freundcloud

Linkerd

Linkerd is a lightweight, open-source service mesh for Kubernetes. It provides runtime debugging, observability, reliability, and security (mTLS) for microservices—without requiring code changes. Linkerd is production-proven and works on all major clouds (AKS, EKS, GKE) and on-prem clusters.

What is a Service Mesh and Why Use Linkerd?

A service mesh is an infrastructure layer that transparently manages service-to-service communication. It provides:

  • Traffic management: Fine-grained routing, retries, timeouts, circuit breaking
  • Security: mTLS encryption, service authentication, and policy enforcement
  • Observability: Distributed tracing, metrics, and logging for all service traffic
  • Reliability: Automatic retries, failover, and health checks
  • Zero-trust networking: Enforce least-privilege and secure-by-default communication

Why Linkerd?

  • Lightweight and easy to install (no complex CRDs or sidecar bloat)
  • Fast startup and low resource usage
  • Works with GitOps tools (ArgoCD, Flux) for declarative, auditable deployments
  • Multi-cloud and hybrid ready

Pros and Cons

Pros Cons
Lightweight, simple to operate Fewer advanced features than Istio
Fast, low resource overhead No built-in API gateway
Secure by default (mTLS) Smaller ecosystem than Istio
GitOps-friendly  
Great for SRE/DevOps teams  

Step-by-Step: Linkerd Setup and Configuration

0. Prerequisites

  • Access to a Kubernetes cluster (AKS, EKS, GKE, or local)
  • kubectl installed and configured
  • (Optional) GitOps tool (ArgoCD, Flux) for declarative management

Validate your cluster:

kubectl version --short

1. Install the Linkerd CLI

curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh
export PATH=$PATH:$HOME/.linkerd2/bin
linkerd version

2. Validate Your Cluster

linkerd check --pre

3. Install the Control Plane

linkerd install | kubectl apply -f -
linkerd check

4. Install Extensions (Observability)

linkerd viz install | kubectl apply -f -
linkerd check

5. Explore the Dashboard

linkerd viz dashboard &

Real-Life Example: GitOps with Linkerd and ArgoCD

  1. Store your Linkerd manifests and Helm values in Git.
  2. Define an ArgoCD Application:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: linkerd
  namespace: argocd
spec:
  project: default
  source:
    repoURL: 'https://github.com/your-org/your-gitops-repo.git'
    targetRevision: main
    path: k8s/linkerd
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: linkerd
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
  1. Apply with:
kubectl apply -f linkerd-argocd-app.yaml

Demo App: Emojivoto

Install the demo app:

curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/emojivoto.yml | kubectl apply -f -
kubectl -n emojivoto port-forward svc/web-svc 8080:80

Inject Linkerd sidecars:

kubectl get -n emojivoto deploy -o yaml | linkerd inject - | kubectl apply -f -
linkerd -n emojivoto check --proxy

Best Practices (2025)

  • Use GitOps (ArgoCD, Flux) for all Linkerd config and upgrades
  • Enable mTLS and monitor mesh health with Prometheus/Grafana
  • Use LLMs (Copilot, Claude) to generate and review mesh policies and manifests
  • Document mesh usage and onboarding for your team

Common Pitfalls

  • Not enabling mTLS (misses security benefits)
  • Manual changes outside Git (causes drift)
  • Not monitoring mesh resource usage

References