### Motivation
In order to expose arbitrary headers through tap, headers and trailers should be
read from the linkerd2-proxy-api `TapEvent`s and set in the public `TapEvent`s.
This change should have no user facing changes as it just prepares the events
for JSON output in linkerd/linkerd2#3390
### Solution
The public API has been updated with a headers field for
`TapEvent_Http_RequestInit_` and `TapEvent_Http_ResponseInit_`, and trailers
field for `TapEvent_Http_ResponseEnd_`.
These values are set by reading the corresponding fields off of the proxy's tap
events.
The proto changes are equivalent to the proto changes proposed in
linkerd/linkerd2-proxy-api#33
Closes#3262
Signed-off-by: Kevin Leimkuhler <kleimkuhler@icloud.com>
## edge-19.9.4
This edge release introduces a redesigned sidebar in dashboard! The goal of the
redesign was to reduce load on Prometheus and simplify navigation by providing
top-level views centered around namespaces and workloads.
* CLI
* Introduced a new `--cluster-domain` flag to the `linkerd install` command
that allows setting a custom cluster domain (thanks @arminbuerkle!)
* Fixed the `linkerd endpoints` command to use the correct Destination API
address (thanks @Pothulapati!)
* Added `--disable-heartbeat` flag for `linkerd` `install|upgrade` commands
* Controller
* Instrumented the proxy-injector to provide additional metrics about
injection (thanks @Pothulapati!)
* Added support for `config.linkerd.io/admission-webhooks: disabled` label on
namespaces so that the pods creation events in these namespaces are ignored
by the proxy injector; this fixes situations in HA deployments where the
proxy-injector is installed in `kube-system` (thanks @hasheddan!)
* Web UI
* Workloads are now viewed by namespace, with an "All Namespaces" option, to
improve dashboard performance
* Proxy
* Added experimental distributed tracing support
Signed-off-by: Kevin Leimkuhler <kleimkuhler@icloud.com>
* Add the tracing environment variables to the proxy spec
* Add tracing event
* Remove unnecessary CLI change
* Update log message
* Handle single segment service name
* Use default service account if not provided
The injector doesn't read the defaults from the values.yaml
* Remove references to conf.workload.ownerRef in log messages
This nested field isn't always set.
Signed-off-by: Ivan Sim <ivan@buoyant.io>
This reverts commit edd3b1f6d4.
This is a temporary revert of #3461 while we sort out some details of how this should configured and how it should interact with configuring a trace collector on the Linkerd proxy. We will reintroduce this change once the config plan is straightened out.
Signed-off-by: Alex Leong <alex@buoyant.io>
Fixes#278
Add `linkerd install|upgrade --disable-heartbeat` flag, and have
`linkerd check` check for the heartbeat's SA only if it's enabled.
Also added those flags into the `linkerd upgrade -h` examples.
Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
When running linkerd in HA mode, a cluster can be broken by bringing down the proxy-injector.
Add a label to MWC namespace selctor that skips any namespace.
Fixes#3346
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
## Summary
[kind](https://github.com/kubernetes-sigs/kind) has been a helpful tool for running local Kubernetes clusters and
testing linkerd builds. Once images are built with `bin/docker-build`, the
images must be loaded into the kind cluster.
This script should be run after `bin/docker-build` and will load the images into
the specified kind cluster.
Example:
```
$ bin/docker-build
$ kind get clusters # show available clusters to load images on to
kleimkuhler
$ bin/kind-load kleimkuhler
$ ./target/cli/linux/linkerd install | kubectl apply -f -
```
Signed-off-by: Kevin Leimkuhler <kleimkuhler@icloud.com>
* make identity use grpc server with prom metrics
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
* linting fix
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
* Fix injector timeout under high load
Fixes#3358
When retrieving a pod owner, we were hitting the k8s API directly because
at injection time the informer might not have been informed about the
existence of the parent object.
Under a large number of injection requests this ended up in the k8s API requests
being throttled, the proxy-injector getting blocked and the webhook requests
timing out.
Now we'll hit the shared informer first, and hit the k8s API only when
the informer doesn't return anything. After a few injection requests for
the same owner, the informer should have been updated.
Testing:
Scaling an emoji deployment to 1000 replicas, and after waiting for a
couple of minutes:
Before:
```bash
# a portion of the pods doesn't get injected
$ kubectl-n emojivoto get po | grep ./1 | wc -l
109
kubectl -n kube-system logs -f kube-apiserver-minikube | grep
failing.*timeout
.... (lots of errors)
```
After:
```bash
# all the pods get injected
$ kubectl -n emojivoto get po | grep ./1 | wc -l
0
kubectl -n kube-system logs -f kube-apiserver-minikube | grep
failing.*timeout
```
This change updates the internals of the proxy's client to the
Destination controller. Other than some minor fixes to the client's
backoff logic, no user-facing changes are expected.
* Split service discovery into composable components (linkerd/linkerd2-proxy#341)
* logging: update `tracing` and `tracing-subscriber` (linkerd/linkerd2-proxy#352)
* resolve: Do not send the 'k8s' scheme (linkerd/linkerd2-proxy#356)
This PR disables the `Start` button in the dashboard's top routes view if there
is no namespace or resource type selected.
Previously, clicking `Start` on the top routes tab with empty namespace and
resource fields would result in a bad request error.
Signed-off-by: pierdipi <pierangelodipilato@gmail.com>
If the namespace is controlled by an external tool or can't be installed
with Helm, disable its installation
Fixes#3412
Signed-off-by: Eugene Glotov <kivagant@gmail.com>
* Update prometheus cadvisor config to only keep container resources metrics
Signed-off-by: Ivan Sim <ivan@buoyant.io>
* Drop unused large metric
Signed-off-by: Ivan Sim <ivan@buoyant.io>
* Fix unit test
Signed-off-by: Ivan Sim <ivan@buoyant.io>
* Siggy's feedback
Signed-off-by: Ivan Sim <ivan@buoyant.io>
* Fix unit test
Signed-off-by: Ivan Sim <ivan@buoyant.io>
Added a few comments in the Chart.yaml files to clarify that some
versions don't need to be updated.
Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
* Trim certs and keys in the Helm charts
Fixes#3419
When installing through the CLI the installation will fail if the certs
are malformed, so this only concerns the Helm templates.
Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
* Have CI push the Helm artifacts into GCS
- Added missing OWNERS and README files
- Added maintainers section to Chart.yaml
- Changed NOTES.txt so it points to the installation of the CLI
- Set the proxy-init version to v1.1.0 in values.yaml
Ref #3256
Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
The integration tests check for known k8s events using a regex. This
regex included an incorrect pattern that prepended a failure reason and
object, rather than simply the event message we were trying to match on.
This resulted in failures such as:
https://github.com/linkerd/linkerd2/runs/217872818#step:6:476
Fix the regex to only check for the event message. Also explicitly
differentiate reason, object, and message in the log output.
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
* Last changes before submitting to the Helm incubator
- Added missing OWNERS and README files
- Added maintainers section to Chart.yaml
- Changed NOTES.txt so it points to the installation of the CLI
- Set the proxy-init version to v1.1.0 in values.yaml
- Added missing ProfileValidator vars, and add 'do not edit' comment to the Identity.Issuer.CrtExpiryAnnotation value
- Added new self-hosted repo
- Added option to bin/helm-build
- Added DisableHeartBeat to README
Ref #3256
Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
The repo depended on an old version of client-go. It also depended on
stern, which itself depended on an old version of client-go, making
client-go upgrade non-trivial.
Update the repo to client-go v12.0.0, and also replace stern with a
fork.
This fork of stern includes the following changes:
- updated to use Go Modules
- updated to use client-go v12.0.0
- fixed log line interleaving:
- https://github.com/wercker/stern/issues/96
- based on:
- 8723308e46Fixes#3382
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
We're getting flakey `KillPodSandbox` events in the integration tests:
https://github.com/linkerd/linkerd2/runs/216505657#step:6:427
This is despite adding a regex for these events in #3380.
Modify the KillPodSandbox event regex to match on a broader set of
strings.
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
The kind clusters booted by the integration tests each had to pull
Prometheus and proxy-init images from the internet during linkerd
install.
Preemptively pull the images from the internet once, then execute `kind
load` commands for each of the clusters prior to starting integration
tests.
Depends on #3397
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
GitHub Actions has been running unit and integration tests, in parallel
with Travis running those same tests, and also handling master merges
and tags.
This change completes the transtion to GitHub Actions, removing all
references to Travis. Similar to Travis, GitHub Actions now acts on
master merges and tag pushes by pushing Docker images to gcr.io, and
running integration tests against a GKE cluster.
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
Alex Leong