Completek8s Classroom notes 05/Nov/2023

Service Mesh

  • In Microservices, apps are broken down into multiple smaller services that communicate over network which are unreliable, hackable and slow. Service Mesh addresses this set of challenges by managing traffic between services and adding reliability, observability and security features uniformly across services
  • The broader category of critical functions provided by service mesh are

    • security
    • reliability
    • observability
  • Service Meshes

    • Linkerd
    • Istio
    • Consul
    • AWS App Service Mesh
    • Azure Service fabric Mesh

Linkerd architecture

Data Plane

  • Pods that have proxies are referred to as meshed
  • Meshed pods communicate exclusively through the proxies
  • proxies collect critical metrics
  • Four functions of Data plane
    • Iptables config: Route traffic to proxy in the Pod
    • Load Balancing: Balance traffic for HTTP and gRPC
    • Metrics
    • mTLS (Mutual TLS): Secure by default
  • IP Tables config
    • Two ways to configure
    • Init Container
    • Linkerd CNI plugin
  • Load Balancing:
    • Request Level load Balancing
      • Connection pool
      • Balances based on latency
      • Uses exponentially weighted moving average
  • Metrics:
    • Linkerd collects metrics from proxies
    • Metrics are used to as shown below in Prometheus format
      • Determine app health
      • Collect baseline metrics
      • Define error budges
      • Service Level Objectives
  • Mutual TLS
    • Zero-trust
    • mTLS between services
  • Linkerd recommends bringing your own prometheus Refer Here

control plane

  • Controller Component
    • It interacts with linkerd cli and Dashboard
  • Destination Services:
  • Identity Service
  • Proxy Injector: It injects for objects with enabled
  • Linkerd Extensions:
    • Viz
    • Jaeger
    • Multicluster

Using Linkerd

choco install linkerd2 -y
  • Refer Here for steps
  • As discussed in the class post setup of linkerd install dashboard using viz extension
  • Lets install emojivoto
kubectl apply -f
  • Lets inject proxy into emojivoto
kubectl annotate ns emojivoto
  • Now restart the deployment to inject the proxy
kubectl rollout restart deploy -n emojivoto


  • Service Profiles in Linkerd Refer Here
  • Refer Here for setting up service profiles
  • Three ways to setup Service Profiles
    • OpenAPI/Swagger
      linkerd profile -n emojivoto --open-api <swagger file> <svc> > yaml
    • Protbuf
      linkerd profile -n emojivoto --proto <swagger file> <svc> > yaml
    • tap
      linkerd viz profile <from> --tap <to> --tap-duration 10s -n <namespace> > yaml
  • Simple swagger. create a file called as emojivoto.swagger
openapi: 3.0.1
version: v10
    get: {}
    get: {}
  • Create a service profile using the command linkerd profile -n emojivoto --open-api .\emojivoto.swagger web-svc > web-sp.yaml
kind: ServiceProfile
  creationTimestamp: null
  name: web-svc.emojivoto.svc.cluster.local
  namespace: emojivoto
  - condition:
      method: GET
      pathRegex: /api/list
    name: GET /api/list
  - condition:
      method: GET
      pathRegex: /api/vote
    name: GET /api/vote

Istio architecture

Kubernetes cluster

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner