Skip to content

edge-24.7.5
Compare
Choose a tag to compare
@github-actions github-actions released this 26 Jul 19:14
· 567 commits to main since this release
edge-24.7.5
a9fa176
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

RECOMMENDED

Overall status: RECOMMENDED

Cautions

N/A

Changes

This release supports Server-scoped default policy, policy audit mode, GRPCRoute, and new retry and timeout configuration (including for Gateway API resources)!

Server-scoped default policy

Server resources now have an accessPolicy field that will override the default inbound policy for any traffic associated with that Server. (The default accessPolicy is deny, for compatibility with previous releases.)

Policy audit mode

Both default inbound policy and Server accessPolicy can now be set to audit in order to allow traffic to flow, but log anything that would be denied. In the proxy's logs, you'll see INFO level logs with the tag authz.name=audit. In metrics (such as request_total) you'll see the label authz_name=audit.

GRPCRoute

edge-24.7.5 includes support for the Gateway API GRPCRoute resource. Remember that starting with edge-24.5.2, if you don't set enableHttpRoutes to false when installing, Linkerd will install the grpcroute.gateway.networking.k8s.io CRD into your cluster and remove it when Linkerd is uninstalled.

Retries

Starting in this release, you can use the retry.linkerd.io/http annotation on Service or HTTPRoute resources to enable HTTP retries. The value of this annotation is a comma-separated list of HTTP statuses to retry on (for example "502-504,511"). "5xx" is shorthand for any of the 5xx status codes, and gateway-error is shorthand for "502-504".

You can also use the retry.linkerd.io/grpc annotation on Service or GRPCRoute resources to enable gRPC retries. The value of this annotation is a comma-separated list of gRPC results to retry on (for example "cancelled,deadline-exceeded").

These are counted retries, unlike Linkerd's typical budgeted retries. Use the retry.linkerd.io/limit annotation to set the maximum number of retries, and the retry.linkerd.io/timeout annotation to set how long Linkerd will give a request before cancelling it and retrying.

Timeouts

Finally, you can configure timeouts on Service, HTTPRoute, and GRPCRoute with annotations. timeout.linkerd.io/request and timeout.linkerd.io/response set timeouts for processing the request and receiving the response; timeout.linkerd.io/idle sets the idle timeout. All currently allow values similar to GEP-2257 Duration strings, but allowing only a single unit (for example, 1500ms or 90s are allowed, but 1s500ms and 1m30s are not).

What's Changed

Full Changelog: edge-24.7.4...edge-24.7.5

Contributors

alpeb, adleong, and 2 other contributors
Assets 14
Loading