How to update existing installation with external trust anchor cert? #10425

miguelvr · 2023-03-01T16:14:14Z

miguelvr
Mar 1, 2023

hey team!

how do I upgrade an existing linkerd installation to use an external trust anchor secret?

the instructions here only mention an installation from scratch

Answered by alpeb

Mar 2, 2023

You can upgrade linkerd as instructed in the docs, making sure the identity.externalCA setting is enabled, and assuming the linkerd-identity-trust-roots ConfigMap is provisioned externally.
Note that if you're doing this through the CLI, the flag is --set identity.externalCA=true.
The dataplane pods will need to be restarted in order to pick the new trust root. The transition can cause downtime, but you can avoid that by bundling together the old and new cert, similarly as described here.

View full answer

alpeb · 2023-03-02T22:03:59Z

alpeb
Mar 2, 2023
Collaborator

You can upgrade linkerd as instructed in the docs, making sure the identity.externalCA setting is enabled, and assuming the linkerd-identity-trust-roots ConfigMap is provisioned externally.
Note that if you're doing this through the CLI, the flag is --set identity.externalCA=true.
The dataplane pods will need to be restarted in order to pick the new trust root. The transition can cause downtime, but you can avoid that by bundling together the old and new cert, similarly as described here.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

How to update existing installation with external trust anchor cert? #10425

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

How to update existing installation with external trust anchor cert? #10425

Uh oh!

miguelvr Mar 1, 2023

Replies: 1 comment

Uh oh!

alpeb Mar 2, 2023 Collaborator

miguelvr
Mar 1, 2023

alpeb
Mar 2, 2023
Collaborator