RSS

Linkerd 2.20: Rate-limit-aware load balancing, reduced memory usage and more

darksoul1 pts0 comments

Announcing Buoyant Enterprise for Linkerd 2.20: Automated trust anchor rotation, Windows VM support, rate-limit-aware load balancing, and more

Skip to main content

Pricing<br>Resources

Academy

About

Contact usDocs

Get Service Mesh Certified with Buoyant.<br>Enroll now!

Blog home<br>Announcing Buoyant Enterprise for Linkerd 2.20: Automated trust anchor rotation, Windows VM support, rate-limit-aware load balancing, and more

Linkerd Production Readiness Pre-Launch Checklist

Download checklist

Heading

Relevant articles<br>Linkerd vs Istio

eBPF, Sidecars, and the<br>Future of The Service Mesh

A Kubernetes engineer’s guide to mTLS

William Morgan

June 23, 2026<br>Buoyant Enterprise for Linkerd

Buoyant Enterprise for Linkerd 2.20 is now available! This release automates rotation of mTLS trust anchors; adds support for Windows VMs running outside of Kubernetes; and improves circuit breaking and load balancing (including zone-aware HAZL balancing) to be aware of rate-limited services. Linkerd 2.20 also improves memory consumption of the control plane, especially on busy clusters, and promotes native sidecars to the default deployment type for Linkerd’s data plane microproxies.<br>If you’re interested in a technical deep dive on this release, keep an eye out for our upcoming Service Mesh Academy workshops: on July 18 we’ll cover automated trust anchor rotation, and on August 20 we’ll walk through Windows VM support.<br>With this release, Linkerd extends its support for Windows containers to VMs, becoming the first service mesh to provide official support for Windows applications running outside of Kubernetes. As usual, this is just the latest in a long list of firsts for Linkerd—the first service mesh; the project to coin the term itself; and the first service mesh to achieve graduated status in the CNCF.<br>Linkerd has now seen almost a decade of continuous improvement and evolution. Our goal is to build a service mesh that our users can rely on for 100 years. We partner with customers like Expel and IntelliGRC to seamlessly expand workloads across cloud providers and to meet strict federal security requirements with FIPS-validated encryption of data in transit.<br>Linkerd 2.20 is the fourth major version since the announcement of Buoyant's profitability and Linkerd project sustainability, and continues our laser focus on operational simplicity: delivering the notoriously complex service mesh feature set in a way that is manageable, scalable, and performant.<br>Automated trust anchor rotation<br>Linkerd is designed to never fail. Linkerd is also designed to never allow untrusted communication. Unfortunately, if the TLS infrastructure that Linkerd uses for authentication is misconfigured, these two behaviors are at odds. The results of TLS misconfiguration at the root level can be especially catastrophic: in the worst case, a complete refusal to communicate between any meshed pods.<br>In practice, the most common cause of TLS misconfiguration is the process of trust anchor rotation, a delicate operation that updates, in place, the global root of trust across all clusters and pods in a system handling live traffic. A misstep in this process can result in this catastrophic scenario.<br>To prevent these situations, Linkerd 2.20 introduces a new trust anchor rotation operator. This component fully automates trust anchor rotation, placing all the necessary guardrails in place to ensure this process happens safely. If your security environment requires rotating your TLS trust anchor, we highly recommend letting the operator take care of this process for you.<br>Windows VM support<br>As of Linkerd 2.20, Linkerd’s ultra-light Rust microproxies can now run on Windows VMs outside of Kubernetes, allowing non-containerized Windows applications to join the mesh and take full advantage of Linkerd’s full suite of reliability, observability, and security features, including mutual TLS, retries and timeouts, circuit breaking, and multicluster communication.<br>In keeping with Linkerd’s goal of delivering the full power of the service mesh with maximum simplicity, meshing your Windows applications with Linkerd is as simple as running the native installer on Windows Server 2022 or 2025 either in interactive or silent mode, and providing the port information of the application to mesh. Windows applications on this host will now be meshed by Linkerd, and all TCP traffic to and from these applications automatically made observable, reliable, and secure.<br>Rate-limit-aware load balancing and circuit breaking<br>Since its inception, one of Linkerd’s most powerful features has been its latency-aware load balancing. When distributing individual HTTP or gRPC requests across endpoints, this algorithm weights available endpoints by the exponentially-weighted moving average (EWMA) of their latency—allowing it to react quickly to latency spikes—and automatically favors endpoints that are currently responding the quickest. Load balancing is often paired with another powerful client-side...

linkerd windows mesh trust service balancing

Related Articles

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully

Britain Became as Poor as Mississippi

SanjayMehta15 ptsbritain mississippi next financial crisis self
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.