Most service meshes use Envoy as a sidecar proxy but that doesn't seem to be the default option for Linkerd. We are already using Envoy as ingress and don't really want to add a new proxy into the mix. Can we use Linkerd with Envoy?
Most service meshes use Envoy as a sidecar proxy but that doesn't seem to be the default option for Linkerd. We are already using Envoy as ingress and don't really want to add a new proxy into the mix. Can we use Linkerd with Envoy?
I've heard this question asked a few times, and I think there are two questions here:
The answer to the first question is that you can definitely use Linkerd with Envoy as the Ingress controller. Ambassador and Contour are two examples of open source projects that use Envoy as the proxy for routing Ingress traffic.
Integrating Linkerd with any ingress controller requires some configuration that is specific to each of the ingress controllers. You also want to make sure that the Pod that runs the ingress controller container is injected with the Linkerd proxy so that the traffic between the ingress controller and the service workloads is part of the Linkerd service mesh.
The answer to the second question, which is the one that I think you're asking is that Linkerd provides its own proxy out of the box named linkerd2-proxy that is purpose built for managing microservice workloads within Kubernetes. The Linkerd control plane provides API endpoints and is designed to work with the linkerd2-proxy, so Envoy won't work out of the box.
That being said, Linkerd is an open source project and you could theoretically write an adapter between the Linkerd control plane components and the Envoy XSD API. Off the top of my head, I can't think of a common use case where the effort in building this adapter would bring additional value to Linkerd.
There's a great blog post that was written by William Morgan that describes why the Linkerd team decided to write their own proxy instead of using Envoy. The tl;dr is that Envoy is a general purpose proxy, whereas the linkerd2-proxy is purpose built for handling microservices traffic in the most efficient an unobtrusive way possible.