TCP Proxying and Protocol Detection
Linkerd is capable of proxying all TCP traffic, including TLS’d connections,WebSockets, and HTTP tunneling.
Linkerd performs protocol detection to determine whether traffic is HTTP orHTTP/2 (including gRPC). If Linkerd detects that a connection is using HTTP orHTTP/2, Linkerd will automatically provide HTTP-level metrics and routingwithout configuration from the user. (SeeHTTP, HTTP/2, and gRPC Proxying for more.)
If Linkerd cannot determine that a connection is using HTTP or HTTP/2, Linkerdwill proxy the connection, but will only be able to provide byte-level metrics.Note that this also applies to TLS’d HTTP connections if the applicationinitiates the TLS, as Linkerd will not be able to observe the HTTP transactionsin this connection.
Configuring Protocol Detection
In some cases Linkerd’s protocol detection requires configuration. Currently,this is required for unencrypted “server-speaks-first” protocols, or protocolswhere the server sends data before the client sends data. In these cases,Linkerd cannot automatically recognize the protocol used on the connection.(Note that TLS-enabled connections work as normal, because TLS itself is aclient-speaks-first protocol.)
The following protocols are known to be server-speaks-first:
- 25 - SMTP
- 3306 - MySQL
- 8086 - InfluxDB
- 4222 - NATS
- 27017 - MongoDBIf you’re working with a protocol that can’t be automatically recognized byLinkerd, use the
—skip-inbound-ports
and—skip-outbound-ports
flags whenrunninglinkerd inject
.
For example, if your application makes requests to a MySQL database running onport 4406, use the command:
linkerd inject deployment.yml --skip-outbound-ports=4406 \
| kubectl apply -f -
Likewise if your application runs an SMTP server that accepts incoming requestson port 35, use the command:
linkerd inject deployment.yml --skip-inbound-ports=35 \
| kubectl apply -f -
Plaintext MySQL and SMTP
For MySQL and SMTP, if you are using Linkerd to proxy plaintext connections ontheir default ports (3306 and 25, respectively), then Linkerd will currentlyidentify these protocols based on the port, and will not attempt to performprotocol detection. Thus, no extra configuration is necessary for plaintextMySQL and SMTP connections.