linkerd-patterns

This skill is a documentation/playbook for installing and configuring Linkerd and provides templates and CLI commands that legitimately require cluster-level access. The primary supply-chain risk is the included download-and-execute pattern (curl | sh) and several places where remote installer output is piped directly into kubectl, which can cause arbitrary manifests to be applied with the operator's privileges. These patterns are common in installer workflows and the referenced domain (run.linkerd.io) is the official Linkerd installer, but curl|sh and unverified piped installs remain supply-chain hazards. There are no hard-coded secrets, obfuscated payloads, or explicit exfiltration mechanisms in the provided text. The most likely real-world risks are operator error (applying permissive ServerAuthorization examples) or a compromised installer endpoint. Recommendations: avoid blind curl|sh when possible — verify installer integrity (checksums, signed releases), run installs from vetted releases or package managers, review manifests before applying, and ensure least-privilege kubeconfig credentials when running these commands.