clients and job resources.

The client updates slowly

Before Kubernetes terminates a Pod, it first removes the Pod from the endpoint resources of any service to which it belongs. This means that the client of the service should stop sending traffic to the Pod before terminating. However, some clients may be slow to receive endpoint updates and may try to send requests to terminating pods after the Pod’s agent has received the TERM signal and has begun a normal shutdown. These requests will fail.

To mitigate this, use the –wait-before-exit-seconds flag and Linkerd inject the preStop hook to delay the Linkerd agent’s processing of TERM signals for a given number of seconds. This delay provides slow clients with extra time to receive endpoint updates before the normal shutdown begins. To get the most out of this option, the main container should have its own preStop hook, where the sleep command has a period less than that set for the broker sidecar. And they cannot be greater than for the entire pod terminationGracePeriodSeconds configuration.

For example,

       # application container
        lifecycle:
          preStop:
            exec:
              command:
                - /bin/bash
                - -c
                - sleep 20

    # for entire pod
    terminationGracePeriodSeconds: 160
Copy the code

Job Resources

The Pod that is part of the Job Resource runs until all containers in the Pod are complete. However, the Linkerd proxy container continues to run until the TERM signal is received. This means that the injected Job Pods will continue to run even if the main container is complete.

Better support for Sidecar containers in Kubernetes has been proposed and Linkerd will take advantage of this support as it becomes available.

I am weishao wechat: uuhells123 public number: hackers afternoon tea add my wechat (mutual learning exchange), pay attention to the public number (for more learning materials ~)Copy the code