Skip to content


Choose a tag to compare
@github-actions github-actions released this 10 Mar 23:05
· 2613 commits to main since this release


This release introduces Linkerd extensions. The default control plane no longer
includes Prometheus, Grafana, the dashboard, or several other components that
previously shipped by default. This results in a much smaller and simpler set
of core functionalities. Visibility and metrics functionality is now available
in the Viz extension under the linkerd viz command. Cross-cluster
communication functionality is now available in the Multicluster extension
under the linkerd multicluster command. Distributed tracing functionality is
now available in the Jaeger extension under the linkerd jaeger command.

This release also introduces the ability to mark certain ports as "opaque",
indicating that the proxy should treat the traffic as opaque TCP instead of
attempting protocol detection. This allows the proxy to provide TCP metrics
and mTLS for server-speaks-first protocols. It also enables support for
TCP traffic in the Multicluster extension.

Upgrade notes: Please see the upgrade

  • Proxy

    • Updated the proxy to use TLS version 1.3; support for TLS 1.2 remains
      enabled for compatibility with prior proxy versions
    • Improved support for server-speaks-first protocols by allowing ports to be
      marked as opaque, causing the proxy to skip protocol detection. Ports can
      be marked as opaque by setting the
      annotation on the Pod and Service or by using the --opaque-ports flag with
      linkerd inject
    • Ports 25,443,587,3306,5432,11211 have been removed from the default skip
      ports; all traffic through those ports is now proxied and handled opaquely
      by default
    • Fixed an issue that could cause proxies in "ingress mode"
      ( ingress) to use an excessive amount of memory
    • Improved diagnostic logging around "fail fast" and "max-concurrency
      exhausted" error messages
    • Added a new /shutdown admin endpoint that may only be accessed over the
      loopback network allowing batch jobs to gracefully terminate the proxy on
  • Control Plane

    • Removed all components and functionality related to visibility, tracing,
      or multicluster. These have been moved into extensions
    • Changed the identity controller to receive the trust anchor via environment
      variable instead of by flag; this allows the certificate to be loaded from a
      config map or secret (thanks @mgoltzsche!)
    • Added PodDisruptionBudgets to the control plane components so that they
      cannot be all terminated at the same time during disruptions
      (thanks @tustvold!)
  • CLI

    • Changed the check command to include each installed extension's check
      output; this allows users to check for proper configuration and installation
      of Linkerd without running a command for each extension
    • Moved the metrics, endpoints, and install-sp commands into subcommands
      under the diagnostics command
    • Added an --opaque-ports flag to linkerd inject to easily mark ports
      as opaque.
    • Added the repair command which will repopulate resources needed for
      properly upgrading a Linkerd installation
    • Added Helm-style set, set-string, values, set-files customization
      flags for the linkerd install and linkerd upgrade commands
    • Introduced the linkerd identity command, used to fetch the TLS certificates
      for injected pods (thanks @jimil749)
    • Removed the get and logs command from the CLI
  • Helm

    • Changed many Helm values, please see the upgrade notes
  • Viz

    • Introduced the linkerd viz subcommand which contains commands for
      installing the viz extension and all visibility commands
    • Updated the Web UI to only display the "Gateway" sidebar link when the
      multicluster extension is active
    • Added a linkerd viz list command to list pods with tap enabled
    • Fixed an issue where the tap APIServer would not refresh its certs
      automatically when provided externally—like through cert-manager
  • Multicluster

    • Introduced the linkerd multicluster subcommand which contains commands for
      installing the multicluster extension and all multicluster commands
    • Added support for cross-cluster TCP traffic
    • Updated the service mirror controller to copy the annotation when mirroring services so that
      cross-cluster traffic can be correctly handled as opaque
    • Added support for multicluster gateways of types other than LoadBalancer
      (thanks @DaspawnW!)
  • Jaeger

    • Introduced the linkerd jaeger subcommand which contains commands for
      installing the jaeger extension and all tracing commands
    • Added a linkerd jaeger list command to list pods with tracing enabled

This release includes changes from a massive list of contributors. A special
thank-you to everyone who helped make this release possible:
Lutz Behnke
Björn Wenzel
Filip Petkovski
Simon Weald
Hu Shuai
Jimil Desai
Joakim Roubert
Josh Soref
Kelly Campbell
Matei David
Mayank Shah
Max Goltzsche
Mitch Hulscher
Eugene Formanenko
Nathan J Mehl
Nicolas Lamirault
Oleh Ozimok
Piyush Singariya
Naga Venkata Pradeep Namburi
Shai Katz
Takumi Sue
Raphael Taylor-Davies
Yashvardhan Kukreja