Identity lies at the core of every service mesh, so changing what “identity” means is always a challenging endeavor that mustn’t be taken lightly. Yet that’s exactly what the Linkerd project had to do to support extending the mesh beyond Kubernetes. Ultimately, communicating beyond the cluster isn’t hard, and identity is where the magic happens. How exactly does the mesh identify foreign workloads? What’s the role of Kubernetes itself in this realm? What mechanisms can we use outside of Kubernetes? Join us for an open and candid look into how the Linkerd project reimagined itself by tackling these and other questions, ultimately landing on SPIFFE/SPIRE as the tool of choice to enable seamless integration of workloads into the mesh.