Windows Mesh Expansion (WME)

The included driver is signed by Microsoft for Windows Server 2025 (x64) and also loads on Windows 11 (x64). Future releases will add support for Windows Server 2022, Server Core 2025, and Server Core 2022.

BEL Windows Mesh Expansion (WME) integrates a Windows VM or bare-metal system into Linkerd, allowing Windows applications on the host to participate in observable, secure, and reliable meshed communication.

The central component is the linkerd-proxy-harness, a service that runs on the VM and orchestrates mesh participation. It supervises the Linkerd data-plane proxy, fetches the machine’s SPIFFE SVID from a local SPIRE agent, registers the VM as an ExternalWorkload in the cluster, and responds to readiness probes so the VM appears to in-cluster services as a meshed pod.

Outbound TCP traffic is transparently intercepted by the linkerd-tcp-redirect.sys WFP kernel driver and redirected to the local proxy, which applies mTLS and policy enforcement using the identity the harness established. Note that the driver handles outbound only; inbound mTLS connections from the cluster arrive directly at the proxy’s inbound listening port and are not intercepted or redirected by the driver.

Learning more

Guide: Installing Windows Mesh Expansion (WME)