Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unnecessary helm-release-version annotation #11329

Merged
merged 1 commit into from
Sep 11, 2023
Merged

Remove unnecessary helm-release-version annotation #11329

merged 1 commit into from
Sep 11, 2023

Conversation

mikutas
Copy link
Contributor

@mikutas mikutas commented Sep 2, 2023

from destination and proxy-injector

Fixes #10778

@mikutas
Remove unnecessary helm-release-version annotation
d5fffe6 
from destination and proxy-injector

Fixes linkerd#10778

Signed-off-by: Takumi Sue <[email protected]>
@mikutas mikutas marked this pull request as ready for review September 3, 2023 03:20
@mikutas mikutas requested a review from a team as a code owner September 3, 2023 03:20
alpeb
alpeb approved these changes Sep 7, 2023
View reviewed changes
Copy link
Member

@alpeb alpeb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mikutas, this looks good to me 👍

@adleong adleong merged commit 1dc2603 into linkerd:main Sep 11, 2023
33 checks passed
hawkw added a commit that referenced this pull request Sep 13, 2023
@hawkw
edge-23.9.2
7cf8611 
This edge release updates the proxy's dependency on the `webpki` library
to patch security vulnerability [RUSTSEC-2023-0052]
(GHSA-8qv2-5vq6-g2g7), a potential CPU usage denial-of-service attack
when accepting a TLS handshake from an untrusted peer with a
maliciously-crafted certificate.

* Addressed security vulnerability [RUSTSEC-2023-0052] in the proxy
  ([#11361])
* Fixed `linkerd check --proxy` incorrectly checking the proxy version
  of pods in the `completed` state (thanks @mikutas!) ([#11295]; fixes
  [#11280])
* Removed unnecessary `linkerd.io/helm-release-version` annotation from
  the `linkerd-control-plane` Helm chart (thanks @mikutas!) ([#11329];
  fixes [#10778])

[RUSTSEC-2023-0052]:
    https://rustsec.org/advisories/RUSTSEC-2023-0052.html
[#11295]: #11295
[#11280]: #11280
[#11361]: #11361
[#11329]: #11329
[#10778]: #10778
@hawkw hawkw mentioned this pull request Sep 13, 2023
Merged
hawkw added a commit that referenced this pull request Sep 13, 2023
@hawkw
edge-23.9.2 (#11367)
f5e490c 
This edge release updates the proxy's dependency on the `webpki` library
to patch security vulnerability [RUSTSEC-2023-0052]
(GHSA-8qv2-5vq6-g2g7), a potential CPU usage denial-of-service attack
when accepting a TLS handshake from an untrusted peer with a
maliciously-crafted certificate.

* Addressed security vulnerability [RUSTSEC-2023-0052] in the proxy
  (#11361)
* Fixed `linkerd check --proxy` incorrectly checking the proxy version
  of pods in the `completed` state (thanks @mikutas!) (#11295; fixes
  #11280)
* Removed unnecessary `linkerd.io/helm-release-version` annotation from
  the `linkerd-control-plane` Helm chart (thanks @mikutas!) (#11329;
  fixes #10778)

[RUSTSEC-2023-0052]:
    https://rustsec.org/advisories/RUSTSEC-2023-0052.html
adamshawvipps pushed a commit to adamshawvipps/linkerd2 that referenced this pull request Sep 18, 2023
@mikutas @adamshawvipps
Remove unnecessary helm-release-version annotation (linkerd#11329)
0953393 
from destination and proxy-injector

Fixes linkerd#10778

Signed-off-by: Takumi Sue <[email protected]>
adamshawvipps pushed a commit to adamshawvipps/linkerd2 that referenced this pull request Sep 18, 2023
@hawkw @adamshawvipps
edge-23.9.2 (linkerd#11367)
d587b6a 
This edge release updates the proxy's dependency on the `webpki` library
to patch security vulnerability [RUSTSEC-2023-0052]
(GHSA-8qv2-5vq6-g2g7), a potential CPU usage denial-of-service attack
when accepting a TLS handshake from an untrusted peer with a
maliciously-crafted certificate.

* Addressed security vulnerability [RUSTSEC-2023-0052] in the proxy
  (linkerd#11361)
* Fixed `linkerd check --proxy` incorrectly checking the proxy version
  of pods in the `completed` state (thanks @mikutas!) (linkerd#11295; fixes
  linkerd#11280)
* Removed unnecessary `linkerd.io/helm-release-version` annotation from
  the `linkerd-control-plane` Helm chart (thanks @mikutas!) (linkerd#11329;
  fixes linkerd#10778)

[RUSTSEC-2023-0052]:
    https://rustsec.org/advisories/RUSTSEC-2023-0052.html
adamshawvipps pushed a commit to adamshawvipps/linkerd2 that referenced this pull request Sep 18, 2023
@mikutas @adamshawvipps
Remove unnecessary helm-release-version annotation (linkerd#11329)
9536fff 
from destination and proxy-injector

Fixes linkerd#10778

Signed-off-by: Takumi Sue <[email protected]>
Signed-off-by: Adam Shaw <[email protected]>
adamshawvipps pushed a commit to adamshawvipps/linkerd2 that referenced this pull request Sep 18, 2023
@hawkw @adamshawvipps
edge-23.9.2 (linkerd#11367)
18e138a 
This edge release updates the proxy's dependency on the `webpki` library
to patch security vulnerability [RUSTSEC-2023-0052]
(GHSA-8qv2-5vq6-g2g7), a potential CPU usage denial-of-service attack
when accepting a TLS handshake from an untrusted peer with a
maliciously-crafted certificate.

* Addressed security vulnerability [RUSTSEC-2023-0052] in the proxy
  (linkerd#11361)
* Fixed `linkerd check --proxy` incorrectly checking the proxy version
  of pods in the `completed` state (thanks @mikutas!) (linkerd#11295; fixes
  linkerd#11280)
* Removed unnecessary `linkerd.io/helm-release-version` annotation from
  the `linkerd-control-plane` Helm chart (thanks @mikutas!) (linkerd#11329;
  fixes linkerd#10778)

[RUSTSEC-2023-0052]:
    https://rustsec.org/advisories/RUSTSEC-2023-0052.html

Signed-off-by: Adam Shaw <[email protected]>
mateiidavid added a commit that referenced this pull request Sep 21, 2023
@mateiidavid
stable-2.14.1
6339cbc 
This stable release introduces a fix for service discovery on endpoints that
use hostPorts. Previously, the destination service would return the pod IP
associated with the endpoint which could break connectivity on pod restarts.
Discovery responses have been changed to instead return the host IP. This
release also fixes an issue in the multicluster extension where an empty
`remoteDiscoverySelector` field in the `Link` resource would cause all services
to be exported. Finally, this release addresses two security vulnerabilities,
[CVE-2023-2603] and [RUSTSEC-2023-0052] respectively, and includes numerous
other fixes and enhancements.

* CLI
  * Fixed `linkerd check --proxy` incorrectly checking the proxy version of
    pods in the `completed` state (thanks @mikutas!) ([#11295]; fixes [#11280])
  * Fixed erroneous `skipped` messages when injecting namespaces with `linkerd
    inject` (thanks @mikutas!) ([#10231])

* CNI
  * Addressed security vulnerability [CVE-2023-2603] in proxy-init and CNI
    plugin ([#11296])

* Control Plane
  * Changed how hostPort lookups are handled in the destination service.
    Previously, when doing service discovery for an endpoint bound on a
    hostPort, the destination service would return the corresponding pod IP. On
    pod restart, this could lead to loss of connectivity on the client's side.
    The destination service now always returns host IPs for service discovery
    on an endpoint that uses hostPorts ([#11328])
  * Updated HTTPRoute webhook rule to validate all apiVersions of the resource
    (thanks @mikutas!) ([#11149])

* Helm
  * Removed unnecessary `linkerd.io/helm-release-version` annotation from the
    `linkerd-control-plane` Helm chart (thanks @mikutas!) ([#11329]; fixes
    [#10778])
  * Introduced resource requests/limits for the policy controller resource in
    the control plane helm chart ([#11301])

* Multicluster
  * Fixed an issue where an empty `remoteDiscoverySelector` field in a
    multicluster link would cause all services to be mirrored ([#11309])
  * Removed time out from `linkerd multicluster gateways` command; when no
    metrics exist the command will return instantly ([#11265])
  * Improved help messaging for `linkerd multicluster link` ([#11265])

* Proxy
  * Addressed security vulnerability [RUSTSEC-2023-0052] in the proxy
    ([#11361])

[CVE-2023-2603]: GHSA-wp54-pwvg-rqq5
[RUSTSEC-2023-0052]: https://rustsec.org/advisories/RUSTSEC-2023-0052.html
[#11295]: #11295
[#11280]: #11280
[#11361]: #11361
[#11329]: #11329
[#10778]: #10778
[#11309]: #11309
[#11296]: #11296
[#11328]: #11328
[#11301]: #11301
[#11265]: #11265
[#11149]: #11149
[#10231]: #10231

Signed-off-by: Matei David <[email protected]>
@mateiidavid mateiidavid mentioned this pull request Sep 21, 2023
Merged
mateiidavid added a commit that referenced this pull request Sep 25, 2023
@mateiidavid @hawkw
stable-2.14.1 (#11405)
f496587 
* stable-2.14.1

This stable release introduces a fix for service discovery on endpoints that
use hostPorts. Previously, the destination service would return the pod IP
associated with the endpoint which could break connectivity on pod restarts.
Discovery responses have been changed to instead return the host IP. This
release also fixes an issue in the multicluster extension where an empty
`remoteDiscoverySelector` field in the `Link` resource would cause all services
to be exported. Finally, this release addresses two security vulnerabilities,
[CVE-2023-2603] and [RUSTSEC-2023-0052] respectively, and includes numerous
other fixes and enhancements.

* CLI
  * Fixed `linkerd check --proxy` incorrectly checking the proxy version of
    pods in the `completed` state (thanks @mikutas!) ([#11295]; fixes [#11280])
  * Fixed erroneous `skipped` messages when injecting namespaces with `linkerd
    inject` (thanks @mikutas!) ([#10231])

* CNI
  * Addressed security vulnerability [CVE-2023-2603] in proxy-init and CNI
    plugin ([#11296])

* Control Plane
  * Changed how hostPort lookups are handled in the destination service.
    Previously, when doing service discovery for an endpoint bound on a
    hostPort, the destination service would return the corresponding pod IP. On
    pod restart, this could lead to loss of connectivity on the client's side.
    The destination service now always returns host IPs for service discovery
    on an endpoint that uses hostPorts ([#11328])
  * Updated HTTPRoute webhook rule to validate all apiVersions of the resource
    (thanks @mikutas!) ([#11149])

* Helm
  * Removed unnecessary `linkerd.io/helm-release-version` annotation from the
    `linkerd-control-plane` Helm chart (thanks @mikutas!) ([#11329]; fixes
    [#10778])
  * Introduced resource requests/limits for the policy controller resource in
    the control plane helm chart ([#11301])

* Multicluster
  * Fixed an issue where an empty `remoteDiscoverySelector` field in a
    multicluster link would cause all services to be mirrored ([#11309])
  * Removed time out from `linkerd multicluster gateways` command; when no
    metrics exist the command will return instantly ([#11265])
  * Improved help messaging for `linkerd multicluster link` ([#11265])

* Proxy
  * Addressed security vulnerability [RUSTSEC-2023-0052] in the proxy
    ([#11361])

[CVE-2023-2603]: GHSA-wp54-pwvg-rqq5
[RUSTSEC-2023-0052]: https://rustsec.org/advisories/RUSTSEC-2023-0052.html
[#11295]: #11295
[#11280]: #11280
[#11361]: #11361
[#11329]: #11329
[#10778]: #10778
[#11309]: #11309
[#11296]: #11296
[#11328]: #11328
[#11301]: #11301
[#11265]: #11265
[#11149]: #11149
[#10231]: #10231

Signed-off-by: Matei David <[email protected]>
Signed-off-by: Eliza Weisman <[email protected]>
Co-authored-by: Eliza Weisman <[email protected]>
@mikutas mikutas deleted the 10778 branch September 27, 2023 00:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alpeb alpeb alpeb approved these changes

@adleong adleong adleong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

linkerd.io/helm-release-version annotation with helmfile
3 participants
@mikutas @alpeb @adleong