Linkerd: Up and Running

Linkerd: Up and Running

by Jason Morgan, Flynn
Released April 2024
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098142315

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

With the massive adoption of microservices, operators and developers face far more complexity in their applications today. Service meshes can help you manage this problem by providing a unified control plane to secure, manage, and monitor your entire network. This practical guide shows you how the Linkerd service mesh enables cloud-native developers—including platform and site reliability engineers—to solve the thorny issue of running distributed applications in Kubernetes.

Jason Morgan and Flynn draw on their years of experience at Buoyant—the creators of Linkerd—to demonstrate how this service mesh can help ensure that your applications are secure, observable, and reliable. You'll understand why Linkerd, the original service mesh, can still claim the lowest time to value of any mesh option available today.

  • Learn how Linkerd works and which tasks it can help you accomplish
  • Install and configure Linkerd in an imperative and declarative manner
  • Secure interservice traffic and set up secure multicluster links
  • Launch a zero trust authorization strategy in Kubernetes clusters
  • Organize services in Linkerd to override error codes, set custom retries, and create timeouts
  • Use Linkerd to manage progressive delivery and pair this service mesh with the ingress of your choice

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Who Should Read This Book
    2. Why We Wrote This Book
    3. Navigating This Book
    4. Conventions Used in This Book
    5. Using Code Examples
    6. O’Reilly Online Learning
    7. How to Contact Us
    8. Acknowledgments
  2. 1. Service Mesh 101
    1. Basic Mesh Functionality
      1. Security
      2. Reliability
      3. Observability
    2. How Do Meshes Actually Work?
    3. So Why Do We Need This?
    4. Summary
  3. 2. Intro to Linkerd
    1. Where Does Linkerd Come From?
      1. Linkerd1
      2. Linkerd2
      3. The Linkerd Proxy
    2. Linkerd Architecture
      1. mTLS and Certificates
      2. Certifying Authorities
      3. The Linkerd Control Plane
      4. Linkerd Extensions
    3. Summary
  4. 3. Deploying Linkerd
    1. Considerations
      1. Linkerd Versioning
      2. Workloads, Pods, and Services
      3. TLS certificates
      4. Linkerd Viz
    2. Deploying Linkerd
      1. Required Tools
      2. Provisioning a Kubernetes Cluster
      3. Installing Linkerd via the CLI
      4. Installing Linkerd via Helm
    3. Configuring Linkerd
      1. Cluster Networks
      2. Linkerd Control Plane Resources
      3. Opaque and Skip Ports
    4. Summary
  5. 4. Adding Workloads to the Mesh
    1. Workloads Versus Services
    2. What Does It Mean to Add a Workload to the Mesh?
    3. Injecting Individual Workloads
    4. Injecting All Workloads in a Namespace
    5. linkerd.io/inject Values
    6. Why Might You Decide Not to Add a Workload to the Mesh?
    7. Other Proxy Configuration Options
    8. Protocol Detection
      1. When Protocol Detection Goes Wrong
      2. Opaque Ports Versus Skip Ports
      3. Configuring Protocol Detection
      4. Default Opaque Ports
    9. Kubernetes Resource Limits
    10. Summary
  6. 5. Ingress and Linkerd
    1. Ingress Controllers with Linkerd
    2. The Ingress Controller Is Just Another Meshed Workload
    3. Linkerd Is (Mostly) Invisible
      1. Use Cleartext Within the Cluster
      2. Route to Services, Not Endpoints
      3. Ingress Mode
    4. Specific Ingress Controller Examples
      1. Emissary-ingress
      2. NGINX
      3. Envoy Gateway
    5. Summary
  7. 6. The Linkerd CLI
    1. Installing the CLI
      1. Updating the CLI
      2. Installing a Specific Version
      3. Alternate Ways to Install
    2. Using the CLI
    3. Selected Commands
      1. linkerd version
      2. linkerd check
      3. linkerd inject
      4. linkerd identity
      5. linkerd diagnostics
    4. Summary
  8. 7. mTLS, Linkerd, and Certificates
    1. Secure Communications
      1. TLS and mTLS
      2. mTLS and Certificates
      3. Linkerd and mTLS
    2. Certificates and Linkerd
      1. The Linkerd Trust Anchor
      2. The Linkerd Identity Issuer
      3. Linkerd Workload Certificates
      4. Certificate Lifetimes and Rotation
      5. Certificate Management in Linkerd
      6. Automatic Certificate Management with cert-manager
    3. Summary
  9. 8. Linkerd Policy: Overview and Server-Based Policy
    1. Linkerd Policy Overview
      1. Linkerd Default Policy
      2. Linkerd Policy Resources
      3. Server-Based Policy Versus Route-Based Policy
    2. Server-Based Policy with the emojivoto Application
      1. Configuring the Default Policy
      2. Configuring Dynamic Policy
    3. Summary
  10. 9. Linkerd Route-Based Policy
    1. Route-Based Policy Overview
    2. The booksapp Sample Application
      1. Installing booksapp
    3. Configuring booksapp Policy
      1. Infrastructure Policy
      2. Read-Only Access
      3. Enabling Write Access
      4. Allowing Writes to books
      5. Reenabling the Traffic Generator
    4. Summary
  11. 10. Observing Your Platform with Linkerd
    1. Why Do We Need This?
    2. How Does Linkerd Help?
    3. Observability in Linkerd
      1. Setting Up Your Cluster
      2. Tap
      3. Service Profiles
      4. Topology
    4. Linkerd Viz
    5. Audit Trails and Access Logs
      1. Access Logging: The Good, the Bad, and the Ugly
      2. Enabling Access Logging
    6. Summary
  12. 11. Ensuring Reliability with Linkerd
    1. Load Balancing
    2. Retries
      1. Retry Budgets
      2. Configuring Retries
      3. Configuring the Budget
    3. Timeouts
      1. Configuring Timeouts
    4. Traffic Shifting
      1. Traffic Shifting, Gateway API, and the Linkerd SMI Extension
      2. Setting Up Your Environment
      3. Weight-Based Routing (Canary)
      4. Header-Based Routing (A/B Testing)
      5. Traffic Shifting Summary
    5. Circuit Breaking
      1. Enabling Circuit Breaking
      2. Tuning Circuit Breaking
    6. Summary
  13. 12. Multicluster Communication with Linkerd
    1. Types of Multicluster Setups
      1. Gateway-Based Multicluster
      2. Pod-to-Pod Multicluster
      3. Gateways Versus Pod-to-Pod
    2. Multicluster Certificates
    3. Cross-Cluster Service Discovery
    4. Setting Up for Multicluster
      1. Continuing with a Gateway-Based Setup
      2. Continuing with a Pod-to-Pod Setup
      3. Multicluster Gotchas
    5. Deploying and Connecting an Application
    6. Checking Traffic
    7. Policy in Multicluster Environments
    8. Summary
  14. 13. Linkerd CNI Versus Init Containers
    1. Kubernetes sans Linkerd
      1. Nodes, Pods, and More
      2. Networking in Kubernetes
      3. The Role of the Packet Filter
      4. The Container Networking Interface
      5. The Kubernetes Pod Startup Process
    2. Kubernetes and Linkerd
      1. The Init Container Approach
      2. The Linkerd CNI Plugin Method
      3. Races and Ordering
    3. Summary
  15. 14. Production-Ready Linkerd
    1. Linkerd Community Resources
      1. Getting Help
      2. Responsible Disclosure
      3. Kubernetes Compatibility
    2. Going to Production with Linkerd
      1. Stable or Edge?
      2. Preparing Your Environment
      3. Configuring Linkerd for High Availability
    3. Monitoring Linkerd
      1. Certificate Health and Expiration
      2. Control Plane
      3. Data Plane
      4. Metrics Collection
      5. Linkerd Viz for Production Use
      6. Accessing Linkerd Logs
    4. Upgrading Linkerd
      1. Upgrading via Helm
      2. Upgrading via the CLI
    5. Readiness Checklist
    6. Summary
  16. 15. Debugging Linkerd
    1. Diagnosing Data Plane Issues
      1. “Common” Linkerd Data Plane Failures
      2. Setting Proxy Log Levels
    2. Debugging the Linkerd Control Plane
      1. Linkerd Control Plane and Availability
      2. The Core Control Plane
      3. Linkerd Extensions
    3. Summary
  17. Index
  18. About the Authors

Product information

  • Title: Linkerd: Up and Running
  • Author(s): Jason Morgan, Flynn
  • Release date: April 2024
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098142315