Linkerd2 (曾命名为 Conduit) 是 Buoyant 公司推出的下一代轻量级服务网格框架,开源在 https://github.com/linkerd/linkerd2。与 linkerd 不同的是,它专用于 Kubernetes 集群中,并且比 linkerd 更轻量级(基于 Rust 和 Go,没有了 JVM 等大内存的开销),可以以 sidecar 的方式把代理服务跟实际服务的 Pod 运行在一起(这点跟 Istio 类似)。Linkerd2 的主要特性包括:

  • 轻量级,速度快,每个代理容器仅占用 10mb RSS,并且额外延迟只有亚毫妙级
  • 安全,基于 Rust,默认开启 TLS
  • 端到端可视化
  • 增强 Kubernetes 的可靠性、可视性以及安全性

部署

  1. $ linkerd install | kubectl apply -f -
  2. namespace/linkerd configured
  3. serviceaccount/linkerd-controller configured
  4. clusterrole.rbac.authorization.k8s.io/linkerd-linkerd-controller configured
  5. clusterrolebinding.rbac.authorization.k8s.io/linkerd-linkerd-controller configured
  6. serviceaccount/linkerd-prometheus configured
  7. clusterrole.rbac.authorization.k8s.io/linkerd-linkerd-prometheus configured
  8. clusterrolebinding.rbac.authorization.k8s.io/linkerd-linkerd-prometheus configured
  9. service/api configured
  10. service/proxy-api configured
  11. deployment.extensions/controller configured
  12. service/web configured
  13. deployment.extensions/web configured
  14. service/prometheus configured
  15. deployment.extensions/prometheus configured
  16. configmap/prometheus-config configured
  17. service/grafana configured
  18. deployment.extensions/grafana configured
  19. configmap/grafana-config configured
  20. $ kubectl -n linkerd get svc
  21. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
  22. api ClusterIP 10.0.173.27 <none> 8085/TCP 163m
  23. grafana ClusterIP 10.0.49.44 <none> 3000/TCP 163m
  24. prometheus ClusterIP 10.0.205.82 <none> 9090/TCP 163m
  25. proxy-api ClusterIP 10.0.170.201 <none> 8086/TCP 163m
  26. web ClusterIP 10.0.88.136 <none> 8084/TCP,9994/TCP 163m
  27. $ kubectl -n linkerd get pod
  28. NAME READY STATUS RESTARTS AGE
  29. controller-67489d768d-75wjz 5/5 Running 0 163m
  30. grafana-5df745d8b8-pv6tf 2/2 Running 0 163m
  31. prometheus-d96f9bf89-2s6jg 2/2 Running 0 163m
  32. web-5cd59f97b6-wf8nk 2/2 Running 0 57s

Dashboard

  1. $ linkerd dashboard
  2. Linkerd dashboard available at:
  3. http://127.0.0.1:37737/api/v1/namespaces/linkerd/services/web:http/proxy/
  4. Grafana dashboard available at:
  5. http://127.0.0.1:37737/api/v1/namespaces/linkerd/services/grafana:http/proxy/
  6. Opening Linkerd dashboard in the default browser

Linkerd2 - 图1

示例应用

  1. curl https://run.linkerd.io/emojivoto.yml \
  2. | linkerd inject - \
  3. | kubectl apply -f -

查看服务的网络流量统计情况:

  1. linkerd -n emojivoto stat deployment
  2. NAME MESHED SUCCESS RPS LATENCY_P50 LATENCY_P95 LATENCY_P99 TLS
  3. emoji 1/1 100.00% 8.1rps 1ms 1ms 1ms 0%
  4. vote-bot 1/1 - - - - - -
  5. voting 1/1 87.88% 1.1rps 1ms 1ms 1ms 0%
  6. web 1/1 93.65% 2.1rps 1ms 9ms 88ms 0%

跟踪服务的网络流量

  1. $ linkerd -n emojivoto tap deploy voting
  2. req id=0:809 src=10.244.6.239:57202 dst=10.244.1.237:8080 :method=POST :authority=voting-svc.emojivoto:8080 :path=/emojivoto.v1.VotingService/VoteDoughnut
  3. rsp id=0:809 src=10.244.6.239:57202 dst=10.244.1.237:8080 :status=200 latency=478µs
  4. end id=0:809 src=10.244.6.239:57202 dst=10.244.1.237:8080 grpc-status=OK duration=7µs response-length=5B
  5. req id=0:810 src=10.244.6.239:57202 dst=10.244.1.237:8080 :method=POST :authority=voting-svc.emojivoto:8080 :path=/emojivoto.v1.VotingService/VoteDoughnut
  6. rsp id=0:810 src=10.244.6.239:57202 dst=10.244.1.237:8080 :status=200 latency=419µs
  7. end id=0:810 src=10.244.6.239:57202 dst=10.244.1.237:8080 grpc-status=OK duration=8µs response-length=5B

参考文档