conduit v22.7.3 Release Notes
-
๐ This release adds a new
nft
iptables mode, used by default in proxy-init. ๐ง When used, firewall configuration will be set-up through theiptables-nft
๐ binary; this should allow hosts that do not supportiptables-legacy
(such as RHEL based environments) to make use of the init container. The older ๐iptables-legacy
mode is still supported, but it must be explictly turned on. ๐ Moreover, this release also replaces theHTTPRoute
CRD with Linkerd's own ๐ version, and includes a number of fixes and improvements.- โ Added a new
iptables-nft
mode for proxy-init. When running in this mode, the firewall will be configured withnft
kernel API; this should allow users to run the init container on RHEL-family hosts - ๐ Fixed an issue where the proxy-injector would break when using
nodeAffinity
values for the control plane - โก๏ธ Updated healthcheck to ignore
Terminated
state for pods (thanks @AgrimPrasad!) - Replaced
HTTRoute
CRD version fromgateway.networking.k8s.io
with a similar version from thepolicy.linkerd.io
API group. While the CRD is similar, it does not support theGateway
type, does not contain thebackendRefs
fields, and does not supportRequestMirror
andExtensionRef
filter types. - โก๏ธ Updated the default policy controller log level to
info
; the controller will now emit INFO level logs for some of its dependencies - โ Added validation to ensure
HTTPRoute
paths are absolute; relative paths are not supported by the proxy and the policy controller admission server will reject any routes that use paths which do not start with/
- โ Added a new