Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
APACHE-2.0 License
Bot releases are visible (Hide)
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.9.1...edge-24.9.2
Published by github-actions[bot] about 2 months ago
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.8.3...edge-24.9.1
Published by github-actions[bot] about 2 months ago
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.8.2...edge-24.8.3
Published by github-actions[bot] 3 months ago
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.8.1...edge-24.8.2
Published by github-actions[bot] 3 months ago
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.7.5...edge-24.8.1
Published by github-actions[bot] 3 months ago
N/A
This release supports Server-scoped default policy, policy audit mode, GRPCRoute, and new retry and timeout configuration (including for Gateway API resources)!
Server resources now have an accessPolicy
field that will override the default inbound policy for any traffic associated with that Server. (The default accessPolicy
is deny
, for compatibility with previous releases.)
Both default inbound policy and Server accessPolicy
can now be set to audit
in order to allow traffic to flow, but log anything that would be denied. In the proxy's logs, you'll see INFO
level logs with the tag authz.name=audit
. In metrics (such as request_total
) you'll see the label authz_name=audit
.
edge-24.7.5
includes support for the Gateway API GRPCRoute resource. Remember that starting with edge-24.5.2
, if you don't set enableHttpRoutes
to false
when installing, Linkerd will install the grpcroute.gateway.networking.k8s.io
CRD into your cluster and remove it when Linkerd is uninstalled.
Starting in this release, you can use the retry.linkerd.io/http
annotation on Service or HTTPRoute resources to enable HTTP retries. The value of this annotation is a comma-separated list of HTTP statuses to retry on (for example "502-504,511"
). "5xx"
is shorthand for any of the 5xx status codes, and gateway-error
is shorthand for "502-504"
.
You can also use the retry.linkerd.io/grpc
annotation on Service or GRPCRoute resources to enable gRPC retries. The value of this annotation is a comma-separated list of gRPC results to retry on (for example "cancelled,deadline-exceeded"
).
These are counted retries, unlike Linkerd's typical budgeted retries. Use the retry.linkerd.io/limit
annotation to set the maximum number of retries, and the retry.linkerd.io/timeout
annotation to set how long Linkerd will give a request before cancelling it and retrying.
Finally, you can configure timeouts on Service, HTTPRoute, and GRPCRoute with annotations. timeout.linkerd.io/request
and timeout.linkerd.io/response
set timeouts for processing the request and receiving the response; timeout.linkerd.io/idle
sets the idle timeout. All currently allow values similar to GEP-2257 Duration strings, but allowing only a single unit (for example, 1500ms
or 90s
are allowed, but 1s500ms
and 1m30s
are not).
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.7.4...edge-24.7.5
Published by github-actions[bot] 3 months ago
N/A
This release correctly supports IPv6 in the Linkerd CNI network-validator and repair-controller containers, and continues ongoing authorization policy work and upcoming GRPCRoute support.
accessPolicy
field to Server CRD by @alpeb in https://github.com/linkerd/linkerd2/pull/12845
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.7.3...edge-24.7.4
Published by github-actions[bot] 3 months ago
N/A
Updates the documentation on what networkValidator.connectAddr
in the Helm chart means (thanks, @djryanj!) and continues ongoing authorization policy work.
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.7.2...edge-24.7.3
Published by github-actions[bot] 3 months ago
N/A
This release bumps dependencies but has no functional changes from edge-24.7.1
.
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.7.1...edge-24.7.2
Published by github-actions[bot] 4 months ago
N/A
This release continues work on upcoming GRPCRoute support and removes the empty shortnames
fields from the ExternalWorkload CRD.
shortnames
from ExternalWorkload by @siggy in https://github.com/linkerd/linkerd2/pull/12793
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.6.4...edge-24.7.1
Published by github-actions[bot] 4 months ago
It's no longer possible or necessary to explicitly set proxy-init
's resource requests or limits; see the Changes section for more information.
This release changes the proxy-init container to always request the same amount of memory and CPU as the proxy itself, and removes the ability to explicitly set proxy-init's requests because there's now no need to do so. (This doesn't increase the resources required for the pod as a whole, because the proxy-init container completes before the proxy starts, letting the proxy reuse resources requested by the proxy-init container.) It also continues work on upcoming GRPCRoute support. Finally, if proxy.logHTTPHeaders
is somehow empty, it correctly defaults to "off".
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.6.3...edge-24.6.4
Published by github-actions[bot] 4 months ago
N/A
This release adds the linkerd.io/control-plane-ns
label to the ext-namespace-metadata-linkerd-config
Role, for parity with the other resources created when installing Linkerd.
linkerd.io/control-plane-ns
label by @klingerf in https://github.com/linkerd/linkerd2/pull/12742
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.6.2...edge-24.6.3
Published by github-actions[bot] 4 months ago
This release includes one breaking change: the proxy's /shutdown
endpoint is now disabled by default. See Changes for how to reenable it.
This release disables the proxy's /shutdown
endpoint by default; it can be reenabled by using --set proxy.enableShutdownEndpoint=true
when installing or upgrading. Beyond that, it fixes several bugs: EndpointSlices with no hostname
field are supported (thanks, Adrian Callejas!), DNS resolution errors are correctly logged (and the resolver's log level can be configured), the proxy's administration endpoints function correctly on systems using IPv4-mapped IPv6, and the init container and CNI plugin will not attempt to start on systems that configure IPv6 but don't support ip6tables
. Finally, it supports controlling whether or not HTTP headers are logged in debug output (with the default being "not"), JSON output for the link, unlink, allow, and allow-scrapes CLI commands, and fixes a typo in the output of linkerd diagnostics
(thanks, John Howard!)
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.6.1...edge-24.6.2
Published by github-actions[bot] 4 months ago
N/A
This release adds support for JSON output to linkerd install
and related commands.
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.5.5...edge-24.6.1
Published by github-actions[bot] 5 months ago
In this release, IPv6 is off by default for the entire control plane. To use IPv6, you'll need to explicitly set it -- see the Changes section below.
This release switches IPv6 off by default for the entire control plane, including the Linkerd CNI plugin. Set disableIPv6
to false
to enable IPv6.
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.5.4...edge-24.5.5
Published by github-actions[bot] 5 months ago
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.5.3...edge-24.5.4
Published by github-actions[bot] 5 months ago
N/A
edge-24.5.3 removes an internal limit on the number of concurrent gRPC streams to the control plane, leaving available memory as the only constraint.
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.5.2...edge-24.5.3
Published by github-actions[bot] 5 months ago
linkerd dg endpoints
to work with IPv6 by @alpeb in https://github.com/linkerd/linkerd2/pull/12541
grpcroute
crd by @the-wondersmith in https://github.com/linkerd/linkerd2/pull/12507
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.5.1...edge-24.5.2
Published by github-actions[bot] 6 months ago
upgrade-stable
integration test, refactor helm-upgrade
by @alpeb in https://github.com/linkerd/linkerd2/pull/12519
values.go
to better align with Helm by @siggy in https://github.com/linkerd/linkerd2/pull/12534
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.4.5...edge-24.5.1
Published by github-actions[bot] 6 months ago
--prune-whitelist
with --prune-allowlist
by @alpeb in https://github.com/linkerd/linkerd2/pull/12496
Full Changelog: https://github.com/linkerd/linkerd2/compare/edge-24.4.4...edge-24.4.5