linkerd2

This release brings major improvements to the CLI as described below, including
support for auto-injecting deployments via a Kubernetes Admission Controller.
Proxy auto-injection is experimental, and the implementation may change
going forward.

• CLI
  • New Added a --proxy-auto-inject flag to the install command,
    allowing for auto-injection of sidecar containers (Thanks @ihcsim!)
  • Improved Added --proxy-cpu and --proxy-memory flags to the install
    and inject commands, giving the ability to configure CPU + Memory requests
    (Thanks @benjdlambert!)
  • Improved Added a --context flag to specify the context to use to talk
    to the Kubernetes apiserver (Thanks @ffd2subroutine!)

This is an edge release of Linkerd! The latest stable release is stable-2.0.0.

To install this edge release, run: curl https://run.linkerd.io/install-edge | sh

• Web UI
  • Improved Tap and Top pages
    • Added clear button to query form
  • Improved Resource Detail pages
    • Limit number of resources shown in the graph
• Controller
  • CLI health check now uses unified endpoint for data plane checks
  • Include Licence files in all Docker images

Special thanks to @alenkacz for contributing to this release!

This is an edge release of Linkerd! The latest stable release is stable-2.0.0.

To install this edge release, run: curl https://run.linkerd.io/install-edge | sh

• Web UI
  • Improved Resource Detail page
    • Better rendering of the dependency graph at the top of the page
    • Unmeshed sources are now populated in the Inbound traffic table
    • Sources and destinations are aligned in the popover
  • Improved Tap and Top pages
    • Additional validation and polish for the form controls
    • The top table clears older results when a new top call is started
    • The top table now aggregates by HTTP method as well
• CLI
  • New The namespace in which Linkerd is installed is configurable via the
    LINKERD_NAMESPACE env var, in addition to the --linkerd-namespace flag
  • New The wait time for the check and dashboard commands is
    configurable via the --wait flag
  • Improved The top command now aggregates by HTTP method as well

Special thanks to @rochacon, @fahrradflucht and @alenkacz for contributing to
this release!

The inaugural GA release of Linkerd 2.0! See the blog post for details:

https://blog.linkerd.io/2018/09/18/announcing-linkerd-2-0/

edge-18.9.2 is the first release of linkerd2 on the edge channel.

• New edge and stable release channels
• Web UI
  • Improved Tap & Top UIs with better layout and linking
• CLI
  • Improved check --pre command verifies the caller has sufficient
    permissions to install Linkerd
  • Improved check command verifies that Prometheus has data for proxied
    pods
• Proxy
  • Fix hyper crate dependency corrects HTTP/1.0 Keep-Alive behavior

• Web UI
  • New Default landing page provides namespace overview with expandable
    sections
  • New Breadcrumb navigation at the top of the dashboard
  • Improved Tap and Top pages
    • Table rendering performance improvements via throttling
    • Tables now link to resource detail pages
    • Tap an entire namespace when no resource is specified
    • Tap websocket errors provide more descriptive text
    • Consolidated source and destination columns
  • Misc ui updates
    • Metrics tables now include a small success rate chart
    • Improved latency formatting for seconds latencies
    • Renamed upstream/downstream to inbound/outbound
    • Sidebar scrolls independently from main panel, scrollbars hidden when not
      needed
    • Removed social links from sidebar
• CLI
  • New linkerd check now validates Linkerd proxy versions and readiness
  • New linkerd inject now provides an injection status report, and warns
    when resources are not injectable
  • New linkerd top now has a --hide-sources flag, to hide the source
    column and collapse top results accordingly
• Control Plane
  • Updated Prometheus to v2.4.0, Grafana to 5.2.4

• Web UI
  • Improved Tap and Top now have a better sampling rate
  • Fixed Missing sidebar headings now appear

• Web UI
  • Improved Kubernetes resource navigation in the sidebar
  • Improved resource detail pages:
    • New live request view
    • New success rate graphs
• CLI
  • tap and top have been improved to sample up to 100 RPS
• Control plane
  • Injected proxy containers now have readiness and liveness probes enabled

Special thanks to @sourishkrout for contributing a web readability fix!

• CLI
  • New linkerd top command has been added, displays live traffic stats
  • linkerd check has been updated with additional checks, now supports a --pre flag for running pre-install checks
  • linkerd check and linkerd dashboard now support a --wait flag that tells the CLI to wait for the control plane to become ready
  • linkerd tap now supports a --output flag to display output in a wide format that includes src and dst resources and namespaces
  • linkerd stat includes additional validation for command line inputs
  • All commands that talk to the Linkerd API now show better error messages when the control plane is unavailable
• Web UI
  • New individual resources can now be viewed on a resource detail page, which includes stats for the resource itself and its nearest neighbors
  • Experimental web-based Top interface accessible at /top, aggregates tap data in real time to display live traffic stats
  • The /tap page has multiple improvements, including displaying additional src/dst metadata, improved form controls, and better latency formatting
  • All resource tables have been updated to display meshed pod counts, as well as an icon linking to the resource's Grafana dashboard if it is meshed
  • The UI now shows more useful information when server errors are encountered
• Proxy
  • The h2 crate fixed a HTTP/2 window management bug
  • The rustls crate fixed a bug that could improperly fail TLS streams
• Control Plane
  • The tap server now hydrates metadata for both sources and destinations

• Web UI
  • New Tap UI makes it possible to query & inspect requests from the browser!
• Proxy
  • New Automatic, transparent HTTP/2 multiplexing of HTTP/1 traffic
    reduces the cost of short-lived HTTP/1 connections
• Control Plane
  • Improved linkerd inject now supports injecting all resources in a folder
  • Fixed linkerd tap no longer crashes when there are many pods
  • New Prometheus now only scrapes proxies belonging to its own linkerd install
  • Fixed Prometheus metrics collection for clusters with >100 pods

Special thanks to @ihcsim for contributing the inject improvement!

Linkerd2 v18.7.3 completes the rebranding from Conduit to Linkerd2, and improves
overall performance and stability.

• Proxy
  • Improved CPU utilization by ~20%
• Web UI
  • Experimental /tap page now supports additional filters
• Control Plane
  • Updated all k8s.io dependencies to 1.11.1

Linkerd2 v18.7.2 introduces new stability features as we work toward production readiness.

You can easily install this release (and others!). Simply:

1. curl https://run.conduit.io/install\?v18.7.2 | sh
2. linkerd install | kubectl apply -f -
3. linkerd dashboard

Release notes:

• Control Plane
  • Breaking change Injected pod labels have been renamed to be more consistent with Kubernetes; previously injected pods must be re-injected with new version of linkerd CLI in order to work with updated control plane
  • The "ca-bundle-distributor" deployment has been renamed to "ca"
• Proxy
  • Fixed HTTP/1.1 connections were not properly reused, leading to elevated latencies and CPU load
  • Fixed The process_cpu_seconds_total was calculated incorrectly
• Web UI
  • New per-namespace application topology graph
  • Experimental web-based Tap interface accessible at /tap
  • Updated favicon to the Linkerd logo

Linkerd2 v18.7.1 is the first release of Linkerd2, which was formerly hosted at https://github.com/runconduit/conduit.

This is a beta release. It is the first of many as we work towards a GA release. See the blog post for more details on where this is all going.

The artifacts here are the CLI binaries. To install Linkerd2 on your Kubernetes cluster, download the appropriate binary, rename it to linkerd, and run linkerd install | kubectl apply -f -.

• Packaging
  • Introduce new date-based versioning scheme, vYY.M.n
  • Move all Docker images to gcr.io/linkerd-io repo
• User Interface
  • Update branding to reference Linkerd throughout
  • The CLI is now called linkerd
• Production Readiness
  • Fix issue with Destination service sending back incomplete pod metadata
  • Fix high CPU usage during proxy shutdown
  • ClusterRoles are now unique per Linkerd install, allowing multiple instances to be installed in the same Kubernetes cluster

Conduit v0.5.0 introduces a new, experimental feature that automatically
enables Transport Layer Security between Conduit proxies to secure
application traffic. It also adds support for HTTP protocol upgrades, so
applications that use WebSockets can now benefit from Conduit.

• Security
  • New conduit install --tls=optional enables automatic, opportunistic
    TLS. See the docs for more info.
• Production Readiness
  • The proxy now transparently supports HTTP protocol upgrades to support, for
    instance, WebSockets.
  • The proxy now seamlessly forwards HTTP CONNECT streams.
  • Controller services are now configured with liveness and readiness probes.
• User Interface
  • conduit stat now supports a virtual authority resource that aggregates
    traffic by the :authority (or Host) header of an HTTP request.
  • dashboard, stat, and tap have been updated to describe TLS state for
    traffic.
  • conduit tap now has more detailed information, including the direction of
    each message (outbound or inbound).
  • conduit stat now more-accurately records histograms for low-latency services.
  • conduit dashboard now includes error messages when a Conduit-enabled pod fails.
• Internals
  • Prometheus has been upgraded to v2.3.1.
  • A potential live-lock has been fixed in HTTP/2 servers.
  • conduit tap could crash due to a null-pointer access. This has been fixed.

v0.4.4

Conduit v0.4.4 continues to improve production suitability and sets up internals for the
upcoming v0.5.0 release.

• Production Readiness
  • The destination service has been mostly-rewritten to improve safety and correctness,
    especially during controller initialization.
  • Readiness and Liveness checks have been added for some controller components.
  • RBAC settings have been expanded so that Prometheus can access node-level metrics.
• User Interface
  • Ad blockers like uBlock prevented the Conduit dashboard from fetching API data. This
    has been fixed.
  • The UI now highlights pods that have failed to start a proxy.
• Internals
  • Various dependency upgrades, including Rust 1.26.2.
  • TLS testing continues to bear fruit, precipitating stability improvements to
    dependencies like Rustls.

Special thanks to @alenkacz for improving docker build times!

v0.4.3

Conduit v0.4.3 continues progress towards production readiness. It features a new
latency-aware load balancer.

• Production Readiness
  • The proxy now uses a latency-aware load balancer for outbound requests. This
    implementation is based on Finagle's Peak-EWMA balancer, which has been proven to
    significantly reduce tail latencies. This is the same load balancing strategy used by
    Linkerd.
• User Interface
  • conduit stat is now slightly more predictable in the way it outputs things,
    especially for commands like watch conduit stat all --all-namespaces.
  • Failed and completed pods are no longer shown in stat summary results.
• Internals
  • The proxy now supports some TLS configuration, though these features remain disabled
    and undocumented pending further testing and instrumentation.

Special thanks to @ihcsim for contributing his first PR to the project and to @roanta for
discussing the Peak-EWMA load balancing algorithm with us.

v0.4.2

Conduit 0.4.2 is a major step towards production readiness. It features a wide array of
fixes and improvements for long-running proxies, and several new telemetry features. It
also lays the groundwork for upcoming releases that introduce mutual TLS everywhere.

• Production Readiness
  • The proxy now drops metrics that do not update for 10 minutes, preventing unbounded
    memory growth for long-running processes.
  • The proxy now constrains the number of services that a node can route to
    simultaneously (default: 100). This protects long-running proxies from consuming
    unbounded resources by tearing down the longest-idle clients when the capacity is
    reached.
  • The proxy now properly honors HTTP/2 request cancellation.
  • The proxy could incorrectly handle requests in the face of some connection errors.
    This has been fixed.
  • The proxy now honors DNS TTLs.
  • conduit inject now works with statefulset resources.
• Telemetry
  • New conduit stat now supports the all Kubernetes resource, which
    shows traffic stats for all Kubernetes resources in a namespace.
  • New the Conduit web UI has been reorganized to provide namespace overviews.
  • Fix a bug in Tap that prevented the proxy from simultaneously satisfying more than
    one Tap request.
  • Fix a bug that could prevent stats from being reported for some TCP streams in
    failure conditions.
  • The proxy now measures response latency as time-to-first-byte.
• Internals
  • The proxy now supports user-friendly time values (e.g. 10s) from environment
    configuration.
  • The control plane now uses client for Kubernetes 1.10.2.
  • Much richer proxy debug logging, including socket and stream metadata.
  • The proxy internals have been changed substantially in preparation for TLS support.

Special thanks to @carllhw, @kichristensen, & @sfroment for contributing to this release!

Upgrading from v0.4.1

When upgrading from v0.4.1, we suggest that the control plane be upgraded to v0.4.2 before
injecting application pods to use v0.4.2 proxies.

Conduit 0.4.1 builds on the telemetry work from 0.4.0, providing rich,
Kubernetes-aware observability and debugging.

• Web UI
  • New Automatically-configured Grafana dashboards for Services, Pods,
    ReplicationControllers, and Conduit mesh health.
  • New conduit dashboard Pod and ReplicationController views.
• Command-line interface
  • Breaking change conduit tap now operates on most Kubernetes resources.
  • conduit stat and conduit tap now both support kubectl-style resource
    strings (deploy, deploy/web, and deploy web), specifically:
    • namespaces
    • deployments
    • replicationcontrollers
    • services
    • pods
• Telemetry
  • New Tap support for filtering by and exporting destination metadata. Now
    you can sample requests from A to B, where A and B are any resource or group
    of resources.
  • New TCP-level stats, including connection counts and durations, and
    throughput, wired through to Grafana dashboards.
• Service Discovery
  • The proxy now uses the trust-dns DNS resolver. This fixes a number of DNS
    correctness issues.
  • The Destination service could sometimes return incorrect, stale, labels for an
    endpoint. This has been fixed!

Conduit 0.4.0 overhauls Conduit's telemetry system and improves service discovery
reliability.

• Web UI
  • New automatically-configured Grafana dashboards for all Deployments.
• Command-line interface
  • conduit stat has been completely rewritten to accept arguments like kubectl get.
    The --to and --from filters can be used to filter traffic by destination and
    source, respectively. conduit stat currently can operate on Namespace and
    Deployment Kubernetes resources. More resource types will be added in the next
    release!
• Proxy (data plane)
  • New Prometheus-formatted metrics are now exposed on :4191/metrics, including
    rich destination labeling for outbound HTTP requests. The proxy no longer pushes
    metrics to the control plane.
  • The proxy now handles SIGINT or SIGTERM, gracefully draining requests until all
    are complete or SIGQUIT is received.
  • SMTP and MySQL (ports 25 and 3306) are now treated as opaque TCP by default. You
    should no longer have to specify --skip-outbound-ports to communicate with such
    services.
  • When the proxy reconnected to the controller, it could continue to send requests to
    old endpoints. Now, when the proxy reconnects to the controller, it properly removes
    invalid endpoints.
  • A bug impacting some HTTP/2 reset scenarios has been fixed.
• Service Discovery
  • Previously, the proxy failed to resolve some domain names that could be misinterpreted
    as a Kubernetes Service name. This has been fixed by extending the Destination API
    with a negative acknowledgement response.
• Control Plane
  • The Telemetry service and associated APIs have been removed.
• Documentation
  • Updated Roadmap
  • Added prometheus metrics guide

Special thanks to @ahume, @alenkacz, & @xiaods for contributing to this release!

Upgrading from v0.3.1

When upgrading from v0.3.1, it's important to upgrade proxies before upgrading the
controller. As you upgrade proxies, the controller will lose visibility into some data
plane stats. Once all proxies are updated, conduit install |kubectl apply -f - can be
run to upgrade the controller without causing any data plane disruptions. Once the
controller has been restarted, traffic stats should become available.

Conduit 0.3.1 improves Conduit's resilience and transparency.

• Proxy (data plane)
  • The proxy now makes fewer changes to requests and responses being proxied. In particular,
    requests and responses without bodies or with empty bodies are better supported.
  • HTTP/1 requests with different Host header fields are no longer sent on the same HTTP/1
    connection even when those hostnames resolve to the same IP address.
  • A connection leak during proxying of non-HTTP TCP connections was fixed.
  • The proxy now handles unavailable services more gracefully by timing out while waiting for an
    endpoint to become available for the service.
• Command-line interface
  • $KUBECONFIG with multiple paths is now supported. (PR #482 by @hypnoglow).
  • conduit check now checks for the availability of a Conduit update. (PR #460 by @ahume).
• Service Discovery
  • Kubernetes services with type ExternalName are now supported.
• Control Plane
  • The proxy is injected into the control plane during installation to improve the control plane's
    resilience and to "dogfood" the proxy.
  • The control plane is now more resilient regarding networking failures.
• Documentation
  • The markdown source for the documentation published at https://conduit.io/docs/ is now open
    source at https://github.com/runconduit/conduit/tree/master/doc.