Bird
Raised Fist0
Microservicessystem_design~7 mins

Linkerd overview in Microservices - System Design Guide

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Problem Statement
Microservices communicate over the network, but without a dedicated layer to manage this communication, issues like unreliable connections, lack of observability, and inconsistent security policies arise. This leads to failures that are hard to detect and fix, causing downtime and degraded user experience.
Solution
Linkerd acts as a service mesh that sits between microservices to manage their communication. It automatically handles retries, timeouts, load balancing, and encryption, while providing detailed metrics and tracing. This makes service-to-service communication reliable, observable, and secure without changing application code.
Architecture
Service A
(App Code)
Linkerd
Service C
(App Code)
Linkerd

This diagram shows how Linkerd proxies sit alongside each microservice instance, intercepting and managing all network traffic between services.

Trade-offs
✓ Pros
Automatically adds reliability features like retries and timeouts without code changes.
Provides detailed observability with metrics, logs, and tracing for microservice communication.
Enforces security with mutual TLS encryption between services transparently.
Lightweight and easy to deploy with minimal performance overhead.
✗ Cons
Adds operational complexity by introducing an additional proxy layer per service.
Requires learning and managing a new infrastructure component.
May increase latency slightly due to proxy hops on each request.
Use Linkerd when you have multiple microservices communicating frequently and need reliability, observability, and security without modifying application code. Typically beneficial at scale of hundreds or more service instances.
Avoid Linkerd if your system is a simple monolith or has very few services with low communication complexity, as the added complexity and overhead may not justify the benefits.
Real World Examples
Buoyant
Buoyant, the creators of Linkerd, use it to provide a reliable and secure service mesh for their own cloud-native applications, ensuring smooth microservice communication.
Monzo
Monzo uses Linkerd to improve reliability and observability in their banking microservices, helping detect and recover from failures quickly.
Pinterest
Pinterest adopted Linkerd to secure service-to-service communication with mutual TLS and gain deep insights into traffic patterns across their microservices.
Alternatives
Istio
Istio provides a more feature-rich and complex service mesh with advanced traffic management and policy controls.
Use when: Choose Istio when you need extensive customization and advanced features beyond basic reliability and security.
Consul Connect
Consul Connect integrates service mesh capabilities with service discovery and configuration management.
Use when: Choose Consul Connect if you already use Consul for service discovery and want integrated mesh features.
Summary
Linkerd is a lightweight service mesh that manages communication between microservices transparently.
It improves reliability, security, and observability without requiring code changes.
Linkerd is ideal for complex microservice architectures needing automated traffic management and encryption.

Practice

(1/5)
1. What is the primary purpose of Linkerd in a microservices architecture?
easy
A. To write business logic for microservices
B. To replace the database layer in microservices
C. To help microservices communicate securely and reliably
D. To serve as a frontend framework for microservices

Solution

  1. Step 1: Understand Linkerd's role

    Linkerd is a service mesh designed to manage communication between microservices.

  2. Step 2: Identify its main function

    It ensures secure and reliable communication without changing service code.

  3. Final Answer:

    To help microservices communicate securely and reliably -> Option C

  4. Quick Check:

    Linkerd = Secure, reliable microservice communication [OK]
Hint: Linkerd manages communication, not business logic or UI [OK]
Common Mistakes:
  • Confusing Linkerd with database or frontend tools
  • Thinking Linkerd writes application code
  • Assuming Linkerd replaces microservices
2. Which of the following commands is used to check the health of Linkerd after installation?
easy
A. linkerd check
B. linkerd install
C. linkerd monitor
D. linkerd deploy

Solution

  1. Step 1: Recall Linkerd CLI commands

    Linkerd provides commands like install, check, and monitor for managing the service mesh.

  2. Step 2: Identify the health check command

    The linkerd check command verifies if Linkerd is installed and running correctly.

  3. Final Answer:

    linkerd check -> Option A

  4. Quick Check:

    Health check = linkerd check [OK]
Hint: Use 'linkerd check' to verify installation health [OK]
Common Mistakes:
  • Using 'linkerd install' to check health
  • Confusing 'linkerd monitor' with health check
  • Assuming 'linkerd deploy' is a valid command
3. Given the following snippet, what will linkerd check report if Linkerd proxies are not injected into the services? 
kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
service-a-12345           1/1     Running   0          10m
service-b-67890           1/1     Running   0          10m
medium
A. Info: Services are running but no Linkerd installed
B. All checks pass, Linkerd is fully operational
C. Error: Kubernetes cluster not reachable
D. Warning: No proxies detected, Linkerd not fully enabled

Solution

  1. Step 1: Understand proxy injection role

    Linkerd requires proxies injected into pods to manage traffic and security.

  2. Step 2: Analyze pod readiness and proxy presence

    Pods show 1/1 ready, but no proxy sidecar means Linkerd features are not active.

  3. Final Answer:

    Warning: No proxies detected, Linkerd not fully enabled -> Option D

  4. Quick Check:

    No proxies = Warning from linkerd check [OK]
Hint: No proxies means Linkerd features inactive, expect warnings [OK]
Common Mistakes:
  • Assuming pods ready means Linkerd is fully working
  • Confusing cluster reachability errors with proxy injection
  • Thinking Linkerd works without proxies
4. You deployed Linkerd but notice that traffic is not being routed through the proxies. Which of the following is the most likely cause?
medium
A. Proxies were not injected into the service pods
B. The services are not exposing any ports
C. The Kubernetes cluster is down
D. The Linkerd control plane is not installed

Solution

  1. Step 1: Check Linkerd traffic routing requirements

    Traffic routing requires proxies injected into pods to intercept and manage requests.

  2. Step 2: Identify common deployment mistakes

    If proxies are missing, traffic bypasses Linkerd, causing routing issues.

  3. Final Answer:

    Proxies were not injected into the service pods -> Option A

  4. Quick Check:

    Missing proxies = traffic not routed [OK]
Hint: Missing proxies cause traffic routing failure [OK]
Common Mistakes:
  • Assuming control plane absence causes routing issues
  • Blaming Kubernetes cluster status without checking proxies
  • Ignoring service port exposure as a cause
5. You want to add observability to your microservices using Linkerd. Which combination of features does Linkerd provide to achieve this without changing your service code?
hard
A. Database management, caching, and load balancing
B. Traffic routing, security, and built-in monitoring dashboards
C. Frontend UI components, API gateways, and authentication
D. Code instrumentation, manual tracing, and custom logging

Solution

  1. Step 1: Identify Linkerd's observability features

    Linkerd provides traffic routing, security, and monitoring dashboards automatically via proxies.

  2. Step 2: Exclude unrelated features

    Database, frontend UI, and manual code changes are outside Linkerd's scope.

  3. Final Answer:

    Traffic routing, security, and built-in monitoring dashboards -> Option B

  4. Quick Check:

    Linkerd = routing + security + monitoring [OK]
Hint: Linkerd adds observability without code changes [OK]
Common Mistakes:
  • Confusing Linkerd with database or frontend tools
  • Thinking manual code changes are needed for observability
  • Mixing Linkerd with unrelated infrastructure components