edge-20.11.3
This edge release improves support for CNI by properly handling parameters
passed to the nsenter command, relaxes checks on root and intermediate
certificates (following X509 best practices), and fixes two issues: one that
prevented installation of the control plane into a custom namespace and one
which failed to update endpoint information when a headless service is modified.
This release also improves linkerd proxy performance by eliminating unnecessary
endpoint resolutions for TCP traffic and properly tearing down serverside
connections when errors occur.
- Added HTTP/2 keepalive PING frames
- Removed logic to avoid redundant TCP endpoint resolution
- Fixed an issue where serverside connections were not torn down when an error
occurs - Updated
linkerd checkso that it doesn't attempt to validate the subject
alternative name (SAN) on root and intermediate certificates. SANs for leaf
certificates will continue to be validated - Fixed a CLI issue where the
linkerd-namespaceflag is not honored when
passed to theinstallandupgradecommands - Fixed an issue where the proxy does not receive updated endpoint information
when a headless service is modified - Updated the control plane Docker images to use
buster-20201117-slimto
reduce potential security vulnerabilities - Updated the proxy-init container to
v1.3.7which fixes CNI issues in certain
environments by properly parsingnsenterargs