New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add release notes for edge-21.9.1
#6803
Conversation
This release includes various improvements and feature additions across the policy feature i.e, New validating webhook for policy resources. This also includes changes in the proxy i.e, terminating TCP connections when a authorization is revoked, improvements in the proxy authorization metrics. In addition, proxy injector has also been updated to set the right `opaque-ports` annotation on services with default opaque ports. * Added a new validating admission controller to validate the proxy resources * Updated the proxy-init to remove a rule which caused the packets from the proxy with destination != 127.0.0.1 on localhost to be sent to the inbound proxy * Added new `LINKERD_DOCKER_REGISTRY` env variable to configure the docker registry in the CLI * Updated inbound policy enforcement to interrupt TCP forwarding if a previously established authorization is revoked * Added new proxy metrics w.r.t Authorization along with traffic target labels * Updated inbound TCP metrics to only include a `srv_name` label * Updated the proxy to export route-oriented metrics only when a ServiceProfile is enabled. * Updated tokio to include performance improvements and to enable link-time optimizations in the release builds * Added DNS name validation to the `proxy-identity` binary which creates the read-only private key required the proxy (thanks @yorkijr!) * Updated the identity controller's default policy to be `cluster-unauthenticated` * Updated the proxy injector to include the correct default ports as opaque with services * Deprecated the usage of `vis stat ts` and print a warning about the SMI extension * Updated various dependencies across the dashboard, policy-controller (thanks @dependabot!) Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a few comments but nothing major, the changelog looks good to me! 🚢 📦
CHANGES.md
Outdated
* Updated inbound TCP metrics to only include a `srv_name` label | ||
* Updated the proxy to export route-oriented metrics only when a ServiceProfile | ||
is enabled. | ||
* Updated tokio to include performance improvements and to enable link-time |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: do you think we should exclude this? doesn't seem very user facing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not very user facing but perf improvements felt important to be mentioned! 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, We can remove the link-time part I guess. Updating
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm good either way, I see your point too. Just asked to see what you think :)
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
This release includes various improvements and feature additions across the policy | ||
feature i.e, New validating webhook for policy resources. This also includes changes | ||
in the proxy i.e, terminating TCP connections when a authorization is revoked, improvements | ||
in the proxy authorization metrics. In addition, proxy injector has also been updated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in the proxy authorization metrics. In addition, proxy injector has also been updated | |
in the proxy authorization metrics. In addition, the proxy injector has also been updated |
* Updated the proxy injector to include the correct default ports as opaque with | ||
services |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wording:
* Updated the proxy injector to include the correct default ports as opaque with | |
services | |
* Updated the proxy injector to add only the default opaque ports that a pod or service exposes |
This release includes various improvements and feature additions across the policy
feature i.e, New validating webhook for policy resources. This also includes changes
in the proxy i.e, terminating TCP connections when a authorization is revoked, improvements
in the proxy authorization metrics. In addition, proxy injector has also been updated
to set the right
opaque-ports
annotation on services with default opaque ports.with destination != 127.0.0.1 on localhost to be sent to the inbound proxy
established authorization is revoked
srv_name
labelis enabled
proxy-identity
binary which creates theread-only private key required by the proxy (thanks @yorkijr!)
cluster-unauthenticated
services
vis stat ts
and print a warning about the SMI extension(thanks @dependabot!)