buoyant.io
You are viewing docs for an older version of Buoyant Enterprise for Linkerd. You may want the latest documentation instead.

What's on this page

Linkerd.io references

Migrating an ArgoCD-based Linkerd install to BEL's lifecycle automation

In this guide we’ll walk you through how to migrate from an ArgoCD deployment of the Linkerd control plane to one that is managed with BEL’s lifecycle automation.

Why do we need to do anything?

BEL’s lifecycle operator relies on a Helm deployment of the linkerd-control-plane and linkerd-crds charts. ArgoCD deploys a templated version of those charts instead of the actual charts themselves. Before the operator can take over a Linkerd deployment we’ll first need to tell Helm to “adopt” the existing Linkerd install.

What do we need to do?

Follow along with the steps in this document to “adopt” an existing Linkerd install. In our example we’re going to show you how to spin up a k3d cluster but you can perform the migration steps on any cluster.

Required tools

To complete this migration, you will need:

  • A functioning Kubernetes cluster with Linkerd install via ArgoCD
  • Helm installed on your local machine
  • The BUOYANT_LICENSE environment variable set
  • The base64 BEL CLI, for decoding TLS certificates in Step 1

Step 1: Migrating an ArgoCD install to Helm

You’ll need to move your ArgoCD install to a Helm install of the latest BEL version before managing it with the lifecycle automation operator.

The Helm charts used in this step are hosted in the linkerd-buoyant Helm repo, which can be added/updated as followed:

helm repo add linkerd-buoyant https://helm.buoyant.cloud
helm repo update linkerd-buoyant

Start by adding the required labels and annotations to Linkerd’s CRDs:

kubectl label crds -l linkerd.io/control-plane-ns=linkerd app.kubernetes.io/managed-by=Helm
kubectl annotate crds -l linkerd.io/control-plane-ns=linkerd \
  meta.helm.sh/release-name=linkerd-crds meta.helm.sh/release-namespace=linkerd

Then use the helm command to move these resources to be managed by BEL’s linkerd-enterprise-crds chart:

helm install linkerd-crds -n linkerd linkerd-buoyant/linkerd-enterprise-crds

Next add the required labels and annotations to all control plane resources:

kubectl label clusterrole,clusterrolebinding,configmap,cronjob,deployment,mutatingwebhookconfiguration,namespace,role,rolebinding,secret,service,serviceaccount,validatingwebhookconfiguration \
  -A -l linkerd.io/control-plane-ns=linkerd \
  app.kubernetes.io/managed-by=Helm
kubectl annotate clusterrole,clusterrolebinding,configmap,cronjob,deployment,mutatingwebhookconfiguration,namespace,role,rolebinding,secret,service,serviceaccount,validatingwebhookconfiguration \
  -A -l linkerd.io/control-plane-ns=linkerd \
  meta.helm.sh/release-name=linkerd-control-plane meta.helm.sh/release-namespace=linkerd
kubectl -n linkerd label role/ext-namespace-metadata-linkerd-config \
  app.kubernetes.io/managed-by=Helm
kubectl -n linkerd annotate role/ext-namespace-metadata-linkerd-config \
  linkerd.io/control-plane-ns=linkerd meta.helm.sh/release-name=linkerd-control-plane meta.helm.sh/release-namespace=linkerd

Then use the helm command to move these resources to be managed by BEL’s linkerd-enterprise-crds chart.

To complete this step, you will need the CA certificate that you used to install your control plane. Assuming you followed Linkerd’s GitOps guide to ArgoCD, you’ll already be using cert-manager to furnish your issuer certificates. Get the CA certificate with:

kubectl -n linkerd get cm/linkerd-identity-trust-roots -ojsonpath='{.data.ca-bundle\.crt}' > ca.crt

Then run the Helm install:

helm install linkerd-control-plane \
  -n linkerd \
  --set license=$BUOYANT_LICENSE \
  --set-file linkerd-control-plane.identityTrustAnchorsPEM=ca.crt \
  --set linkerd-control-plane.identity.issuer.scheme=kubernetes.io/tls \
  linkerd-buoyant/linkerd-enterprise-control-plane

Your Linkerd installation on this cluster is now managed via Helm, which you can verify by running:

helm list -n linkerd

Which should output something like:

NAME                 	NAMESPACE	REVISION	...	APP VERSION
linkerd-control-plane	linkerd  	1       	...	enterprise-2.15.6
linkerd-crds         	linkerd  	1       	...	enterprise-2.15.6

Step 2: Migrating to BEL’s lifecycle automation

With Step 1 completed, the ArgoCD deployment of the Linkerd control plane has been migrated to Helm.

You can now use BEL’s lifecycle operator to takeover this Helm install using the BEL lifecycle automation guide, starting with Step 2.