Add release notes for stable-2.5.0 (#3294)

Relates to: - https://github.com/linkerd/website/pull/470 - https://github.com/linkerd/website/pull/475 Signed-off-by: Andrew Seigner <siggy@buoyant.io>
2019-08-20 14:19:45 -07:00 · 2019-08-20 14:19:45 -07:00 · f6e8d3a7ae
parent d4cd8add3a
commit f6e8d3a7ae
3 changed files with 107 additions and 6 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,102 @@
+## stable-2.5.0
+
+This release adds [Helm support](https://linkerd.io/2/tasks/install-helm/),
+[tap authentication and authorization via RBAC](https://linkerd.io/tap-rbac),
+traffic split stats, dynamic logging levels, a new cluster monitoring dashboard,
+and countless performance enhancements and bug fixes.
+
+For more details, see the announcement blog post:
+https://linkerd.io/2019/08/20/announcing-linkerd-2.5/
+
+To install this release, run: `curl https://run.linkerd.io/install | sh`
+
+**Upgrade notes**: Use the `linkerd upgrade` command to upgrade the control
+plane. This command ensures that all existing control plane's configuration and
+mTLS secrets are retained. For more details, please see the [upgrade
+instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2-5-0).
+
+**Special thanks to**: @alenkacz, @codeman9, @ethan-daocloud, @jonathanbeber,
+and @Pothulapati!
+
+**Full release notes**:
+
+* CLI
+  * **New** Updated `linkerd tap`, `linkerd top` and `linkerd profile --tap` to
+    require `tap.linkerd.io` RBAC privileges. See https://linkerd.io/tap-rbac
+    for more info
+  * **New** Added traffic split metrics via `linkerd stat trafficsplits`
+    subcommand
+  * Made the `linkerd routes` command traffic split aware
+  * Introduced the `linkerd --as` flag which allows users to impersonate another
+    user for Kubernetes operations
+  * Introduced the `--all-namespaces` (`-A`) option to the `linkerd get`,
+    `linkerd edges` and `linkerd stat` commands to retrieve resources across
+    all namespaces
+  * Improved the installation report produced by the `linkerd check` command
+    to include the control plane pods' live status
+  * Fixed bug in the `linkerd upgrade config` command that was causing it to
+    crash
+  * Introduced `--use-wait-flag` to the `linkerd install-cni` command, to
+    configure the CNI plugin to use the `-w` flag for `iptables` commands
+  * Introduced `--restrict-dashboard-privileges` flag to `linkerd install`
+    command, to disallow tap in the dashboard
+  * Fixed `linkerd uninject` not removing `linkerd.io/inject: enabled`
+    annotations
+  * Fixed `linkerd stat -h` example commands (thanks @ethan-daocloud!)
+  * Fixed incorrect "meshed" count in `linkerd stat` when resources share the
+    same label selector for pods (thanks @jonathanbeber!)
+  * Added pod status to the output of the `linkerd stat` command (thanks
+    @jonathanbeber!)
+  * Added namespace information to the `linkerd edges` command output and a new
+    `-o wide` flag that shows the identity of the client and server if known
+  * Added a check to the `linkerd check` command to validate the user has
+    privileges necessary to create CronJobs
+  * Added a new check to the `linkerd check --pre` command validating that if
+    PSP is enabled, the NET_RAW capability is available
+* Controller
+  * **New** Disabled all unauthenticated tap endpoints. Tap requests now require
+    [RBAC authentication and authorization](https://linkerd.io/tap-rbac)
+  * The `l5d-require-id` header is now set on tap requests so that a connection
+    is established over TLS
+  * Introduced a new RoleBinding in the `kube-system` namespace to provide
+    [access to tap](https://linkerd.io/tap-rbac)
+  * Added HTTP security headers on all dashboard responses
+  * Added support for namespace-level proxy override annotations (thanks
+    @Pothulapati!)
+  * Added resource limits when HA is enabled (thanks @Pothulapati!)
+  * Added pod anti-affinity rules to the control plane pods when HA is enabled
+    (thanks @Pothulapati!)
+  * Fixed a crash in the destination service when an endpoint does not have a
+    `TargetRef`
+  * Updated the destination service to return `InvalidArgument` for external
+    name services so that the proxy does not immediately fail the request
+  * Fixed an issue with discovering StatefulSet pods via their unique hostname
+  * Fixed an issue with traffic split where outbound proxy stats are missing
+  * Upgraded the service profile CRD to v1alpha2. No changes required for users
+    currently using v1alpha1
+  * Updated the control plane's pod security policy to restrict workloads from
+    running as `root` in the CNI mode (thanks @codeman9!)
+  * Introduced optional cluster heartbeat cron job
+  * Bumped Prometheus to 2.11.1
+  * Bumped Grafana to 6.2.5
+* Proxy
+  * **New** Added a new `/proxy-log-level` endpoint to update the log level at
+    runtime
+  * **New** Updated the tap server to only admit requests from the control
+    plane's tap controller
+  * Added `request_handle_us` histogram to measure proxy overhead
+  * Fixed gRPC client cancellations getting recorded as failures rather than
+    as successful
+  * Fixed a bug where tap would stop streaming after a short amount of time
+  * Fixed a bug that could cause the proxy to leak service discovery resolutions
+    to the Destination controller
+* Web UI
+  * **New** Added "Kubernetes cluster monitoring" Grafana dashboard with cluster
+    and containers metrics
+  * Updated the web server to use the new tap APIService. If the `linkerd-web`
+    service account is not authorized to tap resources, users will see a link to
+    documentation to remedy the error
+
 ## edge-19.8.5

 This edge release is a release candidate for `stable-2.5`.
@ -154,7 +253,8 @@ available via sub-resources such as `deployments/tap` and `pods/tap`.

 * CLI
  * Made the `linkerd routes` command traffic-split aware
-  * Fixed bug the `linkerd upgrade config` command that was causing it to crash
+  * Fixed bug in the `linkerd upgrade config` command that was causing it to
+    crash
  * Added pod status to the output of the `linkerd stat`command (thanks
    @jonathanbeber!)
  * Fixed incorrect "meshed" count in `linkerd stat` when resources share the
@ -203,10 +303,11 @@ To install this release, run: `curl https://run.linkerd.io/install | sh`
 **Upgrade notes**: Use the `linkerd upgrade` command to upgrade the control
 plane. This command ensures that all existing control plane's configuration and
 mTLS secrets are retained. For more details, please see the [upgrade
-instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2-4-0) for more details.
+instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2-4-0)
+for more details.

-**Special thanks to**: @alenkacz, @codeman9, @dwj300, @jackprice, @liquidslr
-@matej-g, @Pothulapati, @zaharidichev,
+**Special thanks to**: @alenkacz, @codeman9, @dwj300, @jackprice, @liquidslr,
+@matej-g, @Pothulapati, @zaharidichev

 **Full release notes**:

--- a/charts/linkerd2/Chart.yaml
+++ b/charts/linkerd2/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: "v1"
-appVersion: edge-19.8.5
+appVersion: stable-2.5.0
 description: Linkerd gives you observability, reliability, and security for your microservices — with no code change required.
 home: https://linkerd.io
 keywords:
--- a/charts/linkerd2/values.yaml
+++ b/charts/linkerd2/values.yaml
@ -7,7 +7,7 @@ EnableH2Upgrade: true
 ImagePullPolicy: &image_pull_policy IfNotPresent

 # control plane version. See Proxy section for proxy version
-LinkerdVersion: &linkerd_version edge-19.8.5
+LinkerdVersion: &linkerd_version stable-2.5.0

 Namespace: linkerd
 OmitWebhookSideEffects: false