Warning: there is a known issue where upgrading to this release with the --prune flag as described in the Linkerd Upgrade documentation will delete certain Linkerd configuration and prevent you from performing any subsequent upgrades. It is highly recommended that you skip this version and instead upgrade directly to stable-2.9.3 or later. If you have already upgraded to this version, you can repair your installation by upgrading your CLI to stable-2.9.3 and using the linkerd repair command.
stable-2.9.0
This release extends Linkerd's zero-config mutual TLS (mTLS) support to all TCP
connections, allowing Linkerd to transparently encrypt and authenticate all TCP
connections in the cluster the moment it's installed. It also adds ARM support,
introduces a new multi-core proxy runtime for higher throughput, adds support
for Kubernetes service topologies, and lots, lots more, as described below:
(For upgrade instructions please check the docs)
-
Proxy
- Performed internal improvements for lower latencies under high concurrency
- Reduced performance impact of logging, especially when the
debugor
tracelog levels are disabled - Improved error handling for DNS errors encountered when discovering control
plane addresses; this can be common during installation before all
components have been started, allowing linkerd to continue to operate
normally in HA during node outages
-
Control Plane
- Added support for topology-aware service
routing
to the Destination controller; when providing service discovery updates to
proxies the Destination controller will now filter endpoints based on the
service's topology preferences - Added support for the new Kubernetes
EndpointSlice
resource to the Destination controller; Linkerd can be installed with
--enable-endpoint-slicesflag to use this resource rather than the
Endpoints API in clusters where this new API is supported
- Added support for topology-aware service
-
Dashboard
- Added new Spanish translations (please help us translate into your
language!) - Added new section for exposing multicluster gateway metrics
- Added new Spanish translations (please help us translate into your
-
CLI
- Renamed the
--addon-configflag to--configto clarify this flag can be
used to set any Helm value - Added fish shell completions to the
linkerdcommand
- Renamed the
-
Multicluster
- Replaced the single
service-mirrorcontroller with separate controllers
that will be installed per target cluster throughlinkerd multicluster link - Changed the mechanism for mirroring services: instead of relying on
annotations on the target services, now the source cluster should specify
which services from the target cluster should be exported by using a label
selector - Added support for creating multiple service accounts when installing
multicluster with Helm to allow more granular revocation - Added a multicluster
unlinkcommand for removing multicluster links
- Replaced the single
-
Prometheus
- Moved Linkerd's bundled Prometheus into an add-on (enabled by default); this
makes the Linkerd Prometheus more configurable, gives it a separate upgrade
lifecycle from the rest of the control plane, and allows users to
disable the bundled Prometheus instance - The long-awaited Bring-Your-Own-Prometheus case has been finally addressed:
addedglobal.prometheusUrlto the Helm config to have linkerd use an
external Prometheus instance instead of the one provided by default - Added an option to persist data to a volume instead of memory, so that
historical metrics are available when Prometheus is restarted - The helm chart can now configure persistent storage and limits
- Moved Linkerd's bundled Prometheus into an add-on (enabled by default); this
-
Other
- Added a new
linkerd.io/inject: ingressannotation and accompanying
--ingressflag to theinjectcommand, to configure the proxy to support
service profiles and enable per-route metrics and traffic splits for HTTP
ingress controllers - Changed the type of the injector and tap API secrets to
kubernetes.io/tls
so they can be provisioned by cert-manager - Changed default docker image repository to
ghcr.iofromgcr.io; Users
who pull the images into private repositories should take note of this
change - Introduced support for authenticated docker registries
- Simplified the way that Linkerd stores its configuration; configuration is
now stored as Helm values in thelinkerd-configConfigMap - Added support for Helm configuration of per-component proxy resources
requests
- Added a new
This release includes changes from a massive list of contributors. A special
thank-you to everyone who helped make this release possible:
Abereham G Wodajie, Alexander Berger, Ali Ariff, Arthur Silva Sens, Chris Campbell,
Daniel Lang, David Tyler, Desmond Ho, Dominik Münch, George Garces, Herrmann Hinz,
Hu Shuai, Jeffrey N. Davis, Joakim Roubert, Josh Soref, Lutz Behnke, MaT1g3R,
Marcus Vaal, Markus, Matei David, Matt Miller, Mayank Shah, Naseem, Nil, OlivierB,
Olukayode Bankole, Paul Balogh, Rajat Jindal, Raphael Taylor-Davies, Simon Weald,
Steve Gray, Suraj Deshmukh, Tharun Rajendran, Wei Lun, Zhou Hao, ZouYu, aimbot31,
iohenkies, memory and tbsoares