Linkerd is a service mesh for Kubernetes and the project that coined the term. Rather than installing the Envoy proxy next to every pod as Istio does, Linkerd ships its own data-plane proxy, linkerd2-proxy, written in Rust on Tokio and scoped to the mesh’s exact feature set — HTTP/1, HTTP/2, gRPC, raw TCP, mTLS, and per-route metrics.
The control plane is a handful of Go services — destination, identity, and proxy-injector — that hand out endpoints, issue short-lived TLS certificates per workload identity, and mutate pods at admission time to add the proxy sidecar. mTLS is on by default, and the identity component acts as an in-cluster CA rooted in a trust anchor you provide. Telemetry is exposed as Prometheus metrics directly by each proxy, and the linkerd viz extension bundles Prometheus, Grafana, and a web dashboard. Multi-cluster support works by mirroring services between clusters and tunnelling traffic through gateway pods with mTLS end-to-end.
Linkerd was the first CNCF service mesh and graduated in 2021. It competes with Istio, Consul Connect, and Kuma, and its pitch is operational simplicity and a much smaller resource footprint per proxy thanks to the purpose-built Rust data plane.