High Availability

For production workloads, Linkerd's control plane can run in high availability(HA) mode. This mode:

  • Runs three replicas of critical control plane components.
  • Sets production-ready CPU and memory resource requests on control planecomponents.
  • Sets production-ready CPU and memory resource requests on data plane proxies
  • Requires that the proxy auto-injector befunctional for any pods to be scheduled.
  • Sets anti-affinitypolicieson critical control plane components to achieve, if possible, that they arescheduled on separate nodes and in separate zones by default. Optionally,the scheduling on separate nodes can be made a hard requirement using a flag.

Enabling HA

You can enable HA mode at control plane installation time with the —ha flag:

  1. linkerd install --ha | kubectl apply -f -

You can override certain aspects of the HA behavior at installation time bypassing other flags to install. For example, you can override the number ofreplicas for critical components with the —controller-replicas flag:

  1. linkerd install --ha --controller-replicas=2 | kubectl apply -f -

To ensure that Linkerd does not get in the way of system critical workloadsstarting, the proxy injector should be disabled for the kube-system namespaceby running:

  1. kubectl label namespace kube-system config.linkerd.io/admission-webhooks=disabled

See the full install CLI documentation forreference.

Critical components

Replication and anti-affinity rules are applied to all controlplane components except Prometheus, Grafana, and the web service, which areconsidered non-critical.

Caveats

HA mode assumes that there are always at least three nodes in the Kubernetescluster. If this assumption is violated (e.g. the cluster is scaled down totwo or fewer nodes), then the system will likely be left in a non-functionalstate.