134 lines
4.9 KiB
Plaintext
134 lines
4.9 KiB
Plaintext
{{ template "chart.header" . }}
|
|
{{ template "chart.description" . }}
|
|
|
|
{{ template "chart.versionBadge" . }}
|
|
{{ template "chart.typeBadge" . }}
|
|
{{ template "chart.appVersionBadge" . }}
|
|
|
|
{{ template "chart.homepageLine" . }}
|
|
|
|
## Quickstart and documentation
|
|
|
|
You can run Linkerd on any Kubernetes cluster in a matter of seconds. See the
|
|
[Linkerd Getting Started Guide][getting-started] for how.
|
|
|
|
For more comprehensive documentation, start with the [Linkerd
|
|
docs][linkerd-docs].
|
|
|
|
## Prerequisite: linkerd-crds chart
|
|
|
|
Before installing this chart, please install the `linkerd-crds` chart, which
|
|
creates all the CRDs that the components from the current chart require.
|
|
|
|
## Prerequisite: identity certificates
|
|
|
|
The identity component of Linkerd requires setting up a trust anchor
|
|
certificate, and an issuer certificate with its key. These need to be provided
|
|
to Helm by the user (unlike when using the `linkerd install` CLI which can
|
|
generate these automatically). You can provide your own, or follow [these
|
|
instructions](https://linkerd.io/2/tasks/generate-certificates/) to generate new
|
|
ones.
|
|
|
|
Alternatively, both trust anchor and identity issuer certificates may be
|
|
derived from in-cluster resources. Existing CA (trust anchor) certificates
|
|
**must** live in a `ConfigMap` resource named `linkerd-identity-trust-roots`.
|
|
Issuer certificates **must** live in a `Secret` named
|
|
`linkerd-identity-issuer`. Both resources should exist in the control-plane's
|
|
install namespace. In order to use an existing CA, Linkerd needs to be
|
|
installed with `identity.externalCA=true`. To use an existing issuer
|
|
certificate, Linkerd should be installed with
|
|
`identity.issuer.scheme=kubernetes.io/tls`.
|
|
|
|
A more comprehensive description is in the [automatic certificate rotation
|
|
guide](https://linkerd.io/2.12/tasks/automatically-rotating-control-plane-tls-credentials/#a-note-on-third-party-cert-management-solutions).
|
|
|
|
Note that the provided certificates must be ECDSA certificates.
|
|
|
|
## Adding Linkerd's Helm repository
|
|
|
|
Included here for completeness-sake, but should have already been added when
|
|
`linkerd-base` was installed.
|
|
|
|
```bash
|
|
# To add the repo for Linkerd edge releases:
|
|
helm repo add linkerd https://helm.linkerd.io/edge
|
|
```
|
|
|
|
## Installing the chart
|
|
|
|
You must provide the certificates and keys described in the preceding section,
|
|
and the same expiration date you used to generate the Issuer certificate.
|
|
|
|
```bash
|
|
helm install linkerd-control-plane -n linkerd \
|
|
--set-file identityTrustAnchorsPEM=ca.crt \
|
|
--set-file identity.issuer.tls.crtPEM=issuer.crt \
|
|
--set-file identity.issuer.tls.keyPEM=issuer.key \
|
|
linkerd/linkerd-control-plane
|
|
```
|
|
|
|
Note that you require to install this chart in the same namespace you installed
|
|
the `linkerd-base` chart.
|
|
|
|
## Setting High-Availability
|
|
|
|
Besides the default `values.yaml` file, the chart provides a `values-ha.yaml`
|
|
file that overrides some default values as to set things up under a
|
|
high-availability scenario, analogous to the `--ha` option in `linkerd install`.
|
|
Values such as higher number of replicas, higher memory/cpu limits and
|
|
affinities are specified in that file.
|
|
|
|
You can get ahold of `values-ha.yaml` by fetching the chart files:
|
|
|
|
```bash
|
|
helm fetch --untar linkerd/linkerd-control-plane
|
|
```
|
|
|
|
Then use the `-f` flag to provide the override file, for example:
|
|
|
|
```bash
|
|
helm install linkerd-control-plane -n linkerd \
|
|
--set-file identityTrustAnchorsPEM=ca.crt \
|
|
--set-file identity.issuer.tls.crtPEM=issuer.crt \
|
|
--set-file identity.issuer.tls.keyPEM=issuer.key \
|
|
-f linkerd2/values-ha.yaml
|
|
linkerd/linkerd-control-plane
|
|
```
|
|
|
|
## Get involved
|
|
|
|
* Check out Linkerd's source code at [GitHub][linkerd2].
|
|
* Join Linkerd's [user mailing list][linkerd-users], [developer mailing
|
|
list][linkerd-dev], and [announcements mailing list][linkerd-announce].
|
|
* Follow [@linkerd][twitter] on Twitter.
|
|
* Join the [Linkerd Slack][slack].
|
|
|
|
[getting-started]: https://linkerd.io/2/getting-started/
|
|
[linkerd2]: https://github.com/linkerd/linkerd2
|
|
[linkerd-announce]: https://lists.cncf.io/g/cncf-linkerd-announce
|
|
[linkerd-dev]: https://lists.cncf.io/g/cncf-linkerd-dev
|
|
[linkerd-docs]: https://linkerd.io/2/overview/
|
|
[linkerd-users]: https://lists.cncf.io/g/cncf-linkerd-users
|
|
[slack]: http://slack.linkerd.io
|
|
[twitter]: https://twitter.com/linkerd
|
|
|
|
## Extensions for Linkerd
|
|
|
|
The current chart installs the core Linkerd components, which grant you
|
|
reliability and security features. Other functionality is available through
|
|
extensions. Check the corresponding docs for each one of the following
|
|
extensions:
|
|
|
|
* Observability:
|
|
[Linkerd-viz](https://github.com/linkerd/linkerd2/blob/main/viz/charts/linkerd-viz/README.md)
|
|
* Multicluster:
|
|
[Linkerd-multicluster](https://github.com/linkerd/linkerd2/blob/main/multicluster/charts/linkerd-multicluster/README.md)
|
|
* Tracing:
|
|
[Linkerd-jaeger](https://github.com/linkerd/linkerd2/blob/main/jaeger/charts/linkerd-jaeger/README.md)
|
|
|
|
{{ template "chart.requirementsSection" . }}
|
|
|
|
{{ template "chart.valuesSection" . }}
|
|
|
|
{{ template "helm-docs.versionFooter" . }}
|