Deploying Linkerd via Open Source Linkerd

Considerations

Edge releases of Linkerd are provided by the open source community:

Edge releases are generally considered production ready, and the project will mark specific releases as “not recommended” if bugs are discovered after release.

Installation

This article closely follows the Linkerd Getting Started Guide

Getting StartedLinkerd

Install the cli

curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install-edge | sh
export PATH=$HOME/.linkerd2/bin:$PATH

Validate the destination cluster

linkerd check --pre

Example precheck output

kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API

kubernetes-version
------------------
√ is running the minimum Kubernetes API version

pre-kubernetes-setup
--------------------
√ control plane namespace does not already exist
√ can create non-namespaced resources
√ can create ServiceAccounts
√ can create Services
√ can create Deployments
√ can create CronJobs
√ can create ConfigMaps
√ can create Secrets
√ can read Secrets
√ can read extension-apiserver-authentication configmap
√ no clock skew detected

linkerd-version
---------------
√ can determine the latest version
√ cli is up-to-date

Status check results are √

Install Linkerd

linkerd install --crds | kubectl apply -f -
linkerd install | kubectl apply -f -

Validate install

linkerd check

Applying linkerd to an existing Immuta deployment

kubectl get -n immuta deploy -o yaml |linkerd inject - |kubectl apply -f -

ddeployment "immuta-audit" injected
deployment "immuta-cache" injected
deployment "immuta-discover" injected
deployment "immuta-secure-background-worker" injected
deployment "immuta-secure-web" injected

deployment.apps/immuta-audit configured
deployment.apps/immuta-cache configured
deployment.apps/immuta-discover configured
deployment.apps/immuta-secure-background-worker configured
deployment.apps/immuta-secure-web configured

Installing Linkerd visualization tools

linkerd viz install | kubectl apply -f -
kubectl -n immuta rollout restart deploy
kubectl port-forward -n linkerd-viz service/web 8084:8084

Validating mTLS

linkerd viz -n immuta edges deployment

SRC                               DST                               SRC_NS        DST_NS   SECURED
immuta-secure-background-worker   immuta-cache                      immuta        immuta   √
immuta-secure-web                 immuta-cache                      immuta        immuta   √
prometheus                        immuta-audit                      linkerd-viz   immuta   √
prometheus                        immuta-cache                      linkerd-viz   immuta   √
prometheus                        immuta-discover                   linkerd-viz   immuta   √
prometheus                        immuta-secure-background-worker   linkerd-viz   immuta   √
prometheus                        immuta-secure-web                 linkerd-viz   immuta   √

PreviousProduction Linkerd with AWS Private CA issuer NextDeploying Linkerd Service Mesh via Buoyant Enterprise for Linkerd