-
edge-23.5.366a459f1 · ·
## edge-23.5.3 This edge release includes fixes for several bugs related to HTTPRoute handling. * Fixed an issue where the `namespace` field on HTTPRoute `backendRef`s was ignored, and the backend Service would always be assumed to be in the namespace as the parent Service * Fixed an issue where default authorizations generated for readiness and liveness probes would fail if the probe path included URI query parameters * Fixed the proxy not using gRPC response classification for gRPC requests to destinations without ServiceProfiles
-
edge-23.5.2d94ca5a6 · ·
## edge-23.5.2 This edge release adds some minor improvements in the MeshTLSAuthentication CRD and the extensions charts, and fixes an issue with `linkerd multicluster check`. * Added tolerations and nodeSelector support in extensions `namespace-metadata` Jobs (thanks @pssalman!) * Patched the MeshTLSAuthentication CRD to force providing at least one identity/identityRef * Fixed the `linkerd multicluster check` command failing in the presence of lots of mirrored services
-
edge-23.5.11540120d · ·
This edge release introduces the ability to configure the proxy's discovery cache timeouts via annotations. While most users will not need to do this, it can be useful to improve the mesh's resilience to control plane failures. This release also includes a number of other important improvements and bug fixes. * Added -o json flag for the `linkerd multicluster gateways` command (thanks @hiteshwani29) * Added missing label `linkerd.io/extension` to certain resources to ensure they pruned when appropriate (thanks @ClementRepo) * Fixed a memory leak in the service mirror controller * Improved validation of the `--to` and `--from` flags for the `linkerd viz stat` command (thanks @pranoyk) * Fixed an issue with W3C trace context propagation which caused proxy spans to be siblings rather than children of their original parent (thanks @whiskeysierra) * Updated the Linkerd CNI plugin base docker image from Debian to Alpine * Fixed an issue where specifying a `remote_write` config would cause the Prometheus config to be invalid (thanks @hiteshwani29) * Added the ability to configure the proxy's discovery cache timeouts with the `config.linkerd.io/proxy-outbound-discovery-cache-unused-timeout` and `config.linkerd.io/proxy-inbound-discovery-cache-unused-timeout` annotations * Fixed the `linkerd viz check` command so that it will wait until the viz extension becomes ready * Fixed an issue where meshed pods could not communicate with themselves through a ClusterIP Service
-
stable-2.13.3216047a7 · ·
This stable release improves compatibility with ArgoCD by changing the Linkerd control plane to create Lease resources at runtime rather than including them in the Helm chart. It also addresses a CVE by upgrading an underlying dependency. * Upgraded the policy controller's `h2` dependency to address CVE-2023-26964 * Fixed an issue where the `server_port_subscribers` metric exposed by the Destination controller was sometimes absent * Removed the `policy-controller-write` Lease from the control plane Helm chart in favor of creating it at runtime * Updated the proxy-injector to pass opaque port lists to the proxy as ranges rather than individually, greatly reducing the size of proxy manifests when large opaque port ranges are set * Fixed an issue where the proxy was performing protocol detection on ports marked as opaque * Improved backwards compatibility between 2.13 proxies and 2.12 control planes -----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgt3Ta+V2SVnHriElBV8n9haD2oa hx/mHQJEDfFNKClWoAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQIh41vJ6w7OCC7vbQ9YZRlDA/fkD1b9WfzPsgcwJvSJQM88FR29UbqFuko8j7Im1Gn LZjJVz0wOhlrpOg1CLVA4= -----END SSH SIGNATURE-----
-
edge-23.4.3b106d3ba · ·
This edge release improves compatibility with ArgoCD by changing the Linkerd control plane to create Lease resources at runtime rather than including them in the Helm chart. It also addresses a CVE by upgrading an underlying dependency. * Upgraded `h2` dependency to address CVE-2023-26964 * Fixed an issue where `server_port_subscribers` metric in the Destination controller was sometimes absent * Removed the policy-controller-write Lease from the control plane Helm chart in favor of creating it at runtime * Updated the proxy-injector to pass opaque port lists to the proxy as ranges rather than individually, greatly reducing the size of proxy manifests when large opaque port ranges are set * Fixed an issue where the proxy was performing protocol detection on ports marked as opaque * Improved backwards compatibility between 2.13 proxies and 2.12 control planes
-
stable-2.13.2381b3756 · ·
## stable-2.13.2 This stable release fixes an incompatibility issue with the AWS CNI addon in EKS that was forbidding pods to acquire networking after scaling up nodes (thanks @frimik!). It also includes security updates for dependencies. * CNI * Fixed incompatibility issue with AWS CNI addon in EKS, that was forbidding pods to acquire networking after scaling up nodes. (thanks @frimik!) * CLI * Added a missing label to the HttpRoute CRD so that to ensure it can be removed by the `linkerd uninstall` command * Proxy * Updated the dependency on h2 to fix a potential crash in the HTTP/2 implementation. * Changed the proxy's default log level to silence warnings from `trust_dns_proto` that are generally spurious * Extensions * Bumped Prometheus image to v2.43.0 * Fixed Jaeger Helm chart installation failure (CLI was unaffected).
-
stable-2.12.51b04e039 · ·
## stable-2.12.5 This stable release fixes an incompatibility issue with the AWS CNI addon in EKS that was forbidding pods to acquire networking after scaling up nodes (thanks @frimik!). It also includes security updates for dependencies. * Detached the linkerd-cni plugin's version from linkerd's and bumped to v1.1.1 to fix incompatibility with EKS' AWS CNI addon * Bumped the memory limit for the no-op init container to 25Mi to address issues on OKE environments * Updated `h2` dependency in the policy controller to include a patch for a theoretical denial-of-service vulnerability discovered in CVE-2023-26964 * Updated `openssl` dependency in the policy controller, addressing RUSTSEC-2023-0022, RUSTSEC-2023-0023 and RUSTSEC-2023-0024
-
edge-23.4.27963acb5 · ·
## edge-23.4.2 This edge release contains a number of bug fixes. * CLI * Fixed `linkerd uninstall` issue for HttpRoute * The `linkerd diagnostics policy` command now displays outbound policy when the target resource is a Service * CNI * Fixed incompatibility issue with AWS CNI addon in EKS, that was forbidding pods to acquire networking after scaling up nodes. (thanks @frimik!) * Added --set flag to install-cni plugin (thanks @amit-62!) * Control Plane * Fixed an issue where the policy controller always used the default `cluster.local` domain * Send Opaque protocol hint for opaque ports in destination controller * Helm * Fixed an issue in the viz Helm chart where the namespace metadata template would throw `unexpected argument found` errors * Fixed Jaeger chart installation failure * Multicluster * Remove namespace field from cluster scoped resources to fix pruning * Proxy * Updated `h2` dependency to include a patch for a theoretical denial-of-service vulnerability discovered in CVE-2023-26964 * Handle Opaque protocol hints on endpoints * Changed the proxy's default log level to silence warnings from `trust_dns_proto` that are generally spurious. * Added `outbound_http_balancer_endpoints` metric * Fixed missing route_ metrics for requests with ServiceProfiles * Viz * Bump prometheus image to v2.43.0 * Add the `kubelet` NetworkAuthentication back since it is used by the `linkerd viz allow-scrapes` subcommand.
-
stable-2.13.159a40f58 · ·
This stable release fixes an issue in the policy controller where a non-default cluster domain would return incorrect authorities in the outbound policy API. Additionally, this release updates a proxy dependency to fix CVE-2023-2694. * Proxy * Updated `h2` dependency to include a patch for a theoretical denial-of-service vulnerability discovered in CVE-2023-26964 * Control Plane * Fixed an issue where the policy controller always used the default `cluster.local` domain * Helm * Fixed an issue in the viz Helm chart where the namespace metadata template would throw `unexpected argument found` errors
-
stable-2.13.0775dc9fb · ·
## stable-2.13.0 This release introduces client-side policy to Linkerd, including dynamic routing and circuit breaking. [Gateway API](https://gateway-api.sigs.k8s.io/) HTTPRoutes can now be used to configure policy for outbound (client) proxies as well as inbound (server) proxies, by creating HTTPRoutes with Service resources as their `parentRef`. See the Linkerd documentation for tutorials on [dynamic request routing] and [circuit breaking]. New functionality for debugging HTTPRoute-based policy is also included in this release, including [new proxy metrics] and the ability to display outbound policies in the `linkerd diagnostics policy` CLI command. In addition, this release adds `network-validator`, a new init container to be used when CNI is enabled. `network-validator` ensures that local iptables rules are working as expected. It will validate this before linkerd-proxy starts. `network-validator` replaces the `noop` container, runs as `nobody`, and drops all capabilities before starting. Finally, this release includes a number of bugfixes, performance improvements, and other smaller additions. **Upgrade notes**: Please see the [upgrade instructions][upgrade-2130]. * CRDs * HTTPRoutes may now have Service parents, to configure outbound policy * Updated HTTPRoute version from `v1alpha1` to `v1beta2` * CLI * Added a new `linkerd prune` command to the CLI (including most extensions) to remove resources which are no longer part of Linkerd's manifests * Added additional shortnames for Linkerd policy resources (thanks @javaducky!) * The `linkerd diagnostics policy` command now displays outbound policy when the target resource is a Service * Control Plane * The policy controller now discovers outbound policy configurations from HTTPRoutes that target Services. * Added OutboundPolicies API, for use by `linkerd-proxy` to route outbound traffic * Added Prometheus `/metrics` endpoint to the admin server, with process metrics * Fixed QueryParamMatch parsing for HTTPRoutes * Added the policy status controller which writes the `status` field to HTTPRoutes when a parent reference Server accepts or rejects it * Added KubeAPI server ports to `ignoreOutboundPorts` of `proxy-injector` * No longer apply `waitBeforeExitSeconds` to control plane, viz and jaeger extension pods * Added support for the `internalTrafficPolicy` of a service (thanks @yc185050!) * Added block chomping to strip trailing new lines in ConfigMap (thanks @avdicl!) * Added protection against nil dereference in resources helm template * Added support for Pod Security Admission (Pod Security Policy resources are still supported but disabled by default) * Lowered non-actionable error messages in the Destination log to debug-level entries to avoid triggering false alarms (thanks @siddharthshubhampal!) * Fixed an issue with EndpointSlice endpoint reconciliation on slice deletion; when using more than one slice, a `NoEndpoints` event would be sent to the proxy regardless of the amount of endpoints that were still available (thanks @utay!) * Improved diagnostic log messages * Fixed sending of spurious profile updates * Removed unnecessary Namespaces access from the destination controller RBAC * Added the server_port_subscribers metric to track the number of subscribers to Server changes associated with a pod's port * Added the service_subscribers metric to track the number of subscribers to Service changes * Fixed a small memory leak in the opaque ports watcher * Proxy * Use the new OutboundPolicies API, supporting Gateway API-style routes in the outbound proxy * Added support for dynamic request routing based on HTTPRoutes * Added HTTP circuit breaking * Added `outbound_route_backend_http_requests_total`, `outbound_route_backend_grpc_requests_total`, and `outbound_http_balancer_endpoints` metrics * Changed the proxy's behavior when traffic splitting so that only services that are not in failfast are used. This will enable the proxy to manage failover without external coordination * Updated tokio (async runtime) in the proxy which should reduce CPU usage, especially for proxy's pod local (i.e in the same network namespace) communication * linkerd-proxy-init * Changed `proxy-init` iptables rules to be idempotent upon init pod restart (thanks @jim-minter!) * Improved logging in `proxy-init` and `linkerd-cni` * Added a `proxyInit.privileged` setting to control whether the `proxy-init` initContainer runs as a privileged process * CNI * Added static and dynamic port overrides for CNI eBPF to work with socket-level load balancing * Added `network-validator` init container to ensure that iptables rules are working as expected * Added a `resources` field in the linkerd-cni chart (thanks @jcogilvie!) * Viz * Added `tap.ignoredHeaders` Helm value to the linkerd-viz chart. This value allows users to specify a comma-separated list of header names which will be ignored by Linkerd Tap (thanks @ryanhristovski!) * Removed duplicate SecurityContext in Prometheus manifest * Added new flag `--viz-namespace` which avoids requiring permissions for listing all namespaces in `linkerd viz` subcommands (thanks @danibaeyens!) * Removed the TrafficSplit page from the Linkerd viz dashboard (thanks @h-dav!) * Introduced new values in the `viz` chart to allow for arbitrary annotations on the `Service` objects (thanks @sgrzemski!) * Added an optional AuthorizationPolicy to authorize Grafana to Prometheus in the Viz extension * Multicluster * Removed duplicate AuthorizationPolicy for probes from the multicluster gateway Helm chart * Updated wording for linkerd-multicluster cluster when it fails to probe a remote gateway mirror * Added multicluster gateway `nodeSelector` and `tolerations` helm parameters * Added new configuration options for the multicluster gateway: * `gateway.deploymentAnnotations` * `gateway.terminationGracePeriodSeconds` (thanks @bunnybilou!) * `gateway.loadBalancerSourceRanges` (thanks @Tyrion85!) * Extensions * Removed dependency on the `curlimages/curl` 3rd-party image used to initialize extensions namespaces metadata (so they are visible by `linkerd check`), replaced by the new `extension-init` image * Converted `ServerAuthorization` resources to `AuthorizationPolicy` resources in Linkerd extensions * Removed policy resources bound to admin servers in extensions (previously these resources were used to authorize probes but now are authorized by default) * Fixed the link to the Jaeger dashboard the in viz dashboard (thanks @eugenegoncharuk!) * Updated linkerd-jaeger's collector to expose port 4318 in order support HTTP alongside gRPC (thanks @uralsemih!) * Among other dependency updates, the no-longer maintained ghodss/yaml library was replaced with sigs.k8s.io/yaml (thanks @Juneezee!) This release includes changes from a massive list of contributors! A special thank-you to everyone who helped make this release possible: * Andrew Pinkham [@jambonrose](https://github.com/jambonrose) * Arnaud Beun [@bunnybilou](https://github.com/bunnybilou) * Carlos Tadeu Panato Junior [@cpanato](https://github.com/cpanato) * Christian Segundo [@someone-stole-my-name](https://github.com/someone-stole-my-name) * Dani Baeyens [@danibaeyens](https://github.com/danibaeyens) * Duc Tran [@ductnn](https://github.com/ductnn) * Eng Zer Jun [@Juneezee](https://github.com/Juneezee) * Ivan Ivic [@Tyrion85](https://github.com/Tyrion85) * Joe Bowbeer [@joebowbeer](https://github.com/joebowbeer) * Jonathan Ogilvie [@jcogilvie](https://github.com/jcogilvie) * Jun [@junnplus](https://github.com/junnplus) * Loong Dai [@daixiang0](https://github.com/daixiang0) * María Teresa Rojas [@mtrojas](https://github.com/mtrojas) * Mo Sattler [@MoSattler](https://github.com/MoSattler) * Oleg Vorobev [@olegy2008](https://github.com/olegy2008) * Paul Balogh [@javaducky](https://github.com/javaducky) * Peter Smit [@psmit](https://github.com/psmit) * Ryan Hristovski [@ryanhristovski](https://github.com/ryanhristovski) * Semih Ural [@uralsemih](https://github.com/uralsemih) * Shubhodeep Mukherjee [@shubhodeep9](https://github.com/shubhodeep9) * Siddharth S Pal [@siddharthshubhampal](https://github.com/siddharthshubhampal) * Subhash Choudhary [@subhashchy](https://github.com/subhashchy) * Szymon Grzemski [@sgrzemski](https://github.com/sgrzemski) * Takumi Sue [@mikutas](https://github.com/mikutas) * Yannick Utard [@utay](https://github.com/utay) * Yu Cao [@yc185050](https://github.com/yc185050) * anoxape [@anoxape](https://github.com/anoxape) * bastienbosser [@bastienbosser](https://github.com/bastienbosser) * bitfactory-sem-denbroeder [@bitfactory-sem-denbroeder](https://github.com/bitfactory-sem-denbroeder) * cui fliter [@cuishuang](https://github.com/cuishuang) * eugenegoncharuk [@eugenegoncharuk](https://github.com/eugenegoncharuk) * h-dav @[h-dav](https://github.com/h-dav) * martinkubrak [@martinkubra](https://github.com/martinkubra) * verbotenj [@verbotenj](https://github.com/verbotenj) * ziollek [@ziollek](https://github.com/ziollek) [dynamic request routing]: https://linkerd.io/2.13/tasks/configuring-dynamic-request-routing [circuit breaking]: https://linkerd.io/2.13/tasks/circuit-breaking [new proxy metrics]: https://linkerd.io/2.13/reference/proxy-metrics/#outbound-xroute-metrics [upgrade-2130]: https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2130
-
edge-23.4.16e28aefc · ·
## edge-23.4.1 This is a release candidate for stable-2.13.0 — we encourage you to help try it out! This edge release introduces request-level HTTP circuit-breaking using a consecutive failures failure accrual policy. Circuit breaking can be configured by adding failure accrual annotations to a Service. In addition, this release adds new `outbound_route_backend_http_requests_total` and `outbound_route_backend_grpc_requests_total` proxy metrics, which can be used to track how routing rules and backend distributions apply to requests. These metrics contain labels describing the route's parent (i.e. a Service), the route resource being used, and the backend resource being used by each request. * Proxy * Added discovery of failure accrual policies from the OutboundPolicy API * Implemented consecutive failures failure accrual policy * Added INFO-level logging on failure accrual changes * Added `outbound_route_backend_http_requests_total` and `outbound_route_backend_grpc_requests_total` metrics * Policy Controller * Added failure accrual configuration to the OutboundPolicy API * Added Prometheus `/metrics` endpoint to the admin server, with process metrics * Changed the policy controller to only accept HTTPRoutes when the parentRef is a ClusterIP Service * Added ports to service references in the OutboundPolicy API * Viz * Added `tap.ignoredHeaders` Helm value to the linkerd-viz chart. This value allows users to specify a comma-separated list of header names which will be ignored by Linkerd Tap (thanks @ryanhristovski!) * Removed duplicate SecurityContext in Prometheus manifest * Multicluster * Removed duplicate AuthorizationPolicy for probes from the multicluster gateway Helm chart
-
edge-23.3.4cce639ab · ·
## edge-23.3.4 This edge release further enhances the OutboundPolicies API used by the proxy to route outbound traffic, and continues extending the HTTPRoute resource's Status field. It also starts integrating circuit-breaking functionality into the proxy, which will be configurable in a subsequent iteration. * Continued iterating on the HTTPRoute's Status field, by extending support for routes parented to Services, and adding a ResolvedRefs condition reflecting the status of BackendRefs * Updated the OutboundPolicies API such that only HTTPRoutes with an Accepted status of `true` are considered when routing outbound requests * Improved handling of invalid backends, allowing the configuration of error responses * Added new flag `--viz-namespace` which avoids requiring permissions for listing all namespaces in `linkerd viz` subcommands (thanks @danibaeyens!) * Among other dependency updates, the no-longer maintained ghodss/yaml library was replaced with sigs.k8s.io/yaml (thanks @Juneezee!)
-
edge-23.3.376d59ba9 · ·
This edge release removes TrafficSplits from the Linkerd dashboard as well as fixing a number of issues in the policy controller. * Removed the TrafficSplit page from the Linkerd viz dashboard * Fixed an issue where the policy controller was not returning the correct status for non-Service authorities * Fixed an issue where the policy controller could use large amounts of CPU when lease API calls failed
-
edge-23.3.28c9f45ac · ·
This edge release continues to improve dynamic Policy statuses and introduces support for header-based routing. * Destination Controller * Added OutboundPolicies API, for use by `linkerd-proxy` to route outbound traffic * Improved diagnostic log messages * Fixed sending of spurious profile updates * Proxy * Use the new OutboundPolicies API, supporting Gateway API-style routes in the outbound proxy * Policy Controller * Support highly available Policy Controller by utilizing `policy-controller-write` Lease when patching HTTPRoutes * Consider the `status` field and filter out HTTPRoutes which have not been accepted * Added KubeAPI server ports to `ignoreOutboundPorts` of `proxy-injector` * Updated HTTPRoute version from `v1alpha1` to `v1beta2` * Updated `network-validator` helm charts to use `proxy-init` resources * Fixed Grafana regular expression, enabling monitoring of filesystem usage (thanks @h-dav!)
-
edge-23.3.19a3d9225 · ·
## edge-23.3.1 This edge release continues to build support under the hood for the upcoming features in 2.13. Also included are several dependency updates and less verbose logging. * Removed dependency on the `curlimages/curl` 3rd-party image used to initialize extensions namespaces metadata (so they are visible by `linkerd check`), replaced by the new `extension-init` image * Lowered non-actionable error messages in the Destination log to debug-level entries to avoid triggering false alarms (thanks @siddharthshubhampal!)
-
edge-23.2.334cfa674 · ·
This edge release includes a number of fixes and introduces a new CLI command, `linkerd prune`. The new `prune` command should be used to remove resources which are no longer part of the Linkerd manifest when doing an upgrade. Previously, the recommendation was to use `linkerd upgrade` in conjunction with `kubectl apply --prune`, however, that will not remove resources which are not part of the input manifest, and it will not detect cluster scoped resources, `linkerd prune` (included in all core extensions) should be preferred over it. Additionally, this change contains a few fixes from our external contributors, and a change to the `viz` Helm chart which allows for arbitrary annotations on `Service` objects. Last but not least, the release contains a few proxy internal changes to prepare for the new client policy API. * Added a new `linkerd prune` command to the CLI (including extensions) to remove resources which are no longer part of Linkerd's manifests * Introduced new values in the `viz` chart to allow for arbitrary annotations on the `Service` objects (thanks @sgrzemski!) * Fixed up a comment in k8s API wrapper (thanks @ductnn!) * Fixed an issue with EndpointSlice endpoint reconciliation on slice deletion; when using more than one slice, a `NoEndpoints` event would be sent to the proxy regardless of the amount of endpoints that were still available (thanks @utay!)
-
edge-23.2.211ec6a1c · ·
This edge release adds the policy status controller which writes the `status` field to HTTPRoutes when a parent reference Server accepts or rejects the HTTPRoute. This field is currently not consumed by the policy controller, but acts as the first step for considering HTTPRoute `status` when serving policy. Additionally, the destination controller now uses the Kubernetes metadata API for resources which it only needs to track the metadata for — Nodes and ReplicaSets. For all other resources it tracks, it uses additional information so continues to use the API as before. * Fixed error message to include the colliding Server in the policy controller's admission webhook validation * Updated wording for linkerd-multicluster cluster when it fails to probe a remote gateway mirror * Removed unnecessary Namespaces access from the destination controller RBAC * Added Kubernetes metadata API in the destination controller for watching Nodes and ReplicaSets * Fixed QueryParamMatch parsing for HTTPRoutes * Added the policy status controller which writes the `status` field to HTTPRoutes when a parent reference Server accepts or rejects it
-
edge-23.2.13f0d248b · ·
This edge release sees the `linkerd-cni` plugin moved to `linkerd2-proxy-init` and released from that repository. An iptables improvement to `linkerd-cni` and `proxy-init` is the main focus. Other minor fixes are also included. * Changed `proxy-init` iptables rules to be idempotent upon init pod restart (thanks @jim-minter!) * Improved logging in `proxy-init` and `linkerd-cni` * Added the server_port_subscribers metric to track the number of subscribers to Server changes associated with a pod's port * Added the service_subscribers metric to track the number of subscribers to Service changes * Fixed a small memory leak in the opaque ports watcher * No longer apply `waitBeforeExitSeconds` to control plane, viz and jaeger extension pods * Added support for the `internalTrafficPolicy` of a service (thanks @yc185050!) * Added `limits` and `requests` to network-validator for ResourceQuota interop * Added block chomping to strip trailing new lines in ConfigMap (thanks @avdicl!) * Added multicluster gateway `nodeSelector` and `tolerations` helm parameters * Added protection against nil dereference in resources helm template
-
stable-2.12.4ec4bb714 · ·
## stable-2.12.4 This stable release fixes a memory leak in the Destination controller, and also includes other bug fixes for the Linkerd control plane, CLI, and extensions. * CLI * Fixed an issue in the CLI where `--identity-external-ca` would set an incorrect field (thanks @anoxape!) * Control Plane * Fixed an issue in the destination controller's cache that could result in stale endpoints when using EndpointSlice objects * Fixed control plane components failing liveness probes while waiting for caches to sync, which could prevent the control plane from starting in large clusters * Fixed a memory leak in the Destination controller * linkerd-proxy-init * Added resource limits for `noop` init container, to support environments where resource quotas are required * Helm * Added namespace to namespace-metadata resources in Helm (thanks @joebowbeer!) * Fixed potential nil pointer dereference errors in template evaluation * Extensions * Fixed an issue where `linkerd viz tap` would display wrong latency/duration value (thanks @olegy2008!)
-
edge-23.1.2032845c8 · ·
This edge release fixes a memory leak in the Linkerd control plane that could occur when many many pods were created. It also adds a number of new configuration options Multicluster extension's gateway. * Added additional shortnames for Linkerd policy resources (thanks @javaducky!) * Added new configuration options for the multicluster gateway: * `gateway.deploymentAnnotations` * `gateway.terminationGracePeriodSeconds` (thanks @bunnybilou!) * `gateway.loadBalancerSourceRanges` (thanks @Tyrion85!) * Added an optional AuthorizationPolicy to authorize Grafana to Prometheus in the Viz extension * Fixed the link to the Jaeger dashboard the in viz dashboard (thanks @eugenegoncharuk!) * Fixed an issue where control plane components could fail to start on large clusters because of failing readiness probes while caches were being initialized * Fixed a memory leak in the Destination controller * Fixed an issue where PodSecurityPolicies could reject Linkerd control plane components due to the `seccompProfile`