Buoyant Enterprise for Linkerd


April 5, 2024

The 2.15.2 stable point release includes bug fixes, CVE remediations, and some minor feature updates. It merges HAZL into the main proxy build (previous releases required a separate build), improves certain metrics, and fixes a memory leak in the policy controller.

Who should upgrade?

  • Users who want to use the high-availability zonal load balancer (HAZL) should upgrade to this release, as it no longer requires a separate proxy image.
  • Users who are experiencing a memory leak in the policy controller component of the control plane should upgrade.
  • Other users should upgrade at their convenience.

How to upgrade

Please follow the instructions in Upgrading Buoyant Enterprise for Linkerd.

To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.

Full Changelog

CLI changes

  • Introduce a linkerd license CLI command, to output client and server license information.
  • Update linkerd check to validate Linkerd version strings that include build and patch info, e.g. enterprise-2.15.1-1-fips

Helm changes

  • Introduce a licenseSecret Helm value to allow storing the Buoyant license in a Kubernetes secret.

Control plane changes

  • Backport fix(injector): Stop emitting warnings about skipped resources (linkerd2#12254)
  • Backport fix(destination): Removes should not change local traffic policy (linkerd2#12325)
  • Backport fix(identity): Log token validation errors at WARN (linkerd2#12187)
  • Backport fix(cli): Remove kube-system injection check (linkerd2#12263)
  • Backport fix(policy): Don’t patch httproute status if it hasn’t changed (linkerd2#12215)

Proxy changes

CVE remediations and updates