edge-20.11.2

This edge release reduces memory consumption of Linkerd proxies which maintain
many idle connections (such as Prometheus). It also removes some obsolete
commands from the CLI and allows setting custom annotations on multicluster
gateways.

• Reduced the default idle connection timeout to 5s for outbound clients and
  20s for inbound clients to reduce the proxy's memory footprint, especially on
  Prometheus instances
• Added support for setting annotations on the multicluster gateway in Helm
  which allows setting the load balancer as internal (thanks @shaikatz!)
• Removed the get and logs command from the CLI

Warning: there is a known issue where upgrading to this release with the --prune flag as described in the Linkerd Upgrade documentation will delete certain Linkerd configuration and prevent you from performing any subsequent upgrades. It is highly recommended that you skip this version and instead upgrade directly to stable-2.9.3 or later. If you have already upgraded to this version, you can repair your installation by upgrading your CLI to stable-2.9.3 and using the linkerd repair command.

stable-2.9.0

This release extends Linkerd's zero-config mutual TLS (mTLS) support to all TCP
connections, allowing Linkerd to transparently encrypt and authenticate all TCP
connections in the cluster the moment it's installed. It also adds ARM support,
introduces a new multi-core proxy runtime for higher throughput, adds support
for Kubernetes service topologies, and lots, lots more, as described below:

(For upgrade instructions please check the docs)

• Proxy

  • Performed internal improvements for lower latencies under high concurrency
  • Reduced performance impact of logging, especially when the debug or
    trace log levels are disabled
  • Improved error handling for DNS errors encountered when discovering control
    plane addresses; this can be common during installation before all
    components have been started, allowing linkerd to continue to operate
    normally in HA during node outages

• Control Plane

  • Added support for topology-aware service
    routing
    to the Destination controller; when providing service discovery updates to
    proxies the Destination controller will now filter endpoints based on the
    service's topology preferences
  • Added support for the new Kubernetes
    EndpointSlice
    resource to the Destination controller; Linkerd can be installed with
    --enable-endpoint-slices flag to use this resource rather than the
    Endpoints API in clusters where this new API is supported

• Dashboard

  • Added new Spanish translations (please help us translate into your
    language!)
  • Added new section for exposing multicluster gateway metrics

• CLI

  • Renamed the --addon-config flag to --config to clarify this flag can be
    used to set any Helm value
  • Added fish shell completions to the linkerd command

• Multicluster

  • Replaced the single service-mirror controller with separate controllers
    that will be installed per target cluster through linkerd multicluster link
  • Changed the mechanism for mirroring services: instead of relying on
    annotations on the target services, now the source cluster should specify
    which services from the target cluster should be exported by using a label
    selector
  • Added support for creating multiple service accounts when installing
    multicluster with Helm to allow more granular revocation
  • Added a multicluster unlink command for removing multicluster links

• Prometheus

  • Moved Linkerd's bundled Prometheus into an add-on (enabled by default); this
    makes the Linkerd Prometheus more configurable, gives it a separate upgrade
    lifecycle from the rest of the control plane, and allows users to
    disable the bundled Prometheus instance
  • The long-awaited Bring-Your-Own-Prometheus case has been finally addressed:
    added global.prometheusUrl to the Helm config to have linkerd use an
    external Prometheus instance instead of the one provided by default
  • Added an option to persist data to a volume instead of memory, so that
    historical metrics are available when Prometheus is restarted
  • The helm chart can now configure persistent storage and limits

• Other

  • Added a new linkerd.io/inject: ingress annotation and accompanying
    --ingress flag to the inject command, to configure the proxy to support
    service profiles and enable per-route metrics and traffic splits for HTTP
    ingress controllers
  • Changed the type of the injector and tap API secrets to kubernetes.io/tls
    so they can be provisioned by cert-manager
  • Changed default docker image repository to ghcr.io from gcr.io; Users
    who pull the images into private repositories should take note of this
    change
  • Introduced support for authenticated docker registries
  • Simplified the way that Linkerd stores its configuration; configuration is
    now stored as Helm values in the linkerd-config ConfigMap
  • Added support for Helm configuration of per-component proxy resources
    requests

This release includes changes from a massive list of contributors. A special
thank-you to everyone who helped make this release possible:
Abereham G Wodajie, Alexander Berger, Ali Ariff, Arthur Silva Sens, Chris Campbell,
Daniel Lang, David Tyler, Desmond Ho, Dominik Münch, George Garces, Herrmann Hinz,
Hu Shuai, Jeffrey N. Davis, Joakim Roubert, Josh Soref, Lutz Behnke, MaT1g3R,
Marcus Vaal, Markus, Matei David, Matt Miller, Mayank Shah, Naseem, Nil, OlivierB,
Olukayode Bankole, Paul Balogh, Rajat Jindal, Raphael Taylor-Davies, Simon Weald,
Steve Gray, Suraj Deshmukh, Tharun Rajendran, Wei Lun, Zhou Hao, ZouYu, aimbot31,
iohenkies, memory and tbsoares

edge-20.11.1

This edge supersedes edge-20.10.6 as a release candidate for stable-2.9.0.

• Fixed issue where the check command would error when there is no Prometheus
  configured
• Fixed recent regression that caused multicluster on EKS to not work properly
• Changed the check command to warn instead of error when webhook certificates
  are near expiry
• Added the --ingress flag to the inject command which adds the recently
  introduced linkerd.io/inject: ingress annotation
• Fixed issue with upgrades where external certs would be fetched and stored
  even though this does not happen on fresh installs with externally created
  certs
• Fixed issue with upgrades where the issuer cert expiration was being reset
• Removed the --registry flag from the multicluster install command
• Removed default CPU limits for the proxy and control plane components in HA
  mode

edge-20.10.6

This edge supersedes edge-20.10.5 as a release candidate for stable-2.9.0. It
adds a new linkerd.io/inject: ingress annotation to support service profiles
and enable per-route metrics and traffic splits for HTTP ingress controllers

• Added a new linkerd.io/inject: ingress annotation to configure the
  proxy to support service profiles and enable per-route metrics and traffic
  splits for HTTP ingress controllers
• Reduced performance impact of logging in the proxy, especially when the
  debug or trace log levels are disabled
• Fixed spurious warnings logged by the linkerd profile CLI command

edge-20.10.5

This edge supersedes edge-20.10.4 as a release candidate for stable-2.9.0. It
adds a fix for updating the destination service when there are no endpoints

• Added a fix to clear the EndpointTranslator state when it gets a
  NoEndpoints message. This ensures that the clients get the correct set of
  endpoints during an update.

edge-20.10.4

This edge release is a release candidate for stable-2.9.0. For the proxy, there
have been changes to improve performance, remove unused code, and configure
ports that can be ignored by default. Also, this edge release adds enhancements
to the multicluster configuration and observability, adds more translations to
the dashboard, and addresses a bug in the CLI.

• Added more Spanish translations to the dashboard and more labels that can be
  translated
• Added support for creating multiple service accounts when installing
  multicluster with Helm to allow more granular revocation
• Renamed global.proxy.destinationGetNetworks to global.clusterNetworks.
  This is a cluster-wide setting and can no longer be overridden per-pod
• Fixed an empty multicluster Grafana graph which used a deprecated label
• Added the control plane tracing ServiceAccounts to the linkerd-psp
  RoleBinding so that it can be used in environments where PodSecurityPolicy
  is enabled
• Enhanced EKS support by adding 100.64.0.0/10 to the set of discoverable
  networks
• Fixed a bug in the way that the --all-namespaces flag is handled by the
  linkerd edges command
• Added a default set of ports to bypass the proxy for server-first, https,
  and memcached traffic

edge-20.10.3

This edge release is a release candidate for stable-2.9.0. It overhauls the
discovery and routing logic implemented by the proxy, simplifies the way that
Linkerd stores configuration, and adds new Helm values to configure additional
labels, annotations, and namespace selectors for webhooks.

• Added podLabels and podAnnotations Helm values to allow adding additional
  labels or annotations to Linkerd control plane pods (thanks @tustvold!)
• Added namespaceSelector Helm value for configuring the namespace selector
  used by admission webhooks (thanks @tustvold!)
• Expanded the 'linkerd edges' command to show TCP connections
• Overhauled the discovery and routing logic implemented by the proxy:
  • The l5d-dst-override header is no longer honored
  • When the application attempts to connect to a pod IP, the proxy no
    longer load balances these requests among all pods in the service.
    The proxy will now honor session-stickiness as selected by an
    application-level load balancer
  • TrafficSplits are only applied when a client targets a service's IP
  • The proxy no longer performs DNS "canonicalization" to translate
    relative host header names to a fully-qualified form
• Simplified the way that Linkerd stores its configuration. Configuration is
  now stored as Helm values in the linkerd-config ConfigMap
• Renamed the --addon-config flag to --config to clarify this flag can be used
  to set any Helm value

edge-20.10.2

This edge release adds more improvements for mTLS for all TCP traffic.
It also includes significant internal improvements to the way Linkerd
configuration is stored within the cluster.

• Changed TCP metrics exported by the proxy to ensure that peer
  identities are encoded via the client_id and server_id labels.
• Removed the dependency of control plane components on linkerd-config
• Updated the data structure proxy-injector uses to derive the configuration
  used when injecting workloads

edge-20.10.1

This edge release includes a couple of external contributions towards
improved cert-manager support and Grafana charts fixes, among other
enhancements.

• Changed the type of the injector and tap API secrets to kubernetes.io/tls,
  so they can be provisioned by cert-manager (thanks @cypherfox!)
• Fixed the "Kubernetes cluster monitoring" Grafana dashboard that had a few
  charts with incomplete data (thanks @aimbot31!)
• Fixed the service-mirror multicluster component so that it retries
  connections to the target cluster's Kubernetes API when it's not reachable,
  instead of blocking
• Increased the proxy's default timeout for DNS resolution to 500ms, as there
  were reports that 100ms was too restrictive

edge-20.9.4

This edge release introduces support for authenticated docker registries and
fixes a recent multicluster regression.

• Fixed a regression in multicluster gateway configurations that would forbid
  inbound gateway traffic
• Upgraded bundled Grafana to v7.1.5
• Enabled Jaeger receiver in collector configuration in Helm chart (thanks
  @olivierboudet!)
• Fixed skip port configuration being skipped in CNI plugin
• Introduced support for authenticated docker registries (thanks @c-n-c!)