stable-2.10.0
stable-2.10.0
This release introduces Linkerd extensions. The default control plane no longer
includes Prometheus, Grafana, the dashboard, or several other components that
previously shipped by default. This results in a much smaller and simpler set
of core functionalities. Visibility and metrics functionality is now available
in the Viz extension under the linkerd viz
command. Cross-cluster
communication functionality is now available in the Multicluster extension
under the linkerd multicluster
command. Distributed tracing functionality is
now available in the Jaeger extension under the linkerd jaeger
command.
This release also introduces the ability to mark certain ports as "opaque",
indicating that the proxy should treat the traffic as opaque TCP instead of
attempting protocol detection. This allows the proxy to provide TCP metrics
and mTLS for server-speaks-first protocols. It also enables support for
TCP traffic in the Multicluster extension.
Upgrade notes: Please see the upgrade
instructions.
-
Proxy
- Updated the proxy to use TLS version 1.3; support for TLS 1.2 remains
enabled for compatibility with prior proxy versions - Improved support for server-speaks-first protocols by allowing ports to be
marked as opaque, causing the proxy to skip protocol detection. Ports can
be marked as opaque by setting theconfig.linkerd.io/opaque-ports
annotation on the Pod and Service or by using the--opaque-ports
flag with
linkerd inject
- Ports
25,443,587,3306,5432,11211
have been removed from the default skip
ports; all traffic through those ports is now proxied and handled opaquely
by default - Fixed an issue that could cause proxies in "ingress mode"
(linkerd.io/inject: ingress
) to use an excessive amount of memory - Improved diagnostic logging around "fail fast" and "max-concurrency
exhausted" error messages - Added a new
/shutdown
admin endpoint that may only be accessed over the
loopback network allowing batch jobs to gracefully terminate the proxy on
completion
- Updated the proxy to use TLS version 1.3; support for TLS 1.2 remains
-
Control Plane
- Removed all components and functionality related to visibility, tracing,
or multicluster. These have been moved into extensions - Changed the identity controller to receive the trust anchor via environment
variable instead of by flag; this allows the certificate to be loaded from a
config map or secret (thanks @mgoltzsche!) - Added PodDisruptionBudgets to the control plane components so that they
cannot be all terminated at the same time during disruptions
(thanks @tustvold!)
- Removed all components and functionality related to visibility, tracing,
-
CLI
- Changed the
check
command to include each installed extension'scheck
output; this allows users to check for proper configuration and installation
of Linkerd without running a command for each extension - Moved the
metrics
,endpoints
, andinstall-sp
commands into subcommands
under thediagnostics
command - Added an
--opaque-ports
flag tolinkerd inject
to easily mark ports
as opaque. - Added the
repair
command which will repopulate resources needed for
properly upgrading a Linkerd installation - Added Helm-style
set
,set-string
,values
,set-files
customization
flags for thelinkerd install
andlinkerd upgrade
commands - Introduced the
linkerd identity
command, used to fetch the TLS certificates
for injected pods (thanks @jimil749) - Removed the
get
andlogs
command from the CLI
- Changed the
-
Helm
- Changed many Helm values, please see the upgrade notes
-
Viz
- Introduced the
linkerd viz
subcommand which contains commands for
installing the viz extension and all visibility commands - Updated the Web UI to only display the "Gateway" sidebar link when the
multicluster extension is active - Added a
linkerd viz list
command to list pods with tap enabled - Fixed an issue where the
tap
APIServer would not refresh its certs
automatically when provided externally—like through cert-manager
- Introduced the
-
Multicluster
- Introduced the
linkerd multicluster
subcommand which contains commands for
installing the multicluster extension and all multicluster commands - Added support for cross-cluster TCP traffic
- Updated the service mirror controller to copy the
config.linkerd.io/opaque-ports
annotation when mirroring services so that
cross-cluster traffic can be correctly handled as opaque - Added support for multicluster gateways of types other than LoadBalancer
(thanks @DaspawnW!)
- Introduced the
-
Jaeger
- Introduced the
linkerd jaeger
subcommand which contains commands for
installing the jaeger extension and all tracing commands - Added a
linkerd jaeger list
command to list pods with tracing enabled
- Introduced the
This release includes changes from a massive list of contributors. A special
thank-you to everyone who helped make this release possible:
Lutz Behnke
Björn Wenzel
Filip Petkovski
Simon Weald
GMarkfjard
hodbn
Hu Shuai
Jimil Desai
jiraguha
Joakim Roubert
Josh Soref
Kelly Campbell
Matei David
Mayank Shah
Max Goltzsche
Mitch Hulscher
Eugene Formanenko
Nathan J Mehl
Nicolas Lamirault
Oleh Ozimok
Piyush Singariya
Naga Venkata Pradeep Namburi
rish-onesignal
Shai Katz
Takumi Sue
Raphael Taylor-Davies
Yashvardhan Kukreja