Created
December 28, 2021 18:57
-
-
Save cpretzer/d252974279fdada44dccdf6bdcdc1760 to your computer and use it in GitHub Desktop.
Commands to install Linkerd 2.11 on RedHat OpenShift
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# These commands must be run by a user with the cluster-admin role | |
# and assume that you've already provisioned the cluster and logged | |
# in with the oc login command | |
################################# | |
# Deploy the Linkerd CNI Plugin # | |
################################# | |
# create the linkerd-cni project | |
oc new-project linkerd-cni | |
# annotate the linkerd-cni namespace to disable proxy injection | |
oc annotate ns linkerd-cni linkerd.io/inject=disabled | |
# make the linkerd-cni ServiceAccount privileged | |
oc adm policy add-scc-to-user privileged -z linkerd-cni -n linkerd-cni | |
# install the Linkerd CNI plugin | |
linkerd install-cni \ | |
--install-namespace=false \ | |
--dest-cni-bin-dir=/var/lib/cni/bin \ | |
--dest-cni-net-dir=/etc/kubernetes/cni/net.d | | |
oc apply -f - | |
#################################### | |
# Deploy the Linkerd control plane # | |
#################################### | |
# create the linkerd project | |
oc new-project linkerd | |
# disable automatic proxy injection on the control plane | |
oc annotate ns linkerd linkerd.io/inject=disabled | |
# add the default Linkerd labels to the namespace | |
oc label ns linkerd linkerd.io/control-plane-ns=linkerd \ | |
linkerd.io/is-control-plane=true \ | |
config.linkerd.io/admission-webhooks=disabled | |
# add the privileged policy to the linkerd ServiceAccounts | |
oc adm policy add-scc-to-user privileged -z default -n linkerd | |
oc adm policy add-scc-to-user privileged -z linkerd-destination -n linkerd | |
oc adm policy add-scc-to-user privileged -z linkerd-identity -n linkerd | |
oc adm policy add-scc-to-user privileged -z linkerd-proxy-injector -n linkerd | |
oc adm policy add-scc-to-user privileged -z linkerd-heartbeat -n linkerd | |
# install Linkerd | |
linkerd install \ | |
--linkerd-cni-enabled \ | |
--set installNamespace=false | | |
oc apply -f - | |
#################################### | |
# Deploy the Linkerd Viz extension # | |
#################################### | |
# Note: the Linkerd control plane must be up and running before installing the extension, | |
# so make sure that the linkerd check command is successful | |
linkerd check | |
# create the linkerd-viz project | |
oc new-project linkerd-viz | |
# add the default annotations and labels to the linkerd-viz namespace | |
oc annotate ns linkerd-viz \ | |
linkerd.io/inject=enabled \ | |
config.linkerd.io/proxy-await=enabled | |
oc label ns linkerd-viz \ | |
linkerd.io/extension=viz | |
# add privileges to the linkerd-viz ServiceAccounts | |
oc adm policy add-scc-to-user privileged -z default -n linkerd-viz | |
oc adm policy add-scc-to-user privileged -z grafana -n linkerd-viz | |
oc adm policy add-scc-to-user privileged -z metrics-api -n linkerd-viz | |
oc adm policy add-scc-to-user privileged -z prometheus -n linkerd-viz | |
oc adm policy add-scc-to-user privileged -z tap -n linkerd-viz | |
oc adm policy add-scc-to-user privileged -z web -n linkerd-viz | |
oc adm policy add-scc-to-user privileged -z tap-injector -n linkerd-viz | |
# install the linkerd-viz extension | |
linkerd viz install \ | |
--set installNamespace=false | | |
oc apply -f - | |
# make sure that linkerd-viz is healthy | |
linkerd viz check | |
############################################ | |
# Optional: Deploy the emojivoto demo app # | |
############################################ | |
oc new-project emojivoto | |
oc annotate ns emojivoto \ | |
linkerd.io/inject=enabled | |
oc adm policy add-scc-to-user privileged -z default -n emojivoto | |
oc adm policy add-scc-to-user privileged -z emoji -n emojivoto | |
oc adm policy add-scc-to-user privileged -z voting -n emojivoto | |
oc adm policy add-scc-to-user privileged -z web -n emojivoto | |
oc apply -f https://run.linkerd.io/emojivoto.yml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment