@dadjeibaah dadjeibaah released this Oct 25, 2018 · 8 commits to master since this release

Assets 5

Linkerd 1.5.1 adds a new io.l5d.consul.interpreter that allows Linkerd to read dtabs directly from
a Consul KV store agent instead of using Namerd. In addition, this release fixes an issue in
the HTTP/2 router where Linkerd would get stuck handling connections in certain cases.

This release features contributions from OfferUp, Planet Labs and Buoyant with a special shoutout
to Leo Liang and Chris Taylor for their work on fixing a bug in the DNS SRV namer.

Full release notes:

  • HTTP/2
    • Fixes an HTTP/2 issue that causes Linkerd to stop processing incoming frames on an HTTP/2
      connection after Linkerd sends a RST_STREAM frame to its remote peer. This was causing gRPC
      clients to experience timeout errors intermittently because connections between Linkerd and its
      remote peers weren't being closed properly.
    • Sets the maxConcurrentStreamsPerConnection config value for the h2 router to 1000 by default
      to prevent Linkerd from running out of memory when HTTP/2 clients leak connection streams.
  • Consul
    • Adds a request timeout to io.l5d.consul namer HTTP polling requests to prevent an issue where
      the namer holds on to stale service discovery information.
    • Adds a new io.l5d.consul.interpreter that allows Linkerd to read dtabs directly from a Consul
      KV store.
  • DNS SRV
    • Fixes an issue where the io.l5d.dnssrv namer would get into a bad state and fail to resolve
      service names.
  • Adds support for configuring JVM GC logging in Linkerd and Namerd by default.
  • Fixes a memory leak issue caused by Finagle's BalancerRegistry failing to properly remove
    Balancer objects.

@adleong adleong released this Oct 2, 2018 · 20 commits to master since this release

Assets 5

Linkerd 1.5.0 adds the long awaited ability to make Linkerd config changes with
zero downtime! 🤯 This release adds the socketOptions.reusePort config property which allows
multiple processes to bind to the same port. In this way, you can start a new Linkerd process
and wait for it to start serving requests before gracefully shutting down the old Linkerd process.
Note that this feature is only available on Linux 3.9 distributions and newer.

This release features contributions from Applause, ThreeComma,
GuteFrage GmbH, and Buoyant. An extra special thank you to
Zack Angelo for laying the groundwork in Finagle for the reusePort
feature!

Full release notes:

  • Breaking Change: The threshold and windowSize options have been removed from the failureThreshold config in the Namerd interpreter. These options were of limited value and are no longer supported by Finagle.
  • Socket Options:
    • Certain socket options may now be set on Linkerd servers by adding a socketOptions config in a server config.
    • Add support for the SO_REUSEPORT socket option. This allows multiple processes to bind to the same port and is a great way to do zero downtime Linkerd deploys.
  • Istio features are now marked as deprecated.
  • Marathon:
    • Ensure traffic is not sent to Marathon services during their health-check grace period.
  • Use AsyncAppender for console logging so that logging does not impact Linkerd performance.
  • Upgrade to Finagle 18.9.1

@dadjeibaah dadjeibaah released this Aug 13, 2018 · 29 commits to master since this release

Assets 5

Linkerd 1.4.6 adds even more watch state endpoints to Linkerd's debugging arsenal, allowing you to
inspect the state of Linkerd’s watches easily. This release adds watch state endpoints for the
Kubernetes ConfigMap interpreter as well as the Marathon and filesystem namers.

Full release notes:

  • HTTP/1.1 and HTTP/2
    • Allow HTTP/1.1 and HTTP/2 POST requests to be retryable.
    • Fix an issue where the x-forwarded-client-cert header was not always cleared on incoming requests.
  • Add TLS support for the io.l5d.etcd namer client.
  • Admin
    • Add new io.l5d.marathon, io.l5d.fs, and io.l5d.k8s.configMap watch state endpoints to allow diagnosis of Linkerd’s various watches.
  • Distributed Tracing
    • Add a new io.l5d.zipkin trace propagation plugin that writes Zipkin B3 trace headers to outgoing requests. Previously, Zipkin trace headers were ignored by Linkerd in order for Linkerd to not interfere with other tracing systems like Zipkin.
  • Namerd
    • Add an experimental io.l5d.destination interface which implements the Linkerd destination API.

@adleong adleong released this Jul 13, 2018 · 41 commits to master since this release

Assets 5

Linkerd 1.4.5 contains some minor bugfixes and introduces two much-requested features. First, it is
now possible to selectively disable Linkerd's admin endpoints, e.g., keep the UI functional but to
disable the shutdown endpoint. A huge thanks to Robert Panzer for all his hard work on this.

Second, we've added experimental support for the OpenJ9 JVM.
Preliminary tests with OpenJ9 exhibit a 3x reduction in startup time, a 40% reduction in memory
footprint, and a 3x reduction in p99 latency. You can find a Linkerd+OpenJ9 Docker image at
buoyantio/linkerd:1.4.5-openj9-experimental on Docker Hub.

Full release notes:

  • Add an OpenJ9 configuration for building a Docker image with the OpenJ9 JVM
  • Fix a NullPointerException when using the -validate flag
  • Fix an error where diagnostic tracing did not work when receiving a chunk encoded response
  • Admin
    • Add a security section to the admin config that controls which admin endpoints are enabled
  • HTTP/2
    • Fix a memory leak when there are a large number of reset streams
    • Allow HTTP/2 response classifiers to be loaded as plugins
  • Namerd
    • Fix a memory leak in the the io.l5d.mesh interpreter when idle services are reaped

@dadjeibaah dadjeibaah released this Jul 6, 2018 · 56 commits to master since this release

Assets 5

Linkerd 1.4.4 continues our focus on diagnostics, performance, and stability. This release features
several performance and diagnostics improvements, including better handling of HTTP/2 edge cases,
new watch state introspection for the Consul namer, and better isolation of admin page serving from
the primary data path. It also features a new, pluggable trace propagation module that allows for
easier integration with tracing systems like OpenTracing.

This release features contributions from Salesforce, Walmart, WePay, Comcast, ScalaConsultants,
OfferUp, Buoyant, and more. A big thank you to:

Full release notes:

  • Distributed Tracing
    • Refactor Linkerd's trace propagation module to be pluggable. This allows better integration with
      tracing systems like OpenTracing and allows users to write Linkerd trace propagation plugins for
      arbitrary tracing systems.
  • TLS
    • Deprecate the trustCerts config field in the client TLS section in favor of
      trustCertsBundle. This allows you to use multiple trust certs in one file and avoids the need
      for Linkerd to create temporary files.
  • HTTP, HTTP/2
    • Fix an issue where Linkerd sometimes interprets HTTP/1.0 response with no Content-Length as a
      chunked response.
    • Improve error messages by adding contextual routing information to a ConnectionFailed
      exception sent back to a client via Linkerd.
    • Add a gRPC standard-compliant response classifier.
    • Fix an issue where Linkerd doesn't add an l5d-err header in an HTTP/2 response.
    • Fix an issue where Linkerd does not handle HTTP/2 requests with invalid HTTP status codes
      correctly.
  • Consul
    • Add new watch state instrumentation feature to the io.l5d.consul namer.
    • Fix an issue where the io.l5d.consul namer sometimes does not retry ConnectionRefused
      exception.
    • Fix an issue where the io.l5d.consul namer returns a single IP for a service node instead of
      multiple IP addresses for a service node.
  • Admin
    • Fix an issue where Linkerd may slow down data plane requests when the admin server is under
      heavy load.
    • Improve performance of the Prometheus telemeter when serving metrics for a high cardinality
      of services.
    • Fix an issue where the intepreter_state endpoint was not available for interpreters that
      contained a transformer.
    • Fix the namer_state endpoint to expose namers that use transformers.
  • Namerd
    • Fix an issue where null values were accepted by the Dtab HTTP API.

@dadjeibaah dadjeibaah released this Jun 13, 2018 · 84 commits to master since this release

Assets 5

This is a follow up release that includes diagnostic tracing for H2 requests.

Full release notes:

  • Add diagnostic tracing for H2 requests, allowing Linkerd to add h2 request routing information at
    the end of h2 streams to downstream services.
  • Pass stack params to announcer plugins, allowing them to report metrics correctly.

@dadjeibaah dadjeibaah released this Jun 11, 2018 · 87 commits to master since this release

Assets 5

Linkerd 1.4.2 continues its focus on diagnostics and stability. This release introduces Diagnostic
Tracing, a feature that helps describe how Linkerd routes requests by displaying detailed routing information from each hop through your application. Stay tuned for a deep dive blog post about this feature coming soon.

We’re also excited to share improvements to Linkerd’s error handling. Previously, when Linkerd failed to route a request, it could fail with a notoriously confusing No Hosts Available error.
Now, these errors include more useful, informative diagnostic information to help explain the cause
of the failure.

Full release notes:

  • Diagnostics
    • Improve error reporting when receiving No Hosts Available exception. Linkerd returns a less cryptic user-friendly message that includes information such as alternative service name resolutions and dtabs used for name resolution.
    • Add a new diagnostic tracing feature. It allows Linkerd to add routing information to the response of a TRACE request forwarded to a service.
  • Fixes an issue where underscores in match patterns of io.l5d.rewrite no longer work.

@adleong adleong released this May 25, 2018 · 92 commits to master since this release

Assets 5

Linkerd 1.4.1 is focused on adding diagnostics and improved behavior in
production environments.

This release features contributions from Strava, Signal, OfferUp, Scalac,
Salesforce, and Buoyant. A big thank you to:

Full release notes:

  • Diagnostics:
    • Add watch state admin endpoints where you can inspect the current state of Linkerd's watches, including information such as time of last update and last known value. These can be extremely valuable for debugging communication between Linkerd and other components such as Namerd or Kubernetes.
      • Kubernetes namer watch state: /namer_state/io.l5d.k8s.json
      • Namerd interpreter watch state: /interpreter_state/io.l5d.namerd/<namespace>.json
      • Namerd mesh interpreter watch state: /interpreter_state/io.l5d.mesh/<root>.json
  • TLS:
    • Add the intermediateCertsPath config setting to client and server TLS. This allows you to specify a file containing intermediate CA certificates supporting the main certificate.
    • Allow the TLS protocols to be configured which enables the ability to use TLSv1.2 specific ciphers.
  • HTTP, HTTP/2:
    • Avoiding upgrading HTTP/1.0 requests to HTTP/1.1. This prevents servers from sending responses that the client cannot handle (e.g. chunk encoded responses).
    • Fix a bug where Linkerd was not writing the l5d-ctx-* headers on HTTP/2 requests..
    • Add support for adding a 'Forwarded' header to HTTP/2 requests.
  • Make Linkerd and Namerd honor the shutdown grace period when using the /admin/shutdown endpoint.
  • Pass stack params to announcer plugins, allowing them to report metrics correctly.
  • Add support for extracting substrings in path patterns. This allows you to, for example, configure TLS commonNames based on substrings of a path segment instead of the entire segment.
  • Add a TTL to Namerd's inactive cache so that Namerd will tear down watches on idle services.
  • Improve fallback behavior in the io.l5d.marathon namer so that fallback occurs if an app has no replicas.
  • Fix an ArrayIndexOutOfBoundsException in ForwardClientCertFilter.

@adleong adleong released this Apr 30, 2018 · 116 commits to master since this release

Assets 5

Linkerd 1.4.0 upgrades us to the latest versions of Finagle and Netty and
features lower memory usage for large payloads. Two new configuration options
have been introduced: client connection lifetimes and access log rotation
policy. One breaking change has been introduced around the configuration file
syntax for loggers. This release features contributions from ThreeComma,
ScalaConsultants, Salesforce, and Buoyant.

  • Breaking Change: Rename the loggers section of the Linkerd config to requestAuthorizers to match the name of the plugin type (#1900)
  • Tune Netty/Finagle settings to reduce direct memory usage (#1889). This should dramatically reduce direct memory usage when transferring large payloads.
  • Introduce a ClientSession configuration section that provides ways to control client connection lifetime (#1903).
  • Expose rotation policy configuration for http and http2 access logs (#1893).
  • Stop logging harmless reader discarded errors in k8s namer (#1901).
  • Disable autoloading of the default tracer in Namerd (#1902). This prevents Namerd from attempting to connect to a Zipkin collector that doesn't exist.
  • Upgrade to Finagle 18.4.0.
Pre-release

@adleong adleong released this Apr 24, 2018 · 117 commits to master since this release

Assets 4

Linkerd 1.4.0 upgrades Linkerd to use the latest and greatest of Finagle and Netty. It also introduces the ability to configure client connection lifetimes as well as access log rotation policy. This release features contributions from ThreeComma, ScalaConsultants, and Salesforce.

  • Breaking Change: The loggers section of the Linkerd config has been renamed to requestAuthorizers to match the name of the plugin type (#1900)
  • Tune Netty/Finagle settings to reduce direct memory usage (#1889).
  • Introduce ClientSession configuration section that provides ways to control client connection lifetime (#1903).
  • Expose rotation policy configuration for http and http2 access logs (#1893).
  • Stop logging harmless reader discarded errors in k8s namer (#1901).
  • Disable autoloading of the default tracer in Namerd (#1902).
  • Upgrade to Finagle 18.4.0.