Merge branch 'main' into alpeb/2.11

linkerd.io/content/2.10/features/automatic-mtls.md

@@ -102,7 +102,7 @@ certificates are scoped to 24 hours and dynamically refreshed using the same
 mechanism.
 
 Finally, when a proxy receives an outbound connection from the application
-container within its pod, it looks up that desitnation with the Linkerd control
+container within its pod, it looks up that destination with the Linkerd control
 plane. If it's in the Kubernetes cluster, the control plane provides the proxy
 with the destination's endpoint addresses, along with metadata including an
 identity name. When the proxy connects to the destination, it initiates a TLS

linkerd.io/content/2.10/tasks/multicluster.md

@@ -127,6 +127,15 @@ for ctx in west east; do
 done
 ```
 
+If verified, then let's install viz extension.
+
+```bash
+linkerd viz install \
+  | tee \
+    >(kubectl --context=west apply -f -) \
+    >(kubectl --context=east apply -f -)
+```
+
 ## Preparing your cluster
 
 {{< fig

linkerd.io/content/2.10/tasks/troubleshooting.md

@@ -1964,7 +1964,7 @@ yes
 ### √ jaeger extension pods are injected {#l5d-jaeger-pods-injection}
 
 ```bash
-× jaeger extension pods are injecteds
+× jaeger extension pods are injected
     could not find proxy container for jaeger-6f98d5c979-scqlq pod
     see https://linkerd.io/checks/#l5d-jaeger-pods-injections for hints
 ```
@@ -1987,7 +1987,7 @@ Make sure that the `proxy-injector` is working correctly by running
 ```bash
 × jaeger extension pods are running
     container linkerd-proxy in pod jaeger-59f5595fc7-ttndp is not ready
-    see https://linkerd.io/checks/#l5d-viz-pods-running for hints
+    see https://linkerd.io/checks/#l5d-jaeger-pods-running for hints
 ```
 
 Ensure all the linkerd-jaeger pods are running with 2/2
@@ -2002,3 +2002,381 @@ jaeger-6f98d5c979-vs622            2/2     Running   0          5sh
 
 Make sure that the `proxy-injector` is working correctly by running
 `linkerd check`
+
+## The "linkerd-buoyant" checks {#l5d-buoyant}
+
+These checks only run when the `linkerd-buoyant` extension is installed.
+This check is intended to verify the installation of linkerd-buoyant
+extension which comprises `linkerd-buoyant` CLI, the `buoyant-cloud-agent`
+Deployment, and the `buoyant-cloud-metrics` DaemonSet.
+
+### √ Linkerd extension command linkerd-buoyant exists
+
+```bash
+‼ Linkerd extension command linkerd-buoyant exists
+    exec: "linkerd-buoyant": executable file not found in $PATH
+    see https://linkerd.io/2/checks/#extensions for hints
+```
+
+Ensure you have the `linkerd-buoyant` cli installed:
+
+```bash
+linkerd-buoyant check
+```
+
+To install the CLI:
+
+```bash
+curl https://buoyant.cloud/install | sh
+```
+
+### √ linkerd-buoyant can determine the latest version
+
+```bash
+‼ linkerd-buoyant can determine the latest version
+    Get "https://buoyant.cloud/version.json": dial tcp: lookup buoyant.cloud: no such host
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure you can connect to the Linkerd Buoyant version check endpoint from the
+environment the `linkerd` cli is running:
+
+```bash
+$ curl https://buoyant.cloud/version.json
+{"linkerd-buoyant":"v0.4.4"}
+```
+
+### √ linkerd-buoyant cli is up-to-date
+
+```bash
+‼ linkerd-buoyant cli is up-to-date
+    CLI version is v0.4.3 but the latest is v0.4.4
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+To update to the latest version of the `linkerd-buoyant` CLI:
+
+```bash
+curl https://buoyant.cloud/install | sh
+```
+
+### √ buoyant-cloud Namespace exists
+
+```bash
+× buoyant-cloud Namespace exists
+    namespaces "buoyant-cloud" not found
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure the `buoyant-cloud` namespace exists:
+
+```bash
+kubectl get ns/buoyant-cloud
+```
+
+If the namespace does not exist, the `linkerd-buoyant` installation may be
+missing or incomplete. To install the extension:
+
+```bash
+linkerd-buoyant install | kubectl apply -f -
+```
+
+### √ buoyant-cloud Namespace has correct labels
+
+```bash
+× buoyant-cloud Namespace has correct labels
+    missing app.kubernetes.io/part-of label
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+The `linkerd-buoyant` installation may be missing or incomplete. To install the
+extension:
+
+```bash
+linkerd-buoyant install | kubectl apply -f -
+```
+
+### √ buoyant-cloud-agent ClusterRole exists
+
+```bash
+× buoyant-cloud-agent ClusterRole exists
+    missing ClusterRole: buoyant-cloud-agent
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure that the cluster role exists:
+
+```bash
+$ kubectl get clusterrole buoyant-cloud-agent
+NAME                  CREATED AT
+buoyant-cloud-agent   2020-11-13T00:59:50Z
+```
+
+Also ensure you have permission to create ClusterRoles:
+
+```bash
+$ kubectl auth can-i create ClusterRoles
+yes
+```
+
+### √ buoyant-cloud-agent ClusterRoleBinding exists
+
+```bash
+× buoyant-cloud-agent ClusterRoleBinding exists
+    missing ClusterRoleBinding: buoyant-cloud-agent
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure that the cluster role binding exists:
+
+```bash
+$ kubectl get clusterrolebinding buoyant-cloud-agent
+NAME                  ROLE                              AGE
+buoyant-cloud-agent   ClusterRole/buoyant-cloud-agent   301d
+```
+
+Also ensure you have permission to create ClusterRoleBindings:
+
+```bash
+$ kubectl auth can-i create ClusterRoleBindings
+yes
+```
+
+### √ buoyant-cloud-agent ServiceAccount exists
+
+```bash
+× buoyant-cloud-agent ServiceAccount exists
+    missing ServiceAccount: buoyant-cloud-agent
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure that the service account exists:
+
+```bash
+$ kubectl -n buoyant-cloud get serviceaccount buoyant-cloud-agent
+NAME                  SECRETS   AGE
+buoyant-cloud-agent   1         301d
+```
+
+Also ensure you have permission to create ServiceAccounts:
+
+```bash
+$ kubectl -n buoyant-cloud auth can-i create ServiceAccount
+yes
+```
+
+### √ buoyant-cloud-id Secret exists
+
+```bash
+× buoyant-cloud-id Secret exists
+    missing Secret: buoyant-cloud-id
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure that the secret exists:
+
+```bash
+$ kubectl -n buoyant-cloud get secret buoyant-cloud-id
+NAME               TYPE     DATA   AGE
+buoyant-cloud-id   Opaque   4      301d
+```
+
+Also ensure you have permission to create ServiceAccounts:
+
+```bash
+$ kubectl -n buoyant-cloud auth can-i create ServiceAccount
+yes
+```
+
+### √ buoyant-cloud-agent Deployment exists
+
+```bash
+× buoyant-cloud-agent Deployment exists
+    deployments.apps "buoyant-cloud-agent" not found
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure the `buoyant-cloud-agent` Deployment exists:
+
+```bash
+kubectl -n buoyant-cloud get deploy/buoyant-cloud-agent
+```
+
+If the Deployment does not exist, the `linkerd-buoyant` installation may be
+missing or incomplete. To reinstall the extension:
+
+```bash
+linkerd-buoyant install | kubectl apply -f -
+```
+
+### √ buoyant-cloud-agent Deployment is running
+
+```bash
+× buoyant-cloud-agent Deployment is running
+    no running pods for buoyant-cloud-agent Deployment
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Note, it takes a little bit for pods to be scheduled, images to be pulled and
+everything to start up. If this is a permanent error, you'll want to validate
+the state of the `buoyant-cloud-agent` Deployment with:
+
+```bash
+$ kubectl -n buoyant-cloud get po --selector app=buoyant-cloud-agent
+NAME                                   READY   STATUS    RESTARTS   AGE
+buoyant-cloud-agent-6b8c6888d7-htr7d   2/2     Running   0          156m
+```
+
+Check the agent's logs with:
+
+```bash
+kubectl logs -n buoyant-cloud buoyant-cloud-agent-6b8c6888d7-htr7d buoyant-cloud-agent
+```
+
+### √ buoyant-cloud-agent Deployment is injected
+
+```bash
+× buoyant-cloud-agent Deployment is injected
+    could not find proxy container for buoyant-cloud-agent-6b8c6888d7-htr7d pod
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure the `buoyant-cloud-agent` pod is injected, the `READY` column should show
+`2/2`:
+
+```bash
+$ kubectl -n buoyant-cloud get pods --selector app=buoyant-cloud-agent
+NAME                                   READY   STATUS    RESTARTS   AGE
+buoyant-cloud-agent-6b8c6888d7-htr7d   2/2     Running   0          161m
+```
+
+Make sure that the `proxy-injector` is working correctly by running
+`linkerd check`.
+
+### √ buoyant-cloud-agent Deployment is up-to-date
+
+```bash
+‼ buoyant-cloud-agent Deployment is up-to-date
+    incorrect app.kubernetes.io/version label: v0.4.3, expected: v0.4.4
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Check the version with:
+
+```bash
+$ linkerd-buoyant version
+CLI version:   v0.4.4
+Agent version: v0.4.4
+```
+
+To update to the latest version:
+
+```bash
+linkerd-buoyant install | kubectl apply -f -
+```
+
+### √ buoyant-cloud-agent Deployment is running a single pod
+
+```bash
+× buoyant-cloud-agent Deployment is running a single pod
+    expected 1 buoyant-cloud-agent pod, found 2
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+`buoyant-cloud-agent` should run as a singleton. Check for other pods:
+
+```bash
+kubectl get po -A --selector app=buoyant-cloud-agent
+```
+
+### √ buoyant-cloud-metrics DaemonSet exists
+
+```bash
+× buoyant-cloud-metrics DaemonSet exists
+    deployments.apps "buoyant-cloud-metrics" not found
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure the `buoyant-cloud-metrics` DaemonSet exists:
+
+```bash
+kubectl -n buoyant-cloud get daemonset/buoyant-cloud-metrics
+```
+
+If the DaemonSet does not exist, the `linkerd-buoyant` installation may be
+missing or incomplete. To reinstall the extension:
+
+```bash
+linkerd-buoyant install | kubectl apply -f -
+```
+
+### √ buoyant-cloud-metrics DaemonSet is running
+
+```bash
+× buoyant-cloud-metrics DaemonSet is running
+    no running pods for buoyant-cloud-metrics DaemonSet
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Note, it takes a little bit for pods to be scheduled, images to be pulled and
+everything to start up. If this is a permanent error, you'll want to validate
+the state of the `buoyant-cloud-metrics` DaemonSet with:
+
+```bash
+$ kubectl -n buoyant-cloud get po --selector app=buoyant-cloud-metrics
+NAME                          READY   STATUS    RESTARTS   AGE
+buoyant-cloud-metrics-kt9mv   2/2     Running   0          163m
+buoyant-cloud-metrics-q8jhj   2/2     Running   0          163m
+buoyant-cloud-metrics-qtflh   2/2     Running   0          164m
+buoyant-cloud-metrics-wqs4k   2/2     Running   0          163m
+```
+
+Check the agent's logs with:
+
+```bash
+kubectl logs -n buoyant-cloud buoyant-cloud-metrics-kt9mv buoyant-cloud-metrics
+```
+
+### √ buoyant-cloud-metrics DaemonSet is injected
+
+```bash
+× buoyant-cloud-metrics DaemonSet is injected
+    could not find proxy container for buoyant-cloud-agent-6b8c6888d7-htr7d pod
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Ensure the `buoyant-cloud-metrics` pods are injected, the `READY` column should
+show `2/2`:
+
+```bash
+$ kubectl -n buoyant-cloud get pods --selector app=buoyant-cloud-metrics
+NAME                          READY   STATUS    RESTARTS   AGE
+buoyant-cloud-metrics-kt9mv   2/2     Running   0          166m
+buoyant-cloud-metrics-q8jhj   2/2     Running   0          166m
+buoyant-cloud-metrics-qtflh   2/2     Running   0          166m
+buoyant-cloud-metrics-wqs4k   2/2     Running   0          166m
+```
+
+Make sure that the `proxy-injector` is working correctly by running
+`linkerd check`.
+
+### √ buoyant-cloud-metrics DaemonSet is up-to-date
+
+```bash
+‼ buoyant-cloud-metrics DaemonSet is up-to-date
+    incorrect app.kubernetes.io/version label: v0.4.3, expected: v0.4.4
+    see https://linkerd.io/checks#l5d-buoyant for hints
+```
+
+Check the version with:
+
+```bash
+$ kubectl -n buoyant-cloud get daemonset/buoyant-cloud-metrics -o jsonpath='{.metadata.labels}'
+{"app.kubernetes.io/name":"metrics","app.kubernetes.io/part-of":"buoyant-cloud","app.kubernetes.io/version":"v0.4.4"}
+```
+
+To update to the latest version:
+
+```bash
+linkerd-buoyant install | kubectl apply -f -
+```

linkerd.io/content/blog/august-linkerd-community-meeting-recap.md

@@ -0,0 +1,127 @@
+---
+title: August Linkerd Community Meeting Recap
+author: kevinl
+date: 2021-08-27T00:00:00Z
+feature: "/uploads/august-2021-community-meeting.png" 
+thumbnail: "/uploads/august-2021-community-meeting.png" 
+tags:
+  - Community
+items:
+description: 'We are pushing towards the 2.11 release and our next edge release is the first with policy support! We recently updated our ingress documentation which will hopefully result in an easier getting-started process. '
+keywords: ["Linkerd","Community Meeting", "August", "2021"]
+---
+
+If you missed our August Community Meeting, don't worry, here's the recap
+along with the recording.
+
+Before we get started, just a quick reminder of our
+[Linkerd Community Anchor Program](https://linkerd.io/community/anchor/).
+If you have a Linkerd story you’d like to share, we’d love to help you tell
+it. Whether you built a cloud native platform with Linkerd or integrated
+the service mesh with another CNCF project, these are all things that are
+incredibly beneficial for the community! We are also continuing to gather
+responses for our
+[2021 Linkerd survey](https://docs.google.com/forms/d/e/1FAIpQLSfofwKQDOrAN9E9Vg1041623A3-8nmEAxlAbvXw-S9r3QnT9g/viewform).
+So, if you haven’t done so yet, participate today — thank you!
+
+## News & Updates
+
+We are pushing towards the 2.11 release and our next edge release is the
+first with policy support! We recently updated our ingress documentation
+which will hopefully result in an easier getting-started process. We are
+also currently updating the
+[CNCF Linkerd training course](https://www.edx.org/course/introduction-to-service-mesh-with-linkerd)
+to reflect the extension model introduced in 2.10.
+
+Here's some fun news: after Linkerd's graduation, we are getting a mascot.
+We already got a sneak peek and love it! Stay tuned for the big unveiling
+at KubeCon!
+
+## Roadmap
+
+We’re mostly focused on getting policy shipped for 2.11. The CRDs, policy
+controller (first Rust code to appear in the control plane), and proxy
+support for discovering policy have all been completed. This week’s edge
+will better support HTTP and metrics. The remaining work mostly involves
+wiring up the recently added metric labels and lots of testing.
+
+And please, please try the latest edge and test it as much as you can!
+Give policy a spin and let us know if anything does not make sense or
+if you have any suggestions. Your feedback is super important and helpful!
+
+## Community Conversation with Chris Campbell & Dan Duggan
+
+Chris and Dan worked together in cloud architecture roles at HP (Chris
+recently switched jobs).  Both started their DevOps journey together
+working on a frontend app where they quickly realized they needed to
+adopt a lot of industry best practices.  
+
+The migration from monolith to microservices started because HP was
+making a general move from delivering hardware to software. It started
+about five years ago and is still ongoing. The initial course of action
+was moving to Docker Swarm — that was fairly quick. But, given HP's
+size, the rest took (and is still taking) some time.
+
+The service mesh became relevant when Chris and Dan were trying to
+understand what was happening within their microservices. Why are things
+breaking? How could they get better information at the infrastructure
+level? They quickly understood that proxies would play an important role
+in gathering that type of data. Already familiar with Linkerd 1, they
+felt comfortable adopting Linkerd2.
+
+In their experience, as the space continues to grow, it has become harder
+to describe the role of the service mesh and its value to stakeholders.
+Initially, it was a lot easier. Service meshes had fewer features that
+focused on a very specific value proposition. At the time, it was clear
+the service mesh filled a key role in the migration process and, at least
+in their case, wasn't a hard sell. But with all the hype and additional
+features, that conversation feels more difficult today.
+
+If they could add any feature to Linkerd, Chris would like to have a better
+way to expose tap to cluster operators and policy (the latter is coming
+soon). Additionally, exposing how many retries are occurring in the system
+and what percentage of traffic they represent would be super valuable.
+
+{{< youtube vujvDltxmhg >}}
+
+## Deep Dive with Alejandro: Updating Helm Charts
+
+Before getting started, please note that these updates **will not** make
+it into 2.11. But they are coming soon, so stay tuned. The driver for the
+Helm chart changes Alejandro discussed has been the upgrade from Helm v2 to
+v3.
+
+In Helm v3 it is best to leave the responsibility of namespace creation to
+Helm rather than providing one through the chart. This allows the chart’s
+Helm config to be stored in the relevant namespace instead of the default
+namespace.
+
+Moving forward, Linkerd and its extensions will adopt this best practice
+which means namespaces will be removed from each of these charts. Because
+extension namespaces require specific labels to work properly, there will
+be post-installation hooks that add the additional metadata.
+Lastly, the core install chart will be split into two—one that contains
+CRDs (TrafficSplit, ServiceProfile, Server, ServerAuthorization) and one
+that contains the core components (destination, identity, proxy injector).
+
+Why? Well, CRDs must be available before their resources are created.
+If any of these resources are included in the core install — such as
+Servers and ServerAuthorizations — the cluster must know about their
+definitions beforehand. As mentioned, we'll have to be a little patient
+to see these changes implemented but it's coming soon.
+
+## August Linkerd Hero
+
+Last, but not least, we announced our Linkerd Hero Dom DePasqual. Dom and
+his team at Penn State
+[used Linkerd to schedule 68,000 COVID tests](http://buoyant.io/media/how-linkerd-helped-schedule-68-000-covid-tests/)
+and he shared his Linkerd journey at this year's ServiceMeshCon EU.
+Because sharing lessons learned with the community is so important,
+[the maintainers nominated Dom](https://linkerd.io/2021/08/26/announcing-augusts-linkerd-hero/).  
+
+Who is your Linkerd Hero?
+[Submit your nomination today](https://docs.google.com/forms/d/e/1FAIpQLSfNv--UnbbZSzW7J3SbREIMI-HaooyX9im8yLIGB7M_LKT_Fw/viewform)!
+
+That’s it! Hope you can attend our next community meeting on Thursday,
+September 30 at 9 a.m. PT live.
+[Register today](https://community.cncf.io/events/details/cncf-linkerd-community-presents-september-linkerd-online-community-meetup/)!

linkerd.io/data/authors.json

@@ -132,6 +132,13 @@
     "firstName": "Kevin",
     "lastName": "Lingerfelt"
   },
+  "kevinl": {
+    "avatar": "/uploads/kevinl.jpg",
+    "email": "kevinl@buoyant.io",
+    "name": "Kevin Leimkuhler",
+    "firstName": "Kevin",
+    "lastName": "Leimkuhler"
+  },
   "matei": {
     "avatar": "/uploads/matei-david.jpeg",
     "email": "",

linkerd.io/layouts/_default/baseof.html

@@ -8,6 +8,12 @@
 </head>
 
 <body class="has-background-grey-light has-navbar-fixed-top ">
+  {{ if not .Site.IsServer }}
+  <!-- Google Tag Manager (noscript) -->
+  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-PXBDGKJ" height="0" width="0"
+      style="display:none;visibility:hidden"></iframe></noscript>
+  <!-- End Google Tag Manager (noscript) -->
+  {{ end }}
   {{ partial "header.html" . }}
   {{ if eq .URL `/` }}
   <div class="homepage-notification has-background-light-blue has-text-navy-black center has-text-centered">

linkerd.io/layouts/partials/meta.html

@@ -23,3 +23,10 @@
 <link rel="canonical" href="{{ . }}" />
 {{ end }}
 
+<!-- Google Tag Manager -->
+<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
+j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
+'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
+})(window,document,'script','dataLayer','GTM-PXBDGKJ');</script>
+<!-- End Google Tag Manager -->