edge-24.11.8

What's Changed

• build(deps): bump libc from 0.2.164 to 0.2.165 by @dependabot in #13397
• build(deps): bump itoa from 1.0.13 to 1.0.14 by @dependabot in #13398
• build(deps): bump kubert from 0.21.2 to 0.22.0 by @olix0r in #13399

Full Changelog: edge-24.11.7...edge-24.11.8

edge-24.11.7

Overall status: RECOMMENDED

Cautions

N/A

Changes

This release removes the initial delay for the policy controller, allowing for faster control-plane startups, quietens the policy controller's reconciliation logs, and adds logging to make it clear which policy-controller pod is responsible for updating statuses.

What's Changed

• build(deps) update go linkerd2-proxy-api to v0.15.0 by @olix0r in #13396

Full Changelog: edge-24.11.6...edge-24.11.7

edge-24.11.6

Overall status: NOT RECOMMENDED, use edge-24.11.7 instead

Cautions

edge-24.11.6 has been superseded by edge-24.11.7.

Changes

edge-24.11.6 has been superseded by edge-24.11.7.

What's Changed

• Add federated service e2e test by @adleong in #13352
• build(deps): bump @fortawesome/free-regular-svg-icons from 6.6.0 to 6.7.1 in /web/app by @dependabot in #13381
• build(deps): bump k8s.io/apiextensions-apiserver from 0.31.2 to 0.31.3 by @dependabot in #13366
• build(deps): bump @fortawesome/fontawesome-svg-core from 6.6.0 to 6.7.1 in /web/app by @dependabot in #13383
• build(deps): bump @fortawesome/free-solid-svg-icons from 6.6.0 to 6.7.1 in /web/app by @dependabot in #13382
• fix(policy): remove readiness probe delay by @olix0r in #13380
• chore(policy): polish logging by @olix0r in #13379
• ci(multicluster): increase federated test timeout by @olix0r in #13393
• chore(policy): run status reconcilation at fixed interval by @olix0r in #13384
• fix(policy): ensure status controller honors leader expiry by @olix0r in #13392
• chore(policy): set an informative field manager on patches by @olix0r in #13394
• chore(policy): simplify status controller type matching by @olix0r in #13395

Full Changelog: edge-24.11.5...edge-24.11.6

edge-24.11.5

Overall status: RECOMMENDED

Cautions

N/A

Changes

In this release, the proxy emits new request_frame_size and response_frame_size metrics with information about TCP frame distributions, correctly accounts for closed connections in route metrics, and fixes a (rare) panic for resources in which managedFields has no timestamp. Additionally, linkerd check checks to be sure that your Link resources match your CLI version, keywords in docker build now use correct cases (thanks, Derek Brown!), and we now test Linkerd on Kubernetes 1.31.

What's Changed

• Add service mirror tests for federated services by @adleong in #13336
• Add tests for federated service watcher by @adleong in #13329
• lint: fix docker build warnings by @DerekTBrown in #13351
• build(deps): bump codecov/codecov-action from 5.0.2 to 5.0.4 by @dependabot in #13354
• policy: add EgressNetwork integration tests for Http Grpc routes by @zaharidichev in #13342
• proxy: v2.266.0 by @l5d-bot in #13353
• policy: Add TCP and TLS route API tests by @zaharidichev in #13348
• build(deps): bump itoa from 1.0.11 to 1.0.13 by @dependabot in #13357
• build(deps): bump proc-macro2 from 1.0.89 to 1.0.90 by @dependabot in #13358
• build(deps): bump codecov/codecov-action from 5.0.4 to 5.0.7 by @dependabot in #13360
• policy: use TLS/TCP filters in new version of proxy API by @zaharidichev in #13362
• proxy: v2.267.0 by @l5d-bot in #13363
• build(deps): bump cpufeatures from 0.2.15 to 0.2.16 by @dependabot in #13370
• build(deps): bump proc-macro2 from 1.0.90 to 1.0.92 by @dependabot in #13369
• build(deps): bump k8s.io/kube-aggregator from 0.31.2 to 0.31.3 by @dependabot in #13365
• ci: update latest k8s version to 1.31 by @olix0r in #13374
• proxy: v2.268.0 by @l5d-bot in #13375
• Add check for link version by @adleong in #13376
• fix(test): ensure that the controller sets rate limit status by @olix0r in #13377
• fix(destination): avoid panic on missing managed fields timestamp by @olix0r in #13378

Full Changelog: edge-24.11.4...edge-24.11.5

edge-24.11.4

Overall status: RECOMMENDED

Cautions

N/A

Changes

This release fixes a bug (issue 13327) where Linkerd could constantly re-update the status clause of HTTPRoute if another Gateway API controller was present in the system (thanks Derek Brown!), ensures that all of the proxy-injector's logs are valid JSON when JSON logging is enabled (thanks, Micah See!), and cleans up HTTPRoute validation to make sure that if a backendRef is a Service, it must have a valid port.

What's Changed

• chore(policy): fix HttpLocalRateLimit type casing by @olix0r in #13324
• build(deps): bump cc from 1.2.0 to 1.2.1 by @dependabot in #13331
• build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 by @dependabot in #13330
• build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.0 by @dependabot in #13333
• build(deps): bump DavidAnson/markdownlint-cli2-action from 17.0.0 to 18.0.0 by @dependabot in #13332
• [fix 13327] ignore HTTPRoute .status.parents re-ordering by @DerekTBrown in #13328
• Integration test for rate-limiting by @alpeb in #13326
• feat(policy): check Service port in admission controller by @olix0r in #13325
• build(deps): bump serde_json from 1.0.132 to 1.0.133 by @dependabot in #13340
• Ensure consistent JSON logging for proxy-injector container by @MicahSee in #13335
• build(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /web/app by @dependabot in #13344
• build(deps): bump codecov/codecov-action from 5.0.0 to 5.0.2 by @dependabot in #13341
• build(deps): bump libc from 0.2.162 to 0.2.164 by @dependabot in #13339
• build(deps): bump openssl-src from 300.4.0+3.4.0 to 300.4.1+3.4.0 by @dependabot in #13338

New Contributors

• @DerekTBrown made their first contribution in #13328
• @MicahSee made their first contribution in #13335

Full Changelog: edge-24.11.3...edge-24.11.4

edge-24.11.3

Overall status: RECOMMENDED

Cautions

N/A

Changes

edge-24.11.3 brings local rate limiting to Linkerd! Using the new HTTPLocalRateLimitPolicy resource, you can attach rate limits to Servers to protect workloads from being overwhelmed by excessive traffic. Additionally, it improves metrics for TCPRoute and TLSRoute egress control, correctly handles the case where a Route type changes parents (fixing [issue #13280]), allows linkerd diagnostics endpoints to correctly handle workloads with multiple endpoints, and removes unneeded references to linkerd-base from the linkerd-control-plane chart README (thanks, Brandon Ros!).

What's Changed

• Remove empty shortnames: [] from HTTPLocalRateLimitPolicy by @alpeb in #13297
• build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0 by @dependabot in #13302
• build(deps): bump tj-actions/changed-files from 45.0.3 to 45.0.4 by @dependabot in #13304
• build(deps): bump allocator-api2 from 0.2.18 to 0.2.19 by @dependabot in #13301
• build(deps): bump security-framework-sys from 2.12.0 to 2.12.1 by @dependabot in #13298
• build(deps-dev): bump @babel/core from 7.25.8 to 7.26.0 in /web/app by @dependabot in #13296
• build(deps): bump golang.org/x/tools from 0.26.0 to 0.27.0 by @dependabot in #13303
• build(deps): bump allocator-api2 from 0.2.19 to 0.2.20 by @dependabot in #13309
• HTTPLocalRateLimitPolicy validator by @alpeb in #13251
• build(deps): bump cc from 1.1.36 to 1.2.0 by @dependabot in #13312
• build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 by @dependabot in #13311
• proxy: v2.264.0 by @l5d-bot in #13316
• proxy: v2.265.0 by @l5d-bot in #13319
• build(deps): bump serde from 1.0.214 to 1.0.215 by @dependabot in #13308
• build(deps): bump cpufeatures from 0.2.14 to 0.2.15 by @dependabot in #13307
• Implement status handling for HTTPLocalRateLimitPolicy CRD by @alpeb in #13314
• build(deps): bump clap from 4.5.20 to 4.5.21 by @dependabot in #13322
• build(deps): bump clap_lex from 0.7.2 to 0.7.3 by @dependabot in #13321
• build(deps): bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 by @dependabot in #13320
• Allow diagnostics endpoints command to receive more than one message by @adleong in #13285
• remove linkerd-base references by @brandonros in #13323
• Update outbound policy watches when routes change parents by @adleong in #13315

New Contributors

• @brandonros made their first contribution in #13323

Full Changelog: edge-24.11.2...edge-24.11.3

edge-24.11.2

Overall status: NOT RECOMMENDED, use edge-24.11.3 instead

Cautions

linkerd diagnostics endpoints may not correctly show all endpoints for federated Services. We recommend using edge-24.11.3 instead, which fixes this issue.

Changes

edge-24.11.2 brings federated Services to Linkerd multicluster setups! Every federated Service appears exactly the same from every cluster (rather than having names like svc-cluster) and Linkerd seamlessly handles everything to gather the relevant endpoints from all clusters, without requiring application changes or HTTPRoute configuration.

What's Changed

• build(deps): bump cc from 1.1.35 to 1.1.36 by @dependabot in #13275
• build(deps): bump anyhow from 1.0.92 to 1.0.93 by @dependabot in #13281
• build(deps-dev): bump webpack from 5.95.0 to 5.96.1 in /web/app by @dependabot in #13260
• proxy: v2.262.0 by @l5d-bot in #13283
• proxy: v2.263.1 by @l5d-bot in #13286
• build(deps): bump tokio from 1.41.0 to 1.41.1 by @dependabot in #13289
• build(deps): bump libc from 0.2.161 to 0.2.162 by @dependabot in #13288
• build(deps): temporarily pin linkerd2-proxy-api to main by @olix0r in #13290
• Add federated service watcher by @adleong in #13267
• Add support for federated services to the service mirror controller by @adleong in #13269
• Remove duplicate variable by @adleong in #13291
• chore(ci): increase multicluster test timeout by @olix0r in #13293
• chore(just): increase mc test timeout by @olix0r in #13294
• feat(destination): set parent and profile references by @olix0r in #13292
• Add HTTPLocalRateLimitPolicy support by @alpeb in #13231

Full Changelog: edge-24.11.1...edge-24.11.2

edge-24.11.1

Overall status: RECOMMENDED

Cautions

N/A

Changes

edge-24.11.1 brings egress monitoring and control to Linkerd! Using the new EgressNetwork CRD as a parentRef for an HTTPRoute, GRPCRoute, TCPRoute, or TLSRoute, you can see which workloads are making egress calls and set policy on what's allowed and what isn't.

What's Changed

• build(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 by @dependabot in #13254
• build(deps): bump thiserror from 1.0.65 to 1.0.66 by @dependabot in #13253
• build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 by @dependabot in #13252
• policy: Make global egress network namespace configurable by @zaharidichev in #13250
• Unblock dualstack integration test by @alpeb in #13255
• build(deps): bump thiserror from 1.0.66 to 1.0.68 by @dependabot in #13271
• build(deps-dev): bump html-webpack-plugin from 5.6.2 to 5.6.3 in /web/app by @dependabot in #13258
• build(deps-dev): bump @babel/runtime from 7.25.7 to 7.26.0 in /web/app by @dependabot in #13257
• build(deps-dev): bump @babel/eslint-parser from 7.25.8 to 7.25.9 in /web/app by @dependabot in #13256
• build(deps): bump core-js from 3.38.1 to 3.39.0 in /web/app by @dependabot in #13259
• build(deps): bump anyhow from 1.0.91 to 1.0.92 by @dependabot in #13263
• build(deps): bump anstyle from 1.0.9 to 1.0.10 by @dependabot in #13262
• build(deps): bump cc from 1.1.31 to 1.1.35 by @dependabot in #13273
• policy: limit TCPRoute to one per policy response by @zaharidichev in #13272
• policy: Remove redundant GRPC rule match on default egress GRPCRoute by @zaharidichev in #13279
• Add v1alpha2 version to Link CRD by @adleong in #13268
• proxy: v2.261.0 by @l5d-bot in #13278

Full Changelog: edge-24.10.5...edge-24.11.1

edge-24.10.5

Overall status: RECOMMENDED

Cautions

As of edge-24.10.5, if you configure a timeout on a GRPCRoute, a request that hits the timeout will correctly return a DEADLINE-EXCEEDED gRPC status rather than an UNAVAILABLE gRPC status.

Changes

edge-24.10.5 fixes a bug where requests that hit GRPCRoute timeouts would return gRPC status UNAVAILABLE instead of DEADLINE-EXCEEDED.

What's Changed

• policy: Serve EgressNetwork responses by @zaharidichev in #13206
• build(deps): bump crazy-max/ghaction-chocolatey from 3.0.0 to 3.2.0 by @dependabot in #13237
• build(deps-dev): bump @babel/preset-env from 7.25.8 to 7.26.0 in /web/app by @dependabot in #13236
• build(deps-dev): bump eslint-plugin-jsx-a11y from 6.10.0 to 6.10.2 in /web/app by @dependabot in #13235
• build(deps-dev): bump @babel/preset-react from 7.25.7 to 7.25.9 in /web/app by @dependabot in #13233
• build(deps): bump @babel/eslint-plugin from 7.25.7 to 7.25.9 in /web/app by @dependabot in #13232
• build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #13229
• build(deps): bump pin-project from 1.1.6 to 1.1.7 by @dependabot in #13228
• build(deps): bump regex from 1.11.0 to 1.11.1 by @dependabot in #13227
• build(deps): bump anstyle from 1.0.8 to 1.0.9 by @dependabot in #13226
• build(deps): bump pin-project-lite from 0.2.14 to 0.2.15 by @dependabot in #13225
• build(deps-dev): bump eslint-plugin-react from 7.37.1 to 7.37.2 in /web/app by @dependabot in #13234
• build(deps): bump openssl-src from 300.3.2+3.3.2 to 300.4.0+3.4.0 by @dependabot in #13222
• build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 by @dependabot in #13221
• proxy: v2.260.0 by @l5d-bot in #13244
• build(deps): bump github.com/prometheus/common from 0.60.0 to 0.60.1 by @dependabot in #13241
• build(deps): bump rustix from 0.38.36 to 0.38.38 by @dependabot in #13240
• build(deps): bump serde from 1.0.213 to 1.0.214 by @dependabot in #13239
• build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #13223
• build(deps): bump k8s.io/endpointslice from 0.31.1 to 0.31.2 by @dependabot in #13220
• policy: limit globally affecting egress networks to a single namespace by @zaharidichev in #13246
• build(deps): bump k8s.io/kube-aggregator from 0.31.1 to 0.31.2 by @dependabot in #13217
• build(deps): bump k8s.io/apiextensions-apiserver from 0.31.1 to 0.31.2 by @dependabot in #13219
• build(deps): bump google-github-actions/auth from 2.1.6 to 2.1.7 by @dependabot in #13249

Full Changelog: edge-24.10.4...edge-24.10.5

edge-24.10.4

Overall status: RECOMMENDED

Cautions

N/A

Changes

edge-24.10.4 disables automountServiceAccountToken in favor of explicitly-configured projected volumes for the ServiceAccountTokens we need (thanks, Aran Shavit!) and updates the deprecation text for Server v1beta1 (thanks, @patest-dev!).

What's Changed

• Update deprecation warning text for v1beta1 Server by @patest-dev in #13188
• build(deps): bump openssl from 0.10.67 to 0.10.68 by @dependabot in #13194
• build(deps): bump proc-macro2 from 1.0.87 to 1.0.88 by @dependabot in #13195
• build(deps): bump libc from 0.2.159 to 0.2.161 by @dependabot in #13199
• build(deps): bump serde_json from 1.0.128 to 1.0.129 by @dependabot in #13200
• Add EgressNetwork and routes statuses by @zaharidichev in #13181
• build(deps): bump cc from 1.1.30 to 1.1.31 by @dependabot in #13202
• build(deps): bump anyhow from 1.0.89 to 1.0.90 by @dependabot in #13203
• build(deps): bump serde_json from 1.0.129 to 1.0.132 by @dependabot in #13204
• build(deps-dev): bump html-webpack-plugin from 5.6.0 to 5.6.2 in /web/app by @dependabot in #13201
• Improve debugging in dualstack integration test by @alpeb in #13193
• build(deps): bump bytes from 1.7.2 to 1.8.0 by @dependabot in #13207
• Manually mount serviceAccount token by @Aransh in #13186
• Update generated client-go code by @adleong in #13167
• build(deps): bump serde from 1.0.210 to 1.0.213 by @dependabot in #13213
• build(deps): bump tokio from 1.40.0 to 1.41.0 by @dependabot in #13211
• build(deps): bump github.com/fatih/color from 1.17.0 to 1.18.0 by @dependabot in #13208
• build(deps): bump anyhow from 1.0.90 to 1.0.91 by @dependabot in #13212
• build(deps): bump thiserror from 1.0.64 to 1.0.65 by @dependabot in #13209
• build(deps): bump proc-macro2 from 1.0.88 to 1.0.89 by @dependabot in #13210
• proxy: v2.259.0 by @l5d-bot in #13214
• build(deps): bump http-proxy-middleware from 2.0.4 to 2.0.7 in /web/app by @dependabot in #13216

New Contributors

• @patest-dev made their first contribution in #13188
• @Aransh made their first contribution in #13186

Full Changelog: edge-24.10.3...edge-24.10.4