Feb 21, 2024: Announcing Linkerd 2.15 with support for VM workloads, native sidecars, and SPIFFE! Read more »

This is not the latest version of Linkerd!
This documentation is for an older version of Linkerd. You may want the Linkerd 2.15 (current) documentation instead.

Customizing Linkerd's Configuration with Kustomize

Instead of forking the Linkerd install and upgrade process, Kustomize can be used to patch the output of linkerd install in a consistent way. This allows customization of the install to add functionality specific to installations.

To get started, save the output of linkerd install to a YAML file. This will be the base resource that Kustomize uses to patch and generate what is added to your cluster.

linkerd install > linkerd.yaml

Next, create a kustomization.yaml file. This file will contain the instructions for Kustomize listing the base resources and the transformations to do on those resources. Right now, this looks pretty empty:

- linkerd.yaml

Now, let’s look at how to do some example customizations.

Add PriorityClass

There are a couple components in the control plane that can benefit from being associated with a critical PriorityClass. While this configuration isn’t currently supported as a flag to linkerd install, it is not hard to add by using Kustomize.

First, create a file named priority-class.yaml that will create define a PriorityClass resource.

apiVersion: scheduling.k8s.io/v1
description: Used for critical linkerd pods that must run in the cluster, but
  can be moved to another node if necessary.
kind: PriorityClass
  name: linkerd-critical
value: 1000000000

Next, create a file named patch-priority-class.yaml that will contain the overlay. This overlay will explain what needs to be modified.

apiVersion: apps/v1
kind: Deployment
  name: linkerd-identity
  namespace: linkerd
      priorityClassName: linkerd-critical

Then, add this as a strategic merge option to kustomization.yaml:

- priority-class.yaml
- linkerd.yaml
- patch-priority-class.yaml

Applying this to your cluster requires taking the output of kustomize and piping it to kubectl apply. For example you can run:

kubectl kustomize . | kubectl apply -f -

Modify Grafana Configuration

Interested in enabling authentication for Grafana? It is possible to modify the ConfigMap as a one off to do this. Unfortunately, the changes will end up being reverted every time linkerd upgrade happens. Instead, create a file named grafana.yaml and add your modifications:

kind: ConfigMap
apiVersion: v1
  name: grafana-config
  namespace: linkerd-viz
  grafana.ini: |-
    instance_name = grafana

    root_url = %(protocol)s://%(domain)s:/grafana/

    check_for_updates = false    

Then, add this as a strategic merge option to kustomization.yaml:

- linkerd.yaml
- grafana.yaml

Finally, apply this to your cluster by generating YAML with kustomize and piping the output to kubectl apply.

kubectl kustomize . | kubectl apply -f -