Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
APACHE-2.0 License
Bot releases are visible (Hide)
Published by github-actions[bot] almost 4 years ago
This edge release introduces a new "opaque transport" feature that allows the
proxy to securely transport server-speaks-first and otherwise opaque TCP
traffic. Using the config.linkerd.io/opaque-ports
annotation on pods and
namespaces, users can configure ports that should skip the proxy's protocol
detection.
Additionally, a new linkerd-viz
extension has been introduced that separates
the installation of the Grafana, Prometheus, web, and tap components. This
extension closely follows the Jaeger and multicluster extensions; users can
install
and uninstall
with the linkerd viz ..
command as well as configure
for HA with the --ha
flag.
The linkerd viz install
command does not have any cli flags to customize the
install directly, but instead follows the Helm way of customization by using
flags such as set
, set-string
, values
, set-files
.
Finally, a new /shutdown
admin endpoint that may only be accessed over the
loopback network has been added. This allows batch jobs to gracefully terminate
the proxy on completion. The linkerd-await
utility can be used to automate
this.
linkerd multicluster check
command to validate that thelinkerd-multicluster
extension is working correctlylinkerd edges
command (thanks @jsoref!)ca.crt
field in the identity issuer secretlinkerd check
command (thanks @cypherfox!)linkerd check
command since it nowlinkerd check
(thankslinkerd.io/proxy-version
when it islinkerd-viz
helm chart (thanksproxy-mutator
to jaeger-injector
in the linkerd-jaeger
extension/shutdown
admin endpoint that may only be accessed over thelinkerd identity
command, used to fetch the TLS certificateslinkerd-multicluster
extensionPublished by github-actions[bot] almost 4 years ago
This edge release adds support for the config.linkerd.io/opaque-ports
annotation on pods and namespaces, to configure ports that should skip the
proxy's protocol detection. In addition, it adds new CLI commands related to the
linkerd-jaeger
extension, fixes bugs in the CLI install
and upgrade
commands and Helm charts, and fixes a potential false positive in the proxy's
HTTP protocol detection. Finally, it includes improvements in proxy performance
and memory usage, including an upgrade for the proxy's dependency on the Tokio
async runtime.
config.linkerd.io/opaque-ports
annotation on pods andlinkerd install --ha
failed to honor flagslinkerd upgrade --ha
can override existing configslinkerd-config-overrides
secret to avoid breakingkubectl apply --prune
linkerd jaeger check
CLI command to validate that thelinkerd-jaeger
extension is working correctlylinkerd jaeger uninstall
CLI command to print the linkerd-jaeger
kubectl delete
linkerd-cni
daemgitonset may not be installed on alllinkerd-cni
Helm charttap
APIServer would not refresh its certsPublished by github-actions[bot] almost 4 years ago
This edge release is functionally the same as edge-20.12.2
. It fixes an issue
that prevented the release build from occurring.
Published by github-actions[bot] almost 4 years ago
Warning: there is a known issue where upgrading to this release with the --prune
flag as described in the Linkerd Upgrade documentation will delete certain Linkerd configuration and prevent you from performing any subsequent upgrades. It is highly recommended that you skip this version and instead upgrade directly to stable-2.9.3 or later. If you have already upgraded to this version, you can repair your installation by upgrading your CLI to stable-2.9.3 and using the linkerd repair
command.
This stable release contains a number of proxy enhancements: better support for
high-traffic workloads, improved performance by eliminating unnecessary endpoint
resolutions for TCP traffic and properly tearing down serverside connections
when errors occur, and reduced memory consumption on proxies which maintain many
idle connections (such as Prometheus' proxy).
On the CLI and control plane sides, it relaxes checks on root and intermediate
certificates (following X509 best practices), and fixes two issues: one that
prevented installation of the control plane into a custom namespace and one
which failed to update endpoint information when a headless service was
modified.
Proxy:
CLI / Helm / Control Plane:
linkerd-namespace
flag was not honored wheninstall
and upgrade
commandslinkerd install --ha
) that wasn'tvalues-ha.yml
linkerd check
so that it doesn't attempt to validate the subjectget
and logs
command from the CLIlinkerd-config
doesn't have an entryGlobal
configs (thanks @hodbn!)Published by github-actions[bot] almost 4 years ago
This edge release continues the work of decoupling non-core Linkerd components
by moving more tracing related functionality into the Linkerd-jaeger extension.
linkerd-jaeger
extensionPublished by github-actions[bot] almost 4 years ago
This edge release improves the proxy's support for high-traffic workloads. It also
contains the first steps towards decoupling non-core Linkerd components, the
first iteration being a new linkerd jaeger
sub-command for installing tracing.
Please note this is still a work in progress.
content-type
when synthesizing gRPC errorproxy-init
image to v1.3.8
which is based off ofbuster-20201117-slim
to reduce potential security vulnerabilitieslinkerd-config
doesn't have an entry forGlobal
configs (thanks @hodbn!)/jaeger
directory now contains the charts and commandsPublished by github-actions[bot] almost 4 years ago
Published by github-actions[bot] almost 4 years ago
This edge release improves support for CNI by properly handling parameters
passed to the nsenter
command, relaxes checks on root and intermediate
certificates (following X509 best practices), and fixes two issues: one that
prevented installation of the control plane into a custom namespace and one
which failed to update endpoint information when a headless service is modified.
This release also improves linkerd proxy performance by eliminating unnecessary
endpoint resolutions for TCP traffic and properly tearing down serverside
connections when errors occur.
linkerd check
so that it doesn't attempt to validate the subjectlinkerd-namespace
flag is not honored wheninstall
and upgrade
commandsbuster-20201117-slim
tov1.3.7
which fixes CNI issues in certainnsenter
argsPublished by github-actions[bot] almost 4 years ago
This edge release reduces memory consumption of Linkerd proxies which maintain
many idle connections (such as Prometheus). It also removes some obsolete
commands from the CLI and allows setting custom annotations on multicluster
gateways.
get
and logs
command from the CLIPublished by github-actions[bot] almost 4 years ago
Warning: there is a known issue where upgrading to this release with the --prune
flag as described in the Linkerd Upgrade documentation will delete certain Linkerd configuration and prevent you from performing any subsequent upgrades. It is highly recommended that you skip this version and instead upgrade directly to stable-2.9.3 or later. If you have already upgraded to this version, you can repair your installation by upgrading your CLI to stable-2.9.3 and using the linkerd repair
command.
This release extends Linkerd's zero-config mutual TLS (mTLS) support to all TCP
connections, allowing Linkerd to transparently encrypt and authenticate all TCP
connections in the cluster the moment it's installed. It also adds ARM support,
introduces a new multi-core proxy runtime for higher throughput, adds support
for Kubernetes service topologies, and lots, lots more, as described below:
(For upgrade instructions please check the docs)
Proxy
debug
ortrace
log levels are disabledControl Plane
--enable-endpoint-slices
flag to use this resource rather than theDashboard
CLI
--addon-config
flag to --config
to clarify this flag can belinkerd
commandMulticluster
service-mirror
controller with separate controllerslinkerd multicluster link
unlink
command for removing multicluster linksPrometheus
global.prometheusUrl
to the Helm config to have linkerd use anOther
linkerd.io/inject: ingress
annotation and accompanying--ingress
flag to the inject
command, to configure the proxy to supportkubernetes.io/tls
ghcr.io
from gcr.io
; Userslinkerd-config
ConfigMapThis release includes changes from a massive list of contributors. A special
thank-you to everyone who helped make this release possible:
Abereham G Wodajie, Alexander Berger, Ali Ariff, Arthur Silva Sens, Chris Campbell,
Daniel Lang, David Tyler, Desmond Ho, Dominik Münch, George Garces, Herrmann Hinz,
Hu Shuai, Jeffrey N. Davis, Joakim Roubert, Josh Soref, Lutz Behnke, MaT1g3R,
Marcus Vaal, Markus, Matei David, Matt Miller, Mayank Shah, Naseem, Nil, OlivierB,
Olukayode Bankole, Paul Balogh, Rajat Jindal, Raphael Taylor-Davies, Simon Weald,
Steve Gray, Suraj Deshmukh, Tharun Rajendran, Wei Lun, Zhou Hao, ZouYu, aimbot31,
iohenkies, memory and tbsoares
Published by github-actions[bot] almost 4 years ago
This edge supersedes edge-20.10.6 as a release candidate for stable-2.9.0.
check
command would error when there is no Prometheuscheck
command to warn instead of error when webhook certificates--ingress
flag to the inject
command which adds the recentlylinkerd.io/inject: ingress
annotation--registry
flag from the multicluster install
commandPublished by github-actions[bot] almost 4 years ago
This edge supersedes edge-20.10.5 as a release candidate for stable-2.9.0. It
adds a new linkerd.io/inject: ingress
annotation to support service profiles
and enable per-route metrics and traffic splits for HTTP ingress controllers
linkerd.io/inject: ingress
annotation to configure thedebug
or trace
log levels are disabledlinkerd profile
CLI commandPublished by github-actions[bot] almost 4 years ago
This edge supersedes edge-20.10.4 as a release candidate for stable-2.9.0. It
adds a fix for updating the destination service when there are no endpoints
NoEndpoints
message. This ensures that the clients get the correct set ofPublished by github-actions[bot] almost 4 years ago
This edge release is a release candidate for stable-2.9.0. For the proxy, there
have been changes to improve performance, remove unused code, and configure
ports that can be ignored by default. Also, this edge release adds enhancements
to the multicluster configuration and observability, adds more translations to
the dashboard, and addresses a bug in the CLI.
global.proxy.destinationGetNetworks
to global.clusterNetworks
.100.64.0.0/10
to the set of discoverable--all-namespaces
flag is handled by thelinkerd edges
commandPublished by github-actions[bot] about 4 years ago
This edge release is a release candidate for stable-2.9.0. It overhauls the
discovery and routing logic implemented by the proxy, simplifies the way that
Linkerd stores configuration, and adds new Helm values to configure additional
labels, annotations, and namespace selectors for webhooks.
l5d-dst-override
header is no longer honoredTrafficSplits
are only applied when a client targets a service's IPPublished by github-actions[bot] about 4 years ago
This edge release adds more improvements for mTLS for all TCP traffic.
It also includes significant internal improvements to the way Linkerd
configuration is stored within the cluster.
client_id
and server_id
labels.linkerd-config
proxy-injector
uses to derive the configurationPublished by github-actions[bot] about 4 years ago
This edge release includes a couple of external contributions towards
improved cert-manager support and Grafana charts fixes, among other
enhancements.
kubernetes.io/tls
,service-mirror
multicluster component so that it retriesPublished by github-actions[bot] about 4 years ago
This edge release introduces support for authenticated docker registries and
fixes a recent multicluster regression.
Published by github-actions[bot] about 4 years ago
This edge release includes fixes and updates for the control plane and CLI.
--dest-cni-bin-dir
flag to the linkerd install-cni
command, tocollector.name
and jaeger.name
config fields from the tracingPublished by github-actions[bot] about 4 years ago
This edge release continues the work of adding support for mTLS for all TCP
traffic and changes the default container registry to ghcr.io
from gcr.io
.
If you are upgrading from stable-2.8.x
with the Linkerd CLI using the
linkerd upgrade
command, you must add the --addon-overwrite
flag to ensure
that the grafana image is properly set.
proxy.destinationGetNetworks
variable to set theLINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS
variable in the proxy chartlinkerd check
command