►
From YouTube: Intro: Linkerd - William Morgan, Buoyant
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Intro: Linkerd - William Morgan, Buoyant
In this session, William Morgan and Linkerd maintainers, will provide an introduction to Linkerd and the service mesh model. We'll hear some lightning talks from current Linkerd production users, and finish with a brief Q&A.
https://sched.co/MPiG
A
A
If
you
could
just
lock
the
doors
at
the
back,
no
one
is
gonna
be
able
to
escape
here
until
you
have
successfully
installed
linker
D
on
your
laptop.
My
name
is
William
Morgan
I'm,
one
of
the
maintainer
of
linker
D,
mostly
my
maintainer
ship.
These
days
consists
of
editing
the
readme
and
sending
out
emails,
and
things
like
that.
So
I
don't
actually
write
a
whole
lot
of
code,
but
I've
been
involved
in
linker
D
since
the
very
beginning
of
the
project
and
I've
done
this
intro
session
at
almost
every
other.
A
Almost
every
cube
con
since
the
beginning
of
KU
con,
not
every
one,
but
almost
every
one
and
usually
I've
only
tried
to
make
it
a
little
different.
In
the
past,
we've
brought
up
community
members
and
had
them
do
lightning
talks
and
things
like
that.
The
feedback
that
I've
gotten
is
people
actually
want
an
introduction.
So
this
time
I'm
gonna
try
and
actually
do
an
introduction.
A
I'm
gonna
leave
a
bunch
of
time
at
the
end
for
Q&A,
because
I'm
sure
that's
gonna
be
good
questions
and,
let's
see
we
have
until
just
make
sure
I
have
the
timing
right.
So
we
have
until
12:30,
okay
great
great.
So
we
should
have
plenty
of
time
for
questions,
and
then
one
last
thing
I'll
point
out
is
that
this
slide
deck
is
a
very
modified
version
of
a
public
slide
deck
that
we
have,
that
we
give
out
to
anyone
who
is
doing
a
link
or
D
meetup
or
a
link
ReadyTalk.
A
A
Linker
D
was
the
very
first
service
mesh
project
and
the
first
project
to
coin
that
term,
and
so
very
early
on
and
I'll
go
through
the
history
in
a
second
early
on.
A
lot
of
this
kind
of
talk
was
describing
what
a
service
mesh
was
and
why
it
was
so
important
and
trying
to
convince
you.
This
was
a
nod
you
had
to
have
in
your
brain
nowadays
like
it's
a
different
kind
of
conversation,
so
I
don't
have
to
do
quite
as
much
evangelization
about
the
service
mission
concept.
A
I
have
to
do
a
lot
of
description
of
what
linker
D
is
so
linker.
D
is
also
a
CNC
F
project.
Hopefully
you
saw
the
the
keynote
earlier
this
morning.
Fun
fact
it
is
actually
the
only
CN
CF
service
mesh
project.
If
you
look
at
the
CN
CF
definitions,
there
are
related
projects,
but
there's
only
one
so
far,
that
is
a
service
mesh
we've
been
in
production
for
over
24
months,
a
very
healthy
community,
primarily
centered
around
the
slack
channel.
A
A
Okay,
I'll
try,
it
is
try
to
stay
focused,
I'm,
also
running
on
about
three
hours
of
sleep.
So
wish
me
luck
a
very
healthy
community
or
around
the
slack.
Channel
lots
and
lots
of
github
stars
which
does
have
you
all
know,
is
very
important.
Lots
of
contributors
and
we've
been.
We
have
a
crazy
cadence.
Recently,
we've
been
doing
almost
weekly
edge
releases
and
a
stable
release
about
every
six
weeks.
So
momentum
around
linker
D,
has
never
been
higher.
I
put
up
a
bunch
of
our
production
users.
A
So
there's
a
lot
more
out
there
and
fundamentally
laker
D
is
a
community
project,
so
it
is
a
it
is.
It
is
owned
and
created
and
contributed
and
run
by
you.
You
were
all
members
of
the
linker
D
community
by
being
in
this
room,
I
officially
anoint
you,
so
you
should
feel
ownership
of
linker
D
because
you
have
every
much
as
as
much
ownership
of
it
as
as
I
do
okay.
So
why
use
linker
D?
And
this
is
kind
of
the
service
mesh
value?
Props?
Okay.
A
A
So
what's
the
success
rate
of
my
service
and
what
is
the
latency
distribution
of
my
service
and
what's
the
throughput
in
like
requests
per
second
or
requests
per
minute
of
my
service
right,
there's
a
set
of
features
around
reliability,
so
retries
and
timeouts,
and
and
circuit
breaking
load
balancing
at
the
request
level.
Those
are
all
features
that
are
centered
around
making
the
system
more
reliable
and
then
there's
a
set
of
features
around
security
right.
A
So
things
like
the
transparent
mutual
TLS
that
we
saw
in
the
keynote
demo,
where
we
try
and
give
you
these
security
primitives.
You
know
without
you
having
to
do
a
lot
of
configuration
I'll
get
into
some
of
the
some
of
the
kind
of
strategy
behind
Lync
ready
in
a
second.
But
with
all
these,
with
these
three
value,
props
there's
something
really
interesting,
which
is
number
one.
The
service
Mesh
cannot
be
a
complete
solution
right
for
any
of
these.
So
it's
not
a
complete
security
solution.
Right,
there's
still
a
lot
more.
A
You
have
to
do
to
have
a
secure
system.
It's
not
a
complete
telemetry
system.
You
have
to
instrument
your
application.
You
have
to
do
things
like
tracing,
and
you
know
you
can't
just
offload
that
to
the
service
mesh.
It's
certainly
not
a
complete
reliability
solution,
because
the
application
has
to
have
to
do
a
bunch
of
other
work
to
make
the
system
as
a
whole
reliable,
but
the
the
distinction
is
linker.
A
D
can
grab
a
lot
of
that
functionality
out
of
the
application
and
bring
it
down
to
the
platform
layer,
and
that's
the
real
value
right
is
that
the
developers
no
longer
have
to
spend
their
precious
brain
juices
worrying
about
what
are
ultimately
platform
features
right.
So
what's
what
is
what
is
fundamentally
common
about?
All
of
these
features
is
kind
of
three
things
number
one.
A
A
If
you
do
something
naive,
you
end
up
in
a
very
complicated
and
difficult
situation
that
you
have
to
extract
yourself.
Out
of
distributed.
Systems
are
difficult
right,
especially
in
their
kind
of
aggregated
effects
and
then
feature
number
three.
All
of
these
features
that
I've
listed
here
work
best
when
they
are
applied
uniformly
over
everything
right,
so
something
like
mutual
TLS.
A
If
you
have
one
service
that
implements
that
well,
okay,
that's
great,
but
that
doesn't
get
you
very
much
if
you
really
want
the
value
of
that,
you
want
to
have
every
service
implement,
so
those
three
features
are
hallmarks
of
functionality,
that
is
ultimately
platform
functionality
and
the
value
of
the
service
mesh,
the
value
of
linker
D,
as
we
pull
that
stuff
out
of
the
application
and
put
it
in
the
hands
of
the
platform
owners
where
it
belongs.
That
makes
sense
so
far.
Okay,
all
right!
Okay,
we
created
the
service
mesh,
we
invented
it.
A
There
was
nothing
it
was
just
void
and
then
linker
D
came
and
it
was
like
a
blazing
light.
This
was
way
back
in
2016
was
the
very
first
version
of
linker
D,
the
history
of
linker
D
I'm,
not
gonna,
go
into
too
much
of
this,
but
I,
and
some
of
the
other
link
to
D
creators
were
engineers
at
Twitter
and
Twitter
went
through
this
whole
microservices
decomposition
we've
written
about
this.
So
you
can.
You
can
read
about
it
online.
A
But
it's
built
on
the
Twitter
stack,
so
it's
built
on
the
JVM
and
finagle
and
Metty
and
Scala,
and
it
is
rich.
It's
very
rich.
It's
also
difficult
to
learn,
and
then
there's
the
2x
stuff
and
most
of
what
I'm
going
to
be
talking
about
is
two
decks,
because
that's
where
most
of
our
energy
goes
these
days,
which
has
been
rebuilt
from
scratch
on
and
on
rust,
and
it's
very,
very
kubernetes
specific,
so
2x
right
now
still
playing
a
bit
of
feature
catch
up
with
one
dot,
X
and
also
very
kubernetes
specific.
A
We
will
get
there
eventually
will
support
the
world
outside
of
kubernetes
if
that
world
even
exists
in
another
year,
we'll
get
there.
But
if
you're
looking
at
the
feature
matrix,
we're
still
catching
up
with
the
reason,
why
has
so
much
energy
behind
it,
of
course,
is
because
it's
much
faster
and
much
smaller
and
much
lighter
weight.
Ok,
that's
kind
of
the
design
goals.
A
X
and
I
know
that
the
very
first
question
that
someone
is
going
to
ask
is:
what's
the
difference
between
linker
D
and
sto
and
I
will
answer
that,
even
though
it
pains
me
inside
I
will
wait
for
you
to
ask
that
and
then
I
will
answer
it
and
it's
going
to
come
back
to
these
design
goals.
Ok,
so
the
design
goals
for
2x
are
we
wanting
to
make
it
so
it
just
works.
If
you
have
a
functioning
kubernetes
application
and
you
install
linker
T,
the
application
should
continue
to
function.
A
Right
turns
out,
that's
actually
hard
to
do
and
you
should
get
there
without
having
to
spend
hours
weeks,
configuring
things,
and
that
was
actually
a
problem
with
linker
D.
What
not
X
it
was
very
rich,
but
you
had
to
learn
a
lot
of
stuff.
We
wanted
to
make
linker
t2
very,
very
fast
and
very,
very
small.
Ok
right,
you
should
introduce
the
bare
minimum
of
cost
if
you're
adapting
the
service
mention.
There's
that's
that's
a
theme
throughout
this
and
finally,
we
wanted
to
make
it
understandable.
Sometimes
we
call
this
simple.
A
This
is
actually
the
hardest
thing
and
wanted
to
make
it
so
that
you
is
the
operator
of
the
service
mesh
you've
already
installed,
kubernetes
you're
already
swimming
in
api's
and
CR
DS,
you've
added
a
lot
of
kind
of
cognitive
overhead
to
your
system
with
linker
D.
We
wanted
to
minimize
the
additional
cognitive
burden
that
we're
placing
on
you,
because
our
primary
audience
for
linker
D
is
the
operator.
A
This
is
a
platform
owner,
it's
a
person
who
actually
has
to
wake
up
if
this
thing
breaks
at
three
of
them
right
and
that
can
be
either
a
very
complicated
difficult
system
or
it
can
be
a
very
simple
system.
That's
easy
to
reason
about
so
simple,
simple
doesn't
always
mean
easy,
simple
means
understandable
and
clear
and
introspect
able
all
right.
So
I'm
gonna
show
the
architecture,
diagram,
I
think
in
a
very
next
slide,
just
making
sense.
So
far,
am
I
inspiring
you
with
the
vision
of
this
magnificent
project?
A
Oh
my
god,
wow
I've
never
seen
a
project
like
this
before
all
right,
so
the
data
plane
and
I'll
show
you.
The
diagram
in
a
second
data.
Plane
is
written
in
rust
and
it
is
called
simply
linker
D
proxy.
That's
in
the
linker
d2
proxy
repo,
the
control
plane
is
written
in
go
and
the
data
plane
proxies
are
super
super
fast
and
super
small.
There's
all
this
cool
stuff.
A
We
can
do
in
rust
to
make
them
really
memory
safe
and
and
all
that
you
know
a
bunch
of
other
things
that
I
kind
of
half
understand
the
control
plane
in
go
has
much
more
relaxed
requirements.
Around
latency
goes
pretty
fast,
but
is
not
as
fast
as
rust
has
much
more
relaxed
requirements
around
latency
and
it's
a
lot
easier
to
get
involved
in
a
go
project
than
it
is
to
get
involved
in
a
rust
project.
A
In
my
humble
opinion-
and
it's
also
a
pretty
natural
fit
for
us,
because
the
kubernetes
ecosystem
is
very
ghost
centric,
so
there's
a
lot
of
libraries
and
things
that
we
can
kind
of
make
use
of
in
the
control
plane.
Okay.
So
if
you
draw
it
out,
I
said
this
was
simple
denied.
Okay,
so
if
you
draw
it
out,
just
look
at
the
the
blue
boxes:
it's
not
that
bad!
So
the
bottom
bit
is
the
data
plane.
A
Okay,
and
this
is
similar
to
the
way
that
most
service
meshes
operate,
not
all
of
them,
but
most
of
them,
which
is
you
have
your
application?
Okay,
that's
that's
your
your
service
logic
right!
That's
like
one
container
and
then
the
blue
thing
is
a
pod
around
that
and
we
insert
that
proxy
in
there
and
we
do
it
in
this
magic
way.
Where
you
know
you
don't
have
to
worry
about
all
the
stuff.
We
do
some
iptables
magic
to
wire.
A
Oh,
yes,
some
iptables
technology
not
magic
to
wire
up
all
TCP
traffic
so
that
everything
coming
and
going
from
the
application
container
goes
through
the
proxy
okay
and
then
that
proxy
is,
as
you
expect
you
know,
is
practicing
all
of
that
traffic
and
it's
also
communicating
with
the
control
plane.
It's
sending
a
bunch
of
you
know
it's
asking
it
for
like
what
the
what
the
latest
policy
is
and
what
do
I
need
to
know
about
how
to
do
this,
and
then
the
control
plane
is
also
extracting
metrics
from
the
policy.
A
Sorry
from
the
from
the
proxy,
the
control
plane,
we
split
into
a
bunch
of
components
because
it
makes
sense
and
I'm
not
going
to
go
into
each
of
those,
but
you'll
notice
that
there
is
an
identity
component
in
there
that
was
featured
in
the
in
the
keynote.
That's
actually
a
little
certificate
authority
in
US,
generating
certs
and
and
distributing
them
to
the
proxies
that
there's
a
destination
service
which
is
doing
kind
of
talking
to
kubernetes
api,
and
you
know
asking
it
about.
A
Okay,
you
know
service
about
basically
service
discovery,
information
and
there's
some
other
components
in
there.
If
you
go
through
the
docs,
this
is
all
pretty
well
documented
on
linker
diva
io.
But
the
point
is
you:
have
a
data
plane
and
that
data
plane
sits
next
to
your
application,
has
to
be
really
fast
and
you
have
a
control
plane.
The
control
plane
sets
off
to
the
side.
That
makes
sense
so
far.
A
Okay,
very
coarse-grained
view
of
the
road
map,
so
linker
to
e
2.3,
was
released
last
month.
Yep,
that's
right
and
it
has
a
bunch
of
cool
features.
All
the
telemetry
stuff,
retries
timeouts,
auto
inject
the
TLS
stuff
on
mutual
TLS
on
by
default.
It's
all
0
config.
There
is
some
configuration
you
can
do
if
you
want
to
there's
something
very,
very
cool
called
service
profiles
that
you
can
enable
in
linker,
D
and
there's
a
whole
talk
about
them
later
today.
A
So
we'll
be
able
to
do
blue-green,
deploys
and
Canaries,
and
things
like
that,
you
can
kind
of
do
that
with
kubernetes
already
by
doing
label
flipping
on
pods,
but
you're,
restricted
to
pod
level
of
granularity,
and
that's
not
always
right
so
service
mesh
can
add
some
some
value
there
and
then
beyond
that
we're
gonna
start
getting
into
things
like
policy
right.
I
want
to
I
got
my
security
team.
A
They
want
to
allow
things
or
they
want
to
deny
things
they're,
always
denying
things
or
mesh
expansion,
which
is
how
do
I
get
the
data
plane
able
to
run
outside
of
kubernetes.
So
I
saw
the
control
plane
running
in
in
kubernetes,
but
now
I
can
start
expanding
the
beauty
of
the
mesh
to
my
legacy
systems
and
my
legacy
of
course
I
mean
not
kubernetes
and
then
there's
a
whole
bunch
of
other
cool
stuff
that
we
can
get
into.
But
again,
linker
D
is
a
community
project.
A
So
if
there's
something
that
you
want
in
it,
you
have
the
power
I
empower
you
as
members
of
the
linker
D
community
to
make
that
pull
request
and
we'll
walk
you
through
it.
Well,
do
the
review
we'll
do
a
nice
review
with
you
we're
very
friendly
okay,
so
at
coop
con
EU?
First
of
all,
if
you
have
been
to
the
to
the
expo
hall,
there
is
a
big
linker
D.
That's
not
that
big!
A
We
didn't
pay
that
much
money,
a
medium
to
small
sized
linker
D
booth,
a
lot
of
link
to
me,
maintainer
czar
hanging
out
there.
They
want
to
talk
to
you.
They
spend
all
day
these
poor
poor
people
spend
all
day
and
slack
just
getting
issues
and
bug
reports
thrown
at
them
they're
desperate
for
a
human
connection.
They
just
want
like
something
friendly,
so
go
make
their
day
by
saying
hi
to
them,
and
then
we
have
I
think
there's
over
ten
talks
related
to
linker
D
throughout
the
throughout
the
week.
A
A
A
A
So
you
can
pick
and
choose
whether
you
care
about
money
or
code
because
they
happen
at
the
same
time,
I'm
gonna
be
on
some
panels,
skip
that
this
boring
there's
a
bunch
of
other
interesting
talks
from
some
more
production
users,
and
then
there's
if
you
use
vs
code,
there's
a
really
cool
vs
code,
linker
D
integration
that
will
be
featured
as
part
of
this
talk
tomorrow
from
some
of
the
Microsoft
folks.
If
you
are
into
cool
observability,
auto-scaling
stuff
frederik,
one
of
the
Prometheus
maintainer
z'
will
be
pairing
with
siggy
who's.
A
One
of
the
link
to
be
maintainer
is
to
talk
about
Thanos
and
linker
D.
If
you
want
to
know
about
rust
or
about
gory
technical
details,
then
please
come
to
the
deep
dive
which
is
on
Thursday
and
then
finally,
that
the
the
service
profiles
thing
that
I
talked
about
early
on.
You
can
come
talk
to
Alex
or
come
see.
Alex's
talk
about
that
when
service
profiles
allow
you
to
do
I'll
I'll,
give
you
the
one-line
summary.
So
maybe
you
can
decide
you
don't
want
to
see
this.
A
Is
they
allow
you
to
give
linker
D
information
about
your
service,
including?
What
are
the
paths
or
whether
the
routes
that
it
expects
and
then
linker
D
can
start
doing
stuff
with
those
routes?
For
example,
you
can
give
you
route
based
metrics,
so
we
can
say:
oh
what's
the
success
rate,
not
on
my
service
as
a
whole.
What
is
the
success
rate
of
slash?
You
know,
get
slash
users
/.
You
know
whatever
some
route,
some
GRP,
let's
call
it.
A
Okay,
so
I'm
gonna
go
back
here,
so
yeah
feel
free
to
type
that
link
into
your
browser.
We
also
on
Saturday,
a
very
friendly
company
called
kinfolk,
which
some
of
you
may
have
encountered
before
did
same.
Did
some
linker
D
benchmarking,
and
so,
if
you
want
to
know
what
the
cost
of
adding
the
service
mesh
to
your
system
is,
then
either
type
this
URL
in
by
hand
or
just
search
for
link
or
deke
invoke,
or
something
like
that.
A
A
Okay
and
then
that's
really
it
we
have
15
minutes
left
for
Q&A,
wow
I
hope
you
have
some
questions.
First,
let
me
say
before
we
before
we
start
doing
questions
everything
in
linker.
D
is
open
source.
Everything
is
happening
on
github.
All
the
roadmap
stuff
is
up
on
github.
Well,
I
should
say
anything,
that's
not
happening
and
get
up
is
happening
in
slack
so
hop
into
either
of
those
we
do
have
some
formal.
A
We
do
have
mailing
lists
where
we
kind
of
send
announcements
to,
for
whatever
reason
everyone
likes
talking
on
slack
and
no
one
likes
talking
on
the
mailing
list,
so
make
of
that.
What
you
will
we
have
a
really
friendly
welcoming
community.
Like
said
link,
Rd
is
a
community
project
and
you
were
all
members
of
that
community
so
feel
free
to
hop
in
and
with
that.
Why
don't
I
open
up
open
it
up
to
questions?
A
That
was
not
the
correct
first
question.
Okay,
so
Jamie
asked
to
what
extent
has
Twitter
implemented
linker
D
2.0
in
the
stack
and
that's
actually
a
very
easy
question.
The
extent
is
zero.
They
are
very
much
invested
in
their
finagle
based
JVM
based
stack,
I
have
been
out
of
Twitter
for
nigh
upon
five
years.
A
Half
a
decade,
so
I
only
know
what
I
see
from
the
outside,
but
they
continued
to
be
investing
heavily
in
what
something
that's
much
closer
to
the
1x
stack
of
an
angle,
neti
JVM
and
doing
that
stuff
in
process,
so
they're
also
very
heavily
invested
in
in
maize
O's
they're,
starting
to
adopt
kubernetes.
That
may
be
news
to
some
of
you
they're
starting
in
that
direction.
That's
that's
public,
but
that's
where
they
are
all
right.
A
You
know
why
you
asked
that
question
and
I'll
try
and
answer
it
in
a
way
that
does
not
involve
me
speaking
for
Christy,
oh
I,
think
so
the
goals,
the
value
props,
let's
say,
of
the
two
projects-
are
the
same
right
or
at
least
very,
very
similar
right
that
early
slide
that
I.
That
I
showed
around
visibility
and
observability
visibility
and
security
and
reliability.
You
could
almost
take
that
same
slide
and
apply
it.
A
This
to
you,
I
had
some
cool
screenshots
in
there
that
you
know
you'd
have
to
replace
with
less
cool
screenshots,
but
there
was
value
processor
kind
of
the
same.
In
my
view,
the
difference
is
really
a
difference
in
focus
so
for
us
that
focus
on
operational
simplicity
is
the
thing
that
is
paramount
and
linker
DS
design,
and
it
means
that
we
do
that
at
the
expense
of
features
and
I
think
the
trade-off.
My
impression
is,
the
trade-off
is
the
other
way
in
Sto.
A
So
for
us
we
would
rather
have
something
that
is
simpler
and
that's
easier
to
reason
about,
even
if
it
means
we
have
to
be
slower
on
features
or
we
have
to
sacrifice
features
then
do
it
the
other
way
around
and
I.
Think
that's
the
fundamental
difference.
I
would
ask
that
same
question
to
a
nice
SEO
person.
You
might
get
a
different
answer,
but
that's
that's
my
view.
A
A
A
A
404S,
okay
and
then
I'll.
Look
at
the
kubernetes
dashboard
and
everything
is
green
and
I'll
say
look.
This
is
not
a
problem
with
kubernetes.
Kubernetes
just
doesn't
know
anything
about
the
traffic.
You
know
kind
of
the
the
layer
7
semantics
of
okay
is
this.
A
five
hundred
is
a
four
hundred
years
is
a
two
hundred
and
coup
brands
should
not
know
about
that.
So,
in
my
opinion,
they
they
play
nicely
together.
You
know,
and
a
lot
of
that
is
intentionally,
but
they
really
focus
on
different
parts
of
the
stack.
So
thank
you
for
that
question.
A
Okay,
at
the
very
very
back
you
might
have
to
yell
I,
couldn't
hear
that
I'm
sorry
UDP
support.
Are
we
planning
UDP
support
in
linker
T
I'm,
not
against
it
in
principle,
but
it's
not
currently
on
the
roadmap
there's
already
so
much
stuff.
We
have
to
do
with
TCP,
but
there's
no
reason
a
priori.
Why
we
couldn't
do
that.
So,
if
that's
something
that's
interesting
to
you,
it'll
involve
little
rust
programming,
but
it
could
be
pretty
cool.
A
Yeah
good
question,
so
the
question
was:
there's
a
lot
of
service
mesh
discussion
and
technology
and
documentation
around
HTTP.
You
know
and
and
I
think
by
extension,
HB,
2
and
gr
PC.
What
about
queuing?
What
about
Message
Queuing?
There's?
No
reason
why
the
service
mesh
cannot
extend
to
that.
It's
not
the
starting
point
because
well
for
a
variety
of
reasons,
but
that's
a
pretty
natural
extension,
some
of
the
stuff
that
linker
D
does
that
that's
very
good
at
for
HTTP
requests
doesn't
make
as
much
sense
for
something
like
Kafka.
You
know
like
we're.
A
A
Yeah,
that's
a
great
question
and
I
didn't
even
talk
about
any
of
this
stuff.
So
the
question
was
what,
if
you're
using
data
dog
for
monitoring
like
how
does
that
integrate
with
with
linker
D
and
so
I
skipped
over
this
entire
thing.
But
let's
go
back
to
the
architecture,
diagram
and
you'll
notice
that
in
here
we
have
a
little
Prometheus
instance
up
there.
Okay,
so
that
Prometheus
instance
what's
happening
is
it
is
talking
to
each
of
the
linker
D
proxies
and
it's
extracting
their
metrics
and
it's
aggregating
them.
A
Okay,
and
if
you
are
familiar
with
linker
d1
you'll
know
that
this
is
a
big
difference,
because
in
linker
d1x
we
expose
those
metrics,
but
it
was
kind
of
up
to
you
to
do
anything
with
them.
So
now
we're
actually
able
to
aggregate
them
for
you,
but
by
design
we
keep
that
from
e
theist,
instanc,
really
really
small.
We
time
limit
it
I
think
it's
somewhere
between
I
think
it's
six
hours,
but
it
might
be
two
hours
in
the
future.
Thank
you
six
hours
and
it
is
a
it's
a
temporary
place.
A
It's
like
going
to
jail
before
you
go
to
prison
or
prison
before
you
do
I,
don't
know
which
happens.
First,
you
need
to
get
metrics
out
that
you
need
to
put
them
somewhere
real
and
that's
where
data
dot
comes
in.
So
if
you're,
using
data
dog
I
would
use
a
data
dog
too
Prometheus
adaptor
and
suck
all
the
metrics
out
of
link,
reduce
Prometheus
and
throw
them
right
into
data
dog
yeah
and
if
you're
using
another
system,
almost
everything
has
Prometheus
adapters.
So
that's
that's
how
you
get
it
out!
Yeah!
A
A
Is
it
reasonable
to
use,
link
or
D
if
you
have
a
RabbitMQ
connection,
so
I
think
that's
very
related
to
the
the
Kafka
question
before
right
now,
if
you
use
it
today,
we
will
treat
the
linker
D,
we'll
treat
that
as
a
TCP
stream
and
so
we'll
give
you
like
byte
level
metrics,
which
you
know
is
something
and
we'll
we
can
encrypt
for
you.
That's
something
I
think
it'll
be
improved
if
we
had
zero
MQ
protocol
support,
just
like
the
Kafka
level
protocol
support.
So
yes,
it's
reasonable,
there's,
probably
some
more
work.
A
Does
it
support
databases,
yeah
so
very
similar
answer
to
the
zero
M
cubed
question
or
the
RabbitMQ
question,
which
was
great,
maybe
they'll
be
quiet
or
not?
How
come
you
guys
did
not
applaud
with
such
vigor
when
I'm
done
with
questions,
I'm
gonna
ask
for
like
a
really
rousing
ovation
and
then
we'll
show
them
who
had
the
better
talk
so
yeah
the
same
same
same
story
right
now.
We
will
proxy
it
we'll
treat
it
as
a
TCP
stream.
A
We
don't
understand
the
protocol,
so
maybe
we
will
do
TLS,
but
we
won't
be
able
to
break
things
into
like.
Oh
this.
You
know
this
many.
We
can't
give
you
like
latency
metrics,
on,
like
the
sequel,
queries
or
anything
like
that.
If
we
add
my
sequel
support,
add
protocol
support,
then
we'll
be
able
to
do
that.
That's
actually
a
little
more
complicated,
because
my
sequel
is
a
stateful
protocol
and
there's
like
this
notion
of
connection
level
State.
A
A
That
is
an
excellent
question.
Can
linker
D
be
enabled
selectively?
Unfortunately,
link
D
can
only
be
installed
across
your
entire
company
all
at
once,
or
you
don't
get
it
at
all
yeah
you
can
and
you
can
so
there's
two
phases
to
installation.
You
know
the
other
thing.
I
should
point
you
to
I'm
gonna
answer
that
question
by
by
way
of
showing
you
this
website
called
linker
di
o.
If
you
go
here
and
you
click
on
get
started,
okay,
it's
gonna.
A
Ask
you
to
choose
your
platform
like
I
said:
2x
only
supports
kubernetes,
so
you
gotta,
you
click
on
that
and
then
we'll
give
you
a
bunch
of
commands
for
how
to
install
it.
And
basically
you
know
you
install
the
CLI
okay
and
then
you
install
the
control
plane,
okay
and
that
control
plane
is
gonna,
sit
in
a
namespace,
but
it's
not
gonna.
A
Do
anything
until
you
add
a
service
until
you
add
the
data
plane
to
a
service
and
adding
the
data
plane
to
a
service
which
means
injecting
the
sidecar
proxies
can
be
done,
one
service
at
a
time,
potentially
even
one
pod.
At
a
time,
though,
usually
it's
one
service
at
a
time,
so
we
try
and
make
it
we
to
answer
your
question.
We
try
and
make
it
very
easy
to
be
incremental
about
it,
because
we
don't
want
the
service
mesh
to
be
in
all-or-nothing
proposition
all
right.
A
A
A
Can
you
selectively
enable
lincolni
on
just
some
number
of
pods
Oh
ports,
Oh
ports,
you
can
with
a
little
bit
of
so
this?
You
actually
have
to
do
a
little
configuration
so
I
apologize
you'll
be
violating
our
zero
config
goal,
but
you
can
tell
linker
D
not
to
sorry.
You
can
tell
I
believe
you
can
tell
it
to
exclude
certain
port
ranges.
If
you
want
to
okay
and
then
frowny
two-part
question
I
see
why
you
were
frowning.
A
A
That's
a
great.
This
is
a
great
setter
question.
You
guys
are
gonna
like
this.
Okay,
so
number
one.
Why
was
M
TLS
turned
on
by
default
in
linker,
D
2.3?
Was
that
a
request
from
customers?
No,
it
was
a
philosophical
decision,
which
is
that
security
should
be
free.
Man,
like
you,
shouldn't,
have
to
do
a
bunch
of
complicated
to
get
the
security.
A
You
should
just
get
it
right
and,
like
obviously,
link,
could
he's
not
a
complete
security
solution
by
any
means,
but
to
the
extent
that
we
can
democratize
access
to
all
this
stuff,
you
know
we
should
you
should
just
have
that.
There's
no
reason
so
the
way
I
look
at
it
is.
You
know
every
time
I
use
my
web
browser
I'm
talking
to
a
website
I'm.
Looking
at
cat
pictures
on
reddit
like
I,
got
a
green,
lock,
icon
and
I'm
not
doing
any
work
right.
That's
for
cat
pictures.
A
So
how
come
my
application,
which
is
you
know,
processing
like
credit
card
numbers
and
Social
Security
numbers,
hopefully
both
at
the
same
time?
How
come
that's
not
encrypted?
How
come
I?
Don't
have
a
green,
lock,
icon
there,
so
I
want
to
give
you
that
green,
lock
I.
So
that
was
a
philosophical
decision
and
then
the
second
part
of
this
incredible
two-part
question
was
what
happens
if
you
have
key
less
on
by
default,
but
then
you
deploy
linker
D
incrementally
this
is
like
you're
combining
your
own
question
with
someone
else's
question.
A
That's
a
really
good
question
meta
question.
The
answer
is
right.
Now
in
lincolni
we
do
not
enforce
TLS
communication.
So
if
you
are
making
a
connection
to
a
destination
that
does
not
have
a
linker,
D
TLS
enabled
proxy
another
us
on
the
other
side,
we
allow
that
to
happen
and
you
get
an
unencrypted
connection,
because
it's
either
that
or
we
have
to
like
to
start
breaking
things
right.
A
So
in
the
balance
between
keeping
things
working
and
being
a
complete
security
solution,
we
are
erring
on
the
side
of
keeping
things
working
now,
I
think
there's
a
later
stage
in
which
we
add
more
policy.
Where
we
say
you
know
you
can
enforce
TLS
and
like
if
you
don't
make
a
TLS
connection,
then
you
get
denied,
and
but
that
is
I
see
that
as
a
later
stage
concern
right
now,
it's
more
important
to
get
get
people
more
than
what
they
have
now.
Even
if
it's
not
always,
you
know
a
hundred
percent,
perfect.