Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by adleong over 5 years ago
This release adds support for the SMI Traffic Split
API. Creating a TrafficSplit resource will cause Linkerd to split traffic
between the specified backend services. Please see the spec
for more details.
install
to prevent installing multiple control planeslinkerd inject
(thanks--all-namespaces
flag to linkerd edges
Published by kleimkuhler over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.3.2.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
linkerd check
to validate the caller can createPodSecurityPolicy
resourcessideEffects
None
to indicate that the webhooks have no side effects onNET_RAW
capability to the proxy-init container to be compatiblePodSecurityPolicy
s that use drop: all
:authority
Published by kleimkuhler over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.3.2.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
--linkerd-cni-enabled
flag to the install
subcommands so thatNET_ADMIN
capability is omitted from the CNI-enabled control plane's PSPFail
in order to account forUPDATE
operation from proxy-injector webhook because podl5d-override-dst
header is now used for inbound service profileresponse_total
metricsPublished by hawkw over 5 years ago
--ha
, runninglinkerd upgrade
without --ha
will disable the high availability--init-image-version
flag to linkerd inject
to override theproxy-injector
and sp-validator
linkerd/proxy-init
GitPublished by hawkw over 5 years ago
This stable release fixes a memory leak in the proxy.
To install this release, run: curl https://run.linkerd.io/install | sh
Full release notes:
Published by scottcarol over 5 years ago
linkerd edges
command so that output is--enable-debug-sidecar
linkerd upgrade
to test upgrading fromPublished by dadjeibaah over 5 years ago
This stable release adds a number of proxy stability improvements.
To install this release, run: curl https://run.linkerd.io/install | sh
Special thanks to: @zaharidichev and @11Takanori!
Full release notes:
Published by rmars over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.3.0
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
linkerd edges
command that shows the source and--disable-tap
flag, or by using the config.linkerd.io/disable-tap
Published by hawkw over 5 years ago
linkerd check
and linkerd dashboard
failing when any control planeErrGroupDiscoveryFailed
Special thanks to @zaharidichev for adding end to end tests for proxies with
TLS!
Published by adleong over 5 years ago
linkerd check config
command for verifying thatlinkerd install config
was successfullinkerd install
to clarify flag usageResourceQuota
exists by adding a defaultPublished by alpeb over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.3.0.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
Significant Update
As of this edge release the proxy injector component is always installed.
To have the proxy injector inject a pod you still can manually add the
linkerd.io/inject: enable
annotation into the pod spec, or at the namespace
level to have all your pods be injected by default.
With this release the behavior of the linkerd inject
command changes, where
the proxy sidecar container YAML is no longer included in its output by
default, but instead it will just add the annotations to defer the injection to
the proxy injector.
For use cases that require the full injected YAML to be output, a new
--manual
flag has been added.
Another important update is the introduction of install stages. You still have
the old linkerd install
command, but now it can be broken into
linkerd install config
which installs the resources that require
cluster-level privileges, and linkerd install control-plane
that continues
with the resources that only require namespace-level privileges.
This also applies to the linkerd upgrade
command.
CLI
--proxy-auto-inject
flag, as the--linkerd-version
flag with the--proxy-version
flag in the linkerd install
and linkerd upgrade
linkerd install config
andlinkerd install control-plane
linkerd upgrade config
andlinkerd upgrade control-plane
--from-manifests
flag to linkerd upgrade
allowinglinkerd install
into the--manual
flag to linkerd inject
to output the proxy--enable-debug-sidecar
option to linkerd inject
, thatlinkerd check
when running without a TTYController
config.linkerd.io/disable-identity
annotation toWeb UI
Internal
Published by siggy over 5 years ago
This stable release introduces a new TLS-based service identity system into the
default Linkerd installation, replacing --tls=optional
and the linkerd-ca
controller. Now, proxies generate ephemeral private keys into a tmpfs directory
and dynamically refresh certificates, authenticated by Kubernetes ServiceAccount
tokens, and tied to ServiceAccounts as the identity primitive.
In this release, all meshed HTTP communication is private and authenticated by
default.
Among the many improvements to the web dashboard, we've added a Community page
to surface news and updates from linkerd.io.
For more details, see the announcement blog post:
https://linkerd.io/2019/04/16/announcing-linkerd-2.3/
To install this release, run: curl https://run.linkerd.io/install | sh
Upgrade notes: The linkerd-ca
controller has been removed in favor of the
linkerd-identity
controller. If you had previously installed Linkerd with
--tls=optional
, manually delete the linkerd-ca
deployment after upgrading.
Also, --single-namespace
mode is no longer supported. For full details on
upgrading to this release, please see the
upgrade instructions.
Special thanks to: @codeman9, @harsh-98, @huynq0911, @KatherineMelnyk,
@liquidslr, @paranoidaditya, @Pothulapati, @TwinProduction, and @yb172!
Full release notes:
upgrade
command! This allows an existing Linkerd controlinstall
or upgrade
linkerd metrics
command for fetching proxy metrics--linkerd-cni-enabled
flag has been removed frominject
command; CNI is configured at the cluster level with theinstall
command and no longer applies to the inject
command--disable-external-profiles
flag from theinstall
command; external profiles are now disabled by default and can be--enable-external-profiles
flag--api-port
flag from the inject
andinstall
commands, since there's no benefit to running the control plane's--tls=optional
flag from thelinkerd install
command, since TLS is now enabled by defaultinstall
to accept or generate an issuer Secret for the Identityinstall
to fail in the case of a conflict with an existing--ignore-cluster
flag--controller-log-level
--proxy-cpu-limit
and --proxy-memory-limit
for setting the--proxy-cpu
and --proxy-memory
were deprecated inproxy-cpu-request
and proxy-memory-request
) (thanks @TwinProduction!)--proxy-log-level
flaginject
and uninject
subcommands to issue warnings whenKind
property (thanks @Pothulapati!)inject
command proxy options are now converted into configinject
to require fetching a configuration from the control plane;--ignore-cluster
and --disable-identity
linkerd check
(thanks @yb172!)linkerd check
to ensure hint URLs are displayed for RPC checkslinkerd check
linkerd check
linkerd dashboard
command to serve the dashboard on a fixedlinkerd routes
command to display rows for routes that are not-o wide
and -o json
flagsstat
command now always shows the number of open TCP connectionsstat
command; this is in preparation forinstall-cni
command and its flags, and tweaked their descriptionsconfig.linkerd.io/proxy-version
annotation on pod10m
to 100m
for HA deployments;tcp_open_connections
, tcp_read_bytes_total
, tcp_write_bytes_total
linkerd-controller
pod to use an excessive amount of memory:4191/ready
so that Kubernetes doesn'tl5d-*
informational headers have been temporarily removed froml5d-remote-ip
header is now set on inbound requests and outboundbin/go-run
script for the build process so that on failure,unparam
, unconvert
, goimports
,goconst
, scopelint
, unused
, gosimple
-update
and -pretty-diff
to tests to allow overwriting.golangci.yml
to centralize-cover
parameter to track code coverage in go testsPublished by dadjeibaah over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.2.1.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
inject
to allow the --disable-identity
flag to be used--ignore-cluster
flagPublished by siggy over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.2.1.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
linkerd upgrade
command not upgrading proxy containers (thankslinkerd upgrade
command not installing the identity service whenSpecial thanks to @KatherineMelnyk for updating the web component to read the
UUID from the linkerd-config
ConfigMap!
Published by kleimkuhler over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.2.1.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
stat
command; this is in preparation forupgrade
command now outputs a URL that explains next steps for--linkerd-cni-enabled
flag has been removed frominject
command; CNI is configured at the cluster level with theinstall
command and no longer applies to the inject
commandconfig.linkerd.io/proxy-version
annotation on pod10m
to 100m
for HA deployments;CommonName
field on CSRs is now set to the proxy's identity namePublished by kleimkuhler over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.2.1.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
upgrade
command! This allows an existing Linkerd control plane to be reinstalled or reconfigured; it is particularly useful for automatically reusing flags set in the previous install
or upgrade
inject
command proxy options are now converted into config annotations; the annotations ensure that these configs are persisted in subsequent resource updatesstat
command now always shows the number of open TCP connections--disable-external-profiles
flag from the install
command; external profiles are now disabled by default and can be enabled with the new --enable-external-profiles
flagl5d-*
informational headers have been temporarily removed from requests and responses because they could leak information to external clientsPublished by scottcarol over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.2.1.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
Significant Update
This edge release introduces a new TLS Identity system into the default Linkerd
installation, replacing tls=optional
and the linkerd-ca
controller. Now,
proxies generate ephemeral private keys into a tmpfs directory and dynamically
refresh certificates, authenticated by Kubernetes ServiceAccount tokens, via the
newly-introduced Identity controller.
Now, all meshed HTTP communication is private and authenticated by default.
install
to accept or generate an issuer Secret for the Identityinstall
to fail in the case of a conflict with an existing--ignore-cluster
flaginject
to require fetching a configuration from the control plane;--ignore-cluster
and --disable-identity
--tls=optional
flag from the linkerd install
command, sincelinkerd-controller
pod to use an excessive amount of memory:4191/ready
so that Kubernetes doesn'tbin/go-run
script for the build process so that on failure,Special thanks to @liquidslr for many useful UI and log changes, and to @mmalone
and @sourishkrout at @smallstep for collaboration and advice on the Identity
system!
Published by klingerf over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.2.1.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
--api-port
flag from the inject
andinstall
commands, since there's no benefit to running the control plane'slinkerd metrics
command for fetching proxy metricslinkerd routes
command to display rows for routes that are notlinkerd dashboard
command to serve the dashboard on a fixedPublished by rmars over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.2.1.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
linkerd check
linkerd check
(thanks @yb172!)-o wide
and -o json
flagsmutatingwebhookconfiguration
so that it is recreated when thel5d-remote-ip
header is now set on inbound requests and outboundPublished by ihcsim over 5 years ago
This is an edge release of Linkerd! The latest stable release is stable-2.2.1.
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh
linkerd check
to ensure hint URLs are displayed for RPC checkstcp_open_connections
, tcp_read_bytes_total
, tcp_write_bytes_total
unparam
, unconvert
, goimports
,goconst
, scopelint
, unused
, gosimple