Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
APACHE-2.0 License
Bot releases are visible (Hide)
Published by github-actions[bot] over 3 years ago
This edge release further consolidates the control plane by removing the
linkerd-controller deployment and moving the sp-validator container into the
destination deployment.
Annotation inheritance has been added so that all Linkerd annotations
on a namespace resource will be inherited by pods within that namespace.
In addition, the config.linkerd.io/proxy-await
annotation has been added which
enables the linkerd-await
functionality by default, simplifying the implementation of the await behavior.
Setting the annotation value to disabled will prevent this behavior.
Some of the linkerd check
functionality has been updated. The command
ensures that annotations and labels are properly located in the YAML and adds
proxy checks for the control plane and extension pods.
Finally, the nginx container has been removed from the Multicluster gateway pod,
which will impact upgrades. Please see the note below.
Upgrade note: When the Multicluster extension is updated in both of the
source and target clusters there won't be any downtime because this change only
affects the readiness probe. The multicluster links must be re-generated with
the linkerd mc link
command and the linkerd mc gateways
will show
the target cluster as not alive until the linkerd mc link
command is re-run,
however that shouldn't affect existing endpoints pointing to the target cluster.
Published by github-actions[bot] over 3 years ago
This stable release adds CLI support for Apple Silicon M1 chips and support for
SMI's TrafficSplit v1alpha2
.
There are several proxy fixes: handling FailedPrecondition
errors gracefully,
inbound TLS detection from non-meshed workloads, and using the correct cached
client when the proxy is in ingress mode. The logging infrastructure has also
been improved to reduce memory pressure in high-connection environments.
On the control-plane side, there have been several improvements to the
destination service such as support for Host IP lookups and ignoring pods
in "Terminating" state. It also updates the proxy-injector to add opaque ports
annotation to pods if their namespace has it set.
On the CLI side, linkerd repair
has been updated to be aware about the control-plane
version and suggest the relevant version to generate the right config. Various
bugs have been fixed around linkerd identity
, etc.
Upgrade notes: Please refer 2.10 upgrade instructions
if you are upgrading from 2.9.x
or below versions.
Proxy:
destination
controller when it returned a FailedPrecondition
Control Plane:
v1alpha2
1.16.2
.CLI:
linkerd repair
to be aware of the client and server versionslinkerd uninstall
to print error message when there are noHelm:
Viz:
Multicluster:
Jaeger:
Published by github-actions[bot] over 3 years ago
This edge supersedes edge-21.4.2
as a release candidate for stable-2.10.1
!
This release adds support for TrafficSplit v1alpha2
. Additionally, It includes
improvements to the web and proxy-init
images.
v1alpha2
proxy-init
image to v1.3.11
which updates1.16.2
Published by github-actions[bot] over 3 years ago
This edge release is another candidate for stable-2.10.1
!
It includes some CLI fixes and addresses an issue where the outbound proxy
would forward traffic to the wrong pod when running in ingress mode.
Thank you to all of our users that have helped test and identify issues in 2.10!
linkerd inject
where the wrong annotation would be--ingress
flaglinkerd repair
caused by a mismatchmatches
field from TrafficSplit CRDPublished by github-actions[bot] over 3 years ago
This is a release candidate for stable-2.10.1
!
This includes several fixes for the core installation as well the Multicluster,
Jaeger, and Viz extensions. There are two significant proxy fixes that address
TLS detection and admin server failures.
Thanks to all our 2.10 users who helped discover these issues!
metrics-api
container so that it canPublished by github-actions[bot] over 3 years ago
This release fixes some issues around publishing of CLI binary
for Apple Silicon M1 Chips. This release also includes some fixes and
improvements to the dashboard, destination, and the CLI.
installNamespace
toggle in the jaeger extension's install.healthcheck
pkg to have hintBaseURL
configurable, usefulPublished by github-actions[bot] over 3 years ago
This release includes various bug fixes and improvements to the CLI, the
identity and destination control plane components as well as the proxy. This
release also ships with a new CLI binary for Apple Silicon M1 chips.
linkerd identity
command returned the rootdestination
control plane component sometimes0
port number while pods werelinkerd check
command when running extensiondestination
controller when it returned a FailedPrecondition
Published by github-actions[bot] over 3 years ago
This release introduces Linkerd extensions. The default control plane no longer
includes Prometheus, Grafana, the dashboard, or several other components that
previously shipped by default. This results in a much smaller and simpler set
of core functionalities. Visibility and metrics functionality is now available
in the Viz extension under the linkerd viz
command. Cross-cluster
communication functionality is now available in the Multicluster extension
under the linkerd multicluster
command. Distributed tracing functionality is
now available in the Jaeger extension under the linkerd jaeger
command.
This release also introduces the ability to mark certain ports as "opaque",
indicating that the proxy should treat the traffic as opaque TCP instead of
attempting protocol detection. This allows the proxy to provide TCP metrics
and mTLS for server-speaks-first protocols. It also enables support for
TCP traffic in the Multicluster extension.
Upgrade notes: Please see the upgrade
instructions.
Proxy
config.linkerd.io/opaque-ports
--opaque-ports
flag withlinkerd inject
25,443,587,3306,5432,11211
have been removed from the default skiplinkerd.io/inject: ingress
) to use an excessive amount of memory/shutdown
admin endpoint that may only be accessed over theControl Plane
CLI
check
command to include each installed extension's check
metrics
, endpoints
, and install-sp
commands into subcommandsdiagnostics
command--opaque-ports
flag to linkerd inject
to easily mark portsrepair
command which will repopulate resources needed forset
, set-string
, values
, set-files
customizationlinkerd install
and linkerd upgrade
commandslinkerd identity
command, used to fetch the TLS certificatesget
and logs
command from the CLIHelm
Viz
linkerd viz
subcommand which contains commands forlinkerd viz list
command to list pods with tap enabledtap
APIServer would not refresh its certsMulticluster
linkerd multicluster
subcommand which contains commands forconfig.linkerd.io/opaque-ports
annotation when mirroring services so thatJaeger
linkerd jaeger
subcommand which contains commands forlinkerd jaeger list
command to list pods with tracing enabledThis release includes changes from a massive list of contributors. A special
thank-you to everyone who helped make this release possible:
Lutz Behnke
Björn Wenzel
Filip Petkovski
Simon Weald
GMarkfjard
hodbn
Hu Shuai
Jimil Desai
jiraguha
Joakim Roubert
Josh Soref
Kelly Campbell
Matei David
Mayank Shah
Max Goltzsche
Mitch Hulscher
Eugene Formanenko
Nathan J Mehl
Nicolas Lamirault
Oleh Ozimok
Piyush Singariya
Naga Venkata Pradeep Namburi
rish-onesignal
Shai Katz
Takumi Sue
Raphael Taylor-Davies
Yashvardhan Kukreja
Published by github-actions[bot] over 3 years ago
This edge release is another release candidate for stable 2.10 and fixes some
final bugs found in testing. A big thank you to users who have helped us
identity these issues!
check
command output hint anchors to match Linkerd component--set
flagPublished by github-actions[bot] over 3 years ago
This edge release is another release candidate, bringing us closer to
stable-2.10.0
! It fixes the Helm install/upgrade procedure and ships some new
CLI commands, among other improvements.
proxy.image.version
linkerd viz list
to list meshed pods and indicate which canlinkerd jaeger list
to list meshed pods and--opaque-ports
flag to linkerd inject
to specify the list oflinkerd jaeger check
, combining the checks for thePublished by github-actions[bot] over 3 years ago
This edge is a release candidate for stable-2.10.0
! It wraps up the functional
changes planned for the upcoming stable release. We hope you can help us test
this in your staging clusters so that we can address anything unexpected before
an official stable.
This release introduces support for CLI extensions. The Linkerd check
command
will now invoke each extension's check
command so that users can check the
health of their Linkerd installation and extensions with one command. Additional
documentation will follow for developers interested in creating extensions.
Additionally, there is no longer a default list of ports skipped by the proxy.
These ports have been moved to opaque ports, meaning protocols like MySQL will
be encrypted by default and without user input.
values.yaml
by removing do not edit
entries; theyinstall
command so that it errors after detecting there is anmirror.linkerd.io
label25,443,587,3306,5432,11211
have been removed from the default skipcheck --proxy
command when tap isviz tap
commandcheck
commandscheck
commandmetrics
, endpoints
, and install-sp
commands into subcommandsdiagnostics
command.linkerd-
prefix from non-cluster scoped resources in the Viz andtcp_connection_duration_ms
histogram from the metrics export toPublished by github-actions[bot] over 3 years ago
This stable release fixes an issue that prevented the proxy from being able to
speak HTTP/1 with older versioned proxies (announced in 2.9.3 but the fix wasn't
actually included).
linkerd install
command so that it can properly detect and avoidcr.l5d.io
registryPublished by github-actions[bot] over 3 years ago
This release wraps up most of the functional changes planned for the upcoming
stable-2.10.0
release. Try this edge release in your staging cluster and
let us know if you see anything unexpected!
Service
-export annotationmirror.linkerd.io/exported
to multicluster.linkerd.io/export
config.linkerd.io/opaque-ports
Service
objects when the annotation is set onNamespace
automountServiceAccountToken
(thanks @jimil749)install
and uninstall
behavior for extensions to preventcr.l5d.io
registryPublished by github-actions[bot] over 3 years ago
This edge release introduces support for multicluster TCP!
The repair
command was added which will repopulate resources needed for
upgrading from a 2.9.x
installation. There will be an error message during the
upgrade process indicating that this command should be run so that users do not
need to guess.
Lastly, it contains a breaking change for Helm users. The global
field has
been removed from the Helm chart now that it is no longer needed. Users will
need to pass in the identity certificates again—along with any other
customizations, no longer rooted at global
.
Global
field from the Linkerd Helm chartrepair
command which will repopulate resources needed for properlysidecarContainers
key in the Viz extension HelmtapInjector.logLevel
key to the Viz extension helm chart so that--disable-tap
flag from the inject
command now that tap is nocheck
command to include each installed extension's check
Published by github-actions[bot] over 3 years ago
This stable release fixes an issue that prevented the proxy from being able
to speak HTTP/1 with older versioned proxies. It also fixes an issue where the
linkerd-config-overrides
secret would be deleted during upgrade and provides
a linkerd repair
command for restoring it if it has been deleted.
linkerd.io/control-plane-ns
to thelinkerd-config-overrides
secret to prevent it from being pruned duringlinkerd repair
command to restore the linkerd-config-overrides
Published by github-actions[bot] over 3 years ago
This edge release continues improving the proxy's diagnostics and also avoids
timing out when the HTTP protocol detection fails. Additionally, old resource
versions were upgraded to avoid warnings in k8s v1.19. Finally, it comes with
lots of CLI improvements detailed below.
viz.linkerd.io/tap-enabled
annotation whenlinkerd tap
commandjaeger.linkerd.io/tracing-enabled
annotationlinkerd jaeger check
commandlinkerd uninstall
command so it fails gracefully when there--force
flag was providedlinkerd profile --tap
functionality into a new command linkerd viz profile --tap
, given tap now belongs to the viz extensionlinkerd viz check
command to include data-plane checksPublished by github-actions[bot] over 3 years ago
This edge release continues to polish the Linkerd extension model and improves
the robustness of the opaque transport.
check
commands betweentls="passhtru"
when forwardingPublished by github-actions[bot] over 3 years ago
This edge release improves proxy diagnostics and recovery in situations where
the proxy is temporarily unable to route requests. Additionally, the viz
and
multicluster
CLI sub-commands have been updated for consistency.
Full release notes:
set
, set-string
, values
, set-files
customizationlinkerd install
and linkerd multicluster install
commandslinkerd metrics
could return metrics for the incorrectclient
and server
prefixes in the proxy logs for socket-level errorslinkerd viz check
sub-command to verify the states of thelinkerd-viz
componentslog-format
flag to optionally output the control plane component logmetrics
and profile
subcommands to use thenamespace
specified by the current-context
of the KUBECONFIG so that it is--namespace
flag to query resources in the--namespace
flaglinkerd viz install
thatlinkerd multicluster check
command to properly work.Published by github-actions[bot] almost 4 years ago
This edge release continues the work on decoupling non-core Linkerd components.
Commands that use the viz extension i.e, dashboard
, edges
, routes
,
stat
, tap
and top
are moved to the viz
sub-command. These commands are still
available under root but are marked as deprecated and will be removed in a
later stable release.
This release also upgrades the proxy's dependencies to the Tokio v1 ecosystem.
viz
Succeeded
status when watching IP addressescollector.jaegerAddr
inpodAntiAffinity
use-casevalues.yaml
in Helm and flags in CLI.linkerd-viz
namespace--ignore-cluster
Published by github-actions[bot] almost 4 years ago
Warning: there is a known issue where upgrading to this release with the --prune
flag as described in the Linkerd Upgrade documentation will delete certain Linkerd configuration and prevent you from performing any subsequent upgrades. It is highly recommended that you skip this version and instead upgrade directly to stable-2.9.3 or later. If you have already upgraded to this version, you can repair your installation by upgrading your CLI to stable-2.9.3 and using the linkerd repair
command.
This stable release fixes an issue that stops traffic to a pod when there is an
IP address conflict with another pod that is not in a running state.
It also fixes an upgrade issue when using HA that would lead to values being
overridden.