{"id":13647768,"url":"https://github.com/linkerd/linkerd-tcp","last_synced_at":"2025-08-13T23:32:33.337Z","repository":{"id":19141056,"uuid":"74517111","full_name":"linkerd/linkerd-tcp","owner":"linkerd","description":"A TCP/TLS load balancer for Linkerd 1.x.","archived":false,"fork":false,"pushed_at":"2023-06-14T16:11:39.000Z","size":629,"stargazers_count":524,"open_issues_count":26,"forks_count":28,"subscribers_count":33,"default_branch":"master","last_synced_at":"2024-11-30T14:59:05.105Z","etag":null,"topics":["linkerd","load-balancer","rust","service-mesh","tcp","tls","tokio"],"latest_commit_sha":null,"homepage":"https://linkerd.io","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/linkerd.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null}},"created_at":"2016-11-22T22:00:35.000Z","updated_at":"2024-11-28T16:33:02.000Z","dependencies_parsed_at":"2022-08-27T22:31:02.816Z","dependency_job_id":"5d68a6be-9243-4e0c-85e5-98e9d6aa74bf","html_url":"https://github.com/linkerd/linkerd-tcp","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linkerd%2Flinkerd-tcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linkerd%2Flinkerd-tcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linkerd%2Flinkerd-tcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linkerd%2Flinkerd-tcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/linkerd","download_url":"https://codeload.github.com/linkerd/linkerd-tcp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":229787060,"owners_count":18124013,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["linkerd","load-balancer","rust","service-mesh","tcp","tls","tokio"],"created_at":"2024-08-02T01:03:45.872Z","updated_at":"2024-12-15T06:04:53.303Z","avatar_url":"https://github.com/linkerd.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"# linkerd-tcp #\n\nA TCP load balancer for the [linkerd][linkerd] service mesh.\n\nStatus: _beta_\n\n[![CircleCI](https://circleci.com/gh/linkerd/linkerd-tcp/tree/master.svg?style=svg)](https://circleci.com/gh/linkerd/linkerd-tcp/tree/master)\n\n## Features ##\n\n- Lightweight, native **TCP** and **TLS** load balancer built on [tokio].\n  - Weighted-least-loaded [P2C][p2c] load balancing.\n  - Minimal resource utilization: typically \u003c.5 cores with ~2MB RSS.\n- Tightly integrated with the [linkerd service mesh][namerd].\n  - Supports endpoint weighting (i.e. for \"red line\" testing).\n- Modern Transport Layer Security via [rustls][rustls]:\n  - TLS1.2 and TLS1.3 (draft 18) only.\n  - ECDSA or RSA server authentication by clients.\n  - RSA server authentication by servers.\n  - Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves.\n  - AES128-GCM and AES256-GCM bulk encryption, with safe nonces.\n  - Chacha20Poly1305 bulk encryption.\n  - ALPN support.\n  - SNI support.\n\n## Quickstart ##\n\n1. Install [Rust and Cargo][install-rust].\n2. Run [namerd][namerd].  `./namerd.sh` fetches, configures, and runs namerd using a local-fs-backed discovery (in ./tmp.discovery).\n3. From this repository, run: `cargo run -- example.yml`\n\nWe :heart: pull requests! See [CONTRIBUTING.md](CONTRIBUTING.md) for info on\ncontributing changes.\n\n## Usage ##\n\n```\nlinkerd-tcp 0.1.0\nA native TCP proxy for the linkerd service mesh\n\nUSAGE:\n    linkerd-tcp \u003cPATH\u003e\n\nFLAGS:\n    -h, --help       Prints help information\n    -V, --version    Prints version information\n\nARGS:\n    \u003cPATH\u003e    Config file path\n```\n\n### Example configuration ###\n\n```yaml\n\n# Administrative control endpoints are exposed on a dedicated HTTP server. Endpoints\n# include:\n# - /metrics -- produces a snapshot of metrics formatted for prometheus.\n# - /shutdown -- POSTing to this endpoint initiates graceful shutdown.\n# - /abort -- POSTing to this terminates the process immediately.\nadmin:\n  port: 9989\n\n  # By default, the admin server listens only on localhost. We can force it to bind\n  # on all interfaces by overriding the IP.\n  ip: 0.0.0.0\n\n  # Metrics are snapshot at a fixed interval of 10s.\n  metricsIntervalSecs: 10\n\n# A process exposes one or more 'routers'. Routers connect server traffic to\n# load balancers.\nrouters:\n\n  # Each router has a 'label' for reporting purposes.\n  - label: default\n\n    # Each router is configured to resolve names.\n    # Currently, only namerd's HTTP interface is supported:\n    interpreter:\n      kind: io.l5d.namerd.http\n      baseUrl: http://localhost:4180\n      namespace: default\n      periodSecs: 20\n\n    servers:\n\n      # Each router has one or more 'servers' listening for incoming connections.\n      # By default, routers listen on localhost. You need to specify a port.\n      - port: 7474\n        dstName: /svc/default\n        # You can limit the amount of time that a server will wait to obtain a\n        # connection from the router.\n        connectTimeoutMs: 500\n\n      # By default each server listens on 'localhost' to avoid exposing an open\n      # relay by default. Servers may be configured to listen on a specific local\n      # address or all local addresses (0.0.0.0).\n      - port: 7575\n        ip: 0.0.0.0\n        # Note that each server may route to a different destination through a\n        # single router:\n        dstName: /svc/google\n        # Servers may be configured to perform a TLS handshake.\n        tls:\n          defaultIdentity:\n            privateKey: private.pem\n            certs:\n              - cert.pem\n              - ../eg-ca/ca/intermediate/certs/ca-chain.cert.pem\n\n    # Clients may also be configured to perform a TLS handshake.\n    client:\n      kind: io.l5d.static\n      # We can also apply linkerd-style per-client configuration:\n      configs:\n        - prefix: /svc/google\n          connectTimeoutMs: 400\n          # Require that the downstream connection be TLS'd, with a\n          # `subjectAltName` including the DNS name _www.google.com_\n          # using either our local CA or the host's default openssl\n          # certificate.\n          tls:\n            dnsName: \"www.google.com\"\n            trustCerts:\n              - ../eg-ca/ca/intermediate/certs/ca-chain.cert.pem\n              - /usr/local/etc/openssl/cert.pem\n```\n\n### Logging ###\n\nLogging may be enabled by setting `RUST_LOG=linkerd_tcp=info` on the environment.  When\ndebugging, set `RUST_LOG=trace`.\n\n## Docker ##\n\nTo build the  linkerd/linkerd-tcp docker image, run:\n\n```bash\n./dockerize latest\n```\n\nReplace `latest` with the version that you want to build.\n\nTry running the image with:\n\n```bash\ndocker run -v `pwd`/example.yml:/example.yml linkerd/linkerd-tcp:latest /example.yml\n```\n\n## Code of Conduct ##\n\nThis project is for everyone. We ask that our users and contributors take a few minutes to\nreview our [code of conduct][coc].\n\n## License ##\n\nCopyright 2017-2018 Linkerd-TCP authors. All rights reserved.\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use these files except in compliance with the License. You may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\nUnless required by applicable law or agreed to in writing, software distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.\n\n\u003c!-- references --\u003e\n[coc]: https://github.com/linkerd/linkerd/wiki/Linkerd-code-of-conduct\n[install-rust]: https://www.rust-lang.org/en-US/install.html\n[linkerd]: https://github.com/linkerd/linkerd\n[namerd]: https://github.com/linkerd/linkerd/tree/master/namerd\n[p2c]: https://www.eecs.harvard.edu/~michaelm/postscripts/mythesis.pdf\n[rustls]: https://github.com/ctz/rustls\n[tokio]: https://tokio.rs\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinkerd%2Flinkerd-tcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flinkerd%2Flinkerd-tcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinkerd%2Flinkerd-tcp/lists"}