Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by scottcarol about 5 years ago
This edge release is a release candidate for stable-2.6
.
linkerd edges
and linkerd endpoints
Published by scottcarol about 5 years ago
This edge release is a release candidate for stable-2.6
.
linkerd tap
Published by kleimkuhler about 5 years ago
This edge release introduces experimental support for distributed tracing as
well as a redesigned sidebar in the Web UI!
Experimental support for distributed tracing means that Linkerd data plane
proxies can now emit trace spans, allowing you to see the exact amount of time
spent in the Linkerd proxy for traced requests. The new
config.linkerd.io/trace-collector
and
config.alpha.linkerd.io/trace-collector-service-account
tracing annotations
allow specifying which pods should emit trace spans.
The goal of the dashboard's sidebar redesign was to reduce load on Prometheus
and simplify navigation by providing top-level views centered around namespaces
and workloads.
--cluster-domain
flag to the linkerd install
commandlinkerd endpoints
command to use the correct Destination API--disable-heartbeat
flag for linkerd
install|upgrade
commandsconfig.linkerd.io/admission-webhooks: disabled
label onconfig.linkerd.io/trace-collector
andconfig.alpha.linkerd.io/trace-collector-service-account
pod specPublished by alpeb about 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.5.0.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
json
output option to the linkerd tap
commandcadvisor
metrics,Published by olix0r about 5 years ago
Much of our effort has been focused on improving our build and test
infrastructure, but this edge release lays the groundwork for some big
new features to land in the coming releases!
helm repo add linkerd-edge https://helm.linkerd.io/edge && helm install linkerd-edge/linkerd2
Published by adleong about 5 years ago
This edge release adds traffic splits into the Linkerd dashboard as well as a
variety of other improvements.
--address
flag to linkerd dashboard
(thanks @bmcstdio!)Published by hawkw about 5 years ago
LINKERD2_PROXY_DESTINATION_SVC_ADDR
Published by cpretzer about 5 years ago
A new Grafana dashboard has been added which shows historical data for a
selected namespace. The build process for controller components now requires
Go 1.12.9
. Additional contributions were made towards support for custom
cluster domains.
Linkerd Namespace
Grafana dashboard, allowing users to viewlinkerd stat deploy -n myNs
(thanks @bourquep!)1.12.9
for controller builds to includeLINKERD2_PROXY_DESTINATION_GET_SUFFIXES
proxy environment variable,Published by siggy about 5 years ago
This release adds Helm support, tap authentication and authorization via RBAC,
traffic split stats, dynamic logging levels, a new cluster monitoring dashboard,
and countless performance enhancements and bug fixes.
For more details, see the announcement blog post:
https://linkerd.io/2019/08/20/announcing-linkerd-2.5/
To install this release, run: curl https://run.linkerd.io/install | sh
Upgrade notes: Use the linkerd upgrade
command to upgrade the control
plane. This command ensures that all existing control plane's configuration and
mTLS secrets are retained. For more details, please see the upgrade
instructions.
Special thanks to: @alenkacz, @codeman9, @ethan-daocloud, @jonathanbeber,
and @Pothulapati!
Full release notes:
linkerd tap
, linkerd top
and linkerd profile --tap
totap.linkerd.io
RBAC privileges. See https://linkerd.io/tap-rbaclinkerd stat trafficsplits
linkerd routes
command traffic split awarelinkerd --as
flag which allows users to impersonate another--all-namespaces
(-A
) option to the linkerd get
,linkerd edges
and linkerd stat
commands to retrieve resources acrosslinkerd check
commandlinkerd upgrade config
command that was causing it to--use-wait-flag
to the linkerd install-cni
command, to-w
flag for iptables
commands--restrict-dashboard-privileges
flag to linkerd install
linkerd uninject
not removing linkerd.io/inject: enabled
linkerd stat -h
example commands (thanks @ethan-daocloud!)linkerd stat
when resources share thelinkerd stat
command (thankslinkerd edges
command output and a new-o wide
flag that shows the identity of the client and server if knownlinkerd check
command to validate the user haslinkerd check --pre
command validating that ifl5d-require-id
header is now set on tap requests so that a connectionkube-system
namespace to provideTargetRef
InvalidArgument
for externalroot
in the CNI mode (thanks @codeman9!)/proxy-log-level
endpoint to update the log level atrequest_handle_us
histogram to measure proxy overheadlinkerd-web
Published by siggy about 5 years ago
This edge release is a release candidate for stable-2.5
.
Published by siggy about 5 years ago
This edge release is a release candidate for stable-2.5
.
--use-wait-flag
to the linkerd install-cni
command, to-w
flag for iptables
commandsPublished by siggy about 5 years ago
This edge release introduces a new linkerd stat trafficsplits
subcommand, to
show traffic split metrics. It also introduces a "Kubernetes cluster monitoring"
Grafana dashboard.
linkerd stat trafficsplits
subcommandlinkerd uninject
not removing linkerd.io/inject: enabled
linkerd stat -h
example commands (thanks @ethan-daocloud!)request_handle_us
histogram to measure proxy overheadlinkerd install
and linkerd upgrade
to use Helm charts forv2.14.3
linkerd-heartbeat
requestsPublished by scottcarol about 5 years ago
This edge release introduces the new Linkerd control plane Helm chart, named
linkerd2
. Helm users can now install and remove the Linkerd control plane by
using the helm install
and helm delete
commands. Proxy injection also now
uses Helm charts.
No changes were made to the existing linkerd install
behavior.
For detailed installation steps using Helm, see the notes for PR
#3146.
linkerd top
and linkerd profile --tap
to requiretap.linkerd.io
RBAC privileges, see https://linkerd.io/tap-rbac for moretap.linkerd.io
APIService to enable usage in kubectl auth can-i
--restrict-dashboard-privileges
flag to linkerd install
linkerd-linkerd-tap-admin
, which giveslinkerd-linkerd-web-admin
, which binds the linkerd-web
service accountlinkerd-heartbeat
jobs from pod listing inget po
output (thankslinkerd-web
Published by kleimkuhler about 5 years ago
Significant Update
This edge release introduces a new tap APIService. The Kubernetes apiserver
authenticates the requesting tap user and then forwards tap requests to the new
tap APIServer. The linkerd tap
command now makes requests against the
APIService.
With this release, users must be authorized via RBAC to use the linkerd tap
command. Specifically linkerd tap
requires the watch
verb on all resources
in the tap.linkerd.io/v1alpha1
APIGroup. More granular access is also
available via sub-resources such as deployments/tap
and pods/tap
.
Note: There is a known RBAC issue with linkerd tap
on GKE clusters, being
tracked at #3191. The following command works around this by giving your user
cluster-admin permissions:
kubectl create clusterrolebinding \
$(whoami)-cluster-admin \
--clusterrole=cluster-admin \
--user=$(gcloud config get-value account)
More details at: https://linkerd.io/tap-rbac
linkerd check
command to validate the user haslinkerd --as
flag which allows users to impersonate anotherlinkerd tap
command now makes requests against the tap APIServiceTargetRef
InvalidArgument
for externall5d-require-id
header is now set on tap requests so that a connectionAPIService/v1alpha1.tap.linkerd.io
global resourceClusterRoleBinding/linkerd-linkerd-tap-auth-delegator
Secret/linkerd-tap-tls
resource into the linkerd
RoleBinding/linkerd-linkerd-tap-auth-reader
resource intokube-system
namespaceLINKERD2_PROXY_TAP_SVC_NAME
environment variable so that the tapdep
with Go modules for dependency managementPublished by ihcsim about 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.4.0.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
linkerd check
command--all-namespaces
(-A
) option to the linkerd get
,linkerd edges
and linkerd stat
commands to retrieve resources acrossroot
in the CNI mode (thanks @codeman9!)l5d-require-id
header to enforce TLS outboundPublished by alpeb over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.4.0.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
linkerd routes
command traffic-split awarelinkerd upgrade config
command that was causing it to crashlinkerd stat
command (thankslinkerd stat
when resources share thelinkerd edges
command output and a new-o wide
flag that shows the identity of the client and server if knownlinkerd check --pre
command validating that if/proxy-log-level
endpoint to update the log level at runtimePublished by kleimkuhler over 5 years ago
This release adds traffic splitting functionality, support for the Kubernetes
Service Mesh Interface (SMI), graduates high-availability support out of
experimental status, and adds a tremendous list of other improvements,
performance enhancements, and bug fixes.
Linkerd's new traffic splitting feature allows users to dynamically control the
percentage of traffic destined for a service. This powerful feature can be used
to implement rollout strategies like canary releases and blue-green deploys.
Support for the Service Mesh Interface (SMI) makes it
easier for ecosystem tools to work across all service mesh implementations.
Along with the introduction of optional install stages via the linkerd install config
and linkerd install control-plane
commands, the default behavior of
the linkerd inject
command only adds annotations and defers injection to the
always-installed proxy injector component.
Finally, there have been many performance and usability improvements to the
proxy and UI, as well as production-ready features including:
linkerd edges
command that provides fine-grained observability into--enable-debug-sidecar
flag for the linkerd inject
command that improvesLinkerd recently passed a CNCF-sponsored security audit! Check out the in-depth
report here.
To install this release, run: curl https://run.linkerd.io/install | sh
Upgrade notes: Use the linkerd upgrade
command to upgrade the control
plane. This command ensures that all existing control plane's configuration and
mTLS secrets are retained. For more details, please see the upgrade
instructions for more details.
Special thanks to: @alenkacz, @codeman9, @dwj300, @jackprice, @liquidslr
@matej-g, @Pothulapati, @zaharidichev,
Full release notes:
--proxy-auto-inject
flag, as the proxy--linkerd-version
flag with the--proxy-version
flag in the linkerd install
and linkerd upgrade
linkerd install config
and linkerd install control-plane
linkerd upgrade config
and linkerd upgrade control-plane
--from-manifests
flag to linkerd upgrade
allowinglinkerd install
into the--manual
flag to linkerd inject
to output the proxy--enable-debug-sidecar
flag to linkerd inject
, thatlinkerd check
when running without a TTYlinkerd check config
command for verifying that linkerd install config
was successfullinkerd install
to clarify flag usagelinkerd check
and linkerd dashboard
failing when any control planelinkerd edges
command that shows the source and--disable-tap
flag, or by using the config.linkerd.io/disable-tap
linkerd edges
command so that output is--ha
, running linkerd upgrade
without --ha
will disable the high availability control planelinkerd upgrade
where running without --ha
would--init-image-version
flag to linkerd inject
to override the--linkerd-cni-enabled
flag to the install
subcommands so thatNET_ADMIN
capability is omitted from the CNI-enabled control plane's PSPlinkerd check
to validate the caller can createPodSecurityPolicy
resourceslinkerd install
to prevent installing multiple controllinkerd inject
(thankslinkerd check
output for controllinkerd endpoints
to use the same interface as used by thelinkerd inject
would fail when given a path to a filelinkerd install
to provide instructions forconfig.linkerd.io/disable-identity
annotation toResourceQuota
exists by adding a defaultErrGroupDiscoveryFailed
config.linkerd.io/enable-debug-sidecar
annotation allowing the--enable-debug-sidecar
flag to work when auto-injecting Linkerd proxiesproxy-injector
and sp-validator
Fail
in order to account forUPDATE
operation from proxy-injector webhook because pod mutationssideEffects
None
to indicate that the webhooks have no side effects onlinkerd.io/control-plane-ns
label to all Linkerd resourcesl5d-override-dst
header is now used for inbound service profileresponse_total
metricsNET_RAW
capability to the proxy-init container to be compatiblePodSecurityPolicy
s that use drop: all
:authority
linkerd upgrade
in order to testlinkerd/proxy-init
GitPublished by kleimkuhler over 5 years ago
linkerd install
to provide instructions forPublished by adleong over 5 years ago
linkerd endpoints
to use the same interface as used by thelinkerd inject
would fail when given a path to a filePublished by hawkw over 5 years ago
linkerd check
output for controlconfig.linkerd.io/debug
annotation toconfig.linkerd.io/enable-debug-sidecar
, to match the--enable-debug-sidecar
CLI flag that sets itlinkerd edges
that caused incorrect identities to belinkerd.io/control-plane-ns
label to the SMI Traffic Split CRD