Linkerd Enterprise Creators: Keep the Sidecar Mesh
Buoyant has released the first enterprise version of Linkerd, the popular service mesh known for its low power and simplicity of use, suitable for both small and large organizations. With this release, Linkerd continues to use service mesh sidecars, a stance emphatically advocated by its creator and Buoyant founder and CEO William Morgan. The continued open source approach used by the Linkerd creators and the release of an enterprise version of Linkerd also contrasts with the decisions made by other creators of open source projects such as HashiCorp, which opted to turn their previously open source code into proprietary solutions. Nevertheless, Linkerd remains committed to its open source project, as affirmed by Morgan.
The enterprise version of Linkerd introduces specific features that were in high demand among potential enterprise customers. These additional features, exclusive to the enterprise version, include security tools for implementing zero trust security within Kubernetes clusters managed by Linkerd’s open source security layer. Observability provider Mezmo and payment-network provider TrueLayer are among the early adopters.
This version also emphasizes cost optimization, enabling resource management for automated traffic control with a load balancer, thereby reducing costs. By segmenting endpoints into cost tiers and routing individual HTTP and gRPC requests to the appropriate zone, Linkerd Enterprise is used to divert traffic to the lowest-cost region during normal conditions, while adding endpoints from high-cost regions only if the system goes under stress. This support extends to cross-cluster traffic, allowing enterprises with complex topologies comprising multiple clusters across multiple zones to dramatically reduce cloud spend. Additionally, it addresses compliance and maintenance to facility installation, upgrades and rollback when necessary (including across both control and data planes), with Linkerd Enterprise’s lifecycle automation capabilities.
-
Linkerd Enterprise can be used to decommission expensive application load balancers and reduce cross-zone network spend, its creators say.
While Linkerd shares common characteristics with other service meshes in its core function of offering comprehensive control over Kubernetes clusters, its simplicity and efficiency have made it a popular choice. As many have emphasized, having a service mesh is essential for managing applications in cloud native environments. Microsoft, one of Linkerd’s users, has recognized the significance of a service mesh for its XBox business and service offerings.
Sidecar or Not
There has also been considerable discussion regarding eBPF and its role in enhancing monitoring capabilities for data originating from applications running on a Linux kernel. This technology functions directly within the Linux kernel and extends to different environments. While other service meshes, like Solo.io’s Istio, have turned to eBPF to increase speed and reduce resource consumption, Morgan is skeptical of this approach. Therefore, Linkerd has no plans to adopt a sidecar-less configuration, especially in its enterprise version, which has just been released. And hence, he asserts that with this release, Linkerd continues to defy the prevailing trend of utilizing eBPF for sidecars.
eBPF can help with one area of networking specifically, which is the processing of TCP packets at L4, Morgan said The vast majority of service mesh features are at L7 which eBPF cannot handle due to inherent limitations in the technology. “So, eBPF is of modest utility for service meshes at best. The noise from a specific service mesh about how eBPF gives you a sidecar-free mesh is purely marketing since eBPF can be used with sidecars and with per-host proxies with just as much (minimal) utility,” Morgan said. “All that sidecar-free means in this context is “per-host proxies” which are worse for security and worse for reliability than sidecars. Which is why we moved away from it in Linkerd 1.0.”
Business Model
Buoyant’s decision to release an enterprise version on top of the Linkerd open source version contrasts with those of certain high-profile enterprises and organizations, some of which have encountered challenges in achieving profitability with open source projects. For instance, HashiCorp has recently opted to transition its previously open source code, such as Vault, into proprietary solutions. However, Linkerd’s creator insists that the commitment to the Linkerd open source project remains as strong as before.
Simultaneously, the question poses an intriguing aspect of the ongoing debate on how companies can monetize open source projects, even highly popular ones. Some argue that open source should not necessarily serve as the foundation of a business model with additional services or enterprise versions layered on top. Others advocate that open source projects should retain their focus on developing primary proprietary products or services, while fulfilling the needs of other organizations that rely on the open source project. In this context, Buoyant has chosen to offer an enterprise version that extends Linkerd’s capabilities.
“I think the modern world of open source is very different from the nights-and-weekends army-of-volunteers approach that I grew up with (and that is the history of projects like Linux and Git). Modern open source projects are not volunteer efforts, they are projects funded by companies that are investing in them with a commercial interest — and that’s good because a) maintainers get paid and can have a livelihood, and b) projects are no longer dependent on maintainers’ nights and weekends,” Morgan said. “For Linkerd users I do believe we can offer the best of both worlds: a world-class open source project with a healthy and thriving community plus an enterprise distribution that solves the very specific and unique challenges of that environment.”
Nonetheless, the enterprise version of Linkerd offers specific features in response to the demands of enterprise customers.
While Linkerd shares fundamental characteristics with all service meshes in terms of providing comprehensive control of Kubernetes clusters, it has stood out for its facility of adoption and management. Many observers have emphasized the importance of having a service mesh when dealing with applications in cloud native environments. For instance, Microsoft, a Linkerd open source adopter, has recognized the necessity of a service mesh for its XBox business and service offerings.
During a talk at KubeCon + CloudNativeCon North America 2022 in Detroit, Christopher Voss, a senior software engineer at Microsoft, noted Linkerd’s efficient resource utilization, traffic splitting and observability “with a ton of metrics” and low latency that all came “out of the box.”
Out of all of the service mesh prototypes Microsoft tried out for its Xbox service “I wouldn’t say Linkerd ‘won’ but it more fit our needs,” Voss said.
Meanwhile, many organizations are struggling with how to integrate service mess into their operations. The question of whether it is acceptable for small and large organizations, like Microsoft, or other Linkerd users, such as Adobe, to employ multiple service meshes for various Kubernetes runtime environments is raised. An alternative perspective is to centralize operations under a single API, supported by a unified service mesh spanning all clusters.
“While at the technical level, it’s not an either-or decision, in practice, we do see quite a number of Linkerd adopters who migrate to service mesh from an ‘API centric’ approach, primarily because that approach resulted in a ‘hairpin’ architecture where calls between internal components went out to the public internet to return through their public API,” Morgan said. “This required paying for ALBs [Application Load Balencers] and other expensive cloud services, and they see a big cost reduction when they can decommission those in favor of a mesh.”
