Tags: personio/linkerd2-proxy
Tags
inbound: Restrict the HTTP/1 idle timeout (linkerd#1931) The inbound proxy may hold idle inbound connections to the application open for (by default) 20s. This can be problematic when a server sets a lesser idle timeout and that idle timeout matches some poll interval (like a Kubernetes probe or metrics scrape). This change reduces the HTTP/1 connection pool idle timeout to 3s. This should be short enough to avoid this problem in many cases but it is also large enough that connection pooling can help busy services. In the future, this configuration should be made dynamic via the inbound policy API. Signed-off-by: Oliver Gould <ver@buoyant.io>
build(deps): bump which from 4.2.5 to 4.3.0 (linkerd#1938) Bumps [which](https://github.com/harryfei/which-rs) from 4.2.5 to 4.3.0. - [Release notes](https://github.com/harryfei/which-rs/releases) - [Commits](harryfei/which-rs@4.2.5...4.3.0) --- updated-dependencies: - dependency-name: which dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
build(deps): bump tj-actions/changed-files from 24.1 to 25 (linkerd#1882 ) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 24.1 to 25. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@bf6ddb7...36e65a1) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
build(deps): bump tokio from 1.20.0 to 1.20.1 (linkerd#1845) Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.20.0 to 1.20.1. - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.20.0...tokio-1.20.1) --- updated-dependencies: - dependency-name: tokio dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configure inbound HTTP routes via gRPC (linkerd#1814) The policy controller serves inbound server configuration. Recent changes have updated the inbound proxy to support applying HTTP route-specific policies, but only a single default route configuration was used. This change updates the proxy to use a (not yet released) new proxy API version that includes HTTP routes in server responses. This change adds protobuf conversions from these types to the proxy's HTTP route types. If the proxy receives a router filter of an unknown type (i.e., because the controller is running a later version of the API that includes new types), then the proxy will FAIL all requests on that route with an internal server error. It's considered safer to fail hard in this case, rather than to silently ignore a configured policy that could potentially be security-sensitive. Signed-off-by: Oliver Gould <ver@buoyant.io>
v2.182.0 This release updates the proxy's service discovery module to avoid redundant load balancer updates that could cause unnecessary connection churn. This release also includes improvements to the proxy's retry handling of gRPC requests. The proxy would not retry requests when a response's status code was emitted in a TRAILERS frame. This has been fixed. This release also includes a number of internal changes that set up for per-route authorization. There should be no user-facing impact at this point except for the introduction of additional metrics labels.
This release cherry-picks commits from the `main` branch into the `release/v2.161` branch, including fixes for a panic when processing a large number of service discovery updates, for incorrect handling of `CONNECT` requests with `Content-Length` headers, and for a failure to correctly resolve DNS SRV records for the control plane.
v2.181.0 This release fixes a bug in the proxy's outbound load balancer that could cause panics, especially when the balancer processes many service discovery updates in a short period of time.
v2.180.0 This release includes only minor internal changes and dependency updates.
v2.179.0 This release fixes a problem with HTTP/1.1 `CONNECT` requests. When a server responds to a `CONNECT` request with `content-length` or `transfer-encoding` headers (in violation of RFC 7231), the proxy must actively strip these headers to avoid making the Hyper server fail the response.
PreviousNext