edge-22.1.5

This edge release adds support for per-request Access Logging for HTTP inbound
requests in Linkerd. A new annotation i.e. config.linkerd.io/access-log is added,
which configures the proxies to emit access logs to stderr. apache and json
are the supported configuration options, emitting access logs in Apache Common
Log Format and JSON respectively.

Special thanks to @tustvold for all the initial work around this!

• Updated injector to support the new config.linkerd.io/access-log annotation
• Added a new LINKERD2_PROXY_ACCESS_LOG proxy environment variable to configure
  the access log format (thanks @tustvold)
• Updated service mirror controller to emit relevant events when
  mirroring is skipped for a service
• Updated various dependencies across the project (thanks @dependabot)

edge-22.1.4

This edge release features a new configuration annotation, support for
externally hosted Grafana instances, and other improvements in the CLI,
dashboard and Helm charts. To learn more about using an external Grafana
instance with Linkerd, you can refer to our
docs.

• Added a new annotation to configure skipping subnets in the init container
  (config.linkerd.io/skip-subnets). This configuration option is ideal for
  Docker-in-Docker (dind) workloads (thanks @michaellzc!)
• Added support in the dashboard for externally hosted Grafana instances
  (thanks @jackgill!)
• Introduced resource block to linkerd-jaeger Helm chart (thanks
  @yuriydzobak!)
• Introduced parametrized datasource (DS_PROMETHEUS) in all Grafana
  dashboards. This allows pointing to the right Prometheus datasource when
  importing a dashboard
• Introduced a consistent --ignore-cluster flag in the CLI for the base
  installation and extensions; manifests will now be rendered even if there is
  an existing installation in the current Kubernetes context (thanks
  @krzysztofdrys!)
• Updated the service mirror controller to skip mirroring services whose
  namespaces do not yet exist in the source cluster; previously, the service
  mirror would create the namespace itself.

edge-22.1.3

This release removes the Grafana component in the linkerd-viz extension.
Users can now import linkerd dashboards into Grafana from the Linkerd org
in Grafana. Users can also follow the instructions in the docs
to install a separate Grafana that can be integrated with the Linkerd Dashboard.

• Stopped shipping grafana-based image in the linkerd-viz extension
• Removed repair sub-command in the CLI
• Updated various dependencies across the project (thanks @dependabot)

edge-22.1.2

This release sets the version of the extension Helm charts to 30.0.0-edge to
ensure that previous versions of these charts can be upgraded properly.

• Reset extensions Helm chart versions at 30.0.0-edge
• Pin multicluster extension pause container version to 3.2 so that it will work
  on Arm architectures
• Create a unique PSP RoleBinding for each multicluster link to prevent
  conflicts when PSP is enabled

edge-22.1.1

This release adds support for using the cert-manager CA Injector to configure
Linkerd's webhooks.

• Fixed a rare issue when a Service's opaque ports annotation does not match
  that of the pods in the service
• Disallowed privilege escalation in control plane containers (thanks @kichristensen!)
• Updated the multicluster extension's service mirror controller to make mirror
  services empty when the exported service is empty
• Added support for injecting Webhook CA bundles with cert-manager CA Injector
  (thanks @bdun1013!)

edge-21.12.4

This release adds support for custom HTTP methods in the viz stats
(i.e CLI and Dashboard). Additionally, it also includes various
smaller improvements.

• Added support for custom HTTP methods in the linkerd-viz stats
• Updated the health checker to pull trust root from the linkerd-identity-trust-roots
  configmap to support cases where they are generated externally (thanks @wim-de-groot)
• Removed unnecessary installNamespace bool flag from the
  linkerd-control-plane chart (thanks @mikutas)
• Updated the install command to error if container runtime check fails
• Updated various dependencies across the project (thanks @dependabot)

edge-21.12.3

This edge release contains a few improvements to the CLI commands and a major
change around Helm charts.

• Breaking change

The linkerd2 chart has been deprecated in favor of the linkerd-crds and
linkerd-control-plane charts. The former takes care of installing all the
required CRDs and the latter everything else. Of important note is that, as per
Helm best practice, we're no longer creating the linkerd namespace. Users
require to do that manually, or have the Helm tool do it explicitly. So the
install procedure would look something like this:

helm install linkerd-crds -n linkerd --create-namespace --devel linkerd-edge/linkerd-crds

helm install linkerd-control-plane -n linkerd \
  --set-file identityTrustAnchorsPEM=ca.crt \
  --set-file identity.issuer.tls.crtPEM=issuer.crt \
  --set-file identity.issuer.tls.keyPEM=issuer.key \
  --devel
  linkerd-edge/linkerd-control-plane

(Given the chart versions are flagged as a pre-release, you need the --devel flag).

In order to upgrade, please delete your previously installed linkerd2 chart
and install the new charts as explained above.

Although the charts for the main extensions (viz, multicluster, jaeger,
linkerd2-cni) were not deprecated, they also stopped creating their namespace
and users are required to uninstall and reinstall them anew, e.g:

helm install linkerd-viz -n linkerd-viz --create-namespace linkerd-edge/linkerd-viz

• Added a new --obfuscate flag to linkerd diagnostics proxy-metrics to
  obfuscate potentially private information in the output (thanks
  @ahmedalhulaibi!)
• Fixed formatting of the recommended value for --set clusterNetworks in the
  linkerd check output when that parameter doesn't contain all the node
  podCIDRs (thanks @ElvinEfendi!)
• Skipped evicted pods in linkerd viz check and linkerd jaeger check, to
  avoid the checks fail unnecessarily
• Removed some no longer used environment variables from the proxy's manifest

edge-21.12.2

This edge removes the default SMI functionality that is included in
installations now that the linkerd-smi extension provides these resources. It
also relaxes the proxy-init's privileged value to only be set to true when
needed by certain installation configurations.

Along with some bug fixes, the repository's issue and feature request templates
have been updated to forms; check them when opening a new
issue! (thanks
@mikutas).

• Removed SMI functionality in the default Linkerd installation; this is now
  part of the linkerd-smi extension
• Fixed autocompletion of the --context flag (thanks @mikutas!)
• Added support for conditionally setting proxy-init's privileged: true only
  when needed (thanks @alex-berger!)
• Added support for controlling opaque ports through the Server resource
• Fixed an issue where linkerd check would compare proxy versions of
  uninjected pods leading to incorrect errors
• Relaxed extension checks so that the CLI still works when not all extension
  proxies are healthy
• Added the --default-inbound-policy flag to linkerd inject for setting a
  non-default inbound policy on injected workloads (thanks @ahmedalhulaibi!)

edge-21.12.1

This edge release enables by default EndpointSlices in the destination
controller, which unblocks any functionality that is specific to
EndpointSlices such as topology-aware hints. It also contains a couple of
internal cleanups and upgrades, by our external contributors!

• Added new check to linkerd check verifying the nodes aren't running the old
  Docker container runtime and attempting to run proxy-init as root at the same
  time, which doesn't work (thanks @alex-berger!)
• Enabled EndpointSlices in the destination controller by default
• Removed extraneous empty lines and fixed the formatting of warnings in the
  output of linkerd check -o short
• Upgraded to go 1.17 (thanks @Juneezee!)
• Removed old protobuf definitions from the codebase (thanks @krzysztofdrys!)

edge-21.11.4

This edge release introduces a change in the destination service to honor
opaque ports set in the proxyProtocol field of Server resources. This
change makes it possible to set opaque ports directly in Server resources
without needing the opaque ports annotation on pods. The release also features
a number of fixes and improvements, a big thank you to our external
contributors for their continued support and involvement.

• Added support in the destination service for honoring opaque ports marked in
  Server resources; ports can now be marked as opaque directly in Server
  resources through the proxyProtocol field.
• Added support to override default behavior and run proxyInit as root
  (thanks @alex-berger!)
• Added multicluster Link CRD to code generation script; consumers of the
  multicluster API can now use a typed API to interact with multicluster links
  (thanks @zaharidichev!)
• Added a multicluster integration test for exported headless services (thanks
  @importhuman!)
• Deprecated v1alpha1 version of the policy APIs
• Removed newline from linkerd check header text (thanks @mikutas!)
• Replaced deprecated beta.kubernetes.io/os label with kubernetes.io/os