Linkerd v2.4.0 improves performance & adds traffic splitting functionality
The latest release of Linkerd adds some new features, including a new traffic splitting API. Stable version 2.4.0 also adds support for the Kubernetes Service Mesh Interface, fixes a number of bugs and issues, and improves performance. Linkerd also recently received high praise for its security after an eighteen-day long security audit.
Part of the Cloud Native Computing Foundation, Linkerd is a network proxy that deploys as a service mesh. According to their overview, its creators built it for solving complex problems while operating large production systems. Linkerd fixes communication issues between services.
The newest stable release, v2.4.0 arrived, adding a new traffic splitting feature, support for the Kubernetes Service Mesh Interface, performance enhancements, and more.
Stable version 2.4.0
According to the documentation, some of the notable features added to version 2.4.0 include:
- Traffic splitting functionality: New API allows users to control the amount of traffic destined for services via TrafficSplit custom resources.
- Kubernetes Service Mesh Interface support: SMI provides a standardized interface for service meshes on Kubernetes. This makes ecosystem tools easier to work with when using Linkerd.
- New install and upgrade stages:
linkerd install configand
linkerd install control-plane;
linkerd upgrade configand
linkerd upgrade control-plane
- Debugging assistance: New
linkerd edgescommand adds observability into the TLS-based identity system;
--enable-debug-sidecarflag helps with debugging.
- Prometheus metrics: Added to Kubernetes watchers in the destination service
- Two-phase installation process added
- Automate canary deployments: Flagger now supported
- Experimental status: Graduated to high-availability support
- Font Awesome stylesheets added locally
- Disabled spinner: When running without TTY,
linkerd checkspinner is disabled
- Edges table: Improved UI
- Various performance and usability upgrades
- Breaking changes: Removed the
--proxy-auto-injectflag; replaced the
--linkerd-versionflag with the
--proxy-versionflag in the
- Improved documentation
- Bug fixes and closed issues: Including potential memory leaks in HTTP/2 requests, stuck load balancers, failing
linkerd inject, proxy injector fixes, pod creation failures, long DNS queries, and more.
In April, the last update (v2.3) focused on security, by turning on authenticated, confidential communication between meshed services by default.
In June 2019, Linkerd passed a CNCF-sponsored security audit. Testing lasted a total of eighteen days and consisted of a variety of approaches. The testing team found as the report claims, “no real vulnerabilities”, ensuring its safety and high-security.
The conclusions of the testing state:
Judging by the lack of discovered relevant vulnerabilities and only a few miscellaneous issues, Cure53 has gained a rarely observed and very good impression of the examined Linkers software complex and its surroundings. This June 2019 Cure53 project clearly demonstrates that the Linkerd product is fully capable of preventing major attacks and should be considered strong against the majority of malicious attempts at a compromise.
The overall state of the Linkerd project – from a technical perspective and the in-house team’s great awareness of security-relevant practices and aspect, solidly places the Linkerd complex on a very good level.