1{{ template "chart.header" . }}
2{{ template "chart.description" . }}
3
4{{ template "chart.versionBadge" . }}
5{{ template "chart.typeBadge" . }}
6{{ template "chart.appVersionBadge" . }}
7
8{{ template "chart.homepageLine" . }}
9
10## Quickstart and documentation
11
12You can run Linkerd on any Kubernetes cluster in a matter of seconds. See the
13[Linkerd Getting Started Guide][getting-started] for how.
14
15For more comprehensive documentation, start with the [Linkerd
16docs][linkerd-docs].
17
18## Prerequisite: linkerd-crds chart
19
20Before installing this chart, please install the `linkerd-crds` chart, which
21creates all the CRDs that the components from the current chart require.
22
23## Prerequisite: identity certificates
24
25The identity component of Linkerd requires setting up a trust anchor
26certificate, and an issuer certificate with its key. These need to be provided
27to Helm by the user (unlike when using the `linkerd install` CLI which can
28generate these automatically). You can provide your own, or follow [these
29instructions](https://linkerd.io/2/tasks/generate-certificates/) to generate new
30ones.
31
32Alternatively, both trust anchor and identity issuer certificates may be
33derived from in-cluster resources. Existing CA (trust anchor) certificates
34**must** live in a `ConfigMap` resource named `linkerd-identity-trust-roots`.
35Issuer certificates **must** live in a `Secret` named
36`linkerd-identity-issuer`. Both resources should exist in the control-plane's
37install namespace. In order to use an existing CA, Linkerd needs to be
38installed with `identity.externalCA=true`. To use an existing issuer
39certificate, Linkerd should be installed with
40`identity.issuer.scheme=kubernetes.io/tls`.
41
42A more comprehensive description is in the [automatic certificate rotation
43guide](https://linkerd.io/2.12/tasks/automatically-rotating-control-plane-tls-credentials/#a-note-on-third-party-cert-management-solutions).
44
45Note that the provided certificates must be ECDSA certificates.
46
47## Adding Linkerd's Helm repository
48
49Included here for completeness-sake, but should have already been added when
50`linkerd-base` was installed.
51
52```bash
53# To add the repo for Linkerd edge releases:
54helm repo add linkerd https://helm.linkerd.io/edge
55```
56
57## Installing the chart
58
59You must provide the certificates and keys described in the preceding section,
60and the same expiration date you used to generate the Issuer certificate.
61
62```bash
63helm install linkerd-control-plane -n linkerd \
64 --set-file identityTrustAnchorsPEM=ca.crt \
65 --set-file identity.issuer.tls.crtPEM=issuer.crt \
66 --set-file identity.issuer.tls.keyPEM=issuer.key \
67 linkerd/linkerd-control-plane
68```
69
70Note that you require to install this chart in the same namespace you installed
71the `linkerd-base` chart.
72
73## Setting High-Availability
74
75Besides the default `values.yaml` file, the chart provides a `values-ha.yaml`
76file that overrides some default values as to set things up under a
77high-availability scenario, analogous to the `--ha` option in `linkerd install`.
78Values such as higher number of replicas, higher memory/cpu limits and
79affinities are specified in that file.
80
81You can get ahold of `values-ha.yaml` by fetching the chart files:
82
83```bash
84helm fetch --untar linkerd/linkerd-control-plane
85```
86
87Then use the `-f` flag to provide the override file, for example:
88
89```bash
90helm install linkerd-control-plane -n linkerd \
91 --set-file identityTrustAnchorsPEM=ca.crt \
92 --set-file identity.issuer.tls.crtPEM=issuer.crt \
93 --set-file identity.issuer.tls.keyPEM=issuer.key \
94 -f linkerd2/values-ha.yaml
95 linkerd/linkerd-control-plane
96```
97
98## Get involved
99
100* Check out Linkerd's source code at [GitHub][linkerd2].
101* Join Linkerd's [user mailing list][linkerd-users], [developer mailing
102 list][linkerd-dev], and [announcements mailing list][linkerd-announce].
103* Follow [@linkerd][twitter] on Twitter.
104* Join the [Linkerd Slack][slack].
105
106[getting-started]: https://linkerd.io/2/getting-started/
107[linkerd2]: https://github.com/linkerd/linkerd2
108[linkerd-announce]: https://lists.cncf.io/g/cncf-linkerd-announce
109[linkerd-dev]: https://lists.cncf.io/g/cncf-linkerd-dev
110[linkerd-docs]: https://linkerd.io/2/overview/
111[linkerd-users]: https://lists.cncf.io/g/cncf-linkerd-users
112[slack]: http://slack.linkerd.io
113[twitter]: https://twitter.com/linkerd
114
115## Extensions for Linkerd
116
117The current chart installs the core Linkerd components, which grant you
118reliability and security features. Other functionality is available through
119extensions. Check the corresponding docs for each one of the following
120extensions:
121
122* Observability:
123 [Linkerd-viz](https://github.com/linkerd/linkerd2/blob/main/viz/charts/linkerd-viz/README.md)
124* Multicluster:
125 [Linkerd-multicluster](https://github.com/linkerd/linkerd2/blob/main/multicluster/charts/linkerd-multicluster/README.md)
126* Tracing:
127 [Linkerd-jaeger](https://github.com/linkerd/linkerd2/blob/main/jaeger/charts/linkerd-jaeger/README.md)
128
129{{ template "chart.requirementsSection" . }}
130
131{{ template "chart.valuesSection" . }}
132
133{{ template "helm-docs.versionFooter" . }}
View as plain text