Skip to content

Releases: linkerd/linkerd2

edge-24.7.5

26 Jul 19:14
a9fa176
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

N/A

Changes

This release supports Server-scoped default policy, policy audit mode, GRPCRoute, and new retry and timeout configuration (including for Gateway API resources)!

Server-scoped default policy

Server resources now have an accessPolicy field that will override the default inbound policy for any traffic associated with that Server. (The default accessPolicy is deny, for compatibility with previous releases.)

Policy audit mode

Both default inbound policy and Server accessPolicy can now be set to audit in order to allow traffic to flow, but log anything that would be denied. In the proxy's logs, you'll see INFO level logs with the tag authz.name=audit. In metrics (such as request_total) you'll see the label authz_name=audit.

GRPCRoute

edge-24.7.5 includes support for the Gateway API GRPCRoute resource. Remember that starting with edge-24.5.2, if you don't set enableHttpRoutes to false when installing, Linkerd will install the grpcroute.gateway.networking.k8s.io CRD into your cluster and remove it when Linkerd is uninstalled.

Retries

Starting in this release, you can use the retry.linkerd.io/http annotation on Service or HTTPRoute resources to enable HTTP retries. The value of this annotation is a comma-separated list of HTTP statuses to retry on (for example "502-504,511"). "5xx" is shorthand for any of the 5xx status codes, and gateway-error is shorthand for "502-504".

You can also use the retry.linkerd.io/grpc annotation on Service or GRPCRoute resources to enable gRPC retries. The value of this annotation is a comma-separated list of gRPC results to retry on (for example "cancelled,deadline-exceeded").

These are counted retries, unlike Linkerd's typical budgeted retries. Use the retry.linkerd.io/limit annotation to set the maximum number of retries, and the retry.linkerd.io/timeout annotation to set how long Linkerd will give a request before cancelling it and retrying.

Timeouts

Finally, you can configure timeouts on Service, HTTPRoute, and GRPCRoute with annotations. timeout.linkerd.io/request and timeout.linkerd.io/response set timeouts for processing the request and receiving the response; timeout.linkerd.io/idle sets the idle timeout. All currently allow values similar to GEP-2257 Duration strings, but allowing only a single unit (for example, 1500ms or 90s are allowed, but 1s500ms and 1m30s are not).

What's Changed

Full Changelog: edge-24.7.4...edge-24.7.5

edge-24.7.4

25 Jul 16:54
9a6c1f5
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

N/A

Changes

This release correctly supports IPv6 in the Linkerd CNI network-validator and repair-controller containers, and continues ongoing authorization policy work and upcoming GRPCRoute support.

What's Changed

  • build(deps): bump k8s.io/endpointslice from 0.30.2 to 0.30.3 by @dependabot in #12860
  • Add accessPolicy field to Server CRD by @alpeb in #12845
  • build(deps): bump github.com/mattn/go-runewidth from 0.0.15 to 0.0.16 by @dependabot in #12876
  • build(deps): bump tj-actions/changed-files from 44.5.5 to 44.5.6 by @dependabot in #12862
  • build(deps): bump openssl from 0.10.64 to 0.10.66 by @dependabot in #12870
  • build(deps): bump clap from 4.5.9 to 4.5.10 by @dependabot in #12878
  • build(deps): bump tokio from 1.38.1 to 1.39.1 by @dependabot in #12877
  • build(deps): bump softprops/action-gh-release from 2.0.7 to 2.0.8 by @dependabot in #12861
  • Configure network-validator and repair-controller to work with IPv6 by @alpeb in #12874
  • build(deps): bump cc from 1.1.5 to 1.1.6 by @dependabot in #12872
  • build(deps-dev): bump webpack from 5.92.1 to 5.93.0 in /web/app by @dependabot in #12865
  • proxy: v2.242.0 by @l5d-bot in #12880
  • build(deps-dev): bump eslint-plugin-promise from 6.4.0 to 6.5.1 in /web/app by @dependabot in #12869
  • build(deps): bump @fortawesome/free-regular-svg-icons from 6.5.2 to 6.6.0 in /web/app by @dependabot in #12868
  • Trigger policy tests on Rust files changes by @alpeb in #12881
  • proxy: v2.243.0 by @l5d-bot in #12886
  • build(deps): bump github.com/linkerd/linkerd2-proxy-api from 0.13.1 to 0.14.0 by @dependabot in #12882
  • build(deps-dev): bump eslint-plugin-react from 7.34.4 to 7.35.0 in /web/app by @dependabot in #12866
  • build(deps): bump @fortawesome/fontawesome-svg-core from 6.5.2 to 6.6.0 in /web/app by @dependabot in #12867

Full Changelog: edge-24.7.3...edge-24.7.4

edge-24.7.3

18 Jul 22:03
75521f9
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

N/A

Changes

Updates the documentation on what networkValidator.connectAddr in the Helm chart means (thanks, @djryanj!) and continues ongoing authorization policy work.

What's Changed

  • Clarifies documentation on connectAddr (helm chart) by @djryanj in #12827
  • build(deps): bump bytes from 1.6.0 to 1.6.1 by @dependabot in #12840
  • build(deps): bump cc from 1.1.0 to 1.1.5 by @dependabot in #12841
  • build(deps-dev): bump @babel/runtime from 7.24.7 to 7.24.8 in /web/app by @dependabot in #12835
  • build(deps-dev): bump eslint-plugin-react from 7.34.3 to 7.34.4 in /web/app by @dependabot in #12836
  • build(deps-dev): bump @babel/eslint-parser from 7.24.7 to 7.24.8 in /web/app by @dependabot in #12837
  • build(deps-dev): bump @babel/preset-env from 7.24.7 to 7.24.8 in /web/app by @dependabot in #12839
  • build(deps-dev): bump @babel/core from 7.24.7 to 7.24.9 in /web/app by @dependabot in #12843
  • build(deps): bump tokio from 1.38.0 to 1.38.1 by @dependabot in #12850
  • proxy: v2.241.0 by @l5d-bot in #12849
  • New "audit" value for default inbound policy by @alpeb in #12844
  • build(deps): bump security-framework-sys from 2.11.0 to 2.11.1 by @dependabot in #12842
  • build(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.7 by @dependabot in #12859
  • build(deps): bump prometheus-client from 0.22.2 to 0.22.3 by @dependabot in #12857
  • build(deps): bump thiserror from 1.0.62 to 1.0.63 by @dependabot in #12856
  • build(deps): bump k8s.io/kube-aggregator from 0.30.2 to 0.30.3 by @dependabot in #12855
  • build(deps): bump k8s.io/apiextensions-apiserver from 0.30.2 to 0.30.3 by @dependabot in #12851

New Contributors

Full Changelog: edge-24.7.2...edge-24.7.3

edge-24.7.2

15 Jul 13:48
e8de4a7
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

N/A

Changes

This release bumps dependencies but has no functional changes from edge-24.7.1.

What's Changed

Full Changelog: edge-24.7.1...edge-24.7.2

edge-24.7.1

04 Jul 04:11
2142e7b
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

N/A

Changes

This release continues work on upcoming GRPCRoute support and removes the empty shortnames fields from the ExternalWorkload CRD.

What's Changed

Full Changelog: edge-24.6.4...edge-24.7.1

edge-24.6.4

27 Jun 15:18
9391664
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

It's no longer possible or necessary to explicitly set proxy-init's resource requests or limits; see the Changes section for more information.

Changes

This release changes the proxy-init container to always request the same amount of memory and CPU as the proxy itself, and removes the ability to explicitly set proxy-init's requests because there's now no need to do so. (This doesn't increase the resources required for the pod as a whole, because the proxy-init container completes before the proxy starts, letting the proxy reuse resources requested by the proxy-init container.) It also continues work on upcoming GRPCRoute support. Finally, if proxy.logHTTPHeaders is somehow empty, it correctly defaults to "off".

What's Changed

Full Changelog: edge-24.6.3...edge-24.6.4

edge-24.6.3

20 Jun 21:32
5dee833
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

N/A

Changes

This release adds the linkerd.io/control-plane-ns label to the ext-namespace-metadata-linkerd-config Role, for parity with the other resources created when installing Linkerd.

What's Changed

Full Changelog: edge-24.6.2...edge-24.6.3

edge-24.6.2

14 Jun 17:16
35fb2d6
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

This release includes one breaking change: the proxy's /shutdown endpoint is now disabled by default. See Changes for how to reenable it.

Changes

This release disables the proxy's /shutdown endpoint by default; it can be reenabled by using --set proxy.enableShutdownEndpoint=true when installing or upgrading. Beyond that, it fixes several bugs: EndpointSlices with no hostname field are supported (thanks, Adrian Callejas!), DNS resolution errors are correctly logged (and the resolver's log level can be configured), the proxy's administration endpoints function correctly on systems using IPv4-mapped IPv6, and the init container and CNI plugin will not attempt to start on systems that configure IPv6 but don't support ip6tables. Finally, it supports controlling whether or not HTTP headers are logged in debug output (with the default being "not"), JSON output for the link, unlink, allow, and allow-scrapes CLI commands, and fixes a typo in the output of linkerd diagnostics (thanks, John Howard!)

What's Changed

New Contributors

Full Changelog: edge-24.6.1...edge-24.6.2

edge-24.6.1

10 Jun 17:47
a91542f
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

N/A

Changes

This release adds support for JSON output to linkerd install and related commands.

What's Changed

Full Changelog: edge-24.5.5...edge-24.6.1

edge-24.5.5

31 May 15:13
4fc902f
Compare
Choose a tag to compare

RECOMMENDED

Overall status: RECOMMENDED

Cautions

In this release, IPv6 is off by default for the entire control plane. To use IPv6, you'll need to explicitly set it -- see the Changes section below.

Changes

This release switches IPv6 off by default for the entire control plane, including the Linkerd CNI plugin. Set disableIPv6 to false to enable IPv6.

What's Changed

Full Changelog: edge-24.5.4...edge-24.5.5