Date   
Announcing Linkerd stable-2.5.0

Andrew Seigner
 

Hello Linkerd community!¬†ūüĎč

We are thrilled to announce that¬†Linkerd stable-2.5.0¬†has been released!¬†ūüéą

This release adds Helm support, tap authentication and authorization via RBAC, traffic split stats, dynamic logging levels, a new cluster monitoring dashboard, and countless performance enhancements and bug fixes.

For more details, see the announcement blog post:
https://linkerd.io/2019/08/20/announcing-linkerd-2.5/

To install this release, run: curl https://run.linkerd.io/install | sh

Upgrade notes: Use the linkerd upgrade command to upgrade the control plane. This command ensures that all existing control plane's configuration and mTLS secrets are retained. For more details, please see the upgrade instructions.

Special thanks to: @alenkacz, @codeman9, @ethan-daocloud, @jonathanbeber, and @Pothulapati!

Full release notes:
  • CLI
    • New¬†Updated linkerd tap, linkerd top and linkerd profile --tap¬†to require tap.linkerd.io¬†RBAC privileges. See https://linkerd.io/tap-rbac for more info
    • New¬†Added traffic split metrics via linkerd stat trafficsplits¬†subcommand
    • Made the linkerd routes¬†command traffic split aware
    • Introduced the linkerd --as¬†flag which allows users to impersonate another user for Kubernetes operations
    • Introduced the --all-namespaces¬†(-A) option to the linkerd get, linkerd edges¬†and linkerd stat¬†commands to retrieve resources across all namespaces
    • Improved the installation report produced by the linkerd check command to include the control plane pods' live status
    • Fixed bug in the linkerd upgrade config¬†command that was causing it to crash
    • Introduced --use-wait-flag¬†to the linkerd install-cni¬†command, to configure the CNI plugin to use the -w¬†flag for iptables¬†commands
    • Introduced --restrict-dashboard-privileges¬†flag to linkerd install¬†command, to disallow tap in the dashboard
    • Fixed linkerd uninject¬†not removing linkerd.io/inject: enabled¬†annotations
    • Fixed linkerd stat -h¬†example commands (thanks @ethan-daocloud!)
    • Fixed incorrect "meshed" count in linkerd stat¬†when resources share the same label selector for pods (thanks @jonathanbeber!)
    • Added pod status to the output of the linkerd stat¬†command (thanks @jonathanbeber!)
    • Added namespace information to the linkerd edges¬†command output and a new -o wide¬†flag that shows the identity of the client and server if known
    • Added a check to the linkerd check¬†command to validate the user has privileges necessary to create CronJobs
    • Added a new check to the linkerd check --pre¬†command validating that if PSP is enabled, the NET_RAW capability is available
  • Controller
    • New¬†Disabled all unauthenticated tap endpoints. Tap requests now require RBAC authentication and authorization
    • The l5d-require-id¬†header is now set on tap requests so that a connection is established over TLS
    • Introduced a new RoleBinding in the kube-system¬†namespace to provide access to tap
    • Added HTTP security headers on all dashboard responses
    • Added support for namespace-level proxy override annotations (thanks @Pothulapati!)
    • Added resource limits when HA is enabled (thanks @Pothulapati!)
    • Added pod anti-affinity rules to the control plane pods when HA is enabled (thanks @Pothulapati!)
    • Fixed a crash in the destination service when an endpoint does not have a TargetRf
    • Updated the destination service to return InvalidArgument¬†for external name services so that the proxy does not immediately fail the request
    • Fixed an issue with discovering StatefulSet pods via their unique hostname
    • Fixed an issue with traffic split where outbound proxy stats are missing
    • Upgraded the service profile CRD to v1alpha2. No changes required for users currently using v1alpha1
    • Updated the control plane's pod security policy to restrict workloads from running as root¬†in the CNI mode (thanks @codeman9!)
    • Introduced optional cluster heartbeat cron job
    • Bumped Prometheus to 2.11.1
    • Bumped Grafana to 6.2.5
  • Proxy
    • New¬†Added a new /proxy-log-level¬†endpoint to update the log level at runtime
    • New¬†Updated the tap server to only admit requests from the control plane's tap controller
    • Added request_handle_us¬†histogram to measure proxy overhead
    • Fixed gRPC client cancellations getting recorded as failures rather than as successful
    • Fixed a bug where tap would stop streaming after a short amount of time
    • Fixed a bug that could cause the proxy to leak service discovery resolutions to the Destination controller
  • Web UI
    • New¬†Added "Kubernetes cluster monitoring" Grafana dashboard with cluster and containers metrics
    • Updated the web server to use the new tap APIService. If the linkerd-web¬†service account is not authorized to tap resources, users will see a link to documentation to remedy the error

Announcing Linkerd2 edge-19.8.6

Charles Pretzer
 

Hello Linkerd community! ūüĎč

We are thrilled to announce that Linkerd2 edge-19.8.6 has been released! ūüéąūüéČ

This is an edge release of Linkerd! The latest stable release is stable-2.5.0.

To install this edge release, run: curl https://run.linkerd.io/install-edge | sh

This edge release adds the --cluster-domain flag to the install command which configures a domain for clusters that do not use cluster.local. In addition, a new Grafana dashboard has been added which shows historical data for a selected namespace. The build process for controller components now requires Go 1.12.9.
  • CLI
    • Fixed custom cluster domain support for tap profiles (thanks @arminbuerkle!)
  • Web UI
    • Added a Linkerd Namespace Grafana dashboard, allowing users to view historical data for a given namespace, similar to CLI output for linkerd stat deploy -n myNs (thanks @bourquep!)
  • Internal
    • Added requirement for Go 1.12.9 for controller builds to include security fixes

As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Charles

Announcing Linkerd 1.7.0

Dennis Adjei-Baah
 

Hey Linkerd fans!

We're excited to announce that Linkerd 1.7.0 has been released! ūüéą

Linkerd 1.7.0 includes a number of memory leak fixes for Linkerd and its
underlying grpc-runtime module. This release includes improvements for
SNI-enabled TLS communication, support for streaming arbitrarily large HTTP
requests and responses in HTTP/1 and HTTP/2 as well an upgraded JDK for
improved Docker container support.

A special thank you to Fantayeneh for their awesome work on GitHub issue #2315.

Full release notes:
  • **Breaking Change**
    • Removes maxRequestKB and maxResponseKB¬†from Linkerd's configuration options in favor of streamAfterContentLengthKB. These parameters were primarily intended to limit the amount of memory Linkerd used when buffering requests. The streamAfterContentLengthKB parameter achieves this more efficiently by streaming large messages instead of buffering them
  • Consul
    • Enables streaming in the HTTP client used in the io.l5d.consul namer to allow for arbitrarily large responses from Consul
    • Support for the inclusion of Consul response service and node metadata in Namerd io.l5d.mesh and io.l5d.httpController responses.
  • Linkerd Configuration
    • Introduces a router parameter called maxCallDepth that prevents unbounded cyclic proxy request routing
    • Adds support for limiting the maximum size of l5d-err header values by using maxErrResponseKB in an HTTP router
    • Fixes an issue were some socketOptions were being ignored when partially configured
  • TLS
    • Fixes an issue where Linkerd can't connect to SNI servers that are addressed via IPv4 and IPv6
  • HTTP/2
    • Fixes a number of direct and heap memory leaks in Linkerd's HTTP/2 module
    • Fixes an issue causing users of grpc-runtime module to experience direct memory leaks
  • Updates Linkerd's JDK version for improved container support

As always, we are excited to hear your feedback! Please try out the new release and send comments/questions to us on this mailing list, and bug via GitHub.

--Dennis



Announcing Linkerd2 edge-19.8.7

eliza
 


Hello Linkerdites! ūüĎč

We are thrilled to announce that Linkerd2 edge-19.8.7 has been released! ūüéąūüéČ

This is an edge release of Linkerd! The latest stable release is stable-2.5.0.

To install this edge release, run: curl https://run.linkerd.io/install-edge | sh

  • Controller
    • Added Kubernetes events (and log lines) when the proxy injector injects a deployment, and when injection is skipped
    • Additional preparation for configuring the cluster base domain (thanks @arminbuerkle!)
  • Proxy
    • Changed the proxy to require the LINKERD2_PROXY_DESTINATION_SVC_ADDR environment variable when starting up
  • Web UI
    • Increased dashboard speed by consolidating existing Prometheus queries

As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Enjoy!
~ Eliza

Announcing Linkerd2 edge-19.9.1

Alex Leong
 

Happy Friday, everyone!

It's time for another edge release of Linkerd!  The latest stable release is stable-2.5.0.

To install this edge release, run: curl https://run.linkerd.io/install-edge | sh

This edge release adds traffic splits into the Linkerd dashboard as well as a
variety of other improvements.

Full release notes:

  • CLI
    • Improved the error message when the CLI cannot connect to Kubernetes (thanks @alenkacz!)
    • Added --address flag to linkerd dashboard (thanks @bmcstdio!)
  • Controller
    • Fixed an issue where the proxy-injector had insufficient RBAC permissions
    • Added support for disabling the heartbeat cronjob (thanks @kevtaylor!)
  • Proxy
    • Decreased proxy Docker image size by removing bundled debug tools
    • Fixed an issue where the incorrect content-length could be set for GET requests with bodies
  • Web UI
    • Added trafficsplits as a resource to the dashboard, including a trafficsplit detail page
  • Internal
    • Added support for Kubernetes 1.16
As always, we're excited to hear your feedback. Please try the new release and 
send questions/comments to this mailing list, and report bugs via GitHub.

Thanks!

Announcing Linkerd2 edge-19.9.2

Oliver Gould
 

Hello!

I'm happy to announce our weekly edge release of Linkerd! The latest stable release is stable-2.5.0.

To install this edge release, run: curl https://run.linkerd.io/install-edge | sh

Much of our effort has been focused on improving our build and test
infrastructure, but this edge release lays the groundwork for some big
new features to land in the coming releases!

  • Helm
    • There's now a public Helm repo! This release can be installed with:
      helm repo add linkerd-edge https://helm.linkerd.io/edge && helm install linkerd-edge/linkerd2
    • Improved TLS credential parsing by ignoring spurious newlines
  • Proxy
    • Decreased proxy-init Docker image size by removing bundled debug tools
  • Web UI
    • Fixed an issue where the edges table could end up with duplicates
    • Added an icon to more clearly label external links
  • Internal
    • Upgraded client-go to v12.0.0
    • Moved CI from Travis to GitHub Actions

As always, we're excited to hear your feedback. Please try the new release and 
send questions/comments to this mailing list, and report bugs via GitHub.

Thanks!

--
Oliver Gould <ver@...>

Announcing Linkerd2 edge-19.9.3

Alejandro Pedraza
 

Dear Linkerdists,

We're very pleased to announce that Linkerd2 edge-19.9.3 has been released!¬†ūüéČ
To install this edge release, run:

Full release notes:

  • Helm
    • Allowed disabling namespace creation during install (thanks¬†@KIVagant!)
  • CLI
    • Added a new¬†json¬†output option to the¬†linkerd tap¬†command
  • Controller
    • Fixed proxy injector timeout during a large number of concurrent injections
    • Separated the destination controller into its own separate deployment
    • Updated Prometheus config to keep only needed¬†cadvisor¬†metrics,
      substantially reducing the number of time-series stored in most clusters
  • Web UI
    • Fixed bad request in the top routes tab on empty fields (thanks¬†@pierDipi!)
  • Proxy
    • Fixes to the client's backoff logic
    • Added 587 (SMTP) to the list of ports to ignore in protocol detection (bound
      to server-speaks-first protocols) (thanks @brianstorti!)

As always, we're excited to hear your feedback! Please try out the new release and send questions/comments to us on this mailing list, and bugs via GitHub.

-- Alejandro

Announcing Linkerd2 edge-19.9.4

Kevin Leimkuhler
 

ÔĽŅ
Hello Linkerd fans!

This edge release introduces experimental support for distributed tracing as
well as a redesigned sidebar in the Web UI!

Experimental support for distributed tracing means that Linkerd data plane
proxies can now emit trace spans, allowing you to see the exact amount of time
spent in the Linkerd proxy for traced requests. The new
`config.linkerd.io/trace-collector` and
`config.alpha.linkerd.io/trace-collector-service-account` tracing annotations
allow specifying which pods should emit trace spans.

The goal of the dashboard's sidebar redesign was to reduce load on Prometheus
and simplify navigation by providing top-level views centered around namespaces
and workloads.

  • CLI
    • Introduced a new¬†`--cluster-domain`¬†flag to the¬†`linkerd install`¬†command that allows setting a custom cluster domain (thanks @arminbuerkle!)
    • Fixed the¬†`linkerd endpoints`¬†command to use the correct Destination API address (thanks @Pothulapati!)
    • Added¬†`--disable-heartbeat`¬†flag for¬†`linkerd`¬†`install|upgrade`¬†commands
  • Controller
    • Instrumented the proxy-injector to provide additional metrics about injection (thanks @Pothulapati!)
    • Added support for¬†`config.linkerd.io/admission-webhooks: disabled`¬†label on namespaces so that the pod's creation events in these namespaces are ignored by the proxy injector; this fixes connection errors between the k8s API Server and the control plane, when all the proxy injector replicas are unavailable (thanks @hasheddan!)
    • Introduced¬†`config.linkerd.io/trace-collector`¬†and `config.alpha.linkerd.io/trace-collector-service-account`¬†pod spec annotations to support per-pod tracing
  • Web UI
    • Workloads are now viewed by namespace, with an "All Namespaces" option, to improve dashboard performance
  • Proxy
    • Added experimental distributed tracing support

As always, we're excited to hear your feedback. Please try the new release and 
send questions/comments to this mailing list, and report bugs via GitHub.

‚ÄĒ
Kevin

Announcing Linkerd2 edge-19.9.5

Carol Scott
 

Salutations, Linkerd fans!¬†ūüĆĮ

This is an edge release of Linkerd! The latest stable release is stable-2.5.0.
 
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh

This is a release candidate for the upcoming stable-2.6 release. We'd love to get your help testing this edge release!

Full release notes:

  • Helm
    • Added node selector constraints, so users can control which nodes the
      control plane is deployed to (thanks @bmcstdio!)
  • CLI
    • Added request and response headers to the JSON output option for¬†linkerd tap

As always, we're excited to hear your feedback. Please try the new release and 
send questions/comments to this mailing list, and report bugs via GitHub.

--Carol

Announcing Linkerd2 edge-19.10.1

Carol Scott
 

Happy October 3rd, Linkerd squad!¬†ūüĆł

This is an edge release of Linkerd! The latest stable release is stable-2.5.0.
 
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh

This isn't a regular edge release, this is a release candidate for the upcoming stable-2.6 release! Please test it out and let us know how it works for you.

Full release notes: 

  • Proxy
    • Improved error logging when the proxy fails to emit trace spans
    • Fixed bug in distributed tracing where trace ids with fewer than 16 bytes
      were discarded
  • Internal
    • Added integration tests for¬†linkerd edges¬†and¬†linkerd endpoints

As always, we're excited to hear your feedback. Please try the new release and 
send questions/comments to this mailing list, and report bugs via GitHub.

--Carol

Announcing Linkerd2 edge-19.10.2

Carol Scott
 

Hello Linkerd fans!

This is an edge release of Linkerd! The latest stable release is stable-2.5.0.
 
To install this edge release, run: curl https://run.linkerd.io/install-edge | sh

This is a release candidate for the upcoming stable-2.6 release! Please test it out and let us know how it works for you.¬†ūüćÄūüćÄ

Full release notes: 

  • Controller
    • Added the destination container back to the controller; it had previously
      been separated into its own deployment. This ensures backwards compatibility
      and allows users to avoid data plane downtime during an upcoming upgrade to
      stable-2.6.

As always, we're excited to hear your feedback. Please try the new release and 
send questions/comments to this mailing list, and report bugs via GitHub.

--Carol

Announcing Linkerd stable-2.6.0

Carol Scott
 

Greetings Linkerd aficionados! 

We are excited to announce that Linkerd stable-2.6.0 has been released!¬†ūüéąūüéą

This release introduces distributed tracing support, adds request and response
headers to linkerd tap, dramatically improves the performance of the dashboard
on large clusters, adds traffic split visualizations to the dashboard, adds a
public Helm repo, and many more improvements!

For more details, see the announcement blog post:
https://linkerd.io/2019/10/10/announcing-linkerd-2.6/

To install this release, run: curl https://run.linkerd.io/install | sh

Upgrade notes: Please see the upgrade
instructions
.

Special thanks to: @alenkacz, @arminbuerkle, @bmcstdio, @bourquep,
@brianstorti, @kevtaylor, @KIVagant, @pierDipi, and @Pothulapati!

Full release notes:

  • CLI
    • Added a new¬†json¬†output option to the¬†linkerd tap¬†command, which exposes
      request and response headers
    • Added a public Helm repo - for full installation instructions, see our¬†Helm
      documentation
      .
    • Added an¬†--address¬†flag to¬†linkerd dashboard, allowing users to specify
      a port-forwarding address (thanks @bmcstdio!)
    • Added node selector constraints to Helm installation, so users can control
      which nodes the control plane is deployed to (thanks @bmcstdio!)
    • Added a¬†--cluster-domain¬†flag to the¬†linkerd install¬†command that allows
      setting a custom cluster domain (thanks @arminbuerkle!)
    • Added a¬†--disable-heartbeat¬†flag for¬†linkerd install | upgrade¬†commands
    • Allowed disabling namespace creation when installing Linkerd using Helm
      (thanks @KIVagant!)
    • Improved the error message when the CLI cannot connect to Kubernetes (thanks
      @alenkacz!)
  • Controller
    • Updated the Prometheus config to keep only needed¬†cadvisor¬†metrics,
      substantially reducing the number of time-series stored in most clusters
    • Introduced¬†config.linkerd.io/trace-collector¬†and
      config.alpha.linkerd.io/trace-collector-service-account pod spec
      annotations to support per-pod tracing
    • Instrumented the proxy injector to provide additional metrics about
      injection (thanks @Pothulapati!)
    • Added Kubernetes events (and log lines) when the proxy injector injects a
      deployment, and when injection is skipped
    • Fixed a workload admission error between the Kubernetes apiserver and the HA
      proxy injector, by allowing workloads in a namespace to be omitted from the
      admission webhooks phase using the config.linkerd.io/admission-webhooks: disabled label (thanks @hasheddan!)
    • Fixed proxy injector timeout during a large number of concurrent injections
    • Added support for disabling the heartbeat cronjob (thanks¬†@kevtaylor!)
  • Proxy
    • Added distributed tracing support
    • Decreased proxy Docker image size by removing bundled debug tools
    • Added 587 (SMTP) to the list of ports to ignore in protocol detection (bound
      to server-speaks-first protocols) (thanks @brianstorti!)
  • Web UI
    • Redesigned dashboard navigation so workloads are now viewed by namespace,
      with an "All Namespaces" option, in order to increase dashboard speed
    • Added Traffic Splits as a resource to the dashboard, including a Traffic
      Split detail page
    • Added a¬†Linkerd Namespace¬†Grafana dashboard, allowing users to view
      historical data for a given namespace, similar to CLI output for linkerd stat deploy -n myNs (thanks @bourquep!)
    • Fixed bad request in the top routes tab on empty fields (thanks¬†@pierDipi!)
  • Internal
    • Moved CI from Travis to GitHub Actions
    • Added requirement for Go¬†1.12.9¬†for controller builds to include security
      fixes
    • Added support for Kubernetes¬†1.16
    • Upgraded client-go to¬†v12.0.0