diff --git a/.devcontainer/on-create.sh b/.devcontainer/on-create.sh index 4fc59f2d29..beff9fbedd 100755 --- a/.devcontainer/on-create.sh +++ b/.devcontainer/on-create.sh @@ -5,7 +5,7 @@ set -euo pipefail cd $(mktemp -d) # hugo -scurl -O https://github.com/gohugoio/hugo/releases/download/v0.121.2/hugo_extended_0.121.2_linux-amd64.deb +scurl -O https://github.com/gohugoio/hugo/releases/download/v0.126.1/hugo_extended_0.126.1_linux-amd64.deb sudo dpkg -i hugo*.deb rm hugo*.deb @@ -22,4 +22,4 @@ echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.clou scurl https://packages.cloud.google.com/apt/doc/apt-key.gpg \ | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - sudo apt-get update -sudo apt-get install google-cloud-cli +sudo apt-get install -y google-cloud-cli diff --git a/.github/workflows/install.yml b/.github/workflows/install.yml index a05b529e4f..d6eb3ac77d 100644 --- a/.github/workflows/install.yml +++ b/.github/workflows/install.yml @@ -36,7 +36,7 @@ jobs: run: | make build-run.linkerd.io - - uses: actions/upload-artifact@v4.3.1 + - uses: actions/upload-artifact@v4.3.3 with: name: run.linkerd.io path: tmp/run.linkerd.io/public @@ -50,7 +50,7 @@ jobs: needs: [build] steps: - - uses: actions/download-artifact@v4.1.2 + - uses: actions/download-artifact@v4.1.7 with: name: run.linkerd.io diff --git a/MAINTAINERS.md b/MAINTAINERS.md index 4f9094f48f..defb7c4da6 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -1,8 +1,2 @@ The maintainers of the Linkerd website are the Linkerd maintainers listed in -https://github.com/linkerd/linkerd2/blob/main/MAINTAINERS.md, plus: - -- Paul Michael Armstrong (@PaulMichaelArmstrong) -- Charles Pretzer (@cpretzer) -- William Morgan (@wmorgan) - -If you'd like to become a maintainer, just come talk to us! +https://github.com/linkerd/linkerd2/blob/main/MAINTAINERS.md. diff --git a/linkerd.io/.htmltest.yml b/linkerd.io/.htmltest.yml index ca0c87b84e..ef55bda507 100644 --- a/linkerd.io/.htmltest.yml +++ b/linkerd.io/.htmltest.yml @@ -23,6 +23,7 @@ IgnoreURLs: - https://godaddy.com/ - https://www.linkedin.com/ - https://tools.ietf.org/ + - ^/2/* DirectoryPath: public TestFilesConcurrently: true DocumentConcurrencyLimit: 16 diff --git a/linkerd.io/assets/js/follow-linkedin.js b/linkerd.io/assets/js/follow-linkedin.js new file mode 100644 index 0000000000..b1f0280061 --- /dev/null +++ b/linkerd.io/assets/js/follow-linkedin.js @@ -0,0 +1,9 @@ +setTimeout(function(){ + var buttonWrapper = document.querySelector('.linkedin__btn'); + widthOriginal = buttonWrapper.getBoundingClientRect().width; + //console.log("-"+widthOriginal); + + if(widthOriginal>99){ + buttonWrapper.style.display = 'none'; + } +}, 2300); diff --git a/linkerd.io/assets/scss/styles.scss b/linkerd.io/assets/scss/styles.scss index 707453135b..ed407fdb0a 100644 --- a/linkerd.io/assets/scss/styles.scss +++ b/linkerd.io/assets/scss/styles.scss @@ -925,3 +925,7 @@ blockquote { .modal-content { width: 95%; } + +.linkedin__btn{ + z-index: 999; display: block; top: 100px; right: -5px; position: fixed; +} \ No newline at end of file diff --git a/linkerd.io/content/2-edge/getting-started/_index.md b/linkerd.io/content/2-edge/getting-started/_index.md index 2f85902645..861517e7ad 100644 --- a/linkerd.io/content/2-edge/getting-started/_index.md +++ b/linkerd.io/content/2-edge/getting-started/_index.md @@ -42,7 +42,7 @@ more](https://kubernetes.io/docs/setup/).) Validate your Kubernetes setup by running: ```bash -kubectl version --short +kubectl version ``` You should see output with both a `Client Version` and `Server Version` diff --git a/linkerd.io/content/2-edge/tasks/distributed-tracing.md b/linkerd.io/content/2-edge/tasks/distributed-tracing.md index ad532d71d0..4fb66ff3e7 100644 --- a/linkerd.io/content/2-edge/tasks/distributed-tracing.md +++ b/linkerd.io/content/2-edge/tasks/distributed-tracing.md @@ -209,7 +209,7 @@ The YAML file is merged with the [Helm values.yaml][helm-values] which shows other possible values that can be configured. -[helm-values]: https://github.com/linkerd/linkerd2/blob/stable-{{% latest-linkerd2-stable-version %}}.0/jaeger/charts/linkerd-jaeger/values.yaml +[helm-values]: https://github.com/linkerd/linkerd2/blob/main/jaeger/charts/linkerd-jaeger/values.yaml It is also possible to manually edit the OpenCensus configuration to have it export to any backend which it supports. See the diff --git a/linkerd.io/content/2-edge/tasks/upgrade.md b/linkerd.io/content/2-edge/tasks/upgrade.md index 0ae9a86c7b..71fecedc61 100644 --- a/linkerd.io/content/2-edge/tasks/upgrade.md +++ b/linkerd.io/content/2-edge/tasks/upgrade.md @@ -571,9 +571,9 @@ and then invoke those commands through `linkerd viz stat`, linkerd upgrade | kubectl apply --prune -l linkerd.io/control-plane-ns=linkerd -f - # Prune cluster-scoped resources linkerd upgrade | kubectl apply --prune -l linkerd.io/control-plane-ns=linkerd \ - --prune-whitelist=rbac.authorization.k8s.io/v1/clusterrole \ - --prune-whitelist=rbac.authorization.k8s.io/v1/clusterrolebinding \ - --prune-whitelist=apiregistration.k8s.io/v1/apiservice -f - + --prune-allowlist=rbac.authorization.k8s.io/v1/clusterrole \ + --prune-allowlist=rbac.authorization.k8s.io/v1/clusterrolebinding \ + --prune-allowlist=apiregistration.k8s.io/v1/apiservice -f - # Install the Linkerd-Viz extension to restore viz functionality. linkerd viz install | kubectl apply -f - ``` diff --git a/linkerd.io/content/2.10/checks/index.html b/linkerd.io/content/2.10/checks/index.html index 02f72f8874..d13700ee78 100644 --- a/linkerd.io/content/2.10/checks/index.html +++ b/linkerd.io/content/2.10/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.11/checks/index.html b/linkerd.io/content/2.11/checks/index.html index 01ca8a947c..d13700ee78 100644 --- a/linkerd.io/content/2.11/checks/index.html +++ b/linkerd.io/content/2.11/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.11/tasks/distributed-tracing.md b/linkerd.io/content/2.11/tasks/distributed-tracing.md index 3c7431709f..453c92c194 100644 --- a/linkerd.io/content/2.11/tasks/distributed-tracing.md +++ b/linkerd.io/content/2.11/tasks/distributed-tracing.md @@ -207,7 +207,7 @@ The YAML file is merged with the [Helm values.yaml][helm-values] which shows other possible values that can be configured. -[helm-values]: https://github.com/linkerd/linkerd2/blob/stable-{{% latest-linkerd2-stable-version %}}.0/jaeger/charts/linkerd-jaeger/values.yaml +[helm-values]: https://github.com/linkerd/linkerd2/blob/main/jaeger/charts/linkerd-jaeger/values.yaml It is also possible to manually edit the OpenCensus configuration to have it export to any backend which it supports. See the diff --git a/linkerd.io/content/2.12/checks/index.html b/linkerd.io/content/2.12/checks/index.html index bd0396fff6..d13700ee78 100644 --- a/linkerd.io/content/2.12/checks/index.html +++ b/linkerd.io/content/2.12/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.12/tasks/distributed-tracing.md b/linkerd.io/content/2.12/tasks/distributed-tracing.md index 3d673a2c3d..b18d5c1c89 100644 --- a/linkerd.io/content/2.12/tasks/distributed-tracing.md +++ b/linkerd.io/content/2.12/tasks/distributed-tracing.md @@ -207,7 +207,7 @@ The YAML file is merged with the [Helm values.yaml][helm-values] which shows other possible values that can be configured. -[helm-values]: https://github.com/linkerd/linkerd2/blob/stable-{{% latest-linkerd2-stable-version %}}.0/jaeger/charts/linkerd-jaeger/values.yaml +[helm-values]: https://github.com/linkerd/linkerd2/blob/main/jaeger/charts/linkerd-jaeger/values.yaml It is also possible to manually edit the OpenCensus configuration to have it export to any backend which it supports. See the diff --git a/linkerd.io/content/2.13/checks/index.html b/linkerd.io/content/2.13/checks/index.html index 8addaa3cc8..d13700ee78 100644 --- a/linkerd.io/content/2.13/checks/index.html +++ b/linkerd.io/content/2.13/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.13/tasks/distributed-tracing.md b/linkerd.io/content/2.13/tasks/distributed-tracing.md index ad532d71d0..4fb66ff3e7 100644 --- a/linkerd.io/content/2.13/tasks/distributed-tracing.md +++ b/linkerd.io/content/2.13/tasks/distributed-tracing.md @@ -209,7 +209,7 @@ The YAML file is merged with the [Helm values.yaml][helm-values] which shows other possible values that can be configured. -[helm-values]: https://github.com/linkerd/linkerd2/blob/stable-{{% latest-linkerd2-stable-version %}}.0/jaeger/charts/linkerd-jaeger/values.yaml +[helm-values]: https://github.com/linkerd/linkerd2/blob/main/jaeger/charts/linkerd-jaeger/values.yaml It is also possible to manually edit the OpenCensus configuration to have it export to any backend which it supports. See the diff --git a/linkerd.io/content/2.14/checks/index.html b/linkerd.io/content/2.14/checks/index.html index 2642385152..d13700ee78 100644 --- a/linkerd.io/content/2.14/checks/index.html +++ b/linkerd.io/content/2.14/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.14/tasks/configuring-timeouts.md b/linkerd.io/content/2.14/tasks/configuring-timeouts.md index 5fdfb6637f..5e8322121b 100644 --- a/linkerd.io/content/2.14/tasks/configuring-timeouts.md +++ b/linkerd.io/content/2.14/tasks/configuring-timeouts.md @@ -77,8 +77,7 @@ spec: Each [route](../../reference/service-profiles/#route) in a [ServiceProfile] may define a request timeout for requests matching that route. This timeout secifies the maximum amount of time to wait for a response (including retries) to -complete after the request is sent. If unspecified, the default timeout is 10 -seconds. +complete after the request is sent. ```yaml spec: diff --git a/linkerd.io/content/2.14/tasks/distributed-tracing.md b/linkerd.io/content/2.14/tasks/distributed-tracing.md index ad532d71d0..4fb66ff3e7 100644 --- a/linkerd.io/content/2.14/tasks/distributed-tracing.md +++ b/linkerd.io/content/2.14/tasks/distributed-tracing.md @@ -209,7 +209,7 @@ The YAML file is merged with the [Helm values.yaml][helm-values] which shows other possible values that can be configured. -[helm-values]: https://github.com/linkerd/linkerd2/blob/stable-{{% latest-linkerd2-stable-version %}}.0/jaeger/charts/linkerd-jaeger/values.yaml +[helm-values]: https://github.com/linkerd/linkerd2/blob/main/jaeger/charts/linkerd-jaeger/values.yaml It is also possible to manually edit the OpenCensus configuration to have it export to any backend which it supports. See the diff --git a/linkerd.io/content/2.15/checks/index.html b/linkerd.io/content/2.15/checks/index.html index 238c542fc6..d13700ee78 100644 --- a/linkerd.io/content/2.15/checks/index.html +++ b/linkerd.io/content/2.15/checks/index.html @@ -6,7 +6,7 @@ Linkerd Check Redirection diff --git a/linkerd.io/content/2.15/common-errors/_index.md b/linkerd.io/content/2.15/common-errors/_index.md new file mode 100644 index 0000000000..d635b5ef95 --- /dev/null +++ b/linkerd.io/content/2.15/common-errors/_index.md @@ -0,0 +1,21 @@ ++++ +title = "Common Errors" +weight = 10 +[sitemap] + priority = 1.0 ++++ + +Linkerd is generally robust, but things can always go wrong! You'll find +information here about the most common things that cause people trouble. + +## When in Doubt, Start With `linkerd check` + +Whenever you see anything that looks unusual about your mesh, **always** start +with `linkerd check`. It will check a long series of things that have caused +trouble for others and make sure that your configuration is sane, and it will +point you to help for any problems it finds. It's hard to overstate how useful +this command is. + +## Common Errors + +{{% sectiontoc "common-errors" %}} diff --git a/linkerd.io/content/2.15/common-errors/failfast.md b/linkerd.io/content/2.15/common-errors/failfast.md new file mode 100644 index 0000000000..5cd78c354e --- /dev/null +++ b/linkerd.io/content/2.15/common-errors/failfast.md @@ -0,0 +1,18 @@ ++++ +title = "Failfast" +description = "Failfast means that no endpoints are available." ++++ + +If Linkerd reports that a given service is in the _failfast_ state, it +means that the proxy has determined that there are no available endpoints +for that service. In this situation there's no point in the proxy trying +to actually make a connection to the service - it already knows that it +can't talk to it - so it reports that the service is in failfast and +immediately returns an error from the proxy. + +The error will be either a 503 or a 504; see below for more information, +but if you already know that the service is in failfast because you saw +it in the logs, that's the important part. + +To get out of failfast, some endpoints for the service have to +become available. diff --git a/linkerd.io/content/2.15/common-errors/http-502.md b/linkerd.io/content/2.15/common-errors/http-502.md new file mode 100644 index 0000000000..7205d049a1 --- /dev/null +++ b/linkerd.io/content/2.15/common-errors/http-502.md @@ -0,0 +1,11 @@ ++++ +title = "HTTP 502 Errors" +description = "HTTP 502 means connection errors between proxies." ++++ + +The Linkerd proxy will return a 502 error for connection errors between +proxies. Unfortunately it's fairly common to see an uptick in 502s when +first meshing a workload that hasn't previously been used with a mesh, +because the mesh surfaces errors that were previously invisible! + +There's actually a whole page on [debugging 502s](../../tasks/debugging-502s/). diff --git a/linkerd.io/content/2.15/common-errors/http-503-504.md b/linkerd.io/content/2.15/common-errors/http-503-504.md new file mode 100644 index 0000000000..a8777413af --- /dev/null +++ b/linkerd.io/content/2.15/common-errors/http-503-504.md @@ -0,0 +1,27 @@ ++++ +title = "HTTP 503 and 504 Errors" +description = "HTTP 503 and 504 mean overloaded workloads." ++++ + +503s and 504s show up when a Linkerd proxy is trying to make so many +requests to a workload that it gets overwhelmed. + +When the workload next to a proxy makes a request, the proxy adds it +to an internal dispatch queue. When things are going smoothly, the +request is pulled from the queue and dispatched almost immediately. +If the queue gets too long, though (which can generally happen only +if the called service is slow to respond), the proxy will go into +_load-shedding_, where any new request gets an immediate 503. The +proxy can only get _out_ of load-shedding when the queue shrinks. + +Failfast also plays a role here: if the proxy puts a service into +failfast while there are requests in the dispatch queue, all the +requests in the dispatch queue get an immediate 504 before the +proxy goes into load-shedding. + +To get out of failfast, some endpoints for the service have to +become available. + +To get out of load-shedding, the dispatch queue has to start +emptying, which implies that the service has to get more capacity +to process requests or that the incoming request rate has to drop. diff --git a/linkerd.io/content/2.15/common-errors/protocol-detection.md b/linkerd.io/content/2.15/common-errors/protocol-detection.md new file mode 100644 index 0000000000..515b065515 --- /dev/null +++ b/linkerd.io/content/2.15/common-errors/protocol-detection.md @@ -0,0 +1,35 @@ ++++ +title = "Protocol Detection Errors" +description = "Protocol detection errors indicate that Linkerd doesn't understand the protocol in use." ++++ + +Linkerd is capable of proxying all TCP traffic, including TLS connections, +WebSockets, and HTTP tunneling. In most cases where the client speaks first +when a new connection is made, Linkerd can detect the protocol in use, +allowing it to perform per-request routing and metrics. + +If your proxy logs contain messages like `protocol detection timed out after +10s`, or you're experiencing 10-second delays when establishing connections, +you're probably running a situation where Linkerd cannot detect the protocol. +This is most common for protocols where the server speaks first, and the +client is waiting for information from the server. It may also occur with +non-HTTP protocols for which Linkerd doesn't yet understand the wire format of +a request. + +You'll need to understand exactly what the situation is to fix this: + +- A server-speaks-first protocol will probably need to be configured as a + `skip` or `opaque` port, as described in the [protocol detection + documentation](../../features/protocol-detection/#configuring-protocol-detection). + +- If you're seeing transient protocol detection timeouts, this is more likely + to indicate a misbehaving workload. + +- If you know the protocol is client-speaks-first but you're getting + consistent protocol detection timeouts, you'll probably need to fall back on + a `skip` or `opaque` port. + +Note that marking ports as `skip` or `opaque` has ramifications beyond +protocol detection timeouts; see the [protocol detection +documentation](../../features/protocol-detection/#configuring-protocol-detection) +for more information. diff --git a/linkerd.io/content/2.15/getting-started/_index.md b/linkerd.io/content/2.15/getting-started/_index.md index cba8805f0d..3adedd5f40 100644 --- a/linkerd.io/content/2.15/getting-started/_index.md +++ b/linkerd.io/content/2.15/getting-started/_index.md @@ -23,11 +23,7 @@ install the *CLI* (command-line interface) onto your local machine. Using this CLI, you'll then install the *control plane* onto your Kubernetes cluster. Finally, you'll "mesh" an application by adding Linkerd's *data plane* to it. -{{< note >}} -This page contains quick start instructions intended for non-production -installations. For production-oriented configurations, we suggest reviewing -resources in [Going to Production](/going-to-production/). -{{< /note >}} +{{< releases >}} ## Step 0: Setup @@ -42,7 +38,7 @@ more](https://kubernetes.io/docs/setup/).) Validate your Kubernetes setup by running: ```bash -kubectl version --short +kubectl version ``` You should see output with both a `Client Version` and `Server Version` diff --git a/linkerd.io/content/2.15/reference/helm-chart-version-matrix.md b/linkerd.io/content/2.15/reference/helm-chart-version-matrix.md new file mode 100644 index 0000000000..5785c30ab3 --- /dev/null +++ b/linkerd.io/content/2.15/reference/helm-chart-version-matrix.md @@ -0,0 +1,13 @@ ++++ +title = "Helm Chart Version Matrix" ++++ + +The following version matrices include only the latest versions of the stable +releases along with corresponding app and Helm versions for Linkerd and +extensions. Use these to guide you to the right Helm chart version or to +automate workflows you might have. + +* [YAML matrix](/releases/release_matrix.yaml) +* [JSON matrix](/releases/release_matrix.json) + +{{< release-data-table />}} diff --git a/linkerd.io/content/2.15/tasks/distributed-tracing.md b/linkerd.io/content/2.15/tasks/distributed-tracing.md index ad532d71d0..4fb66ff3e7 100644 --- a/linkerd.io/content/2.15/tasks/distributed-tracing.md +++ b/linkerd.io/content/2.15/tasks/distributed-tracing.md @@ -209,7 +209,7 @@ The YAML file is merged with the [Helm values.yaml][helm-values] which shows other possible values that can be configured. -[helm-values]: https://github.com/linkerd/linkerd2/blob/stable-{{% latest-linkerd2-stable-version %}}.0/jaeger/charts/linkerd-jaeger/values.yaml +[helm-values]: https://github.com/linkerd/linkerd2/blob/main/jaeger/charts/linkerd-jaeger/values.yaml It is also possible to manually edit the OpenCensus configuration to have it export to any backend which it supports. See the diff --git a/linkerd.io/content/2.15/tasks/install-helm.md b/linkerd.io/content/2.15/tasks/install-helm.md index b604602aea..0628274ef2 100644 --- a/linkerd.io/content/2.15/tasks/install-helm.md +++ b/linkerd.io/content/2.15/tasks/install-helm.md @@ -6,43 +6,34 @@ description = "Install Linkerd onto your Kubernetes cluster using Helm." Linkerd can be installed via Helm rather than with the `linkerd install` command. This is recommended for production, since it allows for repeatability. -{{< trylpt >}} +{{< releases >}} -## Prerequisite: generate identity certificates +## Prerequisite: generate mTLS certificates To do [automatic mutual TLS](../../features/automatic-mtls/), Linkerd requires trust anchor certificate and an issuer certificate and key pair. When you're -using `linkerd install`, we can generate these for you. However, for Helm, -you will need to generate these yourself. +using `linkerd install`, we can generate these for you. However, for Helm, you +will need to generate these yourself. -Please follow the instructions in [Generating your own mTLS root -certificates](../generate-certificates/) to generate these. +Please follow the instructions in +[Generating your own mTLS root certificates](../generate-certificates/) to +generate these. -## Helm install procedure for stable releases +## Helm install procedure ```bash -# To add the repo for Linkerd stable releases: -helm repo add linkerd https://helm.linkerd.io/stable - -# To add the repo for Linkerd edge releases: +# Add the Helm repo for Linkerd edge releases: helm repo add linkerd-edge https://helm.linkerd.io/edge ``` -The following instructions use the `linkerd` repo. For installing an edge -release, just replace with `linkerd-edge`, and add the `--devel` flag to all -commands. - -## Helm install procedure - You need to install two separate charts in succession: first `linkerd-crds` and then `linkerd-control-plane`. -{{< note >}} -If installing Linkerd in a cluster that uses Cilium in kube-proxy replacement -mode, additional steps may be needed to ensure service discovery works as -intended. Instrunctions are on the [Cilium cluster -configuration](../../reference/cluster-configuration/#cilium) page. -{{< /note >}} +{{< note >}} If installing Linkerd in a cluster that uses Cilium in kube-proxy +replacement mode, additional steps may be needed to ensure service discovery +works as intended. Instrunctions are on the +[Cilium cluster configuration](../../reference/cluster-configuration/#cilium) +page. {{< /note >}} ### linkerd-crds @@ -53,15 +44,12 @@ helm install linkerd-crds linkerd/linkerd-crds \ -n linkerd --create-namespace ``` -{{< note >}} -This will create the `linkerd` namespace. If it already exists or you're -creating it beforehand elsewhere in your pipeline, just omit the -`--create-namespace` flag. -{{< /note >}} +{{< note >}} This will create the `linkerd` namespace. If it already exists or +you're creating it beforehand elsewhere in your pipeline, just omit the +`--create-namespace` flag. {{< /note >}} -{{< note >}} -If you are using [Linkerd's CNI plugin](../../features/cni/), you must also add the -`--set cniEnabled=true` flag to your `helm install` command. +{{< note >}} If you are using [Linkerd's CNI plugin](../../features/cni/), you +must also add the `--set cniEnabled=true` flag to your `helm install` command. {{< /note >}} ### linkerd-control-plane @@ -77,17 +65,17 @@ helm install linkerd-control-plane \ linkerd/linkerd-control-plane ``` -{{< note >}} -If you are using [Linkerd's CNI plugin](../../features/cni/), you must also add the -`--set cniEnabled=true` flag to your `helm install` command. +{{< note >}} If you are using [Linkerd's CNI plugin](../../features/cni/), you +must also add the `--set cniEnabled=true` flag to your `helm install` command. {{< /note >}} ## Enabling high availability mode -The `linkerd-control-plane` chart contains a file `values-ha.yaml` that overrides -some default values to set things up under a high-availability scenario, analogous -to the `--ha` option in `linkerd install`. Values such as higher number of -replicas, higher memory/cpu limits, and affinities are specified in those files. +The `linkerd-control-plane` chart contains a file `values-ha.yaml` that +overrides some default values to set things up under a high-availability +scenario, analogous to the `--ha` option in `linkerd install`. Values such as +higher number of replicas, higher memory/cpu limits, and affinities are +specified in those files. You can get `values-ha.yaml` by fetching the chart file: @@ -117,36 +105,33 @@ helm repo update helm search repo linkerd NAME CHART VERSION APP VERSION DESCRIPTION linkerd/linkerd-crds Linkerd gives you observability, reliability, and securit... -linkerd/linkerd-control-plane {{% latestversion %}} Linkerd gives you observability, reliability, and securit... +linkerd/linkerd-control-plane {{% latestedge %}} Linkerd gives you observability, reliability, and securit... ``` During an upgrade, you must choose whether you want to reuse the values in the -chart or move to the values specified in the newer chart. Our advice is to use -a `values.yaml` file that stores all custom overrides that you have for your +chart or move to the values specified in the newer chart. Our advice is to use a +`values.yaml` file that stores all custom overrides that you have for your chart. The `helm upgrade` command has a number of flags that allow you to customize its behavior. Special attention should be paid to `--reuse-values` and `--reset-values` and how they behave when charts change from version to version -and/or overrides are applied through `--set` and `--set-file`. For example: +and/or overrides are applied through `--set` and `--set-file`. For example: - `--reuse-values` with no overrides - all values are reused - `--reuse-values` with overrides - all except the values that are overridden -are reused -- `--reset-values` with no overrides - no values are reused and all changes -from provided release are applied during the upgrade + are reused +- `--reset-values` with no overrides - no values are reused and all changes from + provided release are applied during the upgrade - `--reset-values` with overrides - no values are reused and changed from -provided release are applied together with the overrides + provided release are applied together with the overrides - no flag and no overrides - `--reuse-values` will be used by default - no flag and overrides - `--reset-values` will be used by default -Finally, before upgrading, check whether there are breaking changes to the chart -(i.e. renamed or moved keys, etc). You can consult the -[stable](https://artifacthub.io/packages/helm/linkerd2/linkerd-control-plane#values) -or the -[edge](https://artifacthub.io/packages/helm/linkerd2-edge/linkerd-control-plane#values) -chart docs, depending on -which one your are upgrading to. If there are, make the corresponding changes to +Finally, before upgrading, you can consult the +[edge chart](https://artifacthub.io/packages/helm/linkerd2-edge/linkerd-control-plane#values) +docs to check whether there are breaking changes to the chart (i.e. +renamed or moved keys, etc). If there are, make the corresponding changes to your `values.yaml` file. Then you can use: ```bash diff --git a/linkerd.io/content/2.15/tasks/install.md b/linkerd.io/content/2.15/tasks/install.md index db824e4c14..da26967ce9 100644 --- a/linkerd.io/content/2.15/tasks/install.md +++ b/linkerd.io/content/2.15/tasks/install.md @@ -16,13 +16,13 @@ Linkerd's control plane can be installed in two ways: with the CLI and with Helm. The CLI is convenient and easy, but for production use cases we recommend Helm which allows for repeatability. -{{< trylpt >}} - In either case, we recommend installing the CLI itself so that you can validate the success of the installation. See the [Getting Started Guide](../../getting-started/) for how to install the CLI if you haven't done this already. +{{< releases >}} + ## Requirements Linkerd requires a Kubernetes cluster on which to run. Where this cluster lives diff --git a/linkerd.io/content/2.15/tasks/troubleshooting.md b/linkerd.io/content/2.15/tasks/troubleshooting.md index 9b3072f6e2..202921f18d 100644 --- a/linkerd.io/content/2.15/tasks/troubleshooting.md +++ b/linkerd.io/content/2.15/tasks/troubleshooting.md @@ -385,8 +385,9 @@ try installing linkerd via --set proxyInit.runAsRoot=true see https://linkerd.io/2.11/checks/#l5d-proxy-init-run-as-root for hints ``` -Kubernetes nodes running with docker as the container runtime ([CRI](https://kubernetes.io/docs/concepts/architecture/cri/)) -require the init container to run as root for iptables. +Kubernetes nodes running with docker as the container runtime +([CRI](https://kubernetes.io/docs/concepts/architecture/cri/)) require the init +container to run as root for iptables. Newer distributions of managed k8s use containerd where this is not an issue. @@ -399,8 +400,8 @@ time="2021-11-15T04:41:31Z" level=info msg="iptables-save v1.8.7 (legacy): Canno ``` See [linkerd/linkerd2#7283](https://github.com/linkerd/linkerd2/issues/7283) and -[linkerd/linkerd2#7308](https://github.com/linkerd/linkerd2/issues/7308) -for further details. +[linkerd/linkerd2#7308](https://github.com/linkerd/linkerd2/issues/7308) for +further details. ## The "linkerd-existence" checks {#l5d-existence} @@ -501,8 +502,8 @@ Example failure: Failures of such nature indicate that your roots have expired. If that is the case you will have to update both the root and issuer certificates at once. You can follow the process outlined in -[Replacing Expired Certificates](../replacing_expired_certificates/) to -get your cluster back to a stable state. +[Replacing Expired Certificates](../replacing_expired_certificates/) to get your +cluster back to a stable state. ### √ trust roots are valid for at least 60 days {#l5d-identity-trustAnchors-not-expiring-soon} @@ -646,9 +647,9 @@ Example failure: see https://linkerd.io/checks/#l5d-proxy-injector-webhook-cert-not-expiring-soon for hints ``` -This warning indicates that the expiry of proxy-injnector webhook -cert is approaching. In order to address this -problem without incurring downtime, you can follow the process outlined in +This warning indicates that the expiry of proxy-injnector webhook cert is +approaching. In order to address this problem without incurring downtime, you +can follow the process outlined in [Automatically Rotating your webhook TLS Credentials](../automatically-rotating-webhook-tls-credentials/). ### √ sp-validator webhook has valid cert {#l5d-sp-validator-webhook-cert-valid} @@ -685,9 +686,9 @@ Example failure: see https://linkerd.io/checks/#l5d-sp-validator-webhook-cert-not-expiring-soon for hints ``` -This warning indicates that the expiry of sp-validator webhook -cert is approaching. In order to address this -problem without incurring downtime, you can follow the process outlined in +This warning indicates that the expiry of sp-validator webhook cert is +approaching. In order to address this problem without incurring downtime, you +can follow the process outlined in [Automatically Rotating your webhook TLS Credentials](../automatically-rotating-webhook-tls-credentials/). ### √ policy-validator webhook has valid cert {#l5d-policy-validator-webhook-cert-valid} @@ -700,8 +701,8 @@ Example failure: see https://linkerd.io/checks/#l5d-policy-validator-webhook-cert-valid for hints ``` -Ensure that the `linkerd-policy-validator-k8s-tls` secret exists and contains the -appropriate `tls.crt` and `tls.key` data entries. +Ensure that the `linkerd-policy-validator-k8s-tls` secret exists and contains +the appropriate `tls.crt` and `tls.key` data entries. ```bash × policy-validator webhook has valid cert @@ -722,9 +723,9 @@ Example failure: see https://linkerd.io/checks/#l5d-policy-validator-webhook-cert-not-expiring-soon for hints ``` -This warning indicates that the expiry of policy-validator webhook -cert is approaching. In order to address this -problem without incurring downtime, you can follow the process outlined in +This warning indicates that the expiry of policy-validator webhook cert is +approaching. In order to address this problem without incurring downtime, you +can follow the process outlined in [Automatically Rotating your webhook TLS Credentials](../automatically-rotating-webhook-tls-credentials/). ## The "linkerd-identity-data-plane" checks {#l5d-identity-data-plane} @@ -820,9 +821,9 @@ Example failure: ``` Linkerd has a `clusterNetworks` setting which allows it to differentiate between -intra-cluster and egress traffic. This warning indicates that the cluster has -a podCIDR which is not included in Linkerd's `clusterNetworks`. Traffic to pods -in this network may not be meshed properly. To remedy this, update the +intra-cluster and egress traffic. This warning indicates that the cluster has a +podCIDR which is not included in Linkerd's `clusterNetworks`. Traffic to pods in +this network may not be meshed properly. To remedy this, update the `clusterNetworks` setting to include all pod networks in the cluster. ### √ cluster networks contains all pods {#l5d-cluster-networks-pods} @@ -840,8 +841,8 @@ Example failures: ``` Linkerd has a `clusterNetworks` setting which allows it to differentiate between -intra-cluster and egress traffic. This warning indicates that the cluster has -a pod or ClusterIP service which is not included in Linkerd's `clusterNetworks`. +intra-cluster and egress traffic. This warning indicates that the cluster has a +pod or ClusterIP service which is not included in Linkerd's `clusterNetworks`. Traffic to pods or services in this network may not be meshed properly. To remedy this, update the `clusterNetworks` setting to include all pod and service networks in the cluster. @@ -867,27 +868,89 @@ $ curl "https://versioncheck.linkerd.io/version.json?version=edge-19.1.2&uuid=te ### √ cli is up-to-date {#l5d-version-cli} -Example failure: +Example failures: + + + +**unsupported version channel** + + + +```bash +‼ cli is up-to-date + unsupported version channel: stable-2.14.10 +``` + +As of February 2024, the Linkerd project is no longer producing open source +stable release artifacts. Please read the +[2.15 announcement](/2024/02/21/announcing-linkerd-2.15/#a-new-model-for-stable-releases) +for details. + +See [the full list of Linkerd releases](/releases/) for ways to get Linkerd. + + + +**is running version X but the latest version is Y** + + ```bash ‼ cli is up-to-date is running version 19.1.1 but the latest edge version is 19.1.2 ``` -See the page on [Upgrading Linkerd](../../upgrade/). +There is a newer version of the `linkerd` cli. See the page on +[Upgrading Linkerd](../../upgrade/). ## The "control-plane-version" checks {#l5d-version-control} +### √ control plane is up-to-date {#l5d-version-control-up-to-date} + Example failures: + + +**unsupported version channel** + + + +```bash +‼ control plane is up-to-date + unsupported version channel: stable-2.14.10 +``` + +As of February 2024, the Linkerd project is no longer producing open source +stable release artifacts. Please read the +[2.15 announcement](/2024/02/21/announcing-linkerd-2.15/#a-new-model-for-stable-releases) +for details. + +See [the full list of Linkerd releases](/releases/) for ways to get Linkerd. + + + +**is running version X but the latest version is Y** + + + ```bash ‼ control plane is up-to-date is running version 19.1.1 but the latest edge version is 19.1.2 +``` + +There is a newer version of the control plane. See the page on +[Upgrading Linkerd](../../upgrade/). + +### √ control plane and cli versions match {#l5d-version-control-mismatched} + +Example failure: + +```bash ‼ control plane and cli versions match mismatched channels: running stable-2.1.0 but retrieved edge-19.1.2 ``` -See the page on [Upgrading Linkerd](../../upgrade/). +Your CLI and your control plane are running different types of releases. This +may cause issues. ## The "linkerd-control-plane-proxy" checks {#linkerd-control-plane-proxy} @@ -900,8 +963,8 @@ setting or re-install Linkerd as necessary. ### √ control plane proxies are up-to-date {#l5d-cp-proxy-version} This warning indicates the proxies running in the Linkerd control plane are -running an old version. We recommend downloading the latest Linkerd release -and [Upgrading Linkerd](../../upgrade/). +running an old version. We recommend downloading the latest Linkerd release and +[Upgrading Linkerd](../../upgrade/). ### √ control plane proxies and cli versions match {#l5d-cp-proxy-cli-version} @@ -990,8 +1053,8 @@ Example failure: config.linkerd.io/control-port ``` -`config.linkerd.io/*` or `config.alpha.linkerd.io/*` should -be annotations in order to take effect. +`config.linkerd.io/*` or `config.alpha.linkerd.io/*` should be annotations in +order to take effect. ### √ data plane service annotations are configured correctly {#l5d-data-plane-services-annotations} @@ -1004,8 +1067,7 @@ Example failure: mirror.linkerd.io/exported ``` -`mirror.linkerd.io/exported` should -be a label in order to take effect. +`mirror.linkerd.io/exported` should be a label in order to take effect. ### √ opaque ports are properly annotated {#linkerd-opaque-ports-definition} @@ -1020,11 +1082,11 @@ Example failure: If a Pod marks a port as opaque by using the `config.linkerd.io/opaque-ports` annotation, then any Service which targets that port must also use the `config.linkerd.io/opaque-ports` annotation to mark that port as opaque. Having -a port marked as opaque on the Pod but not the Service (or vice versa) can -cause inconsistent behavior depending on if traffic is sent to the Pod directly -(for example with a headless Service) or through a ClusterIP Service. This -error can be remedied by adding the `config.linkerd.io/opaque-ports` annotation -to both the Pod and Service. See +a port marked as opaque on the Pod but not the Service (or vice versa) can cause +inconsistent behavior depending on if traffic is sent to the Pod directly (for +example with a headless Service) or through a ClusterIP Service. This error can +be remedied by adding the `config.linkerd.io/opaque-ports` annotation to both +the Pod and Service. See [Protocol Detection](../../features/protocol-detection/) for more information. ## The "linkerd-ha-checks" checks {#l5d-ha} @@ -1071,11 +1133,10 @@ replicas running. This is likely caused by insufficient node resources. ### The "extensions" checks {#extensions} -When any [Extensions](../extensions/) are installed, The Linkerd binary -tries to invoke `check --output json` on the extension binaries. -It is important that the extension binaries implement it. -For more information, See [Extension -developer docs](https://github.com/linkerd/linkerd2/blob/main/EXTENSIONS.md) +When any [Extensions](../extensions/) are installed, The Linkerd binary tries to +invoke `check --output json` on the extension binaries. It is important that the +extension binaries implement it. For more information, See +[Extension developer docs](https://github.com/linkerd/linkerd2/blob/main/EXTENSIONS.md) Example error: @@ -1083,8 +1144,9 @@ Example error: invalid extension check output from \"jaeger\" (JSON object expected) ``` -Make sure that the extension binary implements `check --output json` -which returns the healthchecks in the [expected json format](https://github.com/linkerd/linkerd2/blob/main/EXTENSIONS.md#linkerd-name-check). +Make sure that the extension binary implements `check --output json` which +returns the healthchecks in the +[expected json format](https://github.com/linkerd/linkerd2/blob/main/EXTENSIONS.md#linkerd-name-check). Example error: @@ -1262,10 +1324,10 @@ Done configuring CNI. Sleep=true ## The "linkerd-multicluster checks {#l5d-multicluster} These checks run if the service mirroring controller has been installed. -Additionally they can be ran with `linkerd multicluster check`. -Most of these checks verify that the service mirroring controllers are working -correctly along with remote gateways. Furthermore the checks ensure that -end to end TLS is possible between paired clusters. +Additionally they can be ran with `linkerd multicluster check`. Most of these +checks verify that the service mirroring controllers are working correctly along +with remote gateways. Furthermore the checks ensure that end to end TLS is +possible between paired clusters. ### √ Link CRD exists {#l5d-multicluster-link-crd-exists} @@ -1308,8 +1370,8 @@ Example error: see https://linkerd.io/checks/#l5d-smc-target-clusters-access for hints ``` -Make sure the relevant Kube-config with relevant permissions. -for the specific target cluster is present as a secret correctly +Make sure the relevant Kube-config with relevant permissions. for the specific +target cluster is present as a secret correctly ### √ clusters share trust anchors {#l5d-multicluster-clusters-share-anchors} @@ -1483,12 +1545,11 @@ Example errors: ``` The error above indicates that some mirror services in the source cluster do not -have associated link. These mirror services are created by the Linkerd -service mirror controller when a remote service is marked to be -mirrored. +have associated link. These mirror services are created by the Linkerd service +mirror controller when a remote service is marked to be mirrored. -Make sure services are marked to be mirrored correctly at remote, and delete -if there are any unnecessary ones. +Make sure services are marked to be mirrored correctly at remote, and delete if +there are any unnecessary ones. ### √ multicluster extension proxies are healthy {#l5d-multicluster-proxy-healthy} @@ -1499,37 +1560,37 @@ correct setting or re-install as necessary. ### √ multicluster extension proxies are up-to-date {#l5d-multicluster-proxy-cp-version} This warning indicates the proxies running in the multicluster extension are -running an old version. We recommend downloading the latest linkerd-multicluster +running an old version. We recommend downloading the latest linkerd-multicluster and upgrading. ### √ multicluster extension proxies and cli versions match {#l5d-multicluster-proxy-cli-version} -This warning indicates that the proxies running in the multicluster extension are -running a different version from the Linkerd CLI. We recommend keeping this -versions in sync by updating either the CLI or linkerd-multicluster as necessary. +This warning indicates that the proxies running in the multicluster extension +are running a different version from the Linkerd CLI. We recommend keeping this +versions in sync by updating either the CLI or linkerd-multicluster as +necessary. ## The "linkerd-viz" checks {#l5d-viz} -These checks only run when the `linkerd-viz` extension is installed. -This check is intended to verify the installation of linkerd-viz -extension which comprises of `tap`, `web`, -`metrics-api` and optional `grafana` and `prometheus` instances -along with `tap-injector` which injects the specific -tap configuration to the proxies. +These checks only run when the `linkerd-viz` extension is installed. This check +is intended to verify the installation of linkerd-viz extension which comprises +of `tap`, `web`, `metrics-api` and optional `grafana` and `prometheus` instances +along with `tap-injector` which injects the specific tap configuration to the +proxies. ### √ linkerd-viz Namespace exists {#l5d-viz-ns-exists} -This is the basic check used to verify if the linkerd-viz extension -namespace is installed or not. The extension can be installed by running -the following command: +This is the basic check used to verify if the linkerd-viz extension namespace is +installed or not. The extension can be installed by running the following +command: ```bash linkerd viz install | kubectl apply -f - ``` -The installation can be configured by using the -`--set`, `--values`, `--set-string` and `--set-file` flags. -See [Linkerd Viz Readme](https://www.github.com/linkerd/linkerd2/tree/main/viz/charts/linkerd-viz/README.md) +The installation can be configured by using the `--set`, `--values`, +`--set-string` and `--set-file` flags. See +[Linkerd Viz Readme](https://www.github.com/linkerd/linkerd2/tree/main/viz/charts/linkerd-viz/README.md) for a full list of configurable fields. ### √ linkerd-viz ClusterRoles exist {#l5d-viz-cr-exists} @@ -1591,21 +1652,20 @@ yes ### √ viz extension proxies are healthy {#l5d-viz-proxy-healthy} -This error indicates that the proxies running in the viz extension are -not healthy. Ensure that linkerd-viz has been installed with all of the -correct setting or re-install as necessary. +This error indicates that the proxies running in the viz extension are not +healthy. Ensure that linkerd-viz has been installed with all of the correct +setting or re-install as necessary. ### √ viz extension proxies are up-to-date {#l5d-viz-proxy-cp-version} -This warning indicates the proxies running in the viz extension are -running an old version. We recommend downloading the latest linkerd-viz -and upgrading. +This warning indicates the proxies running in the viz extension are running an +old version. We recommend downloading the latest linkerd-viz and upgrading. ### √ viz extension proxies and cli versions match {#l5d-viz-proxy-cli-version} -This warning indicates that the proxies running in the viz extension are -running a different version from the Linkerd CLI. We recommend keeping this -versions in sync by updating either the CLI or linkerd-viz as necessary. +This warning indicates that the proxies running in the viz extension are running +a different version from the Linkerd CLI. We recommend keeping this versions in +sync by updating either the CLI or linkerd-viz as necessary. ### √ tap API server has valid cert {#l5d-tap-cert-valid} @@ -1641,9 +1701,9 @@ Example failure: see https://linkerd.io/checks/#l5d-webhook-cert-not-expiring-soon for hints ``` -This warning indicates that the expiry of the tap API Server webhook -cert is approaching. In order to address this -problem without incurring downtime, you can follow the process outlined in +This warning indicates that the expiry of the tap API Server webhook cert is +approaching. In order to address this problem without incurring downtime, you +can follow the process outlined in [Automatically Rotating your webhook TLS Credentials](../automatically-rotating-webhook-tls-credentials/). ### √ tap api service is running {#l5d-tap-api} @@ -1720,8 +1780,7 @@ Make sure that the `proxy-injector` is working correctly by running see https://linkerd.io/checks/#l5d-viz-cr-exists for hints ``` -Ensure all the prometheus related resources are present and running -correctly. +Ensure all the prometheus related resources are present and running correctly. ```bash ❯ kubectl -n linkerd-viz get deploy,cm | grep prometheus @@ -1800,7 +1859,7 @@ Prometheus to scrape the data plane proxies in a namespace: linkerd viz allow-scrapes --namespace emojivoto | kubectl apply -f - ``` -Note that this warning *only* checks for the existence of the policy resources +Note that this warning _only_ checks for the existence of the policy resources generated by `linkerd viz allow-scrapes` in namespaces that contain pods with the `deny` default inbound policy. In some cases, Prometheus scrapes may also be authorized by other, user-generated authorization policies. If metrics from the @@ -1834,38 +1893,37 @@ You should see all your pods here. If they are not: ## The "linkerd-jaeger" checks {#l5d-jaeger} -These checks only run when the `linkerd-jaeger` extension is installed. -This check is intended to verify the installation of linkerd-jaeger -extension which comprises of open-census collector and jaeger -components along with `jaeger-injector` which injects the specific -trace configuration to the proxies. +These checks only run when the `linkerd-jaeger` extension is installed. This +check is intended to verify the installation of linkerd-jaeger extension which +comprises of open-census collector and jaeger components along with +`jaeger-injector` which injects the specific trace configuration to the proxies. ### √ linkerd-jaeger extension Namespace exists {#l5d-jaeger-ns-exists} -This is the basic check used to verify if the linkerd-jaeger extension -namespace is installed or not. The extension can be installed by running -the following command +This is the basic check used to verify if the linkerd-jaeger extension namespace +is installed or not. The extension can be installed by running the following +command ```bash linkerd jaeger install | kubectl apply -f - ``` -The installation can be configured by using the -`--set`, `--values`, `--set-string` and `--set-file` flags. -See [Linkerd Jaeger Readme](https://www.github.com/linkerd/linkerd2/tree/main/jaeger/charts/linkerd-jaeger/README.md) +The installation can be configured by using the `--set`, `--values`, +`--set-string` and `--set-file` flags. See +[Linkerd Jaeger Readme](https://www.github.com/linkerd/linkerd2/tree/main/jaeger/charts/linkerd-jaeger/README.md) for a full list of configurable fields. ### √ jaeger extension proxies are healthy {#l5d-jaeger-proxy-healthy} -This error indicates that the proxies running in the jaeger extension are -not healthy. Ensure that linkerd-jaeger has been installed with all of the -correct setting or re-install as necessary. +This error indicates that the proxies running in the jaeger extension are not +healthy. Ensure that linkerd-jaeger has been installed with all of the correct +setting or re-install as necessary. ### √ jaeger extension proxies are up-to-date {#l5d-jaeger-proxy-cp-version} -This warning indicates the proxies running in the jaeger extension are -running an old version. We recommend downloading the latest linkerd-jaeger -and upgrading. +This warning indicates the proxies running in the jaeger extension are running +an old version. We recommend downloading the latest linkerd-jaeger and +upgrading. ### √ jaeger extension proxies and cli versions match {#l5d-jaeger-proxy-cli-version} @@ -1917,10 +1975,10 @@ Make sure that the `proxy-injector` is working correctly by running ## The "linkerd-buoyant" checks {#l5d-buoyant} -These checks only run when the `linkerd-buoyant` extension is installed. -This check is intended to verify the installation of linkerd-buoyant -extension which comprises `linkerd-buoyant` CLI, the `buoyant-cloud-agent` -Deployment, and the `buoyant-cloud-metrics` DaemonSet. +These checks only run when the `linkerd-buoyant` extension is installed. This +check is intended to verify the installation of linkerd-buoyant extension which +comprises `linkerd-buoyant` CLI, the `buoyant-cloud-agent` Deployment, and the +`buoyant-cloud-metrics` DaemonSet. ### √ Linkerd extension command linkerd-buoyant exists diff --git a/linkerd.io/content/2.15/tasks/upgrade.md b/linkerd.io/content/2.15/tasks/upgrade.md index c34c8fe026..336b464456 100644 --- a/linkerd.io/content/2.15/tasks/upgrade.md +++ b/linkerd.io/content/2.15/tasks/upgrade.md @@ -10,18 +10,22 @@ aliases = [ In this guide, we'll walk you through how to perform zero-downtime upgrades for Linkerd. +{{< note >}} +This page contains instructions for the latest edge release of Linkerd. If +you have installed a [stable distribution](/releases/#stable) of Linkerd, the +vendor may have additional guidance on how to upgrade. +{{< /note >}} + Read through this guide carefully. Additionally, before starting a specific upgrade, please read through the version-specific upgrade notices below, which may contain important information about your version. -- [Upgrade notice: stable-2.14.0](#upgrade-notice-stable-2-14-0) -- [Upgrade notice: stable-2.13.0](#upgrade-notice-stable-2-13-0) -- [Upgrade notice: stable-2.12.0](#upgrade-notice-stable-2-12-0) -- [Upgrade notice: stable-2.11.0](#upgrade-notice-stable-2-11-0) -- [Upgrade notice: stable-2.10.0](#upgrade-notice-stable-2-10-0) -- [Upgrade notice: stable-2.9.4](#upgrade-notice-stable-2-9-4) -- [Upgrade notice: stable-2.9.3](#upgrade-notice-stable-2-9-3) -- [Upgrade notice: stable-2.9.0](#upgrade-notice-stable-2-9-0) +- [Upgrade notice: 2.15 and beyond](#upgrade-notice-stable-215-and-beyond) +- [Upgrade notice: stable-2.14.0](#upgrade-notice-stable-2140) +- [Upgrade notice: stable-2.13.0](#upgrade-notice-stable-2130) +- [Upgrade notice: stable-2.12.0](#upgrade-notice-stable-2120) +- [Upgrade notice: stable-2.11.0](#upgrade-notice-stable-2110) +- [Upgrade notice: stable-2.10.0](#upgrade-notice-stable-2100) ## Version numbering @@ -113,7 +117,7 @@ linkerd version --client ## Upgrading the control plane -### With the Linkerd CLI +### Upgrading the control plane with the CLI For users who have installed Linkerd via the CLI, the `linkerd upgrade` command will upgrade the control plane. This command ensures that all of the control @@ -133,7 +137,7 @@ present in the previous version but should not be present in this one. linkerd prune | kubectl delete -f - ``` -### With Helm +### Upgrading the control plane with Helm For Helm control plane installations, please follow the instructions at [Helm upgrade procedure](../install-helm/#helm-upgrade-procedure). @@ -234,6 +238,17 @@ version. ## Upgrade notices +This section contains release-specific information about upgrading. + +### Upgrade notice: stable-2.15 and beyond + +As of February 2024, the Linkerd project is no longer producing open source +stable release artifacts. Please read the [2.15 +announcement](/2024/02/21/announcing-linkerd-2.15/#a-new-model-for-stable-releases) +for details. + +See [the full list of Linkerd releases](/releases/) for ways to get Linkerd. + ### Upgrade notice: stable-2.14.0 For this release, if you're using the multicluster extension, you should re-link @@ -575,9 +590,9 @@ and then invoke those commands through `linkerd viz stat`, linkerd upgrade | kubectl apply --prune -l linkerd.io/control-plane-ns=linkerd -f - # Prune cluster-scoped resources linkerd upgrade | kubectl apply --prune -l linkerd.io/control-plane-ns=linkerd \ - --prune-whitelist=rbac.authorization.k8s.io/v1/clusterrole \ - --prune-whitelist=rbac.authorization.k8s.io/v1/clusterrolebinding \ - --prune-whitelist=apiregistration.k8s.io/v1/apiservice -f - + --prune-allowlist=rbac.authorization.k8s.io/v1/clusterrole \ + --prune-allowlist=rbac.authorization.k8s.io/v1/clusterrolebinding \ + --prune-allowlist=apiregistration.k8s.io/v1/apiservice -f - # Install the Linkerd-Viz extension to restore viz functionality. linkerd viz install | kubectl apply -f - ``` @@ -621,79 +636,3 @@ dropped, moving the config values underneath it into the root scope. Any values you had customized there will need to be migrated; in particular `identityTrustAnchorsPEM` in order to conserve the value you set during install." - -### Upgrade notice: stable-2.9.4 - -See upgrade notes for 2.9.3 below. - -### Upgrade notice: stable-2.9.3 - -#### Linkerd Repair - -Due to a known issue in versions stable-2.9.0, stable-2.9.1, and stable-2.9.2, -users who upgraded to one of those versions with the --prune flag (as described -above) will have deleted the `secret/linkerd-config-overrides` resource which is -necessary for performing any subsequent upgrades. Linkerd stable-2.9.3 includes -a new `linkerd repair` command which restores this deleted resource. If you see -unexpected error messages during upgrade such as "failed to read CA: not -PEM-encoded", please upgrade your CLI to stable-2.9.3 and run: - -```bash -linkerd repair | kubectl apply -f - -``` - -This will restore the `secret/linkerd-config-overrides` resource and allow you -to proceed with upgrading your control plane. - -### Upgrade notice: stable-2.9.0 - -#### Images are now hosted on ghcr.io - -As of this version images are now hosted under `ghcr.io` instead of `gcr.io`. If -you're pulling images into a private repo please make the necessary changes. - -#### Upgrading multicluster environments - -Linkerd 2.9 changes the way that some of the multicluster components work and -are installed compared to Linkerd 2.8.x. Users installing the multicluster -components for the first time with Linkerd 2.9 can ignore these instructions and -instead refer directly to the [installing -multicluster instructions](../installing-multicluster/). - -Users who installed the multicluster component in Linkerd 2.8.x and wish to -upgrade to Linkerd 2.9 should follow the [upgrade multicluster -instructions](/2.11/tasks/upgrade-multicluster/). - -#### Ingress behavior changes - -In previous versions when you injected your ingress controller (Nginx, Traefik, -Ambassador, etc), then the ingress' balancing/routing choices would be -overridden with Linkerd's (using service profiles, traffic splits, etc.). - -As of 2.9 the ingress's choices are honored instead, which allows preserving -things like session-stickiness. Note however that this means per-route metrics -are not collected, traffic splits will not be honored and retries/timeouts are -not applied. - -If you want to revert to the previous behavior, inject the proxy into the -ingress controller using the annotation `linkerd.io/inject: ingress`, as -explained in [using ingress](../using-ingress/) - -#### Breaking changes in Helm charts - -Some entries like `controllerLogLevel` and all the Prometheus config have -changed their position in the settings hierarchy. To get a precise view of what -has changed you can compare the -[stable-2.8.1](https://github.com/linkerd/linkerd2/blob/stable-2.8.1/charts/linkerd2/values.yaml) -and -[stable-2.9.0](https://github.com/linkerd/linkerd2/blob/stable-2.9.0/charts/linkerd2/values.yaml) -`values.yaml` files. - -#### Post-upgrade cleanup - -In order to better support cert-manager, the secrets -`linkerd-proxy-injector-tls`, `linkerd-sp-validator-tls` and `linkerd-tap-tls` -have been replaced by the secrets `linkerd-proxy-injector-k8s-tls`, -`linkerd-sp-validator-k8s-tls` and `linkerd-tap-k8s-tls` respectively. If you -upgraded through the CLI, please delete the old ones (if you upgraded through -Helm the cleanup was automated). diff --git a/linkerd.io/content/_index.md b/linkerd.io/content/_index.md index ad5b55085e..94453b079f 100644 --- a/linkerd.io/content/_index.md +++ b/linkerd.io/content/_index.md @@ -5,8 +5,6 @@ description: Linkerd adds critical security, observability, and reliability to y Kubernetes stack, without any code changes. keywords: - cloud native applications -outputs: -- html top_hero: title: The world's most advanced service mesh description: Enterprise power *without* enterprise complexity. Linkerd adds diff --git a/linkerd.io/content/blog/2024/0425-edge-release-roundup.md b/linkerd.io/content/blog/2024/0425-edge-release-roundup.md new file mode 100644 index 0000000000..90c4f056ef --- /dev/null +++ b/linkerd.io/content/blog/2024/0425-edge-release-roundup.md @@ -0,0 +1,188 @@ +--- +author: 'flynn' +date: 2024-04-25T00:00:00Z +title: |- + Linkerd Edge Release Roundup: April 2024 +url: + /2024/04/25/linkerd-edge-release-roundup/ +thumbnail: '/uploads/2023/06/roundup-clocks-square.png' +featuredImage: '/uploads/2023/06/roundup-clocks-rect.png' +tags: [Linkerd, linkerd, edge, release, roundup] +featured: false +--- + +{{< fig + alt="April 2024 Linkerd Edge Release Roundup" + src="/uploads/2023/06/roundup-clocks-rect.png" >}} + +Welcome to the April 2024 Edge Release Roundup post, where we dive into the +most recent edge releases to help keep everyone up to date on the latest and +greatest! This month, we're covering the releases from `edge-24.4.5` back to +`edge-24.3.3` -- there's a lot here so we'll get right into it. + +## How to give feedback + +Remember, edge releases are a snapshot of our current development work on +`main`; by definition, they always have the most recent features but they may +have incomplete features, features that end up getting rolled back later, or +(gasp!) even bugs. If you're running edge releases, it's _very_ important that +you send us feedback on how things are going for you! + +We would be delighted to hear how these releases work out for you! You can +open [a GitHub issue](https://github.com/linkerd/linkerd2/issues/) or +[discussion](https://github.com/linkerd/linkerd2/discussions/), join us on +[Slack](https://slack.linkerd.io), or visit the [Buoyant Linkerd +Forum](https://linkerd.buoyant.io) -- all are great ways to reach us. + +## Community contributions + +We couldn't do what we do without the Linkerd community, and this batch of +releases is definitely no exception. Huge thanks to [Adarsh Jaiswal], [Akshay +Dongaonkar], [Cemal Y. Dalar], [Firas Medini], [Grigoriy Mikhalkin], +[hanghuge], [Heiko Voigt], [Ilia Lazebnik], [Hirotaka Tagawa], and +[occupyhabit] for their contributions! You'll find more information about all +of these contributions in the release-by-release details below. + +[hanghuge]: https://github.com/hanghuge +[Grigoriy Mikhalkin]: https://github.com/GrigoriyMikhalkin +[occupyhabit]: https://github.com/occupyhabit +[Firas Medini]: https://github.com/mdnfiras +[Adarsh jaiswal]: https://github.com/Adarsh-jaiss +[Hirotaka Tagawa]: https://github.com/wafuwafu13 +[Cemal Y. Dalar]: https://github.com/cdalar +[Ilia Lazebnik]: https://github.com/DrFaust92 +[Akshay Dongaonkar]: https://github.com/doubletooth +[Heiko Voigt]: https://github.com/hvoigt + +## Breaking changes and recommendations + +There are no breaking changes in these releases. However, we have two specific +recommendations: + +- We recommend `edge-24.4.4` instead of `edge-24.4.3` due to a metrics-naming + regression in `edge-24.4.3`. +- We recommend `edge-24.3.4` instead of `edge-24.3.3` since `edge-24.3.4` + contains an important fix for Gateway API users. + +## The releases + +Recent edge releases have been mostly focused on upcoming IPv6 support and +some significant bugfixes. Of course, each edge release has _many_ dependency +updates; we won't list them all here, but you can find them in the release +notes for each release. + +_(Last Roundup we did these in chronological order, but we're switching this +time to reverse chronological order, starting with the most recent.)_ + +### [`edge-24.4.5`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.5) (April 25, 2024) + +This edge release fixes support for native sidecars in the Linkerd CNI plugin, +continues work on upcoming IPv6 support, and allows setting +`revisionHistoryLimit` when installing with Helm to specify how many +ReplicaSets to keep around for rollback purposes (thanks, [Ilia Lazebnik]!) + +It also allows setting certain HTTP/2 server parameters using environment +variables in the proxy container (see [proxy PR 2924] if you think you need +this!). + +[proxy PR 2924]: https://github.com/linkerd/linkerd2-proxy/pull/2924 + +### [`edge-24.4.4`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.4) (April 18, 2024) + +This edge release fixes a metrics naming regression introduced in the previous +release, restoring the `outbound_http_...` metrics to their correct names +instead of duplicating `http`. + +### [`edge-24.4.3`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.3) (April 18, 2024) + +_We recommend `edge-24.4.4` instead of this release due to a metrics-naming regression in `edge-24.4.3`._ + +This edge release fixes the second of two issues where where +`policy.linkerd.io` HTTPRoutes could be endlessly patched even when they +weren't changing ([issue 12310]). + +[issue 12310]: https://github.com/linkerd/linkerd2/issues/12310 + +### [`edge-24.4.2`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.2) (April 11, 2024) + +This edge release fixes an issue where the service mirror controller would +panic if it encountered an error listing mirror services while fixing its list +of endpoints, and continues work on upcoming IPv6 support. It also allows +correctly setting policy controller resources via Helm, instead of just +defaulting them to the same as the destination controller (thanks, [Grigoriy +Mikhalkin]!), allows relabeling metrics to customize how high-cardinality +metrics get handled (thanks, [Heiko Voigt]!), and does a little cleanup of +documentation in the code (thanks, [hanghuge]!). Finally, it adds a new +`linkerd diagnostics profile` command which gives low-level visibility into +which ServiceProfile is attached to a given address. + +### [`edge-24.4.1`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.4.1) (April 4, 2024) + +This edge release continues work on upcoming IPv6 support. + +### [`edge-24.3.5`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.3.5) (March 28, 2024) + +This edge release adds metrics to the queue of HTTPRoute status updates and +makes the ExternalWorkload resource's status as a subresource, as it always +should have been. It also corrects the scope of the proxy-injector, +tap-injector, and jaeger-injector mutating webhook rules to Namespaced (thanks +[Firas Medini]!), and cleans up some documentation in the code (thanks +[occupyhabit]!). + +### [`edge-24.3.4`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.3.4) (March 22, 2024) + +This edge release fixes the first of two issues where `policy.linkerd.io` +HTTPRoutes could be endlessly patched even when they weren't changing ([issue +12104]), and another where the destination controller could generate large +numbers of unnecessary endpoint updates when a Server changed. It also adds +default values to generated docs for the `proxy-*-connect-timeout` annotations +(thanks [Akshay Dongaonkar]!), fixes excessive logging in the injector webhook +([issue 12186], thanks [Adarsh Jaiswal]!), and cleans up an unneeded error +message from the destination controller (thanks [Hirotaka Tagawa]!). + +Finally, this edge release fixes an issue that could mistakenly turn off local +traffic policy when an endpoint is removed ([issue 12311]), adds a timeout to +HTTPRoute status patches, continues work on upcoming IPv6 support, and stops +unnecessarily checking about injecting the `kube-system` namespace when +running in HA mode. + +[issue 12186]: https://github.com/linkerd/linkerd2/issues/12186 +[issue 12104]: https://github.com/linkerd/linkerd2/issues/12104 +[issue 12311]: https://github.com/linkerd/linkerd2/issues/12311 + +### [`edge-24.3.3`](https://github.com/linkerd/linkerd2/releases/tag/edge-24.3.3) (March 14, 2024) + +_We recommend `edge-24.3.4` instead of this release since `edge-24.3.4` +contains an important fix._ + +This edge release allows configuring the pod disruption budget via Helm +([issue 11321], thanks [Cemal Y. Dalar]!). + +[issue 11321]: https://github.com/linkerd/linkerd2/issues/11321 + +## Installing the latest edge release + +Installing the latest edge release needs just a single command. + +```bash +curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install-edge | sh +``` + +You can also [install edge releases with Helm](https://linkerd.io/2.15/tasks/install-helm/). + +## Linkerd is for everyone + +Linkerd is a graduated project of the [Cloud Native Computing +Foundation](https://cncf.io/). Linkerd is [committed to open +governance.](/2019/10/03/linkerds-commitment-to-open-governance/) If you have +feature requests, questions, or comments, we'd love to have you join our +rapidly-growing community! Linkerd is hosted on +[GitHub](https://github.com/linkerd/), and we have a thriving community on +[Slack](https://slack.linkerd.io/), [Twitter](https://twitter.com/linkerd), and +in [mailing lists](/community/get-involved/). Come and join the fun! + +---- + +_Linkerd generally does new edge releases weekly; watch this space to keep +up-to-date. Feedback on this blog series is welcome! Just ping `@flynn` on the +[Linkerd Slack](https://slack.linkerd.io)._ diff --git a/linkerd.io/content/blog/2024/0524-backstage-and-linkerd.md b/linkerd.io/content/blog/2024/0524-backstage-and-linkerd.md new file mode 100644 index 0000000000..6570a9ef39 --- /dev/null +++ b/linkerd.io/content/blog/2024/0524-backstage-and-linkerd.md @@ -0,0 +1,22 @@ +--- +author: 'catherine' +date: 2024-05-23T00:00:00Z +title: Building a Secure, Reliable, Observable IDP with Backstage & Linkerd +tags: + - Backstage + - Video +description: This CNCF Cloud Native Live session explores building a rock-solid Internal Developer Platform (IDP) Backstage that empowers developers with self-service tools while streamlining security and observability. +keywords: [Backstage, Video] +thumbnail: '/uploads/2024/05/cnl-backstage-linkerd-thumbnail.png' +featuredImage: '/uploads/2024/05/cnl-backstage-linkerd-screenshot.png' +--- +Smooth workflows are critical in the cloud-native world. This CNCF Cloud +Native Live session explores building a rock-solid Internal Developer +Platform (IDP) Backstage that empowers developers with self-service tools +while streamlining security and observability. Watch the recording with +Linkerd Tech Evangelist Flynn and Backstage Maintainer Ben Lambert as +they show you how a service mesh like Linkerd can supercharge your IDP, +ensuring seamless communication and clear visibility. + + + diff --git a/linkerd.io/content/design-principles/_index.md b/linkerd.io/content/design-principles/_index.md index dbaf615c83..49ce8a8eb4 100644 --- a/linkerd.io/content/design-principles/_index.md +++ b/linkerd.io/content/design-principles/_index.md @@ -3,8 +3,8 @@ title = "Design Principles" weight = 19 +++ -Linkerd is built for you, the operator, SRE, architect, and platform owner. -It's designed to give you power over your own fate: to provide fundamental +Linkerd is built for you, the operator, SRE, architect, and platform owner. It's +designed to give you power over your own fate: to provide fundamental visibility, reliability, and security capabilities at the platform level. The goal of Linkerd is to give you these powers in a way that's uniform across all code running in the entire compute environment, and totally independent of @@ -14,47 +14,45 @@ Since Linkerd is built for operators, this also means that Linkerd has do all that while also imposing the absolute minimum operational complexity. To do this, we've designed Linkerd with three core principles in mind: -1. **Keep it simple**. Linkerd should be operationally simple with low -cognitive overhead. Operators should find its components clear and its behavior -understandable and predictable, with a minimum of magic. +1. **Keep it simple**. Linkerd should be operationally simple with low cognitive + overhead. Operators should find its components clear and its behavior + understandable and predictable, with a minimum of magic. 2. **Minimize resource requirements**. Linkerd should impose as minimal a -performance and resource cost as possible--especially at the data plane layer. + performance and resource cost as possible--especially at the data plane + layer. 3. **Just work**. Linkerd should not break existing applications, nor should it -require complex configuration to get started or to do something simple. + require complex configuration to get started or to do something simple. The first principle is the most important: _keep it simple_. Simplicity doesn't -mean that Linkerd can't have powerful features, or that it has to have -one-click wizards take care of everything for you. In fact, it means the -opposite: every aspect of Linkerd's behavior should be explicit, clear, -well-defined, bounded, understandable, and introspectable. For example, -Linkerd's [control plane](/{{% latest-linkerd2-stable-version -%}}/reference/architecture/#control-plane) is split into several operational -components based on their functional boundaries ("web”, "api”, etc.) These -components aren't just exposed directly to you in the Linkerd dashboard and CLI, -they run on the same data plane as your application does, allowing you to use -the same tooling to inspect their behavior. +mean that Linkerd can't have powerful features, or that it has to have one-click +wizards take care of everything for you. In fact, it means the opposite: every +aspect of Linkerd's behavior should be explicit, clear, well-defined, bounded, +understandable, and introspectable. For example, Linkerd's +[control plane](/2/reference/architecture/#control-plane) is split into several +operational components based on their functional boundaries ("web”, "api”, etc.) +These components aren't just exposed directly to you in the Linkerd dashboard +and CLI, they run on the same data plane as your application does, allowing you +to use the same tooling to inspect their behavior. _Minimize resource requirements_ means that Linkerd, and especially Linkerd's -[data plane proxies](/{{% latest-linkerd2-stable-version -%}}/reference/architecture/#data-plane), should consume the smallest amount of -memory and CPU possible. On the control plane side, we've taken care to ensure -that components scale gracefully in the presence of traffic. On the data plane -side, we've build Linkerd's proxy (called simply "linkerd-proxy”) for -performance, safety, and low resource consumption. Today, a single linkerd-proxy -instance can proxy many thousands of requests per second in under 10mb of memory -and a quarter of a core, all with a p99 tail latency of under 1ms. In the -future, we can probably improve even that! +[data plane proxies](/2/reference/architecture/#data-plane), should consume the +smallest amount of memory and CPU possible. On the control plane side, we've +taken care to ensure that components scale gracefully in the presence of +traffic. On the data plane side, we've build Linkerd's proxy (called simply +"linkerd-proxy”) for performance, safety, and low resource consumption. Today, a +single linkerd-proxy instance can proxy many thousands of requests per second in +under 10mb of memory and a quarter of a core, all with a p99 tail latency of +under 1ms. In the future, we can probably improve even that! Finally, _just work_ means that adding Linkerd to a functioning Kubernetes application shouldn't break anything, and shouldn't even require configuration. (Of course, configuration will be necessary to customize Linkerd's behavior--but it shouldn't be necessary simply to get things working.) To do this, we've -invested heavily in things like [automatic L7 protocol detection](/{{% -latest-linkerd2-stable-version %}}/features/protocol-detection/), and [automatic -re-routing of TCP traffic within a pod](/{{% latest-linkerd2-stable-version -%}}/features/proxy-injection/). +invested heavily in things like +[automatic L7 protocol detection](/2/features/protocol-detection/), and +[automatic re-routing of TCP traffic within a pod](/2/features/proxy-injection/). Together, these three principles give us a framework for weighing product and engineering tradeoffs in Linkerd. We hope they're also useful for understanding diff --git a/linkerd.io/content/going-to-production/_index.md b/linkerd.io/content/going-to-production/_index.md index 5476e729bb..561e3092a3 100644 --- a/linkerd.io/content/going-to-production/_index.md +++ b/linkerd.io/content/going-to-production/_index.md @@ -3,9 +3,9 @@ title = "Going to Production" weight = 20 +++ -The Linkerd project itself doesn't provide a formal guide for deploying Linkerd to -a production environment. Below are some external resources that might prove +The Linkerd project itself doesn't provide a formal guide for deploying Linkerd +to a production environment. Below are some external resources that might prove helpful: -- [Buoyant's Linkerd Production Runbook](https://docs.buoyant.io/runbook/), +- [Buoyant's production-grade installation](https://docs.buoyant.io/buoyant-enterprise-linkerd/latest/installation/production/), from the creators of Linkerd. diff --git a/linkerd.io/content/releases/_index.md b/linkerd.io/content/releases/_index.md index 97b4db01b3..d88cf58b3d 100644 --- a/linkerd.io/content/releases/_index.md +++ b/linkerd.io/content/releases/_index.md @@ -4,59 +4,51 @@ aliases = [ "edge" ] weight = 18 +++ -Linkerd is developed in the [Linkerd GitHub -repository](https://github.com/linkerd/linkerd2). Releases and packages of -Linkerd are available in several different forms. +Releases of Linkerd are available in several different forms. -## Edge (latest version: {{% latestedge %}}) +## Stable releases -All Linkerd development happens "on main": all changes, whether in support of -upcoming new features, refactors, bug fixes, or something else, land on the main -branch where they are merged together. +Stable release artifacts of Linkerd follow semantic versioning, whereby changes +in major version denote large feature additions and possible breaking changes +and changes in minor versions denote safe upgrades without breaking changes. -Edge releases contain the latest code in from the main branch at the point in -time when they were cut. This means they have the latest features and fixes, but -it also means they don't have stability guarantees. Upgrading between edge -releases may involve breaking changes, and may involve partial features that are -later modified or backed out. +As of February 2024, Linkerd no longer provides stable release artifacts in the +open source project itself. Instead, the vendor community around Linkerd is +responsible for creating stable release artifacts. Known distributions of +Linkerd with stable release artifacts include: -**Note:** Edge releases may introduce breaking changes. +- [Buoyant Enterprise for Linkerd](https://docs.buoyant.io/buoyant-enterprise-linkerd) + from Buoyant, creators of Linkerd. + Latest version: **enterprise-2.15.2** + [[release notes](https://docs.buoyant.io/release-notes/buoyant-enterprise-linkerd/enterprise-2.15.2/)]. - -Edge releases follow a version numbering scheme of the form `..`. For example, `edge-24.1.2` is the -second edge release of January 2024. - +## Edge releases -To install the latest edge release via the CLI, you can run: +Edge release artifacts are published on a weekly or near-weekly basis as part of +the open source project. The full list of edge release artifacts can be found on +[the Linkerd GitHub releases +page](https://github.com/linkerd/linkerd2/releases). -```bash -curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install-edge | sh -``` +Edge release artifacts contain the code in from the _main_ branch at the point +in time when they were cut. This means they always have the latest features and +fixes, and have undergone automated testing as well as maintianer code review. +Edge releases may involve partial features that are later modified or backed +out. They may also involve breaking changes—of course, we do our best to avoid +this. -The full list of edge releases can be found on -[GitHub](https://github.com/linkerd/linkerd2/releases). +Edge release versioning follows the form `edge-y.m.n`, where `y` is the last two +digits of the year, `m` is the numeric month, and `n` is numeric edge release +count for that month. For example: -## Stable +- `edge-23.9.1`: the first edge release shipped in September 2023 +- `edge-24.1.3`: the third edge release shipped in January 2024 -As of Linkerd 2.15.0, the open source project no longer publishes stable -releases. Instead, the vendor community around Linkerd is responsible for -supported, stable releases. +Using edge release artifacts and reporting bugs helps us ensure a rapid pace of +development and is a great way to help Linkerd. We publish edge release guidance +as part of the release notes and strive to always provide production-ready +artifacts. -Known stable distributions of Linkerd include: + -* [Buoyant Enterprise for - Linkerd](https://docs.buoyant.io/buoyant-enterprise-linkerd) from Buoyant, - creators of Linkerd. - -## Helm Chart Version Matrix - -The following version matrices include only the latest versions of the stable -releases along with corresponding app and Helm versions for Linkerd and -extensions. Use these to guide you to the right Helm chart version or to -automate workflows you might have. - -* [YAML matrix](./release_matrix.yaml) -* [JSON matrix](./release_matrix.json) - -{{< release-data-table />}} +Latest version: **{{% latestedge %}}** [[release +notes](https://github.com/linkerd/linkerd2/releases/tag/{{% latestedge %}})]. diff --git a/linkerd.io/content/what-is-a-service-mesh/_index.md b/linkerd.io/content/what-is-a-service-mesh/_index.md index dce37fdd4e..519bbb6bf9 100644 --- a/linkerd.io/content/what-is-a-service-mesh/_index.md +++ b/linkerd.io/content/what-is-a-service-mesh/_index.md @@ -1,5 +1,6 @@ --- title: What is a service mesh? +description: A service mesh adds security, reliability, and observability features to cloud native apps by transparently inserting this functionality at the platform layer. enableFAQSchema: true aliases: - priority = 1.0 @@ -31,11 +32,11 @@ faqs: present but taken for granted and not actually given too much attention. --- -tl;dr: A service mesh like Linkerd is a tool for adding observability, -security, and reliability features to "cloud native" applications by -transparently inserting this functionality at the platform layer rather than -the application layer. The service mesh is rapidly becoming a standard part of -the cloud native stack, especially for Kubernetes adopters. +A service mesh like Linkerd is a tool for adding security, reliability, and +observability features to cloud native applications by transparently inserting +this functionality at the platform layer rather than the application layer. +The service mesh is rapidly becoming a standard part of the cloud native +stack, especially for Kubernetes adopters. Over the past few years, the service mesh has risen from relative obscurity to become a standard component of the cloud native stack. Linkerd ("linker-dee"), diff --git a/linkerd.io/hugo.toml b/linkerd.io/hugo.toml index 5e1c81dc7e..1af1ad3468 100644 --- a/linkerd.io/hugo.toml +++ b/linkerd.io/hugo.toml @@ -2,7 +2,6 @@ ignoreErrors = ["error-remote-getjson"] paginate = 10 baseurl = "https://linkerd.io/" disableKinds = ["taxonomy", "term"] -enableRobotsTXT = true languageCode = "en-US" sectionPagesMenu = "main" theme = "buoyant" @@ -85,14 +84,18 @@ title = "Linkerd" identifier = "join-forum" name = "Join Forum" url = "https://linkerd.buoyant.io" -[outputFormats.REDIRECTS] - baseName = "_redirects" - mediaType = "text/netlify" -[outputFormats.RSS] - mediatype = "application/RSS" - baseName = "feed" +[outputFormats] + [outputFormats.REDIRECTS] + baseName = "_redirects" + mediaType = "text/netlify" + [outputFormats.RSS] + mediaType = "application/rss+xml" + baseName = "feed" + [outputFormats.SearchIndex] + mediaType = "application/json" + baseName = "search" [outputs] - home = ["HTML", "RSS", "REDIRECTS"] + home = ["HTML", "SearchIndex"] section = ["HTML", "RSS", "JSON"] [params] description = "Linkerd is an ultralight service mesh for Kubernetes. It gives you observability, reliability, and security without requiring any code changes." diff --git a/linkerd.io/layouts/_default/baseof.html b/linkerd.io/layouts/_default/baseof.html index 228c982bc1..dcff08fcb9 100644 --- a/linkerd.io/layouts/_default/baseof.html +++ b/linkerd.io/layouts/_default/baseof.html @@ -8,7 +8,7 @@ - {{ if not .Site.IsServer }} + {{ if not hugo.IsServer }} diff --git a/linkerd.io/layouts/index.searchindex.json b/linkerd.io/layouts/index.searchindex.json new file mode 100644 index 0000000000..6c30b1df9b --- /dev/null +++ b/linkerd.io/layouts/index.searchindex.json @@ -0,0 +1,18 @@ +{{- $pages := where site.Pages "Section" "eq" "2.15" -}} +[ + {{- range $index, $page := $pages -}} + {{- if gt $index 0 -}} , {{- end -}} + {{- $ancestors := slice "linkerd.io" -}} + {{- range .Ancestors.Reverse -}} + {{- if .IsHome }}{{ continue }}{{ end -}} + {{- $ancestors = $ancestors | append .Title -}} + {{- end -}} + {{- $entry := dict "uri" $page.Permalink -}} + {{- $entry = merge $entry (dict "title" $page.Title) -}} + {{- $entry = merge $entry (dict "ancestors" $ancestors) -}} + {{- $entry = merge $entry (dict "content" ($page.Plain | htmlUnescape | truncate 3000)) -}} + {{- $entry = merge $entry (dict "description" $page.Description) -}} + {{- $entry = merge $entry (dict "keywords" $page.Keywords) -}} + {{- $entry | jsonify -}} + {{- end -}} +] diff --git a/linkerd.io/layouts/partials/admonition.html b/linkerd.io/layouts/partials/admonition.html index c207d5913c..0f68e51ce7 100644 --- a/linkerd.io/layouts/partials/admonition.html +++ b/linkerd.io/layouts/partials/admonition.html @@ -4,10 +4,11 @@ {{end}} role="alert">
-

+ {{ if .title }} +

 {{ .title }}

- + {{ end }} {{ .content | markdownify }}
\ No newline at end of file diff --git a/linkerd.io/layouts/partials/css.html b/linkerd.io/layouts/partials/css.html index f7d8f77545..e082df2146 100644 --- a/linkerd.io/layouts/partials/css.html +++ b/linkerd.io/layouts/partials/css.html @@ -1,4 +1,4 @@ -{{ $inServerMode := site.IsServer }} +{{ $inServerMode := hugo.IsServer }} {{ $useMaterial := .Page.Params.use_material }} {{ if $useMaterial }} diff --git a/linkerd.io/layouts/partials/header.html b/linkerd.io/layouts/partials/header.html index f1a91dc849..b7c644a516 100644 --- a/linkerd.io/layouts/partials/header.html +++ b/linkerd.io/layouts/partials/header.html @@ -14,3 +14,8 @@ {{ $js := resources.Get "js/navbar.js" | resources.Minify | resources.Fingerprint }} + +
+ + +
diff --git a/linkerd.io/layouts/partials/javascript.html b/linkerd.io/layouts/partials/javascript.html index 73b4c75a37..7778aed7da 100644 --- a/linkerd.io/layouts/partials/javascript.html +++ b/linkerd.io/layouts/partials/javascript.html @@ -35,4 +35,7 @@ {{ $headingsLinkJs := resources.Get "js/docs-heading-link.js"}} +{{ $linkedinJs := resources.Get "js/follow-linkedin.js" }} + + \ No newline at end of file diff --git a/linkerd.io/layouts/partials/meta.html b/linkerd.io/layouts/partials/meta.html index 33d1df912c..f8e883ce2f 100644 --- a/linkerd.io/layouts/partials/meta.html +++ b/linkerd.io/layouts/partials/meta.html @@ -13,7 +13,9 @@ -{{ if .Params.thumbnail }} +{{ if .Params.featuredImage }} + +{{ else if .Params.thumbnail }} {{ else }} diff --git a/linkerd.io/layouts/shortcodes/latest-linkerd2-stable-version.html b/linkerd.io/layouts/shortcodes/latest-linkerd2-stable-version.html index 5aaecbbe97..e1d322367b 100644 --- a/linkerd.io/layouts/shortcodes/latest-linkerd2-stable-version.html +++ b/linkerd.io/layouts/shortcodes/latest-linkerd2-stable-version.html @@ -1 +1,2 @@ +{{/* this shortcode is no longer in use... please don't reintroduce it */}} {{ site.Params.latest_linkerd2_stable_version -}} diff --git a/linkerd.io/layouts/shortcodes/latestversion.html b/linkerd.io/layouts/shortcodes/latestversion.html index af795a7175..90682ae50c 100644 --- a/linkerd.io/layouts/shortcodes/latestversion.html +++ b/linkerd.io/layouts/shortcodes/latestversion.html @@ -1 +1,2 @@ +{{/* this shortcode is deprecated and only used in pre-2.15 docs. */}} {{ if eq .Page.Section "1" }}{{ site.Params.latest_release_version }}{{ else }}L5D2_STABLE_VERSION{{ end }}{{- "" -}} diff --git a/linkerd.io/layouts/shortcodes/release-data-table.html b/linkerd.io/layouts/shortcodes/release-data-table.html index 5c83adee91..5d0b7d7e83 100644 --- a/linkerd.io/layouts/shortcodes/release-data-table.html +++ b/linkerd.io/layouts/shortcodes/release-data-table.html @@ -5,17 +5,17 @@ table{ border-collapse:collapse; - border:1px solid #000000; + border:1px solid #DBDBDB; } th, td { padding: 5px; } table td{ - border:1px solid #000000; + border:1px solid #DBDBDB; } table th{ - border:1px solid #000000; + border:1px solid #DBDBDB; } @@ -23,6 +23,7 @@ + @@ -40,17 +41,14 @@ {{ range $chart_name, $chart_data := $charts }} - - - - - + + + {{ end }}
Release Name
{{ $chart_name }} {{ $chart_data.chart_version }} {{ $release_version }} {{ $chart_name }}{{ $chart_data.chart_version }}{{ $release_version }}
- {{ end }} diff --git a/linkerd.io/layouts/shortcodes/releases.html b/linkerd.io/layouts/shortcodes/releases.html new file mode 100644 index 0000000000..2fc4ff420c --- /dev/null +++ b/linkerd.io/layouts/shortcodes/releases.html @@ -0,0 +1,2 @@ +{{ $content := "This page contains instructions using the latest edge release of Linkerd. For other types of releases, including stable releases, please see [Linkerd Releases](/releases/)." | markdownify -}} +{{ partial "admonition.html" (dict "type" "info" "icon" "info-circle" "id" (.Get "id") "title" "Edge release content" "content" $content) }} diff --git a/linkerd.io/static/robots.txt b/linkerd.io/static/robots.txt new file mode 100644 index 0000000000..3d06dbba08 --- /dev/null +++ b/linkerd.io/static/robots.txt @@ -0,0 +1,4 @@ +User-agent: * + +Disallow: https://slack.linkerd.io/ +Disallow: /search.json diff --git a/linkerd.io/static/uploads/2024/05/cnl-backstage-linkerd-screenshot.png b/linkerd.io/static/uploads/2024/05/cnl-backstage-linkerd-screenshot.png new file mode 100644 index 0000000000..4433f57575 Binary files /dev/null and b/linkerd.io/static/uploads/2024/05/cnl-backstage-linkerd-screenshot.png differ diff --git a/linkerd.io/static/uploads/2024/05/cnl-backstage-linkerd-thumbnail.png b/linkerd.io/static/uploads/2024/05/cnl-backstage-linkerd-thumbnail.png new file mode 100644 index 0000000000..91f7941e5a Binary files /dev/null and b/linkerd.io/static/uploads/2024/05/cnl-backstage-linkerd-thumbnail.png differ diff --git a/linkerd.io/themes/buoyant/layouts/_default/baseof.html b/linkerd.io/themes/buoyant/layouts/_default/baseof.html index ec05cb19a5..de65308302 100644 --- a/linkerd.io/themes/buoyant/layouts/_default/baseof.html +++ b/linkerd.io/themes/buoyant/layouts/_default/baseof.html @@ -8,7 +8,7 @@ - {{ if not .Site.IsServer }} + {{ if not hugo.IsServer }} diff --git a/linkerd.io/themes/buoyant/layouts/partials/head.html b/linkerd.io/themes/buoyant/layouts/partials/head.html index 167c643651..c6e988cf34 100644 --- a/linkerd.io/themes/buoyant/layouts/partials/head.html +++ b/linkerd.io/themes/buoyant/layouts/partials/head.html @@ -21,7 +21,7 @@ -{{ if not .Site.IsServer }} +{{ if not hugo.IsServer }}