Skip to content

Releases: linkerd/linkerd2

edge-23.11.3

17 Nov 19:15
@github-actions github-actions
edge-23.11.3
This tag was signed with the committer’s verified signature.
adleong Alex Leong
GPG key ID: 98C31B0436D003EF
Verified
Learn about vigilant mode.
d341b6a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
edge-23.11.3

edge-23.11.3

This edge release fixes a bug where Linkerd could cause EOF errors during bursts
of TCP connections.

  • Fixed a bug where the linkerd multicluster link command's
    --gateway-addresses flag was not respected when a remote gateway exists
    (#11564)
  • proxy: Increased DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY to prevent EOF errors
    during bursts of TCP connections
Loading

stable-2.14.4

16 Nov 23:38
@github-actions github-actions
stable-2.14.4
This tag was signed with the committer’s verified signature.
adleong Alex Leong
GPG key ID: 98C31B0436D003EF
Verified
Learn about vigilant mode.
41747e8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
stable-2.14.4

stable-2.14.4

This stable release improves observability for the control plane by adding
additional logging to the destination controller and by adding histograms which
can detect Kubernetes informer lag. It also adds the ability to configure
protocol detection.

  • Improved logging in the destination controller by adding the client pod's
    name to the logging context. This will improve visibility into the messages
    sent and received by the control plane from a specific proxy (#11532)
  • helm: Introduce configurable values for protocol detection (#11536)
  • Fixed an issue where the Destination controller could stop processing service
    profile updates, if a proxy subscribed to those updates stops reading them;
    this is a followup to the issue [#11491] fixed in stable-2.14.2 (#11546)
  • In the Destination controller, added informer lag histogram metrics to track
    whenever the Kubernetes objects watched by the controller are falling behind
    the state in the kube-apiserver (#11534)
  • proxy: Fix grpc_status metric labels for inbound traffic
Loading

edge-23.11.2

10 Nov 11:43
@github-actions github-actions
edge-23.11.2
This tag was signed with the committer’s verified signature.
alpeb Alejandro Pedraza
GPG key ID: E3AB7750B0DC32DF
Verified
Learn about vigilant mode.
4018b2f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
edge-23.11.2

edge-23.11.2

This edge release contains observability improvements and bug fixes to the
Destination controller, and a refinement to the multicluster gateway resolution
logic.

  • Fixed an issue where the Destination controller could stop processing service
    profile updates, if a proxy subscribed to those updates stops reading them;
    this is a followup to the issue [#11491] fixed in edge-23.10.3 (#11546)
  • In the Destination controller, added informer lag histogram metrics to track
    whenever the Kubernetes objects watched by the controller are falling behind
    the state in the kube-apiserver (#11534)
  • In the multicluster service mirror, extended the target gateway resolution
    logic to take into account all the possible IPs a hostname might resolve to,
    rather than just the first one (thanks @MrFreezeex!) (#11499)
  • Added probes to the debug container to appease environments requiring probes
    for all containers (#11308)

Contributors

MrFreezeex
Loading

stable-2.14.3

07 Nov 23:04
@github-actions github-actions
stable-2.14.3
This tag was signed with the committer’s verified signature.
alpeb Alejandro Pedraza
SSH Key Fingerprint: 33BRZ5AnFNwsqnk+rv2kCPZk9xlHxtOYGKVFlzajsfc
Verified
Learn about vigilant mode.
97275dd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
stable-2.14.3

stable-2.14.3

This stable release fixes an issue in the Destination controller that was
forbidding to route traffic to opaque ports on unmeshed pods. Also, it increases
the log level from debug to warning when the outbound proxy faces this type of
events.

  • Fixed GetProfiles error in the Destination controller when address is opaque
    and unmeshed (#11556, fixes#11555)
  • Started logging at warning level in the proxy when the controller clients
    receive an error (#2499)
Loading

edge-23.11.1

02 Nov 21:53
@github-actions github-actions
edge-23.11.1
111155c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
edge-23.11.1

edge-23.11.1

This edge release fixes two bugs in the Destination controller that could cause
outbound connections to hang indefinitely.

  • helm: Introduce configurable values for protocol detection (#11536)
  • destination: Fix GetProfiles error when address is opaque and unmeshed (#11556)
  • destination: Return NotFound for unknown pod names (#11540)
  • proxy: Log controller errors at WARN
  • proxy: Fix grpc_status metric labels for inbound traffic
Loading

edge-23.10.4

27 Oct 23:22
@github-actions github-actions
edge-23.10.4
798c5d9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
edge-23.10.4

edge-23.10.4

This edge release includes a fix for the ServiceProfile CRD resource schema.
The schema incorrectly required not response matches to be arrays, while the
in-cluster validator parsed not response matches as objects. In addition, an
issues has been fixed in linkerd profile. When used with the --open-api
flag, it would not strip trailing slashes when generating a resource from
swagger specifications.

  • Fixed an issue where trailing slashes wouldn't be stripped when generating
    ServiceProfile resources through linkerd profile --open-api (#11519)
  • Fixed an issue in the ServiceProfile CRD schema. The schema incorrectly
    required that a not response match should be an array, which the service
    profile validator rejected since it expected an object. The schema has been
    updated to properly indicate that not values should be an object (#11510;
    fixes #11483)
  • Improved logging in the destination controller by adding the client pod's
    name to the logging context. This will improve visibility into the messages
    sent and received by the control plane from a specific proxy (#11532)
  • Fixed an issue in the destination controller where the metadata API would not
    initialize a Job informer. The destination controller uses the metadata API
    to retrieve Job metadata, and relies mostly on informers. Without an
    initialized informer, an error message would be logged, and the controller
    relied on direct API calls (#11541; fixes #11531)
Loading

stable-2.14.2

26 Oct 21:40
@github-actions github-actions
stable-2.14.2
2f25cde
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
stable-2.14.2

stable-2.14.2

This stable release fixes issues in the proxy and Destination controller which
can result in Linkerd proxies sending traffic to stale endpoints. In addition,
it contains a bug fix for profile resolutions for pods bound on host ports and
includes patches for security advisory CVE-2023-44487/GHSA-qppj-fm5r-hxr3

  • Control Plane

    • Fixed an issue where the Destination controller could stop processing
      changes in the endpoints of a destination, if a proxy subscribed to that
      destination stops reading service discovery updates. This issue results in
      proxies attempting to send traffic for that destination to stale endpoints
      (#11491, fixes #11480, #11279, #10590)
    • Fixed an issue where the Destination controller would not update pod
      metadata for profile resolutions for a pod accessed via the host network
      (e.g. HostPort endpoints) (#11334)
    • Addressed CVE-2023-44487/GHSA-qppj-fm5r-hxr3 by upgrading several
      dependencies (including Go's gRPC and net libraries)

  • Proxy

    • Fixed a regression where the proxy rendered grpc_status metric labels as
      a string rather than as the numeric status code (linkerd2-proxy#2480;
      fixes #11449)
    • Fixed a regression introduced in stable-2.13.0 where proxies would not
      terminate unused service discovery watches, exerting backpressure on the
      Destination controller, potentially causing it to become
      stuck (linkerd2-proxy#2484)
Loading

edge-23.10.3

19 Oct 23:03
@github-actions github-actions
edge-23.10.3
This tag was signed with the committer’s verified signature.
hawkw Eliza Weisman
GPG key ID: F9C1A595C3814436
Verified
Learn about vigilant mode.
166c94f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
edge-23.10.3

edge-23.10.3

This edge release fixes issues in the proxy and Destination controller which can
result in Linkerd proxies sending traffic to stale endpoints. In addition, it
contains other bugfixes and updates dependencies to include patches for the
security advisories CVE-2023-44487/GHSA-qppj-fm5r-hxr3 and GHSA-c827-hfw6-qwvm.

  • Fixed an issue where the Destination controller could stop processing
    changes in the endpoints of a destination, if a proxy subscribed to that
    destination stops reading service discovery updates. This issue results in
    proxies attempting to send traffic for that destination to stale endpoints
    (#11483, fixes #11480, #11279, and #10590)
  • Fixed a regression introduced in stable-2.13.0 where proxies would not
    terminate unused service discovery watches, exerting backpressure on the
    Destination controller which could cause it to become stuck
    (linkerd2-proxy#2484 and linkerd2-proxy#2486)
  • Added INFO-level logging to the proxy when endpoints are added or removed
    from a load balancer. These logs are enabled by default, and can be disabled
    by setting the proxy log level to
    warn,linkerd=info,linkerd_proxy_balance=warn or similar
    (linkerd2-proxy#2486)
  • Fixed a regression where the proxy rendered grpc_status metric labels as a
    string rather than as the numeric status code (linkerd2-proxy#2480; fixes
    #11449)
  • Extended linkerd-jaeger's imagePullSecrets Helm value to also apply to
    the namespace-metadata ServiceAccount (#11504)
  • Updated the control plane's dependency on the golang.google.org/grpc Go
    package to include patches for CVE-2023-44487/GHSA-qppj-fm5r-hxr3 ([#11496])
  • Updated dependencies on rustix to include patches for GHSA-c827-hfw6-qwvm
    (linkerd2-proxy#2488 and #11512).
Loading

edge-23.10.2

12 Oct 22:55
@github-actions github-actions
edge-23.10.2
This tag was signed with the committer’s verified signature.
alpeb Alejandro Pedraza
SSH Key Fingerprint: 33BRZ5AnFNwsqnk+rv2kCPZk9xlHxtOYGKVFlzajsfc
Verified
Learn about vigilant mode.
cd2c88e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
edge-23.10.2

edge-23.10.2

This edge release includes a fix addressing an issue during upgrades for
instances not relying on automated webhook certificate management (like
cert-manager provides).

  • Added a checksum/config annotation to the destination and proxy injector
    deployment manifests, to force restarting those workloads whenever their
    webhook secrets change during upgrade (thanks @iAnomaly!) (#11440)
  • Fixed policy controller error when deleting a Gateway API HTTPRoute resource
    (#11471)

Contributors

iAnomaly
Loading

edge-23.10.1

04 Oct 23:28
@github-actions github-actions
edge-23.10.1
This tag was signed with the committer’s verified signature.
adleong Alex Leong
GPG key ID: 98C31B0436D003EF
Verified
Learn about vigilant mode.
094890c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
edge-23.10.1

edge-23.10.1

This edge release adds additional configurability to Linkerd's viz and
multicluster extensions.

  • Added a podAnnotations Helm value to allow adding additional annotations to
    the Linkerd-Viz Prometheus Deployment (#11365) (thanks @cemenson)
  • Added imagePullSecrets Helm values to the multicluster chart so that it can
    be installed in an air-gapped environment. (#11285) (thanks @lhaussknecht)

Contributors

lhaussknecht and cemenson
Loading