DEVOPSdigest

Buoyant announced the release of Linkerd 2.14 with improved support for multi-cluster deployments on shared flat networks, full Gateway API conformance, and much more.

Linkerd 2.14 comes on the heels of the Linkerd 2.13 release with circuit breaking and dynamic request routing, and continues Linkerd's focus on coupling enterprise-grade power and flexibility with superior operational model simplicity and to create the lowest TCO of any service mesh.

"Over the past 18 months, the adoption of Linkerd has skyrocketed in enterprise environments, with companies like Adidas, Microsoft, Plaid, and DB Schenker deploying Linkerd to bring security, compliance, and reliability to their mission-critical production infrastructure," said William Morgan, Buoyant CEO and one of the creators of Linkerd. "Last year was a banner year for Linkerd—the number of stable Kubernetes clusters running Linkerd doubled in 2022. With Linkerd 2.13 and 2.14 already under our belts, we're off to a great pace in 2023 and we have some amazing features that we can't wait to unveil later this year."

Linkerd 2.14 introduces improved multi-cluster support for clusters deployed on a shared flat network. Increasingly common in enterprise environments, this network architecture allows pods in different clusters to establish TCP connections with each other. Linkerd takes advantage of this ability to add a new "gateway-less" mode for cross-cluster communication. In this mode, Linkerd establishes cross-cluster connections across clusters without transiting a multi-cluster gateway, resulting in:

- Improved performance by reducing the latency of cross-cluster calls;

- Improved security by preserving workload identity in mTLS calls across clusters; and

- Reduced cloud spend by reducing the amount of traffic that is routed through the multi-cluster gateway.

In addition, Linkerd ensures that these cross-cluster connections are established with all the same guarantees as in-cluster connections, i.e., they are fully transparent to the application with the same security, reliability, and observability capabilities, including encryption, authentication, and Zero Trust authorization policies. This mode is also purely additive, and in heterogeneous network environments where flat networks are not possible, Linkerd's existing gateway-based approach functions as normal.

Importantly, this new multi-cluster support retains a critical aspect to Linkerd's design—independence of clusters as a way of isolating security and failure domains. Each cluster runs its own Linkerd control plane, and the failure of a single cluster cannot take down the service mesh on other clusters.

Beginning with the Linkerd 2.12 release, Linkerd has adopted Kubernetes's new Gateway API as the core configuration mechanism for Linkerd, including for features such as Zero Trust authorization policy and dynamic request routing. Adopting the Gateway API brings a host of benefits for users, from providing standardized mechanisms for configuring complex resources such as classes of HTTP requests to providing a uniform API across ingress and service meshes to—reduction of additional configuration surface area, since the Gateway configuration resources that already live on the cluster.