Fixes#11773
Make the proxy's GUID configurable via `proxy.gid` which defaults to `-1`, in which case the GUID is not set.
Also added ability to set the GUID for proxy-init and the core and extension controllers.
---------
Signed-off-by: Nico Feulner <nico.feulner@gmail.com>
Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io>
* Set mutating webhook rules scope to Namespaced
Problem: The linkerd-proxy-injector-webhook-config, linkerd-jaeger-injector-webhook-config, and linkerd-tap-injector-webhook-config mutating webhooks raise a warning on GKE that says "Update webhook to no longer intercept system requests." in the GCP console recommendation section. This is because the scope is set to *. This also happens if scope is Namespaced, and kube-system and kube-node-lease namespaces are not excluded using namespaceSelector.
Solution: Setting the scope to Namespaced for all webhooks, and the user can set the namespaceSelector in the helm values.
Validation: This should not change the webhooks behaviour as all webhooks are triggered only by pod/service creation requests, and pods/services are namespaced resources.
Fixes#12193
---------
Signed-off-by: f.medini <f.medini@nyris.io>
Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io>
* Automate edge releases
Followup to #12132
Now one only needs to tag in order to trigger the release. Please see the updated `RELEASE.md` file for the new instructions.
The last action in the release workflow, `helm-publish`, now runs:
- `bin/helm-bump-edge`: This has been modified to calculate the new edge version by inspecting https://run.linkerd.io/install-edge and bumping the version found there, using a new scheme `YYYY.M.N` (also droppping the `-edge` suffix) shared across all the charts (except for `partials`, `patch` and `linkerd-multicluster-link` which remain static). The `version` entry in the Chart.yaml files no longer needs to be manually updated, and its value is not used for the new version computation, so it was changed to `0.0.0-undefined`. Also note this script validates that the current git tag matches the expected new version.
- `bin/helm-docs`: Called just to update the charts READMEs with the new version. We also still call it in the `helm.yml` workflow to check the values.yaml entries are in sync. So after any change to those values, we still need to manually run `bin/helm-docs`.
- `bin/helm-build package`: As the previous two steps mutate the local checked out source, this no longer validates that there are no uncommited changes.
---------
Co-authored-by: Oliver Gould <ver@buoyant.io>
Updated the ExternalWorkload CRD to v1beta1, renaming the meshTls field to
meshTLS ([#12098])
* Updated the proxy to address some logging and metrics inconsistencies
([#12099])
This edge release contains performance and stability improvements to the
Destination controller, and continues stabilizing support for ExternalWorkloads.
* Reduced the load on the Destination controller by only processing Server
updates on workloads affected by the Server ([#12017])
* Changed how the Destination controller reacts to target clusters (in
multicluster pod-to-pod mode) whose Server CRD is outdated: skip them and log
an error instead of panicking ([#12008])
* Improved the leader election of the ExternalWorkloads Endpoints controller to
avoid missing events ([#12021])
* Improved naming of EndpointSlices generated by ExternWorkloads ([#12016])
* Restriced the number of IPs an ExternalWorkload can have ([#12026])
Fixes#11585
Added option in `values.yaml` in extensions charts to disable the namspace-metadata jobs for helm based installations.
The `createNamespaceMetadataJob` flag should be set to false from cli to disable it. Disable if lack of privileges require doing it manually.
Signed-off-by: shinigami-777 <chattopadhyaytamaghna@gmail.com>
This edge release incrementally improves support for ExternalWorkload resources
throughout the control plane.
Signed-off-by: Alex Leong <alex@buoyant.io>
This edge release includes fixes and improvements to the destination
controller's endpoint resolution API.
* Fixed an issue in the control plane where discovery for pod IP addresses could
hang indefinitely ([#11815])
* Updated the proxy to enforce time limits on control plane response streams so
that proxies more naturally distribute load over control plane replicas
([#11837])
* Fixed the policy's controller service metadata responses so that proxy logs
and metrics have informative values ([#11842])
This edge release contains improvements to the logging and diagnostics of the
destination controller.
* Added a control plane metric to count errors talking to the Kubernetes API
([#11774])
* Fixed an issue causing spurious destination controller error messages for
profile lookups on unmeshed pods with port in default opaque list ([#11550])
[#11774]: https://github.com/linkerd/linkerd2/pull/11774
[#11550]: https://github.com/linkerd/linkerd2/pull/11550
Signed-off-by: Alex Leong <alex@buoyant.io>
## edge-23.12.2
This edge release includes a restructuring of the proxy's balancer along with
accompanying new metrics. The new minimum supported Kubernetes version is 1.22.
* Restructured the proxy's balancer ([#11750]): balancer changes may now occur
independently of request processing. Fail-fast circuit breaking is enforced on
the balancer's queue so that requests can't get stuck in a queue indefinitely.
This new balancer is instrumented with new metrics: request (in-queue) latency
histograms, failfast states, discovery updates counts, and balancer endpoint
pool sizes.
* Changed how the policy controller updates HTTPRoute status so that it doesn't
affect statuses from other non-linkerd controllers ([#11705]; fixes [#11659])
[#11750]: https://github.com/linkerd/linkerd2/pull/11750
[#11705]: https://github.com/linkerd/linkerd2/pull/11705
[#11659]: https://github.com/linkerd/linkerd2/pull/11659
New versions of the k8s-openapi crate drop support for Kubernetes 1.21.
Kubernetes v1.22 has been considered EOL by the upstream project since
2022-07-08. Major cloud providers have EOL'd it as well (GKE's current
MSKV is 1.24).
This change updates the MSKV to v1.22. It also updates the max version
in _test-helpers.sh to v1.28.
Linkerd's control plane will skip webhook requests for resources in kube-system. The same configuration should be applied for other webhooks, i.e. tap and jaeger injectors. This change allows users to skip webhook on kube-system by default for tap and jaeger injector.
Closes#11647
Signed-off-by: Takumi Sue <u630868b@alumni.osaka-u.ac.jp>
## edge-23.11.4
This edge release introduces support for the native sidecar containers
entering beta support in Kubernetes 1.29. This improves the startup and
shutdown ordering for the proxy relative to other containers, fixing the
long-standing shutdown issue with injected `Job`s. Furthermore, traffic
from other `initContainer`s can now be proxied by Linkerd.
In addition, this edge release includes Helm chart improvements, and
improvements to the multicluster extension.
* Added a new `config.alpha.linkerd.io/proxy-enable-native-sidecar`
annotation and `Proxy.NativeSidecar` Helm option that causes the proxy
container to run as an init-container (thanks @teejaded!) (#11465;
fixes#11461)
* Fixed broken affinity rules for the multicluster `service-mirror` when
running in HA mode (#11609; fixes#11603)
* Added a new check to `linkerd check` that ensures all extension
namespaces are configured properly (#11629; fixes#11509)
* Updated the Prometheus Docker image used by the `linkerd-viz`
extension to v2.48.0, resolving a number of CVEs in older Prometheus
versions (#11633)
* Added `nodeAffinity` to `deployment` templates in the `linkerd-viz`
and `linkerd-jaeger` Helm charts (thanks @naing2victor!) (#11464;
fixes#10680)
* Add native sidecar support
Kubernetes will be providing beta support for native sidecar containers in version 1.29. This feature improves network proxy sidecar compatibility for jobs and initContainers.
Introduce a new annotation config.alpha.linkerd.io/proxy-enable-native-sidecar and configuration option Proxy.NativeSidecar that causes the proxy container to run as an init-container.
Fixes: #11461
Signed-off-by: TJ Miller <millert@us.ibm.com>
This edge release fixes a bug where Linkerd could cause EOF errors during bursts
of TCP connections.
* Fixed a bug where the `linkerd multicluster link` command's
`--gateway-addresses` flag was not respected when a remote gateway exists
([#11564])
* proxy: Increased DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY to prevent EOF errors
during bursts of TCP connections
[#11564]: https://github.com/linkerd/linkerd2/pull/11564
Signed-off-by: Alex Leong <alex@buoyant.io>
## edge-23.11.2
This edge release contains observability improvements and bug fixes to the
Destination controller, and a refinement to the multicluster gateway resolution
logic.
* Fixed an issue where the Destination controller could stop processing service
profile updates, if a proxy subscribed to those updates stops reading them;
this is a followup to the issue [#11491] fixed in [edge-23.10.3] ([#11546])
* In the Destination controller, added informer lag histogram metrics to track
whenever the Kubernetes objects watched by the controller are falling behind
the state in the kube-apiserver ([#11534])
* In the multicluster service mirror, extended the target gateway resolution
logic to take into account all the possible IPs a hostname might resolve to,
rather than just the first one (thanks @MrFreezeex!) ([#11499])
* Added probes to the debug container to appease environments requiring probes
for all containers ([#11308])
[edge-23.10.3]: https://github.com/linkerd/linkerd2/releases/tag/edge-23.10.3
[#11546]: https://github.com/linkerd/linkerd2/pull/11546
[#11534]: https://github.com/linkerd/linkerd2/pull/11534
[#11499]: https://github.com/linkerd/linkerd2/pull/11499
[#11308]: https://github.com/linkerd/linkerd2/pull/11308
* Update dev to v42
* Update Go to 1.21.3
* Update Rust to 1.73.0
* Update the Cargo workspace to use the v2 package resolver
* Update debian from bullseye to bookworm
* Update golangci-lint to 1.55.1
* Disable deprecated linters (deadcode, varcheck)
* Disable goconst linter -- pointless and noisy
* Disable depguard linter -- it requires that all of our Go dependencies be added to allowlists;
* Update K3d to v5.6.0
* Update CI from k3s 1.26 to 1.28
* Update markdownlint-cli2 to 0.10.0
This edge release includes a fix for the `ServiceProfile` CRD resource schema.
The schema incorrectly required `not` response matches to be arrays, while the
in-cluster validator parsed `not` response matches as objects. In addition, an
issues has been fixed in `linkerd profile`. When used with the `--open-api`
flag, it would not strip trailing slashes when generating a resource from
swagger specifications.
* Fixed an issue where trailing slashes wouldn't be stripped when generating
`ServiceProfile` resources through `linkerd profile --open-api` ([#11519])
* Fixed an issue in the `ServiceProfile` CRD schema. The schema incorrectly
required that a `not` response match should be an array, which the service
profile validator rejected since it expected an object. The schema has been
updated to properly indicate that `not` values should be an object ([#11510];
fixes [#11483])
* Improved logging in the destination controller by adding the client pod's
name to the logging context. This will improve visibility into the messages
sent and received by the control plane from a specific proxy ([#11532])
* Fixed an issue in the destination controller where the metadata API would not
initialize a `Job` informer. The destination controller uses the metadata API
to retrieve `Job` metadata, and relies mostly on informers. Without an
initialized informer, an error message would be logged, and the controller
relied on direct API calls ([#11541]; fixes [#11531])
[#11541]: https://github.com/linkerd/linkerd2/pull/11532
[#11532]: https://github.com/linkerd/linkerd2/pull/11532
[#11531]: https://github.com/linkerd/linkerd2/issues/11531
[#11519]: https://github.com/linkerd/linkerd2/pull/11519
[#11510]: https://github.com/linkerd/linkerd2/pull/11510
[#11483]: https://github.com/linkerd/linkerd2/issues/11483
Signed-off-by: Matei David <matei@buoyant.io>
## edge-23.10.2
This edge release includes a fix addressing an issue during upgrades for
instances not relying on automated webhook certificate management (like
cert-manager provides).
* Added a `checksum/config` annotation to the destination and proxy injector
deployment manifests, to force restarting those workloads whenever their
webhook secrets change during upgrade (thanks @iAnomaly!) ([#11440])
* Fixed policy controller error when deleting a Gateway API HTTPRoute resource
([#11471])
[#11440]: https://github.com/linkerd/linkerd2/pull/11440
[#11471]: https://github.com/linkerd/linkerd2/pull/11471
This edge release adds additional configurability to Linkerd's viz and
multicluster extensions.
* Added a `podAnnotations` Helm value to allow adding additional annotations to
the Linkerd-Viz Prometheus Deployment ([#11365]) (thanks @cemenson)
* Added `imagePullSecrets` Helm values to the multicluster chart so that it can
be installed in an air-gapped environment. ([#11285]) (thanks @lhaussknecht)
[#11365]: https://github.com/linkerd/linkerd2/issues/11365
[#11285]: https://github.com/linkerd/linkerd2/issues/11285
Signed-off-by: Alex Leong <alex@buoyant.io>
* edge-29.9.3
This edge release updates the proxy's dependency on the `rustls` library to
patch security vulnerability [RUSTSEC-2023-0052] (GHSA-8qv2-5vq6-g2g7), a
potential CPU usage denial-of-service attack when acceting a TLS handshake from
an untrusted peer with a maliciously-crafted certificate. Furthermore, this
edge release contains a few improvements to the control plane and jaeger
extension Helm charts.
* Addressed security vulnerability [RUSTSEC-2023-0052] in the proxy by updating
its dependency on the `rustls` library
* Added a `prometheusUrl` field for the heartbeat job in the control plane Helm
chart (thanks @david972!) ([#11343]; fixes [#11342])
* Introduced support for arbitrary labels in the `podMonitors` field in the
control plane Helm chart (thanks @jseiser!) ([#11222]; fixes [#11175])
* Added support for config merge and Deployment environment to
`opentelemetry-collector` in the jaeger extension (thanks @iAnomaly!)
([#11283])
[#11283]: https://github.com/linkerd/linkerd2/pull/11283
[#11222]: https://github.com/linkerd/linkerd2/pull/11222
[#11175]: https://github.com/linkerd/linkerd2/issues/11175
[#11343]: https://github.com/linkerd/linkerd2/pull/11343
[#11342]: https://github.com/linkerd/linkerd2/issues/11342
Signed-off-by: Matei David <matei@buoyant.io>
This PR changes a variety of things:
1. Changes value `collector.config` from a string to an object to support field level merging/changing without having to copy/paste the entire unchanged portion of the config.
2. Changes the default `collector.config` for sensible out of the box Linkerd tracing use-case:
1. Only `opencensus` receiver (the format `linkerd-proxy` emits when configured for tracing)
2. `resource` processor that maps the Pod name and namespace labels `linkerd-proxy` sets on injected Pods to the fields the `k8sattributes` processor expects for looking up the trace's source Pod.
3. `k8sattributes` processor for decorating all traces with K8s metadata.
3. Standardizes `image.pullPolicy` behavior across all components and defaults to absent/null `imagePullPolicy` such that the K8s cluster configuration is used.
4. Adds collector RBAC needed for `k8sattributes` to lookup trace source K8s workloads
5. Adds collector ConfigMap checksum to rollout new Pod(s) when config is changed.
6. Adds/parameterizes the collector container command with value `collector.command`.
7. Changes collector image from [opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector) to [opentelemetry-collector-contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib) which includes additional connectors, exporters, extensions, processors, receivers.
8. Adds value `collector.env` for additional collector Deployment environment variables.
Signed-off-by: Cameron Boulton <cameron.boulton@calm.com>
This edge release updates the proxy's dependency on the `webpki` library
to patch security vulnerability [RUSTSEC-2023-0052]
(GHSA-8qv2-5vq6-g2g7), a potential CPU usage denial-of-service attack
when accepting a TLS handshake from an untrusted peer with a
maliciously-crafted certificate.
* Addressed security vulnerability [RUSTSEC-2023-0052] in the proxy
(#11361)
* Fixed `linkerd check --proxy` incorrectly checking the proxy version
of pods in the `completed` state (thanks @mikutas!) (#11295; fixes
#11280)
* Removed unnecessary `linkerd.io/helm-release-version` annotation from
the `linkerd-control-plane` Helm chart (thanks @mikutas!) (#11329;
fixes#10778)
[RUSTSEC-2023-0052]:
https://rustsec.org/advisories/RUSTSEC-2023-0052.html
This edge release introduces a fix for service discovery on endpoints that use
hostPorts. Previously, the destination service would return the pod IP for the
discovery request which could break connectivity on pod restart. To fix this,
direct pod communication for a pod bound on a hostPort will always return the
hostIP. In addition, this release fixes a security vulnerability (CVE-2023-2603)
detected in the CNI plugin and proxy-init images, and includes a number of other
fixes and small improvements.
* Addressed security vulnerability CVE-2023-2603 in proxy-init and CNI plugin
([#11296])
* Introduced resource requests/limits for the policy controller resource in the
control plane helm chart ([#11301])
* Fixed an issue where an empty `remoteDiscoverySelector` field in a
multicluster link would cause all services to be mirrored ([#11309])
* Removed time out from `linkerd multicluster gateways` command; when no
metrics exist the command will return instantly ([#11265])
* Improved help messaging for `linkerd multicluster link` ([#11265])
* Changed how hostPort lookups are handled in the destination service.
Previously, when doing service discovery for an endpoint bound on a hostPort,
the destination service would return the corresponding pod IP. On pod
restart, this could lead to loss of connectivity on the client's side. The
destination service now always returns host IPs for service discovery on an
endpoint that uses hostPorts ([#11328])
* Updated HTTPRoute webhook rule to validate all apiVersions of the resource
(thanks @mikutas!) ([#11149])
* Fixed erroneous `skipped` messages when injecting namespaces with `linkerd
inject` (thanks @mikutas!) ([#10231])
[#11309]: https://github.com/linkerd/linkerd2/issues/11309
[#11296]: https://github.com/linkerd/linkerd2/discussions/11296
[#11328]: https://github.com/linkerd/linkerd2/pull/11328
[#11301]: https://github.com/linkerd/linkerd2/issues/11301
[#11265]: https://github.com/linkerd/linkerd2/pull/11265
[#11149]: https://github.com/linkerd/linkerd2/pull/11149
[#10231]: https://github.com/linkerd/linkerd2/issues/10231
---------
Signed-off-by: Matei David <matei@buoyant.io>
Co-authored-by: Eliza Weisman <eliza@buoyant.io>
This release introduces direct pod-to-pod multicluster service mirroring. When
clusters are deployed on a flat network, Linkerd can export multicluster
services in a way where cross-cluster traffic does not need to go through the
gateway. This enhances multicluster authentication and can reduce the need for
provisioning public load balancers.
In addition, this release adds support for the
[Gateway API](https://gateway-api.sigs.k8s.io/) HTTPRoute resource (in the
`gateway.networking.k8s.io` api group). This improves compatibility with other
tools that use these resources such as [Flagger](https://flagger.app/) and
[Argo Rollouts](https://argoproj.github.io/rollouts/). The release also includes
a large number of features and improvements to HTTPRoute including the ability
to set timeouts and the ability to define consumer-namespace HTTPRoutes.
Finally, this release includes a number of bugfixes, performance improvements,
and other smaller additions.
**Upgrade notes**: Please see the
[upgrade instructions](https://linkerd.io/2/tasks/upgrade/#upgrade-notice-stable-2140).
* Multicluster
* Remove namespace field from cluster scoped resources to fix pruning
* Added -o json flag for the `linkerd multicluster gateways` command (thanks
@hiteshwani29)
* Introduced `logFormat` value to the multicluster `Link` Helm Chart (thanks
@bunnybilou!)
* Added leader-election capabilities to the service-mirror controller
* Added high-availability (HA) mode for the multicluster service-mirror
* Added a new `remoteDiscoverySelector` field to the multicluster `Link` CRD,
which enables a service mirroring mode where the control plane
performs discovery for the mirrored service from the remote cluster, rather
than creating Endpoints for the mirrored service in the source cluster
* HTTPRoute
* Fixed `linkerd uninstall` issue for HTTPRoute
* Added support for `gateway.networking.k8s.io` HTTPRoutes in the policy
controller
* Added support for RequestHeaderModifier and RequestRedirect HTTP filters in
outbound policy; filters may be added at the route or backend level
* Added support for the `ResponseHeaderModifier` HTTPRoute filter
* Added support for HTTPRoutes defined in the consumer namespace
* Added support for HTTPRoute `parent_refs` that do not specify a port
* CRDs
* Patched the MeshTLSAuthentication CRD to force providing at least one
identity/identityRef
* Control Plane
* Send Opaque protocol hint for opaque ports in destination controller
* Replaced deprecated `failure-domain.beta.kubernetes.io/zone` labels in Helm
charts with `topology.kubernetes.io/zone` labels (thanks @piyushsingariya!)
* Replaced `server_port_subscribers` Destination controller gauge metric with
`server_port_subscribes` and `server_port_unsubscribes` counter metrics
* Proxy
* Handle Opaque protocol hints on endpoints
* Added `outbound_http_balancer_endpoints` metric
* Fixed missing route_ metrics for requests with ServiceProfiles
* Fixed proxy startup failure when using the `config.linkerd.io/admin-port`
annotation (thanks @jclegras!)
* Added distinguishable version information to proxy logs and metrics
* CLI
* The `linkerd diagnostics policy` command now displays outbound policy when
the target resource is a Service
* A fix for HA validation checks when Linkerd is installed with Helm. Thanks
@mikutas!!
* Viz
* Add the `kubelet` NetworkAuthentication back since it is used by the
`linkerd viz allow-scrapes` subcommand.
* Fixed the `linkerd viz check` command so that it will wait until the viz
extension becomes ready
* Fixed an issue where specifying a `remote_write` config would cause the
Prometheus config to be invalid (thanks @hiteshwani29)
* Improved validation of the `--to` and `--from` flags for the `linkerd viz stat`
command (thanks @pranoyk)
* Added `-o jsonpath` flag to `linkerd viz tap` to allow filtering output fields
(thanks @hiteshwani29!)
* Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!)
* Fixed missing "Services" menu item in the Spanish localization for the
`linkerd-viz` web dashboard (thanks @mclavel!)
* Extensions
* Added missing label `linkerd.io/extension` to certain resources to ensure they
pruned when appropriate (thanks @ClementRepo)
* Added tolerations and nodeSelector support in extensions `namespace-metadata`
Jobs (thanks @pssalman!)
* Init Containers
* Added an option for disabling the network validator's security context for
environments that provide their own
* CNI
* Added --set flag to install-cni plugin (thanks @amit-62!)
* Fixed missing resource-cni labels on linkerd-cni, this blocked the
linkerd-cni pods from coming up when the injector was broken (thanks
@migueleliasweb!)
* Build
* Build improvements for multi-arch build artifacts. Thanks @MarkSRobinson!!
This release includes changes from a massive list of contributors! A special
thank-you to everyone who helped make this release possible:
* Amir Karimi @AMK9978
* Amit Kumar @amit-62
* Andre Marcelo-Tanner @kzap
* Andrew @andrew-gropyus
* Arnaud Beun @bunnybilou
* Clement @proxfly
* Dima @krabradosty
* Grégoire Bellon-Gervais @albundy83
* Harsh Soni @harsh020
* Jean-Charles Legras @jclegras
* Loong Dai @daixiang0
* Mark Robinson @MarkSRobinson
* Miguel Elias dos Santos @migueleliasweb
* Pranoy Kumar Kundu @pranoyk
* Ryan Hristovski @ryanhristovski
* Takumi Sue @mikutas
* Zakhar Bessarab @zekker6
* hiteshwani29 @hiteshwani29
* pheianox
* pssalman @pssalman
Signed-off-by: Alex Leong <alex@buoyant.io>
This is a release candidate for stable-2.14.0; we encourage you to help trying
it out!
This edge release contains a number of improvements over the multi-cluster
features introduced in the last edge release supporting flat networks. It also
hardens the containers security stance by removing write access to the root
filesystem.
* Enhanced `linkerd multicluster link` to allow clusters to be linked without a
gateway ([#11226])
* Added cluster store size gauge metric ([#11256])
* Disabled local traffic policy for remote discovery ([#11257])
* Fixed various innocuous multi-cluster warnings ([#11251], [#11246], [#11253])
* Set `readOnlyRootFilesystem: true` in all the containers, as they don't
require write permissions ([#11221]; fixes [#11142]) (thanks @mikutas!)
This edge release restores a proxy setting for it to shed load less aggressively
while under high load, which should result in lower error rates (addressing
#11055). It also removes the usage of host networking in the linkerd-cni
extension.
* Changed the default HTTP request queue capacities for the inbound and outbound
proxies back to 10,000 requests (see #11055 and #11198)
* Lifted need of using host networking in the linkerd-cni Daemonset (#11141)
(thanks @abhijeetgauravm!)
This edge release improves Linkerd's support for HttpRoute by allowing
`parent_ref` ports to be optional, allowing HttpRoutes to be defined in a
consumer's namespace, and adding support for the `ResponseHeaderModifier` filter.
It also fixes a panic in the destination controller.
* Added an option for disabling the network validator's security context for
environments that provide their own
* Added high-availability (HA) mode for the multicluster service-mirror
* Added support for HttpRoute `parent_refs` that do not specify a port
* Fixed a Grafana error caused by an incorrect datasource (thanks @albundy83!)
* Added support for HttpRoutes defined in the consumer namespace
* Improved the granularity of logging levels in the control plane
* Fixed a race condition in the destination controller that could cause it to
panic
* Added support for the `ResponseHeaderModifier` HttpRoute filter
* Updated extension CLI commands to prefer the `--register` flag over the
`LINKERD_DOCKER_REGISTRY` environment variable, making the precedence more
consistent (thanks @harsh020!)
Signed-off-by: Alex Leong <alex@buoyant.io>
Problem:
Commands `jaeger install`, `multicluster link` give precedence to `LINKERD_DOCKER_REGISTRY` env var, whereas commands `install`, `upgrade` and `inject` give preference to `--register` flag.
Solution:
Make the commands consitent by giving precedence to `--register` flag in all commands.
Fixes: #11115
Signed-off-by: Harsh Soni <devilincarcerated020@yahoo.com>
Nico Feulner