.svg){kind=small}
Apr 9, 2024
Today we're happy to announce the release of Buoyant Enterprise for Linkerd 2.15.2. This new stable release makes our high-availability zonal load balancer (HAZL) available in the standard proxy build, and includes several feature improvements and bugfixes, including for a memory leak in the security policy controller.
BEL 2.15.2 is the first "substantial'' minor stable release for 2.15. In addition to HAZL, it includes several backported bugfixes, additional diagnostic metrics, some minor feature polish, and the usual rigorous set of production testing across a variety of platforms including EKS, AKS, GKE, and OpenShift.
If you're a Linkerd user, this stable release has all the latest features and important bugfixes. Download BEL 2.15.2 today and give it a try!
This release merges the High Availability Zonal Load balancer (HAZL) into the standard proxy build. HAZL is a feature of Buoyant Enterprise for Linkerd that keeps traffic within a single availability zone, under normal conditions. For customers with high traffic multi-zone clusters in the cloud, HAZL can significantly reduce cloud spend.
Unlike Kubernetes's native Topology-aware Routing, HAZL even works for cross-cluster traffic. Also unlike Kubernetes's native Topology-aware Routing, HAZL does not sacrifice high availability to achieve zone locality—while Topology-aware Routing will limit traffic to within a zone regardless of system performance or behavior, HAZL will allow cross-zone traffic when the system is under stress, e.g. from spikes in traffic or latency. In other words, HAZL gives you the best of both worlds: the cost-savings benefits of zone locality during normal conditions, and the high availability advantages of multi-AZ clusters during stress conditions.
As you would expect from Linkerd, HAZL is designed to "just work" for any system and does not require tuning or service-specific configuration. Simply enable the HAZL load balancer and let BEL work its magic.
The 2.15.2 release contains several backported bugfixes which correct a variety of minor misbehaviors in earlier versions of Linkerd, including a memory leak in the policy controller under certain circumstances:
This release also remediates several non-critical CVEs in underling dependencies in Linkerd, including CVE-2024-27308, CVE-2024-24786, CVE-2024-24557, CVE-2019-25210, CVE-2023-45288, and GHSA-q6cp-qfwq-4gcv. (Note that none of these CVEs represent a realistic security issue for Linkerd users, so these updates are for hygiene and compliance.)
BEL 2.15.2 has undergone a rigorous set of production testing across a variety of Kubernetes versions, including:
See the current list of tested platforms for more details. And, of course, we've upgraded our own production environments to BEL 2.15.2.
BEL is our production-ready distribution of the Linkerd service mesh, brought to you by the creators and maintainers of Linkerd. BEL is the distribution of Linkerd that we run ourselves. Anyone can download and try BEL 2.15.2—just start here.
Later this month, we'll also be walking through BEL 2.15.2 and features like HAZL in our next Service Mesh Academy class, Linkerd major feature deep dive: Mesh expansion, HAZL, and native sidecar support. Sign up today for a hands-on walkthrough of these exciting new Linkerd features.
The pace of Linkerd iteration is faster than ever. Over the next few releases, we'll be shipping some major improvements to multi-cluster ergonomics, adding support for IPv6, bringing parity to our Gateway API and pre-Gateway API featureset, and tackling big features like egress control. Stay tuned for lots, lots more great features from team Linkerd!
A complete guide to everything the modern enterprise architect needs to know about service meshes, including mutual TLS, zero trust security, eBPF, sidecars, and more.
.svg)