Installing Linkerd with Helm
6 min read | by Jordi Prats
Linkerd is a service mesh that provides observability, reliability, and security for your Kubernetes applications. We can choose to install Linkerd using helm or it's linkerd CLI tool, which is a more hands-on way of achieving the same.
Since in the linkerd documentations is explicitly recommending to use helm for production environments, we are going to do exactly that.
- Install linkerd CLI
- Linkerd prerequisites
- Install helm repository
- Install linkerd CRDs
- Install linkerd control plane
- Verify the installation
- Installing Linkerd Viz (dashboard)
- Install demo application
Install linkerd CLI
Even if we are going to use helm to install Linkerd, we need to install the linkerd CLI tool to check the installation and interact with the service mesh. There are several ways to install the linkerd CLI, but maybe the easiest way is using brew:
brew install linkerd Linkerd prerequisites
As soon as we have the linkerd CLI installed, we can for the installation prerequisites using:
$ linkerd check --pre Linkerd core checks =================== kubernetes-api -------------- √ can initialize the client √ can query the Kubernetes API kubernetes-version ------------------ √ is running the minimum Kubernetes API version √ is running the minimum kubectl version pre-kubernetes-setup -------------------- √ control plane namespace does not already exist √ can create non-namespaced resources √ can create ServiceAccounts √ can create Services √ can create Deployments √ can create CronJobs √ can create ConfigMaps √ can create Secrets √ can read Secrets √ can read extension-apiserver-authentication configmap √ no clock skew detected linkerd-version --------------- √ can determine the latest version √ cli is up-to-date Status check results are √ Install helm repository
To be able to install Linkerd using helm, we need to add the Linkerd repository to helm. We can choose between the stable (https://helm.linkerd.io/stable) or the edge (https://helm.linkerd.io/edge) repository:
helm repo add linkerd-edge https://helm.linkerd.io/edge helm repo update Install linkerd CRDs
The first step to install Linkerd is to install the Custom Resource Definitions (CRDs). We can install them using a dedicated helm chart:
helm install linkerd-crds linkerd-edge/linkerd-crds -n linkerd --create-namespace Install linkerd control plane
To be able to install the Linkerd control plane, we need to generate some certificates. If you don't have the step tool installed, you can install it using brew:
brew install step Then, we can generate the certificates as follows:
$ step certificate create root.linkerd.cluster.local ca.crt ca.key \ > --profile root-ca --no-password --insecure Your certificate has been saved in ca.crt. Your private key has been saved in ca.key. $ ls ca.crt ca.key $ step certificate create identity.linkerd.cluster.local issuer.crt issuer.key \ > --profile intermediate-ca --not-after 8760h --no-password --insecure \ > --ca ca.crt --ca-key ca.key Your certificate has been saved in issuer.crt. Your private key has been saved in issuer.key. $ ls ca.crt ca.key issuer.crt issuer.key Using these files we can now install the Linkerd control plane:
helm install linkerd-control-plane \ -n linkerd \ --set-file identityTrustAnchorsPEM=ca.crt \ --set-file identity.issuer.tls.crtPEM=issuer.crt \ --set-file identity.issuer.tls.keyPEM=issuer.key \ linkerd-edge/linkerd-control-plane It will take a few seconds to have the control plane up and running:
$ kubectl get pods -n linkerd NAME READY STATUS RESTARTS AGE linkerd-destination-75656bc467-95dd7 4/4 Running 0 69s linkerd-identity-c6f966b5c-b9g5j 2/2 Running 0 69s linkerd-proxy-injector-54c4786c79-89zqg 2/2 Running 0 69s Verify the installation
Once the installation is completed, we can check the status of the installation using the linkerd check command:
$ linkerd check Linkerd core checks =================== kubernetes-api -------------- √ can initialize the client √ can query the Kubernetes API kubernetes-version ------------------ √ is running the minimum Kubernetes API version √ is running the minimum kubectl version linkerd-existence ----------------- √ 'linkerd-config' config map exists √ heartbeat ServiceAccount exist √ control plane replica sets are ready √ no unschedulable pods √ control plane pods are ready linkerd-config -------------- √ control plane Namespace exists √ control plane ClusterRoles exist √ control plane ClusterRoleBindings exist √ control plane ServiceAccounts exist √ control plane CustomResourceDefinitions exist √ control plane MutatingWebhookConfigurations exist √ control plane ValidatingWebhookConfigurations exist linkerd-identity ---------------- √ certificate config is valid √ trust anchors are using supported crypto algorithm √ trust anchors are within their validity period √ trust anchors are valid for at least 60 days √ issuer cert is using supported crypto algorithm √ issuer cert is within its validity period √ issuer cert is valid for at least 60 days √ issuer cert is issued by the trust anchor linkerd-webhooks-and-apisvc-tls ------------------------------- √ proxy-injector webhook has valid cert √ proxy-injector cert is valid for at least 60 days √ sp-validator webhook has valid cert √ sp-validator cert is valid for at least 60 days √ policy-validator webhook has valid cert √ policy-validator cert is valid for at least 60 days linkerd-version --------------- √ can determine the latest version √ cli is up-to-date control-plane-version --------------------- √ can retrieve the control plane version √ control plane is up-to-date √ control plane and cli versions match linkerd-control-plane-proxy --------------------------- √ control plane proxies are healthy √ control plane proxies are up-to-date √ control plane proxies and cli versions match Status check results are √ Installing Linkerd Viz (dashboard)
To be able to visualize the Linkerd metrics, we can install the Linkerd Viz dashboard using helm as well:
helm install linkerd-viz -n linkerd-viz --create-namespace linkerd-edge/linkerd-viz Once installed, we can access it using the linkerd CLI:
$ linkerd viz dashboard Linkerd dashboard available at: http://localhost:50750 Grafana dashboard available at: http://localhost:50750/grafana Opening Linkerd dashboard in the default browser This will open the Linkerd dashboard in your default browser, or you can access it using the URL provided in the output:
Install demo application
To test the installation, we can install a demo application that will be used to generate some traffic and visualize it in the Linkerd dashboard. To inject the linkerd annotations (linkerd.io/inject=enabled) in the demo application, we can use the linkerd inject command:
k create ns emojivoto curl https://run.linkerd.io/emojivoto.yml | linkerd inject - | kubectl apply -n emojivoto -f - This will create Pods in the emojivoto namespace that we can use to visualize the traffic in the Linkerd dashboard:
$ kubectl get pods -n emojivoto NAME READY STATUS RESTARTS AGE emoji-894859469-w9dvw 1/1 Running 0 22s vote-bot-57d8c8bb44-j6f6d 1/1 Running 0 22s voting-6487586c64-wzrcm 1/1 Running 0 22s web-f68fdff7b-8rdwd 1/1 Running 0 22s Now, if we access the Linkerd dashboard, we should see the demo application in the dashboard and since it is meshed, we should see the traffic flowing through the application:
Posted on 19/03/2025