Difference between revisions of "Linkerd check"
Jump to navigation
Jump to search
| Line 3: | Line 3: | ||
[[linkerd check --pre]] | [[linkerd check --pre]] | ||
| + | == linkerd check == | ||
| + | kubernetes-api | ||
| + | -------------- | ||
| + | √ can initialize the client | ||
| + | √ can query the Kubernetes API | ||
| + | |||
| + | kubernetes-version | ||
| + | ------------------ | ||
| + | √ is running the minimum Kubernetes API version | ||
| + | |||
| + | linkerd-existence | ||
| + | ----------------- | ||
| + | √ 'linkerd-config' config map exists | ||
| + | √ heartbeat ServiceAccount exist | ||
| + | √ control plane replica sets are ready | ||
| + | √ no unschedulable pods | ||
| + | √ control plane pods are ready | ||
| + | √ cluster networks contains all node podCIDRs | ||
| + | √ cluster networks contains all pods | ||
| + | √ cluster networks contains all services | ||
| + | |||
| + | linkerd-config | ||
| + | -------------- | ||
| + | √ control plane Namespace exists | ||
| + | √ control plane ClusterRoles exist | ||
| + | √ control plane ClusterRoleBindings exist | ||
| + | √ control plane ServiceAccounts exist | ||
| + | √ control plane CustomResourceDefinitions exist | ||
| + | √ control plane MutatingWebhookConfigurations exist | ||
| + | √ control plane ValidatingWebhookConfigurations exist | ||
| + | √ proxy-init container runs as root user if docker container runtime is used | ||
| + | |||
| + | linkerd-identity | ||
| + | ---------------- | ||
| + | √ certificate config is valid | ||
| + | √ trust anchors are using supported crypto algorithm | ||
| + | √ trust anchors are within their validity period | ||
| + | √ trust anchors are valid for at least 60 days | ||
| + | √ issuer cert is using supported crypto algorithm | ||
| + | √ issuer cert is within its validity period | ||
| + | √ issuer cert is valid for at least 60 days | ||
| + | √ issuer cert is issued by the trust anchor | ||
| + | |||
| + | linkerd-webhooks-and-apisvc-tls | ||
| + | ------------------------------- | ||
| + | √ proxy-injector webhook has valid cert | ||
| + | √ proxy-injector cert is valid for at least 60 days | ||
| + | √ sp-validator webhook has valid cert | ||
| + | √ sp-validator cert is valid for at least 60 days | ||
| + | √ policy-validator webhook has valid cert | ||
| + | √ policy-validator cert is valid for at least 60 days | ||
| + | |||
| + | linkerd-version | ||
| + | --------------- | ||
| + | √ can determine the latest version | ||
| + | √ cli is up-to-date | ||
| + | |||
| + | control-plane-version | ||
| + | --------------------- | ||
| + | √ can retrieve the control plane version | ||
| + | √ control plane is up-to-date | ||
| + | √ control plane and cli versions match | ||
| + | |||
| + | linkerd-control-plane-proxy | ||
| + | --------------------------- | ||
| + | √ control plane proxies are healthy | ||
| + | √ control plane proxies are up-to-date | ||
| + | √ control plane proxies and cli versions match | ||
| + | |||
| + | Status check results are √ | ||
| − | + | ||
| + | |||
| + | == linkerd check == | ||
kubernetes-api | kubernetes-api | ||
-------------- | -------------- | ||
Latest revision as of 13:08, 19 March 2024
linkerd check --pre
linkerd check[edit]
kubernetes-api -------------- √ can initialize the client √ can query the Kubernetes API kubernetes-version ------------------ √ is running the minimum Kubernetes API version linkerd-existence ----------------- √ 'linkerd-config' config map exists √ heartbeat ServiceAccount exist √ control plane replica sets are ready √ no unschedulable pods √ control plane pods are ready √ cluster networks contains all node podCIDRs √ cluster networks contains all pods √ cluster networks contains all services linkerd-config -------------- √ control plane Namespace exists √ control plane ClusterRoles exist √ control plane ClusterRoleBindings exist √ control plane ServiceAccounts exist √ control plane CustomResourceDefinitions exist √ control plane MutatingWebhookConfigurations exist √ control plane ValidatingWebhookConfigurations exist √ proxy-init container runs as root user if docker container runtime is used linkerd-identity ---------------- √ certificate config is valid √ trust anchors are using supported crypto algorithm √ trust anchors are within their validity period √ trust anchors are valid for at least 60 days √ issuer cert is using supported crypto algorithm √ issuer cert is within its validity period √ issuer cert is valid for at least 60 days √ issuer cert is issued by the trust anchor linkerd-webhooks-and-apisvc-tls ------------------------------- √ proxy-injector webhook has valid cert √ proxy-injector cert is valid for at least 60 days √ sp-validator webhook has valid cert √ sp-validator cert is valid for at least 60 days √ policy-validator webhook has valid cert √ policy-validator cert is valid for at least 60 days linkerd-version --------------- √ can determine the latest version √ cli is up-to-date control-plane-version --------------------- √ can retrieve the control plane version √ control plane is up-to-date √ control plane and cli versions match linkerd-control-plane-proxy --------------------------- √ control plane proxies are healthy √ control plane proxies are up-to-date √ control plane proxies and cli versions match Status check results are √
linkerd check[edit]
kubernetes-api -------------- √ can initialize the client √ can query the Kubernetes API
kubernetes-version
------------------
√ is running the minimum Kubernetes API version
linkerd-existence
-----------------
× 'linkerd-config' config map exists
configmaps "linkerd-config" not found
see https://linkerd.io/2.14/checks/#l5d-existence-linkerd-config for hints
Status check results are ×
See also[edit]
linkerd [ install | check | --help ], linkerd.io, policy.linkerd.io- Service mesh: Istio, Linkerd, Consul, containerpilot, AWS App Mesh, Kiali, INNOQ, Kuma, Kong Mesh
- CNCF: Prometheus, Buildpack, OpenTelemetry, OpenTelemetry (Otel), Fluent Bit, Thanos, Linkerd, Envoy Proxy, cert-manager, Opentelemetry, Helm, KEDA
Advertising:
