Install
Install
Install
CLI
1curl -sL https://run.linkerd.io/install | sh
2
3环境变量
4export PATH=$PATH:$HOME/.linkerd2/bin
5
6or
7
8vi ~/.bashrc
9export PATH=/root/.linkerd2/bin:$PATH
10source ~/.bashrc
11
12验证
13linkerd version
14
验证k8s集群 & 安装Linkerd 到k8s集群
1预验证
2linkerd check --pre
3
4安装
5linkerd install | kubectl apply -f -
6此命令可生成一个 Kubernetes manifest ,然后使用 kubectl 命令将其应用于 Kubernetes 集群。(在应用之前,请随意检查 manifest )
7基本上image pull不下来
8
9如果你已经linkerd install | kubectl apply -f - 可以执行linkerd install --ignore-cluster | kubectl delete -f - 删除 然后再linkerd install >> deploy-linker.yaml
10
11导出一个yml文件
12linkerd install >> deploy-linker.yaml
13
14https://github.com/zhangguanzhang/gcr.io
15
16每台node上执行
17
18curl -s https://zhangguanzhang.github.io/bash/pull.sh | bash -s -- gcr.io/linkerd-io/controller:stable-2.7.1 &&\
19curl -s https://zhangguanzhang.github.io/bash/pull.sh | bash -s -- gcr.io/linkerd-io/proxy:stable-2.7.1 &&\
20curl -s https://zhangguanzhang.github.io/bash/pull.sh | bash -s -- gcr.io/linkerd-io/proxy-init:v1.3.2 &&\
21curl -s https://zhangguanzhang.github.io/bash/pull.sh | bash -s -- gcr.io/linkerd-io/web:stable-2.7.1 &&\
22curl -s https://zhangguanzhang.github.io/bash/pull.sh | bash -s -- gcr.io/linkerd-io/debug:stable-2.7.1 &&\
23curl -s https://zhangguanzhang.github.io/bash/pull.sh | bash -s -- gcr.io/linkerd-io/grafana:stable-2.7.1
24
25docker pull prom/prometheus:v2.15.2
26
27
28deploy-linker.yaml中修改 增加忽略的主机 192\.168\.110\.213|
29
30apiVersion: apps/v1
31kind: Deployment
32metadata:
33 annotations:
34 linkerd.io/created-by: linkerd/cli stable-2.7.1
35 labels:
36 app.kubernetes.io/name: web
37 app.kubernetes.io/part-of: Linkerd
38 app.kubernetes.io/version: stable-2.7.1
39 linkerd.io/control-plane-component: web
40 linkerd.io/control-plane-ns: linkerd
41 name: linkerd-web
42 namespace: linkerd
43spec:
44 replicas: 1
45 selector:
46 matchLabels:
47 linkerd.io/control-plane-component: web
48 linkerd.io/control-plane-ns: linkerd
49 linkerd.io/proxy-deployment: linkerd-web
50 template:
51 metadata:
52 annotations:
53 linkerd.io/created-by: linkerd/cli stable-2.7.1
54 linkerd.io/identity-mode: default
55 linkerd.io/proxy-version: stable-2.7.1
56 labels:
57 linkerd.io/control-plane-component: web
58 linkerd.io/control-plane-ns: linkerd
59 linkerd.io/proxy-deployment: linkerd-web
60 spec:
61 nodeSelector:
62 beta.kubernetes.io/os: linux
63 containers:
64 - args:
65 - -api-addr=linkerd-controller-api.linkerd.svc.cluster.local:8085
66 - -grafana-addr=linkerd-grafana.linkerd.svc.cluster.local:3000
67 - -controller-namespace=linkerd
68 - -log-level=info
69 - -enforced-host=^(192\.168\.110\.213|localhost|127\.0\.0\.1|linkerd-web\.linkerd\.svc\.cluster\.local|linkerd-web\.linkerd\.svc|\[::1\])(:\d+)?$
70
71
72
73kubectl apply -f .
74
75验证
76linkerd check
77
78查看 deployment
79kubectl -n linkerd get deploy
pull.sh
1#!/bin/bash
2[ -z "$set_e" ] && set -e
3
4[ -z "$1" ] && { echo '$1 is not set';exit 2; }
5
6
7
8# imgFullName
9sync_pull(){
10 local targetName pullName
11 targetName=$1
12 pullName=${1//k8s.gcr.io/gcr.io\/google_containers}
13 pullName=${pullName//google-containers/google_containers}
14 if [ $( tr -dc '/' <<< $pullName | wc -c) -gt 2 ];then #大于2为gcr的超长镜像名字
15 pullName=$(echo $pullName | sed -r 's#io#azk8s.cn#')
16 else
17 pullName=zhangguanzhang/${pullName//\//.}
18 fi
19 docker pull $pullName
20 docker tag $pullName $targetName
21 docker rmi $pullName
22}
23
24if [ "$1" == search ];then
25 shift
26 which jq &> /dev/null || { echo 'search needs jq, please install the jq';exit 2; }
27 img=${1%/}
28 [[ $img == *:* ]] && img_name=${img/://} || img_name=$img
29 if [[ "$img" =~ ^gcr.io|^k8s.gcr.io ]];then
30 if [[ "$img" =~ ^k8s.gcr.io ]];then
31 img_name=${img_name/k8s.gcr.io\//gcr.io/google_containers/}
32 elif [[ "$img" == *google-containers* ]]; then
33 img_name=${img_name/google-containers/google_containers}
34 fi
35 repository=gcr.io
36 elif [[ "$img" =~ ^quay.io ]];then
37 repository=quay.io
38 else
39 echo 'not sync the namespaces!';exit 0;
40 fi
41 #echo '查询用的github,GFW原因可能会比较久,请确保能访问到github'
42 curl -sX GET https://api.github.com/repos/zhangguanzhang/${repository}/contents/$img_name?ref=develop |
43 jq -r 'length as $len | if $len ==2 then .message elif $len ==12 then .name else .[].name end'
44else
45 img=$1
46
47 if [[ "$img" =~ ^gcr.io|^quay.io|^k8s.gcr.io ]];then
48 sync_pull $1
49 else
50 echo 'not sync the namespaces!';exit 0;
51 fi
52fi
53
启动仪表板
1
2nohup linkerd dashboard --address 0.0.0.0 &
3
4linkerd -n linkerd top deploy/linkerd-web
5
6http://192.168.110.213:50750/namespaces
nohup linkerd dashboard --address 0.0.0.0 & 可能有问题,需要修改-enforced-host
1containers:
2 - args:
3 - -api-addr=linkerd-controller-api.linkerd.svc.cluster.local:8085
4 - -grafana-addr=linkerd-grafana.linkerd.svc.cluster.local:3000
5 - -controller-namespace=linkerd
6 - -log-level=info
7 - -enforced-host=^(192\.168\.110\.213|localhost|127\.0\.0\.1|linkerd-web\.linkerd\.svc\.cluster\.local|linkerd-web\.linkerd\.svc|\[::1\])(:\d+)?$
8 image: gcr.io/linkerd-io/web:stable-2.7.1
demo
每个pod注入2个容器
- linkerd-init,一个Kubernetes初始化容器,它配置iptables通过代理自动转发所有传入和传出的TCP流量。 (请注意,如果已启用Linkerd CNI插件,则此容器不存在。)
- linkerd-proxy,Linkerd数据平面代理本身。
1
2
3
4
5自动注入
6linkerd.io/inject: enabled
7
8linkerd.io/inject: disabled
9
10
11kubectl annotate namespace test linkerd.io/inject=enabled
12kubectl annotate namespace test linkerd.io/inject-
13
14手动注入
15linkerd inject
16
17# Inject all the deployments in the default namespace.
18kubectl get deploy -o yaml | linkerd inject - | kubectl apply -f -
19
20# Injecting a file from a remote URL
21linkerd inject http://url.to/yml | kubectl apply -f -
22
23# Inject all the resources inside a folder and its sub-folders.
24linkerd inject <folder> | kubectl apply -f -
25
26
27kubectl get deploy -o yaml -n loc | linkerd inject - | kubectl apply -f -
28
29
30
31检查是否成功
32linkerd -n loc check --proxy
33
34查看
35linkerd -n emojivoto stat deploy
36linkerd -n emojivoto top deploy
37linkerd -n emojivoto tap deploy/web
Distributed tracing
先安装ingress-nginx
1curl -s https://zhangguanzhang.github.io/bash/pull.sh | bash -s -- quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
2
3
4
5kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
6
7kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
1安装 opencensus-collector
2kubectl apply -f https://run.linkerd.io/tracing/collector.yml
3等待安装完成
4kubectl -n tracing rollout status deploy/oc-collector
5
6
7github.com/census-instrumentation/opencensus-service
8
9ConfigMap :将collector-endpoint改成collector_endpoint
10---
11apiVersion: v1
12kind: ConfigMap
13metadata:
14 name: oc-collector-conf
15 namespace: tracing
16 labels:
17 app: opencensus
18 component: oc-collector-conf
19data:
20 oc-collector-config: |
21 receivers:
22 opencensus:
23 port: 55678
24 zipkin:
25 port: 9411
26 exporters:
27 jaeger:
28 collector_endpoint: "http://192.168.110.252:14268/api/traces"
29---
30
31
32
33安装 Jaeger
34kubectl apply -f https://run.linkerd.io/tracing/backend.yml
35等待安装完成
36kubectl -n tracing rollout status deploy/jaeger
37
38
39查看Jaeger
40kubectl -n tracing port-forward svc/jaeger 16686 --address=0.0.0.0 &
41#kubectl -n emojivoto port-forward svc/web-svc 8080:80
42
43使用
44spec:
45 template:
46 metadata:
47 annotations:
48 linkerd.io/inject: enabled
49 config.linkerd.io/trace-collector: oc-collector.tracing:55678
50
51
52ingress-nginx 开启tracing
53
54controller:
55 config:
56 enable-opentracing: "true"
57 zipkin-collector-host: oc-collector.tracing
58
ingress
1# 如果打算用于生产环境,请参考 https://github.com/nginxinc/kubernetes-ingress/blob/v1.5.5/docs/installation.md 并根据您自己的情况做进一步定制
2
3apiVersion: v1
4kind: Namespace
5metadata:
6 name: nginx-ingress
7
8---
9apiVersion: v1
10kind: ServiceAccount
11metadata:
12 name: nginx-ingress
13 namespace: nginx-ingress
14
15---
16apiVersion: v1
17kind: Secret
18metadata:
19 name: default-server-secret
20 namespace: nginx-ingress
21type: Opaque
22data:
23 tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN2akNDQWFZQ0NRREFPRjl0THNhWFhEQU5CZ2txaGtpRzl3MEJBUXNGQURBaE1SOHdIUVlEVlFRRERCWk8KUjBsT1dFbHVaM0psYzNORGIyNTBjbTlzYkdWeU1CNFhEVEU0TURreE1qRTRNRE16TlZvWERUSXpNRGt4TVRFNApNRE16TlZvd0lURWZNQjBHQTFVRUF3d1dUa2RKVGxoSmJtZHlaWE56UTI5dWRISnZiR3hsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUwvN2hIUEtFWGRMdjNyaUM3QlBrMTNpWkt5eTlyQ08KR2xZUXYyK2EzUDF0azIrS3YwVGF5aGRCbDRrcnNUcTZzZm8vWUk1Y2Vhbkw4WGM3U1pyQkVRYm9EN2REbWs1Qgo4eDZLS2xHWU5IWlg0Rm5UZ0VPaStlM2ptTFFxRlBSY1kzVnNPazFFeUZBL0JnWlJVbkNHZUtGeERSN0tQdGhyCmtqSXVuektURXUyaDU4Tlp0S21ScUJHdDEwcTNRYzhZT3ExM2FnbmovUWRjc0ZYYTJnMjB1K1lYZDdoZ3krZksKWk4vVUkxQUQ0YzZyM1lma1ZWUmVHd1lxQVp1WXN2V0RKbW1GNWRwdEMzN011cDBPRUxVTExSakZJOTZXNXIwSAo1TmdPc25NWFJNV1hYVlpiNWRxT3R0SmRtS3FhZ25TZ1JQQVpQN2MwQjFQU2FqYzZjNGZRVXpNQ0F3RUFBVEFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWpLb2tRdGRPcEsrTzhibWVPc3lySmdJSXJycVFVY2ZOUitjb0hZVUoKdGhrYnhITFMzR3VBTWI5dm15VExPY2xxeC9aYzJPblEwMEJCLzlTb0swcitFZ1U2UlVrRWtWcitTTFA3NTdUWgozZWI4dmdPdEduMS9ienM3bzNBaS9kclkrcUI5Q2k1S3lPc3FHTG1US2xFaUtOYkcyR1ZyTWxjS0ZYQU80YTY3Cklnc1hzYktNbTQwV1U3cG9mcGltU1ZmaXFSdkV5YmN3N0NYODF6cFErUyt1eHRYK2VBZ3V0NHh3VlI5d2IyVXYKelhuZk9HbWhWNThDd1dIQnNKa0kxNXhaa2VUWXdSN0diaEFMSkZUUkk3dkhvQXprTWIzbjAxQjQyWjNrN3RXNQpJUDFmTlpIOFUvOWxiUHNoT21FRFZkdjF5ZytVRVJxbStGSis2R0oxeFJGcGZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
24 tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdi91RWM4b1JkMHUvZXVJTHNFK1RYZUprckxMMnNJNGFWaEMvYjVyYy9XMlRiNHEvClJOcktGMEdYaVN1eE9ycXgrajlnamx4NXFjdnhkenRKbXNFUkJ1Z1B0ME9hVGtIekhvb3FVWmcwZGxmZ1dkT0EKUTZMNTdlT1l0Q29VOUZ4amRXdzZUVVRJVUQ4R0JsRlNjSVo0b1hFTkhzbysyR3VTTWk2Zk1wTVM3YUhudzFtMApxWkdvRWEzWFNyZEJ6eGc2clhkcUNlUDlCMXl3VmRyYURiUzc1aGQzdUdETDU4cGszOVFqVUFQaHpxdmRoK1JWClZGNGJCaW9CbTVpeTlZTW1hWVhsMm0wTGZzeTZuUTRRdFFzdEdNVWozcGJtdlFmazJBNnljeGRFeFpkZFZsdmwKMm82MjBsMllxcHFDZEtCRThCay90elFIVTlKcU56cHpoOUJUTXdJREFRQUJBb0lCQVFDZklHbXowOHhRVmorNwpLZnZJUXQwQ0YzR2MxNld6eDhVNml4MHg4Mm15d1kxUUNlL3BzWE9LZlRxT1h1SENyUlp5TnUvZ2IvUUQ4bUFOCmxOMjRZTWl0TWRJODg5TEZoTkp3QU5OODJDeTczckM5bzVvUDlkazAvYzRIbjAzSkVYNzZ5QjgzQm9rR1FvYksKMjhMNk0rdHUzUmFqNjd6Vmc2d2szaEhrU0pXSzBwV1YrSjdrUkRWYmhDYUZhNk5nMUZNRWxhTlozVDhhUUtyQgpDUDNDeEFTdjYxWTk5TEI4KzNXWVFIK3NYaTVGM01pYVNBZ1BkQUk3WEh1dXFET1lvMU5PL0JoSGt1aVg2QnRtCnorNTZud2pZMy8yUytSRmNBc3JMTnIwMDJZZi9oY0IraVlDNzVWYmcydVd6WTY3TWdOTGQ5VW9RU3BDRkYrVm4KM0cyUnhybnhBb0dCQU40U3M0ZVlPU2huMVpQQjdhTUZsY0k2RHR2S2ErTGZTTXFyY2pOZjJlSEpZNnhubmxKdgpGenpGL2RiVWVTbWxSekR0WkdlcXZXaHFISy9iTjIyeWJhOU1WMDlRQ0JFTk5jNmtWajJTVHpUWkJVbEx4QzYrCk93Z0wyZHhKendWelU0VC84ajdHalRUN05BZVpFS2FvRHFyRG5BYWkyaW5oZU1JVWZHRXFGKzJyQW9HQkFOMVAKK0tZL0lsS3RWRzRKSklQNzBjUis3RmpyeXJpY05iWCtQVzUvOXFHaWxnY2grZ3l4b25BWlBpd2NpeDN3QVpGdwpaZC96ZFB2aTBkWEppc1BSZjRMazg5b2pCUmpiRmRmc2l5UmJYbyt3TFU4NUhRU2NGMnN5aUFPaTVBRHdVU0FkCm45YWFweUNweEFkREtERHdObit3ZFhtaTZ0OHRpSFRkK3RoVDhkaVpBb0dCQUt6Wis1bG9OOTBtYlF4VVh5YUwKMjFSUm9tMGJjcndsTmVCaWNFSmlzaEhYa2xpSVVxZ3hSZklNM2hhUVRUcklKZENFaHFsV01aV0xPb2I2NTNyZgo3aFlMSXM1ZUtka3o0aFRVdnpldm9TMHVXcm9CV2xOVHlGanIrSWhKZnZUc0hpOGdsU3FkbXgySkJhZUFVWUNXCndNdlQ4NmNLclNyNkQrZG8wS05FZzFsL0FvR0FlMkFVdHVFbFNqLzBmRzgrV3hHc1RFV1JqclRNUzRSUjhRWXQKeXdjdFA4aDZxTGxKUTRCWGxQU05rMXZLTmtOUkxIb2pZT2pCQTViYjhibXNVU1BlV09NNENoaFJ4QnlHbmR2eAphYkJDRkFwY0IvbEg4d1R0alVZYlN5T294ZGt5OEp0ek90ajJhS0FiZHd6NlArWDZDODhjZmxYVFo5MWpYL3RMCjF3TmRKS2tDZ1lCbyt0UzB5TzJ2SWFmK2UwSkN5TGhzVDQ5cTN3Zis2QWVqWGx2WDJ1VnRYejN5QTZnbXo5aCsKcDNlK2JMRUxwb3B0WFhNdUFRR0xhUkcrYlNNcjR5dERYbE5ZSndUeThXczNKY3dlSTdqZVp2b0ZpbmNvVlVIMwphdmxoTUVCRGYxSjltSDB5cDBwWUNaS2ROdHNvZEZtQktzVEtQMjJhTmtsVVhCS3gyZzR6cFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
25
26---
27kind: ConfigMap
28apiVersion: v1
29metadata:
30 name: nginx-config
31 namespace: nginx-ingress
32data:
33 server-names-hash-bucket-size: "1024"
34 enable-opentracing: "true"
35 zipkin-collector-host: "oc-collector.tracing"
36
37
38---
39kind: ClusterRole
40apiVersion: rbac.authorization.k8s.io/v1beta1
41metadata:
42 name: nginx-ingress
43rules:
44- apiGroups:
45 - ""
46 resources:
47 - services
48 - endpoints
49 verbs:
50 - get
51 - list
52 - watch
53- apiGroups:
54 - ""
55 resources:
56 - secrets
57 verbs:
58 - get
59 - list
60 - watch
61- apiGroups:
62 - ""
63 resources:
64 - configmaps
65 verbs:
66 - get
67 - list
68 - watch
69 - update
70 - create
71- apiGroups:
72 - ""
73 resources:
74 - pods
75 verbs:
76 - list
77- apiGroups:
78 - ""
79 resources:
80 - events
81 verbs:
82 - create
83 - patch
84- apiGroups:
85 - extensions
86 resources:
87 - ingresses
88 verbs:
89 - list
90 - watch
91 - get
92- apiGroups:
93 - "extensions"
94 resources:
95 - ingresses/status
96 verbs:
97 - update
98- apiGroups:
99 - k8s.nginx.org
100 resources:
101 - virtualservers
102 - virtualserverroutes
103 verbs:
104 - list
105 - watch
106 - get
107
108---
109kind: ClusterRoleBinding
110apiVersion: rbac.authorization.k8s.io/v1beta1
111metadata:
112 name: nginx-ingress
113subjects:
114- kind: ServiceAccount
115 name: nginx-ingress
116 namespace: nginx-ingress
117roleRef:
118 kind: ClusterRole
119 name: nginx-ingress
120 apiGroup: rbac.authorization.k8s.io
121
122---
123apiVersion: apps/v1
124kind: DaemonSet
125metadata:
126 name: nginx-ingress
127 namespace: nginx-ingress
128 annotations:
129 prometheus.io/scrape: "true"
130 prometheus.io/port: "9113"
131spec:
132 selector:
133 matchLabels:
134 app: nginx-ingress
135 template:
136 metadata:
137 labels:
138 app: nginx-ingress
139 spec:
140 serviceAccountName: nginx-ingress
141 containers:
142 - image: nginx/nginx-ingress:1.5.5
143 name: nginx-ingress
144 ports:
145 - name: http
146 containerPort: 80
147 hostPort: 80
148 - name: https
149 containerPort: 443
150 hostPort: 443
151 - name: prometheus
152 containerPort: 9113
153 env:
154 - name: POD_NAMESPACE
155 valueFrom:
156 fieldRef:
157 fieldPath: metadata.namespace
158 - name: POD_NAME
159 valueFrom:
160 fieldRef:
161 fieldPath: metadata.name
162 args:
163 - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
164 - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
165 #- -v=3 # Enables extensive logging. Useful for troubleshooting.
166 #- -report-ingress-status
167 #- -external-service=nginx-ingress
168 #- -enable-leader-election
169 - -enable-prometheus-metrics
170 #- -enable-custom-resources
171
172---
173
174
配置超时
1apiVersion: linkerd.io/v1alpha2
2kind: ServiceProfile
3metadata:
4 name: xxxx.default.svc.cluster.local
5 namespace: default
6spec:
7 # A service profile defines a list of routes. Linkerd can aggregate metrics
8 # like request volume, latency, and success rate by route.
9 routes:
10 - name: '/xxx.xxx/xxx'
11 timeout: 25ms
12 # Each route must define a condition. All requests that match the
13 # condition will be counted as belonging to that route. If a request
14 # matches more than one route, the first match wins.
15 condition:
16 # The simplest condition is a path regular expression.
17 pathRegex: '/xxx/xxx'
18 # This is a condition that checks the request method.
19 method: POST
获取path指标
linkerd routes svc/webapp linkerd routes deploy/webapp
linkerd routes deploy/webapp --to svc/books
删除
1linkerd install --ignore-cluster | kubectl delete -f -