diff --git a/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml b/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml
index 76b6241758c80..626f79286f55c 100644
--- a/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml
+++ b/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml
@@ -120,9 +120,12 @@ spec:
         mirror.linkerd.io/cluster-name: {{.Values.targetClusterName}}
         {{- with .Values.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
     spec:
-    {{- if .Values.enablePodAntiAffinity -}}
-    {{- $local := dict "label" "mirror.linkerd.io/cluster-name" "component" .Values.targetClusterName -}}
-    {{- include "linkerd.pod-affinity" $local | nindent 6 -}}
+    {{- if .Values.enablePodAntiAffinity}}
+    {{- with $tree := deepCopy . }}
+    {{- $_ := set $tree "component" .Values.targetClusterName -}}
+    {{- $_ := set $tree "label" "mirror.linkerd.io/cluster-name" -}}
+    {{- include "linkerd.affinity" $tree | nindent 6 }}
+    {{- end }}
     {{- end }}
       containers:
       - args:
diff --git a/multicluster/cmd/link_test.go b/multicluster/cmd/link_test.go
index bcb39e3029f83..97e3790a5217e 100644
--- a/multicluster/cmd/link_test.go
+++ b/multicluster/cmd/link_test.go
@@ -20,7 +20,15 @@ func TestServiceMirrorRender(t *testing.T) {
 		{
 			linkValues,
 			nil,
-			"serivce_mirror_default.golden",
+			"service_mirror_default.golden",
+		},
+
+		{
+			linkValues,
+			map[string]interface{}{
+				"enablePodAntiAffinity": true,
+			},
+			"service_mirror_ha.golden",
 		},
 	}
 	for i, tc := range testCases {
diff --git a/multicluster/cmd/testdata/serivce_mirror_default.golden b/multicluster/cmd/testdata/service_mirror_default.golden
similarity index 100%
rename from multicluster/cmd/testdata/serivce_mirror_default.golden
rename to multicluster/cmd/testdata/service_mirror_default.golden
diff --git a/multicluster/cmd/testdata/service_mirror_ha.golden b/multicluster/cmd/testdata/service_mirror_ha.golden
new file mode 100644
index 0000000000000..9b5ec6866b87e
--- /dev/null
+++ b/multicluster/cmd/testdata/service_mirror_ha.golden
@@ -0,0 +1,190 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: linkerd-service-mirror-access-local-resources-test-cluster
+  labels:
+    linkerd.io/extension: multicluster
+    component: service-mirror
+    mirror.linkerd.io/cluster-name: test-cluster
+rules:
+- apiGroups: [""]
+  resources: ["endpoints", "services"]
+  verbs: ["list", "get", "watch", "create", "delete", "update"]
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["list", "get", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: linkerd-service-mirror-access-local-resources-test-cluster
+  labels:
+    linkerd.io/extension: multicluster
+    component: service-mirror
+    mirror.linkerd.io/cluster-name: test-cluster
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: linkerd-service-mirror-access-local-resources-test-cluster
+subjects:
+- kind: ServiceAccount
+  name: linkerd-service-mirror-test-cluster
+  namespace: test
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: linkerd-service-mirror-read-remote-creds-test-cluster
+  namespace: test
+  labels:
+    linkerd.io/extension: multicluster
+    component: service-mirror
+    mirror.linkerd.io/cluster-name: test-cluster
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["cluster-credentials-test-cluster"]
+    verbs: ["list", "get", "watch"]
+  - apiGroups: ["multicluster.linkerd.io"]
+    resources: ["links"]
+    verbs: ["list", "get", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create", "get", "update", "patch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: linkerd-service-mirror-read-remote-creds-test-cluster
+  namespace: test
+  labels:
+    linkerd.io/extension: multicluster
+    component: service-mirror
+    mirror.linkerd.io/cluster-name: test-cluster
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: linkerd-service-mirror-read-remote-creds-test-cluster
+subjects:
+  - kind: ServiceAccount
+    name: linkerd-service-mirror-test-cluster
+    namespace: test
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: linkerd-service-mirror-test-cluster
+  namespace: test
+  labels:
+    linkerd.io/extension: multicluster
+    component: service-mirror
+    mirror.linkerd.io/cluster-name: test-cluster
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    linkerd.io/extension: multicluster
+    component: service-mirror
+    mirror.linkerd.io/cluster-name: test-cluster
+  name: linkerd-service-mirror-test-cluster
+  namespace: test
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: linkerd-service-mirror
+      mirror.linkerd.io/cluster-name: test-cluster
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+  template:
+    metadata:
+      annotations:
+        linkerd.io/inject: enabled
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+        config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0"
+      labels:
+        linkerd.io/extension: multicluster
+        component: linkerd-service-mirror
+        mirror.linkerd.io/cluster-name: test-cluster
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: mirror.linkerd.io/cluster-name
+                  operator: In
+                  values:
+                  - test-cluster
+              topologyKey: topology.kubernetes.io/zone
+            weight: 100
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: mirror.linkerd.io/cluster-name
+                operator: In
+                values:
+                - test-cluster
+            topologyKey: kubernetes.io/hostname
+      containers:
+      - args:
+        - service-mirror
+        - -log-level=info
+        - -log-format=plain
+        - -event-requeue-limit=3
+        - -namespace=test
+        - -enable-pprof=false
+        - test-cluster
+        image: cr.l5d.io/linkerd/controller:dev-undefined
+        name: service-mirror
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 2103
+          seccompProfile:
+            type: RuntimeDefault
+        ports:
+        - containerPort: 9999
+          name: admin-http
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: linkerd-service-mirror-test-cluster
+---
+kind: PodDisruptionBudget
+apiVersion: policy/v1
+metadata:
+  name: linkerd-service-mirror-test-cluster
+  namespace: test
+  labels:
+    component: linkerd-service-mirror
+  annotations:
+    linkerd.io/created-by: linkerd/cli dev-undefined
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      component: linkerd-service-mirror
+      mirror.linkerd.io/cluster-name: test-cluster
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: probe-gateway-test-cluster
+  namespace: test
+  labels:
+    linkerd.io/extension: multicluster
+    mirror.linkerd.io/mirrored-gateway: "true"
+    mirror.linkerd.io/cluster-name: test-cluster
+spec:
+  ports:
+  - name: mc-probe
+    port: 4191
+    protocol: TCP