linkerd2

Linkerd is a tool that installs into a Kubernetes cluster and automatically adds security, monitoring, and reliability features to the communication between your application's services, without requiring any changes to the application code itself.

A service mesh is a dedicated layer of infrastructure that sits between your application components and manages how they talk to each other. Think of a modern web application as many small programs (called microservices) communicating over a network. Normally, each program would need its own code to handle things like encrypting that traffic, retrying failed requests, or tracking how fast each connection is. Linkerd moves all of that handling into a shared layer it manages itself.

The security focus is central to Linkerd's design. It automatically encrypts all traffic between services using mutual TLS (a method where both sides of a connection verify each other's identity), without touching the application. It also provides detailed visibility into which services are talking to which, how long requests take, and where failures occur, through built-in metrics and dashboards.

Linkerd is designed to be lightweight compared to other tools in this category. Its data-plane proxy component is written in Rust for low memory usage and fast performance. Installation into a Kubernetes cluster takes seconds via a command-line tool, and the getting started guide walks through the whole process.

The project is part of the Cloud Native Computing Foundation, the organization that also oversees Kubernetes. It undergoes regular third-party security audits, and the results are published publicly in the repository. The license is Apache 2.0.