As we have seen in this chapter, the Linkerd control plane ships with a Certificate Authority (CA) called identity and sidecar proxies. Sidecars run alongside each microservice and receive certificates from the identity CA—which ties to a Kubernetes service account. The sidecar proxies automatically upgrade all communication between edges of the mesh to encrypted TLS connections.

Linkerd leaves it up to you to configure your ingress gateway to secure communications to the edge services of the applications in the Kubernetes cluster. There are choices of ingress controllers that you can use. In the examples of this chapter, we used the nginx ingress gateway to secure the communication and steps to rotate the certificates.   

In the next chapter, we will explore the observability features in Linkerd. We will explain the process of metrics collection through sidecar proxies and different ways to visualize, query, and analyze the telemetry data.