Introduction

Linkerd adds security, reliability and performance monitoring to your Kubernetes applications.

Security is enforced using sidecar injection similar to Istio. This ensures communication between your service is done using mutual TLS.

The sidecar also provides reliability/resilience to your services by adding features like retries, timeouts and traffic splitting.

The sidecar also collects metrics as request/responses are routed to/from the pods.


Setup (minikube)

Run the following commands to install Linkerd on your minikube cluster

  1. curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh
  2. export PATH=$PATH:/home/ktimoney/.linkerd2/bin
  3. linkerd check --pre
  4. linkerd version
  5. linkerd install --crds | kubectl apply -f -
  6. linkerd install --set proxyInit.runAsRoot=true | kubectl apply -f -
  7. linkerd version
  8. linkerd check
Linkerd get pods
kubectl get pods -n linkerd
NAME                                      READY   STATUS    RESTARTS   AGE
linkerd-destination-b7798bdfc-4gcq2       4/4     Running   0          15m
linkerd-identity-54b8c6855d-bmg2n         2/2     Running   0          15m
linkerd-proxy-injector-696bb7bc8b-kcgrl   2/2     Running   0          15m


Install Linkerd visualizations:

  1. linkerd viz install | kubectl apply -f -
  2. linkerd viz check


Linkerd Viz
kubectl get pods -n linkerd-viz
NAME                           READY   STATUS    RESTARTS   AGE
metrics-api-7c999ddc94-lddgg   2/2     Running   0          67m
prometheus-6d5fb86b8f-t8q8t    2/2     Running   0          67m
tap-595fc4f9dd-sgl67           2/2     Running   0          67m
tap-injector-f86ffb747-j9l26   2/2     Running   0          67m
web-57f649c5f6-t6bcz           2/2     Running   0          67m


To view the dashboard run: linkerd viz dashboard &


Install the sample app:

  1. url --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/emojivoto.yml | kubectl apply -f -


emojivoto pods
kubectl get pods -n emojivoto
NAME                        READY   STATUS    RESTARTS   AGE
emoji-5dbdd567bd-n5mkp      1/1     Running   0          2m2s
vote-bot-58b4f5fdb7-m77mn   1/1     Running   0          2m2s
voting-5fdcddcfc-7l2d6      1/1     Running   0          2m2s
web-67c857998c-jm7bx        1/1     Running   0          2m2s


Inject the pods with the Linkerd sidecar

  1. kubectl get -n emojivoto deploy -o yaml | linkerd inject -| kubectl apply -f -


emojivoto pods with sidecars
kubectl get pods -n emojivoto
NAME                        READY   STATUS    RESTARTS   AGE
emoji-55c59cf485-fs29j      2/2     Running   0          48s
vote-bot-57d4c898bb-lmlhx   2/2     Running   0          49s
voting-87469d4bb-sbcbf      2/2     Running   0          48s
web-847cbcb586-f5mt5        2/2     Running   0          48s


View you the demo app in the Linkerd dashboard: http://localhost:50750



Links

Linkerd

Getting Started

Linkerd and Ingress Controllers: Bringing the Outside World In

Authorization Policy


  • No labels