From 9d52271a551c9bf34009a382490369c0beece82c Mon Sep 17 00:00:00 2001 From: William Morgan Date: Fri, 26 Apr 2024 09:12:17 -0500 Subject: [PATCH 1/7] remove deprecated stable release channel (#1766) Signed-off-by: William Morgan --- versioncheck.linkerd.io/public/version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versioncheck.linkerd.io/public/version.json b/versioncheck.linkerd.io/public/version.json index 65c08ffe72..932a5af414 100644 --- a/versioncheck.linkerd.io/public/version.json +++ b/versioncheck.linkerd.io/public/version.json @@ -1 +1 @@ -{"stable":"L5D2_STABLE_VERSION","edge":"L5D2_EDGE_VERSION"} +{"edge":"L5D2_EDGE_VERSION"} From 9a9da49222ccce97af2d89d39601a6a0db9babbe Mon Sep 17 00:00:00 2001 From: Travis Beckham Date: Fri, 26 Apr 2024 13:47:37 -0500 Subject: [PATCH 2/7] Fix checks redirect in 2.15 docs (#1769) * Fixed checks redirect Signed-off-by: Travis Beckham * Fixed redirect in older docs to point to the latest troubleshooting doc Signed-off-by: Travis Beckham * improve versioncheck troubleshooting language Signed-off-by: William Morgan * Fixed header anchor links Signed-off-by: Travis Beckham * Added unsupported version channel error to cli check Signed-off-by: Travis Beckham * Bypass markdownlint due to styling of headers Signed-off-by: Travis Beckham --------- Signed-off-by: Travis Beckham Signed-off-by: William Morgan Co-authored-by: William Morgan --- linkerd.io/content/2.10/checks/index.html | 2 +- linkerd.io/content/2.11/checks/index.html | 2 +- linkerd.io/content/2.12/checks/index.html | 2 +- linkerd.io/content/2.13/checks/index.html | 2 +- linkerd.io/content/2.14/checks/index.html | 2 +- linkerd.io/content/2.15/checks/index.html | 2 +- .../content/2.15/tasks/troubleshooting.md | 270 +++++++++++------- 7 files changed, 170 insertions(+), 112 deletions(-) diff --git a/linkerd.io/content/2.10/checks/index.html b/linkerd.io/content/2.10/checks/index.html index 02f72f8874..d13700ee78 100644 --- a/linkerd.io/content/2.10/checks/index.html +++ b/linkerd.io/content/2.10/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.11/checks/index.html b/linkerd.io/content/2.11/checks/index.html index 01ca8a947c..d13700ee78 100644 --- a/linkerd.io/content/2.11/checks/index.html +++ b/linkerd.io/content/2.11/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.12/checks/index.html b/linkerd.io/content/2.12/checks/index.html index bd0396fff6..d13700ee78 100644 --- a/linkerd.io/content/2.12/checks/index.html +++ b/linkerd.io/content/2.12/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.13/checks/index.html b/linkerd.io/content/2.13/checks/index.html index 8addaa3cc8..d13700ee78 100644 --- a/linkerd.io/content/2.13/checks/index.html +++ b/linkerd.io/content/2.13/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.14/checks/index.html b/linkerd.io/content/2.14/checks/index.html index 2642385152..d13700ee78 100644 --- a/linkerd.io/content/2.14/checks/index.html +++ b/linkerd.io/content/2.14/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.15/checks/index.html b/linkerd.io/content/2.15/checks/index.html index 238c542fc6..d13700ee78 100644 --- a/linkerd.io/content/2.15/checks/index.html +++ b/linkerd.io/content/2.15/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.15/tasks/troubleshooting.md b/linkerd.io/content/2.15/tasks/troubleshooting.md index 9b3072f6e2..202921f18d 100644 --- a/linkerd.io/content/2.15/tasks/troubleshooting.md +++ b/linkerd.io/content/2.15/tasks/troubleshooting.md @@ -385,8 +385,9 @@ try installing linkerd via --set proxyInit.runAsRoot=true see https://linkerd.io/2.11/checks/#l5d-proxy-init-run-as-root for hints ``` -Kubernetes nodes running with docker as the container runtime ([CRI](https://kubernetes.io/docs/concepts/architecture/cri/)) -require the init container to run as root for iptables. +Kubernetes nodes running with docker as the container runtime +([CRI](https://kubernetes.io/docs/concepts/architecture/cri/)) require the init +container to run as root for iptables. Newer distributions of managed k8s use containerd where this is not an issue. @@ -399,8 +400,8 @@ time="2021-11-15T04:41:31Z" level=info msg="iptables-save v1.8.7 (legacy): Canno ``` See [linkerd/linkerd2#7283](https://github.com/linkerd/linkerd2/issues/7283) and -[linkerd/linkerd2#7308](https://github.com/linkerd/linkerd2/issues/7308) -for further details. +[linkerd/linkerd2#7308](https://github.com/linkerd/linkerd2/issues/7308) for +further details. ## The "linkerd-existence" checks {#l5d-existence} @@ -501,8 +502,8 @@ Example failure: Failures of such nature indicate that your roots have expired. If that is the case you will have to update both the root and issuer certificates at once. You can follow the process outlined in -[Replacing Expired Certificates](../replacing_expired_certificates/) to -get your cluster back to a stable state. +[Replacing Expired Certificates](../replacing_expired_certificates/) to get your +cluster back to a stable state. ### √ trust roots are valid for at least 60 days {#l5d-identity-trustAnchors-not-expiring-soon} @@ -646,9 +647,9 @@ Example failure: see https://linkerd.io/checks/#l5d-proxy-injector-webhook-cert-not-expiring-soon for hints ``` -This warning indicates that the expiry of proxy-injnector webhook -cert is approaching. In order to address this -problem without incurring downtime, you can follow the process outlined in +This warning indicates that the expiry of proxy-injnector webhook cert is +approaching. In order to address this problem without incurring downtime, you +can follow the process outlined in [Automatically Rotating your webhook TLS Credentials](../automatically-rotating-webhook-tls-credentials/). ### √ sp-validator webhook has valid cert {#l5d-sp-validator-webhook-cert-valid} @@ -685,9 +686,9 @@ Example failure: see https://linkerd.io/checks/#l5d-sp-validator-webhook-cert-not-expiring-soon for hints ``` -This warning indicates that the expiry of sp-validator webhook -cert is approaching. In order to address this -problem without incurring downtime, you can follow the process outlined in +This warning indicates that the expiry of sp-validator webhook cert is +approaching. In order to address this problem without incurring downtime, you +can follow the process outlined in [Automatically Rotating your webhook TLS Credentials](../automatically-rotating-webhook-tls-credentials/). ### √ policy-validator webhook has valid cert {#l5d-policy-validator-webhook-cert-valid} @@ -700,8 +701,8 @@ Example failure: see https://linkerd.io/checks/#l5d-policy-validator-webhook-cert-valid for hints ``` -Ensure that the `linkerd-policy-validator-k8s-tls` secret exists and contains the -appropriate `tls.crt` and `tls.key` data entries. +Ensure that the `linkerd-policy-validator-k8s-tls` secret exists and contains +the appropriate `tls.crt` and `tls.key` data entries. ```bash × policy-validator webhook has valid cert @@ -722,9 +723,9 @@ Example failure: see https://linkerd.io/checks/#l5d-policy-validator-webhook-cert-not-expiring-soon for hints ``` -This warning indicates that the expiry of policy-validator webhook -cert is approaching. In order to address this -problem without incurring downtime, you can follow the process outlined in +This warning indicates that the expiry of policy-validator webhook cert is +approaching. In order to address this problem without incurring downtime, you +can follow the process outlined in [Automatically Rotating your webhook TLS Credentials](../automatically-rotating-webhook-tls-credentials/). ## The "linkerd-identity-data-plane" checks {#l5d-identity-data-plane} @@ -820,9 +821,9 @@ Example failure: ``` Linkerd has a `clusterNetworks` setting which allows it to differentiate between -intra-cluster and egress traffic. This warning indicates that the cluster has -a podCIDR which is not included in Linkerd's `clusterNetworks`. Traffic to pods -in this network may not be meshed properly. To remedy this, update the +intra-cluster and egress traffic. This warning indicates that the cluster has a +podCIDR which is not included in Linkerd's `clusterNetworks`. Traffic to pods in +this network may not be meshed properly. To remedy this, update the `clusterNetworks` setting to include all pod networks in the cluster. ### √ cluster networks contains all pods {#l5d-cluster-networks-pods} @@ -840,8 +841,8 @@ Example failures: ``` Linkerd has a `clusterNetworks` setting which allows it to differentiate between -intra-cluster and egress traffic. This warning indicates that the cluster has -a pod or ClusterIP service which is not included in Linkerd's `clusterNetworks`. +intra-cluster and egress traffic. This warning indicates that the cluster has a +pod or ClusterIP service which is not included in Linkerd's `clusterNetworks`. Traffic to pods or services in this network may not be meshed properly. To remedy this, update the `clusterNetworks` setting to include all pod and service networks in the cluster. @@ -867,27 +868,89 @@ $ curl "https://versioncheck.linkerd.io/version.json?version=edge-19.1.2&uuid=te ### √ cli is up-to-date {#l5d-version-cli} -Example failure: +Example failures: + + + +**unsupported version channel** + + + +```bash +‼ cli is up-to-date + unsupported version channel: stable-2.14.10 +``` + +As of February 2024, the Linkerd project is no longer producing open source +stable release artifacts. Please read the +[2.15 announcement](/2024/02/21/announcing-linkerd-2.15/#a-new-model-for-stable-releases) +for details. + +See [the full list of Linkerd releases](/releases/) for ways to get Linkerd. + + + +**is running version X but the latest version is Y** + + ```bash ‼ cli is up-to-date is running version 19.1.1 but the latest edge version is 19.1.2 ``` -See the page on [Upgrading Linkerd](../../upgrade/). +There is a newer version of the `linkerd` cli. See the page on +[Upgrading Linkerd](../../upgrade/). ## The "control-plane-version" checks {#l5d-version-control} +### √ control plane is up-to-date {#l5d-version-control-up-to-date} + Example failures: + + +**unsupported version channel** + + + +```bash +‼ control plane is up-to-date + unsupported version channel: stable-2.14.10 +``` + +As of February 2024, the Linkerd project is no longer producing open source +stable release artifacts. Please read the +[2.15 announcement](/2024/02/21/announcing-linkerd-2.15/#a-new-model-for-stable-releases) +for details. + +See [the full list of Linkerd releases](/releases/) for ways to get Linkerd. + + + +**is running version X but the latest version is Y** + + + ```bash ‼ control plane is up-to-date is running version 19.1.1 but the latest edge version is 19.1.2 +``` + +There is a newer version of the control plane. See the page on +[Upgrading Linkerd](../../upgrade/). + +### √ control plane and cli versions match {#l5d-version-control-mismatched} + +Example failure: + +```bash ‼ control plane and cli versions match mismatched channels: running stable-2.1.0 but retrieved edge-19.1.2 ``` -See the page on [Upgrading Linkerd](../../upgrade/). +Your CLI and your control plane are running different types of releases. This +may cause issues. ## The "linkerd-control-plane-proxy" checks {#linkerd-control-plane-proxy} @@ -900,8 +963,8 @@ setting or re-install Linkerd as necessary. ### √ control plane proxies are up-to-date {#l5d-cp-proxy-version} This warning indicates the proxies running in the Linkerd control plane are -running an old version. We recommend downloading the latest Linkerd release -and [Upgrading Linkerd](../../upgrade/). +running an old version. We recommend downloading the latest Linkerd release and +[Upgrading Linkerd](../../upgrade/). ### √ control plane proxies and cli versions match {#l5d-cp-proxy-cli-version} @@ -990,8 +1053,8 @@ Example failure: config.linkerd.io/control-port ``` -`config.linkerd.io/*` or `config.alpha.linkerd.io/*` should -be annotations in order to take effect. +`config.linkerd.io/*` or `config.alpha.linkerd.io/*` should be annotations in +order to take effect. ### √ data plane service annotations are configured correctly {#l5d-data-plane-services-annotations} @@ -1004,8 +1067,7 @@ Example failure: mirror.linkerd.io/exported ``` -`mirror.linkerd.io/exported` should -be a label in order to take effect. +`mirror.linkerd.io/exported` should be a label in order to take effect. ### √ opaque ports are properly annotated {#linkerd-opaque-ports-definition} @@ -1020,11 +1082,11 @@ Example failure: If a Pod marks a port as opaque by using the `config.linkerd.io/opaque-ports` annotation, then any Service which targets that port must also use the `config.linkerd.io/opaque-ports` annotation to mark that port as opaque. Having -a port marked as opaque on the Pod but not the Service (or vice versa) can -cause inconsistent behavior depending on if traffic is sent to the Pod directly -(for example with a headless Service) or through a ClusterIP Service. This -error can be remedied by adding the `config.linkerd.io/opaque-ports` annotation -to both the Pod and Service. See +a port marked as opaque on the Pod but not the Service (or vice versa) can cause +inconsistent behavior depending on if traffic is sent to the Pod directly (for +example with a headless Service) or through a ClusterIP Service. This error can +be remedied by adding the `config.linkerd.io/opaque-ports` annotation to both +the Pod and Service. See [Protocol Detection](../../features/protocol-detection/) for more information. ## The "linkerd-ha-checks" checks {#l5d-ha} @@ -1071,11 +1133,10 @@ replicas running. This is likely caused by insufficient node resources. ### The "extensions" checks {#extensions} -When any [Extensions](../extensions/) are installed, The Linkerd binary -tries to invoke `check --output json` on the extension binaries. -It is important that the extension binaries implement it. -For more information, See [Extension -developer docs](https://github.com/linkerd/linkerd2/blob/main/EXTENSIONS.md) +When any [Extensions](../extensions/) are installed, The Linkerd binary tries to +invoke `check --output json` on the extension binaries. It is important that the +extension binaries implement it. For more information, See +[Extension developer docs](https://github.com/linkerd/linkerd2/blob/main/EXTENSIONS.md) Example error: @@ -1083,8 +1144,9 @@ Example error: invalid extension check output from \"jaeger\" (JSON object expected) ``` -Make sure that the extension binary implements `check --output json` -which returns the healthchecks in the [expected json format](https://github.com/linkerd/linkerd2/blob/main/EXTENSIONS.md#linkerd-name-check). +Make sure that the extension binary implements `check --output json` which +returns the healthchecks in the +[expected json format](https://github.com/linkerd/linkerd2/blob/main/EXTENSIONS.md#linkerd-name-check). Example error: @@ -1262,10 +1324,10 @@ Done configuring CNI. Sleep=true ## The "linkerd-multicluster checks {#l5d-multicluster} These checks run if the service mirroring controller has been installed. -Additionally they can be ran with `linkerd multicluster check`. -Most of these checks verify that the service mirroring controllers are working -correctly along with remote gateways. Furthermore the checks ensure that -end to end TLS is possible between paired clusters. +Additionally they can be ran with `linkerd multicluster check`. Most of these +checks verify that the service mirroring controllers are working correctly along +with remote gateways. Furthermore the checks ensure that end to end TLS is +possible between paired clusters. ### √ Link CRD exists {#l5d-multicluster-link-crd-exists} @@ -1308,8 +1370,8 @@ Example error: see https://linkerd.io/checks/#l5d-smc-target-clusters-access for hints ``` -Make sure the relevant Kube-config with relevant permissions. -for the specific target cluster is present as a secret correctly +Make sure the relevant Kube-config with relevant permissions. for the specific +target cluster is present as a secret correctly ### √ clusters share trust anchors {#l5d-multicluster-clusters-share-anchors} @@ -1483,12 +1545,11 @@ Example errors: ``` The error above indicates that some mirror services in the source cluster do not -have associated link. These mirror services are created by the Linkerd -service mirror controller when a remote service is marked to be -mirrored. +have associated link. These mirror services are created by the Linkerd service +mirror controller when a remote service is marked to be mirrored. -Make sure services are marked to be mirrored correctly at remote, and delete -if there are any unnecessary ones. +Make sure services are marked to be mirrored correctly at remote, and delete if +there are any unnecessary ones. ### √ multicluster extension proxies are healthy {#l5d-multicluster-proxy-healthy} @@ -1499,37 +1560,37 @@ correct setting or re-install as necessary. ### √ multicluster extension proxies are up-to-date {#l5d-multicluster-proxy-cp-version} This warning indicates the proxies running in the multicluster extension are -running an old version. We recommend downloading the latest linkerd-multicluster +running an old version. We recommend downloading the latest linkerd-multicluster and upgrading. ### √ multicluster extension proxies and cli versions match {#l5d-multicluster-proxy-cli-version} -This warning indicates that the proxies running in the multicluster extension are -running a different version from the Linkerd CLI. We recommend keeping this -versions in sync by updating either the CLI or linkerd-multicluster as necessary. +This warning indicates that the proxies running in the multicluster extension +are running a different version from the Linkerd CLI. We recommend keeping this +versions in sync by updating either the CLI or linkerd-multicluster as +necessary. ## The "linkerd-viz" checks {#l5d-viz} -These checks only run when the `linkerd-viz` extension is installed. -This check is intended to verify the installation of linkerd-viz -extension which comprises of `tap`, `web`, -`metrics-api` and optional `grafana` and `prometheus` instances -along with `tap-injector` which injects the specific -tap configuration to the proxies. +These checks only run when the `linkerd-viz` extension is installed. This check +is intended to verify the installation of linkerd-viz extension which comprises +of `tap`, `web`, `metrics-api` and optional `grafana` and `prometheus` instances +along with `tap-injector` which injects the specific tap configuration to the +proxies. ### √ linkerd-viz Namespace exists {#l5d-viz-ns-exists} -This is the basic check used to verify if the linkerd-viz extension -namespace is installed or not. The extension can be installed by running -the following command: +This is the basic check used to verify if the linkerd-viz extension namespace is +installed or not. The extension can be installed by running the following +command: ```bash linkerd viz install | kubectl apply -f - ``` -The installation can be configured by using the -`--set`, `--values`, `--set-string` and `--set-file` flags. -See [Linkerd Viz Readme](https://www.github.com/linkerd/linkerd2/tree/main/viz/charts/linkerd-viz/README.md) +The installation can be configured by using the `--set`, `--values`, +`--set-string` and `--set-file` flags. See +[Linkerd Viz Readme](https://www.github.com/linkerd/linkerd2/tree/main/viz/charts/linkerd-viz/README.md) for a full list of configurable fields. ### √ linkerd-viz ClusterRoles exist {#l5d-viz-cr-exists} @@ -1591,21 +1652,20 @@ yes ### √ viz extension proxies are healthy {#l5d-viz-proxy-healthy} -This error indicates that the proxies running in the viz extension are -not healthy. Ensure that linkerd-viz has been installed with all of the -correct setting or re-install as necessary. +This error indicates that the proxies running in the viz extension are not +healthy. Ensure that linkerd-viz has been installed with all of the correct +setting or re-install as necessary. ### √ viz extension proxies are up-to-date {#l5d-viz-proxy-cp-version} -This warning indicates the proxies running in the viz extension are -running an old version. We recommend downloading the latest linkerd-viz -and upgrading. +This warning indicates the proxies running in the viz extension are running an +old version. We recommend downloading the latest linkerd-viz and upgrading. ### √ viz extension proxies and cli versions match {#l5d-viz-proxy-cli-version} -This warning indicates that the proxies running in the viz extension are -running a different version from the Linkerd CLI. We recommend keeping this -versions in sync by updating either the CLI or linkerd-viz as necessary. +This warning indicates that the proxies running in the viz extension are running +a different version from the Linkerd CLI. We recommend keeping this versions in +sync by updating either the CLI or linkerd-viz as necessary. ### √ tap API server has valid cert {#l5d-tap-cert-valid} @@ -1641,9 +1701,9 @@ Example failure: see https://linkerd.io/checks/#l5d-webhook-cert-not-expiring-soon for hints ``` -This warning indicates that the expiry of the tap API Server webhook -cert is approaching. In order to address this -problem without incurring downtime, you can follow the process outlined in +This warning indicates that the expiry of the tap API Server webhook cert is +approaching. In order to address this problem without incurring downtime, you +can follow the process outlined in [Automatically Rotating your webhook TLS Credentials](../automatically-rotating-webhook-tls-credentials/). ### √ tap api service is running {#l5d-tap-api} @@ -1720,8 +1780,7 @@ Make sure that the `proxy-injector` is working correctly by running see https://linkerd.io/checks/#l5d-viz-cr-exists for hints ``` -Ensure all the prometheus related resources are present and running -correctly. +Ensure all the prometheus related resources are present and running correctly. ```bash ❯ kubectl -n linkerd-viz get deploy,cm | grep prometheus @@ -1800,7 +1859,7 @@ Prometheus to scrape the data plane proxies in a namespace: linkerd viz allow-scrapes --namespace emojivoto | kubectl apply -f - ``` -Note that this warning *only* checks for the existence of the policy resources +Note that this warning _only_ checks for the existence of the policy resources generated by `linkerd viz allow-scrapes` in namespaces that contain pods with the `deny` default inbound policy. In some cases, Prometheus scrapes may also be authorized by other, user-generated authorization policies. If metrics from the @@ -1834,38 +1893,37 @@ You should see all your pods here. If they are not: ## The "linkerd-jaeger" checks {#l5d-jaeger} -These checks only run when the `linkerd-jaeger` extension is installed. -This check is intended to verify the installation of linkerd-jaeger -extension which comprises of open-census collector and jaeger -components along with `jaeger-injector` which injects the specific -trace configuration to the proxies. +These checks only run when the `linkerd-jaeger` extension is installed. This +check is intended to verify the installation of linkerd-jaeger extension which +comprises of open-census collector and jaeger components along with +`jaeger-injector` which injects the specific trace configuration to the proxies. ### √ linkerd-jaeger extension Namespace exists {#l5d-jaeger-ns-exists} -This is the basic check used to verify if the linkerd-jaeger extension -namespace is installed or not. The extension can be installed by running -the following command +This is the basic check used to verify if the linkerd-jaeger extension namespace +is installed or not. The extension can be installed by running the following +command ```bash linkerd jaeger install | kubectl apply -f - ``` -The installation can be configured by using the -`--set`, `--values`, `--set-string` and `--set-file` flags. -See [Linkerd Jaeger Readme](https://www.github.com/linkerd/linkerd2/tree/main/jaeger/charts/linkerd-jaeger/README.md) +The installation can be configured by using the `--set`, `--values`, +`--set-string` and `--set-file` flags. See +[Linkerd Jaeger Readme](https://www.github.com/linkerd/linkerd2/tree/main/jaeger/charts/linkerd-jaeger/README.md) for a full list of configurable fields. ### √ jaeger extension proxies are healthy {#l5d-jaeger-proxy-healthy} -This error indicates that the proxies running in the jaeger extension are -not healthy. Ensure that linkerd-jaeger has been installed with all of the -correct setting or re-install as necessary. +This error indicates that the proxies running in the jaeger extension are not +healthy. Ensure that linkerd-jaeger has been installed with all of the correct +setting or re-install as necessary. ### √ jaeger extension proxies are up-to-date {#l5d-jaeger-proxy-cp-version} -This warning indicates the proxies running in the jaeger extension are -running an old version. We recommend downloading the latest linkerd-jaeger -and upgrading. +This warning indicates the proxies running in the jaeger extension are running +an old version. We recommend downloading the latest linkerd-jaeger and +upgrading. ### √ jaeger extension proxies and cli versions match {#l5d-jaeger-proxy-cli-version} @@ -1917,10 +1975,10 @@ Make sure that the `proxy-injector` is working correctly by running ## The "linkerd-buoyant" checks {#l5d-buoyant} -These checks only run when the `linkerd-buoyant` extension is installed. -This check is intended to verify the installation of linkerd-buoyant -extension which comprises `linkerd-buoyant` CLI, the `buoyant-cloud-agent` -Deployment, and the `buoyant-cloud-metrics` DaemonSet. +These checks only run when the `linkerd-buoyant` extension is installed. This +check is intended to verify the installation of linkerd-buoyant extension which +comprises `linkerd-buoyant` CLI, the `buoyant-cloud-agent` Deployment, and the +`buoyant-cloud-metrics` DaemonSet. ### √ Linkerd extension command linkerd-buoyant exists From 7b4826ac6dc8a570221e32ccad549f96cf53f97d Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 26 Apr 2024 16:31:31 -0400 Subject: [PATCH 3/7] Edge Release Roundup: April 2024 (#1770) * Edge Release Roundup: April 2024 Signed-off-by: Flynn * Typo Signed-off-by: Flynn * Tweaks Signed-off-by: Flynn * Address feedback from Alejandro Signed-off-by: Flynn * Switch to "Linkerd is for everyone" footer, fix casing in headers, and add Helm notes. Signed-off-by: Flynn --------- Signed-off-by: Flynn --- .../blog/2024/0425-edge-release-roundup.md | 188 ++++++++++++++++++ 1 file changed, 188 insertions(+) create mode 100644 linkerd.io/content/blog/2024/0425-edge-release-roundup.md diff --git a/linkerd.io/content/blog/2024/0425-edge-release-roundup.md b/linkerd.io/content/blog/2024/0425-edge-release-roundup.md new file mode 100644 index 0000000000..90c4f056ef --- /dev/null +++ b/linkerd.io/content/blog/2024/0425-edge-release-roundup.md @@ -0,0 +1,188 @@ +--- +author: 'flynn' +date: 2024-04-25T00:00:00Z +title: |- + Linkerd Edge Release Roundup: April 2024 +url: + /2024/04/25/linkerd-edge-release-roundup/ +thumbnail: '/uploads/2023/06/roundup-clocks-square.png' +featuredImage: '/uploads/2023/06/roundup-clocks-rect.png' +tags: [Linkerd, linkerd, edge, release, roundup] +featured: false +--- + +{{< fig + alt="April 2024 Linkerd Edge Release Roundup" + src="/uploads/2023/06/roundup-clocks-rect.png" >}} + +Welcome to the April 2024 Edge Release Roundup post, where we dive into the +most recent edge releases to help keep everyone up to date on the latest and +greatest! This month, we're covering the releases from `edge-24.4.5` back to +`edge-24.3.3` -- there's a lot here so we'll get right into it. + +## How to give feedback + +Remember, edge releases are a snapshot of our current development work on +`main`; by definition, they always have the most recent features but they may +have incomplete features, features that end up getting rolled back later, or +(gasp!) even bugs. If you're running edge releases, it's _very_ important that +you send us feedback on how things are going for you! + +We would be delighted to hear how these releases work out for you! You can +open [a GitHub issue](https://github.com/linkerd/linkerd2/issues/) or +[discussion](https://github.com/linkerd/linkerd2/discussions/), join us on +[Slack](https://slack.linkerd.io), or visit the [Buoyant Linkerd +Forum](https://linkerd.buoyant.io) -- all are great ways to reach us. + +## Community contributions + +We couldn't do what we do without the Linkerd community, and this batch of +releases is definitely no exception. Huge thanks to [Adarsh Jaiswal], [Akshay +Dongaonkar], [Cemal Y. Dalar], [Firas Medini], [Grigoriy Mikhalkin], +[hanghuge], [Heiko Voigt], [Ilia Lazebnik], [Hirotaka Tagawa], and +[occupyhabit] for their contributions! You'll find more information about all +of these contributions in the release-by-release details below. + +[hanghuge]: https://github.com/hanghuge +[Grigoriy Mikhalkin]: https://github.com/GrigoriyMikhalkin +[occupyhabit]: https://github.com/occupyhabit +[Firas Medini]: https://github.com/mdnfiras +[Adarsh jaiswal]: https://github.com/Adarsh-jaiss +[Hirotaka Tagawa]: https://github.com/wafuwafu13 +[Cemal Y. Dalar]: https://github.com/cdalar +[Ilia Lazebnik]: https://github.com/DrFaust92 +[Akshay Dongaonkar]: https://github.com/doubletooth +[Heiko Voigt]: https://github.com/hvoigt + +## Breaking changes and recommendations + +There are no breaking changes in these releases. However, we have two specific +recommendations: + +- We recommend `edge-24.4.4` instead of `edge-24.4.3` due to a metrics-naming + regression in `edge-24.4.3`. +- We recommend `edge-24.3.4` instead of `edge-24.3.3` since `edge-24.3.4` + contains an important fix for Gateway API users. + +## The releases + +Recent edge releases have been mostly focused on upcoming IPv6 support and +some significant bugfixes. Of course, each edge release has _many_ dependency +updates; we won't list them all here, but you can find them in the release +notes for each release. + +_(Last Roundup we did these in chronological order, but we're switching this +time to reverse chronological order, starting with the most recent.)_ + +### [`edge-24.4.5`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.5) (April 25, 2024) + +This edge release fixes support for native sidecars in the Linkerd CNI plugin, +continues work on upcoming IPv6 support, and allows setting +`revisionHistoryLimit` when installing with Helm to specify how many +ReplicaSets to keep around for rollback purposes (thanks, [Ilia Lazebnik]!) + +It also allows setting certain HTTP/2 server parameters using environment +variables in the proxy container (see [proxy PR 2924] if you think you need +this!). + +[proxy PR 2924]: https://github.com/linkerd/linkerd2-proxy/pull/2924 + +### [`edge-24.4.4`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.4) (April 18, 2024) + +This edge release fixes a metrics naming regression introduced in the previous +release, restoring the `outbound_http_...` metrics to their correct names +instead of duplicating `http`. + +### [`edge-24.4.3`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.3) (April 18, 2024) + +_We recommend `edge-24.4.4` instead of this release due to a metrics-naming regression in `edge-24.4.3`._ + +This edge release fixes the second of two issues where where +`policy.linkerd.io` HTTPRoutes could be endlessly patched even when they +weren't changing ([issue 12310]). + +[issue 12310]: https://github.com/linkerd/linkerd2/issues/12310 + +### [`edge-24.4.2`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.2) (April 11, 2024) + +This edge release fixes an issue where the service mirror controller would +panic if it encountered an error listing mirror services while fixing its list +of endpoints, and continues work on upcoming IPv6 support. It also allows +correctly setting policy controller resources via Helm, instead of just +defaulting them to the same as the destination controller (thanks, [Grigoriy +Mikhalkin]!), allows relabeling metrics to customize how high-cardinality +metrics get handled (thanks, [Heiko Voigt]!), and does a little cleanup of +documentation in the code (thanks, [hanghuge]!). Finally, it adds a new +`linkerd diagnostics profile` command which gives low-level visibility into +which ServiceProfile is attached to a given address. + +### [`edge-24.4.1`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.1) (April 4, 2024) + +This edge release continues work on upcoming IPv6 support. + +### [`edge-24.3.5`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.3.5) (March 28, 2024) + +This edge release adds metrics to the queue of HTTPRoute status updates and +makes the ExternalWorkload resource's status as a subresource, as it always +should have been. It also corrects the scope of the proxy-injector, +tap-injector, and jaeger-injector mutating webhook rules to Namespaced (thanks +[Firas Medini]!), and cleans up some documentation in the code (thanks +[occupyhabit]!). + +### [`edge-24.3.4`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.3.4) (March 22, 2024) + +This edge release fixes the first of two issues where `policy.linkerd.io` +HTTPRoutes could be endlessly patched even when they weren't changing ([issue +12104]), and another where the destination controller could generate large +numbers of unnecessary endpoint updates when a Server changed. It also adds +default values to generated docs for the `proxy-*-connect-timeout` annotations +(thanks [Akshay Dongaonkar]!), fixes excessive logging in the injector webhook +([issue 12186], thanks [Adarsh Jaiswal]!), and cleans up an unneeded error +message from the destination controller (thanks [Hirotaka Tagawa]!). + +Finally, this edge release fixes an issue that could mistakenly turn off local +traffic policy when an endpoint is removed ([issue 12311]), adds a timeout to +HTTPRoute status patches, continues work on upcoming IPv6 support, and stops +unnecessarily checking about injecting the `kube-system` namespace when +running in HA mode. + +[issue 12186]: https://github.com/linkerd/linkerd2/issues/12186 +[issue 12104]: https://github.com/linkerd/linkerd2/issues/12104 +[issue 12311]: https://github.com/linkerd/linkerd2/issues/12311 + +### [`edge-24.3.3`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.3.3) (March 14, 2024) + +_We recommend `edge-24.3.4` instead of this release since `edge-24.3.4` +contains an important fix._ + +This edge release allows configuring the pod disruption budget via Helm +([issue 11321], thanks [Cemal Y. Dalar]!). + +[issue 11321]: https://github.com/linkerd/linkerd2/issues/11321 + +## Installing the latest edge release + +Installing the latest edge release needs just a single command. + +```bash +curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install-edge | sh +``` + +You can also [install edge releases with Helm](https://linkerd.io/2.15/tasks/install-helm/). + +## Linkerd is for everyone + +Linkerd is a graduated project of the [Cloud Native Computing +Foundation](https://cncf.io/). Linkerd is [committed to open +governance.](/2019/10/03/linkerds-commitment-to-open-governance/) If you have +feature requests, questions, or comments, we'd love to have you join our +rapidly-growing community! Linkerd is hosted on +[GitHub](https://github.com/linkerd/), and we have a thriving community on +[Slack](https://slack.linkerd.io/), [Twitter](https://twitter.com/linkerd), and +in [mailing lists](/community/get-involved/). Come and join the fun! + +---- + +_Linkerd generally does new edge releases weekly; watch this space to keep +up-to-date. Feedback on this blog series is welcome! Just ping `@flynn` on the +[Linkerd Slack](https://slack.linkerd.io)._ From e7bac7755bb7effa210f23a44e714252b8036051 Mon Sep 17 00:00:00 2001 From: William Morgan Date: Tue, 7 May 2024 14:45:25 -0500 Subject: [PATCH 4/7] clarify release and version guidance (#1774) * clarify release and version guidance Signed-off-by: William Morgan * lint Signed-off-by: William Morgan --------- Signed-off-by: William Morgan --- linkerd.io/content/releases/_index.md | 46 ++++++++++++++-------- linkerd.io/layouts/partials/sidebar-2.html | 2 +- 2 files changed, 30 insertions(+), 18 deletions(-) diff --git a/linkerd.io/content/releases/_index.md b/linkerd.io/content/releases/_index.md index 370262f349..d88cf58b3d 100644 --- a/linkerd.io/content/releases/_index.md +++ b/linkerd.io/content/releases/_index.md @@ -1,40 +1,52 @@ +++ -title = "Releases" +title = "Releases and Versions" aliases = [ "edge" ] weight = 18 +++ -Releases and packages of Linkerd are available in several different forms. +Releases of Linkerd are available in several different forms. ## Stable releases -As of February 2024, the Linkerd project is no longer producing open source -stable release artifacts. Instead, the vendor community around Linkerd is -responsible for supported, stable release artifacts. +Stable release artifacts of Linkerd follow semantic versioning, whereby changes +in major version denote large feature additions and possible breaking changes +and changes in minor versions denote safe upgrades without breaking changes. -Known distributions of Linkerd with stable release artifacts include: +As of February 2024, Linkerd no longer provides stable release artifacts in the +open source project itself. Instead, the vendor community around Linkerd is +responsible for creating stable release artifacts. Known distributions of +Linkerd with stable release artifacts include: - [Buoyant Enterprise for Linkerd](https://docs.buoyant.io/buoyant-enterprise-linkerd) - from Buoyant, creators of Linkerd. + from Buoyant, creators of Linkerd. Latest version: **enterprise-2.15.2** [[release notes](https://docs.buoyant.io/release-notes/buoyant-enterprise-linkerd/enterprise-2.15.2/)]. ## Edge releases -All Linkerd development happens "on main": all changes, whether security -patches, new features, refactors, bug fixes, or something else, land on the main -branch. +Edge release artifacts are published on a weekly or near-weekly basis as part of +the open source project. The full list of edge release artifacts can be found on +[the Linkerd GitHub releases +page](https://github.com/linkerd/linkerd2/releases). -Edge release artifacts contain the latest code in from the main branch, at the -point in time when they were cut. This means they have the latest features and -fixes, but it also means may involve partial features that are later modified or -backed out. They may involve breaking changes—of course, we do our best to avoid +Edge release artifacts contain the code in from the _main_ branch at the point +in time when they were cut. This means they always have the latest features and +fixes, and have undergone automated testing as well as maintianer code review. +Edge releases may involve partial features that are later modified or backed +out. They may also involve breaking changes—of course, we do our best to avoid this. -Using edge release artifacts and reporting bugs is a great way to help Linkerd. +Edge release versioning follows the form `edge-y.m.n`, where `y` is the last two +digits of the year, `m` is the numeric month, and `n` is numeric edge release +count for that month. For example: -The full list of edge release artifacts can be found on -[the Linkerd GitHub releases page](https://github.com/linkerd/linkerd2/releases). +- `edge-23.9.1`: the first edge release shipped in September 2023 +- `edge-24.1.3`: the third edge release shipped in January 2024 + +Using edge release artifacts and reporting bugs helps us ensure a rapid pace of +development and is a great way to help Linkerd. We publish edge release guidance +as part of the release notes and strive to always provide production-ready +artifacts. diff --git a/linkerd.io/layouts/partials/sidebar-2.html b/linkerd.io/layouts/partials/sidebar-2.html index 3907a2e991..ec30e39c16 100644 --- a/linkerd.io/layouts/partials/sidebar-2.html +++ b/linkerd.io/layouts/partials/sidebar-2.html @@ -98,7 +98,7 @@
  • - Releases + Releases and Versions
  • From 6de4a85945dbed996575cf1572e85b26476014ca Mon Sep 17 00:00:00 2001 From: William Morgan Date: Tue, 7 May 2024 14:50:29 -0500 Subject: [PATCH 5/7] remove deprecated --short arg to kubectl version (#1765) As of Kubernetes 1.27, the `--short` arg to kubectl version is deprecated and prints a warning. As of Kubernetes 1.28, using it results in an error. Signed-off-by: William Morgan Co-authored-by: Flynn --- linkerd.io/content/2-edge/getting-started/_index.md | 2 +- linkerd.io/content/2.15/getting-started/_index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/linkerd.io/content/2-edge/getting-started/_index.md b/linkerd.io/content/2-edge/getting-started/_index.md index 2f85902645..861517e7ad 100644 --- a/linkerd.io/content/2-edge/getting-started/_index.md +++ b/linkerd.io/content/2-edge/getting-started/_index.md @@ -42,7 +42,7 @@ more](https://kubernetes.io/docs/setup/).) Validate your Kubernetes setup by running: ```bash -kubectl version --short +kubectl version ``` You should see output with both a `Client Version` and `Server Version` diff --git a/linkerd.io/content/2.15/getting-started/_index.md b/linkerd.io/content/2.15/getting-started/_index.md index 4083e74f3a..3adedd5f40 100644 --- a/linkerd.io/content/2.15/getting-started/_index.md +++ b/linkerd.io/content/2.15/getting-started/_index.md @@ -38,7 +38,7 @@ more](https://kubernetes.io/docs/setup/).) Validate your Kubernetes setup by running: ```bash -kubectl version --short +kubectl version ``` You should see output with both a `Client Version` and `Server Version` From e2aac773e2479dd3c5f4a33a9702e25fd5dd8284 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 May 2024 15:51:20 -0400 Subject: [PATCH 6/7] fix(deps): bump actions/download-artifact from 4.1.2 to 4.1.7 (#1772) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.2 to 4.1.7. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4.1.2...v4.1.7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Flynn --- .github/workflows/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/install.yml b/.github/workflows/install.yml index a05b529e4f..bc68b7f83f 100644 --- a/.github/workflows/install.yml +++ b/.github/workflows/install.yml @@ -50,7 +50,7 @@ jobs: needs: [build] steps: - - uses: actions/download-artifact@v4.1.2 + - uses: actions/download-artifact@v4.1.7 with: name: run.linkerd.io From 2cc756316a0eb7a8a62190089eb45cd300784fd4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 May 2024 15:52:07 -0400 Subject: [PATCH 7/7] fix(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 (#1771) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Flynn --- .github/workflows/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/install.yml b/.github/workflows/install.yml index bc68b7f83f..d6eb3ac77d 100644 --- a/.github/workflows/install.yml +++ b/.github/workflows/install.yml @@ -36,7 +36,7 @@ jobs: run: | make build-run.linkerd.io - - uses: actions/upload-artifact@v4.3.1 + - uses: actions/upload-artifact@v4.3.3 with: name: run.linkerd.io path: tmp/run.linkerd.io/public