LogoLogo
Public Knowledge Base
Public Knowledge Base
  • Self-hosted Immuta
    • Official Immuta Self-Managed Deployment Documentation
    • What's new in 2024.2?
    • Deployment Options
      • AWS Immuta Deployment
      • Azure Immuta Deployment
      • K3s Deployment
      • SUSE Rancher Kubernetes Engine (RKE2) Deployment
      • In-cluster PostgreSQL using Crunchydata
      • In-cluster Elasticsearch using Elastic Cloud on Kubernetes (ECK)
      • Production Linkerd with AWS Private CA issuer
      • Deploying Linkerd via Open Source Linkerd
      • Deploying Linkerd Service Mesh via Buoyant Enterprise for Linkerd
      • Uninstalling Linkerd
      • Upgrading to Immuta 2024.2 LTS
      • LTS Upgrade via Legacy Chart
      • Legacy Audit - no Elasticsearch
      • Temporal with RDS
      • Setting Up OpenSearch User Pemissions
    • Air gapped installations
      • Immuta Installation on k3s in Air Gapped environment
      • Air-gapped Installation Artifact Transfer
  • Excessive failed jobs in pgboss impacting system performance
  • Example Trino installation via Open Source Helm Chart
  • Immuta Installation on Self Managed Infrastructure Overview
  • Repeatable k3s stack deployment on AWS EC2
  • Trino OAuth2 and JWT via Okta
  • Copy of Okta Attribute Mapping
Powered by GitBook
On this page
  • Considerations
  • Installation
  • Install the cli
  • Validate the destination cluster
  • Install Linkerd
  • Validate install
  • Applying linkerd to an existing Immuta deployment
  • Installing Linkerd visualization tools
  • Validating mTLS
  1. Self-hosted Immuta
  2. Deployment Options

Deploying Linkerd via Open Source Linkerd

PreviousProduction Linkerd with AWS Private CA issuerNextDeploying Linkerd Service Mesh via Buoyant Enterprise for Linkerd

Considerations

Edge releases of Linkerd are provided by the open source community:

Edge releases are generally considered production ready, and the project will mark specific releases as “not recommended” if bugs are discovered after release.

Installation

This article closely follows the Linkerd Getting Started Guide

Install the cli

curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install-edge | sh
export PATH=$HOME/.linkerd2/bin:$PATH

Validate the destination cluster

linkerd check --pre
Example precheck output
kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API

kubernetes-version
------------------
√ is running the minimum Kubernetes API version

pre-kubernetes-setup
--------------------
√ control plane namespace does not already exist
√ can create non-namespaced resources
√ can create ServiceAccounts
√ can create Services
√ can create Deployments
√ can create CronJobs
√ can create ConfigMaps
√ can create Secrets
√ can read Secrets
√ can read extension-apiserver-authentication configmap
√ no clock skew detected

linkerd-version
---------------
√ can determine the latest version
√ cli is up-to-date

Status check results are √

Install Linkerd

linkerd install --crds | kubectl apply -f -
linkerd install | kubectl apply -f -

Validate install

linkerd check

Applying linkerd to an existing Immuta deployment

kubectl get -n immuta deploy -o yaml |linkerd inject - |kubectl apply -f -

ddeployment "immuta-audit" injected
deployment "immuta-cache" injected
deployment "immuta-discover" injected
deployment "immuta-secure-background-worker" injected
deployment "immuta-secure-web" injected

deployment.apps/immuta-audit configured
deployment.apps/immuta-cache configured
deployment.apps/immuta-discover configured
deployment.apps/immuta-secure-background-worker configured
deployment.apps/immuta-secure-web configured

Installing Linkerd visualization tools

linkerd viz install | kubectl apply -f -
kubectl -n immuta rollout restart deploy
kubectl port-forward -n linkerd-viz service/web 8084:8084

Validating mTLS

linkerd viz -n immuta edges deployment

SRC                               DST                               SRC_NS        DST_NS   SECURED
immuta-secure-background-worker   immuta-cache                      immuta        immuta   √
immuta-secure-web                 immuta-cache                      immuta        immuta   √
prometheus                        immuta-audit                      linkerd-viz   immuta   √
prometheus                        immuta-cache                      linkerd-viz   immuta   √
prometheus                        immuta-discover                   linkerd-viz   immuta   √
prometheus                        immuta-secure-background-worker   linkerd-viz   immuta   √
prometheus                        immuta-secure-web                 linkerd-viz   immuta   √
Releases and Versions
Linkerd Release and Version Definitions
Getting Started
Validating your mTLS traffic
Linkerd mTLS validation article
Logo
Linkerd Meshed Pods
Logo
Logo