The latest version of the open source service mesh Linkerd is now available, with three major features being added to this 2.17 release: egress traffic visibility and control, rate limiting, and federated services. 

This release is the first new version of Linkerd since the company changed the release model back in February, stating that stable releases would no longer be shipped as part of the open source project, but as a paid offering called Buoyant Enterprise for Linkerd (the source code and edge releases remained open source).

“Not unrelatedly, it is one of the first Linkerd releases in years to introduce multiple significant features at once,” William Morgan, CEO of Buoyant and director at Linkerd, wrote in a blog post.

Linkerd 2.17 provides visibility and control for egress traffic leaving Kubernetes clusters. Users can now see the source, destination, and traffic levels of traffic leaving the cluster, including hostnames and the full HTTP paths or gRPC methods. They can also now deploy egress security policies to allow or disallow traffic based on DNS domain instead of IP range and port. 

According to the Linkerd team, this new egress functionality requires minimal configuration to get started, and advanced usage can be configured using the same configuration primitives used for other aspects of Linkerd, as it is all based on Gateway API resources. 

The second major feature, rate limiting, prevents Linkerd services from being overloaded. Rate limiting is server-side behavior, whereas the existing circuit breaking feature that protects clients from failing services is client-side behavior. 

Like the new egress visibility and control feature, rate limiting is built to require minimal configuration, the Linderd team explained. 

It also provides per-client rate limit policies, which can be used to ensure rate limits are being fairly distributed across multiple clients.

“Combined with retries, timeouts, circuit breaking, latency-aware load balancing, and dynamic traffic routing, rate limiting extends Linkerd’s already wide arsenal of in-cluster distributed system reliability features,” Morgan wrote.

And finally, federated services are logical unions of replicas of the same service across multiple clusters. According to the team, mesh clients talking to federated services automatically load balance across all endpoints in all clusters. Additionally, application code is decoupled from cluster deployment decisions and failure handling is transparent and automatic. 

“The 2.17 release is one of the biggest Linkerd releases in years in terms of sheer functionality added to the project,” said Morgan. “The shift to a sustainable model for Linkerd, backed by Buoyant’s transition to a profitable company, has allowed us to really increase momentum. I’m thrilled not just about the magnitude of the 2.17 release but about the extremely exciting roadmap ahead.”