README.md

Lab: Linkerd

Linkerd is a service sidecar designed to give service owners automatic observability, reliability, and runtime diagnostics for their service without requiring configuration or code changes. Linkerd is also a service mesh, running across an entire cluster to provide platform-wide telemetry, security, and reliability.

Linkerd is a graduated Cloud Native Computing Foundation (CNCF) project.

This lab will focus on the v2 release of Linkerd

Prerequisites

• Complete previous labs:
  • Azure Kubernetes Service
  • Build Application Components in Azure Container Registry
  • Helm Setup and Deploy Application

Instructions

Note: This lab uses a CLI tools that must be installed on your local machine. You will need to connect to your cluster from a local bash shell on your machine. (hint: use az aks get-credentials to setup access locally)

1. Remove the application pods/services from the cluster. We will re-deploy with linkerd.

   helm uninstall service-tracker-ui -n hackfest
   helm uninstall weather-api -n hackfest
   helm uninstall quakes-api -n hackfest
   helm uninstall flights-api -n hackfest
   helm uninstall data-api -n hackfest

2. Install linkerd CLI on your machine

   curl -sL https://run.linkerd.io/install | sh
   
   export PATH=$PATH:$HOME/.linkerd2/bin

   # verify CLI (ignore that the server version is unavailable)
   linkerd version
   
   Client version: stable-2.11.0
   Server version: unavailable

3. Validate your Kubernetes cluster

   linkerd check --pre
   
   ...
   
   Status check results are [ok]

4. Install linkerd server components into AKS

   linkerd install | kubectl apply -f -

5. Validate

   linkerd check
   
   ...
   
   Status check results are [ok]

6. Install viz extension

   linkerd viz install | kubectl apply -f - # install the on-cluster metrics stack

7. Open the Dashboard

   linkerd viz dashboard

   Browse the dashboard:

   

8. Use helm template to create manifest for injection

   helm template ./kubernetes-hackfest/charts/data-api > ./kubernetes-hackfest/data-api.yaml
   helm template ./kubernetes-hackfest/charts/flights-api > ./kubernetes-hackfest/flights-api.yaml
   helm template ./kubernetes-hackfest/charts/quakes-api > ./kubernetes-hackfest/quakes-api.yaml
   helm template ./kubernetes-hackfest/charts/weather-api > ./kubernetes-hackfest/weather-api.yaml
   helm template ./kubernetes-hackfest/charts/service-tracker-ui > ./kubernetes-hackfest/service-tracker-ui.yaml

9. Re-deploy application using linkerd inject

   linkerd inject ./kubernetes-hackfest/data-api.yaml | kubectl apply -n hackfest -f -
   linkerd inject ./kubernetes-hackfest/flights-api.yaml | kubectl apply -n hackfest -f -
   linkerd inject ./kubernetes-hackfest/quakes-api.yaml | kubectl apply -n hackfest -f -
   linkerd inject ./kubernetes-hackfest/weather-api.yaml | kubectl apply -n hackfest -f -
   linkerd inject ./kubernetes-hackfest/service-tracker-ui.yaml | kubectl apply -n hackfest -f -

10. Load test and review traffic in Dashboard

    Note: There are a few ways we could create traffic on the API layer. You could create a load test pod in the cluster that hits the API's on internal IP addresses. Below is a simple setup just for lab purposes.

    • Expose one of the API's as a public IP

      kubectl patch svc flights-api -n hackfest -p '{"spec":{"type":"LoadBalancer"}}'

    • Get the IP address of one of your API's

      kubectl get svc flights-api -n hackfest
      
      NAME          TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
      flights-api   ClusterIP   10.0.75.165   13.10.293.100 3003/TCP   100s

    • Create a variable with the URL

      export APP_URL=http://<your_ip_address>:3003/status
      while true; do curl -o /dev/null -s -w "%{http_code}\n" $APP_URL; sleep 1; done

11. Try some other Linkerd features

• Automating injection.
• Setup mTLS encryption.
• Routing and Service Profiles.
• Server policy.

Troubleshooting / Debugging

Finding the bad path with Emojivoto

In this section you'll have to work out the solution on your own. Some steps have been provided but ultimately you'll need to use Linkerd to determine what's going wrong with your application.

1. Install emojivoto

   curl -sL https://run.linkerd.io/emojivoto.yml | linkerd inject - | kubectl apply -f -

2. Launch the Linkerd dashboard

   linkerd viz dashboard

   Browse the dashboard:

   

3. Figure out what's breaking emojivoto!

   • Sort namespaces by success rate
   • Go into the emojivoto namespace
   • Look at the application graph
   • Sort deployments by success rate
   • Browse to a deployment and view the live api calls
   • Can you see which component is the root of the issue?
   • Can you see which specific path is failing?

Still having trouble? View the step by step cli commands here.

Mitigate an issue with retries

In this section we will diagnose and repair an issue with a sample application using Linkerd's service profile resource.

1. Install Booksapp

   kubectl create ns booksapp
   
   curl -sL https://run.linkerd.io/booksapp.yml | kubectl -n booksapp apply -f -

2. Access the app

   You can do this a number of different ways, expose it via a load balancer, add a mapping for your ingress, or port-forward it via the cli. We will show how to get to it from the cli.

   kubectl -n booksapp port-forward svc/webapp 7000

   • Browse to localhost:7000
   • try adding a new book a few times and see if you run into an issue

3. Make some service profiles

   # Create our first service profile using a swagger file
   
   curl -sL https://run.linkerd.io/booksapp/webapp.swagger | linkerd -n booksapp profile --open-api - webapp
   
   # Inspect the resulting yaml
   
   # Begin applying service profiles
   
   curl -sL https://run.linkerd.io/booksapp/webapp.swagger | linkerd -n booksapp profile --open-api - webapp | kubectl -n booksapp apply -f -
   
   curl -sL https://run.linkerd.io/booksapp/authors.swagger | linkerd -n booksapp profile --open-api - authors | kubectl -n booksapp apply -f -
   
   curl -sL https://run.linkerd.io/booksapp/books.swagger | linkerd -n booksapp profile --open-api - books | kubectl -n booksapp apply -f -
   
   # Check out the new service profile objects
   
   kubectl get serviceprofile
   

4. Diagnose our app using serviceprofiles

   We're going to use the linkerd cli to inspect our routes. Routes come from service profiles and allow us to instrument things like retries.

   linkerd viz -n booksapp routes svc/webapp
   
   linkerd viz -n booksapp routes deploy/webapp --to svc/books
   
   linkerd viz -n booksapp routes deploy/books --to svc/authors

   • Those commands will show you the current status on the booksapp routes
   • Can you diagnose the issue by looking at the routes?
   • Continue to the next section once you see the problem or get bored of looking

5. Fix it with retries

   Now that we've diagnosed the issue we can repair it using serviceprofiles!

   # Edit the service profile for the authors service
   kubectl -n booksapp edit sp/authors.booksapp.svc.cluster.local
   
   # in the editor go down to the route named HEAD /authors/{id}.json and add a new value after the name.
   ## Add the following to the yaml at the same indent as name:
   ## isRetryable: true
   

   Now you should be able to watch booksapp begin succeeding on it's end to end calls. For more information along with a step by step video please see this talk.

Docs / References

• Linkerd on Github
• Linkerd docs
• Linkerd Slack community