You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This release of linkerd2-proxy-init comes with a major change in anticipation
of Linkerd stable-2.11. In the upcoming stable version, linkerd-proxy will
no longer forward to ports bound on localhost, instead, it will use the
destination address and port.
Changes
Remove redirect-non-loopback-local-traffic rule. When redirecting traffic to
original address, the redirect rule in the output (outbound) chain would force a
packet originating from the inbound side (going) to the process back to the
inbound side. Packets generated from inbound and destined to process will still
go through output chain (and hence, through the outbound chain, where they are
caught by the now removed rule). Removing this rule ensures any packet not
targeting 127.0.0.1 which originates from the proxy and is on lo can now be
sent to its intended destination instead of being routed back through the
inbound. For more information, check commit.
Include more output in the simulate mode (thanks @liuerfire!")
Log to stdout instead of stderr (thanks @mo4islona!)
Non user-facing changes:
Added dependabot.yml to receive automated dependencies upgrades PRs (both for go and github actions). As a result, also upgraded a bunch of dependencies.
Added a timeout-close-wait-secs flag to the proxy-init process that sets the net.netfilter.nf_conntrack_tcp_timeout_close_wait. Note that this will fail if the container is not privileged
