This repo contains the transparent proxy component of Linkerd2. While the Linkerd2 proxy is heavily influenced by the Linkerd 1.X proxy, it comprises an entirely new codebase implemented in the Rust programming language.
This proxy's features include:
- Transparent, zero-config proxying for HTTP, HTTP/2, and arbitrary TCP protocols.
- Automatic Prometheus metrics export for HTTP and TCP traffic;
- Transparent, zero-config WebSocket proxying;
- Automatic, latency-aware, layer-7 load balancing;
- Automatic layer-4 load balancing for non-HTTP traffic;
- Automatic TLS (experimental);
- An on-demand diagnostic
This proxy is primarily intended to run on Linux in containerized environments like Kubernetes, though it may also work on other Unix-like systems (like macOS).
The proxy supports service discovery via DNS and the linkerd2
Destination gRPC API.
The Linkerd project is hosted by the Cloud Native Computing Foundation (CNCF).
Building the project
Makefile is provided to automate most build tasks. It provides the
make build-- Compiles the proxy on your local system using
make clean-- Cleans the build target on the local system using
make test-- Runs unit and integration tests on your local system using
make test-flakey-- Runs all tests, including those that may fail spuriously
make package-- Builds a tarball at
PACKAGE_VERSIONis not set in the environment, the local git SHA is used.
make docker-- Builds a Docker container image that can be used for testing. If the
DOCKER_TAGenvironment variable is set, the image is given this name. Otherwise, the image is not named.
This project is broken into many small libraries, or crates, so that components may be compiled & tested independently. The following crate targets are especially important:
linkerd2-proxycontains the proxy executable;
linkerd2-app-integrationcontains the proxy's integration tests;
linkerd2-app-outboundcrates so that they may be run by the executable or integration tests.
Code of conduct
This project is for everyone. We ask that our users and contributors take a few minutes to review our code of conduct.
We test our code by way of fuzzing and this is described in FUZZING.md.
A third party security audit focused on fuzzing Linkerd2-proxy was performed by Ada Logics in 2021. The full report is available here.
linkerd2-proxy is copyright 2018 the linkerd2-proxy authors. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use these files except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.