-
edge-20.10.1e1772ae1 · ·
## edge-20.10.1 This edge release includes a couple of external contributions towards improved cert-manager support and Grafana charts fixes, among other enhancements. * Changed the type of the injector and tap API secrets to `kubernetes.io/tls`, so they can be provisioned by cert-manager (thanks @cypherfox!) * Fixed the "Kubernetes cluster monitoring" Grafana dashboard that had a few charts with incomplete data (thanks @aimbot31!) * Fixed the `service-mirror` multicluster component so that it retries connections to the target cluster's Kubernetes API when it's not reachable, instead of blocking * Increased the proxy's default timeout for DNS resolution to 500ms, as there were reports that 100ms was too restrictive
-
edge-20.9.455dd49e8 · ·
This edge release introduces support for authenticated docker registries and fixes a recent multicluster regression. * Fixed a regression in multicluster gateway configurations that would forbid inbound gateway traffic * Upgraded bundled Grafana to v7.1.5 * Enabled Jaeger receiver in collector configuration in Helm chart (thanks @olivierboudet!) * Fixed skip port configuration being skipped in CNI plugin * Introduced support for authenticated docker registries (thanks @c-n-c!)
-
edge-20.9.377a55be7 · ·
This edge release includes fixes and updates for the control plane and CLI. * Added `--dest-cni-bin-dir` flag to the `linkerd install-cni` command, to configure the directory on the host where the CNI binary will be placed * Removed `collector.name` and `jaeger.name` config fields from the tracing addon * Updated Jaeger to 1.19.2 * Fixed a warning about deprecated Go packages in controller container logs
-
edge-20.9.28d1fb808 · ·
This edge release continues the work of adding support for mTLS for all TCP traffic and changes the default container registry to `ghcr.io` from `gcr.io`. If you are upgrading from `stable-2.8.x` with the Linkerd CLI using the `linkerd upgrade` command, you must add the `--addon-overwrite` flag to ensure that the grafana image is properly set. * Removed the default timeout for ServiceProfiles so that ServiceProfile routes behave the same as when there is no ServiceProfile definition * Changed default docker image repository to ghcr.io from gcr.io. **Users who pull the images into private repositories should take note of this change** * Added endpoint labels to outbound TCP metrics to provide more context and detail for the metrics, add load balancing to TCP connections (bypassing kube-proxy), and secure the connection with mTLS when both endpoints are meshed * Made unnamed ServiceProfile discovery configurable using the `proxy.destinationGetNetworks` variable to set the `LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS` variable in the proxy chart template * Added TLS certificate validation for the Injector, SP Validator, and Tap webhooks to the `linkerd check` command
-
edge-20.9.1565b5e43 · ·
## edge-20.9.1 This edge release contains an important proxy update that allows linkerd to continue to operate normally in HA during node outages. We're also adding full Kubernetes 1.19 support! * Improved the proxy's error handling for DNS errors encountered when discovering control plane addresses, which can be common during installation, before all components have been started * The destination and identity services had to be made headless in order to support that new controller discovery (which now can leverage SRV records) * Use SAN fields when generating the linkerd webhook configs; this completes the Kubernetes 1.19 support which enforces them * Fixed `linkerd check` for multicluster that was spuriously claiming the absence of some resources * Improved the injection test cleanup (thanks @zhouhao3!) * Added ability to run the integration test suite using a cluster in an ARM architecture (thanks @aliariff!)
-
edge-20.8.4d28044db · ·
* Fixed a problem causing the `enable-endpoint-slices` flag to not be persisted when set via `linkerd upgrade` (thanks @Matei207!) * Removed SMI-Metrics templates and experimental sub-commands * Use `--frozen-lockfile` to avoid accidental update of dashboard JS dependencies in CI (thanks @tharun208!)
-
edge-20.8.383d69bed · ·
This edge release adds support for [topology-aware service routing][topology] to the Destination controller. When providing service discovery updates to proxies, the Destination controller will now filter endpoints based on the service's topology preferences. Additionally, this release includes bug fixes for the `linkerd check` CLI command and web dashboard. * CLI * `linkerd check` will no longer warn about a looser webhook failure policy in HA mode * Controller * Added support for [topology-aware service routing][topology] to the Destination controller (thanks @Matei207) * Changed the Destination controller to always return destination overrides for service profiles when no traffic split is present * Web UI * Fixed Tap `Authority` dropdown not being populated (thanks to @tharun208!) [topology]: https://kubernetes.io/docs/concepts/services-networking/service-topology/
-
edge-20.8.2311a97a6 · ·
This edge release adds an internationalization framework to the dashboard, Spanish translations to the dashboard UI, and a `linkerd multicluster uninstall` command for graceful removal of the multicluster components. * Web UI * Added Spanish translations to the dashboard * Added a framework and documentation to simplify creation of new translations * Multicluster * Added a multicluster uninstall command * Added a warning from `linkerd check --multicluster` if the multicluster support is not installed
-
edge-20.8.1729abf7f · ·
This edge adds multi-arch support to Linkerd! Our docker images and CLI now support the amd64, arm64, and arm architectures. * Multicluster * Added a multicluster unlink command for removing multicluster links * Improved multicluster checks to be more informative when the remote API is not reachable * Proxy * Enabled a multi-threaded runtime to substantially improve latency especially when the proxy is serving requests for many concurrent connections * Other * Fixed an issue where the debug sidecar image was missing during upgrades (thanks @javaducky!) * Updated all control plane plane and proxy container images to be multi-arch to support amd64, arm64, and arm (thanks @aliariff!) * Fixed an issue where check was failing when DisableHeartBeat was set to true (thanks @mvaal!)
-
edge-20.7.5e62ff75c · ·
## edge-20.7.5 This edge brings a new approach to multicluster service mirror controllers and the way services in target clusters are selected for mirroring. The long-awaited Bring-Your-Own-Prometheus case has been finally addressed. Many other improvements from our great contributors are described below. Also note progress is still being made under the covers for future support for Service Topologies (by @Matei207) and delivering image builds in multiple platforms (by @aliariff). * Multicluster * Replaced the single `service-mirror` controller, with separate controllers that will be installed per target cluster through `linkerd multicluster link`. More info [here](https://github.com/linkerd/linkerd2/pull/4710). * Changed the mechanism for mirroring services: instead of relying on annotations on the target services, now the source cluster should specify which services from the target cluster should be exported by using a label selector. More info [here](https://github.com/linkerd/linkerd2/pull/4795). * Added new section in the dashboard for exposing multicluster gateway metrics (thanks @tharun208!) * Prometheus * Added `global.prometheusUrl` to the Helm config to have linkerd use an external Prometheus instance instead of the one provided by default. * Added ability to declare sidecar containers in the Prometheus Helm config. This allows adding components for cases like exporting logs to services such as Cloudwatch, Stackdriver, Datadog, etc. (thanks @memory!) * Upgraded Prometheus to the latest version (v2.19.3), which should consume substantially less memory, among other benefits. * Other * Fixed bug in `linkerd check` that was failing to wait for Prometheus to be available right after having installed linkerd. * Added ability to set `priorityClassName` for CNI DaemonSet pods, and to install CNI in an existing namespace (both options provided through the CLI and as Helm configs) (thanks @alex-berger!) * Added support for overriding the proxy's inbound and outbout TCP connection timeouts (thanks @mmiller1!) * Added library support for dashboard i18n. Strings still need to be tagged and translations to be added. More info [here](https://github.com/linkerd/linkerd2/pull/4803). * In some Helm charts, replaced the non-standard `linkerd.io/helm-release-version` annotation with `checksum/config` for forcing restarting the component during upgrades (thanks @naseemkullah!) * Upgraded the proxy init-container to v1.3.4, which comes with an updated debian-buster distro and will provide cleaner logs listing the iptables rules applied.
-
edge-20.7.476f73a27 · ·
This edge release adds support for the new Kubernetes [EndpointSlice](https://kubernetes.io/docs/concepts/services-networking/endpoint-slices/) resource to the Destination controller. Using the EndpointSlice API is more efficient for the Kubernetes control plane than using the Endpoints API. If the cluster supports EndpointSlices (a beta feature in Kubernetes 1.17), Linkerd can be installed with `--enable-endpoint-slices` flag to use this resource rather than the Endpoints API. * Added fish shell completions to the `linkerd` command (thanks @WLun001!) * Enabled the support for EndpointSlices (thanks @Matei207!) * Separated Prometheus checks and made them runnable only when the add-on is enabled
-
edge-20.7.3f9a8ed29 · ·
* Add preliminary support for EndpointSlices which will be usable in future releases (thanks @Matei207!) * Internal improvements to the CI process for testing Helm installations
-
edge-20.7.2a30213b7 · ·
This edge release moves Linkerd's bundled Prometheus into an add-on. This makes the Linkerd Prometheus more configurable, gives it a separate upgrade lifecycle from the rest of the control plane, and will allow users to disable the bundled Prometheus instance. In addition, this release includes fixes for several issues, including a regression where the proxy would fail to report OpenCensus spans. * Prometheus is now an optional add-on, enabled by default * Custom tolerations can now be specified for control plane resources when installing with Helm (thanks @DesmondH0!) * Evicted data plane pods are no longer considered to be failed by `linkerd check --proxy`, fixing an issue where the check would be retried indefinitely as long as evicted pods are present * Fixed a regression where proxy spans were not reported to OpenCensus * Fixed a bug where the proxy injector would fail to render skipped port lists when installed with Helm * Internal improvements to the proxy for lower latencies under high concurrency * Thanks to @Hellcatlk and @surajssd for adding new unit tests and spelling fixes!
-
edge-20.7.13862aba3 · ·
This edge release features the option to persist prometheus data to a volume instead of memory, so that historical metrics are available when prometheus is restarted. Additional changes are outlined in the bullet points below. * Some commands like `linkerd stat` would fail if any control plane components were unhealthy, even when other replicas are healthy. The check conditions for these commands have been improved * The helm chart can now configure persistent storage for Prometheus (thanks @naseemkullah!) * The proxy log output format can now be configured to `plain` or `json` using the `config.linkerd.io/proxy-log-format` annotation or the `global.proxy.logFormat` value in the helm chart (thanks again @naseemkullah!) * `linkerd install --addon-config=` now supports URLs in addition to local files * The CNI Helm chart used the incorrect variable name to determine the `createdBy` version tag. This is now controlled by `cniPluginVersion` in the helm chart * The proxy's default buffer size has been increased, which reduces latency when the proxy has many concurrent clients
-
edge-20.6.41b9ca518 · ·
This edge release moves the proxy onto a new version of the Tokio runtime. This allows us to more easily integrate with the ecosystem and may yield performance benefits as well. * Upgraded the proxy's underlying Tokio runtime and its related libraries * Added support for PKCS8 formatted ECDSA private keys * Added support for Helm configuration of per-component proxy resources requests and limits (thanks @cypherfox!) * Updated the `linkerd inject` command to throw an error while injecting non-compliant pods (thanks @mayankshah1607)
-
stable-2.8.183ae0ccf · ·
## stable-2.8.1 This release fixes multicluster gateways support on EKS. * The multicluster service-mirror has been extended to resolve DNS names for target clusters when an IP address is not known. * Linkerd checks could fail when run from the dashboard. Thanks to @alex-berger for providing a fix! * Have the service mirror controller check in `linkerd check` retry on failures. * As of this version we're including a Chocolatey package (Windows) next to the other binaries in the release assets in GitHub. * Base images have been updated: * debian:buster-20200514-slim * grafana/grafana:7.0.3 * The shell scripts under `bin` continued to be improved, thanks to @joakimr-axis!
-
edge-20.6.382e91382 · ·
## edge-20.6.3 This edge release is a release candidate for stable-2.8.1. It includes a fix to support multicluster gateways on EKS. * The `config.linkerd.io/proxy-destination-get-networks` annotation configures the networks for which a proxy can discover metadata. This is an advanced configuration option that has security implications. * The multicluster service-mirror has been extended to resolve DNS names for target clusters when an IP address it not known. * Linkerd checks could fail when run from the dashboard. Thanks to @alex-berger for providing a fix! * The CLI will be published for Chocolatey (Windows) on future stable releases. * Base images have been updated: * debian:buster-20200514-slim * grafana/grafana:7.0.3
-
stable-2.8.07a9527bf · ·
This release introduces new a multi-cluster extension to Linkerd, allowing it to establish connections across Kubernetes clusters that are secure, transparent to the application, and work with any network topology. * The CLI has a new set of `linkerd multicluster` sub-commands that provide tooling to create the resources needed to discover services across Kubernetes clusters. * The `linkerd multicluster gateways` command exposes gateway-specific telemetry to supplement the existing `stat` and `tap` commands. * The Linkerd-provided Grafana instance remains enabled by default, but it can now be disabled. When it is disabled, the Linkerd dashboard can be configured to link to an alternate, externally-managed Grafana instance. * Jaeger & OpenCensus are configurable as an [add-on][addon-2.8.0]; and the proxy has been improved to emit spans with labels that reflect its pod's metadata. * The `linkerd-cni` component has been promoted from _experimental_ to _stable_. * `linkerd profile --open-api` now honors the `x-linkerd-retryable` and `x-linkerd-timeout` OpenAPI annotations. * The Helm chart continues to become more flexible and modular, with new Prometheus configuration options. More information is available in the [Helm chart README][helm-2.8.0]. * gRPC stream error handling has been improved so that transport errors are indicated to the client with a `grpc-status: UNAVAILABLE` trailer. * The proxy's memory footprint could grow significantly when server-speaks-first-protocol connections hit the proxy. Now, a timeout is in place to prevent these connections from consuming resources. * After benchmarking the proxy in high-concurrency situations, the inbound proxy has been improved to reduce contention, improving latency and reducing spurious timeouts. * The proxy could fail requests to services that had only 1 request every 60 seconds. This race condition has been eliminated. * Finally, users reported that ingress misconfigurations could cause the proxy to consume an entire CPU which could lead to timeouts. The proxy now attempts to prevent the most common traffic-loop scenarios to protect against this. ***NOTE***: Linkerd's `multicluster` extension does not yet work on Amazon EKS. We expect to follow this release with a stable-2.8.1 to address this issue. Follow [#4582](https://github.com/linkerd/linkerd2/pull/4582) for updates. This release includes changes from a massive list of contributors. A special thank-you to everyone who helped make this release possible: @aliariff, @amariampolskiy, @arminbuerkle, @arthursens, @christianhuening, @christyjacob4, @cypherfox, @daxmc99, @dr0pdb, @drholmie, @hydeenoble, @joakimr-axis, @jpresky, @kohsheen1234, @lewiscowper, @lundbird, @matei207, @mayankshah1607, @mmiller1, @naseemkullah, @sannimichaelse, & @supra08. [addon-2.8.0]: https://github.com/linkerd/linkerd2/blob/4219955bdb5441c5fce192328d3760da13fb7ba1/charts/linkerd2/README.md#add-ons-configuration [helm-2.8.0]: https://github.com/linkerd/linkerd2/blob/4219955bdb5441c5fce192328d3760da13fb7ba1/charts/linkerd2/README.md
-
edge-20.6.2b5eec3f0 · ·
## edge-20.6.2 This edge release is our second release candidate for `stable-2.8`, including various fixes and improvements around multicluster support. * CLI * Fixed bad output in the `linkerd multicluster gateways` command * Improved the error returned when running the CLI with no KUBECONFIG path set (thanks @Matei207!) * Controller * Fixed issue where mirror service wasn't created when paired to a gateway whose external IP wasn't yet provided * Fixed issue where updating the gateway identity annotation wasn't propagated back into the mirror gateway endpoints object * Fixed issue where updating the gateway ports wasn't reflected in the gateway mirror service * Increased the log level for some of the service mirror events * Changed the nginx gateway config so that it runs as non-root and denies all requests to locations other than the probe path * Web UI * Fixed multicluster Grafana dashboard * Internal * Added flag in integration tests to dump fixture diffs into a separate directory (thanks @cypherfox!)
-
edge-20.6.12a3e05f0 · ·
This edge release is a release candidate for `stable-2.8`! It introduces several improvements and fixes for multicluster support. * CLI * Added multicluster daisy chain checks to `linkerd check` * Added list of successful gateways in multicluster checks section of `linkerd check` * Controller * Renamed `nginx-configuration` ConfigMap to `linkerd-gateway-config` (please manually remove the former if upgrading from an earlier multicluster install, thanks @mayankshah1607!) * Renamed multicluster gateway ports to `mc-gateway` and `mc-probe` * Fixed Service Profiles routes for `linkerd-prometheus` * Internal * Fixed shellcheck errors in all `bin/` scripts (thanks @joakimr-axis!) * Helm * Added support for `linkerd mc allow` * Added ability to disable secret rescources for self-signed certs (thanks @cypherfox!) * Proxy * Modified the `linkerd-gateway` component to use the inbound proxy, rather than nginx, for gateway; this allows Linkerd to detect loops and propogate identity