What's on this page
Migrating to BEL's lifecycle automation
In this guide, we’ll walk you through how to migrate your Linkerd installation to take advantage of BEL’s lifecycle automation capabilities. To complete this migration, you will need:
- A Kubernetes cluster with Linkerd install via Helm or the
linkerd
CLI - Helm installed on your local machine
- The
BUOYANT_LICENSE
environment variable set, with functioning BEL CLI - The
base64
BEL CLI, if decoding TLS certificates in Step 1
Step 1: Migrating a CLI install to Helm
If your Linkerd installation was installed via the linkerd
CLI, you’ll need to
move it to a Helm install of the latest BEL version before managing it with the
lifecycle automation operator. If your Linkerd installation was installed via
Helm, you can skip to Step 2.
The Helm charts used in this step are hosted in the linkerd-buoyant
Helm repo,
which can be added/updated as followed:
helm repo add linkerd-buoyant https://helm.buoyant.cloud
helm repo update linkerd-buoyant
Start by adding the required labels and annotations to Linkerd’s CRDs:
kubectl label crds -l linkerd.io/control-plane-ns=linkerd app.kubernetes.io/managed-by=Helm
kubectl annotate crds -l linkerd.io/control-plane-ns=linkerd \
meta.helm.sh/release-name=linkerd-crds meta.helm.sh/release-namespace=linkerd
Then use the helm
command to move these resources to be managed by BEL’s
linkerd-enterprise-crds
chart:
helm install linkerd-crds -n linkerd linkerd-buoyant/linkerd-enterprise-crds
Next add the required labels and annotations to all control plane resources:
kubectl label clusterrole,clusterrolebinding,configmap,cronjob,deployment,mutatingwebhookconfiguration,namespace,role,rolebinding,secret,service,serviceaccount,validatingwebhookconfiguration \
-A -l linkerd.io/control-plane-ns=linkerd \
app.kubernetes.io/managed-by=Helm
kubectl annotate clusterrole,clusterrolebinding,configmap,cronjob,deployment,mutatingwebhookconfiguration,namespace,role,rolebinding,secret,service,serviceaccount,validatingwebhookconfiguration \
-A -l linkerd.io/control-plane-ns=linkerd \
meta.helm.sh/release-name=linkerd-control-plane meta.helm.sh/release-namespace=linkerd
kubectl -n linkerd label role/ext-namespace-metadata-linkerd-config \
app.kubernetes.io/managed-by=Helm
kubectl -n linkerd annotate role/ext-namespace-metadata-linkerd-config \
linkerd.io/control-plane-ns=linkerd meta.helm.sh/release-name=linkerd-control-plane meta.helm.sh/release-namespace=linkerd
Then use the helm
command to move these resources to be managed by BEL’s
linkerd-enterprise-crds
chart.
To complete this step, you will need the certificate files that you used to
install your control plane. If you didn’t provide them when installing the
control plane, then you can retrieve them using kubectl
:
kubectl -n linkerd get cm/linkerd-identity-trust-roots -ojsonpath='{.data.ca-bundle\.crt}' > ca.crt
kubectl -n linkerd get secret/linkerd-identity-issuer -ojsonpath='{.data.crt\.pem}' | base64 -D > issuer.crt
kubectl -n linkerd get secret/linkerd-identity-issuer -ojsonpath='{.data.key\.pem}' | base64 -D > issuer.key
Then run the Helm install:
helm install linkerd-control-plane \
-n linkerd \
--set license=$BUOYANT_LICENSE \
--set-file linkerd-control-plane.identityTrustAnchorsPEM=ca.crt \
--set-file linkerd-control-plane.identity.issuer.tls.crtPEM=issuer.crt \
--set-file linkerd-control-plane.identity.issuer.tls.keyPEM=issuer.key \
linkerd-buoyant/linkerd-enterprise-control-plane
Your Linkerd installation on this cluster is now managed via Helm, which you can verify by running:
helm list -n linkerd
Which should output something like:
NAME NAMESPACE REVISION ... APP VERSION
linkerd-control-plane linkerd 1 ... enterprise-2.16.1
linkerd-crds linkerd 1 ... enterprise-2.16.1
Step 2: Install lifecycle automation components
We’re now ready to install the BEL’s lifecycle automation components, which will automate installation and upgrades of BEL.
If you didn’t do this as part of the previous step, add/update the
linkerd-buoyant
Helm repo:
helm repo add linkerd-buoyant https://helm.buoyant.cloud
helm repo update
Then install the BEL lifecycle automation operator itself:
helm install linkerd-buoyant \
--create-namespace \
--namespace linkerd-buoyant \
--set buoyantCloudEnabled=false \
--set license=$BUOYANT_LICENSE \
linkerd-buoyant/linkerd-buoyant
Validate that the operator was installed successfully by running:
linkerd buoyant check
Step 3: Create the ControlPlane resource
We’re now ready to create the ControlPlane
resource
that’s used to manage the Linkerd installation on your cluster.
To create this resource automatically, use the import-helm-config
subcommand:
linkerd buoyant controlplane import-helm-config | sh
Validate that it worked by viewing the status of the resource that you just created:
kubectl get controlplane/linkerd-control-plane
Which should output something like:
NAME STATUS DESIRED CURRENT AGE
linkerd-control-plane UpToDate enterprise-2.16.1 enterprise-2.16.1 40s
Step 4: Create DataPlane resources
You can also use lifecycle automation to manage the data plane on your cluster,
separate from the control plane. This requires creating instances of the
DataPlane
resource in
each namespace where Linkerd proxies are running on your cluster.
For instance, to opt-in proxies in the default
namespace:
kubectl apply -f - <<EOF
apiVersion: linkerd.buoyant.io/v1alpha1
kind: DataPlane
metadata:
name: dp-update
namespace: default
spec:
workloadSelector:
matchLabels: {}
EOF
Validate that it worked by viewing the status of the resource that you just created:
kubectl -n default get dataplane/dp-update
Which should output something like:
NAME STATUS DESIRED CURRENT AGE
dp-update UpToDate 3 3 100s
Congratulation! You are now successfully running the BEL lifecycle automation components on your cluster. For more information about using these components, see the Lifecycle automation reference page.