Releases: linkerd/linkerd2-proxy-init
Releases · linkerd/linkerd2-proxy-init
cni-plugin v1.6.2
Fixed shutdown issue This release fixes an issue introduced in v1.6.0 where the linkerd-cni pod was failing to complete its cleanup tasks during shutdown, leaving the linkerd-cni active but potentially with revoked permissions, thus interfering with the proper startup of pods in the node.
cni-plugin v1.6.1
Improved SA token rotation detection This release improves the service account token rotation detection introduced in the previous release.
proxy-init v2.4.2
proxy-init/v2.4.2 Dependencies updates
cni-plugin v1.6.0
SA token rotation detection, RHEL nodes support This release adds support for detecting whenever the service account token mounted as a projected volume into the linkerd-cni DaemonSet is rotated. Also, we add support for a new iptables mode "plain" that implies running the `iptables` command (instead of `iptables-legacy` or `iptables-nft`), useful for nodes running RHEL.
cni-plugin v1.5.2
Don't ignore inotifywait failures This release fixes the issue that when the node had hit the inotify limit, deploying the linkerd-cni daemonset would silently fail. Now the problem is caught and the pod enters a crash loop until the limit is no longer surpassed.
proxy-init v2.4.1
Fail container when ip6tables fails
This release ensures that when IPv6 is enabled, the series of ip6tables commands succeed. If they fail, the proxy-init container should fail as well, instead of ignoring errors.
cni-plugin v1.5.1
Fail container when ip6tables fails This release ensures that when IPv6 is enabled, the series of ip6tables commands succeed. If they fail, the linkerd-cni container should fail as well, instead of ignoring errors.
proxy-init v2.4.0
Allow proxy-init to create group ID rules
The new release adds support for specifying a group ID via the command line. When a group ID is specified, a new rule will be created to ignore packets generated by processes running under that group ID.
Full Changelog: proxy-init/v2.3.0...proxy-init/v2.4.0
cni-plugin v1.5.0
Fix linkerd-cni when using native sidecars (#362) Fixes linkerd/linkerd2#11597 When the cni plugin is triggered, it validates that the proxy has been injected into the pod before setting up the iptables rules. It does so by looking for the "linkerd-proxy" container. However, when the proxy is injected as a native sidecar, it gets added as an _init_ container, so it was being disregarded here. We don't have integration tests for validating native sidecars when using linkerd-cni because [Calico doesn't work in k3s since k8s 1.27](https://github.com/k3d-io/k3d/issues/1375), and we require k8s 1.29 for using native sidecars. I did nevertheless successfully test this fix in an AKS cluster.
proxy-init v2.3.0
Add IPv6/dual-stack support This release adds the proxy-init flag `--iptables-mode` (with possible values `legacy` and `nft`), which supersedes `--firewal-bin-path` and `firewall-save-bin-path` (which still remain supported). Also the `--ipv6` flag has been added (default `true`). After the set of rules run via iptables are processed, if `--ipv6` is true (which is the default), the same set of rules will be run via ip6tables.