Linkerd provides mutual TLS for service-to-service communication. The securing of communication between services is an out-of-the-box capability and is enabled by default. In this chapter, we will explore Linkerd automatic encryption of TLS communication through sidecar proxies. It shows an important feature for which we do not have to write a single line of code in the application. Since we're running on Kubernetes, there are options for selecting an ingress controller. We will focus on the nginx controller because it is easy to set up, it secures the communication, and it allows certificate rotations.

In a nutshell, we will be learning about the following topics in this chapter:

• Understanding mTLS traffic checks for proxy-to-proxy communication
• Installing and deploying Smallstep for leaf certificates and key authority
• Setting up root and an intermediate certificate authority
• Redeploying the Linkerd control plane using a trusted certificate 
• Enabling ingress and validating against TLS status
• Regenerating and increasing leaf certificate validity 
• Setting up ingress for booksapp with the new leaf certificate
• Modifying ingress definition with TLS and verifying traffic routing