Releases: linkerd/linkerd2
edge-24.10.3
Overall status: RECOMMENDED
Cautions
N/A
Changes
edge-24.10.3 adds hostname and zone_locality labels for outbound GRPC and HTTP metrics, providing the hostname and zone used for the target. It also allows configuring the service name for Linkerd's distributed traces (fixing #11157) and fixes a bug where the linkerd-jaeger injector could mistakenly alter annotations it shouldn't have, as well as a bug where the CNI plugin would silently fail if the underlying Node hit the inotify limit -- now it will detect the problem and crash so that the problem can be noticed and corrected. Finally, linkerd multicluster link now produces YAML that can be applied into clusters running versions prior to edge-24.9.3.
What's Changed
- Fix pod annotations propagating to namespace by @sfleen in #13165
- Make
linkerd mc link's output compatible with pre-edge-24.9.3 clusters by @alpeb in #13161 - build(deps): bump proc-macro2 from 1.0.86 to 1.0.87 by @dependabot in #13153
- build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #13155
- build(deps): bump clap from 4.5.19 to 4.5.20 by @dependabot in #13157
- build(deps): bump helm.sh/helm/v3 from 3.16.1 to 3.16.2 by @dependabot in #13162
- build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #13164
- build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 by @dependabot in #13152
- Add configuration for proxy trace service name by @sfleen in #13130
- build(deps-dev): bump @babel/core from 7.25.2 to 7.25.8 in /web/app by @dependabot in #13174
- build(deps): bump @babel/eslint-plugin from 7.25.1 to 7.25.7 in /web/app by @dependabot in #13175
- build(deps): bump query-string from 9.1.0 to 9.1.1 in /web/app by @dependabot in #13177
- build(deps): bump cc from 1.1.28 to 1.1.30 by @dependabot in #13179
- build(deps-dev): bump @babel/preset-env from 7.25.7 to 7.25.8 in /web/app by @dependabot in #13176
- build(deps): bump Swatinem/rust-cache from 2.7.3 to 2.7.5 by @dependabot in #13180
- build(deps): bump pest_derive from 2.7.13 to 2.7.14 by @dependabot in #13183
- build(deps): bump pest from 2.7.13 to 2.7.14 by @dependabot in #13184
- build(deps): bump rustversion from 1.0.17 to 1.0.18 by @dependabot in #13185
- build(deps-dev): bump @babel/eslint-parser from 7.25.1 to 7.25.8 in /web/app by @dependabot in #13178
- Export zone locality in outbound destination metrics by @sfleen in #13129
- proxy: v2.258.0 by @l5d-bot in #13192
- build(deps): bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 by @dependabot in #13191
- build(deps): bump openssl from 0.10.66 to 0.10.67 by @dependabot in #13190
- build(deps): bump openssl-sys from 0.9.103 to 0.9.104 by @dependabot in #13189
- Bump linkerd-cni to v1.5.2 by @alpeb in #13198
Full Changelog: edge-24.10.2...edge-24.10.3
Contributors
Assets 14
edge-24.10.2
Overall status: RECOMMENDED
Cautions
N/A
Changes
This release fixes an error in the CLI in order to allow the linkerd multicluster CLI commands to work correctly even when some of the clusters in a multicluster setup are running releases prior to edge-24.9.3. Additionally, creating a link with linkerd multicluster link --set enableNamespaceCreation=true will allow Linkerd multicluster to create the namespace into which it mirrors services.
What's Changed
- build(deps): bump ipnet from 2.10.0 to 2.10.1 by @dependabot in #13134
- build(deps): bump tj-actions/changed-files from 45.0.2 to 45.0.3 by @dependabot in #13135
- build(deps): bump futures from 0.3.30 to 0.3.31 by @dependabot in #13146
- build(deps-dev): bump @babel/preset-react from 7.24.7 to 7.25.7 in /web/app by @dependabot in #13138
- build(deps-dev): bump eslint-plugin-import from 2.30.0 to 2.31.0 in /web/app by @dependabot in #13141
- build(deps-dev): bump eslint-plugin-react from 7.37.0 to 7.37.1 in /web/app by @dependabot in #13142
- build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #13143
- build(deps): bump cc from 1.1.24 to 1.1.28 by @dependabot in #13145
- Add flag to enable namespace creation in the service mirror controller by @adleong in #13137
- build(deps-dev): bump @babel/preset-env from 7.25.4 to 7.25.7 in /web/app by @dependabot in #13139
- build(deps): bump golang.org/x/tools from 0.25.0 to 0.26.0 by @dependabot in #13144
- build(deps): bump object from 0.36.4 to 0.36.5 by @dependabot in #13147
- build(deps): bump once_cell from 1.20.1 to 1.20.2 by @dependabot in #13148
- build(deps): bump pin-project from 1.1.5 to 1.1.6 by @dependabot in #13149
- build(deps-dev): bump @babel/runtime from 7.25.6 to 7.25.7 in /web/app by @dependabot in #13140
- Relax mc validations in the CLI to avoid errors by @alpeb in #13151
- proxy: v2.257.0 by @l5d-bot in #13158
Full Changelog: edge-24.10.1...edge-24.10.2
Contributors
Assets 14
edge-24.10.1
Overall status: RECOMMENDED
Cautions
If you're using Linkerd multicluster with clusters running edge-24.9.2 or earlier, you'll need to upgrade your Linkerd CLI to at least edge-24.10.2 for the linkerd multicluster commands to work correctly.
Changes
This release supports native OpenTelemetry tracing: use --set webhook.collectorTraceProtocol=opentelemetry to use it. The default is still opencensus for the OpenCensus wire protocol. Additionally, the proxy addresses issue #13023 by setting a 30-second TCP_USER_TIMEOUT on TCP connections to allow Linkerd to do a better job of cleaning up half-open connections (thanks, Vadim Makerov!)
What's Changed
- build(deps): bump autocfg from 1.3.0 to 1.4.0 by @dependabot in #13106
- build(deps): bump cc from 1.1.21 to 1.1.23 by @dependabot in #13118
- build(deps): bump httparse from 1.9.4 to 1.9.5 by @dependabot in #13117
- build(deps): bump once_cell from 1.19.0 to 1.20.1 by @dependabot in #13114
- build(deps): bump regex from 1.10.6 to 1.11.0 by @dependabot in #13113
- build(deps): bump ucd-trie from 0.1.6 to 0.1.7 by @dependabot in #13112
- build(deps-dev): bump webpack from 5.94.0 to 5.95.0 in /web/app by @dependabot in #13110
- build(deps-dev): bump eslint-plugin-react from 7.36.1 to 7.37.0 in /web/app by @dependabot in #13109
- build(deps-dev): bump babel-loader from 9.1.3 to 9.2.1 in /web/app by @dependabot in #13093
- build(deps): bump date-fns from 3.6.0 to 4.1.0 in /web/app by @dependabot in #13091
- build(deps-dev): bump eslint from 8.57.0 to 8.57.1 in /web/app by @dependabot in #13092
- remove ROADMAP.md by @wmorgan in #13119
- proxy: v2.256.0 by @l5d-bot in #13125
- Allow configuring proxy trace export protocol by @sfleen in #13099
- build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 by @dependabot in #13127
- build(deps): bump google-github-actions/auth from 2.1.5 to 2.1.6 by @dependabot in #13126
- build(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1 by @dependabot in #13124
- build(deps): bump github.com/prometheus/common from 0.59.1 to 0.60.0 by @dependabot in #13123
- build(deps): bump cc from 1.1.23 to 1.1.24 by @dependabot in #13120
- build(deps): bump async-stream from 0.3.5 to 0.3.6 by @dependabot in #13121
- build(deps): bump unicode-bidi from 0.3.15 to 0.3.17 by @dependabot in #13131
- build(deps): bump clap from 4.5.18 to 4.5.19 by @dependabot in #13122
- Implement providing configuration for TCP_USER_TIMEOUT to linkerd-proxy by @UsingCoding in #13024
New Contributors
- @sfleen made their first contribution in #13099
- @UsingCoding made their first contribution in #13024
Full Changelog: edge-24.9.3...edge-24.10.1
Contributors
Assets 14
edge-24.9.3
Overall status: RECOMMENDED
Cautions
If you're using Linkerd multicluster with clusters running edge-24.9.2 or earlier, you'll need to upgrade your Linkerd CLI to at least edge-24.10.2 for the linkerd multicluster commands to work correctly.
Changes
edge-24.9.3 fixes a panic that would occur if a retried response arrived before the retried request was complete. This is allowed by the spec and was seen in the field with retries enabled for wire-grpc. Additionally, it supports configuring the timeout and failure threshold for health probes for the multicluster gateway.
What's Changed
- build(deps): bump anyhow from 1.0.87 to 1.0.88 by @dependabot in #13064
- build(deps): bump google.golang.org/grpc from 1.66.1 to 1.66.2 by @dependabot in #13062
- build(deps): bump unicode-ident from 1.0.12 to 1.0.13 by @dependabot in #13066
- build(deps): bump helm.sh/helm/v3 from 3.15.4 to 3.16.1 by @dependabot in #13067
- build(deps-dev): bump eslint-plugin-react from 7.35.2 to 7.36.1 in /web/app by @dependabot in #13072
- build(deps-dev): bump sinon from 18.0.0 to 19.0.2 in /web/app by @dependabot in #13073
- build(deps): bump tokio-openssl from 0.6.4 to 0.6.5 by @dependabot in #13075
- build(deps): bump anyhow from 1.0.88 to 1.0.89 by @dependabot in #13076
- build(deps): bump tj-actions/changed-files from 45.0.1 to 45.0.2 by @dependabot in #13078
- build(deps): bump iana-time-zone from 0.1.60 to 0.1.61 by @dependabot in #13079
- proxy: v2.254.0 by @l5d-bot in #13080
- build(deps): bump k8s.io/code-generator from 0.31.0 to 0.31.1 by @dependabot in #13068
- build(deps): bump cc from 1.1.18 to 1.1.21 by @dependabot in #13082
- build(deps): bump k8s.io/apiextensions-apiserver from 0.31.0 to 0.31.1 by @dependabot in #13069
- build(deps): bump bytes from 1.7.1 to 1.7.2 by @dependabot in #13084
- build(deps): bump unicode-normalization from 0.1.23 to 0.1.24 by @dependabot in #13085
- build(deps): bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 by @dependabot in #13086
- build(deps): bump k8s.io/endpointslice from 0.31.0 to 0.31.1 by @dependabot in #13087
- build(deps): bump k8s.io/kube-aggregator from 0.31.0 to 0.31.1 by @dependabot in #13088
- build(deps): bump pest from 2.7.12 to 2.7.13 by @dependabot in #13090
- build(deps): bump pest_derive from 2.7.12 to 2.7.13 by @dependabot in #13089
- build(deps): bump thiserror from 1.0.63 to 1.0.64 by @dependabot in #13095
- build(deps): bump clap from 4.5.17 to 4.5.18 by @dependabot in #13098
- build(deps): bump security-framework-sys from 2.11.1 to 2.12.0 by @dependabot in #13096
- build(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0 by @dependabot in #13094
- Add timeout and failureThreshold to multicluster probe by @alpeb in #13061
- proxy: v2.255.0 by @l5d-bot in #13103
- build(deps): bump libc from 0.2.158 to 0.2.159 by @dependabot in #13102
- build(deps): bump async-trait from 0.1.82 to 0.1.83 by @dependabot in #13100
- build(deps): bump pkg-config from 0.3.30 to 0.3.31 by @dependabot in #13101
- build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #13104
Full Changelog: edge-24.9.2...edge-24.9.3
Contributors
Assets 14
edge-24.9.2
Overall status: RECOMMENDED
Cautions
Starting in edge-24.9.2, the timestamp in JSON-formatted proxy logs are now ISO8601 strings, for example
{"timestamp":"2024-09-09T13:38:56.919918Z","level":"INFO","fields":{"message":"Using single-threaded proxy runtime"},"target":"linkerd2_proxy::rt","threadId":"ThreadId(1)"}
Changes
This release allows Linkerd Viz to get Prometheus basic-auth credentials from a Secret (set prometheusCredsSecret when installing Viz), switches the proxy to use ISO8601 timestamps when logging JSON (fixing issue 12505), publishes a variety of new internal metrics about how the proxy runtime is performing, and publishes the proxy's current time as a metric to make it easier to know when certificates need to be rotated. It also allows setting TCP_USER_TIMEOUT for TCP sockets (thanks, Vadim Makerov!), updates the Helm documentation to include recently-added values, and removes some redundant dashes in the identity controller's Helm templates. Finally, it also includes the org.opencontainers.image.source label in all the Linkerd Docker images (thanks, Maxime Brunet!).
What's Changed
- Update helm docs by @adleong in #13041
- build(deps): bump anyhow from 1.0.86 to 1.0.87 by @dependabot in #13047
- build(deps): bump cpufeatures from 0.2.13 to 0.2.14 by @dependabot in #13048
- build(deps): bump pest_derive from 2.7.11 to 2.7.12 by @dependabot in #13049
- build(deps): bump serde from 1.0.209 to 1.0.210 by @dependabot in #13050
- build(deps-dev): bump eslint-plugin-react from 7.35.0 to 7.35.2 in /web/app by @dependabot in #13043
- build(deps-dev): bump eslint-plugin-import from 2.29.1 to 2.30.0 in /web/app by @dependabot in #13044
- Remove redundant dashes from identity manifest template by @alpeb in #13022
- build(deps-dev): bump webpack-dev-server from 5.0.4 to 5.1.0 in /web/app by @dependabot in #13045
- build(deps-dev): bump eslint-plugin-jsx-a11y from 6.9.0 to 6.10.0 in /web/app by @dependabot in #13046
- build(deps): bump golang.org/x/tools from 0.24.0 to 0.25.0 by @dependabot in #13056
- build(deps): bump ipnet from 2.9.0 to 2.10.0 by @dependabot in #13054
- build(deps): bump cc from 1.1.16 to 1.1.18 by @dependabot in #13052
- build(deps): bump google.golang.org/grpc from 1.66.0 to 1.66.1 by @dependabot in #13055
- build: add image source label to all Dockerfiles by @maxbrunet in #13042
- add ability to read prometheus basic auth creds from secret by @adleong in #13035
- proxy: v2.252.0 by @l5d-bot in #13058
- build(deps): bump express from 4.19.2 to 4.20.0 in /web/app by @dependabot in #13057
- build(deps): bump DavidAnson/markdownlint-cli2-action from 16.0.0 to 17.0.0 by @dependabot in #13059
- proxy: v2.253.0 by @l5d-bot in #13060
New Contributors
- @maxbrunet made their first contribution in #13042
Full Changelog: edge-24.9.1...edge-24.9.2
Contributors
Assets 14
edge-24.9.1
Overall status: RECOMMENDED
Cautions
N/A
Changes
This release adds the new linkerd viz stat-inbound and linkerd viz stat-outbound commands to easily examine statistics for Gateway API routes, and adds dualstack support for ExternalWorkload. It also adds Helm support for tuning liveness and readiness probe timeouts (thanks @kristjankullerkann-wearemp!) and configuring externalTrafficPolicy for multicluster gateways (thanks Lauri Kuittinen!).
What's Changed
- Add viz stat-inbound and viz stat-outbound commands by @adleong in #12994
- build(deps): bump object from 0.36.3 to 0.36.4 by @dependabot in #13003
- build(deps): bump core-foundation-sys from 0.8.6 to 0.8.7 by @dependabot in #12999
- build(deps): bump cc from 1.1.7 to 1.1.15 by @dependabot in #12995
- Dual-stack support for ExternalWorkloads by @alpeb in #12965
- build(deps): bump tj-actions/changed-files from 45.0.0 to 45.0.1 by @dependabot in #13010
- build(deps): bump tokio from 1.39.3 to 1.40.0 by @dependabot in #13007
- build(deps-dev): bump @babel/runtime from 7.25.4 to 7.25.6 in /web/app by @dependabot in #13006
- Remove community meetings from README.md by @wmorgan in #13004
- build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot in #13009
- build(deps): bump core-js from 3.37.1 to 3.38.1 in /web/app by @dependabot in #13005
- build(deps): bump github.com/prometheus/client_golang from 1.19.1 to 1.20.2 by @dependabot in #12989
- build(deps): bump async-trait from 0.1.81 to 0.1.82 by @dependabot in #13012
- build(deps): bump helm.sh/helm/v3 from 3.15.3 to 3.15.4 by @dependabot in #13011
- proxy: v2.251.0 by @l5d-bot in #13019
- build(deps): bump openssl-src from 300.3.1+3.3.1 to 300.3.2+3.3.2 by @dependabot in #13018
- build(deps): bump k8s.io/client-go from 0.30.3 to 0.31.0 by @dependabot in #12958
- build(deps): bump k8s.io/apiextensions-apiserver from 0.30.3 to 0.31.0 by @dependabot in #12973
- build(deps): bump k8s.io/kube-aggregator from 0.30.3 to 0.31.0 by @dependabot in #13020
- build(deps): bump k8s.io/endpointslice from 0.30.3 to 0.31.0 by @dependabot in #12959
- Add support to modify liveness and readiness probe timeouts on control plane containers in helm chart by @kristjankullerkann-wearemp in #13002
- build(deps): bump tokio-util from 0.7.11 to 0.7.12 by @dependabot in #13025
- build(deps): bump github.com/prometheus/common from 0.55.0 to 0.58.0 by @dependabot in #13030
- build(deps): bump google.golang.org/grpc from 1.65.0 to 1.66.0 by @dependabot in #13029
- build(deps): bump cc from 1.1.15 to 1.1.16 by @dependabot in #13028
- build(deps): bump clap from 4.5.16 to 4.5.17 by @dependabot in #13027
- build(deps): bump serde_json from 1.0.127 to 1.0.128 by @dependabot in #13026
- build(deps): bump github.com/prometheus/common from 0.58.0 to 0.59.1 by @dependabot in #13040
- build(deps): bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 by @dependabot in #13039
- build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #13038
- build(deps): bump rustix from 0.38.34 to 0.38.36 by @dependabot in #13037
- build(deps): bump tokio-stream from 0.1.15 to 0.1.16 by @dependabot in #13036
- Allow configuring externalTrafficPolicy by @lauriku in #13016
New Contributors
- @kristjankullerkann-wearemp made their first contribution in #13002
- @lauriku made their first contribution in #13016
Full Changelog: edge-24.8.3...edge-24.9.1
Contributors
Assets 14
edge-24.8.3
Overall status: RECOMMENDED
Cautions
N/A
Changes
In addition to dependency upgrades, this edge release has two fixes for Linkerd Viz: it correctly supports setting the group ID using the linkerd-viz Helm chart (thanks, @mozemke!) and it cleans up font downloading to avoid WAF errors.
What's Changed
- Font fixes by @kflynn in #12948
- proxy: v2.249.0 by @l5d-bot in #12966
- build(deps): bump @fortawesome/free-solid-svg-icons from 6.5.2 to 6.6.0 in /web/app by @dependabot in #12929
- build(deps): bump query-string from 9.0.0 to 9.1.0 in /web/app by @dependabot in #12930
- build(deps-dev): bump @babel/preset-env from 7.25.0 to 7.25.3 in /web/app by @dependabot in #12931
- build(deps): bump ppv-lite86 from 0.2.18 to 0.2.20 by @dependabot in #12934
- build(deps): bump regex from 1.10.5 to 1.10.6 by @dependabot in #12935
- build(deps): bump clap from 4.5.11 to 4.5.16 by @dependabot in #12962
- build(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 by @dependabot in #12942
- await endpoints ready in more e2e tests to combat flakyness by @adleong in #12947
- build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in #12945
- Fix dual-stack integration test by @alpeb in #12946
- build(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible by @dependabot in #12952
- build(deps): bump serde_json from 1.0.121 to 1.0.125 by @dependabot in #12963
- build(deps): bump google-github-actions/auth from 2.1.3 to 2.1.5 by @dependabot in #12967
- build(deps): bump tj-actions/changed-files from 44.5.6 to 45.0.0 by @dependabot in #12969
- build(deps-dev): bump @babel/core from 7.24.9 to 7.25.2 in /web/app by @dependabot in #12932
- build(deps-dev): bump @babel/eslint-parser from 7.25.0 to 7.25.1 in /web/app by @dependabot in #12933
- fix: use correct key to set GID in charts by @mozemke in #12968
- build(deps): bump bytes from 1.6.1 to 1.7.1 by @dependabot in #12927
- build(deps): bump golang.org/x/tools from 0.23.0 to 0.24.0 by @dependabot in #12943
- build(deps): bump tower-service from 0.3.2 to 0.3.3 by @dependabot in #12980
- build(deps): bump cpufeatures from 0.2.12 to 0.2.13 by @dependabot in #12979
- build(deps): bump tower-layer from 0.3.2 to 0.3.3 by @dependabot in #12978
- build(deps): bump quote from 1.0.36 to 1.0.37 by @dependabot in #12976
- build(deps): bump k8s.io/apimachinery from 0.30.3 to 0.31.0 by @dependabot in #12975
- build(deps): bump libc from 0.2.155 to 0.2.158 by @dependabot in #12977
- build(deps-dev): bump @babel/preset-env from 7.25.3 to 7.25.4 in /web/app by @dependabot in #12982
- build(deps-dev): bump eslint-plugin-promise from 7.0.0 to 7.1.0 in /web/app by @dependabot in #12983
- build(deps): bump @babel/eslint-plugin from 7.24.7 to 7.25.1 in /web/app by @dependabot in #12985
- build(deps): bump serde from 1.0.204 to 1.0.209 by @dependabot in #12987
- build(deps): bump tokio from 1.39.2 to 1.39.3 by @dependabot in #12990
- build(deps): bump object from 0.36.2 to 0.36.3 by @dependabot in #12991
- build(deps): bump serde_json from 1.0.125 to 1.0.127 by @dependabot in #12992
- proxy: v2.250.0 by @l5d-bot in #12996
- build(deps-dev): bump webpack from 5.93.0 to 5.94.0 in /web/app by @dependabot in #12984
- build(deps-dev): bump @babel/runtime from 7.25.0 to 7.25.4 in /web/app by @dependabot in #12986
- build(deps): bump mio from 1.0.1 to 1.0.2 by @dependabot in #13001
New Contributors
Full Changelog: edge-24.8.2...edge-24.8.3
Contributors
Assets 14
edge-24.8.2
Overall status: RECOMMENDED
Cautions
N/A
Changes
This release makes certain that Linkerd won't attempt to bind to IPv6 addresses at all unless IPv6 is enabled.
What's Changed
- build(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in #12937
- Only bind to IPv6 addresses when disableIPv6=false by @alpeb in #12938
Full Changelog: edge-24.8.1...edge-24.8.2
Contributors
Assets 14
edge-24.8.1
Overall status: RECOMMENDED
Cautions
If you don't have the GRPCRoute CRD installed at all, Linkerd will run without GRPCRoute support. If you add the CRD after starting Linkerd, you'll need to restart the control plane for Linkerd to be able to use GRPCRoutes.
Changes
This release makes GRPCRoute optional: if you don't have the GRPCRoute CRD installed, Linkerd will run without any GRPCRoute functionality rather than failing to start. It also improves the status text when an HTTPRoute is incorrectly configured with parentRef pointing to a headless service, to make this situation easier to debug, and makes certain that trace-level logs honor proxy.logHTTPHeaders.
What's Changed
- build(deps): bump tokio from 1.39.1 to 1.39.2 by @dependabot in #12907
- build(deps-dev): bump eslint-plugin-promise from 6.5.1 to 7.0.0 in /web/app by @dependabot in #12898
- build(deps-dev): bump @babel/runtime from 7.24.8 to 7.25.0 in /web/app by @dependabot in #12899
- build(deps-dev): bump chai from 4.4.1 to 4.5.0 in /web/app by @dependabot in #12900
- build(deps-dev): bump @babel/eslint-parser from 7.24.8 to 7.25.0 in /web/app by @dependabot in #12902
- build(deps): bump windows_x86_64_gnu from 0.52.5 to 0.52.6 by @dependabot in #12904
- build(deps): bump version_check from 0.9.4 to 0.9.5 by @dependabot in #12906
- build(deps): bump windows_aarch64_msvc from 0.52.5 to 0.52.6 by @dependabot in #12905
- build(deps): bump windows_i686_gnu from 0.52.5 to 0.52.6 by @dependabot in #12908
- build(deps): bump cc from 1.1.6 to 1.1.7 by @dependabot in #12909
- build(deps-dev): bump @babel/preset-env from 7.24.8 to 7.25.0 in /web/app by @dependabot in #12901
- build(deps): bump clap from 4.5.10 to 4.5.11 by @dependabot in #12910
- build(deps): bump object from 0.36.1 to 0.36.2 by @dependabot in #12911
- build(deps): bump serde_json from 1.0.120 to 1.0.121 by @dependabot in #12912
- build(deps): bump ppv-lite86 from 0.2.17 to 0.2.19 by @dependabot in #12919
- feat(proxy): Disable all header and request logging by @adleong in #12903
- Make GrpcRoute watches optional by @adleong in #12917
- proxy: v2.245.0 by @l5d-bot in #12920
- build(deps): bump github.com/docker/docker from 25.0.5+incompatible to 26.1.4+incompatible by @dependabot in #12915
- build(deps): bump google.golang.org/grpc/cmd/protoc-gen-go-grpc from 1.4.0 to 1.5.1 by @dependabot in #12913
- proxy: v2.246.0 by @l5d-bot in #12925
- downgrade away from yanked version of ppv-lite86 by @adleong in #12926
- add status message when attempting to attach to headless service by @adleong in #12918
Full Changelog: edge-24.7.5...edge-24.8.1
Contributors
Assets 14
edge-24.7.5
Overall status: RECOMMENDED
Cautions
N/A
Changes
This release supports Server-scoped default policy, policy audit mode, GRPCRoute, and new retry and timeout configuration (including for Gateway API resources)!
Server-scoped default policy
Server resources now have an accessPolicy field that will override the default inbound policy for any traffic associated with that Server. (The default accessPolicy is deny, for compatibility with previous releases.)
Policy audit mode
Both default inbound policy and Server accessPolicy can now be set to audit in order to allow traffic to flow, but log anything that would be denied. In the proxy's logs, you'll see INFO level logs with the tag authz.name=audit. In metrics (such as request_total) you'll see the label authz_name=audit.
GRPCRoute
edge-24.7.5 includes support for the Gateway API GRPCRoute resource. Remember that starting with edge-24.5.2, if you don't set enableHttpRoutes to false when installing, Linkerd will install the grpcroute.gateway.networking.k8s.io CRD into your cluster and remove it when Linkerd is uninstalled.
Retries
Starting in this release, you can use the retry.linkerd.io/http annotation on Service or HTTPRoute resources to enable HTTP retries. The value of this annotation is a comma-separated list of HTTP statuses to retry on (for example "502-504,511"). "5xx" is shorthand for any of the 5xx status codes, and gateway-error is shorthand for "502-504".
You can also use the retry.linkerd.io/grpc annotation on Service or GRPCRoute resources to enable gRPC retries. The value of this annotation is a comma-separated list of gRPC results to retry on (for example "cancelled,deadline-exceeded").
These are counted retries, unlike Linkerd's typical budgeted retries. Use the retry.linkerd.io/limit annotation to set the maximum number of retries, and the retry.linkerd.io/timeout annotation to set how long Linkerd will give a request before cancelling it and retrying.
Timeouts
Finally, you can configure timeouts on Service, HTTPRoute, and GRPCRoute with annotations. timeout.linkerd.io/request and timeout.linkerd.io/response set timeouts for processing the request and receiving the response; timeout.linkerd.io/idle sets the idle timeout. All currently allow values similar to GEP-2257 Duration strings, but allowing only a single unit (for example, 1500ms or 90s are allowed, but 1s500ms and 1m30s are not).
What's Changed
- build(deps): bump anstyle from 1.0.7 to 1.0.8 by @dependabot in #12894
- build(deps): bump clap_lex from 0.7.1 to 0.7.2 by @dependabot in #12892
- proxy: v2.244.0 by @l5d-bot in #12896
- Add support for retries and timeouts by @adleong in #12888
- Audit access policy implementation by @alpeb in #12846
Full Changelog: edge-24.7.4...edge-24.7.5