Stable 2.14.0 #11282
Merged
Stable 2.14.0 #11282
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
alpeb
reviewed
Aug 22, 2023
alpeb
reviewed
Aug 22, 2023
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
alpeb
approved these changes
Aug 22, 2023
adamshawvipps
pushed a commit
to adamshawvipps/linkerd2
that referenced
this pull request
Sep 16, 2023
This release introduces direct pod-to-pod multicluster service mirroring. When clusters are deployed on a flat network, Linkerd can export multicluster services in a way where cross-cluster traffic does not need to go through the gateway. This enhances multicluster authentication and can reduce the need for provisioning public load balancers. In addition, this release adds support for the [Gateway API](https://gateway-api.sigs.k8s.io/) HTTPRoute resource (in the `gateway.networking.k8s.io` api group). This improves compatibility with other tools that use these resources such as [Flagger](https://flagger.app/) and [Argo Rollouts](https://argoproj.github.io/rollouts/). The release also includes a large number of features and improvements to HTTPRoute including the ability to set timeouts and the ability to define consumer-namespace HTTPRoutes. Finally, this release includes a number of bugfixes, performance improvements, and other smaller additions. **Upgrade notes**: Please see the [upgrade instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2140). * Multicluster * Remove namespace field from cluster scoped resources to fix pruning * Added -o json flag for the `linkerd multicluster gateways` command (thanks @hiteshwani29) * Introduced `logFormat` value to the multicluster `Link` Helm Chart (thanks @bunnybilou!) * Added leader-election capabilities to the service-mirror controller * Added high-availability (HA) mode for the multicluster service-mirror * Added a new `remoteDiscoverySelector` field to the multicluster `Link` CRD, which enables a service mirroring mode where the control plane performs discovery for the mirrored service from the remote cluster, rather than creating Endpoints for the mirrored service in the source cluster * HTTPRoute * Fixed `linkerd uninstall` issue for HTTPRoute * Added support for `gateway.networking.k8s.io` HTTPRoutes in the policy controller * Added support for RequestHeaderModifier and RequestRedirect HTTP filters in outbound policy; filters may be added at the route or backend level * Added support for the `ResponseHeaderModifier` HTTPRoute filter * Added support for HTTPRoutes defined in the consumer namespace * Added support for HTTPRoute `parent_refs` that do not specify a port * CRDs * Patched the MeshTLSAuthentication CRD to force providing at least one identity/identityRef * Control Plane * Send Opaque protocol hint for opaque ports in destination controller * Replaced deprecated `failure-domain.beta.kubernetes.io/zone` labels in Helm charts with `topology.kubernetes.io/zone` labels (thanks @piyushsingariya!) * Replaced `server_port_subscribers` Destination controller gauge metric with `server_port_subscribes` and `server_port_unsubscribes` counter metrics * Proxy * Handle Opaque protocol hints on endpoints * Added `outbound_http_balancer_endpoints` metric * Fixed missing route_ metrics for requests with ServiceProfiles * Fixed proxy startup failure when using the `config.linkerd.io/admin-port` annotation (thanks @jclegras!) * Added distinguishable version information to proxy logs and metrics * CLI * The `linkerd diagnostics policy` command now displays outbound policy when the target resource is a Service * A fix for HA validation checks when Linkerd is installed with Helm. Thanks @mikutas!! * Viz * Add the `kubelet` NetworkAuthentication back since it is used by the `linkerd viz allow-scrapes` subcommand. * Fixed the `linkerd viz check` command so that it will wait until the viz extension becomes ready * Fixed an issue where specifying a `remote_write` config would cause the Prometheus config to be invalid (thanks @hiteshwani29) * Improved validation of the `--to` and `--from` flags for the `linkerd viz stat` command (thanks @pranoyk) * Added `-o jsonpath` flag to `linkerd viz tap` to allow filtering output fields (thanks @hiteshwani29!) * Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!) * Fixed missing "Services" menu item in the Spanish localization for the `linkerd-viz` web dashboard (thanks @mclavel!) * Extensions * Added missing label `linkerd.io/extension` to certain resources to ensure they pruned when appropriate (thanks @ClementRepo) * Added tolerations and nodeSelector support in extensions `namespace-metadata` Jobs (thanks @pssalman!) * Init Containers * Added an option for disabling the network validator's security context for environments that provide their own * CNI * Added --set flag to install-cni plugin (thanks @amit-62!) * Fixed missing resource-cni labels on linkerd-cni, this blocked the linkerd-cni pods from coming up when the injector was broken (thanks @migueleliasweb!) * Build * Build improvements for multi-arch build artifacts. Thanks @MarkSRobinson!! This release includes changes from a massive list of contributors! A special thank-you to everyone who helped make this release possible: * Amir Karimi @AMK9978 * Amit Kumar @amit-62 * Andre Marcelo-Tanner @kzap * Andrew @andrew-gropyus * Arnaud Beun @bunnybilou * Clement @proxfly * Dima @krabradosty * Grégoire Bellon-Gervais @albundy83 * Harsh Soni @harsh020 * Jean-Charles Legras @jclegras * Loong Dai @daixiang0 * Mark Robinson @MarkSRobinson * Miguel Elias dos Santos @migueleliasweb * Pranoy Kumar Kundu @pranoyk * Ryan Hristovski @ryanhristovski * Takumi Sue @mikutas * Zakhar Bessarab @zekker6 * hiteshwani29 @hiteshwani29 * pheianox * pssalman @pssalman Signed-off-by: Alex Leong <[email protected]> Signed-off-by: Adam Shaw <[email protected]>
adamshawvipps
pushed a commit
to adamshawvipps/linkerd2
that referenced
this pull request
Sep 18, 2023
This release introduces direct pod-to-pod multicluster service mirroring. When clusters are deployed on a flat network, Linkerd can export multicluster services in a way where cross-cluster traffic does not need to go through the gateway. This enhances multicluster authentication and can reduce the need for provisioning public load balancers. In addition, this release adds support for the [Gateway API](https://gateway-api.sigs.k8s.io/) HTTPRoute resource (in the `gateway.networking.k8s.io` api group). This improves compatibility with other tools that use these resources such as [Flagger](https://flagger.app/) and [Argo Rollouts](https://argoproj.github.io/rollouts/). The release also includes a large number of features and improvements to HTTPRoute including the ability to set timeouts and the ability to define consumer-namespace HTTPRoutes. Finally, this release includes a number of bugfixes, performance improvements, and other smaller additions. **Upgrade notes**: Please see the [upgrade instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2140). * Multicluster * Remove namespace field from cluster scoped resources to fix pruning * Added -o json flag for the `linkerd multicluster gateways` command (thanks @hiteshwani29) * Introduced `logFormat` value to the multicluster `Link` Helm Chart (thanks @bunnybilou!) * Added leader-election capabilities to the service-mirror controller * Added high-availability (HA) mode for the multicluster service-mirror * Added a new `remoteDiscoverySelector` field to the multicluster `Link` CRD, which enables a service mirroring mode where the control plane performs discovery for the mirrored service from the remote cluster, rather than creating Endpoints for the mirrored service in the source cluster * HTTPRoute * Fixed `linkerd uninstall` issue for HTTPRoute * Added support for `gateway.networking.k8s.io` HTTPRoutes in the policy controller * Added support for RequestHeaderModifier and RequestRedirect HTTP filters in outbound policy; filters may be added at the route or backend level * Added support for the `ResponseHeaderModifier` HTTPRoute filter * Added support for HTTPRoutes defined in the consumer namespace * Added support for HTTPRoute `parent_refs` that do not specify a port * CRDs * Patched the MeshTLSAuthentication CRD to force providing at least one identity/identityRef * Control Plane * Send Opaque protocol hint for opaque ports in destination controller * Replaced deprecated `failure-domain.beta.kubernetes.io/zone` labels in Helm charts with `topology.kubernetes.io/zone` labels (thanks @piyushsingariya!) * Replaced `server_port_subscribers` Destination controller gauge metric with `server_port_subscribes` and `server_port_unsubscribes` counter metrics * Proxy * Handle Opaque protocol hints on endpoints * Added `outbound_http_balancer_endpoints` metric * Fixed missing route_ metrics for requests with ServiceProfiles * Fixed proxy startup failure when using the `config.linkerd.io/admin-port` annotation (thanks @jclegras!) * Added distinguishable version information to proxy logs and metrics * CLI * The `linkerd diagnostics policy` command now displays outbound policy when the target resource is a Service * A fix for HA validation checks when Linkerd is installed with Helm. Thanks @mikutas!! * Viz * Add the `kubelet` NetworkAuthentication back since it is used by the `linkerd viz allow-scrapes` subcommand. * Fixed the `linkerd viz check` command so that it will wait until the viz extension becomes ready * Fixed an issue where specifying a `remote_write` config would cause the Prometheus config to be invalid (thanks @hiteshwani29) * Improved validation of the `--to` and `--from` flags for the `linkerd viz stat` command (thanks @pranoyk) * Added `-o jsonpath` flag to `linkerd viz tap` to allow filtering output fields (thanks @hiteshwani29!) * Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!) * Fixed missing "Services" menu item in the Spanish localization for the `linkerd-viz` web dashboard (thanks @mclavel!) * Extensions * Added missing label `linkerd.io/extension` to certain resources to ensure they pruned when appropriate (thanks @ClementRepo) * Added tolerations and nodeSelector support in extensions `namespace-metadata` Jobs (thanks @pssalman!) * Init Containers * Added an option for disabling the network validator's security context for environments that provide their own * CNI * Added --set flag to install-cni plugin (thanks @amit-62!) * Fixed missing resource-cni labels on linkerd-cni, this blocked the linkerd-cni pods from coming up when the injector was broken (thanks @migueleliasweb!) * Build * Build improvements for multi-arch build artifacts. Thanks @MarkSRobinson!! This release includes changes from a massive list of contributors! A special thank-you to everyone who helped make this release possible: * Amir Karimi @AMK9978 * Amit Kumar @amit-62 * Andre Marcelo-Tanner @kzap * Andrew @andrew-gropyus * Arnaud Beun @bunnybilou * Clement @proxfly * Dima @krabradosty * Grégoire Bellon-Gervais @albundy83 * Harsh Soni @harsh020 * Jean-Charles Legras @jclegras * Loong Dai @daixiang0 * Mark Robinson @MarkSRobinson * Miguel Elias dos Santos @migueleliasweb * Pranoy Kumar Kundu @pranoyk * Ryan Hristovski @ryanhristovski * Takumi Sue @mikutas * Zakhar Bessarab @zekker6 * hiteshwani29 @hiteshwani29 * pheianox * pssalman @pssalman Signed-off-by: Alex Leong <[email protected]> Signed-off-by: Adam Shaw <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This release introduces direct pod-to-pod multicluster service mirroring. When
clusters are deployed on a flat network, Linkerd can export multicluster
services in a way where cross-cluster traffic does not need to go through the
gateway. This enhances multicluster authentication and can reduce the need for
provisioning public load balancers.
In addition, this release adds support for the
Gateway API HTTPRoute resource (in the
gateway.networking.k8s.ioapi group). This improves compatibility with othertools that use these resources such as Flagger and
Argo Rollouts. The release also includes
a large number of features and improvements to HTTPRoute including the ability
to set timeouts and the ability to define consumer-namespace HTTPRoutes.
Finally, this release includes a number of bugfixes, performance improvements,
and other smaller additions.
Upgrade notes: Please see the
upgrade instructions.
linkerd multicluster gatewayscommand (thanks@hiteshwani29)
logFormatvalue to the multiclusterLinkHelm Chart (thanks@bunnybilou!)
remoteDiscoverySelectorfield to the multiclusterLinkCRD,which enables a service mirroring mode where the control plane
performs discovery for the mirrored service from the remote cluster, rather
than creating Endpoints for the mirrored service in the source cluster
linkerd uninstallissue for HTTPRoutegateway.networking.k8s.ioHTTPRoutes in the policycontroller
outbound policy; filters may be added at the route or backend level
ResponseHeaderModifierHTTPRoute filterparent_refsthat do not specify a portidentity/identityRef
failure-domain.beta.kubernetes.io/zonelabels in Helmcharts with
topology.kubernetes.io/zonelabels (thanks @piyushsingariya!)server_port_subscribersDestination controller gauge metric withserver_port_subscribesandserver_port_unsubscribescounter metricsoutbound_http_balancer_endpointsmetricconfig.linkerd.io/admin-portannotation (thanks @jclegras!)
linkerd diagnostics policycommand now displays outbound policy whenthe target resource is a Service
@mikutas!!
kubeletNetworkAuthentication back since it is used by thelinkerd viz allow-scrapessubcommand.linkerd viz checkcommand so that it will wait until the vizextension becomes ready
remote_writeconfig would cause thePrometheus config to be invalid (thanks @hiteshwani29)
--toand--fromflags for thelinkerd viz statcommand (thanks @pranoyk)
-o jsonpathflag tolinkerd viz tapto allow filtering output fields(thanks @hiteshwani29!)
linkerd-vizweb dashboard (thanks @mclavel!)linkerd.io/extensionto certain resources to ensure theypruned when appropriate (thanks @ClementRepo)
namespace-metadataJobs (thanks @pssalman!)
environments that provide their own
linkerd-cni pods from coming up when the injector was broken (thanks
@migueleliasweb!)
This release includes changes from a massive list of contributors! A special
thank-you to everyone who helped make this release possible: