Cross-post from the Linkerd blog by William Morgan

We’re very happy to announce the release of Linkerd 2.10, the best Linkerd version yet! This release adds pluggable extensions to Linkerd and dramatically reduces the default control plane size by moving non-critical components into opt-in extensions. The 2.10 release also extends Linkerd’s seamless, secure multi-cluster support to all TCP connections, not just HTTP. Finally, Linkerd 2.10 adds opaque ports as a way of extending Linkerd’s coverage to certain situations that are incompatible with protocol detection.

This release includes a lot of hard work from over 50 contributors. A special thank you to Lutz BehnkeBjörn WenzelFilip PetkovskiSimon WealdGMarkfjardhodbnHu ShuaiJimil DesaijiraguhaJoakim RoubertJosh SorefKelly CampbellMatei DavidMayank ShahMax GoltzscheMitch HulscherEugene FormanenkoNathan J MehlNicolas LamiraultOleh OzimokPiyush SingariyaNaga Venkata Pradeep Namburirish-onesignalShai Katz, Takumi Sue, Raphael Taylor-Davies, and Yashvardhan Kukreja for all your hard work!

Extensions

In Linkerd 2.10, the Linkerd control plane is now modular and extensible with the introduction of extensions. Extensions are opt-in software components that run as part of the Linkerd control plane. The default control plane in 2.10 now contains just the bare minimum necessary to run, with Prometheus, Grafana, dashboard, and other non-critical telemetry components packaged as a viz extension. This change drops the default Linkerd control plane down to 200mb at startup, from ~500mb in Linkerd 2.9!

The 2.10 release ships three extensions by default:

The move to extensions serves two purposes: first, it allows Linkerd adopters to choose exactly which bits and pieces of Linkerd they want to install on their cluster—a common request, especially for users who already have an off-cluster metrics pipeline.

Second, extensions allow the Linkerd community to build Linkerd-specific operators and controllers without having to modify the core Linkerd CLI. Extensions can come from anywhere, and because these extensions fit into Linkerd’s CLI, they “feel” just like the rest of Linkerd.

Read more in the full blog post on Linkerd Extensions.

Seamless, secure multi-cluster for all TCP connections

Multi-cluster support, introduced in Linkerd 2.8, allows Linkerd to connect Kubernetes services across cluster boundaries in a way that’s secure, fully transparent to the application, and independent of the topology of the underlying network. However, this functionality was restricted to HTTP connections only—until now. With Linkerd 2.10, Linkerd’s multi-cluster feature now extends to all TCP connections, with the same guarantees of security and transparency that Linkerd provides for pod-to-pod communication.

Want to try it? Just install the multicluster extension!

Opaque ports

The 2.10 release adds a new opaque ports feature that extends Linkerd’s ability to handle certain types of traffic. An opaque port is simply one that Linkerd will proxy without performing protocol detection. While protocol detection is key to much of Linkerd’s simplicity, certain types of traffic are incompatible with it, including, most commonly, the use of non-TLS’d MySQL connections. In Linkerd 2.9 and earlier, these situations were handled by simply skipping them at the proxy level. In Linkerd 2.10, users can explicitly mark these connections as opaque ports, and Linkerd will proxy them without attempting protocol detection. This allows Linkerd to apply features such as transparent mTLS and instrumentation in situations where it was previously unable to handle.

Read more in the full blog post on opaque ports in Linkerd.

And lots more!

Linkerd 2.10 also has a tremendous list of other improvements, performance enhancements, and bug fixes, including:

See the full release notes for details.

What’s next for Linkerd?

The momentum behind Linkerd continues to astound us. Companies like Elkjøp (see the case study—”How a $4 billion retailer built an enterprise-ready Kubernetes platform powered by Linkerd”), Giant SwarmPlexTrac, and Mythical Games have joined HPH-E-BMicrosoftClover HealthMercedes BenzSubspace, and many more as recent adopters of Linkerd. The newly-formed Linkerd Steering Committee, comprising production users who operate Linkerd at scale, is actively delivering feedback and guidance to maintainers. Finally, Linkerd was named the Best Open Source DevOps Tool of 2020.

But we’re just getting started. In our next stable release, we’ll focus on bringing policy to Linkerd, building on the foundation of mTLS to further enhance the security posture of Kubernetes applications everywhere.

The service mesh doesn’t have to be complex, and security doesn’t have to be high-friction. The future of Linkerd is built around these beliefs, and we hope they resonate with you as well.

Try it today!

Ready to try Linkerd? Those of you who have been tracking the 2.x branch via our weekly edge releases will already have seen these features in action. Either way, you can download the stable 2.10 release by running:

curl https://run.linkerd.io/install | sh

Using Helm? See our guide to installing Linkerd with Helm. Upgrading from an earlier release? We’ve got you covered: see our Linkerd upgrade guide for how to use the linkerd upgrade command.

Linkerd is for everyone

Linkerd is a community project and is hosted by the Cloud Native Computing Foundation. Linkerd is committed to open governance. If you have feature requests, questions, or comments, we’d love to have you join our rapidly-growing community! Linkerd is hosted on GitHub, and we have a thriving community on SlackTwitter, and the mailing lists. Come and join the fun!