What's on this page

Configuring license secret installation

Buoyant Enterprise for Linkerd provides several ways to install and configure your license. This guide provides a quick reference for these alternate methods.

If you are using BEL’s lifecycle automation feature, see the guide to configure lifecycle automation with a license secret.

Prerequisites

The BUOYANT_LICENSE environment variable set, with functioning BEL CLI
Each method below assumes you have already installed the Linkerd CRDs:

CLI

curl https://enterprise.buoyant.io/install | sh

linkerd install --crds | kubectl apply -f -

Helm

helm repo add linkerd-buoyant https://helm.buoyant.cloud
helm repo update

helm install linkerd-crds \
  --create-namespace \
  --namespace linkerd \
  linkerd-buoyant/linkerd-enterprise-crds

Method 1: LicenseSecret

By default, Linkerd will create a buoyant-license secret during installation. To bring your own license secret, you can reference it in the install command. We recommend naming it buoyant-license, otherwise additional configuration will be required:

kubectl create namespace linkerd
kubectl create secret generic --namespace linkerd buoyant-license \
  --from-literal=license=$BUOYANT_LICENSE

CLI

linkerd install --set licenseSecret=buoyant-license | kubectl apply -f -

Helm

helm install linkerd-control-plane \
  --namespace linkerd \
  --set licenseSecret=buoyant-license \
  --set-file linkerd-control-plane.identityTrustAnchorsPEM=ca.crt \
  --set-file linkerd-control-plane.identity.issuer.tls.crtPEM=issuer.crt \
  --set-file linkerd-control-plane.identity.issuer.tls.keyPEM=issuer.key \
  linkerd-buoyant/linkerd-enterprise-control-plane

LicenseSecret With Multicluster

kubectl create namespace linkerd-multicluster
kubectl create secret generic --namespace linkerd-multicluster \
  buoyant-license --from-literal=license=$BUOYANT_LICENSE

CLI

linkerd multicluster install --set licenseSecret=buoyant-license |
  kubectl apply -f -

Helm

helm install linkerd-multicluster \
  --create-namespace \
  --namespace linkerd-multicluster \
  --set licenseSecret=buoyant-license
  linkerd-buoyant/linkerd-enterprise-multicluster

Method 2: Custom LicenseSecret

If you are unable to name your secret buoyant-license, you can specify a custom-named license secret:

kubectl create namespace linkerd
kubectl create secret generic --namespace linkerd buoyant-license-custom \
  --from-literal=license=$BUOYANT_LICENSE

CLI

linkerd install --set licenseSecret=buoyant-license-custom |
  kubectl apply -f -

Helm

helm install linkerd-control-plane \
  --namespace linkerd \
  --set licenseSecret=buoyant-license-custom \
  --set-json linkerd-control-plane.destinationController.additionalEnv='[{"name":"BUOYANT_LICENSE","valueFrom":{"secretKeyRef":{"key":"license","name":"buoyant-license-custom"}}}]' \
  --set-json linkerd-control-plane.heartbeat.additionalEnv='[{"name":"BUOYANT_LICENSE","valueFrom":{"secretKeyRef":{"key":"license","name":"buoyant-license-custom"}}}]' \
  --set-json linkerd-control-plane.identity.additionalEnv='[{"name":"BUOYANT_LICENSE","valueFrom":{"secretKeyRef":{"key":"license","name":"buoyant-license-custom"}}}]' \
  --set-json linkerd-control-plane.proxyInjector.additionalEnv='[{"name":"BUOYANT_LICENSE","valueFrom":{"secretKeyRef":{"key":"license","name":"buoyant-license-custom"}}}]' \
  --set-json linkerd-control-plane.spValidator.additionalEnv='[{"name":"BUOYANT_LICENSE","valueFrom":{"secretKeyRef":{"key":"license","name":"buoyant-license-custom"}}}]' \
  --set-file linkerd-control-plane.identityTrustAnchorsPEM=ca.crt \
  --set-file linkerd-control-plane.identity.issuer.tls.crtPEM=issuer.crt \
  --set-file linkerd-control-plane.identity.issuer.tls.keyPEM=issuer.key \
  linkerd-buoyant/linkerd-enterprise-control-plane

Custom LicenseSecret With Multicluster

CLI

linkerd multicluster install --set licenseSecret=buoyant-license-custom |
  kubectl apply -f -

Helm

helm install linkerd-multicluster \
  --create-namespace \
  --namespace linkerd-multicluster \
  --set licenseSecret=buoyant-license-custom
  linkerd-buoyant/linkerd-enterprise-multicluster

To install mulitcluster links with custom license secrets, modify the serviceMirrorAdditionalEnv the flag via the linkerd CLI:

linkerd multicluster link --cluster-name my-cluster |
  --set-json serviceMirrorAdditionalEnv='[{"name":"BUOYANT_LICENSE","valueFrom":{"secretKeyRef":{"key":"license","name":"buoyant-license-custom"}}}]' |
  kubectl apply -f -

Method 3: Custom CLI flag

The linkerd CLI automatically uses the BUOYANT_LICENSE environment variable during installation. If you want to set it to a different value, you can use the --set license flag:

linkerd install --set license=[LICENSE] |
  kubectl apply -f -

linkerd multicluster install --set license=[LICENSE] |
  kubectl apply -f -