github linkerd/linkerd2 stable-2.11.2
on GitHub

latest releases: edge-24.10.5, edge-24.10.4, edge-24.10.3...
2 years ago

stable-2.11.2

This release pulls in many small fixes and improvements from the main
development branch. It features changes to the multicluster extension to
support the new linkerd-failover extension so that clients can
failover across services hosted on remote clusters.

  • CLI

    • Updated check to avoid checking the proxy version of uninjected pods
    • Updated check to skip evicted pods
    • Updated extension install commands to support the --ignore-cluster flag

  • Core

    • Fixed a bug in the destination controller that could prevent service
      endpoint updates from being sent to the proxy
    • Updated the destination controller to honor Server resources when
      determining an endpoint's opaqueness
    • Updated the proxy to correctly honor opaque protocol hints for
      non-Kubernetes targets, i.e., when a workload's
      config.linkerd.io/enable-external-profiles annotation is set to true
    • Updated controller webhook servers to ensure that TLS v1.2 or greater is
      used
    • Disabled pprof in control plane admin endpoints by default
    • Updated controllers to ensure that user input is quoted & escaped
      in log messages
    • Updated the proxy's linkerd-await post-start hook to timeout after 2
      minutes. This makes it easier to debug proxies that fail to become ready
    • Updated the proxy init container to support JSON log formatting
    • Added a config.linkerd.io/skip-subnets workload annotation that can be
      used to configure the proxy-init to skip rewriting all traffic to a given
      subnet. This is primarily intended to support docker-in-docker deployments
    • Updated the policy controller to use an openssl backend for its admission
      controller server on x86_64 to improve interopability with more exotic
      Kubernetes server configurations
    • Updated the policy controller to dynamically reload its webhook server
      credentials without restarting
    • Updated the Server CRD to relax OpenAPI schema validation requirements
    • Updated the policy controller webhook server to enforce validation of
      Server and ServerAuthorization resources
    • Added a proxyInit.runAsRoot helm variable that may be set to false to run
      the proxy-init container as a non-root user
    • Updated controller servers to limit the amount of data that may be buffered
      to guard against malicious clients
    • Removed use of the deprecated beta.kubernetes.io/node label

  • Jaeger

    • Upgraded jaeger to v1.31 and opentelemetry-collector to v0.43 to support
      ARM

  • Multicluster

    • Updated service mirrors so that local services reflect the
      readiness of the remote service. When the remote service has no ready
      endpoints or when its gateway is unavailable, the mirrored local service
      will also have no ready endpoints
    • Fixed a configuration issue that prevented multicluster gateways from
      running on ARM nodes
    • Updated multicluster service mirrors to only create mirrored services when
      the service's namespace already exists in the local cluster
    • Fixed a bug that prevented WebSocket requests from being routed by gateways
    • Updated the linkerd-multicluster-link Helm chart so that a RoleBinding
      is created for each target cluster. This role binding is now only created
      when the enablePSP helm value is set to true
    • Added a linkerd multicluster install --ha flag to run gateways with
      multiple replicas, pod disruption budgets, anti-affinity settings, etc
Check out latest releases or
releases around linkerd/linkerd2 stable-2.11.2

Don't miss a new linkerd2 release

NewReleases is sending notifications on new releases.

Get notifications