This is not the latest version of Linkerd!
This documentation is for an older version of Linkerd. You may want the Linkerd 2.12 (current) documentation instead.

install

Output Kubernetes configs to install Linkerd.

This command provides all Kubernetes configs necessary to install the Linkerd control plane.

For further details on how to install Linkerd onto your own cluster, check out the install documentation.

Examples

# Default install.
linkerd install | kubectl apply -f -

# Install Linkerd into a non-default namespace.
linkerd install -l linkerdtest | kubectl apply -f -

# Installation may also be broken up into two stages by user privilege, via
# subcommands.

The installation can be configured by using the --set, --values, --set-string and --set-file flags.
A full list of configurable values can be found at https://www.github.com/linkerd/linkerd2/tree/main/charts/linkerd2/README.md

Flags

FlagUsage
--admin-portProxy port to serve metrics on
--cluster-domainSet custom cluster domain
--control-plane-tracingEnables Control Plane Tracing with the defaults
--control-plane-tracing-namespaceSend control plane traces to Linkerd-Jaeger extension in this namespace
--control-plane-versionTag to be used for the control plane component images
--control-portProxy port to use for control
--controller-log-levelLog level for the controller and web components
--controller-replicasReplicas of the controller to deploy
--controller-uidRun the control plane components under this user ID
--disable-h2-upgradePrevents the controller from instructing proxies to perform transparent HTTP/2 upgrading (default false)
--disable-heartbeatDisables the heartbeat cronjob (default false)
--enable-endpoint-slicesEnables the usage of EndpointSlice informers and resources for destination service
--enable-external-profilesEnable service profiles for non-Kubernetes services
--haEnable HA deployment config for the control plane (default false)
--identity-clock-skew-allowanceThe amount of time to allow for clock skew within a Linkerd cluster
--identity-external-caWhether to use an external CA provider (default false)
--identity-external-issuerWhether to use an external identity issuer (default false)
--identity-issuance-lifetimeThe amount of time for which the Identity issuer should certify identity
--identity-issuer-certificate-fileA path to a PEM-encoded file containing the Linkerd Identity issuer certificate (generated by default)
--identity-issuer-key-fileA path to a PEM-encoded file containing the Linkerd Identity issuer private key (generated by default)
--identity-trust-anchors-fileA path to a PEM-encoded file containing Linkerd Identity trust anchors (generated by default)
--identity-trust-domainConfigures the name suffix used for identities.
--ignore-clusterIgnore the current Kubernetes cluster when checking for existing cluster configuration (default false)
--image-pull-policyDocker image pull policy
--inbound-portProxy port to use for inbound traffic
--init-imageLinkerd init container image name
--init-image-versionLinkerd init container image version
--linkerd-cni-enabledOmit the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed
--outbound-portProxy port to use for outbound traffic
--proxy-cpuAmount of CPU units that the proxy sidecar requests
--proxy-cpu-limitMaximum amount of CPU units that the proxy sidecar can use
--proxy-cpu-requestAmount of CPU units that the proxy sidecar requests
--proxy-imageLinkerd proxy container image name
--proxy-log-levelLog level for the proxy
--proxy-memoryAmount of Memory that the proxy sidecar requests
--proxy-memory-limitMaximum amount of Memory that the proxy sidecar can use
--proxy-memory-requestAmount of Memory that the proxy sidecar requests
--proxy-uidRun the proxy under this user ID
--proxy-version
-v
Tag to be used for the Linkerd proxy images
--registryDocker registry to pull images from ($LINKERD_DOCKER_REGISTRY)
--setset values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--set-fileset values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--set-stringset STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--skip-inbound-portsPorts and/or port ranges (inclusive) that should skip the proxy and send directly to the application
--skip-outbound-portsOutbound ports and/or port ranges (inclusive) that should skip the proxy
--values
-f
specify values in a YAML file or a URL (can specify multiple)

Subcommands

Install supports subcommands as part of the Multi-stage install feature.

config

Output Kubernetes cluster-wide resources to install Linkerd.

This command provides Kubernetes configs necessary to install cluster-wide resources for the Linkerd control plane. This command should be followed by “linkerd install control-plane”.

Examples

# Default install.
linkerd install config | kubectl apply -f -

# Install Linkerd into a non-default namespace.
linkerd install config -L linkerdtest | kubectl apply -f -

The installation can be configured by using the --set, --values, --set-string and --set-file flags.
A full list of configurable values can be found at https://www.github.com/linkerd/linkerd2/tree/main/charts/linkerd2/README.md

Flags

FlagUsage
--linkerd-cni-enabledOmit the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed
--setset values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--set-fileset values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--set-stringset STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--values
-f
specify values in a YAML file or a URL (can specify multiple)

control-plane

Output Kubernetes control plane resources to install Linkerd.

This command provides Kubernetes configs necessary to install the Linkerd control plane. It should be run after “linkerd install config”.

Examples

# Default install.
linkerd install control-plane | kubectl apply -f -

# Install Linkerd into a non-default namespace.
linkerd install control-plane -l linkerdtest | kubectl apply -f -

The installation can be configured by using the --set, --values, --set-string and --set-file flags.
A full list of configurable values can be found at https://www.github.com/linkerd/linkerd2/tree/main/charts/linkerd2/README.md

Flags

FlagUsage
--admin-portProxy port to serve metrics on
--cluster-domainSet custom cluster domain
--control-plane-tracingEnables Control Plane Tracing with the defaults
--control-plane-tracing-namespaceSend control plane traces to Linkerd-Jaeger extension in this namespace
--control-plane-versionTag to be used for the control plane component images
--control-portProxy port to use for control
--controller-log-levelLog level for the controller and web components
--controller-replicasReplicas of the controller to deploy
--controller-uidRun the control plane components under this user ID
--disable-h2-upgradePrevents the controller from instructing proxies to perform transparent HTTP/2 upgrading (default false)
--disable-heartbeatDisables the heartbeat cronjob (default false)
--enable-endpoint-slicesEnables the usage of EndpointSlice informers and resources for destination service
--enable-external-profilesEnable service profiles for non-Kubernetes services
--haEnable HA deployment config for the control plane (default false)
--identity-clock-skew-allowanceThe amount of time to allow for clock skew within a Linkerd cluster
--identity-external-caWhether to use an external CA provider (default false)
--identity-external-issuerWhether to use an external identity issuer (default false)
--identity-issuance-lifetimeThe amount of time for which the Identity issuer should certify identity
--identity-issuer-certificate-fileA path to a PEM-encoded file containing the Linkerd Identity issuer certificate (generated by default)
--identity-issuer-key-fileA path to a PEM-encoded file containing the Linkerd Identity issuer private key (generated by default)
--identity-trust-anchors-fileA path to a PEM-encoded file containing Linkerd Identity trust anchors (generated by default)
--identity-trust-domainConfigures the name suffix used for identities.
--image-pull-policyDocker image pull policy
--inbound-portProxy port to use for inbound traffic
--init-imageLinkerd init container image name
--init-image-versionLinkerd init container image version
--linkerd-cni-enabledOmit the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed
--outbound-portProxy port to use for outbound traffic
--proxy-cpuAmount of CPU units that the proxy sidecar requests
--proxy-cpu-limitMaximum amount of CPU units that the proxy sidecar can use
--proxy-cpu-requestAmount of CPU units that the proxy sidecar requests
--proxy-imageLinkerd proxy container image name
--proxy-log-levelLog level for the proxy
--proxy-memoryAmount of Memory that the proxy sidecar requests
--proxy-memory-limitMaximum amount of Memory that the proxy sidecar can use
--proxy-memory-requestAmount of Memory that the proxy sidecar requests
--proxy-uidRun the proxy under this user ID
--proxy-version
-v
Tag to be used for the Linkerd proxy images
--registryDocker registry to pull images from ($LINKERD_DOCKER_REGISTRY)
--setset values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--set-fileset values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--set-stringset STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--skip-checksSkip checks for namespace existence
--skip-inbound-portsPorts and/or port ranges (inclusive) that should skip the proxy and send directly to the application
--skip-outbound-portsOutbound ports and/or port ranges (inclusive) that should skip the proxy
--values
-f
specify values in a YAML file or a URL (can specify multiple)