Security Policy Automation

Linkerd provides a rich and expressive language for expressing a type of security policy called authorization policy, which gives you control over which components of your application are able to communicate with each other, and under what conditions. Based on Linkerd’s powerful workload identity and authenticated via mutual TLS, authorization policies can provide a powerful strategy for implementing zero-trust security.

(For a technical introduction to mutual TLS, we recommend A Kubernetes engineer’s guide to mTLS. For a high-level overview of zero trust, we recommend Zero trust network security in Kubernetes with the service mesh.)

However, getting started with authorization policies can be difficult. BEL’s authorization policy automation feature eliminates the toil of bootstrapping by generated policies based on observed traffic within a functioning application. This allows you to quickly get functioning policies, and to keep these policies up-to-date as your application architecture evolves.

For a walkthrough of how to try authorization policies, see our walkthrough, Task: Generating authorization policies on an existing application.