Refer to the Enabling mutual TLS within the mesh section of Chapter 11, Exploring Istio's Security Features, for a detailed discussion of mTLS.
Linkerd has made mTLS accessible and straightforward through the use of sidecar proxies by using ephemeral (short-lived) leaf certificates. It automatically uses mTLS across host boundaries to encrypt HTTP and gRPC communication between microservices that are using Linkerd as sidecar proxies. There is no need for any code at the microservice level to handle the TLS communication as the Linkerd control plane takes care of it automatically. Linkerd frees up developers' time for not having to secure communication between microservices.
Since the Linkerd sidecar proxy is attached to a container within the same pod, the existing microservice can have unencrypted (HTTP) communication. Between a service,...