From incubation-to-graduation: CNCF ‘graduates’ Linkerd service mesh

The Cloud Native Computing Foundation (CNCF) tells us that it’s on a mission.

That mission is to build not just cloud-native software, that part should be obvious, right? Its self-stated mission is a quest to build sustainable ecosystems for those cloud-native application instances that are brought to life.

For so-called ‘sustainable cloud’ envirobments to flourish, we (presumably) need to think about cloud projects that can be scaled up in size (and out, wider), connected more broadly to multi-hybrid-poly cloud instances, built to integrate with more complex datasets and engineered with more manageable API neurons… and with an ability to securely retire instances when they are end-of-life.

We could also suggest that sustainable cloud is also all about sustainability in the environmental/ecological sense, but to be that it needs to be technically sustainable first.

With that gargantuan task ahead of it then, the CNCF has announced the graduation of Linkerd. 


The CNCF denotes ‘graduation’ in this sense to mean any project or technology that has developed to a high enough degree to join mature cloud-native projects (such as Kubernetes, Prometheus and others) as fully established (and now more broadly supported) official CNCF projects and initiatives. 

To officially graduate from incubating status, Linkerd demonstrated the project maturity expected of a stable and well-established project, including rapidly-growing adoption and a commitment to a sustainable and inclusive community.

Linkerd was the first project to join the CNCF Sandbox, known as ‘inception’ at the time, and is now the first service mesh project to achieve graduated status.

According to the CNCF, Linkerd is a service mesh that provides critical observability, security and reliability features to cloud-native applications without requiring code changes. The project was created in 2016 by Buoyant and joined CNCF in early 2017 as the foundation’s fifth project. 

As TechTarget reminds us, “A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. It provides a method in which separate parts of an application can communicate with each other. Service meshes appear commonly in concert with cloud-based applications, containers and microservices.”

Linkerd It was the first service mesh project and the first CNCF project to adopt the Rust programming language to improve security and performance. Today, organizations like Microsoft, Nordstrom, Expedia, JPMC, Clover Health, Entain, H-E-B, and more rely on Linkerd to power mission-critical production systems.

Gotta have-a service mesh

According to the most recent Cloud Native Survey, 27% of organisations use a service mesh in production, a 50% increase over the previous year and another 42% are evaluating or planning to use one. 

Users and proponents claim that Linkerd’s user base has continued to grow, predominately by word of mouth and by dint of its simplicity and performance.

“Service mesh has been arguably one of the fastest growing areas of cloud-native technology and Linkerd has been leading that charge since it helped kickstart the service mesh movement,” said Chris Aniszczyk, CTO of the Cloud Native Computing Foundation. 

“As organisations make the move to cloud-native, traffic management, observability and security become a critical part of the infrastructure. It’s been exciting to watch Linkerd grow and adapt to ever-changing industry needs and pave the way for a growing ecosystem of service mesh and proxy-related projects,” added Aniszczyk.

Oliver Gould, creator of Linkerd and CTO of Buoyant says that his team’s mission is to bring simplicity and user empathy to the service mesh space. 

“While we’ve made controversial technology decisions – adopting Rust instead of C++, building a service-mesh-specific ‘micro-proxy’ rather than using a generic proxy, focusing on Kubernetes rather than building abstraction layers – these decisions have been validated time and again by our global community of operators who have bet on this vision,” said Gould.

Roadmap, audits & fuzz testing

The Linkerd team says it is working on an extensive roadmap, including server and client-side policies, ‘mesh expansion’ to allow the Linkerd data plane to operate outside of Kubernetes and more. 

In keeping with the project’s focus on simplicity, performance and end-user experience, these features will be developed to minimise overhead and operational complexity for the user.

The project performs yearly third-party security audits and recently added proxy fuzz testing to its production tests.

As explained here, Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks. It involves inputting massive amounts of random data, called fuzz, to the test subject in an attempt to make it crash. 

Linkerd features a path to maintainership, a steering committee comprising production end users and a public commitment to open governance. 

Data Center
Data Management