preview-24.5.5
May 17, 2024
- Release candidate for the
enterprise-2.15.3
release
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0
or later.
A production-ready distribution of Linkerd brought to you by Buoyant, the creators of Linkerd.
enterprise-2.15.3
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0
or later.
enterprise-2.15.3
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0
or later.
enterprise-2.15.3
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1
or later.
The 2.15.2 stable point release includes bug fixes, CVE remediations, and some minor feature updates. It merges HAZL into the main proxy build (previous releases required a separate build), improves certain metrics, and fixes a memory leak in the policy controller.
Please follow the instructions in Upgrading Buoyant Enterprise for Linkerd.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
linkerd license
CLI command, to output client and server license
information.linkerd check
to validate Linkerd version strings that include build
and patch info, e.g. enterprise-2.15.1-1-fips
licenseSecret
Helm value to allow storing the Buoyant license in
a Kubernetes secret.To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
linkerd check
to validate Linkerd version strings that include build
and and patch info, e.g. enterprise-2.15.1-1-fips
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
linkerd license
CLI command, to output client and server
license information.To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
licenseSecret
Helm value to allow storing the Buoyant license
in a Kubernetes secret.To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.3
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.2
or later.
This is a minor update that is primarily intended to assist Enterprise Plan users who are enabling HAZL.
Users on the Enterprise Plan who want to enable HAZL should upgrade.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.2
or later.
AdditionalEnv
and
AdditionalArgs
values,
allowing users to enable features such as HAZL (when available) with the newer
terminology.Linkerd 2.15 is a new major release that adds support for workloads outside of Kubernetes. This new “mesh expansion” feature allows Linkerd users to bring applications running on VMs, physical machines, and other non-Kubernetes locations into the mesh.
Linkerd 2.15 also introduces support for SPIFFE, a standard for workload identity which allows Linkerd to provide cryptographic identity and authentication to off-cluster workloads.
Finally, Linkerd 2.15 adds support for native sidecar containers, a new Kubernetes feature that eases some of the long-standing annoyances of the sidecar model in Kubernetes, especially with Job workloads.
See the BEL 2.15 announcement blog post for more details.
This is a feature release that unlocks new capabilities. Users with non-Kubernetes workloads that they want to add to the mesh, or users who want to use Kubernetes 1.29, should upgrade.
Users with Job workloads, init container race conditions, or other situations that would benefit from native sidecar support, can upgrade to simplify their usage of Linkerd. Native sidecar support can obviate the need for linkerd-await in Job workloads and can allow Linkerd to work well with other init containers.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1
or later.
This release changes the minimum supported Kubernetes version to 1.22, and the update the maximum supported Kubernetes version to 1.29.
Job
s. Furthermore, traffic from other initContainer
s can now be
proxied by Linkerd (#11465;
fixes #11461).ExternalWorkload
CRD to support enrolling VMs into a meshed
Kubernetes clusterEndpointSlice
resources for Service
objects that select external workloadsJob
informer. The destination controller uses the metadata API
to retrieve Job
metadata, and relies mostly on informers. Without an
initialized informer, an error message would be logged, and the controller
relied on direct API calls
(#11541; fixes
#11531)Server
updates are handled in the destination service. The
change will ensure that during a cluster resync, consumers won’t be overloaded
by redundant updates
(#11907)INVALID_ARGUMENT
status codes
properly when a ServiceProfile
is requested for a service that does not
exist. (#11980)Server
selector are handled in the destination
service. When a Server
that marks a port as opaque no longer selects a
resource, the resource’s opaqueness will reverted to default settings
(#12031; fixes
#11995)externalWorkloadSelector
to the Server
resource to fascilitate
policy for ExternalWorkloads`
#11899EndpointSlices
that point ExternalWorkload
resources #11939MeshTLSAuthentication
#11882"duplicate metrics"
warning in the multicluster service-mirror
component #11875; fixes
#11839linkerd check
that ensures all extension namespaces are
configured properlylinkerd multicluster link
command’s
--gateway-addresses
flag was not respected when a remote gateway existsremoteDiscoverySelector
field in a
multicluster link would cause all services to be mirroredlinkerd-jaeger
’s imagePullSecrets
Helm value to also apply to the
namespace-metadata
ServiceAccount
#11504linkerd viz check
to attempt to validate that the Prometheus scrape
interval will work well with the CLI and Web query parameters
(#11376)ServiceProfile
CRD schema. The schema incorrectly
required that a not
response match should be an array, which the service
profile validator rejected since it expected an object. The schema has been
updated to properly indicate that not
values should be an object
(#11510; fixes
#11483)ServiceProfile
resources through linkerd profile --open-api
(#11519)multicluster check --timeout
flag to limit the time allowed
for Kubernetes API calls
(#11420; fixes
#11266)linkerd install
error output to add a newline when a Kubernetes
client cannot be successfully initialised
(#11917)prometheusUrl
field for the heartbeat job in the control plane Helm
chart (#11343; fixes
#11342)createNamespaceMetadataJob
Helm value to control whether the
namespace-metadata job is run during install
(#11782)podAnnotations
Helm value to allow adding additional annotations to
the Linkerd-Viz Prometheus Deployment
(#11374; fixes
#11365)namespaceSelector
fields for the tap-injector and jaeger-injector
webhooks. The webhooks are now configured to skip kube-system
by default
(#11649; fixes
#11647)opentelemetry-collector
in the jaeger extension
(#11283)podMonitors
field in the
control plane Helm chart
(#11222; fixes
#11175)PodDisruptionBudgets
in the linkerd-viz Helm chart for tap and
tap-injector (#11628; fixes
#11248)MutatingWebhookConfig
timeout value to be configured
(#12028; fixes
#12011)nodeAffinity
to deployment
templates in the linkerd-viz
and
linkerd-jaeger
Helm charts
(#11464; fixes
#10680)To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1
or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.3
or later.
extension-init
and policy-controller
images to remediate
CVE-2023-6246policy-controller
image to remediate
CVE-2023-6246To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1
or later.
extension-init
and policy-controller
images to remediate
CVE-2023-6246linkerd policy generate
CLI commandlinkerd policy generate
CLI command to only generate policy for
enterprise
and preview
proxiesproxy-init
image to remediate
CVE-2023-6129proxy-init
image to remediate
CVE-2023-6129proxy-init
image to remediate
CVE-2023-6129linkerd check --pre
failurelinkerd fips audit
CLI command, to audit FIPS compliance on
Linkerd-enabled clusterspreview
channellinkerd fips audit
CLI command, to audit FIPS compliance on
Linkerd-enabled clusterslinkerd-multicluster
supportlinkerd inject
would unnecessarily set a
config.linkerd.io/init-image-version
annotationlinkerd inject
would unnecessarily set a
config.linkerd.io/init-image-version
annotationproxy-init
image to remediate
CVE-2023-5678proxy-init
image to remediate
CVE-2023-5678proxy-init
image to remediate
CVE-2023-5363proxy-init
image to remediate
CVE-2023-5363