• Stars
    star
    521
  • Rank 84,952 (Top 2 %)
  • Language
    Rust
  • License
    Apache License 2.0
  • Created almost 8 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A TCP/TLS load balancer for Linkerd 1.x.

linkerd-tcp

A TCP load balancer for the linkerd service mesh.

Status: beta

CircleCI

Features

  • Lightweight, native TCP and TLS load balancer built on tokio.
    • Weighted-least-loaded P2C load balancing.
    • Minimal resource utilization: typically <.5 cores with ~2MB RSS.
  • Tightly integrated with the linkerd service mesh.
    • Supports endpoint weighting (i.e. for "red line" testing).
  • Modern Transport Layer Security via rustls:
    • TLS1.2 and TLS1.3 (draft 18) only.
    • ECDSA or RSA server authentication by clients.
    • RSA server authentication by servers.
    • Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves.
    • AES128-GCM and AES256-GCM bulk encryption, with safe nonces.
    • Chacha20Poly1305 bulk encryption.
    • ALPN support.
    • SNI support.

Quickstart

  1. Install Rust and Cargo.
  2. Run namerd. ./namerd.sh fetches, configures, and runs namerd using a local-fs-backed discovery (in ./tmp.discovery).
  3. From this repository, run: cargo run -- example.yml

We ❤️ pull requests! See CONTRIBUTING.md for info on contributing changes.

Usage

linkerd-tcp 0.1.0
A native TCP proxy for the linkerd service mesh

USAGE:
    linkerd-tcp <PATH>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

ARGS:
    <PATH>    Config file path

Example configuration

# Administrative control endpoints are exposed on a dedicated HTTP server. Endpoints
# include:
# - /metrics -- produces a snapshot of metrics formatted for prometheus.
# - /shutdown -- POSTing to this endpoint initiates graceful shutdown.
# - /abort -- POSTing to this terminates the process immediately.
admin:
  port: 9989

  # By default, the admin server listens only on localhost. We can force it to bind
  # on all interfaces by overriding the IP.
  ip: 0.0.0.0

  # Metrics are snapshot at a fixed interval of 10s.
  metricsIntervalSecs: 10

# A process exposes one or more 'routers'. Routers connect server traffic to
# load balancers.
routers:

  # Each router has a 'label' for reporting purposes.
  - label: default

    # Each router is configured to resolve names.
    # Currently, only namerd's HTTP interface is supported:
    interpreter:
      kind: io.l5d.namerd.http
      baseUrl: http://localhost:4180
      namespace: default
      periodSecs: 20

    servers:

      # Each router has one or more 'servers' listening for incoming connections.
      # By default, routers listen on localhost. You need to specify a port.
      - port: 7474
        dstName: /svc/default
        # You can limit the amount of time that a server will wait to obtain a
        # connection from the router.
        connectTimeoutMs: 500

      # By default each server listens on 'localhost' to avoid exposing an open
      # relay by default. Servers may be configured to listen on a specific local
      # address or all local addresses (0.0.0.0).
      - port: 7575
        ip: 0.0.0.0
        # Note that each server may route to a different destination through a
        # single router:
        dstName: /svc/google
        # Servers may be configured to perform a TLS handshake.
        tls:
          defaultIdentity:
            privateKey: private.pem
            certs:
              - cert.pem
              - ../eg-ca/ca/intermediate/certs/ca-chain.cert.pem

    # Clients may also be configured to perform a TLS handshake.
    client:
      kind: io.l5d.static
      # We can also apply linkerd-style per-client configuration:
      configs:
        - prefix: /svc/google
          connectTimeoutMs: 400
          # Require that the downstream connection be TLS'd, with a
          # `subjectAltName` including the DNS name _www.google.com_
          # using either our local CA or the host's default openssl
          # certificate.
          tls:
            dnsName: "www.google.com"
            trustCerts:
              - ../eg-ca/ca/intermediate/certs/ca-chain.cert.pem
              - /usr/local/etc/openssl/cert.pem

Logging

Logging may be enabled by setting RUST_LOG=linkerd_tcp=info on the environment. When debugging, set RUST_LOG=trace.

Docker

To build the linkerd/linkerd-tcp docker image, run:

./dockerize latest

Replace latest with the version that you want to build.

Try running the image with:

docker run -v `pwd`/example.yml:/example.yml linkerd/linkerd-tcp:latest /example.yml

Code of Conduct

This project is for everyone. We ask that our users and contributors take a few minutes to review our code of conduct.

License

Copyright 2017-2018 Linkerd-TCP authors. All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use these files except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Repositories

1

linkerd2

Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
Go
9,729
star
2

linkerd

Old repo for Linkerd 1.x. See the linkerd2 repo for Linkerd 2.x.
Scala
5,333
star
3

linkerd2-proxy

A purpose-built proxy for the Linkerd service mesh. Written in Rust.
Rust
1,978
star
4

linkerd-examples

Examples of how to configure and run linkerd
Go
428
star
5

linkerd-viz

Top-line service metrics dashboard for Linkerd 1.
Shell
111
star
6

linkerd2-proxy-api

A service mesh for Kubernetes and beyond. gRPC API bindings repo for Linkerd 2.x.
Rust
81
star
7

tacho

A Futures-aware metrics library for recording statistics about your running system.
Rust
66
star
8

linkerd-await

A program that blocks on linkerd readiness
Rust
65
star
9

website

Source code for the linkerd.io website
JavaScript
44
star
10

linkerd2-proxy-init

Init container that sets up the iptables rules to forward traffic into the Linkerd2 sidecar proxy
Go
36
star
11

namerctl

A utility for controlling namerd
Go
30
star
12

linkerd-zipkin

linkerd telemeter plugins for writing trace data to zipkin
Scala
28
star
13

linkerd-failover

Linkerd Failover Operator
Rust
26
star
14

k8s-gateway-api-rs

Rust bindings for the Kubernetes Gateway API
Rust
22
star
15

linkerd-smi

SMI (Service Mesh Interface) extension for Linkerd 2.x
Go
22
star
16

polixy

Linkerd Policy Prototype
Rust
14
star
17

linkerd-inject

For transparent proxy injection
Go
14
star
18

drain-rs

A crate that supports graceful shutdown
Rust
11
star
19

linkerd2-mock-dst

A mock version of the Linkerd 2 Destination service, for testing purposes.
Rust
6
star
20

rfc

Architectural proposals related to Linkerd.
Shell
4
star
21

gsoc

The home of GSOC or the Linkerd project.
4
star
22

dev

Development tooling for Linkerd repositories
Dockerfile
4
star
23

linkerd2-ci-metrics

CI reports
Go
2
star
24

docs-archive

2
star
25

linkerd2-action-gcloud

Github action for configuring the gcloud CLI and optionally create/destroy GKE clusters on-demand
JavaScript
2
star
26

rustup-nightly-docker

A base docker image with rustup. Mostly for CI.
2
star
27

linkerd-extension-init

A utility for initializing Linkerd extension namespaces after installation
Rust
1
star
28

linkerd2-conformance

A Conformance Validation tool for Linkerd 2.X
Go
1
star