logo
allArticlesConferencesPresentations

Emissary + Linkerd: A Guide to End-to-end Encryption for your Cluster

Conference:  KubeCon + CloudNativeCon Europe 2022

2022-05-19

Authors:   Flynn, Jason Morgan

Summary

The presentation discusses the installation and use of Emissary, a service mesh for Kubernetes, and its ability to achieve zero trust networking.
  • Emissary is a service mesh for Kubernetes that can achieve zero trust networking
  • Emissary uses envoy for data wrangling and can consume ebpf modules for networking efficiency
  • Emissary can generate unique certificates for each connection and recommends using cert manager for certificate rotation
  • Emissary 2.11 introduced the ability to use policy for zero trust networking and 2.12 will have a more granular and easier to use policy system
  • Installation of Emissary involves adding the helm repo, installing the Emissary CRDs, and using helm to install Emissary into a namespace
During the presentation, the speaker highlighted the importance of installing the Emissary CRDs for a new installation or upgrade to ensure the latest and greatest definition of the custom resources used to configure Emissary. They also emphasized the need to wait for Emissary to be running before proceeding with installation. The speaker also mentioned the importance of using cert manager to rotate the intermediary certificate that Emissary uses to issue workload certificates.

Abstract

In this workshop, members of the Emissary-Ingress and Linkerd teams show the painless way to get four CNCF projects (Emissary, Linkerd, Kubernetes, and Envoy) running smoothly together to provide end-to-end encryption for application calls. They'll guide you through the best practices for using Linkerd and Emissary to give you capabilities like advanced L7 routing, in-cluster mTLS, embedded authentication, rate limiting, and much more. They’ll take you on a tour of each project and show you how they complement each other and make a great addition to your Kubernetes stack. Finally, they'll introduce a reference architecture for running Linkerd and Emissary together and walk you through how to implement it in practice.Click here to view captioning/translation in the MeetingPlay platform!
Materials:
Tags:
Emissary
Linkerd
Kubernetes
Envoy
CNCF

Post a comment

Related work

Emissary + Linkerd Resilience Patterns: Rate Limits, Retries & Timeouts

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Flynn, Daniel Bryant
2022-10-28

Overview and State of Linkerd

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Matei David
2023-04-20

Kubernetes Networking 101 - Randy Abernethy, RX

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Randy Abernethy
2022-05-20

Virtual: A Crash Course in mTLS and Authorization for Kubernetes with Linkerd

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: William Morgan
2021-10-11

Contour, a High Performance Multitenant Ingress Controller for Kubernetes

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Steve Sloka

Securing User to Service Access in Kubernetes

Conference:  Cloud Native SecurityCon North America 2023
Authors: Maya Kaczorowski, Maisem Ali