Thursday, December 16, 2021

Linkerd vs Istio, Envoy for service mesh

Frequently Asked Questions | Linkerd

Linkerd is a service mesh. It adds observability, reliability, and security to Kubernetes applications without code changes. For example, Linkerd can monitor and report per-service success rates and latencies, can automatically retry failed requests, and can encrypt and validate connections between services, all without requiring any modification of the application itself.

Linkerd vs Istio

Linkerd is significantly lighter and simpler than Istio. Linkerd is built for security from the ground up, ranging from features like on-by-default mTLS, a data plane that is built in a Rust, memory-safe language, and regular security audits. Finally, Linkerd has publicly committed to open governance and is hosted by the CNCF.

Linkerd vs Envoy

Envoy is a proxy; Linkerd is a service mesh. Linkerd has a control plane and a data plane, and uses a proxy is a component of the data plane. While Envoy can be used as a component of a service mesh, Linkerd uses an ultralight “micro-proxy” called Linkerd2-proxy, which is built in Rust for safety and performance.

Why doesn't Linkerd use Envoy?

Envoy is a complex general-purpose proxy. Linkerd uses a simple and ultralight “micro-proxy” called Linkerd2-proxy that is built specifically for the service mesh sidecar use case. This allows Linkerd to be significantly smaller and simpler than Envoy-based service meshes. The choice of Rust also allows Linkerd to avoid a whole class of CVEs and vulnerabilities that can impact proxies written in non-memory-safe languages like
 C++.