Commit Graph

163 Commits

Author SHA1 Message Date
Kevin Leimkuhler ce9d1335d1
Add changes for edge-20.12.3 (#5383)
## edge-20.12.3

This edge release is functionally the same as `edge-20.12.2`. It fixes an issue
that prevented the release build from occurring.

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-12-14 13:29:40 -05:00
Kevin Leimkuhler b72b2d14b9
Add changes for edge-20.12.2 (#5367)
## edge-20.12.2

* Fixed an issue where the `proxy-injector` and `sp-validator` did not refresh
  their certs automatically when provided externally—like through cert-manager
* Added support for overrides flags to the `jaeger install` command to allow
  setting Helm values when installing the Linkerd-jaeger extension
* Added missing Helm values to the multicluster chart (thanks @DaspawnW!)
* Moved tracing functionality to the `linkerd-jaeger` extension
* Fixed various issues in developer shell scripts (thanks @joakimr-axis!)
* Fixed an issue where `install --ha` was only partially applying the high
  availability config
* Updated RBAC API versions in the CNI chart (thanks @glitchcrab!)
* Fixed an issue where TLS credentials are changed during upgrades, but the
  Linkerd webhooks would not restart, leaving them to use older credentials and
  fail requests
* Stopped publishing the multicluster link chart as its primary use case is in
  the `multicluster link` command and not being installed through Helm
* Added service mirror error logs for when the multicluster gateway's hostname
  cannot be resolved.

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-12-11 11:06:51 -05:00
Alex Leong 8ad546b302
edge-20.12.1 (#5324)
This edge release continues the work of decoupling non-core Linkerd components
by moving more tracing related functionality into the Linkerd-jaeger extension.

* Continued work on moving tracing functionality from the main control plane
  into the `linkerd-jaeger` extension
* Fixed a potential panic in the proxy when looking up a socket's peer address
  while under high load
* Added automatic readme generation for charts (thanks @GMarkfjard!)
* Fixed zsh completion for the CLI (thanks @jiraguha!)
* Added support for multicluster gateways of types other than LoadBalancer
  (thanks @DaspawnW!)

Signed-off-by: Alex Leong <alex@buoyant.io>
2020-12-03 14:35:57 -08:00
Alejandro Pedraza 62e208b99f
Release notes for edge-20.11.5 (#5284)
This edge release improves the proxy's support high-traffic workloads. It also
contains the first steps towards decoupling non-core Linkerd components, the
first iteration being a new `linkerd jaeger` sub-command for installing tracing.
Please note this is still a work in progress.

* Addressed some issues reported around clients seeing max-concurrency errors by
  increasing the default in-flight request limit to 100K pending requests
* Have the proxy appropriately set `content-type` when synthesizing gRPC error
  responses
* Bumped the `proxy-init` image to `v1.3.8` which is based off of
  `buster-20201117-slim` to reduce potential security vulnerabilities
* No longer panic in rare cases when `linkerd-config` doesn't have an entry for
  `Global` configs (thanks @hodbn!)
* Work in progress: the `/jaeger` directory now contains the charts and commands
  for installing the tracing component.
2020-11-27 07:35:00 -08:00
cpretzer 60f7aa324a
Fix some grammar and typos (#5261)
Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-11-23 09:23:32 -05:00
Kevin Leimkuhler 9a520ec2ca
Add notes for edge-20.11.4 (#5268)
## edge-20.11.4

* Fixed an issue in the destination service where endpoints always included a
  protocol hint, regardless of the controller label being present or not

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-11-20 16:56:45 -05:00
cpretzer c0a64946fb
edge-20.11.3 changes (#5255)
* edge-20.11.3 changes

Signed-off-by: Charles Pretzer <charles@buoyant.io>

* linting

Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-11-19 12:08:25 -08:00
Alex Leong b07347c3a6
edge-20.11.2 (#5220)
This edge release reduces memory consumption of Linkerd proxies which maintain
many idle connections (such as Prometheus).  It also removes some obsolete
commands from the CLI and allows setting custom annotations on multicluster
gateways.

* Reduced the default idle connection timeout to 5s for outbound clients and
  20s for inbound clients to reduce the proxy's memory footprint, especially on
  Prometheus instances
* Added support for setting annotations on the multicluster gateway in Helm
  which allows setting the load balancer as internal (thanks @shaikatz!)
* Removed the `get` and `logs` command from the CLI

Signed-off-by: Alex Leong <alex@buoyant.io>
2020-11-12 12:29:29 -08:00
Alejandro Pedraza 2ff70d4c7d
Changes for `stable-2.9.0` (#5174)
* Changes for `stable-2.9.0`

Only user-facing items were mentioned. There were previous edge release
notes contained a summary of a change, I preferred using that summary
instead of the more technical bullet point. Given the large list of
items, I separated into sections for easier digestion. Also, I didn't
repeat the TCP mTLS stuff (nor ARM support) below in the bullet points
as it was already well described in the summary.

## stable-2.9.0

This release extends Linkerd's zero-config mutual TLS (mTLS) support to all TCP
connections, allowing Linkerd to transparently encrypt and authenticate all TCP
connections in the cluster the moment it's installed. It also adds ARM support,
introduces a new multi-core proxy runtime for higher throughput, adds support
for Kubernetes service topologies, and lots, lots more, as described below:

* Proxy
  * Performed internal improvements for lower latencies under high concurrency
  * Reduced performance impact of logging , especially when the `debug` or
    `trace` log levels are disabled
  * Improved error handling for DNS errors encountered when discovering control
    plane addresses, which can be common during installation, before all
    components have been started, allowing linkerd to continue to operate
    normally in HA during node outages

* Control Plane
  * Added support for [topology-aware service
    routing](https://kubernetes.io/docs/concepts/services-networking/service-topology/)
    to the Destination controller; when providing service discovery updates to
    proxies the Destination controller will now filter endpoints based on the
    service's topology preferences
  * Added support for the new Kubernetes
    [EndpointSlice](https://kubernetes.io/docs/concepts/services-networking/endpoint-slices/)
    resource to the Destination controller; Linkerd can be installed with
    `--enable-endpoint-slices` flag to use this resource rather than the
    Endpoints API in clusters where this new API is supported

* Dashboard
  * Added new Spanish translations (please help us translate into your
    language!)
  * Added new section for exposing multicluster gateway metrics

* CLI
  * Renamed the `--addon-config` flag to `--config` to clarify this flag can be
    used
  * Added fish shell completions to the `linkerd` command to set any Helm value

* Multicluster
  * Replaced the single `service-mirror` controller, with separate controllers
    that will be installed per target cluster through `linkerd multicluster
    link`
  * Changed the mechanism for mirroring services: instead of relying on
    annotations on the target services, now the source cluster should specify
    which services from the target cluster should be exported by using a label
    selector
  * Added support for creating multiple service accounts when installing
    multicluster with Helm to allow more granular revocation
  * Added a multicluster `unlink` command for removing multicluster links

* Prometheus
  * Moved Linkerd's bundled Prometheus into an add-on (enabled by default); this
    makes the Linkerd Prometheus more configurable, gives it a separate upgrade
    lifecycle from the rest of the control plane, and will allow users to
    disable the bundled Prometheus instance
  * The long-awaited Bring-Your-Own-Prometheus case has been finally addressed:
    added `global.prometheusUrl` to the Helm config to have linkerd use an
    external Prometheus instance instead of the one provided by default
  * Added an option to persist data to a volume instead of memory, so that
    historical metrics are available when prometheus is restarted
  * The helm chart can now configure persistent storage and limits

* Other
  * Added a new `linkerd.io/inject: ingress` annotation and accompanying
    `--ingress` flag to the `inject command, to configure the proxy to support
    service profiles and enable per-route metrics and traffic splits for HTTP
    ingress controllers
  * Changed the type of the injector and tap API secrets to `kubernetes.io/tls`
    so they can be provisioned by cert-manager
  * Changed default docker image repository to `ghcr.io` from `gcr.io`; **Users
    who pull the images into private repositories should take note of this
    change**
  * Introduced support for authenticated docker registries
  * Simplified the way that Linkerd stores its configuration; configuration is
    now stored as Helm values in the `linkerd-config` ConfigMap
  * Added support for Helm configuration of per-component proxy resources
    requests

This release includes changes from a massive list of contributors. A special
thank-you to everyone who helped make this release possible: --long
list, see file --

* Fixed some bad copypasta

* Apply suggestions from code review

Co-authored-by: Kevin Leimkuhler <kevin@kleimkuhler.com>

Co-authored-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-11-06 12:54:06 -05:00
Kevin Leimkuhler dc6e2114c9
Add changes for edge-20.11.1 (#5167)
This edge supersedes edge-20.10.6 as a release candidate for stable-2.9.0.

* Fixed issue where the `check` command would error when there is no Prometheus
  configured
* Fixed recent regression that caused multicluster on EKS to not work properly
* Changed the `check` command to warn instead of error when webhook certificates
  are near expiry
* Added the `--ingress` flag to the `inject` command which adds the recently
  introduced `linkerd.io/inject: ingress` annotation
* Fixed issue with upgrades where external certs would be fetched and stored
  even though this does not happen on fresh installs with externally created
  certs
* Fixed issue with upgrades where the issuer cert expiration was being reset
* Removed the `--registry` flag from the `multicluster install` command
* Removed default CPU limits for the proxy and control plane components in HA
  mode

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-11-03 13:21:16 -05:00
Eliza Weisman 8c6a2c576c
update changelog for edge-20.10.6 (#5145)
This edge supersedes edge-20.10.5 as a release candidate for
stable-2.9.0. It adds a new `linkerd.io/inject: ingress` annotation to
support service profiles and enable per-route metrics and traffic splits
for HTTP ingress controllers

* Added a new `linkerd.io/inject: ingress` annotation to configure the
  proxy to support service profiles and enable per-route metrics and
  traffic splits for HTTP ingress controllers
* Reduced performance impact of logging in the proxy, especially when
  the `debug` or `trace` log levels are disabled
* Fixed spurious warnings logged by the `linkerd profile` CLI command

Signed-off-by: Eliza Weisman <eliza@buoyant.io>
2020-10-27 11:06:15 -07:00
cpretzer 5c9d34846e
Changes for edge-20.10.5 (#5127)
Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-10-23 09:57:54 -07:00
cpretzer 460920633d
Changes for edge-20.10.4 (#5123)
* Changes for edge-20.10.4

Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-10-22 14:06:44 -07:00
Alex Leong eccc6d1214
edge-20.10.3 (#5079)
This edge release is a release candidate for stable-2.9.0.  It overhauls the
discovery and routing logic implemented by the proxy, simplifies the way that
Linkerd stores configuration, and adds new Helm values to configure additional
labels, annotations, and namespace selectors for webhooks.

* Added podLabels and podAnnotations Helm values to allow adding additional
  labels or annotations to Linkerd control plane pods (thanks @tustvold!)
* Added namespaceSelector Helm value for configuring the namespace selector
  used by admission webhooks (thanks @tustvold!)
* Expanded the 'linkerd edges' command to show TCP connections
* Overhauled the discovery and routing logic implemented by the proxy:
  * The `l5d-dst-override` header is no longer honored
  * When the application attempts to connect to a pod IP, the proxy no
    longer load balances these requests among all pods in the service.
    The proxy will now honor session-stickiness as selected by an
    application-level load balancer
  * `TrafficSplits` are only applied when a client targets a service's IP
  * The proxy no longer performs DNS "canonicalization" to translate
    relative host header names to a fully-qualified form
* Simplified the way that Linkerd stores its configuration.  Configuration is
  now stored as Helm values in the linkerd-config ConfigMap
* Renamed the --addon-config flag to --config to clarify this flag can be used
  to set any Helm value

Signed-off-by: Alex Leong <alex@buoyant.io>
2020-10-14 09:59:59 -07:00
Zahari Dichev c1bc91dc9c
edge-20.10.2 (#5050)
## edge-20.10.2

This edge release adds more improvements for mTLS for all TCP traffic.
It also includes significant internal improvements to the way Linkerd
configuration is stored within the cluster.

* Changed TCP metrics exported by the proxy to ensure that peer
  identities are encoded via the `client_id` and `server_id` labels.
* Removed the dependency of control plane components on `linkerd-config`
* Updated the data structure `proxy-injector` uses to derive the configuration
  used when injecting workloads
2020-10-08 20:18:07 +03:00
Alejandro Pedraza 2b7bc7362a
Edge-20.10.1 changes (#5033)
* Edge-20.10.1 changes

## edge-20.10.1

This edge release includes a couple of external contributions towards
improved cert-manager support and Grafana charts fixes, among other
enhancements.

* Changed the type of the injector and tap API secrets to `kubernetes.io/tls`,
  so they can be provisioned by cert-manager (thanks @cypherfox!)
* Fixed the "Kubernetes cluster monitoring" Grafana dashboard that had a few
  charts with incomplete data (thanks @aimbot31!)
* Fixed the `service-mirror` multicluster component so that it retries
  connections to the target cluster's Kubernetes API when it's not reachable,
  instead of blocking
* Increased the proxy's default timeout for DNS resolution to 500ms, as there
  were reports that 100ms was too restrictive

Co-authored-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-10-01 15:35:34 -05:00
Kevin Leimkuhler 55dd49e826
Add changes for edge-20.9.4 (#5004)
## edge-20.9.4

This edge release introduces support for authenticated docker registries and
fixes a recent multicluster regression.

* Fixed a regression in multicluster gateway configurations that would forbid
  inbound gateway traffic
* Upgraded bundled Grafana to v7.1.5
* Enabled Jaeger receiver in collector configuration in Helm chart (thanks
  @olivierboudet!)
* Fixed skip port configuration being skipped in CNI plugin
* Introduced support for authenticated docker registries (thanks @c-n-c!)

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-09-24 19:29:20 -04:00
Eliza Weisman 77a55be765
update changelog for edge-20.9.3 (#4982)
This edge release includes fixes and updates for the control plane and
CLI.

* Added `--dest-cni-bin-dir` flag to the `linkerd install-cni` command,
  to configure the directory on the host where the CNI binary will be
  placed
* Removed `collector.name` and `jaeger.name` config fields from the
  tracing addon
* Updated Jaeger to 1.19.2
* Fixed a warning about deprecated Go packages in controller container
  logs
2020-09-17 12:15:35 -07:00
cpretzer 8d1fb80839
edge-20.9.2 Changes (#4961)
* edge-20.9.2 Changes

Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-09-10 21:50:27 -07:00
Alejandro Pedraza 565b5e43b9
Edge-20.9.1 release notes (#4942)
## edge-20.9.1

This edge release contains an important proxy update that allows linkerd to
continue to operate normally in HA during node outages. We're also adding full
Kubernetes 1.19 support!

* Improved the proxy's error handling for DNS errors encountered when
  discovering control plane addresses, which can be common during installation,
  before all components have been started
* The destination and identity services had to be made headless in order to
  support that new controller discovery (which now can leverage SRV records)
* Use SAN fields when generating the linkerd webhook configs; this completes the
  Kubernetes 1.19 support which enforces them
* Fixed `linkerd check` for multicluster that was spuriously claiming the
  absence of some resources
* Improved the injection test cleanup (thanks @zhouhao3!)
* Added ability to run the integration test suite using a cluster in an ARM
  architecture (thanks @aliariff!)
2020-09-03 14:28:47 -05:00
Zahari Dichev d28044db7a
edge-20.8.4 (#4916)
## edge-20.8.4

* Fixed a problem causing the `enable-endpoint-slices` flag to not be persisted
  when set via `linkerd upgrade` (thanks @Matei207!)
* Removed SMI-Metrics templates and experimental sub-commands
* Use `--frozen-lockfile` to avoid accidental update of dashboard JS
  dependencies in CI (thanks @tharun208!)

Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>
2020-08-27 18:43:12 +03:00
Eliza Weisman 83d69beded
update changelog for edge-20.8.3 (#4904)
This edge release adds support for [topology-aware service routing][1]
to the Destination controller. When providing service discovery updates
to proxies, the Destination controller will now filter endpoints based
on the service's topology preferences. Additionally, this release
includes bug fixes for the `linkerd check` CLI command and web
dashboard.

* CLI
  * `linkerd check` will no longer warn about a looser webhook failure
    policy in HA mode
* Controller
  * Added support for [topology-aware service routing][1] to the
    Destination controller (thanks @Matei207)
  * Changed the Destination controller to always return destination
    overrides for service profiles when no traffic split is present
* Web UI
  * Fixed Tap `Authority` dropdown not being populated (thanks to
    @tharun208!)

[1]: https://kubernetes.io/docs/concepts/services-networking/service-topology/
2020-08-21 12:51:35 -07:00
cpretzer 311a97a6fc
Changes for edge-20.8.2 (#4883)
* Changes for edge-20.8.2

Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-08-14 17:40:42 -07:00
Josh Soref 72aadb540f
Spelling (#4872)
This PR corrects misspellings identified by the [check-spelling action](https://github.com/marketplace/actions/check-spelling).

The misspellings have been reported at aaf440489e (commitcomment-41423663)

The action reports that the changes in this PR would make it happy: 5b82c6c5ca

Note: this PR does not include the action. If you're interested in running a spell check on every PR and push, that can be offered separately.

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-08-12 21:59:50 -07:00
Alex Leong 729abf7f72
edge-20.8.1 (#4849)
This edge adds multi-arch support to Linkerd! Our docker images and CLI now
support the amd64, arm64, and arm architectures.

* Multicluster
  * Added a multicluster unlink command for removing multicluster links
  * Improved multicluster checks to be more informative when the remote API is
    not reachable
* Proxy
  * Enabled a multi-threaded runtime to substantially improve latency especially
    when the proxy is serving requests for many concurrent connections
* Other
  * Fixed an issue where the debug sidecar image was missing during upgrades
    (thanks @javaducky!)
  * Updated all control plane plane and proxy container images to be multi-arch
    to support amd64, arm64, and arm (thanks @aliariff!)
  * Fixed an issue where check was failing when DisableHeartBeat was set to true
    (thanks @mvaal!)
2020-08-11 11:55:07 -07:00
Alejandro Pedraza e62ff75cde
Change notes for edge-20.7.5 (#4816)
* Change notes for eddge-20.7.5
2020-07-30 17:15:22 -05:00
Zahari Dichev 76f73a2790
edge-20.7.4 (#4785)
## edge-20.7.4

This edge release adds support for the new Kubernetes [EndpointSlice] resource
to the Destination controller. Using the EndpointSlice API is more efficient
for the Kubernetes control plane than using the Endpoints API. If the cluster
supports EndpointSlices (a beta feature in Kubernetes 1.17), Linkerd can be
installed with `--enable-endpoint-slices` flag to use this resource rather
than the Endpoints API.

* Added fish shell completions to the `linkerd` command (thanks @WLun001!)
* Enabled the support for EndpointSlices (thanks @Matei207!)
* Separated prometheus checks and made them runnable only when the add-on
  is enabled

Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>
2020-07-23 22:46:53 +03:00
Kevin Leimkuhler f9a8ed29df
Add changes for edge-20.7.3 (#4766)
## edge-20.7.3

This edge release introduces an install flag for EndpointSlices. With this flag,
endpoint slices can be used as a resource in the destination service instead of
the endpoints resource.

* Introduce CLI and Helm install flag for EndpointSlices (thanks @Matei207!)
* Internal improvements to the CI process for testing Helm installations

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-07-17 13:19:37 -07:00
Eliza Weisman 212c51acfb
update changelog for edge-20.7.2 (#4741)
This edge release moves Linkerd's bundled Prometheus into an add-on.
This makes the Linkerd Prometheus more configurable, gives it a separate
upgrade lifecycle from the rest of the control plane, and allows users
to disable the bundled Prometheus instance. In addition, this release
includes fixes for several issues, including a regression where the
proxy would fail to report OpenCensus spans.

* Prometheus is now an optional add-on, enabled by default
* Custom tolerations can now be specified for control plane resources
  when installing with Helm (thanks @DesmondH0!)
* Evicted data plane pods are no longer considered to be failed by
  `linkerd check --proxy`, fixing an issue where the check would be
  retried indefinitely as long as evicted pods are present
* Fixed a regression where proxy spans were not reported to OpenCensus
* Fixed a bug where the proxy injector would fail to render skipped port
  lists when installed with Helm
* Internal improvements to the proxy for lower latencies under high
  concurrency
* Thanks to @Hellcatlk and @surajssd for adding new unit tests and
  spelling fixes!
2020-07-09 14:48:47 -07:00
cpretzer 3862aba314
Release edge-20.7.1 (#4698)
* Release edge-20.7.1

Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-07-03 08:42:58 -07:00
Alex Leong 1b9ca5187a
edge-20.6.4 (#4672)
This edge release moves the proxy onto a new version of the Tokio runtime. This
allows us to more easily integrate with the ecosystem and may yield performance
benefits as well.

* Upgraded the proxy's underlying Tokio runtime and its related libraries
* Added support for PKCS8 formatted ECDSA private keys
* Added support for Helm configuration of per-component proxy resources requests
  and limits (thanks @cypherfox!)
* Updated the `linkerd inject` command to throw an error while injecting
  non-compliant pods (thanks @mayankshah1607)

Signed-off-by: Alex Leong <alex@buoyant.io>
2020-06-25 14:52:33 -07:00
Alejandro Pedraza 83ae0ccf0f
Release notes for stable-2.8.1 (#4652)
* Release notes for stable-2.8.1

This release fixes multicluster gateways support on EKS.

* The multicluster service-mirror has been extended to resolve DNS names for
  target clusters when an IP address is not known.
* Linkerd checks could fail when run from the dashboard. Thanks to @alex-berger
  for providing a fix!
* Have the service mirror controller check in `linkerd check` retry on failures.
* As of this version we're including a Chocolatey package (Windows) next to the
  other binaries in the release assets in GitHub.
* Base images have been updated:
  * debian:buster-20200514-slim
  * grafana/grafana:7.0.3
* The shell scripts under `bin` continued to be improved, thanks to @joakimr-axis!
2020-06-23 12:12:06 -05:00
Zahari Dichev fe373414aa
Changes for edge-20.6.3 (#4629)
## edge-20.6.3

This edge release is a release candidate for stable-2.8.1. It includes a fix
to support multicluster gateways on EKS.

* The `config.linkerd.io/proxy-destination-get-networks` annotation configures
  the networks for which a proxy can discover metadata. This is an advanced
  configuration option that has security implications.
* The multicluster service-mirror has been extended to resolve DNS names for
  target clusters when an IP address it not known.
* Linkerd checks could fail when run from the dashboard. Thanks to @alex-berger
  for providing a fix!
* The CLI will be published for Chocolatey (Windows) on future stable releases.
* Base images have been updated:
  * debian:buster-20200514-slim
  * grafana/grafana:7.0.3

Signed-off-by: Zahari Dichev zaharidichev@gmail.com
Co-authored-by: Oliver Gould <ver@buoyant.io>
2020-06-18 20:32:08 +03:00
Oliver Gould 37f3b10d28
stable-2.8.0: Add note regarding #4582 (#4583)
Add a note warning users that `multicluster` does not yet work with on
Amazon EKS (#4582).
2020-06-09 10:57:43 -07:00
Oliver Gould 3d77f06f1a
Add release notes for stable-2.8.0 (#4577) 2020-06-09 09:23:44 -07:00
Alejandro Pedraza b5eec3f05b
Edge-20.6.2 release notes (#4564) 2020-06-05 15:36:44 -05:00
Kevin Leimkuhler 2a3e05f03b
Add changes for edge-20.6.1 (#4547)
## edge-20.6.1

This edge release is a release candidate for `stable-2.8`! It introduces several
improvements and fixes for multicluster support.

* CLI
  * Added multicluster daisy chain checks to `linkerd check`
  * Added list of successful gatways in multicluster checks section of `linkerd
    check`
* Controller
  * Renamed multicluster gateway ports to `mc-gateway` and `mc-probe`
  * Fixed Service Profiles routes for `linkerd-prometheus`
* Internal
  * Fixed array handling in the `bin/fmt` script
  * Improved error reporting for scripts in failed CI runs
  * Improved logs and event reporting in CI for all integration test failures
  * Fixed `uname` flags for Darwin in the `bin/lint` script
  * Fixed shellcheck errors in all `bin/` scripts (thanks @joakimr-axis!)
* Helm
  * Added support for `linkerd mc allow`
  * Added ability to disable secret rescources for self-signed certs (thanks
    @cypherfox!)
* Proxy
  * Modified the `linkerd-gateway` component to use the inbound proxy, rather
    than nginx, for gateway; this allows Linkerd to detect loops and propogate
    identity

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-06-03 22:09:21 -04:00
cpretzer fb18295430
changes for edge-20.5.5 (#4504)
* changes for edge-20.5.5

Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-05-28 14:49:45 -07:00
Alex Leong 05b9e4c7d7
edge-20.5.4 (#4463)
* CLI
  * Fixed the display of the meshed pod column for non-selector services in
    `linkerd stat` output
  * Added an `addon-overwrite` upgrade flag which allows users to overwrite the
    existing addon config rather than merging into it
  * Added a `--close-wait-timeout` inject flag which sets the 
    `nf_conntrack_tcp_timeout_close_wait` property which can be used to mitigate
    connection issues with application that hold half-closed sockets
* Controller
  * Restricted the service-mirror's RBAC permissions so that it no longer is
    able to read secrets in all namespaces
  * Moved many multicluster components into the `linkerd-multicluster` namespace
    by default
  * Added multicluster gateway mirror services to allow multicluster liveness
    probes to work in private networks
  * Fixed an issue where multicluster gateway mirror services could be
    incorrectly deleted during a resync
* Internal
  * Fixed many style issues in build scripts (thanks @joakimr-axis!)
* Helm
  * Added `global.grafanaUrl` variable to allow using an existing Grafana
    installation

Signed-off-by: Alex Leong <alex@buoyant.io>
2020-05-21 16:45:20 -07:00
Kevin Leimkuhler b407196549
Lint all markdown files (#4403)
## Motivation

Necessary lints for #4402

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-05-19 09:59:26 -07:00
Alejandro Pedraza 41ce6ccdbd
Release notes for edge-20.5.3 (#4396) 2020-05-14 14:25:35 -05:00
Zahari Dichev fb588e79b5
edge-20.5.2 changes (#4379)
* CLI
  * Added a section to the `linkerd check` that validates that all
    clusters part of a multicluster setup have compatible trust anchors
  * Modified the `inkerd cluster export-service` command to work by
    transforming yaml instead of modifying cluster state
  * Added functionality that allows the `linkerd cluster export-service`
    command to operate on lists of services   
* Controller
  * Changed the multicluster gateway to always require TLS on connections
    originating from outside the cluster
  * Removed admin server timeouts from control plane components, thereby
    fixing a bug that can cause liveness checks to fail
* Helm
  * Moved Grafana templates into a separate add-on chart    
* Proxy
  * Improved latency under high-concurrency use cases.  

Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>
2020-05-12 20:46:01 +03:00
Kevin Leimkuhler d7ca4f886c
Add changes for edge-20.5.1 (#4348)
## edge-20.5.1

* CLI
  * Fixed all commands to use kubeconfig's default namespace if specified
    (thanks @Matei207!)
  * Added multicluster checks to the `linkerd check` command
  * Hid development flags in the `linkerd install` command for release builds
* Controller
  * Added ability to configure Prometheus Altermanager as well as recording
    and alerting rules on the Linkerd Prometheus (thanks @naseemkullah!)
  * Added ability to add more commandline flags to the Prometheus command
    (thanks @naseemkullah!)
* Web UI
  * Fixed TrafficSplit detail page not loading
  * Added Jaeger links to the dashboard when the tracing addon is enabled
* Proxy
  * Modified internal buffering to avoid idling out services as a request
    arrives, fixing failures for requests that are sent exactly once per
    minute--such as Prometheus scrapes

Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
2020-05-07 17:21:16 -07:00
Eliza Weisman 6f835c006d
update changelog for edge-20.4.5 (#4314)
* update changelog for edge-20.4.5

This edge release includes several new CLI commands for use with
multi-cluster gateways, and adds liveness checks and metrics for
gateways. Additionally, it makes the proxy's gRPC error-handling
behavior more consistent with other implementations, and includes a fix
for a bug in the web UI.

* CLI
  * Added `linkerd cluster setup-remote` command for setting up a
    multi-cluster gateway
  * Added `linkerd cluster gateways` command to display stats for
    multi-cluster gateways
  * Changed `linkerd cluster export-service` to modify a provided YAML
    file and output it, rather than mutating the cluster
* Controller
  * Added liveness checks and Prometheus metrics for multi-cluster
    gateways
  * Changed the proxy injector to configure proxies to do destination
    lookups for IPs in the private IP range
* Web UI
  * Fixed errors when viewing resource detail pages
* Internal 
 * Created script and config to build a Linkerd CLI Chocolatey package
    for Windows users, which will be published with stable releases 
    (thanks to @drholmie!)
* Proxy
  * Changed the proxy to set a `grpc-status: UNAVAILABLE` trailer when a
    gRPC response stream is interrupted by a transport error

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* review feedback

Signed-off-by: Eliza Weisman <eliza@buoyant.io>
2020-04-30 15:23:13 -07:00
cpretzer 64aff41f93
Release edge-20.4.4
Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-04-24 17:03:37 -07:00
cpretzer 93f8b96649
Release notes for edge-20.4.3 (#4290)
* Release notes for edge-20.4.3

Signed-off-by: Charles Pretzer <charles@buoyant.io>
2020-04-24 10:40:06 -07:00
Zahari Dichev ecd44d85fa
Changes for edge-20.4.2 (#4263)
*## edge-20.4.2

This release brings a number of CLI fixes and Controller improvements.

* CLI
  * Fixed a bug that caused the proxy to crash after upgrade if
    `--skip-outbound-ports` or `--skip-inbound-ports` were used
  * Added `unmeshed` flag to the `stat` command, such that unmeshed resources
    are only displayed if the user opts-in
  * Added a `--smi-metrics` flag to `install`, to allow installation of the
    experimental `linkerd-smi-metrics` component
  * Fixed a bug in `linkerd stat`, causing incorrect output formatting when using
    the `wide` flag
  * Fixed a bug, causing `linkerd uninstall` to fail when attempting to delete
    PSPs
* Controller
  * Improved the anti-affinity of `linkerd-smi-metrics` deployment to avoid
    pod scheduling problems during `upgrade`
  * Improved endpoints change detection in the `destinations` service, enabling
    mirrored remote services to change cluster gateways     

Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>
2020-04-16 19:57:42 +03:00
Alejandro Pedraza 7a6e7c3b38
edge-20.4.1 (#4229)
* edge-20.4.1

This release introduces some cool new functionalities, all provided by our
awesome community of contributors! Also two bugs were fixed that were introduced
since edge-20.3.2.

* CLI
  * Added `linkerd uninstall` command to uninstall the control plane (thanks
    @Matei207!)
  * Fixed a bug causing `linkerd routes -o wide` to not show the proper actual
    success rate
* Controller
  * Fail proxy injection if the pod spec has `automountServiceAccountToken`
    disabled (thanks @mayankshah1607!)
* Web UI
  * Added a route dashboard to Grafana (thanks @lundbird!)
* Proxy
  * Fixed a bug causing the proxy's inbound to spuriously return 503 timeouts
2020-04-02 18:54:46 -05:00
Alex Leong 27a4c8a073
edge-20.3.4 (#4204)
This release introduces several fixes and improvements to the CLI.

* CLI
  * Added support for kubectl-style label selectors in many CLI commands (thanks
    @mayankshah1607!)
  * Fixed the path regex in service profiles generated from proto files without
    a package name (thanks @amariampolskiy!)
  * Fixed an error when injecting Cronjobs that have no metadata
  * Relaxed the clock skew check to match the default node heartbeat interval
    on Kubernetes 1.17 and made this check a warning
  * Fixed a bug where the linkerd-smi-metrics pod could not be created on
    clusters with pod security policy enabled
* Internal
  * Upgraded tracing components to more recent versions and improved resource
    defaults (thanks @Pothulapati!)

Signed-off-by: Alex Leong <alex@buoyant.io>
2020-03-26 14:54:12 -07:00
Eliza Weisman fcc8700be3
Update changelog for edge-20.3.3 (#4187)
## edge-20.3.3

This release introduces new experimental CLI commands for querying metrics using
the Service Mesh Interface (SMI) and for multi-cluster support via service
mirroring.

If you would like to learn more about service mirroring or SMI, or are
interested in experimenting with these features, please join us in
[Linkerd Slack](https://slack.linkerd.io) for help and feedback.

* CLI
  * Added experimental `linkerd cluster` commands for managing multi-cluster
    service mirroring
  * Added the experimental `linkerd alpha clients` command, which uses the
    smi-metrics API to display client-side metrics from each of a resource's
    clients
  * Added retries to some `linkerd check` checks to prevent spurious failures
    when run immediately after cluster creation or Linkerd installation
2020-03-19 12:48:44 -07:00