External workload automation

Linkerd supports non-Kubernetes (external) workloads through a feature called mesh expansion, which allows these workloads (whether on VMs, bare metal, or other non-Kubernetes locations) to be part of the mesh and get the full set of benefits that Linkerd provides for meshed Kubernetes workloads.

BEL automates this feature, allowing you to manage a large set of external workloads with a minimum of configuration. This includes:

• Automatic registration of external workloads
• Automated IPtables configuration in the host environment
• Lifeycle management of Linkerd ExternalWorkload resources
• A principled way to manage configuration a group of related ExternalWorkloads, representing e.g. multiple replicas of a single service, via an ExternalGroup CRD.
• Liveliness probes of external workloads

This automation is provided by two components of BEL: an autoregistration controller, and a harness.

Autoregistration controller

The autoregistration controller manages the lifecycle of external workloads that join the service mesh. It keeps track of workload health by using liveness probes, and maintains Linkerd’s state (via ExternalWorkload resources) accordingly.

Harness

The harness runs in the host environment of the external workload. (For example, if the external workload is an application on a VM, the harness would run on the VM.) The harness continuously reports health status to Linkerd, as well as handling network configuration and running of the Linkerd dataplane microproxy.

Learning more

• Task: Managing external workloads
• ExternalGroup reference
• Proxy Harness reference

• Next FIPS compliance →