Commands to install Linkerd 2.11 on RedHat OpenShift

commands.sh

#!/bin/bash

# These commands must be run by a user with the cluster-admin role
# and assume that you've already provisioned the cluster and logged
# in with the oc login command

#################################
# Deploy the Linkerd CNI Plugin #
#################################

# create the linkerd-cni project
oc new-project linkerd-cni

# annotate the linkerd-cni namespace to disable proxy injection
oc annotate ns linkerd-cni linkerd.io/inject=disabled

# make the linkerd-cni ServiceAccount privileged
oc adm policy add-scc-to-user privileged -z linkerd-cni -n linkerd-cni

# install the Linkerd CNI plugin
linkerd install-cni \
  --install-namespace=false \
  --dest-cni-bin-dir=/var/lib/cni/bin \
  --dest-cni-net-dir=/etc/kubernetes/cni/net.d |
  oc apply -f -


####################################
# Deploy the Linkerd control plane #
####################################

# create the linkerd project
oc new-project linkerd

# disable automatic proxy injection on the control plane
oc annotate ns linkerd linkerd.io/inject=disabled

# add the default Linkerd labels to the namespace
oc label ns linkerd linkerd.io/control-plane-ns=linkerd \
  linkerd.io/is-control-plane=true \
  config.linkerd.io/admission-webhooks=disabled
  
# add the privileged policy to the linkerd ServiceAccounts
oc adm policy add-scc-to-user privileged -z default -n linkerd
oc adm policy add-scc-to-user privileged -z linkerd-destination -n linkerd
oc adm policy add-scc-to-user privileged -z linkerd-identity -n linkerd
oc adm policy add-scc-to-user privileged -z linkerd-proxy-injector -n linkerd
oc adm policy add-scc-to-user privileged -z linkerd-heartbeat -n linkerd

# install Linkerd
linkerd install \
  --linkerd-cni-enabled \
  --set installNamespace=false |
  oc apply -f -

####################################
# Deploy the Linkerd Viz extension #
####################################

# Note: the Linkerd control plane must be up and running before installing the extension,
# so make sure that the linkerd check command is successful
linkerd check

# create the linkerd-viz project
oc new-project linkerd-viz

# add the default annotations and labels to the linkerd-viz namespace
oc annotate ns linkerd-viz \
  linkerd.io/inject=enabled \
  config.linkerd.io/proxy-await=enabled

oc label ns linkerd-viz \
  linkerd.io/extension=viz

# add privileges to the linkerd-viz ServiceAccounts
oc adm policy add-scc-to-user privileged -z default -n linkerd-viz
oc adm policy add-scc-to-user privileged -z grafana -n linkerd-viz
oc adm policy add-scc-to-user privileged -z metrics-api -n linkerd-viz
oc adm policy add-scc-to-user privileged -z prometheus -n linkerd-viz
oc adm policy add-scc-to-user privileged -z tap -n linkerd-viz
oc adm policy add-scc-to-user privileged -z web -n linkerd-viz
oc adm policy add-scc-to-user privileged -z tap-injector -n linkerd-viz

# install the linkerd-viz extension
linkerd viz install \
  --set installNamespace=false |
  oc apply -f -
  
# make sure that linkerd-viz is healthy
linkerd viz check

############################################
#  Optional: Deploy the emojivoto demo app #
############################################

oc new-project emojivoto
oc annotate ns emojivoto \
  linkerd.io/inject=enabled

oc adm policy add-scc-to-user privileged -z default -n emojivoto
oc adm policy add-scc-to-user privileged -z emoji -n emojivoto
oc adm policy add-scc-to-user privileged -z voting -n emojivoto
oc adm policy add-scc-to-user privileged -z web -n emojivoto

oc apply -f https://run.linkerd.io/emojivoto.yml