Add release notes for edge-21.9.1
#6803
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This release includes various improvements and feature additions across the policy feature i.e, New validating webhook for policy resources. This also includes changes in the proxy i.e, terminating TCP connections when a authorization is revoked, improvements in the proxy authorization metrics. In addition, proxy injector has also been updated to set the right `opaque-ports` annotation on services with default opaque ports. * Added a new validating admission controller to validate the proxy resources * Updated the proxy-init to remove a rule which caused the packets from the proxy with destination != 127.0.0.1 on localhost to be sent to the inbound proxy * Added new `LINKERD_DOCKER_REGISTRY` env variable to configure the docker registry in the CLI * Updated inbound policy enforcement to interrupt TCP forwarding if a previously established authorization is revoked * Added new proxy metrics w.r.t Authorization along with traffic target labels * Updated inbound TCP metrics to only include a `srv_name` label * Updated the proxy to export route-oriented metrics only when a ServiceProfile is enabled. * Updated tokio to include performance improvements and to enable link-time optimizations in the release builds * Added DNS name validation to the `proxy-identity` binary which creates the read-only private key required the proxy (thanks @yorkijr!) * Updated the identity controller's default policy to be `cluster-unauthenticated` * Updated the proxy injector to include the correct default ports as opaque with services * Deprecated the usage of `vis stat ts` and print a warning about the SMI extension * Updated various dependencies across the dashboard, policy-controller (thanks @dependabot!) Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
mateiidavid
approved these changes
Sep 3, 2021
CHANGES.md
Outdated
| * Updated inbound TCP metrics to only include a `srv_name` label | ||
| * Updated the proxy to export route-oriented metrics only when a ServiceProfile | ||
| is enabled. | ||
| * Updated tokio to include performance improvements and to enable link-time |
There was a problem hiding this comment.
nit: do you think we should exclude this? doesn't seem very user facing.
There was a problem hiding this comment.
Not very user facing but perf improvements felt important to be mentioned! 🤔
There was a problem hiding this comment.
Hmm, We can remove the link-time part I guess. Updating
There was a problem hiding this comment.
I'm good either way, I see your point too. Just asked to see what you think :)
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
olix0r
approved these changes
Sep 3, 2021
kleimkuhler
approved these changes
Sep 3, 2021
| This release includes various improvements and feature additions across the policy | ||
| feature i.e, New validating webhook for policy resources. This also includes changes | ||
| in the proxy i.e, terminating TCP connections when a authorization is revoked, improvements | ||
| in the proxy authorization metrics. In addition, proxy injector has also been updated |
There was a problem hiding this comment.
Suggested change
| in the proxy authorization metrics. In addition, proxy injector has also been updated | |
| in the proxy authorization metrics. In addition, the proxy injector has also been updated |
Comment on lines
+26
to
+27
| * Updated the proxy injector to include the correct default ports as opaque with | ||
| services |
There was a problem hiding this comment.
wording:
Suggested change
| * Updated the proxy injector to include the correct default ports as opaque with | |
| services | |
| * Updated the proxy injector to add only the default opaque ports that a pod or service exposes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This release includes various improvements and feature additions across the policy
feature i.e, New validating webhook for policy resources. This also includes changes
in the proxy i.e, terminating TCP connections when a authorization is revoked, improvements
in the proxy authorization metrics. In addition, proxy injector has also been updated
to set the right
opaque-portsannotation on services with default opaque ports.with destination != 127.0.0.1 on localhost to be sent to the inbound proxy
established authorization is revoked
srv_namelabelis enabled
proxy-identitybinary which creates theread-only private key required by the proxy (thanks @yorkijr!)
cluster-unauthenticatedservices
vis stat tsand print a warning about the SMI extension(thanks @dependabot!)