linkerd not able to inject into deployment with hostNetwork

[saikrishnakumarreddy]

What is the issue?

I was expecting things to work as per this #5938 (comment)
But When i tried to inject Linkerd into pod which has the hostNetwork flag enabled.

How can it be reproduced?

deployment with hostNetwork: true can reproduce this issue.

Logs, error output, etc

sai@scp-dev:~/sai-linkerd$ linkerd inject deployment.yml > deployment-with-linkerd.yml
Error transforming resources:
failed to inject deployment/test: hostNetwork is enabled

sai@scp-dev:~/sai-linkerd$

output of linkerd check -o short

sai@scp-dev:~$ linkerd check
kubernetes-api

√ can initialize the client
√ can query the Kubernetes API

kubernetes-version

√ is running the minimum Kubernetes API version

linkerd-existence

√ 'linkerd-config' config map exists
√ heartbeat ServiceAccount exist
√ control plane replica sets are ready
√ no unschedulable pods
√ control plane pods are ready
√ cluster networks contains all node podCIDRs
√ cluster networks contains all pods
√ cluster networks contains all services

linkerd-config

√ control plane Namespace exists
√ control plane ClusterRoles exist
√ control plane ClusterRoleBindings exist
√ control plane ServiceAccounts exist
√ control plane CustomResourceDefinitions exist
√ control plane MutatingWebhookConfigurations exist
√ control plane ValidatingWebhookConfigurations exist
√ proxy-init container runs as root user if docker container runtime is used

linkerd-identity

√ certificate config is valid
√ trust anchors are using supported crypto algorithm
√ trust anchors are within their validity period
√ trust anchors are valid for at least 60 days
√ issuer cert is using supported crypto algorithm
√ issuer cert is within its validity period
√ issuer cert is valid for at least 60 days
√ issuer cert is issued by the trust anchor

linkerd-webhooks-and-apisvc-tls

√ proxy-injector webhook has valid cert
√ proxy-injector cert is valid for at least 60 days
√ sp-validator webhook has valid cert
√ sp-validator cert is valid for at least 60 days
√ policy-validator webhook has valid cert
√ policy-validator cert is valid for at least 60 days

linkerd-version

√ can determine the latest version
√ cli is up-to-date

control-plane-version

√ can retrieve the control plane version
√ control plane is up-to-date
√ control plane and cli versions match

linkerd-control-plane-proxy

√ control plane proxies are healthy
√ control plane proxies are up-to-date
√ control plane proxies and cli versions match

linkerd-extension-checks

√ namespace configuration for extensions

Status check results are √

Environment

Linkerd version
sai@scp-dev:~$ linkerd version
Client version: edge-24.3.5
Server version: edge-24.3.5

Kubernetes Version: k3s version v1.28.8+k3s1 (653dd61a)
Cluster Environment: k3s
Host OS: Ubuntu 20.04.6 LTS (Focal Fossa)
Linkerd version: edge-24.3.5

Possible solution

if i make the hostNetwork: false, then linkerd is able to inject and things working fine.

Additional context

No response

Would you like to work on fixing this bug?

Yes

[kflynn]

Unfortunately, Linkerd doesn't have a way to manage routing on hostNetwork Pods, so (as you're finding) it's not possible to mesh them. 😐 Things should work fine without hostNetwork, though.

I'm going to go ahead and close this issue, since it's not possible to change Linkerd to do this. Sorry about that!