Linkerd, the open source service mesh, has been updated with a number of new features, including support for the ARM architecture, a new multicore proxy runtime, and the automatic enabling of mutual TLS (mTLS) security for all TCP connections.

William Morgan, CEO of Buoyant, the company behind Linkerd, says that the zero-config mTLS is a big step for Linkerd’s focus on zero trust security for Kubernetes and that it handles a lot of the complexity that might otherwise be the reason for insecure practices.

“Security is one of those things where, when you make it complicated and hard to implement, then people don’t do it. The more complex you make something from the less secure it is, that’s just human nature,” said Morgan.

While Linkerd has had mTLS for several versions now, it was only for HTTP and gRPC. With Linkerd 2.9, this will be extended to all TCP connections, and Morgan points out that there’s a lot of software that transcends those two protocols, especially when you’re building an internal application.

“What’s unique about Linkerd is that we do that in a way that requires zero configurations from the user, and that’s turned on by default. From the moment that you enable Linkerd, we take care of all the certificate management, rotation, provisioning of identities, and all that stuff,” said Morgan. “It’s really complicated because, ideally, you want to rotate those certificates on a regular basis. Doing this sort of kind of certificate management is the hard part. You want to tie those certificates to service identity in a way that maps to your Kubernetes infrastructure and so on.”

#cloud native #networking #kubernetes #zero trust #linkerd

Linkerd Adds Default mTLS to Kubernetes to Enable Zero Trust
1.40 GEEK