The Linkerd project has recently become a graduated project in the CNCF, joining the ranks of mature cloud-native projects such as Kubernetes, containerd, etcd, Envoy, and Prometheus. Linkerd is a high-performance service mesh that allows application developers to easily build, deploy, and manage distributed and containerized applications on Kubernetes. It was the first service mesh project and the first CNCF project to adopt the Rust programming language to improve security and performance.
Linkerd manages and monitors its microservice applications unintrusively from the outside. It does not require application developers to write additional code to specifically interface with Linkerd. The "any language any framework" approach is very important for a portable service mesh. Linkerd has three components.
- The UI allows developers and IT ops to monitor and interact with the service mesh.
- The control plane integrates services that provide application security, monitoring, reporting, etc.
- The data plane defines a sidecar framework for running microservice applications. A key component for the data plane is the Linkerd2-proxy, which manages API traffic to the microservice application.
One of the most interesting aspects of Linkerd that differentiates it from other service mesh products is the Rust-based Linkerd2-proxy. Rust has made Linkerd significantly faster and lighter than other service mesh solutions.
"We chose Rust for Linkerd's proxy because we were unwilling to compromise on either performance or security for our users," said William Morgan, one of the creators of Linkerd.
There is no reason in the modern-day for anyone to introduce new C or C++ code to the world, especially at the service mesh data plane layer which must process incredibly sensitive customer data. Using Rust allows Linkerd to not just be faster and lighter than any other service mesh, but also, in a very fundamental way, to be more secure.
The cloud-native software infrastructure is traditionally dominated by the Golang programming language. Most large cloud-native projects, including Docker and Kubernetes, are written in Golang. In fact, the control plane of Linkerd is also written in Golang. However, in recent years, Rust has gained popularity as the programming language for software infrastructure.
One of the most unique features of Rust is that it focuses on forcing developers to write "correct" code instead of trying to accommodate potential issues at runtime. For example, Rust ensures memory safety through language constructs like lifetimes. The correctness of the code is checked and guaranteed by the Rust compiler. That means a native client (NaCl) or WebAssembly (Wasm) binary application compiled from Rust is free from memory safety issues and can run directly on the operating system.
In contrast, applications developed in Golang and Java must run inside runtimes that manage memory allocations (eg Garbage Collection), which could be very large and slow. As a result, Rust supports modern and highly abstract language syntax, but yet still produces very fast and lightweight executable applications.
Developers love Rust. It is voted as the most beloved programming language by Stackoverflow users for the past five years in a row. It is now the top 20 most widely used programming languages in the TIOBE survey and is used in many large projects including the Linux kernel.
In the cloud-native arena, Rust is also increasingly used in crucial infrastructure. For example, AWS's Rust-based Firecracker is a microVM that powers the AWS Lambda serverless platform. TiKV is a Rust-based database that has graduated from the CNCF. Now, Linkerd2-proxy becomes another Rust success story from the CNCF.
For users, the most tangible benefit of using a Rust-based product is its potential for fast speed and low memory footprint while avoiding an entire class of memory-related vulnerabilities endemic in C and C++ code. According to benchmark studies conducted by Linkerd itself, compared with Golang-based Istio (service mesh) and C++-based Envoy (sidecar proxy), Linkerd consumed 1/9th of the memory and 1/8th of the CPU at the data plane while delivering superior performance in the application tested.
Of course, as Rust gains popularity, it is also used in writing service applications. Developers could write service applications in Rust using web frameworks like Tokio and Hyper, compile them to NaCl or WebAssembly (eg with WasmEdge), and then deploy them as sidecar applications in service mesh like Linkerd.
Linkerd’s graduation from CNCF is a milestone for Rust in cloud-native infrastructure. Developers can participate in and contribute to the Linkerd open source project under Apache 2.0 through its GitHub, Slack, or email list.