Hacker News new | ask | show | jobs
by agracey 1066 days ago
https://linkerd.io/ is a much lighter-weight alternative but you do still get some of the fancy things like mtls without needing any manual configuration. Install it, label your namespaces, and let it do it's thing!
1 comments
vbezhenar 1066 days ago
I don't think that I need mtls and extra CPU load for useless (to me) encryption does not sound so good. Can I opt-out of this specific feature?

Also I'm worried about its pervasiveness. Is it possible to enable those side-cars only on selected pods?

link
vbezhenar 1066 days ago
So to answer my own question:

It's not possible to disable mtls with meshed services, no configuration option for this particular feature.

There's no pervasiveness with linkerd, one need to add `linkerd.io/inject: enabled` annotation to the target service and restart deployment.

link
__warlord__ 1066 days ago
At least in Istio yes, you can annotate pods or namespaces to be part of your service mesh.
link