Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency linkerd/linkerd2 to edge-23.12.4 #421

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency linkerd/linkerd2 to edge-23.12.4 #421

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 5, 2024

This PR contains the following updates:

Package Update Change
linkerd/linkerd2 minor edge-23.9.4 -> edge-23.12.4
linkerd/linkerd2 minor edge-23.9.3 -> edge-23.12.4

Release Notes

linkerd/linkerd2 (linkerd/linkerd2)

vedge-23.12.4

Compare Source

This edge release includes fixes and improvements to the destination
controller's endpoint resolution API.

  • Fixed an issue in the control plane where discovery for pod IP addresses could
    hang indefinitely (#​11815)
  • Updated the proxy to enforce time limits on control plane response streams so
    that proxies more naturally distribute load over control plane replicas
    (#​11837)
  • Fixed the policy's controller service metadata responses so that proxy logs
    and metrics have informative values (#​11842)

vedge-23.12.3

Compare Source

This edge release contains improvements to the logging and diagnostics of the
destination controller.

  • Added a control plane metric to count errors talking to the Kubernetes API
    (#​11774)
  • Fixed an issue causing spurious destination controller error messages for
    profile lookups on unmeshed pods with port in default opaque list (#​11550)

vedge-23.12.2

Compare Source

This edge release includes a restructuring of the proxy's balancer along with
accompanying new metrics. The new minimum supported Kubernetes version is 1.22.

  • Restructured the proxy's balancer (#​11750): balancer changes may now occur
    independently of request processing. Fail-fast circuit breaking is enforced on
    the balancer's queue so that requests can't get stuck in a queue indefinitely.
    This new balancer is instrumented with new metrics: request (in-queue) latency
    histograms, failfast states, discovery updates counts, and balancer endpoint
    pool sizes.
  • Changed how the policy controller updates HTTPRoute status so that it doesn't
    affect statuses from other non-linkerd controllers (#​11705; fixes #​11659)

vedge-23.12.1

Compare Source

This edge release introduces new configuration values in the identity
controller for client-go's QPS and Burst settings. Default values for these
settings have also been raised from 5 (QPS) and 10 (Burst) to 100 and
200 respectively.

  • Added namespaceSelector fields for the tap-injector and jaeger-injector
    webhooks. The webhooks are now configured to skip kube-system by default
    (#​11649; fixes #​11647) (thanks @​mikutas!)
  • Added the ability to configure client-go's QPS and Burst settings in the
    identity controller (#​11644)
  • Improved client-go logging visibility throughout the control plane's
    components (#​11632)
  • Introduced PodDisruptionBudgets in the linkerd-viz Helm chart for tap and
    tap-injector (#​11628; fixes #​11248) (thanks @​mcharriere!)

vedge-23.11.4

Compare Source

This edge release introduces support for the native sidecar containers entering
beta support in Kubernetes 1.29. This improves the startup and shutdown ordering
for the proxy relative to other containers, fixing the long-standing
shutdown issue with injected Jobs. Furthermore, traffic from other
initContainers can now be proxied by Linkerd.

In addition, this edge release includes Helm chart improvements, and improvements
to the multicluster extension.

  • Added a new config.alpha.linkerd.io/proxy-enable-native-sidecar annotation
    and Proxy.NativeSidecar Helm option that causes the proxy container to run
    as an init-container (thanks @​teejaded!) (#​11465; fixes #​11461)
  • Fixed broken affinity rules for the multicluster service-mirror when running
    in HA mode (#​11609; fixes #​11603)
  • Added a new check to linkerd check that ensures all extension namespaces are
    configured properly (#​11629; fixes #​11509)
  • Updated the Prometheus Docker image used by the linkerd-viz extension to
    v2.48.0, resolving a number of CVEs in older Prometheus versions (#​11633)
  • Added nodeAffinity to deployment templates in the linkerd-viz and
    linkerd-jaeger Helm charts (thanks @​naing2victor!) (#​11464; fixes
    #​10680)

vedge-23.11.3

Compare Source

This edge release fixes a bug where Linkerd could cause EOF errors during bursts
of TCP connections.

  • Fixed a bug where the linkerd multicluster link command's
    --gateway-addresses flag was not respected when a remote gateway exists
    (#​11564)
  • proxy: Increased DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY to prevent EOF errors
    during bursts of TCP connections

vedge-23.11.2

Compare Source

This edge release contains observability improvements and bug fixes to the
Destination controller, and a refinement to the multicluster gateway resolution
logic.

  • Fixed an issue where the Destination controller could stop processing service
    profile updates, if a proxy subscribed to those updates stops reading them;
    this is a followup to the issue [#​11491] fixed in edge-23.10.3 (#​11546)
  • In the Destination controller, added informer lag histogram metrics to track
    whenever the Kubernetes objects watched by the controller are falling behind
    the state in the kube-apiserver (#​11534)
  • In the multicluster service mirror, extended the target gateway resolution
    logic to take into account all the possible IPs a hostname might resolve to,
    rather than just the first one (thanks @​MrFreezeex!) (#​11499)
  • Added probes to the debug container to appease environments requiring probes
    for all containers (#​11308)

vedge-23.11.1

Compare Source

This edge release fixes two bugs in the Destination controller that could cause
outbound connections to hang indefinitely.

  • helm: Introduce configurable values for protocol detection (#​11536)
  • destination: Fix GetProfiles error when address is opaque and unmeshed (#​11556)
  • destination: Return NotFound for unknown pod names (#​11540)
  • proxy: Log controller errors at WARN
  • proxy: Fix grpc_status metric labels for inbound traffic

vedge-23.10.4

Compare Source

This edge release includes a fix for the ServiceProfile CRD resource schema.
The schema incorrectly required not response matches to be arrays, while the
in-cluster validator parsed not response matches as objects. In addition, an
issues has been fixed in linkerd profile. When used with the --open-api
flag, it would not strip trailing slashes when generating a resource from
swagger specifications.

  • Fixed an issue where trailing slashes wouldn't be stripped when generating
    ServiceProfile resources through linkerd profile --open-api (#​11519)
  • Fixed an issue in the ServiceProfile CRD schema. The schema incorrectly
    required that a not response match should be an array, which the service
    profile validator rejected since it expected an object. The schema has been
    updated to properly indicate that not values should be an object (#​11510;
    fixes #​11483)
  • Improved logging in the destination controller by adding the client pod's
    name to the logging context. This will improve visibility into the messages
    sent and received by the control plane from a specific proxy (#​11532)
  • Fixed an issue in the destination controller where the metadata API would not
    initialize a Job informer. The destination controller uses the metadata API
    to retrieve Job metadata, and relies mostly on informers. Without an
    initialized informer, an error message would be logged, and the controller
    relied on direct API calls (#​11541; fixes #​11531)

vedge-23.10.3

Compare Source

This edge release fixes issues in the proxy and Destination controller which can
result in Linkerd proxies sending traffic to stale endpoints. In addition, it
contains other bugfixes and updates dependencies to include patches for the
security advisories CVE-2023-44487/GHSA-qppj-fm5r-hxr3 and GHSA-c827-hfw6-qwvm.

  • Fixed an issue where the Destination controller could stop processing
    changes in the endpoints of a destination, if a proxy subscribed to that
    destination stops reading service discovery updates. This issue results in
    proxies attempting to send traffic for that destination to stale endpoints
    (#​11491, fixes #​11480, #​11279, and #​10590)
  • Fixed a regression introduced in stable-2.13.0 where proxies would not
    terminate unused service discovery watches, exerting backpressure on the
    Destination controller which could cause it to become stuck
    (linkerd2-proxy#2484 and linkerd2-proxy#2486)
  • Added INFO-level logging to the proxy when endpoints are added or removed
    from a load balancer. These logs are enabled by default, and can be disabled
    by setting the proxy log level to
    warn,linkerd=info,linkerd_proxy_balance=warn or similar
    (linkerd2-proxy#2486)
  • Fixed a regression where the proxy rendered grpc_status metric labels as a
    string rather than as the numeric status code (linkerd2-proxy#2480; fixes
    #​11449)
  • Extended linkerd-jaeger's imagePullSecrets Helm value to also apply to
    the namespace-metadata ServiceAccount (#​11504)
  • Updated the control plane's dependency on the golang.google.org/grpc Go
    package to include patches for CVE-2023-44487/GHSA-qppj-fm5r-hxr3 ([#​11496])
  • Updated dependencies on rustix to include patches for GHSA-c827-hfw6-qwvm
    (linkerd2-proxy#2488 and #​11512).

vedge-23.10.2

Compare Source

This edge release includes a fix addressing an issue during upgrades for
instances not relying on automated webhook certificate management (like
cert-manager provides).

  • Added a checksum/config annotation to the destination and proxy injector
    deployment manifests, to force restarting those workloads whenever their
    webhook secrets change during upgrade (thanks @​iAnomaly!) (#​11440)
  • Fixed policy controller error when deleting a Gateway API HTTPRoute resource
    (#​11471)

vedge-23.10.1

Compare Source

This edge release adds additional configurability to Linkerd's viz and
multicluster extensions.

  • Added a podAnnotations Helm value to allow adding additional annotations to
    the Linkerd-Viz Prometheus Deployment (#​11365) (thanks @​cemenson)
  • Added imagePullSecrets Helm values to the multicluster chart so that it can
    be installed in an air-gapped environment. (#​11285) (thanks @​lhaussknecht)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/linkerd branch from 9f248b0 to 90ffde3 Compare December 5, 2024 03:11
@renovate renovate bot force-pushed the renovate/linkerd branch from 90ffde3 to 6253177 Compare January 19, 2025 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants