Linkerd 2.10 series

  • Linkerd v2.10 Service Mesh
  • Tencent Cloud K8S deployment Service Mesh — Linkerd2 & Traefik2 deployment emojivoto application
  • Learn about the basic features of Linkerd 2.10 and step into the era of Service Mesh
  • Linkerd 2.10 – Add your service to Linkerd
  • Linkerd 2.10 — Automated Canary release
  • Linkerd 2.10 — Automatic rotation controls plane TLS and Webhook TLS credentials
  • Linkerd 2.10 — How do I configure external Prometheus instances
  • Linkerd 2.10 – Configure proxy concurrency
  • Linkerd 2.10 – Configure retry
  • Linkerd 2.10 — Configure timeout
  • Linkerd 2.10 – Controls the plane debug endpoint
  • Linkerd 2.10 – Use Kustomize to customize Linkerd configuration
  • Linkerd 2.10 — Use Linkerd for distributed tracing
  • Linkerd 2.10 — Debug 502S
  • Linkerd 2.10 – Debug HTTP applications using each routing metric
  • Linkerd 2.10 – Debug gRPC applications using request tracing
  • Linkerd 2.10 — Export metrics
  • Linkerd 2.10 — Expose Dashboard
  • Linkerd 2.10 – Generate your own mTLS root certificate
  • Linkerd 2.10 – Gets metrics for each route
  • Linkerd 2.10 — Injection failures for chaos engineering
  • Linkerd 2.10 — Elegant Pod shutdown
  • 2.10 – Linkerd Ingress traffic

Linkerd 2.10 中文 版

  • linkerd.hacker-linner.com

Linkerd can choose to install via Helm instead of using the Linkerd install command.

Prerequisite: Identity Certificates

Linkerd’s Identity Component needs to set the Trust Anchor Certificate and the Issuer certificate with the key. These must use the ECDSA P-256 algorithm and need to be supplied to Helm by the user (unlike when using Linkerd install CLI, which automatically generates these).

Add Linkerd’s Helm repository

# To add the repo for Linkerd2 stable releases:
helm repo add linkerd https://helm.linkerd.io/stable

# To add the repo for Linkerd2 edge releases:
helm repo add linkerd-edge https://helm.linkerd.io/edge
Copy the code

The following instructions use the Linkerd repository. To install the edge version, simply replace it with Linkerd-edge.

Helm Installation Process

# set expiry date one year from now, in Mac:
exp=$(date -v+8760H +"%Y-%m-%dT%H:%M:%SZ")
# in Linux:
exp=$(date -d '+8760 hour' +"%Y-%m-%dT%H:%M:%SZ") helm install linkerd2 \ --set-file identityTrustAnchorsPEM=ca.crt \ --set-file identity.issuer.tls.crtPEM=issuer.crt \  --set-file identity.issuer.tls.keyPEM=issuer.key \ --set identity.issuer.crtExpiry=$exp \
  linkerd/linkerd2
Copy the code

For Helm versions lower than V3, the –name flag must be passed specifically. In Helm V3, it is deprecated and is the first parameter specified above.

Chart values will be selected from chart’s values.yaml file.

You can override the values in your values. Yaml file by providing your own and using the -f option, or you can override specific values using the –set flag series, as we did with certificates above.

Disable agent initialization containers

If installing using CNI, be sure to add the –set cniEnabled=true flag to the helm Install command.

Configure high availability

The chart contains a file called values-ha.yaml, which overrides some default values for setting in high availability scenarios, similar to the –ha option in Linkerd Install. This file specifies equivalents such as higher replicas, higher memory/ CPU limits, and affinities.

You can get values-ha.yaml by getting chart file:

helm fetch --untar linkerd/linkerd2
Copy the code

Then provide the overwrite file with the -f flag, for example:

## see above on how to set $exp
helm install linkerd2 \
  --set-file identityTrustAnchorsPEM=ca.crt \
  --set-file identity.issuer.tls.crtPEM=issuer.crt \
  --set-file identity.issuer.tls.keyPEM=issuer.key \
  --set identity.issuer.crtExpiry=$exp \
  -f linkerd2/values-ha.yaml \
  linkerd/linkerd2
Copy the code

Custom namespaces

To install Linkerd into a different Namespace than the default Linkerd, override the Namespace variable.

By default, the chart using the config. Linkerd. IO/admission – webhooks: disabled TAB to create a control plane namespace (control plane namespace). The control plane must work properly. This means chart cannot be used with Helm V2’s — Namespace option. If you rely on separate tools to create control plane namespaces, make sure:

  1. namespacemarkedconfig.linkerd.io/admission-webhooks: disabled
  2. installNamespaceSet tofalse
  3. namespaceThe variable is overridden by the name of your namespace

In Helm V3, the — Namespace option must be used with existing namespaces.

Helm Upgrade Process

Make sure your local Helm repository is updated:

helm repo update

helm search linkerd2 -v {{% latestversion %}}
NAME                    CHART VERSION          APP VERSION            DESCRIPTION
linkerd/linkerd2        <chart-semver-version> {{% latestversion %}}    Linkerd gives you observability, reliability, and securit...
Copy the code

The helm upgrade command has a number of flags that allow you to customize its behavior. Particular attention should be paid to — repurse-values and –reset-values and their behavior when charts changes from version to version and/or is overridden by –set and –set-file applications. In summary, the following salient cases can be observed:

  • uncovered--reuse-values– All values are reused
  • covered--reuse-values– All values except those overridden are reused
  • uncovered--reset-values– No values are reused, and all changes in the supplied version are applied during the upgrade
  • covered--reset-values– No values are reused, and values changed from the supplied version are applied with overrides
  • No flags and no overwrites – will be used by default--reuse-values
  • No flags and no overwrites – will be used by default--reset-values

With all of this in mind, you must decide whether to reuse the values in the chart or move to the values specified in the new chart. The recommended practice is to use the values.yaml file to store all your custom overwrites of chart. Before upgrading, check chart for significant changes (i.e., renaming or moving keys, etc.). You can consult the Edge or stable Chart documentation, depending on which one you want to upgrade to. If so, make changes to your values.yaml file accordingly. Then you can use:

helm upgrade linkerd2 linkerd/linkerd2 --reset-values -f values.yaml --atomic
Copy the code

The atomic flag will ensure that all changes are rolled back if the upgrade operation fails

I am weishao wechat: uuhells123 public number: hackers afternoon tea add my wechat (mutual learning exchange), pay attention to the public number (for more learning materials ~)Copy the code