This edge release fixes an issue where Linkerd injected pods could not be evicted by Cluster Autoscaler. It also adds the `--crds` flag to `linkerd check` which validates that the Linkerd CRDs have been installed with the proper versions. The previously noisy "cluster networks can be verified" check has been replaced with one that now verifies each running Pod IP is contained within the current `clusterNetworks` configuration value. Additionally, linkerd-viz is no longer required for linkerd-multicluster's `gateways` command — allowing the `Gateways` API to marked as deprecated for 2.12. Finally, several security issues have been patched in the Docker images now that the builds are pinned only to minor — rather than patch — versions. * Replaced manual IP address parsing with functions available in the Go standard library (thanks @zhlsunshine!) * Removed linkerd-multicluster's `gateway` command dependency on the linkerd-viz extension * Fixed issue where Linkerd injected pods were prevented from being evicted by Cluster Autoscaler * Added the `dst_target_cluster` metric to linkerd-multicluster's service-mirror controller probe traffic * Added the `--crds` flag to `linkerd check` which validates that the Linkerd CRDs have been installed * Removed the Docker image's hardcoded patch versions so that builds pick up patch releases without manual intervention * Replaced the "cluster networks can be verified check" check with a "cluster networks contains all pods" check which ensures that all currently running Pod IPs are contained by the current `clusterNetworks` configuration * Added IPv6 compatible IP address generation in certain control plane components that were only generating IPv4 (thanks @zhlsunshine!) * Deprecated linkerd-viz's `Gateways` API which is no longer used by linkerd-multicluster * Added the `promm` package for making programatic Prometheus assertions in tests (thanks @krzysztofdrys!) * Added the `runAsUser` configuration to extensions to fix a PodSecurityPolicy violation when CNI is enabled