Virtualization Technology News and Information
Release of Linkerd 2.8 Delivers Simple, Light Approach to Secure Kubernetes Multi-Cluster Communication

Today, the Linkerd community and sponsor Buoyant announced the availability of Linkerd 2.8. The latest release of the popular open source service mesh adds support for multi-cluster communication, allowing Kubernetes applications to communicate across cluster boundaries in a way that is fully secured, transparent to the application and independent of the underlying network topology.

The 2.8 release further extends the feature set of the widely-adopted Linkerd service mesh, already unique among service meshes for its open governance model and neutral home in the Cloud Native Computing Foundation. Linkerd's rapidly-growing adopter base includes organizations such as Chase Bank, EverQuote, Expedia, GoDaddy, Nordstrom and Walmart.

***Linkerd 2.8 is available today. Read more and download.***

Multi-Cluster Unlocks New Service Mesh Use Cases

Linkerd's multi-cluster functionality unlocks a tremendous range of use cases, including hybrid cloud, high availability, cluster failover and "inverted multi-tenancy," in which disparate teams in an organization each manage their own Kubernetes cluster. While each of these use cases comes with its own set of complexities, especially as traffic between clusters may be required to traverse the open internet, Linkerd's secure-by-default strategy simplifies the operational burden and allows Linkerd users to adopt multi-cluster strategies that were previously inaccessible.

"At Projector, we're focused on building a great experience for our customers. That means choosing best-in-class technology partners like Linkerd to ensure our services are fast, reliable and secure," said Jeremy Gordon, CTO of Projector, a collaborative creative platform. "Linkerd's new multi-cluster feature promises to make it significantly easier for us to implement Kubernetes clusters in multiple geographic regions to provide customers with the speed and security they expect from modern software."

In contrast to other service mesh projects such as Istio, which provide multi-cluster support by way of configuration-heavy layers of additional complexity on top of Kubernetes, the Linkerd "service mirroring" approach instead leverages as much existing Kubernetes functionality as possible.

"With service mirroring, Linkerd's multi-cluster operates the same way that the rest of Linkerd does: it's secure by default, it works out of the box, and it adds the bare minimum to Kubernetes," said William Morgan, CEO of Buoyant and one of the creators of Linkerd. "The multi-cluster approaches we saw from projects like Istio were disappointing because of their inherent complexity. Making multi-cluster simple wasn't just a style choice; it was a fundamental part of Linkerd's approach to connectivity. In a zero-trust, cloud-native world, connectivity requires security, but complexity is anathema to security. If you have a complex solution, you have an insecure solution."

The Linkerd project has long attracted adopters due to its "zero-config mTLS" feature, which automatically encrypts traffic between applications within a cluster and requires no configuration to enable or use. The new multi-cluster feature extends this functionality to communication across clusters, providing the same guarantees of confidentiality and identity that Linkerd already provided for in-cluster communication.

Datawire, maker of the most popular Kubernetes-native API gateway, Ambassador, has already integrated Linkerd 2.8. "Ambassador users can now use Linkerd to build secure, multi-cluster Kubernetes deployments directly on top of Ambassador," said Richard Li, CEO at Datawire. "Security is a critical requirement for Ambassador users, and this new integration allows Ambassadors users not just to add mTLS-secured connectivity within and between clusters, but to use Ambassador to manage and control this traffic just as it does with ingress traffic today."
Published Tuesday, June 09, 2020 2:57 PM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2020>