Linkerd + Cluster Bootstrapping

itsbenlol · May 22, 2024, 10:14pm

I initially posted this on the linkerd slack - it was recommended that I post my questions here instead.

Is there a best-practice regarding bootstrapping a cluster with linkerd? it seems like there will always be workloads that need to exist prior to deploying linkerd and the only way to add these workloads to linkerd’s service mesh is to redeploy them after linkerd has been deployed.

An example:

I’m using the linkerd-control-plane helm chart to render my manifests.
Because i want to use GitOps, I’m going to use cert-manager and trust-manager custom resources to create the identity trust anchors - and so i’ll need to deploy both of these alongside linkerd-control-plane.
Eventually, I want to connect everything to Prometheus - so i’ll set podMonitor.enabled=true for the linkerd-control-plane helm chart.
Because this depends on custom resources provided from the Prometheus Operator - i need to deploy the Prometheus Operator alongside linkerd.
However, I’m using kube-prometheus-stack to deploy the Prometheus Operator. Consequently, I’m also deploying Prometheus, Grafana and Alertmanager alongside linkerd.
Unfortunately, i want to set up persistence for Prometheus - so I’ll want to deploy a CSI before deploying kube-prometheus-stack - I’ll end up deploying OpenEBS’ dynamic-localpv-provisioner alongside linkerd.

In my case, deploying linkerd requires deploying several pre-requisites - and no matter how you tackle deployments (all-at-once with eventual consistenty vs. gated in dependency order) - you’ll always end up with a set of workloads that need to be restarted once linkerd is deployed.

Any ideas for a ‘feels right’ solution to this problem? Could/should linkerd ship with some sort of job that can restart workloads that are annotated with automatic proxy injection that aren’t currently proxy injected?

william · July 10, 2024, 11:40pm

I’m probably the one who suggested posting here, so apologies for the crickets.

Restarting the pods as part of a bootstrap script doesn’t strike me as the end of the world. It’s not super elegant but it’s one of the consequences of Kubernetes’s immutable pod model and not the worst such consequence.

The closest to an automated solution that we have for this is on the Linkerd Enterprise side where we have a dataplane operator that can restart workloads to insert the proxy. But I don’t know if it really simplifies things for you since you have to create the CRs pointing it to the relevant workloads after Linkerd installation anyways, so it’s just another step you’d have to take. I supposed we could make this look at an annotation rather than a custom resource…

Topic		Replies	Views
Linkerd Getting Started Guide Linkerd General Discussion	2	4420	April 11, 2023
Linkerd services and deployments still running after uninstall Linkerd General Discussion	1	135	December 31, 2024
Outbound calls failure Linkerd General Discussion proxy , configuration	2	29	February 28, 2026
Linkerd fails to install, no running pods for linkderd-distination Linkerd General Discussion	2	65	June 20, 2025
Linkerd installation for air-gapped environment and error in deploying other workloads Linkerd General Discussion	1	642	September 27, 2023

Linkerd + Cluster Bootstrapping

Related topics