Linkerd adds security, reliability and performance monitoring to your Kubernetes applications.

Security is enforced using sidecar injection similar to Istio. This ensures communication between your service is done using mutual TLS.

The sidecar also provides reliability/resilience to your services by adding features like retries, timeouts and traffic splitting.

The sidecar also collects metrics as request/responses are routed to/from the pods.

Setup (minikube)

Run the following commands to install Linkerd on your minikube cluster

  1. curl --proto '=https' --tlsv1.2 -sSfL | sh
  2. export PATH=$PATH:/home/ktimoney/.linkerd2/bin
  3. linkerd check --pre
  4. linkerd version
  5. linkerd install --crds | kubectl apply -f -
  6. linkerd install --set proxyInit.runAsRoot=true | kubectl apply -f -
  7. linkerd version
  8. linkerd check
Linkerd get pods
kubectl get pods -n linkerd
NAME                                      READY   STATUS    RESTARTS   AGE
linkerd-destination-b7798bdfc-4gcq2       4/4     Running   0          15m
linkerd-identity-54b8c6855d-bmg2n         2/2     Running   0          15m
linkerd-proxy-injector-696bb7bc8b-kcgrl   2/2     Running   0          15m

Install Linkerd visualizations:

  1. linkerd viz install | kubectl apply -f -
  2. linkerd viz check

Linkerd Viz
kubectl get pods -n linkerd-viz
NAME                           READY   STATUS    RESTARTS   AGE
metrics-api-7c999ddc94-lddgg   2/2     Running   0          67m
prometheus-6d5fb86b8f-t8q8t    2/2     Running   0          67m
tap-595fc4f9dd-sgl67           2/2     Running   0          67m
tap-injector-f86ffb747-j9l26   2/2     Running   0          67m
web-57f649c5f6-t6bcz           2/2     Running   0          67m

To view the dashboard run: linkerd viz dashboard &

Install the sample app:

  1. url --proto '=https' --tlsv1.2 -sSfL | kubectl apply -f -

emojivoto pods
kubectl get pods -n emojivoto
NAME                        READY   STATUS    RESTARTS   AGE
emoji-5dbdd567bd-n5mkp      1/1     Running   0          2m2s
vote-bot-58b4f5fdb7-m77mn   1/1     Running   0          2m2s
voting-5fdcddcfc-7l2d6      1/1     Running   0          2m2s
web-67c857998c-jm7bx        1/1     Running   0          2m2s

Inject the pods with the Linkerd sidecar

  1. kubectl get -n emojivoto deploy -o yaml | linkerd inject -| kubectl apply -f -

emojivoto pods with sidecars
kubectl get pods -n emojivoto
NAME                        READY   STATUS    RESTARTS   AGE
emoji-55c59cf485-fs29j      2/2     Running   0          48s
vote-bot-57d4c898bb-lmlhx   2/2     Running   0          49s
voting-87469d4bb-sbcbf      2/2     Running   0          48s
web-847cbcb586-f5mt5        2/2     Running   0          48s

View you the demo app in the Linkerd dashboard: http://localhost:50750



Getting Started

Linkerd and Ingress Controllers: Bringing the Outside World In

Authorization Policy

  • No labels