Releases: linkerd/linkerd2
stable-2.12.6
stable-2.12.6
This stable release backports a service mirror memory leak fix. The service
mirror previously had an issue where certain resources weren't cleaned up
properly resulting in a memory leak.
- Fixed a memory leak in the multicluster service mirror component (10746)
stable-2.14.0
adleong
Alex Leong
stable-2.14.0
This release introduces direct pod-to-pod multicluster service mirroring. When
clusters are deployed on a flat network, Linkerd can export multicluster
services in a way where cross-cluster traffic does not need to go through the
gateway. This enhances multicluster authentication and can reduce the need for
provisioning public load balancers.
In addition, this release adds support for the
Gateway API HTTPRoute resource (in the
gateway.networking.k8s.io api group). This improves compatibility with other
tools that use these resources such as Flagger and
Argo Rollouts. The release also includes
a large number of features and improvements to HTTPRoute including the ability
to set timeouts and the ability to define consumer-namespace HTTPRoutes.
Finally, this release includes a number of bugfixes, performance improvements,
and other smaller additions.
Upgrade notes: Please see the
upgrade instructions.
- Multicluster
- Remove namespace field from cluster scoped resources to fix pruning
- Added -o json flag for the
linkerd multicluster gatewayscommand (thanks
@hiteshwani29) - Introduced
logFormatvalue to the multiclusterLinkHelm Chart (thanks
@bunnybilou!) - Added leader-election capabilities to the service-mirror controller
- Added high-availability (HA) mode for the multicluster service-mirror
- Added a new
remoteDiscoverySelectorfield to the multiclusterLinkCRD,
which enables a service mirroring mode where the control plane
performs discovery for the mirrored service from the remote cluster, rather
than creating Endpoints for the mirrored service in the source cluster
- HTTPRoute
- Fixed
linkerd uninstallissue for HTTPRoute - Added support for
gateway.networking.k8s.ioHTTPRoutes in the policy
controller - Added support for RequestHeaderModifier and RequestRedirect HTTP filters in
outbound policy; filters may be added at the route or backend level - Added support for the
ResponseHeaderModifierHTTPRoute filter - Added support for HTTPRoutes defined in the consumer namespace
- Added support for HTTPRoute
parent_refsthat do not specify a port
- Fixed
- CRDs
- Patched the MeshTLSAuthentication CRD to force providing at least one
identity/identityRef
- Patched the MeshTLSAuthentication CRD to force providing at least one
- Control Plane
- Send Opaque protocol hint for opaque ports in destination controller
- Replaced deprecated
failure-domain.beta.kubernetes.io/zonelabels in Helm
charts withtopology.kubernetes.io/zonelabels (thanks @piyushsingariya!) - Replaced
server_port_subscribersDestination controller gauge metric with
server_port_subscribesandserver_port_unsubscribescounter metrics
- Proxy
- Handle Opaque protocol hints on endpoints
- Added
outbound_http_balancer_endpointsmetric - Fixed missing route_ metrics for requests with ServiceProfiles
- Fixed proxy startup failure when using the
config.linkerd.io/admin-port
annotation (thanks @jclegras!) - Added distinguishable version information to proxy logs and metrics
- CLI
- The
linkerd diagnostics policycommand now displays outbound policy when
the target resource is a Service - A fix for HA validation checks when Linkerd is installed with Helm. Thanks
@mikutas!!
- The
- Viz
- Add the
kubeletNetworkAuthentication back since it is used by the
linkerd viz allow-scrapessubcommand. - Fixed the
linkerd viz checkcommand so that it will wait until the viz
extension becomes ready - Fixed an issue where specifying a
remote_writeconfig would cause the
Prometheus config to be invalid (thanks @hiteshwani29) - Improved validation of the
--toand--fromflags for thelinkerd viz stat
command (thanks @pranoyk) - Added
-o jsonpathflag tolinkerd viz tapto allow filtering output fields
(thanks @hiteshwani29!) - Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!)
- Fixed missing "Services" menu item in the Spanish localization for the
linkerd-vizweb dashboard (thanks @mclavel!)
- Add the
- Extensions
- Added missing label
linkerd.io/extensionto certain resources to ensure they
pruned when appropriate (thanks @ClementRepo) - Added tolerations and nodeSelector support in extensions
namespace-metadata
Jobs (thanks @pssalman!)
- Added missing label
- Init Containers
- Added an option for disabling the network validator's security context for
environments that provide their own
- Added an option for disabling the network validator's security context for
- CNI
- Added --set flag to install-cni plugin (thanks @amit-62!)
- Fixed missing resource-cni labels on linkerd-cni, this blocked the
linkerd-cni pods from coming up when the injector was broken (thanks
@migueleliasweb!)
- Build
- Build improvements for multi-arch build artifacts. Thanks @MarkSRobinson!!
This release includes changes from a massive list of contributors! A special
thank-you to everyone who helped make this release possible:
- Amir Karimi @AMK9978
- Amit Kumar @amit-62
- Andre Marcelo-Tanner @kzap
- Andrew @andrew-gropyus
- Arnaud Beun @bunnybilou
- Clement @proxfly
- Dima @krabradosty
- Grégoire Bellon-Gervais @albundy83
- Harsh Soni @harsh020
- Jean-Charles Legras @jclegras
- Loong Dai @daixiang0
- Mark Robinson @MarkSRobinson
- Miguel Elias dos Santos @migueleliasweb
- Pranoy Kumar Kundu @pranoyk
- Ryan Hristovski @ryanhristovski
- Takumi Sue @mikutas
- Zakhar Bessarab @zekker6
- hiteshwani29 @hiteshwani29
- pheianox
- pssalman @pssalman
Contributors
Assets 15
edge-23.8.3
alpeb
Alejandro Pedraza
edge-23.8.3
This is a release candidate for stable-2.14.0; we encourage you to help trying
it out!
This edge release contains a number of improvements over the multi-cluster
features introduced in the last edge release supporting flat networks. It also
hardens the containers security stance by removing write access to the root
filesystem.
- Enhanced
linkerd multicluster linkto allow clusters to be linked without a
gateway (#11226) - Added cluster store size gauge metric (#11256)
- Disabled local traffic policy for remote discovery (#11257)
- Fixed various innocuous multi-cluster warnings (#11251, #11246, #11253)
- Set
readOnlyRootFilesystem: truein all the containers, as they don't
require write permissions (#11221; fixes #11142) (thanks @mikutas!)
Contributors
Assets 14
edge-23.8.2
hawkw
Eliza Weisman
edge-23.8.2
This edge release adds improvements to Linkerd's multi-cluster features as part
of the flat network support planned for Linkerd stable-2.14.0. In addition, it
fixes an issue (#10764) where warnings about an invalid metric were logged
frequently by the Destination controller.
- Added a new
remoteDiscoverySelectorfield to the multiclusterLinkCRD,
which enables a service mirroring mode where the control plane
performs discovery for the mirrored service from the remote cluster, rather
than creating Endpoints for the mirrored service in the source cluster
(#11190, #11201, #11220, and #11224) - Fixed missing "Services" menu item in the Spanish localization for the
linkerd-vizweb dashboard (#11229) (thanks @mclavel!) - Replaced
server_port_subscribersDestination controller gauge metric with
server_port_subscribesandserver_port_unsubscribescounter metrics
(#11206; fixes #10764) - Replaced deprecated
failure-domain.beta.kubernetes.io/zonelabels in Helm
charts withtopology.kubernetes.io/zonelabels (#11148; fixes #11114)
(thanks @piyushsingariya!)
Contributors
Assets 14
stable-2.13.6
hawkw
Eliza Weisman
stable-2.13.6
This stable release fixes a regression introduced in stable-2.13.0 which
resulted in proxies shedding load too aggressively while under moderate request
load to a single service (#11055). In addition, it updates the base image for
the linkerd-cni initcontainer to resolve a CVE in libdb (#11196), fixes a
race condition in the Destination controller that could cause it to crash
(#11163), as well as fixing a number of other issues.
-
Control Plane
-
Proxy
-
CLI
-
CNI
- Updated
linkerd-cnibase image to resolve CVE-2019-8457 inlibdb
(#11196) - Changed the CNI plugin installer to always run in 'chained' mode; the plugin
will now wait until another CNI plugin is installed before appending its
configuration (#10849) - Removed
hostNetwork: truefrom linkerd-cni Helm chart templates
(#11158; fixes #11141) (thanks @abhijeetgauravm!)
- Updated
-
Multicluster
- Fixed the
linkerd multicluster checkcommand failing in the presence of
lots of mirrored services (#10764)
- Fixed the
Contributors
Assets 15
edge-23.8.1
alpeb
Alejandro Pedraza
edge-23.8.1
This edge release restores a proxy setting for it to shed load less aggressively
while under high load, which should result in lower error rates (see #11055). It
also removes the usage of host networking in the linkerd-cni extension.
- Changed the default HTTP request queue capacities for the inbound and outbound
proxies back to 10,000 requests (see #11055 and #11198) - Lifted need of using host networking in the linkerd-cni Daemonset (#11141)
(thanks @abhijeetgauravm!)
Contributors
Assets 14
edge-23.7.3
adleong
Alex Leong
edge-23.7.3
This edge release improves Linkerd's support for HttpRoute by allowing
parent_ref ports to be optional, allowing HttpRoutes to be defined in a
consumer's namespace, and adding support for the ResponseHeaderModifier filter.
It also fixes a panic in the destination controller.
- Added an option for disabling the network validator's security context for
environments that provide their own - Added high-availability (HA) mode for the multicluster service-mirror
- Added support for HttpRoute
parent_refsthat do not specify a port - Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!)
- Added support for HttpRoutes defined in the consumer namespace
- Improved the granularity of logging levels in the control plane
- Fixed a race condition in the destination controller that could cause it to
panic - Added support for the
ResponseHeaderModifierHttpRoute filter - Updated extension CLI commands to prefer the
--registerflag over the
LINKERD_DOCKER_REGISTRYenvironment variable, making the precedence more
consistent (thanks @harsh020!)
Contributors
Assets 14
edge-23.7.2
edge-23.7.2
This edge release introduces support for HTTP filters configured through both
policy.linkerd.io and gateway.networking.k8s.io HTTPRoute resources.
Currently, RequestHeaderModifier and RequestRedirect HTTP filters are
supported. Additionally, this release fixes an issue with the linkerd-cni
chart.
- Added support for RequestHeaderModifier and RequestRedirect HTTP filters in
outbound policy; filters may be added at the route or backend level - Fixed missing resource-cni labels on linkerd-cni, this blocked the
linkerd-cni pods from coming up when the injector was broken (thanks
@migueleliasweb!)
Contributors
Assets 14
edge-23.7.1
hawkw
Eliza Weisman
edge-23.7.1
This edge release adds support for the upstream gateway.networking.k8s.io
HTTPRoute resource (in addition to the policy.linkerd.io CRD installed by
Linkerd). Furthermore, it fixes a bug where the ingress-mode proxy would fail to
fall back to ServiceProfiles for destinations without HTTPRoutes.
- Added support for
gateway.networking.k8s.ioHTTPRoutes in the policy
controller - Added distinguishable version information to proxy logs and metrics
- Fixed incorrect handling of
NotFoundclient policies in ingress-mode proxies
edge-23.6.3
alpeb
Alejandro Pedraza
edge-23.6.3
This edge release adds leader-election capabilities to the service-mirror
controller under the hood, as a precursor to HA mode in an upcoming release. It
also includes a linkerd viz tap improvement and a proxy startup bugfix, both
contributed by the community!
- Added leader-election capabilities to the service-mirror controller
- Added
-o jsonpathflag tolinkerd viz tapto allow filtering output fields
(thanks @hiteshwani29!) - Fixed proxy startup failure when using the
config.linkerd.io/admin-port
annotation (thanks @jclegras!)