Linkerd: Up and Running - Helion

ebook

Autor: Jason Morgan, Flynn
ISBN: 9781098142278
stron: 262, Format: ebook
Data wydania: 2024-04-11
Księgarnia: Helion

Cena książki: 211,65 zł (poprzednio: 246,10 zł)
Oszczędzasz: 14% (-34,45 zł)

Osoby, które kupiły tę książkę, wybierały także »

With the massive adoption of microservices, operators and developers face far more complexity in their applications today. Service meshes can help you manage this problem by providing a unified control plane to secure, manage, and monitor your entire network. This practical guide shows you how the Linkerd service mesh enables cloud-native developers—including platform and site reliability engineers—to solve the thorny issue of running distributed applications in Kubernetes.

Jason Morgan and Flynn draw on their years of experience at Buoyant—the creators of Linkerd—to demonstrate how this service mesh can help ensure that your applications are secure, observable, and reliable. You'll understand why Linkerd, the original service mesh, can still claim the lowest time to value of any mesh option available today.

Learn how Linkerd works and which tasks it can help you accomplish
Install and configure Linkerd in an imperative and declarative manner
Secure interservice traffic and set up secure multicluster links
Launch a zero trust authorization strategy in Kubernetes clusters
Organize services in Linkerd to override error codes, set custom retries, and create timeouts
Use Linkerd to manage progressive delivery and pair this service mesh with the ingress of your choice

Osoby które kupowały "Linkerd: Up and Running", wybierały także:

Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)
Od hierarchii do turkusu, czyli jak zarządzać w XXI wieku 58,64 zł, (12,90 zł -78%)

Spis treści

Linkerd: Up and Running eBook -- spis treści

Preface
- Who Should Read This Book
- Why We Wrote This Book
- Navigating This Book
- Conventions Used in This Book
- Using Code Examples
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
1. Service Mesh 101
- Basic Mesh Functionality
  - Security
  - Reliability
  - Observability
- How Do Meshes Actually Work?
- So Why Do We Need This?
- Summary
2. Intro to Linkerd
- Where Does Linkerd Come From?
  - Linkerd1
  - Linkerd2
  - The Linkerd Proxy
- Linkerd Architecture
  - mTLS and Certificates
  - Certifying Authorities
  - The Linkerd Control Plane
  - Linkerd Extensions
    - Linkerd Viz
      - Web
      - Tap
      - Tap injector
      - Metrics API
      - Prometheus and Grafana
    - Linkerd Multicluster
    - Linkerd Jaeger
    - Linkerd CNI
    - Linkerd SMI
- Summary
3. Deploying Linkerd
- Considerations
  - Linkerd Versioning
    - Stable
    - Edge
  - Workloads, Pods, and Services
  - TLS certificates
  - Linkerd Viz
- Deploying Linkerd
  - Required Tools
  - Provisioning a Kubernetes Cluster
  - Installing Linkerd via the CLI
  - Installing Linkerd via Helm
    - Generate Linkerd certificates
    - Helm install
- Configuring Linkerd
  - Cluster Networks
  - Linkerd Control Plane Resources
  - Opaque and Skip Ports
- Summary
4. Adding Workloads to the Mesh
- Workloads Versus Services
- What Does It Mean to Add a Workload to the Mesh?
- Injecting Individual Workloads
- Injecting All Workloads in a Namespace
- linkerd.io/inject Values
- Why Might You Decide Not to Add a Workload to the Mesh?
- Other Proxy Configuration Options
- Protocol Detection
  - When Protocol Detection Goes Wrong
  - Opaque Ports Versus Skip Ports
  - Configuring Protocol Detection
  - Default Opaque Ports
- Kubernetes Resource Limits
- Summary
5. Ingress and Linkerd
- Ingress Controllers with Linkerd
- The Ingress Controller Is Just Another Meshed Workload
- Linkerd Is (Mostly) Invisible
  - Use Cleartext Within the Cluster
  - Route to Services, Not Endpoints
  - Ingress Mode
- Specific Ingress Controller Examples
  - Emissary-ingress
  - NGINX
  - Envoy Gateway
- Summary
6. The Linkerd CLI
- Installing the CLI
  - Updating the CLI
  - Installing a Specific Version
  - Alternate Ways to Install
- Using the CLI
- Selected Commands
  - linkerd version
  - linkerd check
    - linkerd check --pre
    - linkerd check --proxy
    - Linkerd extension checks
    - Additional options for linkerd check
  - linkerd inject
    - Injecting in ingress mode
    - Injecting manually
    - Injecting the debug sidecar
  - linkerd identity
  - linkerd diagnostics
    - Gathering metrics
    - Checking for endpoints
    - Diagnosing policy
- Summary
7. mTLS, Linkerd, and Certificates
- Secure Communications
  - TLS and mTLS
  - mTLS and Certificates
  - Linkerd and mTLS
- Certificates and Linkerd
  - The Linkerd Trust Anchor
  - The Linkerd Identity Issuer
  - Linkerd Workload Certificates
  - Certificate Lifetimes and Rotation
  - Certificate Management in Linkerd
  - Automatic Certificate Management with cert-manager
    - Installing cert-manager
    - Configuring cert-manager for Linkerd
    - Installing Linkerd using cert-manager
- Summary
8. Linkerd Policy: Overview and Server-Based Policy
- Linkerd Policy Overview
  - Linkerd Default Policy
  - Linkerd Policy Resources
    - Server
    - HTTPRoute
    - MeshTLSAuthentication
    - NetworkAuthentication
    - AuthorizationPolicy
  - Server-Based Policy Versus Route-Based Policy
- Server-Based Policy with the emojivoto Application
  - Configuring the Default Policy
    - Cluster default policy
    - Namespace default policy
  - Configuring Dynamic Policy
    - Namespace isolation
    - Allowing Linkerd Viz
    - Locking down by port and identity
- Summary
9. Linkerd Route-Based Policy
- Route-Based Policy Overview
- The booksapp Sample Application
  - Installing booksapp
- Configuring booksapp Policy
  - Infrastructure Policy
  - Read-Only Access
  - Enabling Write Access
  - Allowing Writes to books
  - Reenabling the Traffic Generator
- Summary
10. Observing Your Platform with Linkerd
- Why Do We Need This?
- How Does Linkerd Help?
- Observability in Linkerd
  - Setting Up Your Cluster
  - Tap
  - Service Profiles
    - Configuring routes for emojivoto
    - Building routes for booksapp
  - Topology
- Linkerd Viz
- Audit Trails and Access Logs
  - Access Logging: The Good, the Bad, and the Ugly
    - The good
    - The bad
    - The ugly
  - Enabling Access Logging
- Summary
11. Ensuring Reliability with Linkerd
- Load Balancing
- Retries
  - Retry Budgets
  - Configuring Retries
  - Configuring the Budget
- Timeouts
  - Configuring Timeouts
- Traffic Shifting
  - Traffic Shifting, Gateway API, and the Linkerd SMI Extension
  - Setting Up Your Environment
  - Weight-Based Routing (Canary)
    - Service versus Service: ClusterIPs, endpoints, and HTTPRoutes
  - Header-Based Routing (A/B Testing)
  - Traffic Shifting Summary
- Circuit Breaking
  - Enabling Circuit Breaking
  - Tuning Circuit Breaking
- Summary
12. Multicluster Communication with Linkerd
- Types of Multicluster Setups
  - Gateway-Based Multicluster
  - Pod-to-Pod Multicluster
  - Gateways Versus Pod-to-Pod
- Multicluster Certificates
- Cross-Cluster Service Discovery
- Setting Up for Multicluster
  - Continuing with a Gateway-Based Setup
  - Continuing with a Pod-to-Pod Setup
  - Multicluster Gotchas
- Deploying and Connecting an Application
- Checking Traffic
- Policy in Multicluster Environments
- Summary
13. Linkerd CNI Versus Init Containers
- Kubernetes sans Linkerd
  - Nodes, Pods, and More
  - Networking in Kubernetes
  - The Role of the Packet Filter
  - The Container Networking Interface
  - The Kubernetes Pod Startup Process
- Kubernetes and Linkerd
  - The Init Container Approach
  - The Linkerd CNI Plugin Method
  - Races and Ordering
    - Container ordering
    - CNI plugin ordering
- Summary
14. Production-Ready Linkerd
- Linkerd Community Resources
  - Getting Help
  - Responsible Disclosure
  - Kubernetes Compatibility
- Going to Production with Linkerd
  - Stable or Edge?
  - Preparing Your Environment
  - Configuring Linkerd for High Availability
    - What does HA mode do?
    - High availability installation with Helm
    - High availability installation with the CLI
- Monitoring Linkerd
  - Certificate Health and Expiration
  - Control Plane
  - Data Plane
  - Metrics Collection
  - Linkerd Viz for Production Use
  - Accessing Linkerd Logs
- Upgrading Linkerd
  - Upgrading via Helm
  - Upgrading via the CLI
- Readiness Checklist
- Summary
15. Debugging Linkerd
- Diagnosing Data Plane Issues
  - Common Linkerd Data Plane Failures
    - Pods failing to start
    - Intermittent proxy errors
  - Setting Proxy Log Levels
- Debugging the Linkerd Control Plane
  - Linkerd Control Plane and Availability
  - The Core Control Plane
    - The identity controller
    - The destination controller
    - The proxy injector
  - Linkerd Extensions
- Summary
Index