Description
What problem are you trying to solve?
There are two ways to disable protocol detection in linkerd:
Unfortunately, opaque ports cannot be set for non-meshed services. Affected ports can be skipped entirely, but that impacts meshed instances of the service that can use opaque ports and should not be skipped.
For example, if a pod needs to connect to both a meshed MySQL service (port 3306) and a non-meshed MySQL service (e.g. a managed offering), there is no way to disable protocol detection for the non-meshed connection while still connecting to the meshed service through the linkerd proxy.
See also: slack thread
How should the problem be solved?
Linkerd should support configuring the "no protocol detection" behavior of opaque ports for non-meshed connections, by port. Using the example above, I should be able to configure linkerd to skip protocol detection for connections to port 3306 on non-meshed destinations, without skipping port 3306 entirely. Protocol detection for in-mesh destinations would be disabled by the port being marked opaque.
Any alternatives you've considered?
The port number used by the out-of-mesh service could be configured to a non-standard value, and that port number could be excluded entirely without impact to the in-mesh service using the standard port number. But, this approach isn't always practical as not all teams can change the listening ports of the services they connect to.
How would users interact with this feature?
Users would add an annotation similar to config.linkerd.io/opaque-ports: ... to the relevant Kubernetes objects. Something like config.linkerd.io/nonmeshed-protocol-detection-disabled-ports: 3306,..., perhaps.
Would you like to work on this feature?
maybe