Service mesh Linkerd is back in version 2.8 – the latest release of the Buoyant-bred CNCF incubating project comes fitted with multi-cluster capabilities and an add-on system to make adding functionality easier.
The latter for now ships with an add-on for tracing tool Jaeger and the observability platform Grafana. In upcoming releases, more functionality will be moved to add-ons, meaning users will be able to get rid of anything they don’t find necessary to reduce the size of the project.
Multi-cluster is surely the stand-out feature of v2.8, as it means Linkerd is now able to discover and connect Kubernetes services across clusters. It was developed to meet the goals of providing a unified trust domain, separate failure domains, supporting heterogeneous networks, and providing a unified model with in-cluster communication.
The accompanying set of sub-commands can be found under linkerd multicluster, with an additional gateways command to expose “gateway-specific telemetry to supplement the existing stat and tap commands”.
Operators using Linkerd on Amazon EKS will, unfortunately, have to wait another couple of days to be able to use the multicluster extension, as it doesn’t properly work with that service yet. However, the Linkerd team expects to address the issue in the next bug-fix release.
Besides those more complex additions, Linkerd 2.8 also comes with an adjusted proxy which in the face of sparse requests or over-consumption of resources in certain scenarios, should be less prone to failing. It will also label emitted distributed tracing spans with pod metadata. Other changes include some improvements in areas like gRPC stream error handling, and the stabilisation of the linkerd-cni component.
In his announcement post, Buoyant CEO William Morgan also shed some light on the future of the project. With goals as ambitious as transforming Linkerd “into the security plane for your Kubernetes infra”, the next releases will see the project introducing policy and “extending mTLS to all connections” amongst other things.
The idea seems pretty straight forward, given that service meshes have been hailed as a way to improve cluster security since their introduction. However, Linkerd isn’t the only player in the field and competitors such as Istio and its distributions already offer mutual TLS as well as policy support, meaning Buoyant’s roadmap is playing catch-up. Linkerd users will appreciate the step nonetheless, as it could help them stick with the tech for the long term.