Linkerd: Up and Running
Published on 11. April 2024
262 pages
978-1-0981-4228-5 (ISBN)
Description
With the massive adoption of microservices, operators and developers face far more complexity in their applications today. Service meshes can help you manage this problem by providing a unified control plane to secure, manage, and monitor your entire network. This practical guide shows you how the Linkerd service mesh enables cloud-native developers?including platform and site reliability engineers?to solve the thorny issue of running distributed applications in Kubernetes.
Jason Morgan and Flynn draw on their years of experience at Buoyant?the creators of Linkerd?to demonstrate how this service mesh can help ensure that your applications are secure, observable, and reliable. You''ll understand why Linkerd, the original service mesh, can still claim the lowest time to value of any mesh option available today.
- Learn how Linkerd works and which tasks it can help you accomplish
- Install and configure Linkerd in an imperative and declarative manner
- Secure interservice traffic and set up secure multicluster links
- Launch a zero trust authorization strategy in Kubernetes clusters
- Organize services in Linkerd to override error codes, set custom retries, and create timeouts
- Use Linkerd to manage progressive delivery and pair this service mesh with the ingress of your choice
More details
Other editions
Additional editions
Jason Morgan | Flynn
Linkerd: Up and Running
A Guide to Operationalizing a Kubernetes-Native Service Mesh
Book
04/2024
O'Reilly
€61.50
Shipment within 15-20 days
Content
- Intro
- Copyright
- Table of Contents
- Preface
- Who Should Read This Book
- Why We Wrote This Book
- Navigating This Book
- Conventions Used in This Book
- Using Code Examples
- O'Reilly Online Learning
- How to Contact Us
- Acknowledgments
- Chapter 1. Service Mesh 101
- Basic Mesh Functionality
- Security
- Reliability
- Observability
- How Do Meshes Actually Work?
- So Why Do We Need This?
- Summary
- Chapter 2. Intro to Linkerd
- Where Does Linkerd Come From?
- Linkerd1
- Linkerd2
- The Linkerd Proxy
- Linkerd Architecture
- mTLS and Certificates
- Certifying Authorities
- The Linkerd Control Plane
- Linkerd Extensions
- Summary
- Chapter 3. Deploying Linkerd
- Considerations
- Linkerd Versioning
- Workloads, Pods, and Services
- TLS certificates
- Linkerd Viz
- Deploying Linkerd
- Required Tools
- Provisioning a Kubernetes Cluster
- Installing Linkerd via the CLI
- Installing Linkerd via Helm
- Configuring Linkerd
- Cluster Networks
- Linkerd Control Plane Resources
- Opaque and Skip Ports
- Summary
- Chapter 4. Adding Workloads to the Mesh
- Workloads Versus Services
- What Does It Mean to Add a Workload to the Mesh?
- Injecting Individual Workloads
- Injecting All Workloads in a Namespace
- linkerd.io/inject Values
- Why Might You Decide Not to Add a Workload to the Mesh?
- Other Proxy Configuration Options
- Protocol Detection
- When Protocol Detection Goes Wrong
- Opaque Ports Versus Skip Ports
- Configuring Protocol Detection
- Default Opaque Ports
- Kubernetes Resource Limits
- Summary
- Chapter 5. Ingress and Linkerd
- Ingress Controllers with Linkerd
- The Ingress Controller Is Just Another Meshed Workload
- Linkerd Is (Mostly) Invisible
- Use Cleartext Within the Cluster
- Route to Services, Not Endpoints
- Ingress Mode
- Specific Ingress Controller Examples
- Emissary-ingress
- NGINX
- Envoy Gateway
- Summary
- Chapter 6. The Linkerd CLI
- Installing the CLI
- Updating the CLI
- Installing a Specific Version
- Alternate Ways to Install
- Using the CLI
- Selected Commands
- linkerd version
- linkerd check
- linkerd inject
- linkerd identity
- linkerd diagnostics
- Summary
- Chapter 7. mTLS, Linkerd, and Certificates
- Secure Communications
- TLS and mTLS
- mTLS and Certificates
- Linkerd and mTLS
- Certificates and Linkerd
- The Linkerd Trust Anchor
- The Linkerd Identity Issuer
- Linkerd Workload Certificates
- Certificate Lifetimes and Rotation
- Certificate Management in Linkerd
- Automatic Certificate Management with cert-manager
- Summary
- Chapter 8. Linkerd Policy: Overview and Server-Based Policy
- Linkerd Policy Overview
- Linkerd Default Policy
- Linkerd Policy Resources
- Server-Based Policy Versus Route-Based Policy
- Server-Based Policy with the emojivoto Application
- Configuring the Default Policy
- Configuring Dynamic Policy
- Summary
- Chapter 9. Linkerd Route-Based Policy
- Route-Based Policy Overview
- The booksapp Sample Application
- Installing booksapp
- Configuring booksapp Policy
- Infrastructure Policy
- Read-Only Access
- Enabling Write Access
- Allowing Writes to books
- Reenabling the Traffic Generator
- Summary
- Chapter 10. Observing Your Platform with Linkerd
- Why Do We Need This?
- How Does Linkerd Help?
- Observability in Linkerd
- Setting Up Your Cluster
- Tap
- Service Profiles
- Topology
- Linkerd Viz
- Audit Trails and Access Logs
- Access Logging: The Good, the Bad, and the Ugly
- Enabling Access Logging
- Summary
- Chapter 11. Ensuring Reliability with Linkerd
- Load Balancing
- Retries
- Retry Budgets
- Configuring Retries
- Configuring the Budget
- Timeouts
- Configuring Timeouts
- Traffic Shifting
- Traffic Shifting, Gateway API, and the Linkerd SMI Extension
- Setting Up Your Environment
- Weight-Based Routing (Canary)
- Header-Based Routing (A/B Testing)
- Traffic Shifting Summary
- Circuit Breaking
- Enabling Circuit Breaking
- Tuning Circuit Breaking
- Summary
- Chapter 12. Multicluster Communication with Linkerd
- Types of Multicluster Setups
- Gateway-Based Multicluster
- Pod-to-Pod Multicluster
- Gateways Versus Pod-to-Pod
- Multicluster Certificates
- Cross-Cluster Service Discovery
- Setting Up for Multicluster
- Continuing with a Gateway-Based Setup
- Continuing with a Pod-to-Pod Setup
- Multicluster Gotchas
- Deploying and Connecting an Application
- Checking Traffic
- Policy in Multicluster Environments
- Summary
- Chapter 13. Linkerd CNI Versus Init Containers
- Kubernetes sans Linkerd
- Nodes, Pods, and More
- Networking in Kubernetes
- The Role of the Packet Filter
- The Container Networking Interface
- The Kubernetes Pod Startup Process
- Kubernetes and Linkerd
- The Init Container Approach
- The Linkerd CNI Plugin Method
- Races and Ordering
- Summary
- Chapter 14. Production-Ready Linkerd
- Linkerd Community Resources
- Getting Help
- Responsible Disclosure
- Kubernetes Compatibility
- Going to Production with Linkerd
- Stable or Edge?
- Preparing Your Environment
- Configuring Linkerd for High Availability
- Monitoring Linkerd
- Certificate Health and Expiration
- Control Plane
- Data Plane
- Metrics Collection
- Linkerd Viz for Production Use
- Accessing Linkerd Logs
- Upgrading Linkerd
- Upgrading via Helm
- Upgrading via the CLI
- Readiness Checklist
- Summary
- Chapter 15. Debugging Linkerd
- Diagnosing Data Plane Issues
- "Common" Linkerd Data Plane Failures
- Setting Proxy Log Levels
- Debugging the Linkerd Control Plane
- Linkerd Control Plane and Availability
- The Core Control Plane
- Linkerd Extensions
- Summary
- Index
- About the Authors
- Colophon
