edge-21.11.1
In this edge, we're very excited to introduce Service Account Token Volume
Projections, used to set up the pods' identities. These tokens are bounded
specifically for this use case and are rotated daily, replacing the usage of the
default tokens injected by Kubernetes which are overly permissive.
Note that this edge release updates the minimum supported kubernetes version to 1.20.
- Updated the minimum supported kubernetes version to 1.20
- Use Service Account Token Volume Projections to set up the pods' identities;
now injection also works on pods withautomountServiceAccountTokenset to
false - Updated proxy-init's Alpine base image to fix some CVEs (not affecting
Linkerd) - Updated the Prometheus image in linkerd-viz to 2.30.3
- Changed the proxy and policy controller to use jemalloc on x86_64 gnu/linux to
reduce memory usage - Fixed output for
linkerd check -o json - Added ability to configure ephemeral-storage resources for each component
(thanks @michaellzc!)