Date   

Announcing Linkerd stable-2.9.5

Kevin Leimkuhler
 

Hey Linkerd users!

We have a minor update for Linkerd 2.9, stable-2.9.5. The latest stable is stable-2.10.1

To install this release, run: curl -sL https://run.linkerd.io/install |LINKERD2_VERSION='stable-2.9.5' sh

This release fixes an issue where the destination service is throttled after overwhelming the Kubernetes API server with node topology queries. This results in the destination service failing requests and spiking in latency. By moving to a shared informer for these queries, the information is now fetched asynchronously.

As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks!
Kevin


Announcing Linkerd edge-21.4.5

Dennis Adjei-Baah
 

Hey Linkerd friends!

We're pleased to announce that Linkerd edge-21.4.5 has been released! 🎉

To install this release, run: curl https://run.linkerd.io/install-edge | sh

This edge release adds a new --short flag to linkerd check to show a
summary of the check output. This release also includes various proxy bug fixes
and improvements.

  • Proxy
    • Fixed a task leak that would be triggered when clients disconnect a service in failfast.
    • Improved admin server protocol detection so that error messages are more descriptive
      about the underlying problem.
    • Fixed panics found in fuzz testing. These panics were extremely unlikely to occur in
      practice and would require very specific configuration overrides to be triggered.
  • CLI
    • Added support for a --short flag to the check command to output a summary of check results
As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks!
--Dennis



Announcing Linkerd edge-21.4.4

Charles Pretzer
 

Hi Linkerd Community,

We're very pleased to announce our most recent edge release, edge-21.4.4! 🎊 💥🔥

To install, run: curl https://run.linkerd.io/install-edge | sh

This edge release further consolidates the control plane by removing the
linkerd-controller deployment and moving the sp-validator container into the
destination deployment.

Annotation inheritance has been added so that all Linkerd annotations
on a namespace resource will be inherited by pods within that namespace.
In addition, the `config.linkerd.io/proxy-await` annotation has been added which
enables the [linkerd-await](https://github.com/linkerd/linkerd-await)
functionality by default, simplifying the implementation of the await behavior.
Setting the annotation value to disabled will prevent this behavior.

Some of the `linkerd check` functionality has been updated. The command
ensures that annotations and labels are properly located in the YAML and adds
proxy checks for the control plane and extension pods.

Finally, the nginx container has been removed from the Multicluster gateway pod,
which will impact upgrades. Please see the note below.

**Upgrade note:** When the Multicluster extension is updated in both of the
source and target clusters there won't be any downtime because this change only
affects the readiness probe. The multicluster links must be re-generated with
the `linkerd mc link` command and the `linkerd mc gateways` will show
the target cluster as not alive until the `linkerd mc link` command is re-run,
however that shouldn't affect existing endpoints pointing to the target cluster.

  • * Added proxy checks for core control plane and extension pods
  • * Added support for awaiting proxy readiness using an annotation
  • * Added namespace annotation inheritance to pods
  • * Removed the linkerd-controller pod
  • * Moved sp-validator container into the destination deployment
  • * Added check verifying that labels and annotations are not mixed up
  •   (thanks @szymongib)
  • * Enabled support for extra initContainers to the linkerd-cni daemonset
  •   (thanks @mhulscher!)
  • * Removed nginx container from multicluster gateway pod
  • * Added an error message when there is nothing to uninstall
As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks, and happy meshing!

Charles


Announcing Linkerd stable-2.10.1

Tarun Pothulapati
 

Hello Linkerd fans! 🔥 🙏

We are excited to announce that `stable-2.10.1` has been finally released! 🎉🎊

To install this release, run: `curl https://run.linkerd.io/install | sh`

This stable release adds CLI support for Apple Silicon M1 chips and support for
SMI's TrafficSplit `v1alpha2`.

There are several proxy fixes: handling `FailedPrecondition` errors gracefully,
inbound TLS detection from non-meshed workloads, and using the correct cached
client when the proxy is in ingress mode. The logging infrastructure has also
been improved to reduce memory pressure in high-connection environments.

On the control-plane side, there have been several improvements to the
destination service such as support for Host IP lookups and ignoring pods
in "Terminating" state. It also updates the proxy-injector to add opaque ports
annotation to pods if their namespace has it set.

On the CLI side, `linkerd repair` has been updated to be aware about the control-plane
version and suggest the relevant version to generate the right config. Various
bugs have been fixed around `linkerd identity`, etc.

**Upgrade notes**: Please refer [2.10 upgrade instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2100)
if you are upgrading from `2.9.x` or below versions.

Full Release Notes
  • Proxy:
    • Fixed an issue where proxies could infinitely retry failed requests to the
      `destination` controller when it returned a `FailedPrecondition`
    • The proxy's logging infrastructure has been updated to reduce memory     pressure in high-connection environments.
    •  Fixed a caching issue in the outbound proxy that would cause it to
       forward traffic to the wrong pod when running in ingress mode.
    • Fixed an issue where inbound TLS detection from non-meshed workloads
      could break
    • Fixed an issue where the admin server's HTTP detection would fail and
      not recover; these are now handled gracefully and without logging warnings
    • Control plane proxies no longer emit warnings about the resolution stream ending. This error was innocuous.
    • Bumped the proxy-init image to v1.3.11 which updates the go version to be 1.16.
  • Control Plane
    • Fixed an issue where the destination service would respond with too big of a
      header and result in http2 protocol errors
    • Fixed an issue where the destination control plane component sometimes returned endpoint addresses with a 0 port number while pods were undergoing a rollout (thanks @riccardofreixo!)
    • Fixed an issue where pod lookups by host IP and host port fail even though
      the cluster has a matching pod
    • Updated the IP Watcher in destination to ignore pods in "Terminating" state
      (thanks @Wenliang-CHEN!)
    • Modified the proxy-injector to add the opaque ports annotation to pods
      if their namespace has it set
    • Added Support for TrafficSplit `v1alpha2`
    • Updated all the control-plane components to use go `1.16.2`.
  • CLI
    • Fixed an issue where the linkerd identity command returned the root
      certificate of a pod instead of its leaf certificates
    • Fixed an issue where the destination service would respond with too
      big of a header and result in http2 protocol errors
    • Updated the release process to build Linkerd CLI binaries for Apple
      Silicon M1 chips
    • Improved error messaging when trying to install Linkerd on a cluster
      that already had Linkerd installed
    • Added a loading spinner to the linkerd check command when running
      extension checks
    • Added installNamespace toggle in the jaeger extension's install.
      (thanks @jijeesh!)
    • Updated healthcheck pkg to have hintBaseURL configurable, useful
      for external extensions using that pkg
    • Fixed TCP read and write bytes/sec calculations to group by label
      based off inbound or outbound traffic
    • Fixed an issue in linkerd inject where the wrong annotation would
      be added when using --ingress flag
    • Updated `linkerd repair` to be aware of the client and server versions
    • Updated `linkerd uninstall` to print error message when there are no
      resources to uninstall.
  • Helm:
    •   Aligned the Helm installation heartbeat schedule to match that of the CLI
  • Viz:
    • Fixed an issue where the topology graph in the dashboard was no
      longer draggable.
    • Updated dashboard build to use webpack v5
    • Added CA certs to the Viz extension's metrics-api container so
      that it can validate the certificate of an external Prometheus
    • Removed components from the control plane dashboard that now
      are part of the Viz extension
    • Changed web's base image from debian to scratch
  • Multicluster:
    • Fixed an issue with Multicluster's service mirror where its endpoint
      repair retries were not properly rate limited
  • Jaeger:
    • Fixed components in the Jaeger extension to set the correct Prometheus
      scrape values.
As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks, and have a great day,
Tarun


Announcing Linkerd edge-21.4.3

Tarun Pothulapati
 

Hello Linkerd fans! 🔥 🙏

This edge supersedes `edge-21.4.3` as a release candidate for `stable-2.10.1`!

This release adds support for TrafficSplit `v1alpha2`. Additionally, it includes
improvements to the web and `proxy-init` images.

Full Release Notes
  • Added Support for TrafficSplit `v1alpha2`
  • Changed web base image from debian to scratch
  • Bumped the `proxy-init` image to `v1.3.11` which updates
    the go version to be `1.16.2`
As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks, and have a great day,
Tarun


Announcing Linkerd edge-21.4.2

Matei David
 

Hiya everyone,

We're very pleased to announce our most recent edge release, edge-21.4.2! 🎊

To install, run: curl https://run.linkerd.io/install-edge | sh 

This edge release is another candidate for stable-2.10.1! It includes some CLI fixes and addresses an issue where the outbound proxy would forward traffic to the wrong pod when running in ingress mode.

  • Fixed an issue in linkerd inject where the wrong annotation would be added when using --ingress flag
  • Fixed a nil pointer dereference in linkerd repair caused by a mismatch between CLI and server versions
  • Removed an unnecessary error handling condition in multicluster check (thanks @wangchenglong01!)
  • Fixed a caching issue in the outbound proxy that would cause it to forward traffic to the wrong pod when running in ingress mode.
  • Removed unsupported matches field from TrafficSplit CRD

Thank you to all of our users that have helped test and identify issues in 2.10! 🔥

As always, let us know what you think, send us all of your comments and questions and don't hesitate to open up some issues on GitHub! 

---

Matei


Announcing Linkerd edge-21.4.1

Kevin Leimkuhler
 

Hey Linkerd fans,

We have another Linkerd edge release! The latest stable release is stable-2.10.0.

To install this release, run: curl https://run.linkerd.io/install-edge | sh

This is a release candidate for stable-2.10.1! It includes several fixes for the core installation as well the Multicluster, Jaeger, and Viz extensions. There are two significant proxy fixes that address TLS detection and admin server failures.

Thanks to all our 2.10 users who helped discover these issues!

  • Fixed TCP read and write bytes/sec calculations to group by label based off inbound or outbound traffic
  • Updated dashboard build to use webpack v5
  • Modified the proxy-injector to add the opaque ports annotation to pods if their namespace has it set
  • Added CA certs to the Viz extension's metrics-api container so that it can validate the certifcate of an external Prometheus
  • Fixed an issue where inbound TLS detection from non-meshed workloads could break
  • Fixed an issue where the admin server's HTTP detection would fail and not recover; these are now handled gracefully and without logging warnings
  • Aligned the Helm installation heartbeat schedule to match that of the CLI
  • Fixed an issue with Multicluster's serivce mirror where it's endpoint repair retries were not properly rate limited
  • Removed components from the control plane dashboard that now are part of the Viz extension
  • Fixed components in the Jaeger extension to set the correct Prometheus scrape values

As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks!
Kevin


Announcing Linkerd edge-21.3.4

Tarun Pothulapati
 

Hello Linkerd fans! 🔥 🙏

We have an another Linkerd edge release this week! The latest stable release is stable-2.10.

To install this release, run: curl https://run.linkerd.io/install-edge | sh

This release fixes some issues around publishing of CLI binary
for Apple Silicon M1 Chips. This release also includes some fixes and
improvements to the dashboard, destination, and the CLI.

Full Release Notes
  • Fixed an issue where the topology graph in the dashboard was no longer
     draggable
  • Updated the IP Watcher in destination to ignore pods in "Terminating" state
    (thanks @Wenliang-CHEN!)
  • Added `installNamespace` toggle in the jaeger extension's install.
    (thanks @jijeesh!)
  • Updated `healthcheck` pkg to have `hintBaseURL` configurable, useful
    for external extensions using that pkg
  • Added multi-arch support for RabbitMQ integration tests (thanks @barkardk!)
As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks, and have a great day,
Tarun


Announcing Linkerd edge-21.3.3

Dennis Adjei-Baah
 

Hey Linkerd-ers!

We're pleased to announce that Linkerd edge-21.3.3 has been released! 🎉

To install this release, run: curl https://run.linkerd.io/install-edge | sh

This release includes various bug fixes and improvements to the CLI, the
identity and destination control plane components as well as the proxy. This
release also ships with a new CLI binary for Apple Silicon M1 chips.

  • Added new RabbitMQ integration tests (thanks @barkardk!)
  • Updated the Go version to 1.16.2
  • Fixed an issue where the linkerd identity command returned the root
    certificate of a pod instead of its leaf certificate
  • Fixed an issue where the destination service would respond with too big of a 
    header and result in http2 protocol errors
  • Updated the release process to build Linkerd CLI binaries for Apple Silicon 
    M1 chips
  • Improved error messaging when trying to install Linkerd on a cluster that 
    already had Linkerd installed
  • Fixed an issue where the destination control plane component sometimes
    returned endpoint addresses with a 0 port number while pods were
    undergoing a rollout (thanks @riccardofreixo!)
  • Added a loading spinner to the linkerd check command when running extension
    checks
  • Fixed an issue where pod lookups by host IP and host port fail even though
    the cluster has a matching pod
  • Control plane proxies no longer emit warnings about the resolution stream
    ending. This error was innocuous.
  • Fixed an issue where proxies could infinitely retry failed requests to the
    destination controller when it returned a FailedPrecondition
  • The proxy's logging infrastructure has been updated to reduce memory pressure
    in high-connection environments.

As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks!
--Dennis


Announcing Linkerd stable-2.10.0

Alex Leong
 

It's finally here!

We're overjoyed to announce a huge new stable release stable-2.10.0!

This release introduces Linkerd extensions. The default control plane no longer
includes Prometheus, Grafana, the dashboard, or several other components that
previously shipped by default. This results in a much smaller and simpler set
of core functionalities. Visibility and metrics functionality is now available
in the Viz extension under the linkerd viz command. Cross-cluster
communication functionality is now available in the Multicluster extension
under the linkerd multicluster command. Distributed tracing functionality is
now available in the Jaeger extension under the linkerd jaeger command.

This release also introduces the ability to mark certain ports as "opaque",
indicating that the proxy should treat the traffic as opaque TCP instead of
attempting protocol detection. This allows the proxy to provide TCP metrics
and mTLS for server-speaks-first protocols. It also enables support for
TCP traffic in the Multicluster extension.

To install this release, run:

For upgrading to this release, please see the upgrade instructions.

Full release notes:
  • Proxy

    • Updated the proxy to use TLS version 1.3; support for TLS 1.2 remains
      enabled for compatibility with prior proxy versions
    • Improved support for server-speaks-first protocols by allowing ports to be
      marked as opaque, causing the proxy to skip protocol detection. Ports can
      be marked as opaque by setting the config.linkerd.io/opaque-ports
      annotation on the Pod and Service or by using the --opaque-ports flag with
      linkerd inject
    • Ports 25,443,587,3306,5432,11211 have been removed from the default skip
      ports; all traffic through those ports is now proxied and handled opaquely
      by default
    • Fixed an issue that could cause proxies in "ingress mode"
      (linkerd.io/inject: ingress) to use an excessive amount of memory
    • Improved diagnostic logging around "fail fast" and "max-concurrency
      exhausted" error messages
    • Added a new /shutdown admin endpoint that may only be accessed over the
      loopback network allowing batch jobs to gracefully terminate the proxy on
      completion
  • Control Plane

    • Removed all components and functionality related to visibility, tracing,
      or multicluster. These have been moved into extensions
    • Changed the identity controller to receive the trust anchor via environment
      variable instead of by flag; this allows the certificate to be loaded from a
      config map or secret (thanks @mgoltzsche!)
    • Added PodDisruptionBudgets to the control plane components so that they
      cannot be all terminated at the same time during disruptions
      (thanks @tustvold!)
  • CLI

    • Changed the check command to include each installed extension's check
      output; this allows users to check for proper configuration and installation
      of Linkerd without running a command for each extension
    • Moved the metrics, endpoints, and install-sp commands into subcommands
      under the diagnostics command
    • Added an --opaque-ports flag to linkerd inject to easily mark ports
      as opaque.
    • Added the repair command which will repopulate resources needed for
      properly upgrading a Linkerd installation
    • Added Helm-style set, set-string, values, set-files customization
      flags for the linkerd install and linkerd upgrade commands
    • Introduced the linkerd identity command, used to fetch the TLS certificates
      for injected pods (thanks @jimil749)
    • Removed the get and logs command from the CLI
  • Helm

    • Changed many Helm values, please see the upgrade notes
  • Viz

    • Introduced the linkerd viz subcommand which contains commands for
      installing the viz extension and all visibility commands
    • Updated the Web UI to only display the "Gateway" sidebar link when the
      multicluster extension is active
    • Added a linkerd viz list command to list pods with tap enabled
    • Fixed an issue where the tap APIServer would not refresh its certs
      automatically when provided externally—like through cert-manager
  • Multicluster

    • Introduced the linkerd multicluster subcommand which contains commands for
      installing the multicluster extension and all multicluster commands
    • Added support for cross-cluster TCP traffic
    • Updated the service mirror controller to copy the
      config.linkerd.io/opaque-ports annotation when mirroring services so that
      cross-cluster traffic can be correctly handled as opaque
    • Added support for multicluster gateways of types other than LoadBalancer
      (thanks @DaspawnW!)
  • Jaeger

    • Introduced the linkerd jaeger subcommand which contains commands for
      installing the jaeger extension and all tracing commands
    • Added a linkerd jaeger list command to list pods with tracing enabled
As always, we're excited to hear your feedback! Please try out the new release and send questions/comments to us on this mailing list, and bugs via GitHub.


Announcing Linkerd edge-21.3.2

Kevin Leimkuhler
 

Hey everyone!

We have another Linkerd edge release! The latest stable release is stable-2.9.4.

To install this release, run: curl https://run.linkerd.io/install-edge | sh

This edge release is another release candidate for stable 2.10 and fixes some final bugs found in testing. A big thank you to users who have helped us identity these issues!

  • Fixed an issue with the service profile validating webhook that prevented service profiles from being added or updated
  • Updated the check command output hint anchors to match Linkerd component names
  • Fixed a permission issue with the Viz extension's tap admin cluster role by adding namespace listing to the allowed actions
  • Fixed an issue with the proxy where connections would not be torn down when communicating with a defunct endpoint
  • Improved diagnostic logging in the proxy
  • Fixed an issue with the Viz extension's Prometheus template that prevented users from specifying a log level flag for that component (thanks @n-oden!)
  • Fixed a template parsing issue that prevented users from specifying additional ignored inbound parts through Helm's --set flag
  • Fixed an issue with the proxy where non-HTTP streams could sometimes hang due to TLS buffering

As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks!
Kevin


Announcing Linkerd2 edge-21.3.1

Alejandro Pedraza
 

Dear Linkerd connoisseurs,
We're very pleased to announce that Linkerd2-edge-21.3.1 has been released! 🎉
To install this edge release, run:
curl https://run.linkerd.io/install-edge | sh

This edge release is another release candidate, bringing us closer to
stable-2.10.0! It fixes the Helm install/upgrade procedure and ships some new
CLI commands, among other improvements.

  • Fixed Helm install/upgrade, which was failing when not explicitly setting
    proxy.image.version
  • Added a warning in the dashboard when viewing tap streams from resources that
    don't have tap enabled
  • Added the command linkerd viz list to list meshed pods and indicate which can
    be tapped, which need to be restarted before they can be tapped, and which
    have tap disabled
  • Similarly, added the command linkerd jaeger list to list meshed pods and
    indicate which will participate in tracing
  • Added the --opaque-ports flag to linkerd inject to specify the list of
    opaque ports when injecting pods (and services)
  • Simplified the output of linkerd jaeger check, combining the checks for the
    status of each component into a single check
  • Changed the destination component to receive the list of default opaque ports
    set during install so that it's properly reflected during discovery
  • Moved the level of the proxy server's I/O-related "Connection closed" messages
    from info to debug, which were not providing actionable information


As always, we're excited to hear your feedback! Please try out the new release and send questions/comments to us on this mailing list, and bugs via GitHub.

--Alejandro


Announcing Linkerd edge-21.2.4

Kevin Leimkuhler
 

Hey everyone!

We have another Linkerd edge release! The latest stable release is stable-2.9.4.

To install this release, run: curl https://run.linkerd.io/install-edge | sh

Note: We are aware of helm upgrade issues with this edge release and will fix them early next week.

This edge is a release candidate for stable-2.10.0! It wraps up the functional changes planned for the upcoming stable release. We hope you can help us test this in your staging clusters so that we can address anything unexpected before an official stable.

This release introduces support for CLI extensions. The Linkerd check command will now invoke each extension's check command so that users can check the health of their Linkerd installation and extensions with one command. Additional documentation will follow for developers interested in creating extensions.

Additionally, there is no longer a default list of ports skipped by the proxy. These ports have been moved to opaque ports, meaning protocols like MySQL will be encrypted by default and without user input.

  • Cleaned up entries in values.yaml by removing do not edit entries; they are now hardcoded in the templates
  • Added the count of service profiles installed in a cluster to the Heartbeat metrics
  • Fixed CLI commands which would unnecessarily print usage instructions after encountering API errors (thanks @piyushsingariya!)
  • Fixed the install command so that it errors after detecting there is an existing Linkerd installation in the cluster
  • Changed the identity controller to receive the trust anchor via environment variable instead of by flag; this allows the certificate to be loaded from a config map or secret (thanks @mgoltzsche!)
  • Updated the proxy to use TLS version 1.3; support for TLS 1.2 remains enabled for compatibility with prior proxy versions
  • The opaque ports annotation is now supported on services and enables users to use this annotation on mirrored services in multicluster installations
  • Reverted the renaming of the mirror.linkerd.io label
  • Ports 25,443,587,3306,5432,11211 have been removed from the default skip ports; all traffic through those ports is now proxied and handled opaquely by default
  • Errors configuring the firewall in CNI are propagated so that they can be handled by the user
  • Removed Viz extension warnings from the check --proxy command when tap is not configured for pods; this is now handled by the viz tap command
  • Added support for CLI extensions as well as ensuring their check commands are invoked by Linkerd's check command
  • Moved the metricsendpoints, and install-sp commands into subcommands under the diagnostics command.
  • Removed the linkerd- prefix from non-cluster scoped resources in the Viz and Jaeger extensions
  • Added the linkerd-await helper to all Linkerd containers so that the proxy can initialize before the components start making outbound connections
  • Removed the tcp_connection_duration_ms histogram from the metrics export to fix high cardinality issues that surfaced through high memory usage

As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks!
Kevin


Announcing Linkerd2 stable-2.9.4

Alejandro Pedraza
 

Dear Linkerd fans,
We're very pleased to announce that Linkerd2-stable-2.9.4 has been released! 🎉
To install this stable release, run:
curl https://run.linkerd.io/install | sh

This stable release fixes an issue that prevented the proxy from being able to
speak HTTP/1 with older versioned proxies (announced in 2.9.3 but the fix wasn't
actually included).

  • Fixed an issue that could cause the inbound proxy to fail meshed HTTP/1
    requests from older proxies (from the stable-2.8.x vintage)
  • Fixed linkerd install command so that it can properly detect and avoid
    overwriting already installed linkerd instances from versions previous to 2.9
  • Docker images are now hosted on the cr.l5d.io registry
  • Updated base docker images to buster-20210208-slim

As always, we're excited to hear your feedback! Please try out the new release and send questions/comments to us on this mailing list, and bugs via GitHub.

--Alejandro


Announcing Linkerd edge-21.2.3

Oliver Gould
 

Linkerdudes & Linkerdudettes-

It's my pleasure to announce the latest Linkerd edge release, edge-21.2.3

To install this release, run:

This release wraps up most of the functional changes planned for the upcoming stable-2.10.0 release. Try this edge release in your staging cluster and let us know if you see anything unexpected!
  • Breaking change: Changed the multicluster Service-export annotation from mirror.linkerd.io/exported to multicluster.linkerd.io/export
  • Updated the proxy-injector to to set the config.linkerd.io/opaque-ports annotation on newly-created Service objects when the annotation is set on its parent Namespace
  • Updated the proxy-injector to ignore pods that have disabled automountServiceAccountToken (thanks @jimil749)
  • Updated the proxy to log warnings when control plane components are unresolveable
  • Updated the Destination controller to cache node topology metadata (thanks @fpetkovski)
  • Updated the CLI to handle API errors without printing the CLI usage (thanks @piyushsingariya)
  • Updated the Web UI to only display the "Gateway" sidebar link when the multicluster extension is active
  • Fixed the Web UI on Chrome v88 (thanks @kellycampbell)
  • Improved install and uninstall behavior for extensions to prevent control-plane components from being left in a broken state
  • Docker images are now hosted on the cr.l5d.io registry
  • Updated base docker images to buster-20210208-slim
  • Updated the Go version to 1.14.15
  • Updated the proxy to prevent outbound connections to localhost to protect against traffic loops


Oliver Gould <ver@...>


Announcing Linkerd edge-21.2.2

Kevin Leimkuhler
 

Hey Linkerd fans!

We have another Linkerd edge release! The latest stable release is stable-2.9.3.

To install this release, run: curl https://run.linkerd.io/install-edge | sh

This edge release introduces support for multicluster TCP!

The repair command was added which will repopulate resources needed for upgrading from a 2.9.x installation. There will be an error message during the upgrade process indicating that this command should be run so that users do not need to guess.

Lastly, it contains a breaking change for Helm users. The global field has been removed from the Helm chart now that it is no longer needed. Users will need to pass in the identity certificates again—along with any other customizations, no longer rooted at global.

Breaking change: Removed the global field from the Linkerd Helm chart now that it is unused because of the extension model
* Added the repair command which will repopulate resources needed for properly upgrading a Linkerd installation
* Fixed the spelling of the sidecarContainers key in the Viz extension Helm chart to match that of the template (thanks @n-oden!)
* Added the tapInjector.logLevel key to the Viz extension helm chart so that the log level of the component can be configured
* Removed the --disable-tap flag from the inject command now that tap is no longer part of the core installation (thanks @mayankshah1607!)
* Changed proxy configuration to use fully-qualified DNS names to avoid extra search paths in DNS resolutions
* Changed the check command to include each installed extension's check output; this allows users to check for proper configuration and installation of Linkerd without running a command for each extension
* Added proxy support for TCP traffic to the multicluster gateways

As always, we're excited to hear your feedback. Please try the new release and send questions/comments to this mailing list, and report bugs via GitHub.

Thanks!
Kevin


Announcing Linkerd stable-2.9.3

Alex Leong
 

Dear Linkerd-ers,

We're very pleased to announce a new stable release stable-2.9.3!

This stable release fixes an issue that prevented the proxy from being able
to speak HTTP/1 with older versioned proxies. It also fixes an issue where the
linkerd-config-overrides secret would be deleted during upgrade and provides
a linkerd repair command for restoring it if it has been deleted.

To install this release, run:

Full release notes:
  • Fixed an issue that could cause the inbound proxy to fail meshed HTTP/1 requests from older proxies (from the stable-2.8.x vintage)
  • Fixed an issue where the Linkerd webhooks and apiservices would not refresh their certs automatically when provided externally — like through cert-manager
  • Added missing label linkerd.io/control-plane-ns to the linkerd-config-overrides secret to prevent it from being pruned during upgrades
  • Added linkerd repair command to restore the linkerd-config-overrides secret if it has been pruned
  • Added port 5432 which is used by Amazon RDS and Postgres to the default list of skipped ports
As always, we're excited to hear your feedback! Please try out the new release and send questions/comments to us on this mailing list, and bugs via GitHub.


Announcing Linkerd2 edge-21.2.1

Alejandro Pedraza
 

Dear Linkerd aficionados,
We're very pleased to announce that Linkerd2-edge-21.2.1 has been released! 🎉
To install this edge release, run:
curl https://run.linkerd.io/install-edge | sh

This edge release continues improving the proxy's diagnostics and also avoids
timing out when the HTTP protocol detection fails. Additionally, old resource
versions were upgraded to avoid warnings in k8s v1.19. Finally, it comes with
lots of CLI improvements detailed below.

  • Improved the proxy's diagnostic metrics to help us get better insights into
    services that are in fail-fast
  • Improved the proxy's HTTP protocol detection to prevent timeout errors
  • Upgraded CRD and webhook config resources to get rid of warnings in k8s v1.19
    (thanks @mateiidavid!)
  • Added viz components into the Linkerd Health Grafana charts
  • Had the tap injector add a viz.linkerd.io/tap-enabled annotation when
    injecting a pod, which allowed providing clearer feedback for the linkerd tap command
  • Had the jaeger injector add a jaeger.linkerd.io/tracing-enabled annotation
    when injecting a pod, which also allowed providing better feedback for the
    linkerd jaeger check command
  • Improved the linkerd uninstall command so it fails gracefully when there
    still are injected resources in the cluster (a --force flag was provided
    too)
  • Moved the linkerd profile --tap functionality into a new command linkerd viz profile --tap, given tap now belongs to the viz extension
  • Expanded the linkerd viz check command to include data-plane checks
  • Cleaned-up YAML in templates that was incompatible with SOPS (thanks
    @tkms0106!)

As always, we're excited to hear your feedback! Please try out the new release and send questions/comments to us on this mailing list, and bugs via GitHub.

--Alejandro


Re: Announcing Linkerd2 edge-20.12.4

Alex Leong
 

A quick correction: the version we released yesterday was edge-21.1.4.  Sorry for the confusion!

On Thu, Jan 28, 2021 at 3:37 PM Alex Leong <alex@...> wrote:
Dear Linkerd-ers,

We're very pleased to announce that Linkerd2 edge-20-12.4 has been released!

This edge release continues to polish the Linkerd extension model and improves
the robustness of the opaque transport.

To install this edge release, run:
curl https://run.linkerd.io/install-edge | sh

Full release notes:
  • Improved the consistency of behavior of the check commands between
    Linkerd extensions
  • Fixed an issue where Linkerd extension commands could be run before the
    extension was fully installed
  • Renamed some extension Helm charts for consistency:
    • jaeger -> linkerd-jaeger
    • linkerd2-multicluster -> linkerd-multicluster
    • linkerd2-multicluster-link -> linkerd-multicluster-link
  • Fixed an issue that could cause the inbound proxy to fail meshed HTTP/1
    requests from older proxies (from the stable-2.8.x vintage)
  • Changed opaque-port transport to be advertised via ALPN so that new proxies
    will not initiate opaque-transport connections to proxies from prior edge
    releases
  • Added inbound proxy transport metrics with tls="passhtru" when forwarding
    non-mesh TLS connections
  • Thanks to @hs0210 for adding new unit tests!
As always, we're excited to hear your feedback! Please try out the new release and send questions/comments to us on this mailing list, and bugs via GitHub.


Announcing Linkerd2 edge-20.12.4

Alex Leong
 

Dear Linkerd-ers,

We're very pleased to announce that Linkerd2 edge-20-12.4 has been released!

This edge release continues to polish the Linkerd extension model and improves
the robustness of the opaque transport.

To install this edge release, run:
curl https://run.linkerd.io/install-edge | sh

Full release notes:
  • Improved the consistency of behavior of the check commands between
    Linkerd extensions
  • Fixed an issue where Linkerd extension commands could be run before the
    extension was fully installed
  • Renamed some extension Helm charts for consistency:
    • jaeger -> linkerd-jaeger
    • linkerd2-multicluster -> linkerd-multicluster
    • linkerd2-multicluster-link -> linkerd-multicluster-link
  • Fixed an issue that could cause the inbound proxy to fail meshed HTTP/1
    requests from older proxies (from the stable-2.8.x vintage)
  • Changed opaque-port transport to be advertised via ALPN so that new proxies
    will not initiate opaque-transport connections to proxies from prior edge
    releases
  • Added inbound proxy transport metrics with tls="passhtru" when forwarding
    non-mesh TLS connections
  • Thanks to @hs0210 for adding new unit tests!
As always, we're excited to hear your feedback! Please try out the new release and send questions/comments to us on this mailing list, and bugs via GitHub.

1 - 20 of 274