This edge release introduces new policy CRDs that allow for more generalized
AuthorizationPolicy CRD authorizes clients that satisfy all the required
authentications to communicate with the Linkerd
Server that it targets.
Required authentications are specified through the new
MeshTLSAuthentication defines a list of authenticated client IDs—specified
directly by proxy identity strings or referencing resources such as
NetworkAuthentication defines a list of client networks that will be
Additionally, to support the new CRDs, policy-related labels have been changed
to better categorize policy metrics. A
srv_kind label has been introduced
which splits the current
srv_name value—formatted as
saz_name label has been removed and is replaced by the new
- Introduced the
srv_kindlabel which allowed splitting the value of the
- Removed the
saz_namelabel and replaced it with the new
- Fixed an issue in the destination controller where an update would not be sent
after an endpoint was discovered for a currently empty service
- Introduced the following custom resource types to support generalized
- Deprecated the
--proxy-versionflag (thanks @importhuman!)
- Updated linkerd-viz to use new policy CRDs
- 🔍View and search all Linkerd releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!