linkerd2
linkerd2 copied to clipboard
linkerd
Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
### What is the issue? Linkerd-destination is crash looping on a bare-metal cluster, when I tried turning on debug logging there doesn't appear to be much information (attached below). No...
### What problem are you trying to solve? On some Kubernetes distributions, requests from the control plane may not come from a private address range IP address or even a...
## Bug Report ### What is the issue? After turning on the `all-authenticated` policy mode, affected pods cannot start because of 403 error. ### How can it be reproduced? Just...
### What problem are you trying to solve? As described in #8070, the `linkerd-cni` plugin has two race conditions that come into play usually when a node is drained or...
## Feature Request Enable Linkerd to inject proxy without needing `automountServiceAccountToken` set to `true` for mTLS. ### What problem are you trying to solve? By default `automountServiceAccountToken` is set to...
### What is the issue? I'm trying to get LinkerD installed on a CentOS 8_Stream cluster with Kubernetes v1.24.1 and pods cannot initialize and upon describe it's outputting the following:...
### What is the issue? iptables command fails in linkerd-init container (in all linkerd pods) with the error message shown in the log snippet below. linkerd installation is not successful....
policy-controller container builds frequently take 9+ minutes in CI (i.e. for integration tests, etc). This isn't so much a problem when doing a proper release, but it is an extremely...
[make-show-all]: https://github.com/linkerd/linkerd2-proxy-init/blob/5df92e7eb6352f8bfc604390a1dc47eacd32992e/iptables/iptables.go#L352-L354 [rule-check]: https://github.com/linkerd/linkerd2-proxy-init/blob/5df92e7eb6352f8bfc604390a1dc47eacd32992e/iptables/iptables.go#L78-L84 In our proxy-init code, we make use of `iptables-save` to [get a dump of all existing rules][make-show-all] and chains in machine consumable format. It is important...
We now support calling into any available iptables variant in `proxy-init`. Currently, our integration tests only cover `iptables-legacy` (symlinked to `iptables` in alpine). We should duplicate the tests (or write...