Linkerd

Linkerd Tap API

The Linkerd Tap API is a Kubernetes aggregated API server that provides real-time streaming access to requests flowing through the Linkerd service mesh. It allows live inspection of HTTP and gRPC traffic including headers, paths, response codes, and latency. Access is controlled via Kubernetes RBAC.

GitHub OpenAPI

Documentation

📖
Documentation
https://linkerd.io/2-edge/reference/cli/viz/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/linkerd/refs/heads/main/openapi/linkerd-tap-openapi.yml

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/linkerd/refs/heads/main/json-schema/tap-event.json

Other Resources

🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/linkerd/refs/heads/main/json-ld/linkerd-context.jsonld

OpenAPI Specification

linkerd-tap-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Linkerd Tap API
  description: >-
    The Linkerd Tap API is a Kubernetes aggregated API server that
    provides real-time streaming access to requests flowing through
    the Linkerd service mesh. It allows live inspection of HTTP and
    gRPC traffic including headers, paths, response codes, and
    latency. Access is controlled via Kubernetes RBAC on the
    tap.linkerd.io API group.
  version: v1alpha1
  contact:
    name: Linkerd
    url: https://linkerd.io/
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
externalDocs:
  description: Linkerd Viz CLI Reference
  url: https://linkerd.io/2-edge/reference/cli/viz/
servers:
  - url: https://kubernetes.default.svc/apis/tap.linkerd.io/v1alpha1
    description: Linkerd Tap aggregated API server (via Kubernetes API)
paths:
  /apis/tap.linkerd.io/v1alpha1:
    get:
      operationId: getTapApiResources
      summary: Linkerd List Tap API resources
      description: >-
        Returns the list of resources available in the tap.linkerd.io
        API group.
      tags:
        - Discovery
      responses:
        '200':
          description: API resource list
          content:
            application/json:
              schema:
                type: object
                properties:
                  kind:
                    type: string
                    example: APIResourceList
                  apiVersion:
                    type: string
                    example: v1
                  groupVersion:
                    type: string
                    example: tap.linkerd.io/v1alpha1
                  resources:
                    type: array
                    items:
                      type: object
                      properties:
                        name:
                          type: string
                        namespaced:
                          type: boolean
                        kind:
                          type: string
                        verbs:
                          type: array
                          items:
                            type: string
  /watch/namespaces/{namespace}/tap:
    post:
      operationId: tapNamespace
      summary: Linkerd Tap traffic in a namespace
      description: >-
        Opens a streaming connection that returns real-time request
        and response metadata for traffic flowing through meshed
        pods in the specified namespace.
      tags:
        - Tap
      parameters:
        - name: namespace
          in: path
          required: true
          description: The Kubernetes namespace to tap
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TapByResourceRequest'
      responses:
        '200':
          description: Streaming tap events
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TapEvent'
        '403':
          description: Forbidden - insufficient RBAC permissions
  /watch/namespaces/{namespace}/{resource_type}/{resource_name}/tap:
    post:
      operationId: tapResource
      summary: Linkerd Tap traffic for a specific resource
      description: >-
        Opens a streaming connection that returns real-time request
        and response metadata for traffic flowing through the
        specified resource.
      tags:
        - Tap
      parameters:
        - name: namespace
          in: path
          required: true
          description: The Kubernetes namespace
          schema:
            type: string
        - name: resource_type
          in: path
          required: true
          description: The Kubernetes resource type (e.g., deployments, pods)
          schema:
            type: string
        - name: resource_name
          in: path
          required: true
          description: The name of the specific resource
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TapByResourceRequest'
      responses:
        '200':
          description: Streaming tap events
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TapEvent'
        '403':
          description: Forbidden - insufficient RBAC permissions
components:
  schemas:
    TapByResourceRequest:
      type: object
      properties:
        target:
          type: object
          description: Target resource to tap
          properties:
            resource_type:
              type: string
            resource_name:
              type: string
            namespace:
              type: string
        match:
          type: object
          description: Optional match criteria to filter events
          properties:
            path:
              type: string
              description: Regex to match request paths
            method:
              type: string
              description: HTTP method to match
              enum:
                - GET
                - POST
                - PUT
                - DELETE
                - PATCH
                - HEAD
                - OPTIONS
            authority:
              type: string
              description: Authority (Host header) to match
        max_rps:
          type: number
          description: Maximum events per second
          default: 100
    TapEvent:
      type: object
      properties:
        source:
          $ref: '#/components/schemas/TcpAddress'
        source_meta:
          type: object
          properties:
            labels:
              type: object
              additionalProperties:
                type: string
        destination:
          $ref: '#/components/schemas/TcpAddress'
        destination_meta:
          type: object
          properties:
            labels:
              type: object
              additionalProperties:
                type: string
        route_meta:
          type: object
          properties:
            labels:
              type: object
              additionalProperties:
                type: string
        proxy_direction:
          type: string
          enum:
            - INBOUND
            - OUTBOUND
        request_init:
          type: object
          properties:
            id:
              type: string
            method:
              type: string
            scheme:
              type: string
            authority:
              type: string
            path:
              type: string
            headers:
              type: object
              additionalProperties:
                type: string
        response_init:
          type: object
          properties:
            id:
              type: string
            http_status:
              type: integer
            latency_ns:
              type: integer
              format: int64
            headers:
              type: object
              additionalProperties:
                type: string
        response_end:
          type: object
          properties:
            id:
              type: string
            grpc_status:
              type: integer
            duration_ns:
              type: integer
              format: int64
            response_bytes:
              type: integer
              format: int64
    TcpAddress:
      type: object
      properties:
        ip:
          type: string
          description: IP address
        port:
          type: integer
          description: Port number
tags:
  - name: Discovery
    description: API resource discovery
  - name: Tap
    description: Real-time traffic inspection