Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stable-2.13.6 #11227

Merged
merged 10 commits into from
Aug 9, 2023
2 changes: 1 addition & 1 deletion .proxy-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v2.203.1
v2.203.2
49 changes: 49 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,54 @@
# Changes

## stable-2.13.6

This stable release fixes a regression introduced in stable-2.13.0 which
resulted in proxies shedding load too aggressively while under moderate request
load to a single service ([#11055]). In addition, it updates the base image for
the `linkerd-cni` initcontainer to resolve a CVE in `libdb` ([#11196]), fixes a
race condition in the Destination controller that could cause it to crash
([#11163]), as well as fixing a number of other issues.

* Control Plane
* Fixed a race condition in the destination controller that could cause it to
panic ([#11169]; fixes [#11163])
* Improved the granularity of logging levels in the control plane ([#11147])

* Proxy
* Changed the default HTTP request queue capacities for the inbound and
outbound proxies back to 10,000 requests ([#11198]; fixes [#11055])

* CLI
* Updated extension CLI commands to prefer the `--registry` flag over the
`LINKERD_DOCKER_REGISTRY` environment variable, making the precedence more
consistent (thanks @harsh020!) (see [#11144])

* CNI
* Updated `linkerd-cni` base image to resolve [CVE-2019-8457] in `libdb`
([#11196])
* Changed the CNI plugin installer to always run in 'chained' mode; the plugin
will now wait until another CNI plugin is installed before appending its
configuration ([#10849])
* Removed `hostNetwork: true` from linkerd-cni Helm chart templates
([#11158]; fixes [#11141]) (thanks @abhijeetgauravm!)

* Multicluster
* Fixed the `linkerd multicluster check` command failing in the presence of
lots of mirrored services ([#10764])

[#10764]: https://github.com/linkerd/linkerd2/issues/10764
[#10849]: https://github.com/linkerd/linkerd2/issues/10849
[#11055]: https://github.com/linkerd/linkerd2/issues/11055
[#11141]: https://github.com/linkerd/linkerd2/issues/11141
[#11144]: https://github.com/linkerd/linkerd2/issues/11144
[#11147]: https://github.com/linkerd/linkerd2/issues/11147
[#11158]: https://github.com/linkerd/linkerd2/issues/11158
[#11163]: https://github.com/linkerd/linkerd2/issues/11163
[#11169]: https://github.com/linkerd/linkerd2/issues/11169
[#11196]: https://github.com/linkerd/linkerd2/issues/11196
[#11198]: https://github.com/linkerd/linkerd2/issues/11198
[CVE-2019-8457]: https://avd.aquasec.com/nvd/2019/cve-2019-8457/

## stable-2.13.5

This stable release fixes a memory leak in the multicluster extension and fixes
Expand Down
2 changes: 1 addition & 1 deletion EXTENSIONS.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ following flags:

* `--namespace`/`-n`: Namespace to use for –proxy checks (default: all
namespaces)
* `--output`/`-o`: Output format. One of: table, json
* `--output`/`-o`: Output format. One of: table, json, short
* `--pre`: Only run pre-installation checks, to determine if the extension can
be installed
* `--proxy`: Only run data-plane checks, to determine if the data plane is
Expand Down
2 changes: 1 addition & 1 deletion charts/linkerd-control-plane/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ dependencies:
- name: partials
version: 0.1.0
repository: file://../partials
version: 1.12.5
version: 1.12.6
icon: https://linkerd.io/images/logo-only-200h.png
maintainers:
- name: Linkerd authors
Expand Down
2 changes: 1 addition & 1 deletion charts/linkerd-control-plane/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
Linkerd gives you observability, reliability, and security
for your microservices — with no code change required.

![Version: 1.12.5](https://img.shields.io/badge/Version-1.12.5-informational?style=flat-square)
![Version: 1.12.6](https://img.shields.io/badge/Version-1.12.6-informational?style=flat-square)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square)

Expand Down
2 changes: 1 addition & 1 deletion charts/linkerd2-cni/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@ description: |
kubeVersion: ">=1.21.0-0"
icon: https://linkerd.io/images/logo-only-200h.png
name: "linkerd2-cni"
version: 30.8.3
version: 30.8.4
4 changes: 2 additions & 2 deletions charts/linkerd2-cni/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Linkerd [CNI plugin](https://linkerd.io/2/features/cni/) takes care of setting
up your pod's network so incoming and outgoing traffic is proxied through the
data plane.

![Version: 30.8.3](https://img.shields.io/badge/Version-30.8.3-informational?style=flat-square)
![Version: 30.8.4](https://img.shields.io/badge/Version-30.8.4-informational?style=flat-square)

![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square)

Expand All @@ -31,7 +31,7 @@ Kubernetes: `>=1.21.0-0`
| ignoreOutboundPorts | string | `""` | Default set of outbound ports to skip via iptables |
| image.name | string | `"cr.l5d.io/linkerd/cni-plugin"` | Docker image for the CNI plugin |
| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the linkerd-cni container |
| image.version | string | `"v1.1.1"` | Tag for the CNI container Docker image |
| image.version | string | `"v1.2.0"` | Tag for the CNI container Docker image |
| imagePullSecrets | list | `[]` | |
| inboundProxyPort | int | `4143` | Inbound port for the proxy container |
| logLevel | string | `"info"` | Log level for the CNI plugin |
Expand Down
2 changes: 0 additions & 2 deletions charts/linkerd2-cni/templates/cni-plugin.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ spec:
{{- end }}
fsGroup:
rule: RunAsAny
hostNetwork: true
runAsUser:
rule: RunAsAny
seLinux:
Expand Down Expand Up @@ -211,7 +210,6 @@ spec:
affinity:
{{- include "linkerd.node-affinity" . | nindent 8 }}
{{- end }}
hostNetwork: true
securityContext:
seccompProfile:
type: RuntimeDefault
Expand Down
2 changes: 1 addition & 1 deletion charts/linkerd2-cni/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ image:
# -- Docker image for the CNI plugin
name: "cr.l5d.io/linkerd/cni-plugin"
# -- Tag for the CNI container Docker image
version: "v1.1.1"
version: "v1.2.0"
# -- Pull policy for the linkerd-cni container
pullPolicy: IfNotPresent

Expand Down
2 changes: 1 addition & 1 deletion cli/cmd/check.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func (options *checkOptions) checkFlagSet() *pflag.FlagSet {

flags.StringVar(&options.versionOverride, "expected-version", options.versionOverride, "Overrides the version used when checking if Linkerd is running the latest version (mostly for testing)")
flags.StringVar(&options.cliVersionOverride, "cli-version-override", "", "Used to override the version of the cli (mostly for testing)")
flags.StringVarP(&options.output, "output", "o", options.output, "Output format. One of: basic, json, short")
flags.StringVarP(&options.output, "output", "o", options.output, "Output format. One of: table, json, short")
flags.DurationVar(&options.wait, "wait", options.wait, "Maximum allowed time for all tests to pass")

return flags
Expand Down
10 changes: 5 additions & 5 deletions cli/cmd/install-cni-plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func (options *cniPluginOptions) validate() error {
}

if _, err := log.ParseLevel(options.logLevel); err != nil {
return fmt.Errorf("--cni-log-level must be one of: panic, fatal, error, warn, info, debug")
return fmt.Errorf("--cni-log-level must be one of: panic, fatal, error, warn, info, debug, trace")
}

if err := validateRangeSlice(options.ignoreInboundPorts); err != nil {
Expand All @@ -84,7 +84,7 @@ func (options *cniPluginOptions) pluginImage() cnicharts.Image {
image.Name = cmd.RegistryOverride(options.image.name, override)
return image
}
if options.dockerRegistry != defaultDockerRegistry {
if options.dockerRegistry != cmd.DefaultDockerRegistry {
image.Name = cmd.RegistryOverride(options.image.name, options.dockerRegistry)
return image
}
Expand All @@ -108,7 +108,7 @@ This command installs a DaemonSet into the Linkerd control plane. The DaemonSet
copies the necessary linkerd-cni plugin binaries and configs onto the host. It
assumes that the 'linkerd install' command will be executed with the
'--linkerd-cni-enabled' flag. This command needs to be executed before the
'linkerd install --linkerd-cni-enabled' command.
'linkerd install --linkerd-cni-enabled' command.

The installation can be configured by using the --set, --values, --set-string and --set-file flags. A full list of configurable values can be found at https://artifacthub.io/packages/helm/linkerd2/linkerd2-cni#values`,
RunE: func(cmd *cobra.Command, args []string) error {
Expand Down Expand Up @@ -151,13 +151,13 @@ func newCNIInstallOptionsWithDefaults() (*cniPluginOptions, error) {
}

cniPluginImage := cniPluginImage{
name: defaultDockerRegistry + "/cni-plugin",
name: cmd.DefaultDockerRegistry + "/cni-plugin",
version: version.LinkerdCNIVersion,
}

cniOptions := cniPluginOptions{
linkerdVersion: version.Version,
dockerRegistry: defaultDockerRegistry,
dockerRegistry: cmd.DefaultDockerRegistry,
proxyControlPort: 4190,
proxyAdminPort: 4191,
inboundPort: defaults.InboundProxyPort,
Expand Down
2 changes: 1 addition & 1 deletion cli/cmd/install-cni-plugin_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ func TestRenderCNIPlugin(t *testing.T) {

image := cniPluginImage{
name: "my-docker-registry.io/awesome/cni-plugin-test-image",
version: "v1.1.1",
version: "v1.2.0",
pullPolicy: nil,
}
fullyConfiguredOptions := &cniPluginOptions{
Expand Down
2 changes: 1 addition & 1 deletion cli/cmd/install_cni_helm_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func TestRenderCniHelm(t *testing.T) {
"logLevel": "debug",
"image": {
"name": "cr.l5d.io/linkerd/cni-plugin",
"version": "v1.1.1"
"version": "v1.2.0"
},
"proxyUID": 1111,
"destCNINetDir": "/etc/cni/net.d-test",
Expand Down
2 changes: 1 addition & 1 deletion cli/cmd/install_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,7 @@ func TestValidate(t *testing.T) {
}

values.ControllerLogLevel = "super"
expected := "--controller-log-level must be one of: panic, fatal, error, warn, info, debug"
expected := "--controller-log-level must be one of: panic, fatal, error, warn, info, debug, trace"

err = validateValues(context.Background(), nil, values)
if err == nil {
Expand Down
4 changes: 2 additions & 2 deletions cli/cmd/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -397,7 +397,7 @@ func makeProxyFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet) {
}),
}

registryFlag := flag.NewStringFlag(proxyFlags, "registry", defaultDockerRegistry,
registryFlag := flag.NewStringFlag(proxyFlags, "registry", cmd.DefaultDockerRegistry,
fmt.Sprintf("Docker registry to pull images from ($%s)", flagspkg.EnvOverrideDockerRegistry),
func(values *l5dcharts.Values, value string) error {
values.ControllerImage = cmd.RegistryOverride(values.ControllerImage, value)
Expand Down Expand Up @@ -485,7 +485,7 @@ func validateValues(ctx context.Context, k *k8s.KubernetesAPI, values *l5dcharts
}

if _, err := log.ParseLevel(values.ControllerLogLevel); err != nil {
return fmt.Errorf("--controller-log-level must be one of: panic, fatal, error, warn, info, debug")
return fmt.Errorf("--controller-log-level must be one of: panic, fatal, error, warn, info, debug, trace")
}

if values.Proxy.LogLevel == "" {
Expand Down
1 change: 0 additions & 1 deletion cli/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ const (
defaultLinkerdNamespace = "linkerd"
defaultCNINamespace = "linkerd-cni"
defaultClusterDomain = "cluster.local"
defaultDockerRegistry = "cr.l5d.io/linkerd"

jsonOutput = healthcheck.JSONOutput
tableOutput = healthcheck.TableOutput
Expand Down
3 changes: 1 addition & 2 deletions cli/cmd/testdata/install-cni-plugin_default.golden

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions cli/cmd/testdata/install-cni-plugin_skip_ports.golden

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions cli/cmd/testdata/install_cni_helm_default_output.golden

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions cli/cmd/testdata/install_cni_helm_override_output.golden

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion cni-plugin/test/install-cni_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ func populateK8sCreds(wd string, tempK8sSvcAcctDir string, t *testing.T) {

// startDocker starts a test Docker container and runs the install-cni.sh script.
func startDocker(testNum int, wd string, testWorkRootDir string, tempCNINetDir string, tempCNIBinDir string, tempK8sSvcAcctDir string, t *testing.T) string {
dockerImage := env("HUB", "cr.l5d.io/linkerd") + "/cni-plugin:" + env("CNI_PLUGIN_VERSION", "v1.1.1")
dockerImage := env("HUB", "cr.l5d.io/linkerd") + "/cni-plugin:" + env("CNI_PLUGIN_VERSION", "v1.2.0")
errFileName := testWorkRootDir + "/docker_run_stderr"

// Build arguments list by picking whatever is necessary from the environment.
Expand Down
3 changes: 3 additions & 0 deletions controller/api/destination/watcher/endpoints_watcher.go
Original file line number Diff line number Diff line change
Expand Up @@ -593,6 +593,9 @@ func (sp *servicePublisher) metricsLabels(port Port, hostname string) prometheus
}

func (sp *servicePublisher) updateServer(server *v1beta1.Server, isAdd bool) {
sp.Lock()
defer sp.Unlock()

selector, err := metav1.LabelSelectorAsSelector(server.Spec.PodSelector)
if err != nil {
sp.log.Errorf("failed to create Selector: %s", err)
Expand Down
2 changes: 1 addition & 1 deletion jaeger/charts/linkerd-jaeger/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ kubeVersion: ">=1.21.0-0"
name: linkerd-jaeger
sources:
- https://github.com/linkerd/linkerd2/
version: 30.8.5
version: 30.8.6
icon: https://linkerd.io/images/logo-only-200h.png
maintainers:
- name: Linkerd authors
Expand Down
2 changes: 1 addition & 1 deletion jaeger/charts/linkerd-jaeger/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
The Linkerd-Jaeger extension adds distributed tracing to Linkerd using
OpenCensus and Jaeger.

![Version: 30.8.5](https://img.shields.io/badge/Version-30.8.5-informational?style=flat-square)
![Version: 30.8.6](https://img.shields.io/badge/Version-30.8.6-informational?style=flat-square)

![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square)

Expand Down
Loading
Loading