This repo contains the gRPC bindings that the Linkerd Proxy uses to communicate with the Linkerd control plane.
Generally, the proxy's APIs are Kubernetes-agnostic and expose abstractions that allow proxies to discover runtime configuration.
The destination API is used by proxies to discover information about outbound traffic. This configuration includes:
- the protocol of the destination, if known
- whether the destination is a load balanced service or individual endpoint
- labels to describe the destination in telemetry
- the mTLS identity of destination pods
The identity API is used by proxies to obtain TLS certificates used for authenticed pod-to-pod communication.
The inbound API is used by the proxy to discover inbound serving policies, i.e. per-port authorization requirements and rate-limiting poilcy.
The proxy can be configured to expose a gRPC server that allows the control plane to query metadata about live requests transiting the proxy.
The ./proto directory includes protobuf definitions.
The ./go directory contains statically generated Go bindings, which are
generally used by controller implementations.
This repository publishes the linkerd2-proxy-api crate,
which uses tonic to expose client and server implementations for each
API. Each API may be enabled independently with cargo feature flags.
The proxy generally uses API clients. Some server implementations are also used by the control plane.
Issues may be opened in the linkerd2 repository.
Copyright 2022 The Linkerd Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.