All Versions
Latest Version
Avg Release Cycle
6 days
Latest Release
7 days ago

Changelog History
Page 1

  • v20.11.4

    November 20, 2020


    • ๐Ÿ›  Fixed an issue in the destination service where endpoints always included a
      protocol hint, regardless of the controller label being present or not
  • v20.11.3

    November 19, 2020


    ๐Ÿš€ This edge release improves support for CNI by properly handling parameters
    passed to the nsenter command, relaxes checks on root and intermediate
    ๐Ÿ›  certificates (following X509 best practices), and fixes two issues: one that
    prevented installation of the control plane into a custom namespace and one
    โšก๏ธ which failed to update endpoint information when a headless service is modified.
    ๐Ÿš€ This release also improves linkerd proxy performance by eliminating unnecessary
    endpoint resolutions for TCP traffic and properly tearing down serverside
    connections when errors occur.

    • โž• Added HTTP/2 keepalive PING frames
    • โœ‚ Removed logic to avoid redundant TCP endpoint resolution
    • ๐Ÿ›  Fixed an issue where serverside connections were not torn down when an error
    • โšก๏ธ Updated linkerd check so that it doesn't attempt to validate the subject
      alternative name (SAN) on root and intermediate certificates. SANs for leaf
      certificates will continue to be validated
    • ๐Ÿ›  Fixed a CLI issue where the linkerd-namespace flag is not honored when
      โฌ†๏ธ passed to the install and upgrade commands
    • ๐Ÿ›  Fixed an issue where the proxy does not receive updated endpoint information
      when a headless service is modified
    • โšก๏ธ Updated the control plane Docker images to use buster-20201117-slim to
      ๐Ÿ”’ reduce potential security vulnerabilities
    • โšก๏ธ Updated the proxy-init container to v1.3.7 which fixes CNI issues in certain
      ๐Ÿ“œ environments by properly parsing nsenter args
  • v20.11.2

    November 12, 2020


    ๐Ÿš€ This edge release reduces memory consumption of Linkerd proxies which maintain
    ๐Ÿšš many idle connections (such as Prometheus). It also removes some obsolete
    commands from the CLI and allows setting custom annotations on multicluster

    • โฌ‡๏ธ Reduced the default idle connection timeout to 5s for outbound clients and
      ๐Ÿ–จ 20s for inbound clients to reduce the proxy's memory footprint, especially on
      Prometheus instances
    • โž• Added support for setting annotations on the multicluster gateway in Helm
      which allows setting the load balancer as internal (thanks @shaikatz!)
    • โœ‚ Removed the get and logs command from the CLI
  • v20.11.1

    November 03, 2020


    ๐Ÿš€ This edge supersedes edge-20.10.6 as a release candidate for stable-2.9.0.

    • ๐Ÿ›  Fixed issue where the check command would error when there is no Prometheus
      ๐Ÿ”ง configured
    • ๐Ÿ›  Fixed recent regression that caused multicluster on EKS to not work properly
    • ๐Ÿ”„ Changed the check command to warn instead of error when webhook certificates
      are near expiry
    • โž• Added the --ingress flag to the inject command which adds the recently
      introduced ingress annotation
    • ๐Ÿ›  Fixed issue with upgrades where external certs would be fetched and stored
      even though this does not happen on fresh installs with externally created
    • ๐Ÿ›  Fixed issue with upgrades where the issuer cert expiration was being reset
    • โœ‚ Removed the --registry flag from the multicluster install command
    • โœ‚ Removed default CPU limits for the proxy and control plane components in HA
  • v20.10.6

    October 27, 2020


    ๐Ÿš€ This edge supersedes edge-20.10.5 as a release candidate for stable-2.9.0. It
    โž• adds a new ingress annotation to support service profiles
    and enable per-route metrics and traffic splits for HTTP ingress controllers

    • โž• Added a new ingress annotation to configure the
      ๐Ÿ‘ proxy to support service profiles and enable per-route metrics and traffic
      splits for HTTP ingress controllers
    • ๐ŸŽ Reduced performance impact of logging in the proxy, especially when the
      ๐ŸŒฒ debug or trace log levels are disabled
    • ๐Ÿ›  Fixed spurious warnings logged by the linkerd profile CLI command
  • v20.10.5

    October 23, 2020


    ๐Ÿš€ This edge supersedes edge-20.10.4 as a release candidate for stable-2.9.0. It
    โž• adds a fix for updating the destination service when there are no endpoints

    • โž• Added a fix to clear the EndpointTranslator state when it gets a
      NoEndpoints message. This ensures that the clients get the correct set of
      โšก๏ธ endpoints during an update.
  • v20.10.4

    October 23, 2020


    ๐Ÿš€ This edge release is a release candidate for stable-2.9.0. For the proxy, there
    ๐ŸŽ have been changes to improve performance, remove unused code, and configure
    ๐Ÿš€ ports that can be ignored by default. Also, this edge release adds enhancements
    ๐ŸŒ to the multicluster configuration and observability, adds more translations to
    the dashboard, and addresses a bug in the CLI.

    • โž• Added more Spanish translations to the dashboard and more labels that can be
    • โž• Added support for creating multiple service accounts when installing
      multicluster with Helm to allow more granular revocation
    • ๐Ÿ“‡ Renamed global.proxy.destinationGetNetworks to global.clusterNetworks.
      This is a cluster-wide setting and can no longer be overridden per-pod
    • ๐Ÿ›  Fixed an empty multicluster Grafana graph which used a deprecated label
    • โž• Added the control plane tracing ServiceAccounts to the linkerd-psp
      RoleBinding so that it can be used in environments where PodSecurityPolicy
      is enabled
    • โœจ Enhanced EKS support by adding to the set of discoverable
    • ๐Ÿ›  Fixed a bug in the way that the --all-namespaces flag is handled by the
      linkerd edges command
    • โž• Added a default set of ports to bypass the proxy for server-first, https,
      and memcached traffic
  • v20.10.3

    October 15, 2020


    ๐Ÿš€ This edge release is a release candidate for stable-2.9.0. It overhauls the
    discovery and routing logic implemented by the proxy, simplifies the way that
    ๐Ÿ”— Linkerd stores configuration, and adds new Helm values to configure additional
    labels, annotations, and namespace selectors for webhooks.

    • โž• Added podLabels and podAnnotations Helm values to allow adding additional
      labels or annotations to Linkerd control plane pods (thanks @tustvold!)
    • โž• Added namespaceSelector Helm value for configuring the namespace selector
      ๐Ÿ‘‰ used by admission webhooks (thanks @tustvold!)
    • Expanded the 'linkerd edges' command to show TCP connections
    • Overhauled the discovery and routing logic implemented by the proxy:
      • The l5d-dst-override header is no longer honored
      • When the application attempts to connect to a pod IP, the proxy no
        longer load balances these requests among all pods in the service.
        The proxy will now honor session-stickiness as selected by an
        application-level load balancer
      • TrafficSplits are only applied when a client targets a service's IP
      • The proxy no longer performs DNS "canonicalization" to translate
        relative host header names to a fully-qualified form
    • ๐Ÿ”ง Simplified the way that Linkerd stores its configuration. Configuration is
      now stored as Helm values in the linkerd-config ConfigMap
    • ๐Ÿ“‡ Renamed the --addon-config flag to --config to clarify this flag can be used
      to set any Helm value
  • v20.10.2

    October 08, 2020


    ๐Ÿš€ This edge release adds more improvements for mTLS for all TCP traffic.
    It also includes significant internal improvements to the way Linkerd
    ๐Ÿ”ง configuration is stored within the cluster.

    • ๐Ÿ”„ Changed TCP metrics exported by the proxy to ensure that peer
      identities are encoded via the client_id and server_id labels.
    • โœ‚ Removed the dependency of control plane components on linkerd-config
    • โšก๏ธ Updated the data structure proxy-injector uses to derive the configuration
      ๐Ÿ‘‰ used when injecting workloads
  • v20.10.1

    October 02, 2020


    ๐Ÿš€ This edge release includes a couple of external contributions towards
    ๐Ÿ‘Œ improved cert-manager support and Grafana charts fixes, among other
    โœจ enhancements.

    • ๐Ÿ”„ Changed the type of the injector and tap API secrets to,
      so they can be provisioned by cert-manager (thanks @cypherfox!)
    • ๐Ÿ›  Fixed the "Kubernetes cluster monitoring" Grafana dashboard that had a few
      charts with incomplete data (thanks @aimbot31!)
    • ๐Ÿ›  Fixed the service-mirror multicluster component so that it retries
      connections to the target cluster's Kubernetes API when it's not reachable,
      instead of blocking
    • 0๏ธโƒฃ Increased the proxy's default timeout for DNS resolution to 500ms, as there
      were reports that 100ms was too restrictive