Announcing Linkerd stable-2.10.1

Tarun Pothulapati

Hello Linkerd fans! 🔥 🙏

We are excited to announce that `stable-2.10.1` has been finally released! 🎉🎊

To install this release, run: `curl | sh`

This stable release adds CLI support for Apple Silicon M1 chips and support for
SMI's TrafficSplit `v1alpha2`.

There are several proxy fixes: handling `FailedPrecondition` errors gracefully,
inbound TLS detection from non-meshed workloads, and using the correct cached
client when the proxy is in ingress mode. The logging infrastructure has also
been improved to reduce memory pressure in high-connection environments.

On the control-plane side, there have been several improvements to the
destination service such as support for Host IP lookups and ignoring pods
in "Terminating" state. It also updates the proxy-injector to add opaque ports
annotation to pods if their namespace has it set.

On the CLI side, `linkerd repair` has been updated to be aware about the control-plane
version and suggest the relevant version to generate the right config. Various
bugs have been fixed around `linkerd identity`, etc.

**Upgrade notes**: Please refer [2.10 upgrade instructions](
if you are upgrading from `2.9.x` or below versions.

Full Release Notes
  • Proxy:
    • Fixed an issue where proxies could infinitely retry failed requests to the
      `destination` controller when it returned a `FailedPrecondition`
    • The proxy's logging infrastructure has been updated to reduce memory     pressure in high-connection environments.
    •  Fixed a caching issue in the outbound proxy that would cause it to
       forward traffic to the wrong pod when running in ingress mode.
    • Fixed an issue where inbound TLS detection from non-meshed workloads
      could break
    • Fixed an issue where the admin server's HTTP detection would fail and
      not recover; these are now handled gracefully and without logging warnings
    • Control plane proxies no longer emit warnings about the resolution stream ending. This error was innocuous.
    • Bumped the proxy-init image to v1.3.11 which updates the go version to be 1.16.
  • Control Plane
    • Fixed an issue where the destination service would respond with too big of a
      header and result in http2 protocol errors
    • Fixed an issue where the destination control plane component sometimes returned endpoint addresses with a 0 port number while pods were undergoing a rollout (thanks @riccardofreixo!)
    • Fixed an issue where pod lookups by host IP and host port fail even though
      the cluster has a matching pod
    • Updated the IP Watcher in destination to ignore pods in "Terminating" state
      (thanks @Wenliang-CHEN!)
    • Modified the proxy-injector to add the opaque ports annotation to pods
      if their namespace has it set
    • Added Support for TrafficSplit `v1alpha2`
    • Updated all the control-plane components to use go `1.16.2`.
  • CLI
    • Fixed an issue where the linkerd identity command returned the root
      certificate of a pod instead of its leaf certificates
    • Fixed an issue where the destination service would respond with too
      big of a header and result in http2 protocol errors
    • Updated the release process to build Linkerd CLI binaries for Apple
      Silicon M1 chips
    • Improved error messaging when trying to install Linkerd on a cluster
      that already had Linkerd installed
    • Added a loading spinner to the linkerd check command when running
      extension checks
    • Added installNamespace toggle in the jaeger extension's install.
      (thanks @jijeesh!)
    • Updated healthcheck pkg to have hintBaseURL configurable, useful
      for external extensions using that pkg
    • Fixed TCP read and write bytes/sec calculations to group by label
      based off inbound or outbound traffic
    • Fixed an issue in linkerd inject where the wrong annotation would
      be added when using --ingress flag
    • Updated `linkerd repair` to be aware of the client and server versions
    • Updated `linkerd uninstall` to print error message when there are no
      resources to uninstall.
  • Helm:
    •   Aligned the Helm installation heartbeat schedule to match that of the CLI
  • Viz:
    • Fixed an issue where the topology graph in the dashboard was no
      longer draggable.
    • Updated dashboard build to use webpack v5
    • Added CA certs to the Viz extension's metrics-api container so
      that it can validate the certificate of an external Prometheus
    • Removed components from the control plane dashboard that now
      are part of the Viz extension
    • Changed web's base image from debian to scratch
  • Multicluster:
    • Fixed an issue with Multicluster's service mirror where its endpoint
      repair retries were not properly rate limited
  • Jaeger:
    • Fixed components in the Jaeger extension to set the correct Prometheus
      scrape values.
As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks, and have a great day,