
Linkerd 2.8: simple, secure multi-cluster Kubernetes - aberoham
https://linkerd.io/2020/06/09/announcing-linkerd-2.8/
======
Nullabillity
Do they support mandatory mTLS yet? That's a pretty big gotcha for something
that advertises itself as secure..

~~~
johntash
> Regardless of whether that communication happens within a cluster, across
> clusters within a datacenter or VPC, or across the public Internet, Linkerd
> will establish a connection between clusters that's encrypted and
> authenticated on both sides with mTLS.

I'm not familiar with linkerd, but that at least points to it supporting mTLS.
I'd assume/hope it's mandatory if it's enabled?

~~~
Nullabillity
Looks like the answer is still no, according to the caveats section..[0]

> Linkerd does not currently enforce mTLS. Any unencrypted requests inside the
> mesh will be opportunistically upgraded to mTLS. Any requests originating
> from inside or outside the mesh will not be automatically mTLS'd by Linkerd.
> This will be addressed in a future Linkerd release, likely as an opt-in
> behavior as it may break some existing applications.

[0]: [https://linkerd.io/2/features/automatic-mtls/#caveats-and-
fu...](https://linkerd.io/2/features/automatic-mtls/#caveats-and-future-work)

