Releases: linkerd/linkerd2
edge-24.11.7
Overall status: RECOMMENDED
Cautions
N/A
Changes
This release removes the initial delay for the policy controller, allowing for faster control-plane startups, quietens the policy controller's reconciliation logs, and adds logging to make it clear which policy-controller pod is responsible for updating statuses.
What's Changed
Full Changelog: edge-24.11.6...edge-24.11.7
Contributors
Assets 14
edge-24.11.6
Overall status: NOT RECOMMENDED, use edge-24.11.7 instead
Cautions
edge-24.11.6 has been superseded by edge-24.11.7.
Changes
edge-24.11.6 has been superseded by edge-24.11.7.
What's Changed
- Add federated service e2e test by @adleong in #13352
- build(deps): bump @fortawesome/free-regular-svg-icons from 6.6.0 to 6.7.1 in /web/app by @dependabot in #13381
- build(deps): bump k8s.io/apiextensions-apiserver from 0.31.2 to 0.31.3 by @dependabot in #13366
- build(deps): bump @fortawesome/fontawesome-svg-core from 6.6.0 to 6.7.1 in /web/app by @dependabot in #13383
- build(deps): bump @fortawesome/free-solid-svg-icons from 6.6.0 to 6.7.1 in /web/app by @dependabot in #13382
- fix(policy): remove readiness probe delay by @olix0r in #13380
- chore(policy): polish logging by @olix0r in #13379
- ci(multicluster): increase federated test timeout by @olix0r in #13393
- chore(policy): run status reconcilation at fixed interval by @olix0r in #13384
- fix(policy): ensure status controller honors leader expiry by @olix0r in #13392
- chore(policy): set an informative field manager on patches by @olix0r in #13394
- chore(policy): simplify status controller type matching by @olix0r in #13395
Full Changelog: edge-24.11.5...edge-24.11.6
Contributors
Assets 14
edge-24.11.5
Overall status: RECOMMENDED
Cautions
N/A
Changes
In this release, the proxy emits new request_frame_size and response_frame_size metrics with information about TCP frame distributions, correctly accounts for closed connections in route metrics, and fixes a (rare) panic for resources in which managedFields has no timestamp. Additionally, linkerd check checks to be sure that your Link resources match your CLI version, keywords in docker build now use correct cases (thanks, Derek Brown!), and we now test Linkerd on Kubernetes 1.31.
What's Changed
- Add service mirror tests for federated services by @adleong in #13336
- Add tests for federated service watcher by @adleong in #13329
- lint: fix docker build warnings by @DerekTBrown in #13351
- build(deps): bump codecov/codecov-action from 5.0.2 to 5.0.4 by @dependabot in #13354
- policy: add EgressNetwork integration tests for Http Grpc routes by @zaharidichev in #13342
- proxy: v2.266.0 by @l5d-bot in #13353
- policy: Add TCP and TLS route API tests by @zaharidichev in #13348
- build(deps): bump itoa from 1.0.11 to 1.0.13 by @dependabot in #13357
- build(deps): bump proc-macro2 from 1.0.89 to 1.0.90 by @dependabot in #13358
- build(deps): bump codecov/codecov-action from 5.0.4 to 5.0.7 by @dependabot in #13360
- policy: use TLS/TCP filters in new version of proxy API by @zaharidichev in #13362
- proxy: v2.267.0 by @l5d-bot in #13363
- build(deps): bump cpufeatures from 0.2.15 to 0.2.16 by @dependabot in #13370
- build(deps): bump proc-macro2 from 1.0.90 to 1.0.92 by @dependabot in #13369
- build(deps): bump k8s.io/kube-aggregator from 0.31.2 to 0.31.3 by @dependabot in #13365
- ci: update latest k8s version to 1.31 by @olix0r in #13374
- proxy: v2.268.0 by @l5d-bot in #13375
- Add check for link version by @adleong in #13376
- fix(test): ensure that the controller sets rate limit status by @olix0r in #13377
- fix(destination): avoid panic on missing managed fields timestamp by @olix0r in #13378
Full Changelog: edge-24.11.4...edge-24.11.5
Contributors
Assets 14
edge-24.11.4
Overall status: RECOMMENDED
Cautions
N/A
Changes
This release fixes a bug (issue 13327) where Linkerd could constantly re-update the status clause of HTTPRoute if another Gateway API controller was present in the system (thanks Derek Brown!), ensures that all of the proxy-injector's logs are valid JSON when JSON logging is enabled (thanks, Micah See!), and cleans up HTTPRoute validation to make sure that if a backendRef is a Service, it must have a valid port.
What's Changed
- chore(policy): fix HttpLocalRateLimit type casing by @olix0r in #13324
- build(deps): bump cc from 1.2.0 to 1.2.1 by @dependabot in #13331
- build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 by @dependabot in #13330
- build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.0 by @dependabot in #13333
- build(deps): bump DavidAnson/markdownlint-cli2-action from 17.0.0 to 18.0.0 by @dependabot in #13332
- [fix 13327] ignore HTTPRoute .status.parents re-ordering by @DerekTBrown in #13328
- Integration test for rate-limiting by @alpeb in #13326
- feat(policy): check Service port in admission controller by @olix0r in #13325
- build(deps): bump serde_json from 1.0.132 to 1.0.133 by @dependabot in #13340
- Ensure consistent JSON logging for proxy-injector container by @MicahSee in #13335
- build(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /web/app by @dependabot in #13344
- build(deps): bump codecov/codecov-action from 5.0.0 to 5.0.2 by @dependabot in #13341
- build(deps): bump libc from 0.2.162 to 0.2.164 by @dependabot in #13339
- build(deps): bump openssl-src from 300.4.0+3.4.0 to 300.4.1+3.4.0 by @dependabot in #13338
New Contributors
- @DerekTBrown made their first contribution in #13328
- @MicahSee made their first contribution in #13335
Full Changelog: edge-24.11.3...edge-24.11.4
Contributors
Assets 14
edge-24.11.3
Overall status: RECOMMENDED
Cautions
N/A
Changes
edge-24.11.3 brings local rate limiting to Linkerd! Using the new HTTPLocalRateLimitPolicy resource, you can attach rate limits to Servers to protect workloads from being overwhelmed by excessive traffic. Additionally, it improves metrics for TCPRoute and TLSRoute egress control, correctly handles the case where a Route type changes parents (fixing [issue #13280]), allows linkerd diagnostics endpoints to correctly handle workloads with multiple endpoints, and removes unneeded references to linkerd-base from the linkerd-control-plane chart README (thanks, Brandon Ros!).
What's Changed
- Remove empty
shortnames: []from HTTPLocalRateLimitPolicy by @alpeb in #13297 - build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0 by @dependabot in #13302
- build(deps): bump tj-actions/changed-files from 45.0.3 to 45.0.4 by @dependabot in #13304
- build(deps): bump allocator-api2 from 0.2.18 to 0.2.19 by @dependabot in #13301
- build(deps): bump security-framework-sys from 2.12.0 to 2.12.1 by @dependabot in #13298
- build(deps-dev): bump @babel/core from 7.25.8 to 7.26.0 in /web/app by @dependabot in #13296
- build(deps): bump golang.org/x/tools from 0.26.0 to 0.27.0 by @dependabot in #13303
- build(deps): bump allocator-api2 from 0.2.19 to 0.2.20 by @dependabot in #13309
- HTTPLocalRateLimitPolicy validator by @alpeb in #13251
- build(deps): bump cc from 1.1.36 to 1.2.0 by @dependabot in #13312
- build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 by @dependabot in #13311
- proxy: v2.264.0 by @l5d-bot in #13316
- proxy: v2.265.0 by @l5d-bot in #13319
- build(deps): bump serde from 1.0.214 to 1.0.215 by @dependabot in #13308
- build(deps): bump cpufeatures from 0.2.14 to 0.2.15 by @dependabot in #13307
- Implement status handling for HTTPLocalRateLimitPolicy CRD by @alpeb in #13314
- build(deps): bump clap from 4.5.20 to 4.5.21 by @dependabot in #13322
- build(deps): bump clap_lex from 0.7.2 to 0.7.3 by @dependabot in #13321
- build(deps): bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 by @dependabot in #13320
- Allow diagnostics endpoints command to receive more than one message by @adleong in #13285
- remove linkerd-base references by @brandonros in #13323
- Update outbound policy watches when routes change parents by @adleong in #13315
New Contributors
- @brandonros made their first contribution in #13323
Full Changelog: edge-24.11.2...edge-24.11.3
Contributors
Assets 14
edge-24.11.2
Overall status: NOT RECOMMENDED, use edge-24.11.3 instead
Cautions
linkerd diagnostics endpoints may not correctly show all endpoints for federated Services. We recommend using edge-24.11.3 instead, which fixes this issue.
Changes
edge-24.11.2 brings federated Services to Linkerd multicluster setups! Every federated Service appears exactly the same from every cluster (rather than having names like svc-cluster) and Linkerd seamlessly handles everything to gather the relevant endpoints from all clusters, without requiring application changes or HTTPRoute configuration.
What's Changed
- build(deps): bump cc from 1.1.35 to 1.1.36 by @dependabot in #13275
- build(deps): bump anyhow from 1.0.92 to 1.0.93 by @dependabot in #13281
- build(deps-dev): bump webpack from 5.95.0 to 5.96.1 in /web/app by @dependabot in #13260
- proxy: v2.262.0 by @l5d-bot in #13283
- proxy: v2.263.1 by @l5d-bot in #13286
- build(deps): bump tokio from 1.41.0 to 1.41.1 by @dependabot in #13289
- build(deps): bump libc from 0.2.161 to 0.2.162 by @dependabot in #13288
- build(deps): temporarily pin linkerd2-proxy-api to main by @olix0r in #13290
- Add federated service watcher by @adleong in #13267
- Add support for federated services to the service mirror controller by @adleong in #13269
- Remove duplicate variable by @adleong in #13291
- chore(ci): increase multicluster test timeout by @olix0r in #13293
- chore(just): increase mc test timeout by @olix0r in #13294
- feat(destination): set parent and profile references by @olix0r in #13292
- Add HTTPLocalRateLimitPolicy support by @alpeb in #13231
Full Changelog: edge-24.11.1...edge-24.11.2
Contributors
Assets 14
edge-24.11.1
Overall status: RECOMMENDED
Cautions
N/A
Changes
edge-24.11.1 brings egress monitoring and control to Linkerd! Using the new EgressNetwork CRD as a parentRef for an HTTPRoute, GRPCRoute, TCPRoute, or TLSRoute, you can see which workloads are making egress calls and set policy on what's allowed and what isn't.
What's Changed
- build(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 by @dependabot in #13254
- build(deps): bump thiserror from 1.0.65 to 1.0.66 by @dependabot in #13253
- build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 by @dependabot in #13252
- policy: Make global egress network namespace configurable by @zaharidichev in #13250
- Unblock dualstack integration test by @alpeb in #13255
- build(deps): bump thiserror from 1.0.66 to 1.0.68 by @dependabot in #13271
- build(deps-dev): bump html-webpack-plugin from 5.6.2 to 5.6.3 in /web/app by @dependabot in #13258
- build(deps-dev): bump @babel/runtime from 7.25.7 to 7.26.0 in /web/app by @dependabot in #13257
- build(deps-dev): bump @babel/eslint-parser from 7.25.8 to 7.25.9 in /web/app by @dependabot in #13256
- build(deps): bump core-js from 3.38.1 to 3.39.0 in /web/app by @dependabot in #13259
- build(deps): bump anyhow from 1.0.91 to 1.0.92 by @dependabot in #13263
- build(deps): bump anstyle from 1.0.9 to 1.0.10 by @dependabot in #13262
- build(deps): bump cc from 1.1.31 to 1.1.35 by @dependabot in #13273
- policy: limit TCPRoute to one per policy response by @zaharidichev in #13272
- policy: Remove redundant GRPC rule match on default egress GRPCRoute by @zaharidichev in #13279
- Add v1alpha2 version to Link CRD by @adleong in #13268
- proxy: v2.261.0 by @l5d-bot in #13278
Full Changelog: edge-24.10.5...edge-24.11.1
Contributors
Assets 14
edge-24.10.5
Overall status: RECOMMENDED
Cautions
As of edge-24.10.5, if you configure a timeout on a GRPCRoute, a request that hits the timeout will correctly return a DEADLINE-EXCEEDED gRPC status rather than an UNAVAILABLE gRPC status.
Changes
edge-24.10.5 fixes a bug where requests that hit GRPCRoute timeouts would return gRPC status UNAVAILABLE instead of DEADLINE-EXCEEDED.
What's Changed
- policy: Serve EgressNetwork responses by @zaharidichev in #13206
- build(deps): bump crazy-max/ghaction-chocolatey from 3.0.0 to 3.2.0 by @dependabot in #13237
- build(deps-dev): bump @babel/preset-env from 7.25.8 to 7.26.0 in /web/app by @dependabot in #13236
- build(deps-dev): bump eslint-plugin-jsx-a11y from 6.10.0 to 6.10.2 in /web/app by @dependabot in #13235
- build(deps-dev): bump @babel/preset-react from 7.25.7 to 7.25.9 in /web/app by @dependabot in #13233
- build(deps): bump @babel/eslint-plugin from 7.25.7 to 7.25.9 in /web/app by @dependabot in #13232
- build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #13229
- build(deps): bump pin-project from 1.1.6 to 1.1.7 by @dependabot in #13228
- build(deps): bump regex from 1.11.0 to 1.11.1 by @dependabot in #13227
- build(deps): bump anstyle from 1.0.8 to 1.0.9 by @dependabot in #13226
- build(deps): bump pin-project-lite from 0.2.14 to 0.2.15 by @dependabot in #13225
- build(deps-dev): bump eslint-plugin-react from 7.37.1 to 7.37.2 in /web/app by @dependabot in #13234
- build(deps): bump openssl-src from 300.3.2+3.3.2 to 300.4.0+3.4.0 by @dependabot in #13222
- build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 by @dependabot in #13221
- proxy: v2.260.0 by @l5d-bot in #13244
- build(deps): bump github.com/prometheus/common from 0.60.0 to 0.60.1 by @dependabot in #13241
- build(deps): bump rustix from 0.38.36 to 0.38.38 by @dependabot in #13240
- build(deps): bump serde from 1.0.213 to 1.0.214 by @dependabot in #13239
- build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #13223
- build(deps): bump k8s.io/endpointslice from 0.31.1 to 0.31.2 by @dependabot in #13220
- policy: limit globally affecting egress networks to a single namespace by @zaharidichev in #13246
- build(deps): bump k8s.io/kube-aggregator from 0.31.1 to 0.31.2 by @dependabot in #13217
- build(deps): bump k8s.io/apiextensions-apiserver from 0.31.1 to 0.31.2 by @dependabot in #13219
- build(deps): bump google-github-actions/auth from 2.1.6 to 2.1.7 by @dependabot in #13249
Full Changelog: edge-24.10.4...edge-24.10.5
Contributors
Assets 14
edge-24.10.4
Overall status: RECOMMENDED
Cautions
N/A
Changes
edge-24.10.4 disables automountServiceAccountToken in favor of explicitly-configured projected volumes for the ServiceAccountTokens we need (thanks, Aran Shavit!) and updates the deprecation text for Server v1beta1 (thanks, @patest-dev!).
What's Changed
- Update deprecation warning text for v1beta1 Server by @patest-dev in #13188
- build(deps): bump openssl from 0.10.67 to 0.10.68 by @dependabot in #13194
- build(deps): bump proc-macro2 from 1.0.87 to 1.0.88 by @dependabot in #13195
- build(deps): bump libc from 0.2.159 to 0.2.161 by @dependabot in #13199
- build(deps): bump serde_json from 1.0.128 to 1.0.129 by @dependabot in #13200
- Add
EgressNetworkand routes statuses by @zaharidichev in #13181 - build(deps): bump cc from 1.1.30 to 1.1.31 by @dependabot in #13202
- build(deps): bump anyhow from 1.0.89 to 1.0.90 by @dependabot in #13203
- build(deps): bump serde_json from 1.0.129 to 1.0.132 by @dependabot in #13204
- build(deps-dev): bump html-webpack-plugin from 5.6.0 to 5.6.2 in /web/app by @dependabot in #13201
- Improve debugging in dualstack integration test by @alpeb in #13193
- build(deps): bump bytes from 1.7.2 to 1.8.0 by @dependabot in #13207
- Manually mount serviceAccount token by @Aransh in #13186
- Update generated client-go code by @adleong in #13167
- build(deps): bump serde from 1.0.210 to 1.0.213 by @dependabot in #13213
- build(deps): bump tokio from 1.40.0 to 1.41.0 by @dependabot in #13211
- build(deps): bump github.com/fatih/color from 1.17.0 to 1.18.0 by @dependabot in #13208
- build(deps): bump anyhow from 1.0.90 to 1.0.91 by @dependabot in #13212
- build(deps): bump thiserror from 1.0.64 to 1.0.65 by @dependabot in #13209
- build(deps): bump proc-macro2 from 1.0.88 to 1.0.89 by @dependabot in #13210
- proxy: v2.259.0 by @l5d-bot in #13214
- build(deps): bump http-proxy-middleware from 2.0.4 to 2.0.7 in /web/app by @dependabot in #13216
New Contributors
- @patest-dev made their first contribution in #13188
- @Aransh made their first contribution in #13186
Full Changelog: edge-24.10.3...edge-24.10.4
Contributors
Assets 14
edge-24.10.3
Overall status: RECOMMENDED
Cautions
N/A
Changes
edge-24.10.3 adds hostname and zone_locality labels for outbound GRPC and HTTP metrics, providing the hostname and zone used for the target. It also allows configuring the service name for Linkerd's distributed traces (fixing #11157) and fixes a bug where the linkerd-jaeger injector could mistakenly alter annotations it shouldn't have, as well as a bug where the CNI plugin would silently fail if the underlying Node hit the inotify limit -- now it will detect the problem and crash so that the problem can be noticed and corrected. Finally, linkerd multicluster link now produces YAML that can be applied into clusters running versions prior to edge-24.9.3.
What's Changed
- Fix pod annotations propagating to namespace by @sfleen in #13165
- Make
linkerd mc link's output compatible with pre-edge-24.9.3 clusters by @alpeb in #13161 - build(deps): bump proc-macro2 from 1.0.86 to 1.0.87 by @dependabot in #13153
- build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #13155
- build(deps): bump clap from 4.5.19 to 4.5.20 by @dependabot in #13157
- build(deps): bump helm.sh/helm/v3 from 3.16.1 to 3.16.2 by @dependabot in #13162
- build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #13164
- build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 by @dependabot in #13152
- Add configuration for proxy trace service name by @sfleen in #13130
- build(deps-dev): bump @babel/core from 7.25.2 to 7.25.8 in /web/app by @dependabot in #13174
- build(deps): bump @babel/eslint-plugin from 7.25.1 to 7.25.7 in /web/app by @dependabot in #13175
- build(deps): bump query-string from 9.1.0 to 9.1.1 in /web/app by @dependabot in #13177
- build(deps): bump cc from 1.1.28 to 1.1.30 by @dependabot in #13179
- build(deps-dev): bump @babel/preset-env from 7.25.7 to 7.25.8 in /web/app by @dependabot in #13176
- build(deps): bump Swatinem/rust-cache from 2.7.3 to 2.7.5 by @dependabot in #13180
- build(deps): bump pest_derive from 2.7.13 to 2.7.14 by @dependabot in #13183
- build(deps): bump pest from 2.7.13 to 2.7.14 by @dependabot in #13184
- build(deps): bump rustversion from 1.0.17 to 1.0.18 by @dependabot in #13185
- build(deps-dev): bump @babel/eslint-parser from 7.25.1 to 7.25.8 in /web/app by @dependabot in #13178
- Export zone locality in outbound destination metrics by @sfleen in #13129
- proxy: v2.258.0 by @l5d-bot in #13192
- build(deps): bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 by @dependabot in #13191
- build(deps): bump openssl from 0.10.66 to 0.10.67 by @dependabot in #13190
- build(deps): bump openssl-sys from 0.9.103 to 0.9.104 by @dependabot in #13189
- Bump linkerd-cni to v1.5.2 by @alpeb in #13198
Full Changelog: edge-24.10.2...edge-24.10.3
