edge-21.9.4
This edge is a release candidate for stable-2.11.0
! It introduces a new
linkerd viz auth
command which shows metrics for server authorizations broken
down by server for a given resource. It also shows the rate of unauthorized
requests to each server. This is helpful for seeing a breakdown of which
authorizations are being used and what proportion of traffic is being rejected.
It also fixes an issue in the proxy where HTTP load balancers could continue
trying to establish connections to endpoints that were removed from service
discovery. In addition it improves the proxy's error handling so that it can
signal to an inbound proxy when its peers outbound connections should be torn
down.
- Changed destination watch updates from
info
todebug
to reduce the amount
of logs (thanks @bartpeeters!) - Added the
linkerd viz auth
command which shows metrics for server
authorizations broken down by server for a given resource - Fixed an issue where the policy controller's validating admission webhook
attempted to validate ServerAuthorizations when it should only be validating
Servers - Removed
omitWebhookSideEffects
setting now that we no longer support
Kubernetes 1.12 - Improved proxy error handling so that it can signal to its peers that their
outbound connections should be torn down - Fixed an issue where after upgrades there would be a mismatch in certs used by
the policy controller validator; the destination pod is now restarted similar
to the injector - Fixed a field reference in the Helm template to properly refer to
profileValidator.namespaceSelector
- Updated policy CRD versions to
v1beta1
- Added support for
stat
's-o json
option to Server resources - Fixed an issue in the proxy where HTTP load balancers could continue trying to
establish connections to endpoints that were removed from service discovery - Added JSON output format to
linkerd viz authz
command