install
Output Kubernetes configs to install Linkerd.
This command provides all Kubernetes configs necessary to install the Linkerd control plane.
For further details on how to install Linkerd onto your own cluster, check out the install documentation.
Examples
# Default install.
linkerd install | kubectl apply -f -
# Install Linkerd into a non-default namespace.
linkerd install -l linkerdtest | kubectl apply -f -
# Installation may also be broken up into two stages by user privilege, via
# subcommands.
The installation can be configured by using the --set, --values, --set-string and --set-file flags.
A full list of configurable values can be found at https://www.github.com/linkerd/linkerd2/tree/main/charts/linkerd2/README.md
Flags
Flag | Usage |
---|---|
--admin-port | Proxy port to serve metrics on |
--cluster-domain | Set custom cluster domain |
--control-plane-tracing | Enables Control Plane Tracing with the defaults |
--control-plane-tracing-namespace | Send control plane traces to Linkerd-Jaeger extension in this namespace |
--control-plane-version | Tag to be used for the control plane component images |
--control-port | Proxy port to use for control |
--controller-log-level | Log level for the controller and web components |
--controller-replicas | Replicas of the controller to deploy |
--controller-uid | Run the control plane components under this user ID |
--disable-h2-upgrade | Prevents the controller from instructing proxies to perform transparent HTTP/2 upgrading (default false) |
--disable-heartbeat | Disables the heartbeat cronjob (default false) |
--enable-endpoint-slices | Enables the usage of EndpointSlice informers and resources for destination service |
--enable-external-profiles | Enable service profiles for non-Kubernetes services |
--ha | Enable HA deployment config for the control plane (default false) |
--identity-clock-skew-allowance | The amount of time to allow for clock skew within a Linkerd cluster |
--identity-external-ca | Whether to use an external CA provider (default false) |
--identity-external-issuer | Whether to use an external identity issuer (default false) |
--identity-issuance-lifetime | The amount of time for which the Identity issuer should certify identity |
--identity-issuer-certificate-file | A path to a PEM-encoded file containing the Linkerd Identity issuer certificate (generated by default) |
--identity-issuer-key-file | A path to a PEM-encoded file containing the Linkerd Identity issuer private key (generated by default) |
--identity-trust-anchors-file | A path to a PEM-encoded file containing Linkerd Identity trust anchors (generated by default) |
--identity-trust-domain | Configures the name suffix used for identities. |
--ignore-cluster | Ignore the current Kubernetes cluster when checking for existing cluster configuration (default false) |
--image-pull-policy | Docker image pull policy |
--inbound-port | Proxy port to use for inbound traffic |
--init-image | Linkerd init container image name |
--init-image-version | Linkerd init container image version |
--linkerd-cni-enabled | Omit the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed |
--outbound-port | Proxy port to use for outbound traffic |
--proxy-cpu | Amount of CPU units that the proxy sidecar requests |
--proxy-cpu-limit | Maximum amount of CPU units that the proxy sidecar can use |
--proxy-cpu-request | Amount of CPU units that the proxy sidecar requests |
--proxy-image | Linkerd proxy container image name |
--proxy-log-level | Log level for the proxy |
--proxy-memory | Amount of Memory that the proxy sidecar requests |
--proxy-memory-limit | Maximum amount of Memory that the proxy sidecar can use |
--proxy-memory-request | Amount of Memory that the proxy sidecar requests |
--proxy-uid | Run the proxy under this user ID |
--proxy-version -v | Tag to be used for the Linkerd proxy images |
--registry | Docker registry to pull images from ($LINKERD_DOCKER_REGISTRY) |
--set | set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) |
--set-file | set values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2) |
--set-string | set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) |
--skip-inbound-ports | Ports and/or port ranges (inclusive) that should skip the proxy and send directly to the application |
--skip-outbound-ports | Outbound ports and/or port ranges (inclusive) that should skip the proxy |
--values -f | specify values in a YAML file or a URL (can specify multiple) |
Subcommands
Install supports subcommands as part of the Multi-stage install feature.
config
Output Kubernetes cluster-wide resources to install Linkerd.
This command provides Kubernetes configs necessary to install cluster-wide resources for the Linkerd control plane. This command should be followed by “linkerd install control-plane”.
Examples
# Default install.
linkerd install config | kubectl apply -f -
# Install Linkerd into a non-default namespace.
linkerd install config -L linkerdtest | kubectl apply -f -
The installation can be configured by using the --set, --values, --set-string and --set-file flags.
A full list of configurable values can be found at https://www.github.com/linkerd/linkerd2/tree/main/charts/linkerd2/README.md
Flags
Flag | Usage |
---|---|
--linkerd-cni-enabled | Omit the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed |
--set | set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) |
--set-file | set values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2) |
--set-string | set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) |
--values -f | specify values in a YAML file or a URL (can specify multiple) |
control-plane
Output Kubernetes control plane resources to install Linkerd.
This command provides Kubernetes configs necessary to install the Linkerd control plane. It should be run after “linkerd install config”.
Examples
# Default install.
linkerd install control-plane | kubectl apply -f -
# Install Linkerd into a non-default namespace.
linkerd install control-plane -l linkerdtest | kubectl apply -f -
The installation can be configured by using the --set, --values, --set-string and --set-file flags.
A full list of configurable values can be found at https://www.github.com/linkerd/linkerd2/tree/main/charts/linkerd2/README.md
Flags
Flag | Usage |
---|---|
--admin-port | Proxy port to serve metrics on |
--cluster-domain | Set custom cluster domain |
--control-plane-tracing | Enables Control Plane Tracing with the defaults |
--control-plane-tracing-namespace | Send control plane traces to Linkerd-Jaeger extension in this namespace |
--control-plane-version | Tag to be used for the control plane component images |
--control-port | Proxy port to use for control |
--controller-log-level | Log level for the controller and web components |
--controller-replicas | Replicas of the controller to deploy |
--controller-uid | Run the control plane components under this user ID |
--disable-h2-upgrade | Prevents the controller from instructing proxies to perform transparent HTTP/2 upgrading (default false) |
--disable-heartbeat | Disables the heartbeat cronjob (default false) |
--enable-endpoint-slices | Enables the usage of EndpointSlice informers and resources for destination service |
--enable-external-profiles | Enable service profiles for non-Kubernetes services |
--ha | Enable HA deployment config for the control plane (default false) |
--identity-clock-skew-allowance | The amount of time to allow for clock skew within a Linkerd cluster |
--identity-external-ca | Whether to use an external CA provider (default false) |
--identity-external-issuer | Whether to use an external identity issuer (default false) |
--identity-issuance-lifetime | The amount of time for which the Identity issuer should certify identity |
--identity-issuer-certificate-file | A path to a PEM-encoded file containing the Linkerd Identity issuer certificate (generated by default) |
--identity-issuer-key-file | A path to a PEM-encoded file containing the Linkerd Identity issuer private key (generated by default) |
--identity-trust-anchors-file | A path to a PEM-encoded file containing Linkerd Identity trust anchors (generated by default) |
--identity-trust-domain | Configures the name suffix used for identities. |
--image-pull-policy | Docker image pull policy |
--inbound-port | Proxy port to use for inbound traffic |
--init-image | Linkerd init container image name |
--init-image-version | Linkerd init container image version |
--linkerd-cni-enabled | Omit the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed |
--outbound-port | Proxy port to use for outbound traffic |
--proxy-cpu | Amount of CPU units that the proxy sidecar requests |
--proxy-cpu-limit | Maximum amount of CPU units that the proxy sidecar can use |
--proxy-cpu-request | Amount of CPU units that the proxy sidecar requests |
--proxy-image | Linkerd proxy container image name |
--proxy-log-level | Log level for the proxy |
--proxy-memory | Amount of Memory that the proxy sidecar requests |
--proxy-memory-limit | Maximum amount of Memory that the proxy sidecar can use |
--proxy-memory-request | Amount of Memory that the proxy sidecar requests |
--proxy-uid | Run the proxy under this user ID |
--proxy-version -v | Tag to be used for the Linkerd proxy images |
--registry | Docker registry to pull images from ($LINKERD_DOCKER_REGISTRY) |
--set | set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) |
--set-file | set values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2) |
--set-string | set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) |
--skip-checks | Skip checks for namespace existence |
--skip-inbound-ports | Ports and/or port ranges (inclusive) that should skip the proxy and send directly to the application |
--skip-outbound-ports | Outbound ports and/or port ranges (inclusive) that should skip the proxy |
--values -f | specify values in a YAML file or a URL (can specify multiple) |