Announcing Buoyant Enterprise for Linkerd 2.15.2

Announcing Buoyant Enterprise for Linkerd 2.15.2

William Morgan

Apr 9, 2024

Today we're happy to announce the release of Buoyant Enterprise for Linkerd 2.15.2. This new stable release makes our high-availability zonal load balancer (HAZL) available in the standard proxy build, and includes several feature improvements and bugfixes, including for a memory leak in the security policy controller.

BEL 2.15.2 is the first "substantial'' minor stable release for 2.15. In addition to HAZL, it includes several backported bugfixes, additional diagnostic metrics, some minor feature polish, and the usual rigorous set of production testing across a variety of platforms including EKS, AKS, GKE, and OpenShift. 

If you're a Linkerd user, this stable release has all the latest features and important bugfixes. Download BEL 2.15.2 today and give it a try

High Availability Zonal Load balancing

This release merges the High Availability Zonal Load balancer (HAZL) into the standard proxy build. HAZL is a feature of Buoyant Enterprise for Linkerd that keeps traffic within a single availability zone, under normal conditions. For customers with high traffic multi-zone clusters in the cloud, HAZL can significantly reduce cloud spend.

Unlike Kubernetes's native Topology-aware Routing, HAZL even works for cross-cluster traffic. Also unlike Kubernetes's native Topology-aware Routing, HAZL does not sacrifice high availability to achieve zone locality—while Topology-aware Routing will limit traffic to within a zone regardless of system performance or behavior, HAZL will allow cross-zone traffic when the system is under stress, e.g. from spikes in traffic or latency. In other words, HAZL gives you the best of both worlds: the cost-savings benefits of zone locality during normal conditions, and the high availability advantages of multi-AZ clusters during stress conditions.

As you would expect from Linkerd, HAZL is designed to "just work" for any system and does not require tuning or service-specific configuration. Simply enable the HAZL load balancer and let BEL work its magic.

Bugfixes and CVE remediations

The 2.15.2 release contains several backported bugfixes which correct a variety of minor misbehaviors in earlier versions of Linkerd, including a memory leak in the policy controller under certain circumstances:

  • Proxy injector: Stop emitting warnings about skipped resources (linkerd2#12254)
  • Destination controller: Removes should not change local traffic policy (linkerd2#12325)
  • Identity controller: Log token validation errors at WARN (linkerd2#12187)
  • CLI: Remove kube-system injection check (linkerd2#12263)
  • Policy controller: Don’t patch httproute status if it hasn’t changed (linkerd2#12215)

This release also remediates several non-critical CVEs in underling dependencies in Linkerd, including CVE-2024-27308, CVE-2024-24786, CVE-2024-24557, CVE-2019-25210, CVE-2023-45288, and GHSA-q6cp-qfwq-4gcv. (Note that none of these CVEs represent a realistic security issue for Linkerd users, so these updates are for hygiene and compliance.)

Tested platforms

BEL 2.15.2 has undergone a rigorous set of production testing across a variety of Kubernetes versions, including:

  • EKS 1.24 and 1.27, m6i.large instances
  • GKE 1.27, n2-standard-2 instances
  • AKS 1.28.5, Standard_DS3_v2 instances
  • Red Hat OpenShift (OKD 4.13)

See the current list of tested platforms for more details. And, of course, we've upgraded our own production environments to BEL 2.15.2. 

Try Buoyant Enterprise for Linkerd today!

BEL is our production-ready distribution of the Linkerd service mesh, brought to you by the creators and maintainers of Linkerd. BEL is the distribution of Linkerd that we run ourselves. Anyone can download and try BEL 2.15.2—just start here.

Later this month, we'll also be walking through BEL 2.15.2 and features like HAZL in our next Service Mesh Academy class, Linkerd major feature deep dive: Mesh expansion, HAZL, and native sidecar support. Sign up today for a hands-on walkthrough of these exciting new Linkerd features.

The pace of Linkerd iteration is faster than ever. Over the next few releases, we'll be shipping some major improvements to multi-cluster ergonomics, adding support for IPv6, bringing parity to our Gateway API and pre-Gateway API featureset, and tackling big features like egress control. Stay tuned for lots, lots more great features from team Linkerd!

Further reading
Further reading
Further reading