linkerd/linkerd2 edge-25.1.1

on GitHub

Overall status: RECOMMENDED

Cautions

This release requires that the Kubernetes API server be able to use TLS v1.3. That's been supported since Kubernetes v1.19, and Linkerd currently requires at least Kubernetes v1.22, so this shouldn't be an issue for anyone. It also validates that proxy.runAsRoot be set if proxyInit.closeWaitTimeoutSecs is set -- this was a functional requirement anyway, but we now validate it at install time.

Changes

Welcome to 2025! This first release of the year bumps the minimum TLS version when talking to the API server to v1.3 (see the CAUTIONS above), adds proper iptables support for RHEL nodes, allows Linkerd to talk to running Pods which haven't passed readiness checks yet (thanks, Tuomo!), and allows specifying both podAnnotations per deployment (thanks, Takumi Sue!) and labels for the Viz dashboard (thanks, omer2500!). It also validates that proxy.runAsRoot is set if you try to set proxyInit.closeWaitTimeoutSecs, correctly handles proxy log levels with quotes, cleans up CLI output of port forwarding errors, adds the pod UID and proxy container name to the environment, fixes a bug with installing extensions with Helm in IPv6 clusters, and removes some unneeded CNI configuration values. Finally, thanks to Joakim Roubert for cleaning up some development shell scripting!

What's Changed

• proxy: v2.269.0 by @l5d-bot in #13401
• build(deps): bump libc from 0.2.165 to 0.2.166 by @dependabot in #13400
• build(deps): bump socket2 from 0.5.7 to 0.5.8 by @dependabot in #13404
• build(deps): bump bytes from 1.8.0 to 1.9.0 by @dependabot in #13403
• build(deps): bump tracing from 0.1.40 to 0.1.41 by @dependabot in #13402
• ci: pin cargo-nextest to v0.9.67 by @olix0r in #13411
• policy: Add e2e egress tests by @zaharidichev in #13390
• test(policy): update e2e_egress_network for reliability by @olix0r in #13412
• test(policy): fix assert_status_accepted to panic by @olix0r in #13413
• proxy: v2.270.0 by @l5d-bot in #13414
• chore(just): retry failures when loading pause container by @olix0r in #13415
• build(deps): bump mio from 1.0.2 to 1.0.3 by @dependabot in #13417
• build(deps): bump allocator-api2 from 0.2.20 to 0.2.21 by @dependabot in #13416
• build(deps): bump libc from 0.2.166 to 0.2.167 by @dependabot in #13418
• build(deps): bump k8s.io/endpointslice from 0.31.2 to 0.31.3 by @dependabot in #13386
• build(deps-dev): bump eslint-plugin-promise from 7.1.0 to 7.2.1 in /web/app by @dependabot in #13408
• build(deps): bump cc from 1.2.1 to 1.2.2 by @dependabot in #13423
• build(deps): bump errno from 0.3.9 to 0.3.10 by @dependabot in #13421
• build(deps): bump tracing-subscriber from 0.3.18 to 0.3.19 by @dependabot in #13422
• build(deps): bump clap from 4.5.21 to 4.5.22 by @dependabot in #13436
• build(deps): bump tokio-util from 0.7.12 to 0.7.13 by @dependabot in #13431
• refactor(policy): move policy-controller library to runtime by @olix0r in #13419
• chore: update Go code for new lints by @olix0r in #13437
• build(deps): bump tokio from 1.41.1 to 1.42.0 by @dependabot in #13438
• build(deps): bump anyhow from 1.0.93 to 1.0.94 by @dependabot in #13439
• build(deps): bump codecov/codecov-action from 5.0.7 to 5.1.1 by @dependabot in #13440
• build(deps): update linkerd/dev from v43 to v44 by @olix0r in #13428
• build(deps): bump EmbarkStudios/cargo-deny-action from 1.6.3 to 2.0.4 by @dependabot in #13424
• build(deps): bump thiserror from 1.0.68 to 2.0.4 by @dependabot in #13435
• build(deps): bump unicode-ident from 1.0.13 to 1.0.14 by @dependabot in #13359
• build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.1 by @dependabot in #13434
• build(deps): bump github.com/prometheus/common from 0.60.1 to 0.61.0 by @dependabot in #13429
• build(deps): bump github.com/emicklei/proto from 1.13.2 to 1.13.3 by @dependabot in #13430
• build(deps): bump golang.org/x/tools from 0.27.0 to 0.28.0 by @dependabot in #13433
• build(deps): bump clap from 4.5.22 to 4.5.23 by @dependabot in #13448
• build(deps): bump pest_derive from 2.7.14 to 2.7.15 by @dependabot in #13447
• build(deps): bump thiserror from 2.0.4 to 2.0.6 by @dependabot in #13446
• build(deps): bump tj-actions/changed-files from 45.0.4 to 45.0.5 by @dependabot in #13449
• build(deps-dev): bump webpack from 5.96.1 to 5.97.1 in /web/app by @dependabot in #13443
• build(deps-dev): bump @babel/preset-react from 7.25.9 to 7.26.3 in /web/app by @dependabot in #13444
• chore: group cargo dependabot updates by @olix0r in #13450
• build(deps): bump libc from 0.2.167 to 0.2.168 by @dependabot in #13453
• build(deps): bump cc from 1.2.2 to 1.2.3 by @dependabot in #13452
• build(deps): bump tokio-stream from 0.1.16 to 0.1.17 by @dependabot in #13454
• build(deps): bump url from 2.5.2 to 2.5.4 by @dependabot in #13385
• refactor(multicluster): Replace use of unstructured API with typed bindings for Link CR by @adleong in #13420
• feat(helm): Allow specifying podAnnotations per deployment by @mikutas in #13388
• Simplify cni config by @alpeb in #13407
• build(deps): bump chrono from 0.4.38 to 0.4.39 by @dependabot in #13456
• build(deps): bump nanoid from 3.3.7 to 3.3.8 in /web/app by @dependabot in #13455
• build(deps): bump serde from 1.0.215 to 1.0.216 by @dependabot in #13465
• proxy: v2.271.0 by @l5d-bot in #13468
• build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @dependabot in #13466
• build(deps): bump k8s.io/client-go from 0.31.3 to 0.31.4 by @dependabot in #13460
• build(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 by @dependabot in #13467
• chore(ci): simplify protoc scripts by @olix0r in #13459
• build(deps): bump k8s.io/endpointslice from 0.31.3 to 0.31.4 by @dependabot in #13463
• build(deps): bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 by @dependabot in #13470
• bin: shellscript housekeeping by @joakimr-axis in #13469
• build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 by @dependabot in #13471
• build(deps): bump k8s.io/endpointslice from 0.31.4 to 0.32.0 by @dependabot in #13472
• build(deps): bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 by @dependabot in #13473
• build(deps): bump cni-plugin from v1.5.2 to v1.6.0 by @alpeb in #13474
• feat(linkerd-cni): add support for plain iptables commands by @alpeb in #13457
• chore: group k8s.io dependabot updates by @olix0r in #13476
• build(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 by @dependabot in #13477
• build(deps-dev): bump webpack-dev-server from 5.1.0 to 5.2.0 in /web/app by @dependabot in #13478
• feat(viz): add option to add labels to web service by @omer2500 in #13305
• chore(proxy-injector): reduce test boilerplate by @olix0r in #13479
• fix(helm): add validation for proxyInit.closeWaitTimeoutSecs by @alpeb in #13481
• chore: remove bin/helm-doc by @alpeb in #13482
• fix(proxy-injector): handle proxy-log-level with quotes by @olix0r in #13480
• build(deps): bump thiserror from 2.0.6 to 2.0.7 by @dependabot in #13485
• build(deps): bump cc from 1.2.3 to 1.2.4 by @dependabot in #13484
• build(deps): bump home from 0.5.9 to 0.5.11 by @dependabot in #13488
• build(deps): bump helm.sh/helm/v3 from 3.16.3 to 3.16.4 by @dependabot in #13489
• build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 by @dependabot in #13490
• build(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2 by @dependabot in #13506
• build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0 by @dependabot in #13505
• build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2 by @dependabot in #13504
• build(deps): bump github.com/emicklei/proto from 1.13.3 to 1.14.0 by @dependabot in #13503
• build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #13499
• build(deps): bump security-framework-sys from 2.12.1 to 2.13.0 by @dependabot in #13498
• build(deps): bump schannel from 0.1.23 to 0.1.27 by @dependabot in #13497
• build(deps): bump thiserror from 2.0.7 to 2.0.8 by @dependabot in #13496
• build(deps): bump backtrace from 0.3.73 to 0.3.74 by @dependabot in #13495
• deps: bump linkerd-extension init from v0.1.1 to v0.1.2 by @alpeb in #13486
• deps: bump proxy-init from v2.4.1 to v2.4.2 by @alpeb in #13487
• chore(deps): update from hyper 0.14.28 to 0.14.32 by @cratelyn in #13492
• Set minimum TLS version to 1.3 by @sfleen in #13500
• Add pod UID and container name to proxy env by @sfleen in #13501
• build(deps): bump libc from 0.2.168 to 0.2.169 by @dependabot in #13510
• build(deps): bump cc from 1.2.4 to 1.2.5 by @dependabot in #13509
• build(deps): bump thiserror from 2.0.8 to 2.0.9 by @dependabot in #13516
• build(deps): bump object from 0.36.5 to 0.36.7 by @dependabot in #13517
• build(deps): bump serde_json from 1.0.133 to 1.0.134 by @dependabot in #13518
• build(deps): bump anyhow from 1.0.94 to 1.0.95 by @dependabot in #13519
• build(deps): bump linked_hash_set from 0.1.4 to 0.1.5 by @dependabot in #13520
• build(deps): bump Swatinem/rust-cache from 2.7.5 to 2.7.7 by @dependabot in #13524
• build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 by @dependabot in #13521
• build(deps): bump DavidAnson/markdownlint-cli2-action from 18.0.0 to 19.0.0 by @dependabot in #13523
• Add newlines to port-forward error output by @siggy in #13522
• build(deps): bump linkerd/dev from 44 to 45 by @dependabot in #13532
• build(deps): bump tj-actions/changed-files from 45.0.5 to 45.0.6 by @dependabot in #13531
• build(deps): bump serde from 1.0.216 to 1.0.217 by @dependabot in #13530
• build(deps): bump quote from 1.0.37 to 1.0.38 by @dependabot in #13529
• build(deps): bump rustversion from 1.0.18 to 1.0.19 by @dependabot in #13528
• build(deps): bump async-trait from 0.1.83 to 0.1.84 by @dependabot in #13527
• build(deps): bump cc from 1.2.5 to 1.2.7 by @dependabot in #13526
• build(deps): bump linkerd/dev from v44 to v45 by @olix0r in #13525
• build(deps): bump @fortawesome/free-solid-svg-icons from 6.7.1 to 6.7.2 in /web/app by @dependabot in #13515
• build(deps-dev): bump webpack-cli from 5.1.4 to 6.0.1 in /web/app by @dependabot in #13513
• build(deps): bump @fortawesome/fontawesome-svg-core from 6.7.1 to 6.7.2 in /web/app by @dependabot in #13514
• build(deps): bump @fortawesome/free-regular-svg-icons from 6.7.1 to 6.7.2 in /web/app by @dependabot in #13512
• build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0 by @dependabot in #13535
• build(deps): bump softprops/action-gh-release from 2.2.0 to 2.2.1 by @dependabot in #13542
• build(deps): bump the clap group with 3 updates by @dependabot in #13541
• build(deps): bump pin-project-lite from 0.2.15 to 0.2.16 by @dependabot in #13536
• build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2 by @dependabot in #13540
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot in #13547
• build(deps): bump security-framework-sys from 2.13.0 to 2.14.0 by @dependabot in #13546
• build(deps): bump the clap group with 2 updates by @dependabot in #13545
• build(deps): bump serde_json from 1.0.134 to 1.0.135 by @dependabot in #13539
• build(deps): bump async-trait from 0.1.84 to 0.1.85 by @dependabot in #13538
• build(deps): bump pin-project from 1.1.7 to 1.1.8 by @dependabot in #13537
• build(deps): bump golang.org/x/tools from 0.28.0 to 0.29.0 by @dependabot in #13534
• build(deps): bump thiserror from 2.0.9 to 2.0.11 by @dependabot in #13555
• build(deps): bump cc from 1.2.7 to 1.2.9 by @dependabot in #13554
• build(deps): bump core-js from 3.39.0 to 3.40.0 in /web/app by @dependabot in #13549
• chore(policy): use rustls-tls instead of openssl-tls by @alpeb in #13502
• test(policy): Reduce duplication in outbound policy API tests by @adleong in #13543
• chore(dashboard): Make CSWSH protection explicit by @alpeb in #13548
• build(deps-dev): bump eslint-plugin-react from 7.37.2 to 7.37.3 in /web/app by @dependabot in #13550
• build(deps): bump google.golang.org/grpc from 1.69.2 to 1.69.4 by @dependabot in #13558
• build(deps): bump tokio from 1.42.0 to 1.43.0 by @dependabot in #13561
• build(deps): bump miniz_oxide from 0.8.2 to 0.8.3 by @dependabot in #13560
• build(deps): bump linux-raw-sys from 0.4.14 to 0.4.15 by @dependabot in #13556
• build(deps-dev): bump @babel/eslint-parser from 7.25.9 to 7.26.5 in /web/app by @dependabot in #13551
• build(deps): bump proc-macro2 from 1.0.92 to 1.0.93 by @dependabot in #13559
• build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 by @dependabot in #13568
• build(deps): bump helm.sh/helm/v3 from 3.16.4 to 3.17.0 by @dependabot in #13567
• build(deps): bump data-encoding from 2.6.0 to 2.7.0 by @dependabot in #13564
• build(deps): bump log from 0.4.22 to 0.4.25 by @dependabot in #13563
• Relax Pod readiness requirements for destination controller by @tjorri in #13557

New Contributors

• @omer2500 made their first contribution in #13305
• @cratelyn made their first contribution in #13492
• @tjorri made their first contribution in #13557

Full Changelog: edge-24.11.8...edge-25.1.1