What's on this page
Linkerd.io references
Migrating an ArgoCD-based Linkerd install to BEL's lifecycle automation
In this guide we’ll walk you through how to migrate from an ArgoCD deployment of the Linkerd control plane to one that is managed with BEL’s lifecycle automation.
Why do we need to do anything?
BEL’s lifecycle operator relies on a Helm deployment of the
linkerd-control-plane and linkerd-crds charts. ArgoCD deploys a templated
version of those charts instead of the actual charts themselves. Before the
operator can take over a Linkerd deployment we’ll first need to tell Helm to
“adopt” the existing Linkerd install.
What do we need to do?
Follow along with the steps in this document to “adopt” an existing Linkerd install. In our example we’re going to show you how to spin up a k3d cluster but you can perform the migration steps on any cluster.
Required tools
To complete this migration, you will need:
- A functioning Kubernetes cluster with Linkerd install via ArgoCD
- Helm installed on your local machine
- The
base64CLI, for decoding TLS certificates in Step 2
Step 0: Get your license key
BEL requires a valid license key to run, which is available through the Buoyant portal. Following the instructions there, you should end up with an environment variable like this:
export BUOYANT_LICENSE=[LICENSE]
The commands below assume that you have this environment variable set.
Step 1: Getting the CLI tool
The first step is to download and install the BEL CLI:
curl --proto '=https' --tlsv1.2 -sSfL https://enterprise.buoyant.io/install | sh
Follow the instructions to add the linkerd CLI to your system path.
Verify that the CLI is installed and running the expected version with:
linkerd version --client
You should see:
Client version: enterprise-2.15.2
Step 2: Migrating an ArgoCD install to Helm
You’ll need to move your ArgoCD install to a Helm install of the latest BEL version before managing it with the lifecycle automation operator.
The Helm charts used in this step are hosted in the linkerd-buoyant Helm repo,
which can be added/updated as followed:
helm repo add linkerd-buoyant https://helm.buoyant.cloud
helm repo update linkerd-buoyant
Start by adding the required labels and annotations to Linkerd’s CRDs:
kubectl label crds -l linkerd.io/control-plane-ns=linkerd app.kubernetes.io/managed-by=Helm
kubectl annotate crds -l linkerd.io/control-plane-ns=linkerd \
meta.helm.sh/release-name=linkerd-crds meta.helm.sh/release-namespace=linkerd
Then use the helm command to move these resources to be managed by BEL’s
linkerd-enterprise-crds chart:
helm install linkerd-crds -n linkerd linkerd-buoyant/linkerd-enterprise-crds
Next add the required labels and annotations to all control plane resources:
kubectl label clusterrole,clusterrolebinding,configmap,cronjob,deployment,mutatingwebhookconfiguration,namespace,role,rolebinding,secret,service,serviceaccount,validatingwebhookconfiguration \
-A -l linkerd.io/control-plane-ns=linkerd \
app.kubernetes.io/managed-by=Helm
kubectl annotate clusterrole,clusterrolebinding,configmap,cronjob,deployment,mutatingwebhookconfiguration,namespace,role,rolebinding,secret,service,serviceaccount,validatingwebhookconfiguration \
-A -l linkerd.io/control-plane-ns=linkerd \
meta.helm.sh/release-name=linkerd-control-plane meta.helm.sh/release-namespace=linkerd
kubectl -n linkerd label role/ext-namespace-metadata-linkerd-config \
app.kubernetes.io/managed-by=Helm
kubectl -n linkerd annotate role/ext-namespace-metadata-linkerd-config \
linkerd.io/control-plane-ns=linkerd meta.helm.sh/release-name=linkerd-control-plane meta.helm.sh/release-namespace=linkerd
Then use the helm command to move these resources to be managed by BEL’s
linkerd-enterprise-crds chart.
To complete this step, you will need the CA certificate that you used to install your control plane. Assuming you followed Linkerd’s GitOps guide to ArgoCD, you’ll already be using cert-manager to furnish your issuer certificates. Get the CA certificate with:
kubectl -n linkerd get cm/linkerd-identity-trust-roots -ojsonpath='{.data.ca-bundle\.crt}' > ca.crt
Then run the Helm install:
helm install linkerd-control-plane \
-n linkerd \
--set license=$BUOYANT_LICENSE \
--set-file linkerd-control-plane.identityTrustAnchorsPEM=ca.crt \
--set linkerd-control-plane.identity.issuer.scheme=kubernetes.io/tls \
linkerd-buoyant/linkerd-enterprise-control-plane
Your Linkerd installation on this cluster is now managed via Helm, which you can verify by running:
helm list -n linkerd
Which should output something like:
NAME NAMESPACE REVISION ... APP VERSION
linkerd-control-plane linkerd 1 ... enterprise-2.15.2
linkerd-crds linkerd 1 ... enterprise-2.15.2
Step 3: Migrating to BEL’s lifecycle automation
With Step 2 completed, the ArgoCD deployment of the Linkerd control plane has been migrated to Helm.
You can now use BEL’s lifecycle operator to takeover this Helm install using the BEL lifecycle automation guide, starting with Step 3.