From a4bec904cc19d30441fb4ab591cff0a1edc66c20 Mon Sep 17 00:00:00 2001 From: Alex Leong Date: Tue, 22 Aug 2023 12:00:15 -0700 Subject: [PATCH] Stable 2.14.0 (#11282) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This release introduces direct pod-to-pod multicluster service mirroring. When clusters are deployed on a flat network, Linkerd can export multicluster services in a way where cross-cluster traffic does not need to go through the gateway. This enhances multicluster authentication and can reduce the need for provisioning public load balancers. In addition, this release adds support for the [Gateway API](https://gateway-api.sigs.k8s.io/) HTTPRoute resource (in the `gateway.networking.k8s.io` api group). This improves compatibility with other tools that use these resources such as [Flagger](https://flagger.app/) and [Argo Rollouts](https://argoproj.github.io/rollouts/). The release also includes a large number of features and improvements to HTTPRoute including the ability to set timeouts and the ability to define consumer-namespace HTTPRoutes. Finally, this release includes a number of bugfixes, performance improvements, and other smaller additions. **Upgrade notes**: Please see the [upgrade instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2140). * Multicluster * Remove namespace field from cluster scoped resources to fix pruning * Added -o json flag for the `linkerd multicluster gateways` command (thanks @hiteshwani29) * Introduced `logFormat` value to the multicluster `Link` Helm Chart (thanks @bunnybilou!) * Added leader-election capabilities to the service-mirror controller * Added high-availability (HA) mode for the multicluster service-mirror * Added a new `remoteDiscoverySelector` field to the multicluster `Link` CRD, which enables a service mirroring mode where the control plane performs discovery for the mirrored service from the remote cluster, rather than creating Endpoints for the mirrored service in the source cluster * HTTPRoute * Fixed `linkerd uninstall` issue for HTTPRoute * Added support for `gateway.networking.k8s.io` HTTPRoutes in the policy controller * Added support for RequestHeaderModifier and RequestRedirect HTTP filters in outbound policy; filters may be added at the route or backend level * Added support for the `ResponseHeaderModifier` HTTPRoute filter * Added support for HTTPRoutes defined in the consumer namespace * Added support for HTTPRoute `parent_refs` that do not specify a port * CRDs * Patched the MeshTLSAuthentication CRD to force providing at least one identity/identityRef * Control Plane * Send Opaque protocol hint for opaque ports in destination controller * Replaced deprecated `failure-domain.beta.kubernetes.io/zone` labels in Helm charts with `topology.kubernetes.io/zone` labels (thanks @piyushsingariya!) * Replaced `server_port_subscribers` Destination controller gauge metric with `server_port_subscribes` and `server_port_unsubscribes` counter metrics * Proxy * Handle Opaque protocol hints on endpoints * Added `outbound_http_balancer_endpoints` metric * Fixed missing route_ metrics for requests with ServiceProfiles * Fixed proxy startup failure when using the `config.linkerd.io/admin-port` annotation (thanks @jclegras!) * Added distinguishable version information to proxy logs and metrics * CLI * The `linkerd diagnostics policy` command now displays outbound policy when the target resource is a Service * A fix for HA validation checks when Linkerd is installed with Helm. Thanks @mikutas!! * Viz * Add the `kubelet` NetworkAuthentication back since it is used by the `linkerd viz allow-scrapes` subcommand. * Fixed the `linkerd viz check` command so that it will wait until the viz extension becomes ready * Fixed an issue where specifying a `remote_write` config would cause the Prometheus config to be invalid (thanks @hiteshwani29) * Improved validation of the `--to` and `--from` flags for the `linkerd viz stat` command (thanks @pranoyk) * Added `-o jsonpath` flag to `linkerd viz tap` to allow filtering output fields (thanks @hiteshwani29!) * Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!) * Fixed missing "Services" menu item in the Spanish localization for the `linkerd-viz` web dashboard (thanks @mclavel!) * Extensions * Added missing label `linkerd.io/extension` to certain resources to ensure they pruned when appropriate (thanks @ClementRepo) * Added tolerations and nodeSelector support in extensions `namespace-metadata` Jobs (thanks @pssalman!) * Init Containers * Added an option for disabling the network validator's security context for environments that provide their own * CNI * Added --set flag to install-cni plugin (thanks @amit-62!) * Fixed missing resource-cni labels on linkerd-cni, this blocked the linkerd-cni pods from coming up when the injector was broken (thanks @migueleliasweb!) * Build * Build improvements for multi-arch build artifacts. Thanks @MarkSRobinson!! This release includes changes from a massive list of contributors! A special thank-you to everyone who helped make this release possible: * Amir Karimi @AMK9978 * Amit Kumar @amit-62 * Andre Marcelo-Tanner @kzap * Andrew @andrew-gropyus * Arnaud Beun @bunnybilou * Clement @proxfly * Dima @krabradosty * Grégoire Bellon-Gervais @albundy83 * Harsh Soni @harsh020 * Jean-Charles Legras @jclegras * Loong Dai @daixiang0 * Mark Robinson @MarkSRobinson * Miguel Elias dos Santos @migueleliasweb * Pranoy Kumar Kundu @pranoyk * Ryan Hristovski @ryanhristovski * Takumi Sue @mikutas * Zakhar Bessarab @zekker6 * hiteshwani29 @hiteshwani29 * pheianox * pssalman @pssalman Signed-off-by: Alex Leong --- CHANGES.md | 118 ++++++++++++++++++ charts/linkerd-control-plane/Chart.yaml | 2 +- charts/linkerd-control-plane/README.md | 2 +- charts/linkerd-crds/Chart.yaml | 2 +- charts/linkerd-crds/README.md | 2 +- charts/linkerd2-cni/Chart.yaml | 2 +- charts/linkerd2-cni/README.md | 2 +- cli/cmd/testdata/install_crds.golden | 16 +-- jaeger/charts/linkerd-jaeger/Chart.yaml | 2 +- jaeger/charts/linkerd-jaeger/README.md | 2 +- .../charts/linkerd-multicluster/Chart.yaml | 2 +- .../charts/linkerd-multicluster/README.md | 2 +- viz/charts/linkerd-viz/Chart.yaml | 2 +- viz/charts/linkerd-viz/README.md | 2 +- 14 files changed, 138 insertions(+), 20 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 0f2067114d790..a455eda92c6b0 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,5 +1,123 @@ # Changes +## stable-2.14.0 + +This release introduces direct pod-to-pod multicluster service mirroring. When +clusters are deployed on a flat network, Linkerd can export multicluster +services in a way where cross-cluster traffic does not need to go through the +gateway. This enhances multicluster authentication and can reduce the need for +provisioning public load balancers. + +In addition, this release adds support for the +[Gateway API](https://gateway-api.sigs.k8s.io/) HTTPRoute resource (in the +`gateway.networking.k8s.io` api group). This improves compatibility with other +tools that use these resources such as [Flagger](https://flagger.app/) and +[Argo Rollouts](https://argoproj.github.io/rollouts/). The release also includes +a large number of features and improvements to HTTPRoute including the ability +to set timeouts and the ability to define consumer-namespace HTTPRoutes. + +Finally, this release includes a number of bugfixes, performance improvements, +and other smaller additions. + +**Upgrade notes**: Please see the +[upgrade instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2140). + +* Multicluster + * Remove namespace field from cluster scoped resources to fix pruning + * Added -o json flag for the `linkerd multicluster gateways` command (thanks + @hiteshwani29) + * Introduced `logFormat` value to the multicluster `Link` Helm Chart (thanks + @bunnybilou!) + * Added leader-election capabilities to the service-mirror controller + * Added high-availability (HA) mode for the multicluster service-mirror + * Added a new `remoteDiscoverySelector` field to the multicluster `Link` CRD, + which enables a service mirroring mode where the control plane + performs discovery for the mirrored service from the remote cluster, rather + than creating Endpoints for the mirrored service in the source cluster +* HTTPRoute + * Fixed `linkerd uninstall` issue for HTTPRoute + * Added support for `gateway.networking.k8s.io` HTTPRoutes in the policy + controller + * Added support for RequestHeaderModifier and RequestRedirect HTTP filters in + outbound policy; filters may be added at the route or backend level + * Added support for the `ResponseHeaderModifier` HTTPRoute filter + * Added support for HTTPRoutes defined in the consumer namespace + * Added support for HTTPRoute `parent_refs` that do not specify a port +* CRDs + * Patched the MeshTLSAuthentication CRD to force providing at least one + identity/identityRef +* Control Plane + * Send Opaque protocol hint for opaque ports in destination controller + * Replaced deprecated `failure-domain.beta.kubernetes.io/zone` labels in Helm + charts with `topology.kubernetes.io/zone` labels (thanks @piyushsingariya!) + * Replaced `server_port_subscribers` Destination controller gauge metric with + `server_port_subscribes` and `server_port_unsubscribes` counter metrics +* Proxy + * Handle Opaque protocol hints on endpoints + * Added `outbound_http_balancer_endpoints` metric + * Fixed missing route_ metrics for requests with ServiceProfiles + * Fixed proxy startup failure when using the `config.linkerd.io/admin-port` + annotation (thanks @jclegras!) + * Added distinguishable version information to proxy logs and metrics +* CLI + * The `linkerd diagnostics policy` command now displays outbound policy when + the target resource is a Service + * A fix for HA validation checks when Linkerd is installed with Helm. Thanks + @mikutas!! +* Viz + * Add the `kubelet` NetworkAuthentication back since it is used by the + `linkerd viz allow-scrapes` subcommand. + * Fixed the `linkerd viz check` command so that it will wait until the viz + extension becomes ready + * Fixed an issue where specifying a `remote_write` config would cause the + Prometheus config to be invalid (thanks @hiteshwani29) + * Improved validation of the `--to` and `--from` flags for the `linkerd viz stat` + command (thanks @pranoyk) + * Added `-o jsonpath` flag to `linkerd viz tap` to allow filtering output fields + (thanks @hiteshwani29!) + * Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!) + * Fixed missing "Services" menu item in the Spanish localization for the + `linkerd-viz` web dashboard (thanks @mclavel!) +* Extensions + * Added missing label `linkerd.io/extension` to certain resources to ensure they + pruned when appropriate (thanks @ClementRepo) + * Added tolerations and nodeSelector support in extensions `namespace-metadata` + Jobs (thanks @pssalman!) +* Init Containers + * Added an option for disabling the network validator's security context for + environments that provide their own +* CNI + * Added --set flag to install-cni plugin (thanks @amit-62!) + * Fixed missing resource-cni labels on linkerd-cni, this blocked the + linkerd-cni pods from coming up when the injector was broken (thanks + @migueleliasweb!) +* Build + * Build improvements for multi-arch build artifacts. Thanks @MarkSRobinson!! + +This release includes changes from a massive list of contributors! A special +thank-you to everyone who helped make this release possible: + +* Amir Karimi @AMK9978 +* Amit Kumar @amit-62 +* Andre Marcelo-Tanner @kzap +* Andrew @andrew-gropyus +* Arnaud Beun @bunnybilou +* Clement @proxfly +* Dima @krabradosty +* Grégoire Bellon-Gervais @albundy83 +* Harsh Soni @harsh020 +* Jean-Charles Legras @jclegras +* Loong Dai @daixiang0 +* Mark Robinson @MarkSRobinson +* Miguel Elias dos Santos @migueleliasweb +* Pranoy Kumar Kundu @pranoyk +* Ryan Hristovski @ryanhristovski +* Takumi Sue @mikutas +* Zakhar Bessarab @zekker6 +* hiteshwani29 @hiteshwani29 +* pheianox +* pssalman @pssalman + ## edge-23.8.3 This is a release candidate for stable-2.14.0; we encourage you to help trying diff --git a/charts/linkerd-control-plane/Chart.yaml b/charts/linkerd-control-plane/Chart.yaml index 3decf8e7097c5..ee753389eb80b 100644 --- a/charts/linkerd-control-plane/Chart.yaml +++ b/charts/linkerd-control-plane/Chart.yaml @@ -16,7 +16,7 @@ dependencies: - name: partials version: 0.1.0 repository: file://../partials -version: 1.14.3-edge +version: 1.15.0 icon: https://linkerd.io/images/logo-only-200h.png maintainers: - name: Linkerd authors diff --git a/charts/linkerd-control-plane/README.md b/charts/linkerd-control-plane/README.md index 49deef1e58676..e5f10bcc08a3e 100644 --- a/charts/linkerd-control-plane/README.md +++ b/charts/linkerd-control-plane/README.md @@ -3,7 +3,7 @@ Linkerd gives you observability, reliability, and security for your microservices — with no code change required. -![Version: 1.14.3-edge](https://img.shields.io/badge/Version-1.14.3--edge-informational?style=flat-square) +![Version: 1.15.0](https://img.shields.io/badge/Version-1.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) diff --git a/charts/linkerd-crds/Chart.yaml b/charts/linkerd-crds/Chart.yaml index be8c461ab903e..ce62353fdd8e2 100644 --- a/charts/linkerd-crds/Chart.yaml +++ b/charts/linkerd-crds/Chart.yaml @@ -14,7 +14,7 @@ dependencies: - name: partials version: 0.1.0 repository: file://../partials -version: 1.7.4-edge +version: 1.8.0 icon: https://linkerd.io/images/logo-only-200h.png maintainers: - name: Linkerd authors diff --git a/charts/linkerd-crds/README.md b/charts/linkerd-crds/README.md index 6419073a41984..28cf91e3c33b6 100644 --- a/charts/linkerd-crds/README.md +++ b/charts/linkerd-crds/README.md @@ -3,7 +3,7 @@ Linkerd gives you observability, reliability, and security for your microservices — with no code change required. -![Version: 1.7.4-edge](https://img.shields.io/badge/Version-1.7.4--edge-informational?style=flat-square) +![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) **Homepage:** diff --git a/charts/linkerd2-cni/Chart.yaml b/charts/linkerd2-cni/Chart.yaml index ae39a7433c9f7..16a3c37159810 100644 --- a/charts/linkerd2-cni/Chart.yaml +++ b/charts/linkerd2-cni/Chart.yaml @@ -9,4 +9,4 @@ description: | kubeVersion: ">=1.21.0-0" icon: https://linkerd.io/images/logo-only-200h.png name: "linkerd2-cni" -version: 30.10.0-edge +version: 30.11.0 diff --git a/charts/linkerd2-cni/README.md b/charts/linkerd2-cni/README.md index 387dd6a0fd401..49fcb2da5f4e9 100644 --- a/charts/linkerd2-cni/README.md +++ b/charts/linkerd2-cni/README.md @@ -6,7 +6,7 @@ Linkerd [CNI plugin](https://linkerd.io/2/features/cni/) takes care of setting up your pod's network so incoming and outgoing traffic is proxied through the data plane. -![Version: 30.10.0-edge](https://img.shields.io/badge/Version-30.10.0--edge-informational?style=flat-square) +![Version: 30.11.0](https://img.shields.io/badge/Version-30.11.0-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) diff --git a/cli/cmd/testdata/install_crds.golden b/cli/cmd/testdata/install_crds.golden index 420f00dfb7d8e..b9711ead3a38e 100644 --- a/cli/cmd/testdata/install_crds.golden +++ b/cli/cmd/testdata/install_crds.golden @@ -6,7 +6,7 @@ metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined labels: - helm.sh/chart: linkerd-crds-1.7.4-edge + helm.sh/chart: linkerd-crds-1.8.0 linkerd.io/control-plane-ns: linkerd spec: group: policy.linkerd.io @@ -105,7 +105,7 @@ metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined labels: - helm.sh/chart: linkerd-crds-1.7.4-edge + helm.sh/chart: linkerd-crds-1.8.0 linkerd.io/control-plane-ns: linkerd spec: group: policy.linkerd.io @@ -5321,7 +5321,7 @@ metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined labels: - helm.sh/chart: linkerd-crds-1.7.4-edge + helm.sh/chart: linkerd-crds-1.8.0 linkerd.io/control-plane-ns: linkerd spec: group: policy.linkerd.io @@ -5409,7 +5409,7 @@ metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined labels: - helm.sh/chart: linkerd-crds-1.7.4-edge + helm.sh/chart: linkerd-crds-1.8.0 linkerd.io/control-plane-ns: linkerd spec: group: policy.linkerd.io @@ -5462,7 +5462,7 @@ metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined labels: - helm.sh/chart: linkerd-crds-1.7.4-edge + helm.sh/chart: linkerd-crds-1.8.0 linkerd.io/control-plane-ns: linkerd spec: group: policy.linkerd.io @@ -5728,7 +5728,7 @@ metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined labels: - helm.sh/chart: linkerd-crds-1.7.4-edge + helm.sh/chart: linkerd-crds-1.8.0 linkerd.io/control-plane-ns: linkerd spec: group: policy.linkerd.io @@ -5863,7 +5863,7 @@ metadata: annotations: linkerd.io/created-by: linkerd/cli dev-undefined labels: - helm.sh/chart: linkerd-crds-1.7.4-edge + helm.sh/chart: linkerd-crds-1.8.0 linkerd.io/control-plane-ns: linkerd spec: group: linkerd.io @@ -6141,7 +6141,7 @@ metadata: gateway.networking.k8s.io/channel: experimental linkerd.io/created-by: linkerd/cli dev-undefined labels: - helm.sh/chart: linkerd-crds-1.7.4-edge + helm.sh/chart: linkerd-crds-1.8.0 linkerd.io/control-plane-ns: linkerd creationTimestamp: null name: httproutes.gateway.networking.k8s.io diff --git a/jaeger/charts/linkerd-jaeger/Chart.yaml b/jaeger/charts/linkerd-jaeger/Chart.yaml index af551871afd71..a9eaaf8b826f6 100644 --- a/jaeger/charts/linkerd-jaeger/Chart.yaml +++ b/jaeger/charts/linkerd-jaeger/Chart.yaml @@ -11,7 +11,7 @@ kubeVersion: ">=1.21.0-0" name: linkerd-jaeger sources: - https://github.com/linkerd/linkerd2/ -version: 30.10.10-edge +version: 30.11.0 icon: https://linkerd.io/images/logo-only-200h.png maintainers: - name: Linkerd authors diff --git a/jaeger/charts/linkerd-jaeger/README.md b/jaeger/charts/linkerd-jaeger/README.md index d11cf7e5cae92..6e53b48afbf52 100644 --- a/jaeger/charts/linkerd-jaeger/README.md +++ b/jaeger/charts/linkerd-jaeger/README.md @@ -3,7 +3,7 @@ The Linkerd-Jaeger extension adds distributed tracing to Linkerd using OpenCensus and Jaeger. -![Version: 30.10.10-edge](https://img.shields.io/badge/Version-30.10.10--edge-informational?style=flat-square) +![Version: 30.11.0](https://img.shields.io/badge/Version-30.11.0-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) diff --git a/multicluster/charts/linkerd-multicluster/Chart.yaml b/multicluster/charts/linkerd-multicluster/Chart.yaml index 7a4132ac605bb..f7f6de639f2c5 100644 --- a/multicluster/charts/linkerd-multicluster/Chart.yaml +++ b/multicluster/charts/linkerd-multicluster/Chart.yaml @@ -11,7 +11,7 @@ kubeVersion: ">=1.21.0-0" name: "linkerd-multicluster" sources: - https://github.com/linkerd/linkerd2/ -version: 30.9.10-edge +version: 30.10.0 icon: https://linkerd.io/images/logo-only-200h.png maintainers: - name: Linkerd authors diff --git a/multicluster/charts/linkerd-multicluster/README.md b/multicluster/charts/linkerd-multicluster/README.md index c9c8173de3971..479c1cfe16160 100644 --- a/multicluster/charts/linkerd-multicluster/README.md +++ b/multicluster/charts/linkerd-multicluster/README.md @@ -3,7 +3,7 @@ The Linkerd-Multicluster extension contains resources to support multicluster linking to remote clusters -![Version: 30.9.10-edge](https://img.shields.io/badge/Version-30.9.10--edge-informational?style=flat-square) +![Version: 30.10.0](https://img.shields.io/badge/Version-30.10.0-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) diff --git a/viz/charts/linkerd-viz/Chart.yaml b/viz/charts/linkerd-viz/Chart.yaml index a8e39fecb2334..c271cccd72cdb 100644 --- a/viz/charts/linkerd-viz/Chart.yaml +++ b/viz/charts/linkerd-viz/Chart.yaml @@ -11,7 +11,7 @@ kubeVersion: ">=1.21.0-0" name: "linkerd-viz" sources: - https://github.com/linkerd/linkerd2/ -version: 30.10.9-edge +version: 30.11.0 icon: https://linkerd.io/images/logo-only-200h.png maintainers: - name: Linkerd authors diff --git a/viz/charts/linkerd-viz/README.md b/viz/charts/linkerd-viz/README.md index 1999c5462a636..64d132ac0068b 100644 --- a/viz/charts/linkerd-viz/README.md +++ b/viz/charts/linkerd-viz/README.md @@ -3,7 +3,7 @@ The Linkerd-Viz extension contains observability and visualization components for Linkerd. -![Version: 30.10.9-edge](https://img.shields.io/badge/Version-30.10.9--edge-informational?style=flat-square) +![Version: 30.11.0](https://img.shields.io/badge/Version-30.11.0-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square)