// the find
linkerd/linkerd2
Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
Linkerd is a CNCF-graduated service mesh for Kubernetes that handles mTLS, observability, and traffic management via a sidecar proxy written in Rust. It's the lightweight alternative to Istio — simpler to operate, lower resource overhead, narrower scope. Best for teams that want automatic mTLS between services without adopting the full Istio surface area.
The data plane proxy is written in Rust (linkerd2-proxy), which gives it genuinely low memory and CPU overhead compared to Envoy-based meshes — this isn't marketing, it shows up in benchmarks. mTLS is on by default and certificate rotation is automatic through the identity controller, so you get zero-trust networking without writing any policy. The CNCF graduation status means third-party security audits are public in the repo (2019, 2022, 2024) — you can read exactly what was found and fixed. Helm chart structure is clean and the Kubernetes Gateway API CRDs are included, so it tracks the upstream standard rather than inventing its own routing primitives.
Split across multiple repos (linkerd2, linkerd2-proxy, website) means following a bug from control plane behavior to proxy implementation requires context-switching between codebases and different issue trackers. Multi-cluster support exists but is an extension that requires separate installation and cert coordination — it's not a first-class concern and the setup is fiddly. No built-in egress control beyond the EgressNetwork CRD which is still relatively new; if you need sophisticated egress policy you'll be writing workarounds. The extension model (Viz, Jaeger, multicluster) means a 'full' Linkerd install is actually five or six separate Helm releases to manage and upgrade independently.