Buoyant Updates Linkerd to Simplify Zero-Trust Security

Buoyant today updated the open source Linkerd service mesh to add support for route-based authorization policies that enforce zero-trust policies within microsegmented Kubernetes environments.

In addition, the company is adding support for the Kubernetes Gateway application programming interface (API) and access logging to produce Apache-style request logs.

Buoyant CEO William Morgan says Linkerd 2.12 makes it possible to employ a service mesh to enforce per-route policies enforced at a more granular level for each microservice. That capability is an extension of existing support for port-based policies added in previous releases. It provides an alternative to platforms based on the container network interface (CNI) that do not have as strong an approach to cryptographic workload identity that is enforced at the pod level using standards such as mutual TLS protocol, notes Morgan.

Support for the Kubernetes API Gateway, meanwhile, provides a standards-based approach to integrating the Linkerd service mesh with Kubernetes clusters. That API, however, is still a work in progress so support will continue to evolve and mature, says Morgan.

Finally, updates to Linkerd can now be automatically applied via Bouyant Cloud, a management platform the company makes available for the service mesh.

In general, cybersecurity teams are now starting to have a greater appreciation for the role service meshes can play in enforcing zero-trust security policies, notes Morgan. While microsegmentation of microservices is not a new idea, he says it’s easier to achieve and maintain when employing a service mesh.

In the meantime, Buoyant continues to make a case for a lighter-weight service mesh that is simpler to implement. Linkerd is a project managed under the auspices of the Cloud Native Computing Foundation (CNCF), which is also considering a petition to advance the open source Istio service mesh project alongside both Linkerd and Kuma. Kuma is a service mesh that, unlike Linkerd and Istio, runs across both Kubernetes clusters and virtual machines.

A recent survey published by Buoyant finds more than a quarter (28%) of organizations have already swapped out the service mesh platform they initially adopted. Among those that have switched, 80% had been using the open source Istio platform. It’s still early days as far as service mesh adoption is concerned—nearly two-thirds of respondents (63%) say they have yet to deploy a service mesh in a production environment, while 14% say they have been using one in a production environment for less than six months.

It’s not clear when service mesh adoption will cross the proverbial chasm in the enterprise, but as Kubernetes clusters become more widely adopted, the number of organizations that need to employ a service mesh as an alternative to proxy software or a traditional API gateway will continue to steadily increase. The issue is understanding the implications those service meshes have for not only managing APIs but also abstracting away much of the underlying security and networking complexity that exists in most IT environments.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1615 posts and counting. See all posts by Mike Vizard