This stable release adds CLI support for Apple Silicon M1 chips and support for SMI's TrafficSplit `v1alpha2`. There are several proxy fixes: handling `FailedPrecondition` errors gracefully, inbound TLS detection from non-meshed workloads, and using the correct cached client when the proxy is in ingress mode. The logging infrastructure has also been improved to reduce memory pressure in high-connection environments. On the control-plane side, there have been several improvements to the destination service such as support for Host IP lookups and ignoring pods in "Terminating" state. It also updates the proxy-injector to add opaque ports annotation to pods if their namespace has it set. On the CLI side, `linkerd repair` has been updated to be aware about the control-plane version and suggest the relevant version to generate the right config. Various bugs have been fixed around `linkerd identity`, etc. **Upgrade notes**: Please refer [2.10 upgrade instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2100) if you are upgrading from `2.9.x` or below versions. * Proxy: * Fixed an issue where proxies could infinitely retry failed requests to the `destination` controller when it returned a `FailedPrecondition` * The proxy's logging infrastructure has been updated to reduce memory pressure in high-connection environments. * Fixed a caching issue in the outbound proxy that would cause it to forward traffic to the wrong pod when running in ingress mode. * Fixed an issue where inbound TLS detection from non-meshed workloads could break * Fixed an issue where the admin server's HTTP detection would fail and not recover; these are now handled gracefully and without logging warnings * Control plane proxies no longer emit warnings about the resolution stream ending. This error was innocuous. * Bumped the proxy-init image to v1.3.11 which updates the go version to be 1.16.2 * Control Plane: * Fixed an issue where the destination service would respond with too big of a header and result in http2 protocol errors * Fixed an issue where the destination control plane component sometimes returned endpoint addresses with a 0 port number while pods were undergoing a rollout (thanks @riccardofreixo!) * Fixed an issue where pod lookups by host IP and host port fail even though the cluster has a matching pod * Updated the IP Watcher in destination to ignore pods in "Terminating" state (thanks @Wenliang-CHEN!) * Modified the proxy-injector to add the opaque ports annotation to pods if their namespace has it set * Added Support for TrafficSplit `v1alpha2` * Updated all the control-plane components to use go `1.16.2`. * CLI: * Fixed an issue where the linkerd identity command returned the root certificate of a pod instead of its leaf certificates * Fixed an issue where the destination service would respond with too big of a header and result in http2 protocol errors * Updated the release process to build Linkerd CLI binaries for Apple Silicon M1 chips * Improved error messaging when trying to install Linkerd on a cluster that already had Linkerd installed * Added a loading spinner to the linkerd check command when running extension checks * Added installNamespace toggle in the jaeger extension's install. (thanks @jijeesh!) * Updated healthcheck pkg to have hintBaseURL configurable, useful for external extensions using that pkg * Fixed TCP read and write bytes/sec calculations to group by label based off inbound or outbound traffic * Fixed an issue in linkerd inject where the wrong annotation would be added when using --ingress flag * Updated `linkerd repair` to be aware of the client and server versions * Updated `linkerd uninstall` to print error message when there are no resources to uninstall. * Helm: * Aligned the Helm installation heartbeat schedule to match that of the CLI * Viz: * Fixed an issue where the topology graph in the dashboard was no longer draggable. * Updated dashboard build to use webpack v5 * Added CA certs to the Viz extension's metrics-api container so that it can validate the certifcate of an external Prometheus * Removed components from the control plane dashboard that now are part of the Viz extension * Changed web's base image from debian to scratch * Multicluster: * Fixed an issue with Multicluster's service mirror where its endpoint repair retries were not properly rate limited * Jaeger: * Fixed components in the Jaeger extension to set the correct Prometheus scrape values