From 34979ddcad70f52b43beb73f4aaf83b44e6dcd1c Mon Sep 17 00:00:00 2001 From: Ivan Porta Date: Fri, 24 Oct 2025 18:28:03 +0900 Subject: [PATCH 001/123] se the default number of replicas of the local service mirror in HA to 3 Signed-off-by: Ivan Porta --- multicluster/charts/linkerd-multicluster/values-ha.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/multicluster/charts/linkerd-multicluster/values-ha.yaml b/multicluster/charts/linkerd-multicluster/values-ha.yaml index e5146ad7df49b..a4d8b35b19937 100644 --- a/multicluster/charts/linkerd-multicluster/values-ha.yaml +++ b/multicluster/charts/linkerd-multicluster/values-ha.yaml @@ -3,4 +3,5 @@ gateway: enablePodAntiAffinity: true -# nodeAffinity: +localServiceMirror: + replicas: 3 \ No newline at end of file From c4834173c5fc18535c2e559d8e6f2d554f9a99bc Mon Sep 17 00:00:00 2001 From: Ivan Porta Date: Thu, 18 Dec 2025 19:59:49 +0900 Subject: [PATCH 002/123] remove new line at the end of the values-ha file Signed-off-by: Ivan Porta --- charts/linkerd-control-plane/values-ha.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/linkerd-control-plane/values-ha.yaml b/charts/linkerd-control-plane/values-ha.yaml index e3b8cbc0701b3..fcffca09630c3 100644 --- a/charts/linkerd-control-plane/values-ha.yaml +++ b/charts/linkerd-control-plane/values-ha.yaml @@ -60,4 +60,4 @@ webhookFailurePolicy: Fail spValidatorResources: *controller_resources # flag for linkerd check -highAvailability: true +highAvailability: true \ No newline at end of file From 879ceaeb1190e3bf185d96d36529d7de09b21316 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:46:22 -0400 Subject: [PATCH 003/123] build(deps): bump cfg-if from 1.0.3 to 1.0.4 (#14645) Bumps [cfg-if](https://github.com/rust-lang/cfg-if) from 1.0.3 to 1.0.4. - [Release notes](https://github.com/rust-lang/cfg-if/releases) - [Changelog](https://github.com/rust-lang/cfg-if/blob/main/CHANGELOG.md) - [Commits](https://github.com/rust-lang/cfg-if/compare/v1.0.3...v1.0.4) --- updated-dependencies: - dependency-name: cfg-if dependency-version: 1.0.4 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6f07aca6eda3c..28ce4efbd7c4c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -262,9 +262,9 @@ dependencies = [ [[package]] name = "cfg-if" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" [[package]] name = "chrono" From 5e14016e30c306650fbadf6197e2baa08c5914cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:47:02 -0400 Subject: [PATCH 004/123] build(deps): bump openssl-sys from 0.9.109 to 0.9.110 (#14646) Bumps [openssl-sys](https://github.com/rust-openssl/rust-openssl) from 0.9.109 to 0.9.110. - [Release notes](https://github.com/rust-openssl/rust-openssl/releases) - [Commits](https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.109...openssl-sys-v0.9.110) --- updated-dependencies: - dependency-name: openssl-sys dependency-version: 0.9.110 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 28ce4efbd7c4c..11954d85fc793 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1695,9 +1695,9 @@ checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e" [[package]] name = "openssl-sys" -version = "0.9.109" +version = "0.9.110" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90096e2e47630d78b7d1c20952dc621f957103f8bc2c8359ec81290d75238571" +checksum = "0a9f0075ba3c21b09f8e8b2026584b1d18d49388648f2fbbf3c97ea8deced8e2" dependencies = [ "cc", "libc", From 3cf1da6b3542758a043e5611a724f1fa91f55a4a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:47:19 -0400 Subject: [PATCH 005/123] build(deps): bump unicode-ident from 1.0.19 to 1.0.20 (#14647) Bumps [unicode-ident](https://github.com/dtolnay/unicode-ident) from 1.0.19 to 1.0.20. - [Release notes](https://github.com/dtolnay/unicode-ident/releases) - [Commits](https://github.com/dtolnay/unicode-ident/compare/1.0.19...1.0.20) --- updated-dependencies: - dependency-name: unicode-ident dependency-version: 1.0.20 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 11954d85fc793..6dd6836d7495b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2745,9 +2745,9 @@ checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971" [[package]] name = "unicode-ident" -version = "1.0.19" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d" +checksum = "462eeb75aeb73aea900253ce739c8e18a67423fadf006037cd3ff27e82748a06" [[package]] name = "unsafe-libyaml" From 970136800eee7f2edaf058d4ce5690ee58d86f22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:47:37 -0400 Subject: [PATCH 006/123] build(deps): bump backon from 1.5.2 to 1.6.0 (#14656) Bumps [backon](https://github.com/Xuanwo/backon) from 1.5.2 to 1.6.0. - [Release notes](https://github.com/Xuanwo/backon/releases) - [Commits](https://github.com/Xuanwo/backon/compare/v1.5.2...v1.6.0) --- updated-dependencies: - dependency-name: backon dependency-version: 1.6.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6dd6836d7495b..a1dfc7ea8cb03 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -177,9 +177,9 @@ dependencies = [ [[package]] name = "backon" -version = "1.5.2" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "592277618714fbcecda9a02ba7a8781f319d26532a88553bbacc77ba5d2b3a8d" +checksum = "cffb0e931875b666fc4fcb20fee52e9bbd1ef836fd9e9e04ec21555f9f85f7ef" dependencies = [ "fastrand", "gloo-timers", @@ -556,7 +556,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.0", + "windows-sys 0.52.0", ] [[package]] @@ -1006,7 +1006,7 @@ dependencies = [ "hyper", "libc", "pin-project-lite", - "socket2 0.6.0", + "socket2 0.5.10", "tokio", "tower-service", "tracing", @@ -2057,7 +2057,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] From 94533f689a7efa4e38ec2143c4eff60fb14abe22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:47:50 -0400 Subject: [PATCH 007/123] build(deps-dev): bump @babel/eslint-parser in /web/app (#14658) Bumps [@babel/eslint-parser](https://github.com/babel/babel/tree/HEAD/eslint/babel-eslint-parser) from 7.28.4 to 7.28.5. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.5/eslint/babel-eslint-parser) --- updated-dependencies: - dependency-name: "@babel/eslint-parser" dependency-version: 7.28.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index a5846d0a7c70d..4c3a92782fa7e 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -42,7 +42,7 @@ }, "devDependencies": { "@babel/core": "^7.28.4", - "@babel/eslint-parser": "^7.28.4", + "@babel/eslint-parser": "^7.28.5", "@babel/plugin-proposal-class-properties": "^7.17.12", "@babel/preset-env": "^7.28.3", "@babel/preset-react": "^7.27.1", diff --git a/web/app/yarn.lock b/web/app/yarn.lock index f6a64acc5cc7b..fc5fb4e7acd2e 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -53,10 +53,10 @@ json5 "^2.2.3" semver "^6.3.1" -"@babel/eslint-parser@^7.28.4": - version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/eslint-parser/-/eslint-parser-7.28.4.tgz#80dd86e0aeaae9704411a044db60e1ae6477d93f" - integrity sha512-Aa+yDiH87980jR6zvRfFuCR1+dLb00vBydhTL+zI992Rz/wQhSvuxjmOOuJOgO3XmakO6RykRGD2S1mq1AtgHA== +"@babel/eslint-parser@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/eslint-parser/-/eslint-parser-7.28.5.tgz#0b8883a4a1c2cbed7b3cd9d7765d80e8f480b9ae" + integrity sha512-fcdRcWahONYo+JRnJg1/AekOacGvKx12Gu0qXJXFi2WBqQA1i7+O5PaxRB7kxE/Op94dExnCiiar6T09pvdHpA== dependencies: "@nicolo-ribaudo/eslint-scope-5-internals" "5.1.1-v1" eslint-visitor-keys "^2.1.0" From 7d643d349159373e184fade515dfd9c9b3606db8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:48:02 -0400 Subject: [PATCH 008/123] build(deps-dev): bump @babel/preset-env in /web/app (#14659) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.28.3 to 7.28.5. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.5/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-version: 7.28.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 176 +++++++++++++++++++++++++++---------------- 2 files changed, 111 insertions(+), 67 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index 4c3a92782fa7e..35aed118b15cd 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -44,7 +44,7 @@ "@babel/core": "^7.28.4", "@babel/eslint-parser": "^7.28.5", "@babel/plugin-proposal-class-properties": "^7.17.12", - "@babel/preset-env": "^7.28.3", + "@babel/preset-env": "^7.28.5", "@babel/preset-react": "^7.27.1", "@babel/runtime": "^7.28.4", "@lingui/cli": "3.17.2", diff --git a/web/app/yarn.lock b/web/app/yarn.lock index fc5fb4e7acd2e..f1f1f79215f7c 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -27,10 +27,10 @@ js-tokens "^4.0.0" picocolors "^1.1.1" -"@babel/compat-data@^7.27.2", "@babel/compat-data@^7.27.7", "@babel/compat-data@^7.28.0": - version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.28.0.tgz#9fc6fd58c2a6a15243cd13983224968392070790" - integrity sha512-60X7qkglvrap8mn1lh2ebxXdZYtUcpd7gsmy9kLaBJ4i/WdY8PqTSdxyA8qraikqKQK5C1KRBKXqznrVapyNaw== +"@babel/compat-data@^7.27.2", "@babel/compat-data@^7.27.7", "@babel/compat-data@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.28.5.tgz#a8a4962e1567121ac0b3b487f52107443b455c7f" + integrity sha512-6uFXyCayocRbqhZOB+6XcuZbkMNimwfVGFji8CTZnCzOHVGvDqzvitu1re2AU5LROliz7eQPhB8CpAMvnx9EjA== "@babel/core@^7.12.3", "@babel/core@^7.23.9", "@babel/core@^7.27.4", "@babel/core@^7.28.4": version "7.28.4" @@ -80,6 +80,17 @@ "@jridgewell/trace-mapping" "^0.3.28" jsesc "^3.0.2" +"@babel/generator@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.28.5.tgz#712722d5e50f44d07bc7ac9fe84438742dd61298" + integrity sha512-3EwLFhZ38J4VyIP6WNtt2kUdW9dokXA9Cr4IVIFHuCpZ3H8/YFOl5JjZHisrn1fATPBmKKqXzDFvh9fUwHz6CQ== + dependencies: + "@babel/parser" "^7.28.5" + "@babel/types" "^7.28.5" + "@jridgewell/gen-mapping" "^0.3.12" + "@jridgewell/trace-mapping" "^0.3.28" + jsesc "^3.0.2" + "@babel/helper-annotate-as-pure@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.18.6.tgz#eaa49f6f80d5a33f9a5dd2276e6d6e451be0a6bb" @@ -309,6 +320,11 @@ resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz#a7054dcc145a967dd4dc8fee845a57c1316c9df8" integrity sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow== +"@babel/helper-validator-identifier@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz#010b6938fab7cb7df74aa2bbc06aa503b8fe5fb4" + integrity sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q== + "@babel/helper-validator-option@^7.27.1": version "7.27.1" resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz#fa52f5b1e7db1ab049445b421c4471303897702f" @@ -338,13 +354,20 @@ dependencies: "@babel/types" "^7.28.4" -"@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.27.1": - version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.27.1.tgz#61dd8a8e61f7eb568268d1b5f129da3eee364bf9" - integrity sha512-QPG3C9cCVRQLxAVwmefEmwdTanECuUBMQZ/ym5kiw3XKCGA7qkuQLcjWWHcrD/GKbn/WmJwaezfuuAOcyKlRPA== +"@babel/parser@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.28.5.tgz#0b0225ee90362f030efd644e8034c99468893b08" + integrity sha512-KKBU1VGYR7ORr3At5HAtUQ+TV3SzRCXmA/8OdDZiLDBIZxVyzXuztPjfLd3BV1PRAQGCMWWSHYhL0F8d5uHBDQ== + dependencies: + "@babel/types" "^7.28.5" + +"@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.28.5.tgz#fbde57974707bbfa0376d34d425ff4fa6c732421" + integrity sha512-87GDMS3tsmMSi/3bWOte1UblL+YUTFMV8SZPZ2eSEL17s74Cw/l63rR6NmGVKMYW2GYi85nE+/d6Hw5N0bEk2Q== dependencies: "@babel/helper-plugin-utils" "^7.27.1" - "@babel/traverse" "^7.27.1" + "@babel/traverse" "^7.28.5" "@babel/plugin-bugfix-safari-class-field-initializer-scope@^7.27.1": version "7.27.1" @@ -563,10 +586,10 @@ dependencies: "@babel/helper-plugin-utils" "^7.27.1" -"@babel/plugin-transform-block-scoping@^7.28.0": - version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.28.0.tgz#e7c50cbacc18034f210b93defa89638666099451" - integrity sha512-gKKnwjpdx5sER/wl0WN0efUBFzF/56YZO0RJrSYP4CljXnP31ByY7fol89AzomdlLNzI36AvOTmYHsnZTCkq8Q== +"@babel/plugin-transform-block-scoping@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.28.5.tgz#e0d3af63bd8c80de2e567e690a54e84d85eb16f6" + integrity sha512-45DmULpySVvmq9Pj3X9B+62Xe+DJGov27QravQJU1LLcapR6/10i+gYVAucGGJpHBp5mYxIMK4nDAT/QDLr47g== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -586,17 +609,17 @@ "@babel/helper-create-class-features-plugin" "^7.28.3" "@babel/helper-plugin-utils" "^7.27.1" -"@babel/plugin-transform-classes@^7.28.3": - version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.28.3.tgz#598297260343d0edbd51cb5f5075e07dee91963a" - integrity sha512-DoEWC5SuxuARF2KdKmGUq3ghfPMO6ZzR12Dnp5gubwbeWJo4dbNWXJPVlwvh4Zlq6Z7YVvL8VFxeSOJgjsx4Sg== +"@babel/plugin-transform-classes@^7.28.4": + version "7.28.4" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.28.4.tgz#75d66175486788c56728a73424d67cbc7473495c" + integrity sha512-cFOlhIYPBv/iBoc+KS3M6et2XPtbT2HiCRfBXWtfpc9OAyostldxIf9YAYB6ypURBBbx+Qv6nyrLzASfJe+hBA== dependencies: "@babel/helper-annotate-as-pure" "^7.27.3" "@babel/helper-compilation-targets" "^7.27.2" "@babel/helper-globals" "^7.28.0" "@babel/helper-plugin-utils" "^7.27.1" "@babel/helper-replace-supers" "^7.27.1" - "@babel/traverse" "^7.28.3" + "@babel/traverse" "^7.28.4" "@babel/plugin-transform-computed-properties@^7.27.1": version "7.27.1" @@ -606,13 +629,13 @@ "@babel/helper-plugin-utils" "^7.27.1" "@babel/template" "^7.27.1" -"@babel/plugin-transform-destructuring@^7.28.0": - version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.28.0.tgz#0f156588f69c596089b7d5b06f5af83d9aa7f97a" - integrity sha512-v1nrSMBiKcodhsyJ4Gf+Z0U/yawmJDBOTpEB3mcQY52r9RIyPneGyAS/yM6seP/8I+mWI3elOMtT5dB8GJVs+A== +"@babel/plugin-transform-destructuring@^7.28.0", "@babel/plugin-transform-destructuring@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.28.5.tgz#b8402764df96179a2070bb7b501a1586cf8ad7a7" + integrity sha512-Kl9Bc6D0zTUcFUvkNuQh4eGXPKKNDOJQXVyyM4ZAQPMveniJdxi8XMJwLo+xSoW3MIq81bD33lcUe9kZpl0MCw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" - "@babel/traverse" "^7.28.0" + "@babel/traverse" "^7.28.5" "@babel/plugin-transform-dotall-regex@^7.27.1": version "7.27.1" @@ -652,10 +675,10 @@ "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-destructuring" "^7.28.0" -"@babel/plugin-transform-exponentiation-operator@^7.27.1": - version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.27.1.tgz#fc497b12d8277e559747f5a3ed868dd8064f83e1" - integrity sha512-uspvXnhHvGKf2r4VVtBpeFnuDWsJLQ6MF6lGJLC89jBR1uoVeqM416AZtTuhTezOfgHicpJQmoD5YUakO/YmXQ== +"@babel/plugin-transform-exponentiation-operator@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.28.5.tgz#7cc90a8170e83532676cfa505278e147056e94fe" + integrity sha512-D4WIMaFtwa2NizOp+dnoFjRez/ClKiC2BqqImwKd1X28nqBtZEyCYJ2ozQrrzlxAFrcrjxo39S6khe9RNDlGzw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -697,10 +720,10 @@ dependencies: "@babel/helper-plugin-utils" "^7.27.1" -"@babel/plugin-transform-logical-assignment-operators@^7.27.1": - version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.27.1.tgz#890cb20e0270e0e5bebe3f025b434841c32d5baa" - integrity sha512-SJvDs5dXxiae4FbSL1aBJlG4wvl594N6YEVVn9e3JGulwioy6z3oPjx/sQBO3Y4NwUu5HNix6KJ3wBZoewcdbw== +"@babel/plugin-transform-logical-assignment-operators@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.28.5.tgz#d028fd6db8c081dee4abebc812c2325e24a85b0e" + integrity sha512-axUuqnUTBuXyHGcJEVVh9pORaN6wC5bYfE7FGzPiaWa3syib9m7g+/IT/4VgCOe2Upef43PHzeAvcrVek6QuuA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -727,15 +750,15 @@ "@babel/helper-module-transforms" "^7.27.1" "@babel/helper-plugin-utils" "^7.27.1" -"@babel/plugin-transform-modules-systemjs@^7.27.1": - version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.27.1.tgz#00e05b61863070d0f3292a00126c16c0e024c4ed" - integrity sha512-w5N1XzsRbc0PQStASMksmUeqECuzKuTJer7kFagK8AXgpCMkeDMO5S+aaFb7A51ZYDF7XI34qsTX+fkHiIm5yA== +"@babel/plugin-transform-modules-systemjs@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.28.5.tgz#7439e592a92d7670dfcb95d0cbc04bd3e64801d2" + integrity sha512-vn5Jma98LCOeBy/KpeQhXcV2WZgaRUtjwQmjoBuLNlOmkg0fB5pdvYVeWRYI69wWKwK2cD1QbMiUQnoujWvrew== dependencies: - "@babel/helper-module-transforms" "^7.27.1" + "@babel/helper-module-transforms" "^7.28.3" "@babel/helper-plugin-utils" "^7.27.1" - "@babel/helper-validator-identifier" "^7.27.1" - "@babel/traverse" "^7.27.1" + "@babel/helper-validator-identifier" "^7.28.5" + "@babel/traverse" "^7.28.5" "@babel/plugin-transform-modules-umd@^7.27.1": version "7.27.1" @@ -774,16 +797,16 @@ dependencies: "@babel/helper-plugin-utils" "^7.27.1" -"@babel/plugin-transform-object-rest-spread@^7.28.0": - version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.28.0.tgz#d23021857ffd7cd809f54d624299b8086402ed8d" - integrity sha512-9VNGikXxzu5eCiQjdE4IZn8sb9q7Xsk5EXLDBKUYg1e/Tve8/05+KJEtcxGxAgCY5t/BpKQM+JEL/yT4tvgiUA== +"@babel/plugin-transform-object-rest-spread@^7.28.4": + version "7.28.4" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.28.4.tgz#9ee1ceca80b3e6c4bac9247b2149e36958f7f98d" + integrity sha512-373KA2HQzKhQCYiRVIRr+3MjpCObqzDlyrM6u4I201wL8Mp2wHf7uB8GhDwis03k2ti8Zr65Zyyqs1xOxUF/Ew== dependencies: "@babel/helper-compilation-targets" "^7.27.2" "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-destructuring" "^7.28.0" "@babel/plugin-transform-parameters" "^7.27.7" - "@babel/traverse" "^7.28.0" + "@babel/traverse" "^7.28.4" "@babel/plugin-transform-object-super@^7.27.1": version "7.27.1" @@ -800,10 +823,10 @@ dependencies: "@babel/helper-plugin-utils" "^7.27.1" -"@babel/plugin-transform-optional-chaining@^7.27.1": - version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.27.1.tgz#874ce3c4f06b7780592e946026eb76a32830454f" - integrity sha512-BQmKPPIuc8EkZgNKsv0X4bPmOoayeu4F1YCwx2/CfmDSXDbp7GnzlUH+/ul5VGfRg1AoFPsrIThlEBj2xb4CAg== +"@babel/plugin-transform-optional-chaining@^7.27.1", "@babel/plugin-transform-optional-chaining@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.28.5.tgz#8238c785f9d5c1c515a90bf196efb50d075a4b26" + integrity sha512-N6fut9IZlPnjPwgiQkXNhb+cT8wQKFlJNqcZkWlcTqkcqx6/kU4ynGmLFoa4LViBSirn05YAwk+sQBbPfxtYzQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/helper-skip-transparent-expression-wrappers" "^7.27.1" @@ -872,10 +895,10 @@ "@babel/helper-annotate-as-pure" "^7.27.1" "@babel/helper-plugin-utils" "^7.27.1" -"@babel/plugin-transform-regenerator@^7.28.3": - version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.28.3.tgz#b8eee0f8aed37704bbcc932fd0b1a0a34d0b7344" - integrity sha512-K3/M/a4+ESb5LEldjQb+XSrpY0nF+ZBFlTCbSnKaYAMfD8v33O6PMs4uYnOk19HlcsI8WMu3McdFPTiQHF/1/A== +"@babel/plugin-transform-regenerator@^7.28.4": + version "7.28.4" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.28.4.tgz#9d3fa3bebb48ddd0091ce5729139cd99c67cea51" + integrity sha512-+ZEdQlBoRg9m2NnzvEeLgtvBMO4tkFBw5SQIUgLICgTrumLoU7lr+Oghi6km2PFj+dbUt2u1oby2w3BDO9YQnA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -961,16 +984,16 @@ "@babel/helper-create-regexp-features-plugin" "^7.27.1" "@babel/helper-plugin-utils" "^7.27.1" -"@babel/preset-env@^7.28.3": - version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.28.3.tgz#2b18d9aff9e69643789057ae4b942b1654f88187" - integrity sha512-ROiDcM+GbYVPYBOeCR6uBXKkQpBExLl8k9HO1ygXEyds39j+vCCsjmj7S8GOniZQlEs81QlkdJZe76IpLSiqpg== +"@babel/preset-env@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.28.5.tgz#82dd159d1563f219a1ce94324b3071eb89e280b0" + integrity sha512-S36mOoi1Sb6Fz98fBfE+UZSpYw5mJm0NUHtIKrOuNcqeFauy1J6dIvXm2KRVKobOSaGq4t/hBXdN4HGU3wL9Wg== dependencies: - "@babel/compat-data" "^7.28.0" + "@babel/compat-data" "^7.28.5" "@babel/helper-compilation-targets" "^7.27.2" "@babel/helper-plugin-utils" "^7.27.1" "@babel/helper-validator-option" "^7.27.1" - "@babel/plugin-bugfix-firefox-class-in-computed-class-key" "^7.27.1" + "@babel/plugin-bugfix-firefox-class-in-computed-class-key" "^7.28.5" "@babel/plugin-bugfix-safari-class-field-initializer-scope" "^7.27.1" "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression" "^7.27.1" "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining" "^7.27.1" @@ -983,42 +1006,42 @@ "@babel/plugin-transform-async-generator-functions" "^7.28.0" "@babel/plugin-transform-async-to-generator" "^7.27.1" "@babel/plugin-transform-block-scoped-functions" "^7.27.1" - "@babel/plugin-transform-block-scoping" "^7.28.0" + "@babel/plugin-transform-block-scoping" "^7.28.5" "@babel/plugin-transform-class-properties" "^7.27.1" "@babel/plugin-transform-class-static-block" "^7.28.3" - "@babel/plugin-transform-classes" "^7.28.3" + "@babel/plugin-transform-classes" "^7.28.4" "@babel/plugin-transform-computed-properties" "^7.27.1" - "@babel/plugin-transform-destructuring" "^7.28.0" + "@babel/plugin-transform-destructuring" "^7.28.5" "@babel/plugin-transform-dotall-regex" "^7.27.1" "@babel/plugin-transform-duplicate-keys" "^7.27.1" "@babel/plugin-transform-duplicate-named-capturing-groups-regex" "^7.27.1" "@babel/plugin-transform-dynamic-import" "^7.27.1" "@babel/plugin-transform-explicit-resource-management" "^7.28.0" - "@babel/plugin-transform-exponentiation-operator" "^7.27.1" + "@babel/plugin-transform-exponentiation-operator" "^7.28.5" "@babel/plugin-transform-export-namespace-from" "^7.27.1" "@babel/plugin-transform-for-of" "^7.27.1" "@babel/plugin-transform-function-name" "^7.27.1" "@babel/plugin-transform-json-strings" "^7.27.1" "@babel/plugin-transform-literals" "^7.27.1" - "@babel/plugin-transform-logical-assignment-operators" "^7.27.1" + "@babel/plugin-transform-logical-assignment-operators" "^7.28.5" "@babel/plugin-transform-member-expression-literals" "^7.27.1" "@babel/plugin-transform-modules-amd" "^7.27.1" "@babel/plugin-transform-modules-commonjs" "^7.27.1" - "@babel/plugin-transform-modules-systemjs" "^7.27.1" + "@babel/plugin-transform-modules-systemjs" "^7.28.5" "@babel/plugin-transform-modules-umd" "^7.27.1" "@babel/plugin-transform-named-capturing-groups-regex" "^7.27.1" "@babel/plugin-transform-new-target" "^7.27.1" "@babel/plugin-transform-nullish-coalescing-operator" "^7.27.1" "@babel/plugin-transform-numeric-separator" "^7.27.1" - "@babel/plugin-transform-object-rest-spread" "^7.28.0" + "@babel/plugin-transform-object-rest-spread" "^7.28.4" "@babel/plugin-transform-object-super" "^7.27.1" "@babel/plugin-transform-optional-catch-binding" "^7.27.1" - "@babel/plugin-transform-optional-chaining" "^7.27.1" + "@babel/plugin-transform-optional-chaining" "^7.28.5" "@babel/plugin-transform-parameters" "^7.27.7" "@babel/plugin-transform-private-methods" "^7.27.1" "@babel/plugin-transform-private-property-in-object" "^7.27.1" "@babel/plugin-transform-property-literals" "^7.27.1" - "@babel/plugin-transform-regenerator" "^7.28.3" + "@babel/plugin-transform-regenerator" "^7.28.4" "@babel/plugin-transform-regexp-modifiers" "^7.27.1" "@babel/plugin-transform-reserved-words" "^7.27.1" "@babel/plugin-transform-shorthand-properties" "^7.27.1" @@ -1085,6 +1108,19 @@ "@babel/types" "^7.28.4" debug "^4.3.1" +"@babel/traverse@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.28.5.tgz#450cab9135d21a7a2ca9d2d35aa05c20e68c360b" + integrity sha512-TCCj4t55U90khlYkVV/0TfkJkAkUg3jZFA3Neb7unZT8CPok7iiRfaX0F+WnqWqt7OxhOn0uBKXCw4lbL8W0aQ== + dependencies: + "@babel/code-frame" "^7.27.1" + "@babel/generator" "^7.28.5" + "@babel/helper-globals" "^7.28.0" + "@babel/parser" "^7.28.5" + "@babel/template" "^7.27.2" + "@babel/types" "^7.28.5" + debug "^4.3.1" + "@babel/types@^7.0.0", "@babel/types@^7.18.6", "@babel/types@^7.20.7", "@babel/types@^7.22.5", "@babel/types@^7.27.1", "@babel/types@^7.27.3", "@babel/types@^7.28.2", "@babel/types@^7.28.4", "@babel/types@^7.3.0", "@babel/types@^7.4.4": version "7.28.4" resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.28.4.tgz#0a4e618f4c60a7cd6c11cb2d48060e4dbe38ac3a" @@ -1093,6 +1129,14 @@ "@babel/helper-string-parser" "^7.27.1" "@babel/helper-validator-identifier" "^7.27.1" +"@babel/types@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.28.5.tgz#10fc405f60897c35f07e85493c932c7b5ca0592b" + integrity sha512-qQ5m48eI/MFLQ5PxQj4PFaprjyCTLI37ElWMmNs0K8Lk3dVeOdNpB3ks8jc7yM5CDmVC73eMVk/trk3fgmrUpA== + dependencies: + "@babel/helper-string-parser" "^7.27.1" + "@babel/helper-validator-identifier" "^7.28.5" + "@bcoe/v8-coverage@^0.2.3": version "0.2.3" resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" From 90fdac4ac43f43bd17084f0633b1010971a2102e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:49:08 -0400 Subject: [PATCH 009/123] build(deps): bump tj-actions/changed-files (#14662) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from d03a93c0dbfac6d6dd6a0d8a5e7daff992b07449 to dbf178ceecb9304128c8e0648591d71208c6e2c9. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/d03a93c0dbfac6d6dd6a0d8a5e7daff992b07449...dbf178ceecb9304128c8e0648591d71208c6e2c9) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: dbf178ceecb9304128c8e0648591d71208c6e2c9 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/go.yml | 2 +- .github/workflows/integration.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index c86373868fd5b..715a9182964c2 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -9,7 +9,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - uses: tj-actions/changed-files@d03a93c0dbfac6d6dd6a0d8a5e7daff992b07449 + - uses: tj-actions/changed-files@dbf178ceecb9304128c8e0648591d71208c6e2c9 id: changed with: files: | diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 6b5ea1532bf57..826a35388da91 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - id: tag run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" - - uses: tj-actions/changed-files@d03a93c0dbfac6d6dd6a0d8a5e7daff992b07449 + - uses: tj-actions/changed-files@dbf178ceecb9304128c8e0648591d71208c6e2c9 id: core with: files: | From 1d345829e35f7b2896b1a60c62d60b171cc1d09e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:49:36 -0400 Subject: [PATCH 010/123] build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#14663) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...330a01c490aca151604b8cf639adc76d48f6c5d4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/cli-build.yml | 2 +- .github/workflows/integration.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cli-build.yml b/.github/workflows/cli-build.yml index 11bf72cba35d1..5a3793ff1e63e 100644 --- a/.github/workflows/cli-build.yml +++ b/.github/workflows/cli-build.yml @@ -32,7 +32,7 @@ jobs: push: false load: false outputs: type=local,dest=. - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 id: upload with: name: cli-bin-${{ inputs.version }}-${{ inputs.target }} diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 826a35388da91..40986d701f234 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -101,7 +101,7 @@ jobs: run: | mkdir -p /home/runner/archives docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar' - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 with: name: image-archives-${{ matrix.component }} path: /home/runner/archives @@ -248,7 +248,7 @@ jobs: run: | mkdir -p /home/runner/archives docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar' - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 with: name: image-archives-${{ matrix.component }} path: /home/runner/archives From 08b807caa7d6449d1395d17a4b800b331f62eff3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:49:54 -0400 Subject: [PATCH 011/123] build(deps): bump actions/download-artifact (#14664) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/634f93cb2916e3fdff6788551b99b062d0335ce0...018cc2cf5baa6db3ef3c5f8a56943fffe632ef53) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/actions/cli-setup/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/cli-setup/action.yaml b/.github/actions/cli-setup/action.yaml index 0f040c63d9e3f..6085bf78f4309 100644 --- a/.github/actions/cli-setup/action.yaml +++ b/.github/actions/cli-setup/action.yaml @@ -13,7 +13,7 @@ inputs: runs: using: composite steps: - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: artifact-ids: ${{ inputs.artifact-id }} path: ${{ runner.temp }}/cli From 9c614c8dc1ab09f89701802b9d42e5ea35adf0b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:50:16 -0400 Subject: [PATCH 012/123] build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#14665) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/634f93cb2916e3fdff6788551b99b062d0335ce0...018cc2cf5baa6db3ef3c5f8a56943fffe632ef53) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/integration.yml | 10 +++++----- .github/workflows/release.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 40986d701f234..64c0693aa7215 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -123,7 +123,7 @@ jobs: - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: pattern: image-archives-* path: image-archives @@ -175,7 +175,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: olix0r/cargo-action-fmt/setup@9269f3aa1ff01775d95efc97037e2cbdb41d9684 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: pattern: image-archives-* path: image-archives @@ -278,7 +278,7 @@ jobs: go-version-file: go.mod - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 if: matrix.integration_test == 'helm-upgrade' - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: pattern: image-archives-* path: image-archives @@ -306,7 +306,7 @@ jobs: - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: pattern: image-archives-* path: image-archives @@ -345,7 +345,7 @@ jobs: - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: pattern: image-archives-* path: image-archives diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7574f607eb6fa..457ff4249b44f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -126,7 +126,7 @@ jobs: contents: write steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: artifact-ids: ${{ needs.cli.outputs.artifact-id }} path: cli From 19d46a152feab76cecd015ecf9067151019c2ed0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:54:18 -0400 Subject: [PATCH 013/123] build(deps-dev): bump @babel/preset-react in /web/app (#14660) Bumps [@babel/preset-react](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-react) from 7.27.1 to 7.28.5. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.5/packages/babel-preset-react) --- updated-dependencies: - dependency-name: "@babel/preset-react" dependency-version: 7.28.5 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index 35aed118b15cd..d2f253d24389b 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -45,7 +45,7 @@ "@babel/eslint-parser": "^7.28.5", "@babel/plugin-proposal-class-properties": "^7.17.12", "@babel/preset-env": "^7.28.5", - "@babel/preset-react": "^7.27.1", + "@babel/preset-react": "^7.28.5", "@babel/runtime": "^7.28.4", "@lingui/cli": "3.17.2", "babel-core": "^7.0.0-bridge.0", diff --git a/web/app/yarn.lock b/web/app/yarn.lock index f1f1f79215f7c..ad1fc1a98ebbd 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -862,10 +862,10 @@ dependencies: "@babel/helper-plugin-utils" "^7.27.1" -"@babel/plugin-transform-react-display-name@^7.27.1": - version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.27.1.tgz#43af31362d71f7848cfac0cbc212882b1a16e80f" - integrity sha512-p9+Vl3yuHPmkirRrg021XiP+EETmPMQTLr6Ayjj85RLNEbb3Eya/4VI0vAdzQG9SEAl2Lnt7fy5lZyMzjYoZQQ== +"@babel/plugin-transform-react-display-name@^7.28.0": + version "7.28.0" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.28.0.tgz#6f20a7295fea7df42eb42fed8f896813f5b934de" + integrity sha512-D6Eujc2zMxKjfa4Zxl4GHMsmhKKZ9VpcqIchJLvwTxad9zWIYulwYItBovpDOoNLISpcZSXoDJ5gaGbQUDqViA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -1069,14 +1069,14 @@ "@babel/types" "^7.4.4" esutils "^2.0.2" -"@babel/preset-react@^7.27.1": - version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.27.1.tgz#86ea0a5ca3984663f744be2fd26cb6747c3fd0ec" - integrity sha512-oJHWh2gLhU9dW9HHr42q0cI0/iHHXTLGe39qvpAZZzagHy0MzYLCnCVV0symeRvzmjHyVU7mw2K06E6u/JwbhA== +"@babel/preset-react@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.28.5.tgz#6fcc0400fa79698433d653092c3919bb4b0878d9" + integrity sha512-Z3J8vhRq7CeLjdC58jLv4lnZ5RKFUJWqH5emvxmv9Hv3BD1T9R/Im713R4MTKwvFaV74ejZ3sM01LyEKk4ugNQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/helper-validator-option" "^7.27.1" - "@babel/plugin-transform-react-display-name" "^7.27.1" + "@babel/plugin-transform-react-display-name" "^7.28.0" "@babel/plugin-transform-react-jsx" "^7.27.1" "@babel/plugin-transform-react-jsx-development" "^7.27.1" "@babel/plugin-transform-react-pure-annotations" "^7.27.1" From c8ed6500c092fbc65f4872961afbd0c2b271a322 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:55:01 -0400 Subject: [PATCH 014/123] build(deps-dev): bump @babel/core from 7.28.4 to 7.28.5 in /web/app (#14661) Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.28.4 to 7.28.5. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.5/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-version: 7.28.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 63 +++++++++----------------------------------- 2 files changed, 13 insertions(+), 52 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index d2f253d24389b..3ca8bd9f3b258 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -41,7 +41,7 @@ "whatwg-fetch": "3.6.20" }, "devDependencies": { - "@babel/core": "^7.28.4", + "@babel/core": "^7.28.5", "@babel/eslint-parser": "^7.28.5", "@babel/plugin-proposal-class-properties": "^7.17.12", "@babel/preset-env": "^7.28.5", diff --git a/web/app/yarn.lock b/web/app/yarn.lock index ad1fc1a98ebbd..2523771a611a6 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -32,20 +32,20 @@ resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.28.5.tgz#a8a4962e1567121ac0b3b487f52107443b455c7f" integrity sha512-6uFXyCayocRbqhZOB+6XcuZbkMNimwfVGFji8CTZnCzOHVGvDqzvitu1re2AU5LROliz7eQPhB8CpAMvnx9EjA== -"@babel/core@^7.12.3", "@babel/core@^7.23.9", "@babel/core@^7.27.4", "@babel/core@^7.28.4": - version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.28.4.tgz#12a550b8794452df4c8b084f95003bce1742d496" - integrity sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA== +"@babel/core@^7.12.3", "@babel/core@^7.23.9", "@babel/core@^7.27.4", "@babel/core@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.28.5.tgz#4c81b35e51e1b734f510c99b07dfbc7bbbb48f7e" + integrity sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw== dependencies: "@babel/code-frame" "^7.27.1" - "@babel/generator" "^7.28.3" + "@babel/generator" "^7.28.5" "@babel/helper-compilation-targets" "^7.27.2" "@babel/helper-module-transforms" "^7.28.3" "@babel/helpers" "^7.28.4" - "@babel/parser" "^7.28.4" + "@babel/parser" "^7.28.5" "@babel/template" "^7.27.2" - "@babel/traverse" "^7.28.4" - "@babel/types" "^7.28.4" + "@babel/traverse" "^7.28.5" + "@babel/types" "^7.28.5" "@jridgewell/remapping" "^2.3.5" convert-source-map "^2.0.0" debug "^4.1.0" @@ -69,18 +69,7 @@ dependencies: eslint-rule-composer "^0.3.0" -"@babel/generator@^7.20.14", "@babel/generator@^7.27.5", "@babel/generator@^7.28.3": - version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.28.3.tgz#9626c1741c650cbac39121694a0f2d7451b8ef3e" - integrity sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw== - dependencies: - "@babel/parser" "^7.28.3" - "@babel/types" "^7.28.2" - "@jridgewell/gen-mapping" "^0.3.12" - "@jridgewell/trace-mapping" "^0.3.28" - jsesc "^3.0.2" - -"@babel/generator@^7.28.5": +"@babel/generator@^7.20.14", "@babel/generator@^7.27.5", "@babel/generator@^7.28.5": version "7.28.5" resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.28.5.tgz#712722d5e50f44d07bc7ac9fe84438742dd61298" integrity sha512-3EwLFhZ38J4VyIP6WNtt2kUdW9dokXA9Cr4IVIFHuCpZ3H8/YFOl5JjZHisrn1fATPBmKKqXzDFvh9fUwHz6CQ== @@ -347,14 +336,7 @@ "@babel/template" "^7.27.2" "@babel/types" "^7.28.4" -"@babel/parser@^7.1.0", "@babel/parser@^7.14.7", "@babel/parser@^7.20.15", "@babel/parser@^7.20.7", "@babel/parser@^7.23.9", "@babel/parser@^7.27.2", "@babel/parser@^7.28.3", "@babel/parser@^7.28.4": - version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.28.4.tgz#da25d4643532890932cc03f7705fe19637e03fa8" - integrity sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg== - dependencies: - "@babel/types" "^7.28.4" - -"@babel/parser@^7.28.5": +"@babel/parser@^7.1.0", "@babel/parser@^7.14.7", "@babel/parser@^7.20.15", "@babel/parser@^7.20.7", "@babel/parser@^7.23.9", "@babel/parser@^7.27.2", "@babel/parser@^7.28.5": version "7.28.5" resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.28.5.tgz#0b0225ee90362f030efd644e8034c99468893b08" integrity sha512-KKBU1VGYR7ORr3At5HAtUQ+TV3SzRCXmA/8OdDZiLDBIZxVyzXuztPjfLd3BV1PRAQGCMWWSHYhL0F8d5uHBDQ== @@ -1095,20 +1077,7 @@ "@babel/parser" "^7.27.2" "@babel/types" "^7.27.1" -"@babel/traverse@^7.18.6", "@babel/traverse@^7.27.1", "@babel/traverse@^7.28.0", "@babel/traverse@^7.28.3", "@babel/traverse@^7.28.4": - version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.28.4.tgz#8d456101b96ab175d487249f60680221692b958b" - integrity sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ== - dependencies: - "@babel/code-frame" "^7.27.1" - "@babel/generator" "^7.28.3" - "@babel/helper-globals" "^7.28.0" - "@babel/parser" "^7.28.4" - "@babel/template" "^7.27.2" - "@babel/types" "^7.28.4" - debug "^4.3.1" - -"@babel/traverse@^7.28.5": +"@babel/traverse@^7.18.6", "@babel/traverse@^7.27.1", "@babel/traverse@^7.28.0", "@babel/traverse@^7.28.3", "@babel/traverse@^7.28.4", "@babel/traverse@^7.28.5": version "7.28.5" resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.28.5.tgz#450cab9135d21a7a2ca9d2d35aa05c20e68c360b" integrity sha512-TCCj4t55U90khlYkVV/0TfkJkAkUg3jZFA3Neb7unZT8CPok7iiRfaX0F+WnqWqt7OxhOn0uBKXCw4lbL8W0aQ== @@ -1121,15 +1090,7 @@ "@babel/types" "^7.28.5" debug "^4.3.1" -"@babel/types@^7.0.0", "@babel/types@^7.18.6", "@babel/types@^7.20.7", "@babel/types@^7.22.5", "@babel/types@^7.27.1", "@babel/types@^7.27.3", "@babel/types@^7.28.2", "@babel/types@^7.28.4", "@babel/types@^7.3.0", "@babel/types@^7.4.4": - version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.28.4.tgz#0a4e618f4c60a7cd6c11cb2d48060e4dbe38ac3a" - integrity sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q== - dependencies: - "@babel/helper-string-parser" "^7.27.1" - "@babel/helper-validator-identifier" "^7.27.1" - -"@babel/types@^7.28.5": +"@babel/types@^7.0.0", "@babel/types@^7.18.6", "@babel/types@^7.20.7", "@babel/types@^7.22.5", "@babel/types@^7.27.1", "@babel/types@^7.27.3", "@babel/types@^7.28.4", "@babel/types@^7.28.5", "@babel/types@^7.3.0", "@babel/types@^7.4.4": version "7.28.5" resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.28.5.tgz#10fc405f60897c35f07e85493c932c7b5ca0592b" integrity sha512-qQ5m48eI/MFLQ5PxQj4PFaprjyCTLI37ElWMmNs0K8Lk3dVeOdNpB3ks8jc7yM5CDmVC73eMVk/trk3fgmrUpA== From 71da4dbfd19423aa84a59e961ad62e97be552f09 Mon Sep 17 00:00:00 2001 From: Oliver Gould Date: Wed, 29 Oct 2025 15:38:35 -0500 Subject: [PATCH 015/123] fix(ci): avoid fetching helm at runtime (#14669) helm is already present in the github runner base image. Signed-off-by: Ivan Porta --- .github/workflows/integration.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 64c0693aa7215..c082dd7c8fe03 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -276,8 +276,6 @@ jobs: - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod - - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 - if: matrix.integration_test == 'helm-upgrade' - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: pattern: image-archives-* From 1b707d3923d6f0334d6a7d47439035c869c4d5ba Mon Sep 17 00:00:00 2001 From: l5d-bot <48604953+l5d-bot@users.noreply.github.com> Date: Wed, 29 Oct 2025 14:50:08 -0700 Subject: [PATCH 016/123] proxy: v2.326.0 (#14668) Release notes: https://github.com/linkerd/linkerd2-proxy/releases/tag/release/v2.326.0 Signed-off-by: l5d-bot Co-authored-by: l5d-bot Co-authored-by: Scott Fleener Signed-off-by: Ivan Porta --- .proxy-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.proxy-version b/.proxy-version index ec346c7733478..d17b181d6e76e 100644 --- a/.proxy-version +++ b/.proxy-version @@ -1 +1 @@ -v2.325.0 +v2.326.0 From 645033407958e24ab61528f2ce33e70482b64886 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 10:37:46 -0400 Subject: [PATCH 017/123] build(deps): bump rustls from 0.23.33 to 0.23.34 (#14673) Bumps [rustls](https://github.com/rustls/rustls) from 0.23.33 to 0.23.34. - [Release notes](https://github.com/rustls/rustls/releases) - [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustls/rustls/compare/v/0.23.33...v/0.23.34) --- updated-dependencies: - dependency-name: rustls dependency-version: 0.23.34 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 10 +++++----- policy-controller/Cargo.toml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a1dfc7ea8cb03..3d9c7f7bcabd5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -556,7 +556,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys 0.61.0", ] [[package]] @@ -1006,7 +1006,7 @@ dependencies = [ "hyper", "libc", "pin-project-lite", - "socket2 0.5.10", + "socket2 0.6.0", "tokio", "tower-service", "tracing", @@ -2057,14 +2057,14 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] name = "rustls" -version = "0.23.33" +version = "0.23.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "751e04a496ca00bb97a5e043158d23d66b5aabf2e1d5aa2a0aaebb1aafe6f82c" +checksum = "6a9586e9ee2b4f8fab52a0048ca7334d7024eef48e2cb9407e3497bb7cab7fa7" dependencies = [ "aws-lc-rs", "log", diff --git a/policy-controller/Cargo.toml b/policy-controller/Cargo.toml index 58da4fdb3198d..fccd2f9359882 100644 --- a/policy-controller/Cargo.toml +++ b/policy-controller/Cargo.toml @@ -8,7 +8,7 @@ publish = false [dependencies] anyhow = "1" tokio = { version = "1", features = ["macros", "rt", "rt-multi-thread"] } -rustls = { version = "0.23.33", default-features = false, features = ["aws-lc-rs"] } +rustls = { version = "0.23.34", default-features = false, features = ["aws-lc-rs"] } [dependencies.linkerd-policy-controller-runtime] workspace = true From b28d24644fcd2a840f5ac4fa1302f1fc51d30492 Mon Sep 17 00:00:00 2001 From: l5d-bot <48604953+l5d-bot@users.noreply.github.com> Date: Wed, 5 Nov 2025 06:58:52 -0800 Subject: [PATCH 018/123] proxy: v2.327.0 (#14685) Release notes: https://github.com/linkerd/linkerd2-proxy/releases/tag/release/v2.327.0 Signed-off-by: l5d-bot Co-authored-by: l5d-bot Signed-off-by: Ivan Porta --- .proxy-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.proxy-version b/.proxy-version index d17b181d6e76e..0b4f5cee3507d 100644 --- a/.proxy-version +++ b/.proxy-version @@ -1 +1 @@ -v2.326.0 +v2.327.0 From 40118328ef198a55159817a7048160d08ebb62a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Nov 2025 07:11:02 -0800 Subject: [PATCH 019/123] build(deps): bump openssl from 0.10.73 to 0.10.74 (#14675) Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.73 to 0.10.74. - [Release notes](https://github.com/rust-openssl/rust-openssl/releases) - [Commits](https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.73...openssl-v0.10.74) --- updated-dependencies: - dependency-name: openssl dependency-version: 0.10.74 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- policy-controller/runtime/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3d9c7f7bcabd5..deab440b2292a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1663,9 +1663,9 @@ checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" [[package]] name = "openssl" -version = "0.10.73" +version = "0.10.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8505734d46c8ab1e19a1dce3aef597ad87dcb4c37e7188231769bd6bd51cebf8" +checksum = "24ad14dd45412269e1a30f52ad8f0664f0f4f4a89ee8fe28c3b3527021ebb654" dependencies = [ "bitflags", "cfg-if", diff --git a/policy-controller/runtime/Cargo.toml b/policy-controller/runtime/Cargo.toml index cc86547fabb78..3acd9644a88f4 100644 --- a/policy-controller/runtime/Cargo.toml +++ b/policy-controller/runtime/Cargo.toml @@ -17,7 +17,7 @@ hyper = { workspace = true, features = ["http1", "http2", "server"] } hyper-util = { workspace = true } ipnet = { version = "2", default-features = false } k8s-openapi = { workspace = true } -openssl = { version = "0.10.73", optional = true } +openssl = { version = "0.10.74", optional = true } parking_lot = "0.12" prometheus-client = { workspace = true } regex = "1" From 986f6d54d23c719f21ce9c038eebb324d2fe7d9c Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Thu, 6 Nov 2025 12:45:51 -0500 Subject: [PATCH 020/123] fix(tracing): traces were not exposing workload metadata (#14684) The `linkerd-podinfo` volume wasn't being added to injected pods, thus forbidding traces to expose the pod's metadata. The cause was that the linkerd-control-plane `values.yaml` file declared the entry `proxy.tracing.enabled` whereas the templates were using `proxy.tracing.enable`. Signed-off-by: Ivan Porta --- .../templates/destination.yaml | 2 +- .../templates/identity.yaml | 2 +- .../templates/proxy-injector.yaml | 2 +- charts/partials/templates/_proxy.tpl | 2 +- charts/patch/templates/patch.json | 2 +- cli/cmd/testdata/install_tracing.golden | 33 +++++++++++++++++++ 6 files changed, 38 insertions(+), 5 deletions(-) diff --git a/charts/linkerd-control-plane/templates/destination.yaml b/charts/linkerd-control-plane/templates/destination.yaml index 8c2b30d4399c5..086fda4037f84 100644 --- a/charts/linkerd-control-plane/templates/destination.yaml +++ b/charts/linkerd-control-plane/templates/destination.yaml @@ -450,6 +450,6 @@ spec: - {{- include "partials.proxy.volumes.service-account-token" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{ if ((.Values.proxy.tracing).enable) -}} + {{ if ((.Values.proxy.tracing).enabled) -}} - {{- include "partials.proxy.volumes.podinfo" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end }} diff --git a/charts/linkerd-control-plane/templates/identity.yaml b/charts/linkerd-control-plane/templates/identity.yaml index 3428c86da4f72..34c2b83cb9ca6 100644 --- a/charts/linkerd-control-plane/templates/identity.yaml +++ b/charts/linkerd-control-plane/templates/identity.yaml @@ -276,7 +276,7 @@ spec: - {{- include "partials.proxy.volumes.service-account-token" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{- if ((.Values.proxy.tracing).enable) }} + {{- if ((.Values.proxy.tracing).enabled) }} - {{- include "partials.proxy.volumes.podinfo" . | indent 8 | trimPrefix (repeat 7 " ") }} {{- end }} {{end -}} diff --git a/charts/linkerd-control-plane/templates/proxy-injector.yaml b/charts/linkerd-control-plane/templates/proxy-injector.yaml index 78b8433234310..445c46ed38b20 100644 --- a/charts/linkerd-control-plane/templates/proxy-injector.yaml +++ b/charts/linkerd-control-plane/templates/proxy-injector.yaml @@ -187,7 +187,7 @@ spec: - {{- include "partials.proxy.volumes.service-account-token" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end -}} - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }} - {{if ((.Values.proxy.tracing).enable) -}} + {{if ((.Values.proxy.tracing).enabled) -}} - {{- include "partials.proxy.volumes.podinfo" . | indent 8 | trimPrefix (repeat 7 " ") }} {{ end }} --- diff --git a/charts/partials/templates/_proxy.tpl b/charts/partials/templates/_proxy.tpl index a975667f13bd9..698bb24379740 100644 --- a/charts/partials/templates/_proxy.tpl +++ b/charts/partials/templates/_proxy.tpl @@ -320,7 +320,7 @@ lifecycle: volumeMounts: - mountPath: /var/run/linkerd/identity/end-entity name: linkerd-identity-end-entity -{{- if .Values.proxy.tracing | default (dict) | dig "enable" false }} +{{- if .Values.proxy.tracing | default (dict) | dig "enabled" false }} - mountPath: /var/run/linkerd/podinfo name: linkerd-podinfo {{- end }} diff --git a/charts/patch/templates/patch.json b/charts/patch/templates/patch.json index 864cd6266ce32..9c568840b24a8 100644 --- a/charts/patch/templates/patch.json +++ b/charts/patch/templates/patch.json @@ -103,7 +103,7 @@ structs. } } }, - {{- if .Values.proxy.tracing | default (dict) | dig "enable" false }} + {{- if .Values.proxy.tracing | default (dict) | dig "enabled" false }} { "op": "add", "path": "{{$prefix}}/spec/volumes/-", diff --git a/cli/cmd/testdata/install_tracing.golden b/cli/cmd/testdata/install_tracing.golden index 751ca59d94fc0..660132faa2f5f 100644 --- a/cli/cmd/testdata/install_tracing.golden +++ b/cli/cmd/testdata/install_tracing.golden @@ -1203,6 +1203,8 @@ spec: volumeMounts: - mountPath: /var/run/linkerd/identity/end-entity name: linkerd-identity-end-entity + - mountPath: /var/run/linkerd/podinfo + name: linkerd-podinfo - mountPath: /var/run/secrets/tokens name: linkerd-identity-token initContainers: @@ -1284,6 +1286,15 @@ spec: - emptyDir: medium: Memory name: linkerd-identity-end-entity + - name: linkerd-podinfo + downwardAPI: + items: + - path: labels + fieldRef: + fieldPath: metadata.labels + - path: annotations + fieldRef: + fieldPath: metadata.annotations --- ### ### Destination Controller Service @@ -1615,6 +1626,8 @@ spec: volumeMounts: - mountPath: /var/run/linkerd/identity/end-entity name: linkerd-identity-end-entity + - mountPath: /var/run/linkerd/podinfo + name: linkerd-podinfo - mountPath: /var/run/secrets/tokens name: linkerd-identity-token - args: @@ -1840,6 +1853,15 @@ spec: - emptyDir: medium: Memory name: linkerd-identity-end-entity + - name: linkerd-podinfo + downwardAPI: + items: + - path: labels + fieldRef: + fieldPath: metadata.labels + - path: annotations + fieldRef: + fieldPath: metadata.annotations --- ### @@ -2161,6 +2183,8 @@ spec: volumeMounts: - mountPath: /var/run/linkerd/identity/end-entity name: linkerd-identity-end-entity + - mountPath: /var/run/linkerd/podinfo + name: linkerd-podinfo - mountPath: /var/run/secrets/tokens name: linkerd-identity-token - args: @@ -2290,6 +2314,15 @@ spec: - emptyDir: medium: Memory name: linkerd-identity-end-entity + - name: linkerd-podinfo + downwardAPI: + items: + - path: labels + fieldRef: + fieldPath: metadata.labels + - path: annotations + fieldRef: + fieldPath: metadata.annotations --- kind: Service From 11c4b5ee485c6a9d7406670d2ec5858935e10b75 Mon Sep 17 00:00:00 2001 From: Alex Leong Date: Thu, 6 Nov 2025 09:52:05 -0800 Subject: [PATCH 021/123] fix(destination): fix workload subscribers metric (#14683) The destination controller has a gauge metric called workload_subscribers which tracks the number of subscribers to an endpoint profile. However, since we have dropped all labels from this metric due to high cardinality, we are now re-using the same gauge for all ip:port publishers. This means that each time we set the gauge value, it overrides the previous value and only tracks the number of subscribers to the most recently subscribed ip:port combination. We move this logic up so that the workload_subscribers gauge instead tracks the total number of subscribers across all ip:port publishers. Signed-off-by: Ivan Porta --- .../destination/watcher/workload_watcher.go | 35 +++++++++++++------ 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/controller/api/destination/watcher/workload_watcher.go b/controller/api/destination/watcher/workload_watcher.go index 9d3b4b94483cf..e9660fcd5d153 100644 --- a/controller/api/destination/watcher/workload_watcher.go +++ b/controller/api/destination/watcher/workload_watcher.go @@ -6,6 +6,7 @@ import ( "net" "strings" "sync" + "sync/atomic" "time" ext "github.com/linkerd/linkerd2/controller/gen/apis/externalworkload/v1beta1" @@ -32,6 +33,8 @@ type ( k8sAPI *k8s.API metadataAPI *k8s.MetadataAPI publishers map[IPPort]*workloadPublisher + metrics metrics + subscriberCount atomic.Int32 log *logging.Entry enableEndpointSlices bool @@ -49,6 +52,7 @@ type ( addr Address listeners []WorkloadUpdateListener metrics metrics + subscriberCount *atomic.Int32 log *logging.Entry mu sync.RWMutex @@ -63,18 +67,26 @@ type ( var workloadVecs = newMetricsVecs("workload", []string{}) func NewWorkloadWatcher(k8sAPI *k8s.API, metadataAPI *k8s.MetadataAPI, log *logging.Entry, enableEndpointSlices bool, defaultOpaquePorts map[uint32]struct{}) (*WorkloadWatcher, error) { + // Omit high-cardinality IP:port labels. + metrics, err := workloadVecs.newMetrics(prometheus.Labels{}) + if err != nil { + return nil, err + } + ww := &WorkloadWatcher{ defaultOpaquePorts: defaultOpaquePorts, k8sAPI: k8sAPI, metadataAPI: metadataAPI, publishers: make(map[IPPort]*workloadPublisher), + metrics: metrics, + subscriberCount: atomic.Int32{}, log: log.WithFields(logging.Fields{ "component": "workload-watcher", }), enableEndpointSlices: enableEndpointSlices, } - _, err := k8sAPI.Pod().Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ + _, err = k8sAPI.Pod().Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: ww.addPod, DeleteFunc: ww.deletePod, UpdateFunc: ww.updatePod, @@ -125,6 +137,8 @@ func (ww *WorkloadWatcher) Subscribe(service *ServiceID, hostname, ip string, po return "", err } + ww.updateSubscriberCount() + return wp.addr.IP, nil } @@ -145,6 +159,12 @@ func (ww *WorkloadWatcher) Unsubscribe(ip string, port Port, listener WorkloadUp if len(wp.listeners) == 0 { delete(ww.publishers, IPPort{wp.addr.IP, wp.addr.Port}) } + + ww.updateSubscriberCount() +} + +func (ww *WorkloadWatcher) updateSubscriberCount() { + ww.metrics.setSubscribers(int(ww.subscriberCount.Load())) } // addPod is an event handler so it cannot block @@ -454,11 +474,6 @@ func (ww *WorkloadWatcher) getOrNewWorkloadPublisher(service *ServiceID, hostnam ipPort := IPPort{ip, port} wp, ok := ww.publishers[ipPort] if !ok { - // Omit high-cardinality IP:port labels. - metrics, err := workloadVecs.newMetrics(prometheus.Labels{}) - if err != nil { - return nil, err - } wp = &workloadPublisher{ defaultOpaquePorts: ww.defaultOpaquePorts, k8sAPI: ww.k8sAPI, @@ -467,7 +482,8 @@ func (ww *WorkloadWatcher) getOrNewWorkloadPublisher(service *ServiceID, hostnam IP: ip, Port: port, }, - metrics: metrics, + metrics: ww.metrics, + subscriberCount: &ww.subscriberCount, log: ww.log.WithFields(logging.Fields{ "component": "workload-publisher", "ip": ip, @@ -630,12 +646,12 @@ func (wp *workloadPublisher) subscribe(listener WorkloadUpdateListener) error { defer wp.mu.Unlock() wp.listeners = append(wp.listeners, listener) - wp.metrics.setSubscribers(len(wp.listeners)) if err := listener.Update(&wp.addr); err != nil { return fmt.Errorf("failed to send initial update: %w", err) } wp.metrics.incUpdates() + wp.subscriberCount.Add(1) return nil } @@ -649,11 +665,10 @@ func (wp *workloadPublisher) unsubscribe(listener WorkloadUpdateListener) { wp.listeners[i] = wp.listeners[n-1] wp.listeners[n-1] = nil wp.listeners = wp.listeners[:n-1] + wp.subscriberCount.Add(-1) break } } - - wp.metrics.setSubscribers(len(wp.listeners)) } // updatePod creates an Address instance for the given pod, that is passed to From 588ad9b7c06fb32a70ecc4c29e45e675af67d420 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:00:43 -0500 Subject: [PATCH 022/123] build(deps): bump github.com/prometheus/common from 0.67.1 to 0.67.2 (#14666) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.67.1 to 0.67.2. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/common/compare/v0.67.1...v0.67.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-version: 0.67.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 7e49585502481..7454d353baa5e 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/pkg/browser v0.0.0-20170505125900-c90ca0c84f15 github.com/prometheus/client_golang v1.23.2 github.com/prometheus/client_model v0.6.2 - github.com/prometheus/common v0.67.1 + github.com/prometheus/common v0.67.2 github.com/sergi/go-diff v1.4.0 github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 github.com/sirupsen/logrus v1.9.3 @@ -140,7 +140,7 @@ require ( go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/crypto v0.43.0 // indirect golang.org/x/mod v0.29.0 // indirect - golang.org/x/oauth2 v0.31.0 // indirect + golang.org/x/oauth2 v0.32.0 // indirect golang.org/x/sync v0.17.0 // indirect golang.org/x/sys v0.37.0 // indirect golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect diff --git a/go.sum b/go.sum index 2f4200a59564d..23accc43122b8 100644 --- a/go.sum +++ b/go.sum @@ -350,8 +350,8 @@ github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UH github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.67.1 h1:OTSON1P4DNxzTg4hmKCc37o4ZAZDv0cfXLkOt0oEowI= -github.com/prometheus/common v0.67.1/go.mod h1:RpmT9v35q2Y+lsieQsdOh5sXZ6ajUGC8NjZAmr8vb0Q= +github.com/prometheus/common v0.67.2 h1:PcBAckGFTIHt2+L3I33uNRTlKTplNzFctXcWhPyAEN8= +github.com/prometheus/common v0.67.2/go.mod h1:63W3KZb1JOKgcjlIr64WW/LvFGAqKPj0atm+knVGEko= github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= @@ -531,8 +531,8 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo= -golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= +golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From acc6a16d32df978a38ebad2b09fcb201ae0a904e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:01:03 -0500 Subject: [PATCH 023/123] build(deps): bump the clap group with 2 updates (#14670) Bumps the clap group with 2 updates: [clap](https://github.com/clap-rs/clap) and [clap_builder](https://github.com/clap-rs/clap). Updates `clap` from 4.5.50 to 4.5.51 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.50...clap_complete-v4.5.51) Updates `clap_builder` from 4.5.50 to 4.5.51 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v4.5.50...v4.5.51) --- updated-dependencies: - dependency-name: clap dependency-version: 4.5.51 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: clap - dependency-name: clap_builder dependency-version: 4.5.51 dependency-type: indirect update-type: version-update:semver-patch dependency-group: clap ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index deab440b2292a..4e32c1e0a9e42 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -291,9 +291,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.50" +version = "4.5.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c2cfd7bf8a6017ddaa4e32ffe7403d547790db06bd171c1c53926faab501623" +checksum = "4c26d721170e0295f191a69bd9a1f93efcdb0aff38684b61ab5750468972e5f5" dependencies = [ "clap_builder", "clap_derive", @@ -301,9 +301,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.50" +version = "4.5.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a4c05b9e80c5ccd3a7ef080ad7b6ba7d6fc00a985b8b157197075677c82c7a0" +checksum = "75835f0c7bf681bfd05abe44e965760fea999a5286c6eb2d59883634fd02011a" dependencies = [ "anstyle", "clap_lex", From b0807097a722e0270aef36571f6188b87a7333a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:01:32 -0500 Subject: [PATCH 024/123] build(deps): bump rustls-pki-types from 1.12.0 to 1.13.0 (#14671) Bumps [rustls-pki-types](https://github.com/rustls/pki-types) from 1.12.0 to 1.13.0. - [Release notes](https://github.com/rustls/pki-types/releases) - [Commits](https://github.com/rustls/pki-types/compare/v/1.12.0...v/1.13.0) --- updated-dependencies: - dependency-name: rustls-pki-types dependency-version: 1.13.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4e32c1e0a9e42..ab5d4c4028747 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2112,9 +2112,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.12.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "229a4a4c221013e7e1f1a043678c5cc39fe5171437c88fb47151a21e6f5b5c79" +checksum = "94182ad936a0c91c324cd46c6511b9510ed16af436d7b5bab34beab0afd55f7a" dependencies = [ "zeroize", ] From 3b0408ba151a17b788bc41693d1cd70d7f28cdd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:01:46 -0500 Subject: [PATCH 025/123] build(deps): bump home from 0.5.11 to 0.5.12 (#14672) Bumps [home](https://github.com/rust-lang/cargo) from 0.5.11 to 0.5.12. - [Changelog](https://github.com/rust-lang/cargo/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/cargo/compare/home-0.5.11...home-0.5.12) --- updated-dependencies: - dependency-name: home dependency-version: 0.5.12 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ab5d4c4028747..c2619e54367d9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -853,11 +853,11 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "home" -version = "0.5.11" +version = "0.5.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf" +checksum = "cc627f471c528ff0c4a49e1d5e60450c8f6461dd6d10ba9dcd3a61d3dff7728d" dependencies = [ - "windows-sys 0.59.0", + "windows-sys 0.61.0", ] [[package]] From 514bce9ccb5307adf68724b16509910eed155fa2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:02:00 -0500 Subject: [PATCH 026/123] build(deps): bump tj-actions/changed-files (#14686) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from dbf178ceecb9304128c8e0648591d71208c6e2c9 to 70069877f29101175ed2b055d210fe8b1d54d7d7. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/dbf178ceecb9304128c8e0648591d71208c6e2c9...70069877f29101175ed2b055d210fe8b1d54d7d7) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: 70069877f29101175ed2b055d210fe8b1d54d7d7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/go.yml | 2 +- .github/workflows/integration.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 715a9182964c2..f50906ce296b4 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -9,7 +9,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - uses: tj-actions/changed-files@dbf178ceecb9304128c8e0648591d71208c6e2c9 + - uses: tj-actions/changed-files@70069877f29101175ed2b055d210fe8b1d54d7d7 id: changed with: files: | diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index c082dd7c8fe03..43d4f2a32fd01 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - id: tag run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" - - uses: tj-actions/changed-files@dbf178ceecb9304128c8e0648591d71208c6e2c9 + - uses: tj-actions/changed-files@70069877f29101175ed2b055d210fe8b1d54d7d7 id: core with: files: | From ce00356680713130470b042dd2fe7e818ebe9867 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:02:13 -0500 Subject: [PATCH 027/123] build(deps): bump aho-corasick from 1.1.3 to 1.1.4 (#14687) Bumps [aho-corasick](https://github.com/BurntSushi/aho-corasick) from 1.1.3 to 1.1.4. - [Commits](https://github.com/BurntSushi/aho-corasick/compare/1.1.3...1.1.4) --- updated-dependencies: - dependency-name: aho-corasick dependency-version: 1.1.4 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c2619e54367d9..f515e688a3d04 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,9 +17,9 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "1.1.3" +version = "1.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" dependencies = [ "memchr", ] From fb477f02a21b1274934d0008243523594e78e94f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:05:19 -0500 Subject: [PATCH 028/123] build(deps): bump docker/setup-qemu-action (#14688) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/29109295f81e9208d7d86ff1c6c12d2833863392...c7c53464625b32c7a7e944ae62b3e17d2b600130) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/actions/docker-build/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/docker-build/action.yml b/.github/actions/docker-build/action.yml index 6525221f28a05..e8fc227fb57a1 100644 --- a/.github/actions/docker-build/action.yml +++ b/.github/actions/docker-build/action.yml @@ -26,7 +26,7 @@ runs: steps: # populate ACTIONS_CACHE_URL and ACTIONS_RUNTIME_TOKEN - uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 - - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 + - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - env: DOCKER_REGISTRY: ${{ inputs.docker-registry }} From 7cb3f0fc215466bf9c6df4a6285bf5786c0ddb7f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:05:35 -0500 Subject: [PATCH 029/123] build(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (#14691) Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.28 to 1.7.29. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](https://github.com/containerd/containerd/compare/v1.7.28...v1.7.29) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-version: 1.7.29 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7454d353baa5e..411254718fcf7 100644 --- a/go.mod +++ b/go.mod @@ -68,7 +68,7 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/clipperhouse/uax29/v2 v2.2.0 // indirect - github.com/containerd/containerd v1.7.28 // indirect + github.com/containerd/containerd v1.7.29 // indirect github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect diff --git a/go.sum b/go.sum index 23accc43122b8..e52dfe062126d 100644 --- a/go.sum +++ b/go.sum @@ -72,8 +72,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/clipperhouse/uax29/v2 v2.2.0 h1:ChwIKnQN3kcZteTXMgb1wztSgaU+ZemkgWdohwgs8tY= github.com/clipperhouse/uax29/v2 v2.2.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/containerd/containerd v1.7.28 h1:Nsgm1AtcmEh4AHAJ4gGlNSaKgXiNccU270Dnf81FQ3c= -github.com/containerd/containerd v1.7.28/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs= +github.com/containerd/containerd v1.7.29 h1:90fWABQsaN9mJhGkoVnuzEY+o1XDPbg9BTC9QTAHnuE= +github.com/containerd/containerd v1.7.29/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs= github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= From e2f4e298a1aa4fade55b427f98c04bcce926b2e6 Mon Sep 17 00:00:00 2001 From: l5d-bot <48604953+l5d-bot@users.noreply.github.com> Date: Thu, 6 Nov 2025 10:58:01 -0800 Subject: [PATCH 030/123] proxy: v2.328.0 (#14692) Release notes: https://github.com/linkerd/linkerd2-proxy/releases/tag/release/v2.328.0 Signed-off-by: l5d-bot Co-authored-by: l5d-bot Signed-off-by: Ivan Porta --- .proxy-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.proxy-version b/.proxy-version index 0b4f5cee3507d..ef66f3042abfa 100644 --- a/.proxy-version +++ b/.proxy-version @@ -1 +1 @@ -v2.327.0 +v2.328.0 From e259bdde9501aa9d4220c126549aa8503716d4d2 Mon Sep 17 00:00:00 2001 From: Oliver Gould Date: Thu, 6 Nov 2025 13:17:11 -0600 Subject: [PATCH 031/123] fix(destination): prevent task leak in federated service watchers (#14693) When unsubscribing a stream from a federated service, we: 1. For each cluster, send an update on the stream's channel to remove endpoints. 2. Call synchronizedGetStream.Stop() so that it stops processing updates. These steps can race and deadlock: if Stop() has been called before endoint updates are processed, the subsequent Send() calls block forever. This change improves test coverage to cover this case as well as that fixed in f4e67958d. Signed-off-by: Ivan Porta --- .../api/destination/syncronized_get_stream.go | 11 +- .../syncronized_get_stream_test.go | 108 ++++++++++++++++++ 2 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 controller/api/destination/syncronized_get_stream_test.go diff --git a/controller/api/destination/syncronized_get_stream.go b/controller/api/destination/syncronized_get_stream.go index 2deb14273b139..0d9c86da9c625 100644 --- a/controller/api/destination/syncronized_get_stream.go +++ b/controller/api/destination/syncronized_get_stream.go @@ -2,6 +2,7 @@ package destination import ( "context" + "errors" pb "github.com/linkerd/linkerd2-proxy-api/go/destination" logging "github.com/sirupsen/logrus" @@ -21,6 +22,8 @@ type synchronizedGetStream struct { log *logging.Entry } +var errStreamStopped = errors.New("synchronized stream stopped") + func newSyncronizedGetStream(stream pb.Destination_GetServer, log *logging.Entry) *synchronizedGetStream { return &synchronizedGetStream{ done: make(chan struct{}), @@ -50,8 +53,12 @@ func (s *synchronizedGetStream) RecvMsg(m any) error { } func (s *synchronizedGetStream) Send(update *pb.Update) error { - s.ch <- update - return nil + select { + case <-s.done: + return errStreamStopped + case s.ch <- update: + return nil + } } func (s *synchronizedGetStream) Start() { diff --git a/controller/api/destination/syncronized_get_stream_test.go b/controller/api/destination/syncronized_get_stream_test.go new file mode 100644 index 0000000000000..a792b8ce52389 --- /dev/null +++ b/controller/api/destination/syncronized_get_stream_test.go @@ -0,0 +1,108 @@ +package destination + +import ( + "errors" + "sync" + "testing" + "time" + + pb "github.com/linkerd/linkerd2-proxy-api/go/destination" + "github.com/linkerd/linkerd2/controller/api/util" + logging "github.com/sirupsen/logrus" +) + +type blockingDestinationGetServer struct { + util.MockServerStream + block chan struct{} + sendCalled chan struct{} + once sync.Once +} + +func newBlockingDestinationGetServer() *blockingDestinationGetServer { + return &blockingDestinationGetServer{ + block: make(chan struct{}), + sendCalled: make(chan struct{}), + } +} + +func (b *blockingDestinationGetServer) Send(update *pb.Update) error { + b.once.Do(func() { + close(b.sendCalled) + }) + <-b.block + return nil +} + +func (b *blockingDestinationGetServer) unblock() { + close(b.block) +} + +// TestSynchronizedGetStreamSendAfterStop ensures Send returns promptly once the +// stream has been stopped so goroutines don't leak waiting on an unconsumed +// channel send. +func TestSynchronizedGetStreamSendAfterStop(t *testing.T) { + mock := &mockDestinationGetServer{ + updatesReceived: make(chan *pb.Update, 1), + } + stream := newSyncronizedGetStream(mock, logging.WithField("test", t.Name())) + stream.Start() + stream.Stop() + + errCh := make(chan error, 1) + go func() { + errCh <- stream.Send(&pb.Update{}) + }() + + select { + case err := <-errCh: + if !errors.Is(err, errStreamStopped) { + t.Fatalf("expected errStreamStopped, got %v", err) + } + case <-time.After(time.Second): + t.Fatal("Send blocked after Stop") + } +} + +func TestSynchronizedGetStreamStopWhileInnerSendBlocked(t *testing.T) { + mock := newBlockingDestinationGetServer() + stream := newSyncronizedGetStream(mock, logging.WithField("test", t.Name())) + stream.Start() + + firstSend := make(chan error, 1) + go func() { + firstSend <- stream.Send(&pb.Update{}) + }() + + select { + case err := <-firstSend: + if err != nil { + t.Fatalf("unexpected error from initial Send: %v", err) + } + case <-time.After(time.Second): + t.Fatal("initial Send did not complete") + } + + select { + case <-mock.sendCalled: + case <-time.After(time.Second): + t.Fatal("inner Send was not invoked") + } + + stream.Stop() + + secondSend := make(chan error, 1) + go func() { + secondSend <- stream.Send(&pb.Update{}) + }() + + select { + case err := <-secondSend: + if !errors.Is(err, errStreamStopped) { + t.Fatalf("expected errStreamStopped, got %v", err) + } + case <-time.After(time.Second): + t.Fatal("second Send blocked after Stop") + } + + mock.unblock() +} From 3320547f756e485e4add6ab08643b37b926c95c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Nov 2025 10:10:19 -0500 Subject: [PATCH 032/123] build(deps): bump enum-ordinalize-derive from 4.3.1 to 4.3.2 (#14694) Bumps [enum-ordinalize-derive](https://github.com/magiclen/enum-ordinalize) from 4.3.1 to 4.3.2. - [Commits](https://github.com/magiclen/enum-ordinalize/compare/v4.3.1...v4.3.2) --- updated-dependencies: - dependency-name: enum-ordinalize-derive dependency-version: 4.3.2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f515e688a3d04..4a3c43e474a46 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -534,9 +534,9 @@ dependencies = [ [[package]] name = "enum-ordinalize-derive" -version = "4.3.1" +version = "4.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d28318a75d4aead5c4db25382e8ef717932d0346600cacae6357eb5941bc5ff" +checksum = "8ca9601fb2d62598ee17836250842873a413586e5d7ed88b356e38ddbb0ec631" dependencies = [ "proc-macro2", "quote", From 5471564d2e40eb8769f10d6325ed4a27ede247df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Nov 2025 10:10:40 -0500 Subject: [PATCH 033/123] build(deps): bump proc-macro2 from 1.0.101 to 1.0.103 (#14695) Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.101 to 1.0.103. - [Release notes](https://github.com/dtolnay/proc-macro2/releases) - [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.101...1.0.103) --- updated-dependencies: - dependency-name: proc-macro2 dependency-version: 1.0.103 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4a3c43e474a46..c8d377053524d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1861,9 +1861,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.101" +version = "1.0.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de" +checksum = "5ee95bc4ef87b8d5ba32e8b7714ccc834865276eab0aed5c9958d00ec45f49e8" dependencies = [ "unicode-ident", ] From c8a56f77564af46a0a9ca0a01443080a4f16c4f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Nov 2025 10:11:02 -0500 Subject: [PATCH 034/123] build(deps): bump enum-ordinalize from 4.3.0 to 4.3.2 (#14696) Bumps [enum-ordinalize](https://github.com/magiclen/enum-ordinalize) from 4.3.0 to 4.3.2. - [Commits](https://github.com/magiclen/enum-ordinalize/compare/v4.3.0...v4.3.2) --- updated-dependencies: - dependency-name: enum-ordinalize dependency-version: 4.3.2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c8d377053524d..da77d40566262 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -525,9 +525,9 @@ checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" [[package]] name = "enum-ordinalize" -version = "4.3.0" +version = "4.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fea0dcfa4e54eeb516fe454635a95753ddd39acda650ce703031c6973e315dd5" +checksum = "4a1091a7bb1f8f2c4b28f1fe2cef4980ca2d410a3d727d67ecc3178c9b0800f0" dependencies = [ "enum-ordinalize-derive", ] From 752d3d58679632043b8900d8121726cc2331f5e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Nov 2025 10:11:20 -0500 Subject: [PATCH 035/123] build(deps): bump rustls from 0.23.34 to 0.23.35 (#14697) Bumps [rustls](https://github.com/rustls/rustls) from 0.23.34 to 0.23.35. - [Release notes](https://github.com/rustls/rustls/releases) - [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustls/rustls/compare/v/0.23.34...v/0.23.35) --- updated-dependencies: - dependency-name: rustls dependency-version: 0.23.35 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- policy-controller/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index da77d40566262..6b64e2ec3c4fc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2062,9 +2062,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.34" +version = "0.23.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a9586e9ee2b4f8fab52a0048ca7334d7024eef48e2cb9407e3497bb7cab7fa7" +checksum = "533f54bc6a7d4f647e46ad909549eda97bf5afc1585190ef692b4286b198bd8f" dependencies = [ "aws-lc-rs", "log", diff --git a/policy-controller/Cargo.toml b/policy-controller/Cargo.toml index fccd2f9359882..07a5ec09e0e26 100644 --- a/policy-controller/Cargo.toml +++ b/policy-controller/Cargo.toml @@ -8,7 +8,7 @@ publish = false [dependencies] anyhow = "1" tokio = { version = "1", features = ["macros", "rt", "rt-multi-thread"] } -rustls = { version = "0.23.34", default-features = false, features = ["aws-lc-rs"] } +rustls = { version = "0.23.35", default-features = false, features = ["aws-lc-rs"] } [dependencies.linkerd-policy-controller-runtime] workspace = true From 8ab2a95bcf64950d116d61c81a88cedc2f4581b3 Mon Sep 17 00:00:00 2001 From: Scott Fleener Date: Fri, 7 Nov 2025 12:12:07 -0500 Subject: [PATCH 036/123] chore(deps): Upgrade `linkerd2-proxy-api` and `tonic` group (#14699) * chore(deps): Upgrade `linkerd2-proxy-api` and `tonic` group - linkerd2-proxy-api: v0.18.0 - tonic: v0.14 - prost: v0.14 Signed-off-by: Scott Fleener * chore(deny): Remove unnecessary cargo deny exemptions Signed-off-by: Scott Fleener --------- Signed-off-by: Scott Fleener Signed-off-by: Ivan Porta --- Cargo.lock | 50 ++++++++++++++++--------------- Cargo.toml | 4 +-- deny.toml | 10 +------ go.mod | 2 +- go.sum | 4 +-- policy-controller/grpc/Cargo.toml | 2 +- 6 files changed, 33 insertions(+), 39 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6b64e2ec3c4fc..2ae047de781ee 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1006,7 +1006,7 @@ dependencies = [ "hyper", "libc", "pin-project-lite", - "socket2 0.6.0", + "socket2", "tokio", "tower-service", "tracing", @@ -1544,9 +1544,9 @@ dependencies = [ [[package]] name = "linkerd2-proxy-api" -version = "0.17.0" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb83fdbbcea49285182d75aacc20ced8ebce60030be1d72d87b00f58f07d267d" +checksum = "ba9e3b341ca4992feaf43a4d2bdbfe2081aa3e2b9a503753544ce55242af6342" dependencies = [ "http", "ipnet", @@ -1554,6 +1554,7 @@ dependencies = [ "prost-types", "thiserror 2.0.17", "tonic", + "tonic-prost", ] [[package]] @@ -1915,9 +1916,9 @@ dependencies = [ [[package]] name = "prost" -version = "0.13.5" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2796faa41db3ec313a31f7624d9286acf277b52de526150b7e69f3debf891ee5" +checksum = "7231bd9b3d3d33c86b58adbac74b5ec0ad9f496b19d22801d773636feaa95f3d" dependencies = [ "bytes", "prost-derive", @@ -1925,9 +1926,9 @@ dependencies = [ [[package]] name = "prost-derive" -version = "0.13.5" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a56d757972c98b346a9b766e3f02746cde6dd1cd1d1d563472929fdd74bec4d" +checksum = "9120690fafc389a67ba3803df527d0ec9cbbc9cc45e4cc20b332996dfb672425" dependencies = [ "anyhow", "itertools 0.14.0", @@ -1938,9 +1939,9 @@ dependencies = [ [[package]] name = "prost-types" -version = "0.13.5" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52c2c1bf36ddb1a1c396b3601a3cec27c2462e45f07c386894ec3ccf5332bd16" +checksum = "b9b4db3d6da204ed77bb26ba83b6122a73aeb2e87e25fbf7ad2e84c4ccbf8f72" dependencies = [ "prost", ] @@ -2356,16 +2357,6 @@ version = "1.15.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" -[[package]] -name = "socket2" -version = "0.5.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e22376abed350d73dd1cd119b57ffccad95b4e585a7cda43e286245ce23c0678" -dependencies = [ - "libc", - "windows-sys 0.52.0", -] - [[package]] name = "socket2" version = "0.6.0" @@ -2466,7 +2457,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2 0.6.0", + "socket2", "tokio-macros", "windows-sys 0.61.0", ] @@ -2557,9 +2548,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.13.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e581ba15a835f4d9ea06c55ab1bd4dce26fc53752c69a04aac00703bfb49ba9" +checksum = "eb7613188ce9f7df5bfe185db26c5814347d110db17920415cf2fbcad85e7203" dependencies = [ "async-trait", "axum", @@ -2574,8 +2565,8 @@ dependencies = [ "hyper-util", "percent-encoding", "pin-project", - "prost", - "socket2 0.5.10", + "socket2", + "sync_wrapper", "tokio", "tokio-stream", "tower", @@ -2584,6 +2575,17 @@ dependencies = [ "tracing", ] +[[package]] +name = "tonic-prost" +version = "0.14.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66bd50ad6ce1252d87ef024b3d64fe4c3cf54a86fb9ef4c631fdd0ded7aeaa67" +dependencies = [ + "bytes", + "prost", + "tonic", +] + [[package]] name = "tower" version = "0.5.2" diff --git a/Cargo.toml b/Cargo.toml index 3f9af08fcc2c1..f54cee5f841ae 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,7 +22,7 @@ k8s-openapi = { version = "0.25", features = ["v1_33"] } kube = { version = "1.1", default-features = false } kubert = { version = "0.25", default-features = false } prometheus-client = { version = "0.23", default-features = false } -tonic = { version = "0.13", default-features = false } +tonic = { version = "0.14", default-features = false } tower = { version = "0.5", default-features = false } linkerd-policy-controller = { path = "./policy-controller" } @@ -47,5 +47,5 @@ path = "./policy-controller/runtime" default-features = false [workspace.dependencies.linkerd2-proxy-api] -version = "0.17.0" +version = "0.18.0" features = ["inbound", "outbound"] diff --git a/deny.toml b/deny.toml index 4eab317bfcf59..2aa88b2d71b9d 100644 --- a/deny.toml +++ b/deny.toml @@ -50,11 +50,7 @@ multiple-versions = "deny" # Wildcard dependencies are used for all workspace-local crates. wildcards = "allow" highlight = "all" -skip = [ - # https://github.com/hawkw/matchers/pull/4 - { name = "regex-automata", version = "0.1" }, - { name = "regex-syntax", version = "0.6" }, -] +skip = [] skip-tree = [ # `serde_json` and `h2` depend on diverged versions of `indexmap` (2.0.x and # 1.9.x, respectively) @@ -63,10 +59,6 @@ skip-tree = [ { name = "thiserror", version = "1" }, # getrandom v0.3 is still making its way through the ecosystem { name = "getrandom", version = "0.2" }, - # zerocopy v0.8 is still making its way through the ecosystem - { name = "zerocopy", version = "0.7" }, - # tonic 0.13 still uses socket2 0.5 - { name = "socket2", version = "0.5" }, ] [sources] diff --git a/go.mod b/go.mod index 411254718fcf7..f97c08d33c5d8 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/julienschmidt/httprouter v1.3.0 - github.com/linkerd/linkerd2-proxy-api v0.17.0 + github.com/linkerd/linkerd2-proxy-api v0.18.0 github.com/mattn/go-isatty v0.0.20 github.com/mattn/go-runewidth v0.0.19 github.com/nsf/termbox-go v1.1.1 diff --git a/go.sum b/go.sum index e52dfe062126d..0492809757434 100644 --- a/go.sum +++ b/go.sum @@ -284,8 +284,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/linkerd/linkerd2-proxy-api v0.17.0 h1:PuSBnDjRjlhIKb2+MfuH9u264gzLTNVDn+JuL09EuRc= -github.com/linkerd/linkerd2-proxy-api v0.17.0/go.mod h1:5Q1jpVNSuhStpBHjW3PGvBrRGWaGBCWCgbTac6/oeVs= +github.com/linkerd/linkerd2-proxy-api v0.18.0 h1:6hAI0DjDObjI716GqsR4VrddnEJkMY7+H3HwNM5Tzvo= +github.com/linkerd/linkerd2-proxy-api v0.18.0/go.mod h1:n7Sb/skuU8VDP/8TVZHeiAmB1QPFP4kygQkcsPzx3rI= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= diff --git a/policy-controller/grpc/Cargo.toml b/policy-controller/grpc/Cargo.toml index 2f5d7c9a81e7f..b41be840b4d6d 100644 --- a/policy-controller/grpc/Cargo.toml +++ b/policy-controller/grpc/Cargo.toml @@ -14,7 +14,7 @@ http = { workspace = true } hyper = { workspace = true, features = ["http2", "server"] } maplit = "1" prometheus-client = { workspace = true } -prost-types = "0.13" +prost-types = "0.14" serde = { version = "1", features = ["derive"] } serde_json = "1" tokio = { version = "1", features = ["macros", "time"] } From 7c12f9ab7151fc98b2794fd3abd99bc32c3c5a98 Mon Sep 17 00:00:00 2001 From: katelyn martin Date: Fri, 7 Nov 2025 12:30:09 -0500 Subject: [PATCH 037/123] fix(bin): restore `bin/docker-build` functionality (#14698) this branch makes changes to scripts in the `bin/` directory, to restore the end-to-end local development workflow described in `BUILD.md` here: https://github.com/linkerd/linkerd2/blob/main/BUILD.md#comprehensive now that we no longer include a `bin-cli` in our published artifacts, we can remove that image from the list of images that the `_docker.sh` helper script is aware of. this means we now refrain from (a) building the image when `bin/docker-build` is run, and (b) loading the image when `bin/image-load` is run. some related comments are updated in this branch, while we are here. --- * refactor: remove `cli-bin` from `_docker.sh` images this helper script wrapping docker is used by various scripts in the development workflow. in https://github.com/linkerd/linkerd2/pull/14360, we removed the `cli-bin` image from our published artifacts. Signed-off-by: katelyn martin * nit(bin): update `build-cli-bin` comment this commit removes mention of docker from this comment. there is no longer an equivalent `docker-build-cli-bin` script, so this is the way that we build the cli binary. Signed-off-by: katelyn martin * fix(bin): remove cli from `bin/docker-build` this commit removes mention of the cli from our `bin/docker-build` script. in https://github.com/linkerd/linkerd2/pull/14360, we removed the cli image from our published artifacts. moreover, invoking `bin/linkerd` will call `bin/build-cli-bin`. so, this commit removes both calls, to the now deleted `bin/docker-build-cli-bin` script, as well as the `bin/build-cli-bin` script. this lets the `bin/docker-build` script focus solely on docker images. Signed-off-by: katelyn martin * docs(cli): a comment about cli image `ENTRYPOINT` this image is used within CI, and broadly as a "layer" to place the cli binaries in a final image. the cli image itself however, is not currently intended for use directly via `docker build`, and will consequently yield an error response if built directly. this commit adds a comment providing some information about this. see https://github.com/linkerd/linkerd2/pull/14360 for more. Signed-off-by: katelyn martin --------- Signed-off-by: katelyn martin Signed-off-by: Ivan Porta --- bin/_docker.sh | 1 - bin/build-cli-bin | 4 ++-- bin/docker-build | 5 ----- cli/Dockerfile | 7 +++++++ 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/bin/_docker.sh b/bin/_docker.sh index e864600180b81..d39991398e615 100644 --- a/bin/_docker.sh +++ b/bin/_docker.sh @@ -31,7 +31,6 @@ export SUPPORTED_ARCHS=${SUPPORTED_ARCHS:-linux/amd64,linux/arm64} # Splitting of DOCKER_IMAGES variable is desired. # shellcheck disable=SC2206 export DOCKER_IMAGES=(${DOCKER_IMAGES:- - cli-bin controller metrics-api debug diff --git a/bin/build-cli-bin b/bin/build-cli-bin index 44d9500ad3637..5f20707583650 100755 --- a/bin/build-cli-bin +++ b/bin/build-cli-bin @@ -2,9 +2,9 @@ set -eu -# Builds CLI binary for current platform only and outside docker to speed up things. Suitable for local development. +# Builds CLI binary for current platform. Suitable for local development. # Note: This script is used by Brew when running `brew install linkerd`: -# https://github.com/Homebrew/homebrew-core/pull/36957 +# https://github.com/Homebrew/homebrew-core/blob/main/Formula/l/linkerd.rb bindir=$( cd "${0%/*}" && pwd ) rootdir=$( cd "$bindir"/.. && pwd ) diff --git a/bin/docker-build b/bin/docker-build index a9b80a76e50ab..bc0f63123ec33 100755 --- a/bin/docker-build +++ b/bin/docker-build @@ -13,10 +13,5 @@ bindir=$( cd "${0%/*}" && pwd ) "$bindir"/docker-build-controller "$bindir"/docker-build-web "$bindir"/docker-build-debug -if [ -z "${LINKERD_LOCAL_BUILD_CLI:-}" ]; then - "$bindir"/docker-build-cli-bin -else - "$bindir"/build-cli-bin -fi "$bindir"/docker-build-metrics-api "$bindir"/docker-build-tap diff --git a/cli/Dockerfile b/cli/Dockerfile index eddb2841e66d7..bb22cec8d725a 100644 --- a/cli/Dockerfile +++ b/cli/Dockerfile @@ -60,3 +60,10 @@ COPY --from=build-linux-arm64 /out/* / COPY --from=build-darwin /out/* / COPY --from=build-darwin-arm64 /out/* / COPY --from=build-windows /out/* / + +# NB: This image does not contain an `ENTRYPOINT` directive. The filesystem +# of this image is used as a layer in other images in CI, and the CLI is +# typically used by operators outside of a cluster. +# +# Running `docker build` for this image will likely fail with an error like: +# "Error response from daemon: No command specified." From ab30c79cc052b41b9653a106297a2fd37bb0ceb2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Nov 2025 11:45:57 -0500 Subject: [PATCH 038/123] build(deps): bump helm.sh/helm/v3 from 3.19.0 to 3.19.1 (#14706) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.19.0 to 3.19.1. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.19.0...v3.19.1) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.19.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index f97c08d33c5d8..df58532b24781 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 google.golang.org/protobuf v1.36.10 gopkg.in/yaml.v2 v2.4.0 - helm.sh/helm/v3 v3.19.0 + helm.sh/helm/v3 v3.19.1 k8s.io/api v0.34.1 k8s.io/apiextensions-apiserver v0.34.1 k8s.io/apimachinery v0.34.1 @@ -73,7 +73,7 @@ require ( github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect - github.com/cyphar/filepath-securejoin v0.4.1 // indirect + github.com/cyphar/filepath-securejoin v0.6.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.2 // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect diff --git a/go.sum b/go.sum index 0492809757434..295afbc574d9f 100644 --- a/go.sum +++ b/go.sum @@ -86,8 +86,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= -github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.6.0 h1:BtGB77njd6SVO6VztOHfPxKitJvd/VPT+OFBFMOi1Is= +github.com/cyphar/filepath-securejoin v0.6.0/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -719,8 +719,8 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -helm.sh/helm/v3 v3.19.0 h1:krVyCGa8fa/wzTZgqw0DUiXuRT5BPdeqE/sQXujQ22k= -helm.sh/helm/v3 v3.19.0/go.mod h1:Lk/SfzN0w3a3C3o+TdAKrLwJ0wcZ//t1/SDXAvfgDdc= +helm.sh/helm/v3 v3.19.1 h1:QVMzHbanyurO8oynx0drDOfG02XxSvrHqaFrf9yrMf0= +helm.sh/helm/v3 v3.19.1/go.mod h1:gX10tB5ErM+8fr7bglUUS/UfTOO8UUTYWIBH1IYNnpE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From 7a9d618693c35e8c3438618c4e0970bc011cf667 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Nov 2025 12:46:01 -0500 Subject: [PATCH 039/123] build(deps): bump github.com/go-openapi/spec from 0.22.0 to 0.22.1 (#14700) Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.22.0 to 0.22.1. - [Commits](https://github.com/go-openapi/spec/compare/v0.22.0...v0.22.1) --- updated-dependencies: - dependency-name: github.com/go-openapi/spec dependency-version: 0.22.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 4 ++-- go.sum | 14 ++++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index df58532b24781..52d2fde90985a 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/evanphx/json-patch v5.9.11+incompatible github.com/fatih/color v1.18.0 github.com/fsnotify/fsnotify v1.9.0 - github.com/go-openapi/spec v0.22.0 + github.com/go-openapi/spec v0.22.1 github.com/go-test/deep v1.1.1 github.com/golang/protobuf v1.5.4 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 @@ -81,7 +81,7 @@ require ( github.com/go-errors/errors v1.4.2 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-openapi/jsonpointer v0.22.1 // indirect - github.com/go-openapi/jsonreference v0.21.2 // indirect + github.com/go-openapi/jsonreference v0.21.3 // indirect github.com/go-openapi/swag v0.23.0 // indirect github.com/go-openapi/swag/conv v0.25.1 // indirect github.com/go-openapi/swag/jsonname v0.25.1 // indirect diff --git a/go.sum b/go.sum index 295afbc574d9f..77cd5e4d1523c 100644 --- a/go.sum +++ b/go.sum @@ -142,10 +142,10 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk= github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM= -github.com/go-openapi/jsonreference v0.21.2 h1:Wxjda4M/BBQllegefXrY/9aq1fxBA8sI5M/lFU6tSWU= -github.com/go-openapi/jsonreference v0.21.2/go.mod h1:pp3PEjIsJ9CZDGCNOyXIQxsNuroxm8FAJ/+quA0yKzQ= -github.com/go-openapi/spec v0.22.0 h1:xT/EsX4frL3U09QviRIZXvkh80yibxQmtoEvyqug0Tw= -github.com/go-openapi/spec v0.22.0/go.mod h1:K0FhKxkez8YNS94XzF8YKEMULbFrRw4m15i2YUht4L0= +github.com/go-openapi/jsonreference v0.21.3 h1:96Dn+MRPa0nYAR8DR1E03SblB5FJvh7W6krPI0Z7qMc= +github.com/go-openapi/jsonreference v0.21.3/go.mod h1:RqkUP0MrLf37HqxZxrIAtTWW4ZJIK1VzduhXYBEeGc4= +github.com/go-openapi/spec v0.22.1 h1:beZMa5AVQzRspNjvhe5aG1/XyBSMeX1eEOs7dMoXh/k= +github.com/go-openapi/spec v0.22.1/go.mod h1:c7aeIQT175dVowfp7FeCvXXnjN/MrpaONStibD2WtDA= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-openapi/swag/conv v0.25.1 h1:+9o8YUg6QuqqBM5X6rYL/p1dpWeZRhoIt9x7CCP+he0= @@ -164,6 +164,8 @@ github.com/go-openapi/swag/typeutils v0.25.1 h1:rD/9HsEQieewNt6/k+JBwkxuAHktFtH3 github.com/go-openapi/swag/typeutils v0.25.1/go.mod h1:9McMC/oCdS4BKwk2shEB7x17P6HmMmA6dQRtAkSnNb8= github.com/go-openapi/swag/yamlutils v0.25.1 h1:mry5ez8joJwzvMbaTGLhw8pXUnhDK91oSJLDPF1bmGk= github.com/go-openapi/swag/yamlutils v0.25.1/go.mod h1:cm9ywbzncy3y6uPm/97ysW8+wZ09qsks+9RS8fLWKqg= +github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= +github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= @@ -362,8 +364,8 @@ github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0 github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= From e513f41b232c75e9d0cfe9ebee60ef9e2bb03cc6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Nov 2025 12:46:57 -0500 Subject: [PATCH 040/123] build(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2 (#14705) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.4.1 to 2.4.2. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/6da8fa9354ddfdc4aeace5fc48d7f679b5214090...5be0e66d93ac7ed76da52eca8bb058f665c3a5fe) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 457ff4249b44f..f4688eb226f2e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -132,7 +132,7 @@ jobs: path: cli - name: Create release id: create_release - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 + uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe with: name: "${{ needs.tag.outputs.tag }}" generate_release_notes: true From dc205469944869a9cdaf52fd531cfed2de7b158b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Nov 2025 12:47:16 -0500 Subject: [PATCH 041/123] build(deps): bump quote from 1.0.41 to 1.0.42 (#14703) Bumps [quote](https://github.com/dtolnay/quote) from 1.0.41 to 1.0.42. - [Release notes](https://github.com/dtolnay/quote/releases) - [Commits](https://github.com/dtolnay/quote/compare/1.0.41...1.0.42) --- updated-dependencies: - dependency-name: quote dependency-version: 1.0.42 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2ae047de781ee..ed33385943ded 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1948,9 +1948,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.41" +version = "1.0.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1" +checksum = "a338cc41d27e6cc6dce6cefc13a0729dfbb81c262b1f519331575dd80ef3067f" dependencies = [ "proc-macro2", ] From 6dd3ce17a2397725c6bad3a2ae06ba3e0a40d76f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Nov 2025 12:47:38 -0500 Subject: [PATCH 042/123] build(deps): bump openssl from 0.10.74 to 0.10.75 (#14702) Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.74 to 0.10.75. - [Release notes](https://github.com/rust-openssl/rust-openssl/releases) - [Commits](https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.74...openssl-v0.10.75) --- updated-dependencies: - dependency-name: openssl dependency-version: 0.10.75 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 8 ++++---- policy-controller/runtime/Cargo.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ed33385943ded..0aa81ff1b1c2c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1664,9 +1664,9 @@ checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" [[package]] name = "openssl" -version = "0.10.74" +version = "0.10.75" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24ad14dd45412269e1a30f52ad8f0664f0f4f4a89ee8fe28c3b3527021ebb654" +checksum = "08838db121398ad17ab8531ce9de97b244589089e290a384c900cb9ff7434328" dependencies = [ "bitflags", "cfg-if", @@ -1696,9 +1696,9 @@ checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e" [[package]] name = "openssl-sys" -version = "0.9.110" +version = "0.9.111" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a9f0075ba3c21b09f8e8b2026584b1d18d49388648f2fbbf3c97ea8deced8e2" +checksum = "82cab2d520aa75e3c58898289429321eb788c3106963d0dc886ec7a5f4adc321" dependencies = [ "cc", "libc", diff --git a/policy-controller/runtime/Cargo.toml b/policy-controller/runtime/Cargo.toml index 3acd9644a88f4..3c5c8f4ed4b0b 100644 --- a/policy-controller/runtime/Cargo.toml +++ b/policy-controller/runtime/Cargo.toml @@ -17,7 +17,7 @@ hyper = { workspace = true, features = ["http1", "http2", "server"] } hyper-util = { workspace = true } ipnet = { version = "2", default-features = false } k8s-openapi = { workspace = true } -openssl = { version = "0.10.74", optional = true } +openssl = { version = "0.10.75", optional = true } parking_lot = "0.12" prometheus-client = { workspace = true } regex = "1" From c0adffeead637e174df15d44a01aac95eab409f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Nov 2025 12:47:58 -0500 Subject: [PATCH 043/123] build(deps): bump syn from 2.0.106 to 2.0.110 (#14701) Bumps [syn](https://github.com/dtolnay/syn) from 2.0.106 to 2.0.110. - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](https://github.com/dtolnay/syn/compare/2.0.106...2.0.110) --- updated-dependencies: - dependency-name: syn dependency-version: 2.0.110 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0aa81ff1b1c2c..bed1fcc986240 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2381,9 +2381,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.106" +version = "2.0.110" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6" +checksum = "a99801b5bd34ede4cf3fc688c5919368fea4e4814a4664359503e6015b280aea" dependencies = [ "proc-macro2", "quote", From e9505f1ccc97567affe6f2694d5979eb383a0701 Mon Sep 17 00:00:00 2001 From: l5d-bot <48604953+l5d-bot@users.noreply.github.com> Date: Wed, 12 Nov 2025 07:05:59 -0800 Subject: [PATCH 044/123] proxy: v2.329.0 (#14712) Release notes: https://github.com/linkerd/linkerd2-proxy/releases/tag/release/v2.329.0 Signed-off-by: l5d-bot Co-authored-by: l5d-bot Signed-off-by: Ivan Porta --- .proxy-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.proxy-version b/.proxy-version index ef66f3042abfa..11611220714c2 100644 --- a/.proxy-version +++ b/.proxy-version @@ -1 +1 @@ -v2.328.0 +v2.329.0 From 3914e2f410eede4477d854fc12f55be289f6432a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 10:11:54 -0500 Subject: [PATCH 045/123] build(deps): bump tokio-util from 0.7.16 to 0.7.17 (#14711) Bumps [tokio-util](https://github.com/tokio-rs/tokio) from 0.7.16 to 0.7.17. - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/compare/tokio-util-0.7.16...tokio-util-0.7.17) --- updated-dependencies: - dependency-name: tokio-util dependency-version: 0.7.17 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bed1fcc986240..6bc492d99841b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -556,7 +556,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.0", + "windows-sys 0.52.0", ] [[package]] @@ -2058,7 +2058,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] @@ -2534,9 +2534,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.16" +version = "0.7.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14307c986784f72ef81c89db7d9e28d6ac26d16213b109ea501696195e6e3ce5" +checksum = "2efa149fe76073d6e8fd97ef4f4eca7b67f599660115591483572e406e165594" dependencies = [ "bytes", "futures-core", From 0b80e7deefdc979bb7a6cc727eb268817834653c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 17:30:36 -0500 Subject: [PATCH 046/123] build(deps): bump aws-lc-sys from 0.32.2 to 0.32.3 (#14710) Bumps [aws-lc-sys](https://github.com/aws/aws-lc-rs) from 0.32.2 to 0.32.3. - [Release notes](https://github.com/aws/aws-lc-rs/releases) - [Commits](https://github.com/aws/aws-lc-rs/compare/aws-lc-sys/v0.32.2...aws-lc-sys/v0.32.3) --- updated-dependencies: - dependency-name: aws-lc-sys dependency-version: 0.32.3 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6bc492d99841b..914245e9d3254 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -120,16 +120,15 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.32.2" +version = "0.32.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2b715a6010afb9e457ca2b7c9d2b9c344baa8baed7b38dc476034c171b32575" +checksum = "107a4e9d9cab9963e04e84bb8dee0e25f2a987f9a8bad5ed054abd439caa8f8c" dependencies = [ "bindgen", "cc", "cmake", "dunce", "fs_extra", - "libloading", ] [[package]] From 733b2e68229cb338e0680c4d02ebd53164cfdd3c Mon Sep 17 00:00:00 2001 From: beza Date: Thu, 13 Nov 2025 12:37:17 -0300 Subject: [PATCH 047/123] Fix broken documentation URLs in CLI commands (#14651) ## Problem Several CLI commands contain documentation URLs that return 404 errors because they reference non-existent README.md files in chart directories. This creates a poor user experience when developers try to access configuration documentation through CLI help commands. The affected commands are: - linkerd upgrade: references charts/linkerd2/README.md - linkerd multicluster install: references linkerd-multicluster/README.md - linkerd multicluster link: references linkerd-multicluster-link/README.md - Chart documentation template also references broken README links ## Solution Updated all affected CLI help text and chart documentation to point directly to the corresponding values.yaml files, which contain the actual configurable values that users need. Changes made: - Fixed URL in cli/cmd/upgrade.go from charts/linkerd2/README.md to charts/linkerd-control-plane/values.yaml - Fixed URL in multicluster/cmd/install.go from linkerd-multicluster/README.md to linkerd-multicluster/values.yaml - Fixed URL in multicluster/cmd/link.go from linkerd-multicluster-link/README.md to linkerd-multicluster-link/values.yaml - Updated chart template in charts/linkerd-control-plane/README.md.gotmpl to reference values.yaml files Validation Manually tested the following commands to verify help text shows correct URLs: - linkerd upgrade --help - linkerd multicluster install --help - linkerd multicluster link --help Verified that all updated URLs now point to existing files containing configuration documentation. Fix: #14652 Signed-off-by: Beza Signed-off-by: Ivan Porta --- charts/linkerd-control-plane/README.md.gotmpl | 4 ++-- cli/cmd/upgrade.go | 2 +- multicluster/cmd/install.go | 2 +- multicluster/cmd/link.go | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/linkerd-control-plane/README.md.gotmpl b/charts/linkerd-control-plane/README.md.gotmpl index f33099bb22fa5..0a30132064fcc 100644 --- a/charts/linkerd-control-plane/README.md.gotmpl +++ b/charts/linkerd-control-plane/README.md.gotmpl @@ -120,9 +120,9 @@ extensions. Check the corresponding docs for each one of the following extensions: * Observability: - [Linkerd-viz](https://github.com/linkerd/linkerd2/blob/main/viz/charts/linkerd-viz/README.md) + [Linkerd-viz](https://github.com/linkerd/linkerd2/blob/main/viz/charts/linkerd-viz/values.yaml) * Multicluster: - [Linkerd-multicluster](https://github.com/linkerd/linkerd2/blob/main/multicluster/charts/linkerd-multicluster/README.md) + [Linkerd-multicluster](https://github.com/linkerd/linkerd2/blob/main/multicluster/charts/linkerd-multicluster/values.yaml) {{ template "chart.requirementsSection" . }} diff --git a/cli/cmd/upgrade.go b/cli/cmd/upgrade.go index 22e11e8e38cdc..b33de10180e70 100644 --- a/cli/cmd/upgrade.go +++ b/cli/cmd/upgrade.go @@ -77,7 +77,7 @@ plane. The default values displayed in the Flags section below only apply to the install command. The upgrade can be configured by using the --set, --values, --set-string and --set-file flags. -A full list of configurable values can be found at https://www.github.com/linkerd/linkerd2/tree/main/charts/linkerd2/README.md +A full list of configurable values can be found at https://www.github.com/linkerd/linkerd2/tree/main/charts/linkerd-control-plane/values.yaml `, Example: ` # Upgrade CRDs first diff --git a/multicluster/cmd/install.go b/multicluster/cmd/install.go index a90b0dc96a0a1..6eac0995547a6 100644 --- a/multicluster/cmd/install.go +++ b/multicluster/cmd/install.go @@ -75,7 +75,7 @@ func newMulticlusterInstallCommand() *cobra.Command { linkerd multicluster install | kubectl apply -f - The installation can be configured by using the --set, --values, --set-string and --set-file flags. -A full list of configurable values can be found at https://github.com/linkerd/linkerd2/blob/main/multicluster/charts/linkerd-multicluster/README.md +A full list of configurable values can be found at https://github.com/linkerd/linkerd2/blob/main/multicluster/charts/linkerd-multicluster/values.yaml `, RunE: func(cmd *cobra.Command, _ []string) error { if !ignoreCluster { diff --git a/multicluster/cmd/link.go b/multicluster/cmd/link.go index d2147650410e3..040b4118c7586 100644 --- a/multicluster/cmd/link.go +++ b/multicluster/cmd/link.go @@ -88,7 +88,7 @@ each cluster and applied to the other.`, linkerd --context=east multicluster link --cluster-name east | kubectl --context=west apply -f - The command can be configured by using the --set, --values, --set-string and --set-file flags. -A full list of configurable values can be found at https://github.com/linkerd/linkerd2/blob/main/multicluster/charts/linkerd-multicluster-link/README.md +A full list of configurable values can be found at https://github.com/linkerd/linkerd2/blob/main/multicluster/charts/linkerd-multicluster-link/values.yaml `, RunE: func(cmd *cobra.Command, args []string) error { From 95bd4096f2287efb2cc6f8dd61c9aab88e8c495d Mon Sep 17 00:00:00 2001 From: YY Date: Thu, 13 Nov 2025 21:49:02 +0200 Subject: [PATCH 048/123] chore(typos): EgressNetwork and ExternalWorkload CRDs (#14681) Subject apiVerson typo fix Problem pointless typo Solution fix as is Validation helm charts should be updated and tested accordingly afterwards Fixes #14680 Signed-off-by: Yuriy Yarosh Co-authored-by: Yuriy Yarosh Signed-off-by: Ivan Porta --- charts/linkerd-crds/templates/policy/egress-network.yaml | 2 +- .../linkerd-crds/templates/workload/external-workload.yaml | 4 ++-- cli/cmd/testdata/install_crds.golden | 6 +++--- cli/cmd/testdata/install_crds_with_gateway_api.golden | 6 +++--- cli/cmd/testdata/install_helm_crds_output.golden | 6 +++--- cli/cmd/testdata/install_helm_crds_output_ha.golden | 6 +++--- .../install_helm_crds_without_gateway_output.golden | 6 +++--- cli/cmd/testdata/upgrade_crds_with_gateway_api.golden | 6 +++--- cli/cmd/testdata/upgrade_crds_without_gateway_api.golden | 6 +++--- 9 files changed, 24 insertions(+), 24 deletions(-) diff --git a/charts/linkerd-crds/templates/policy/egress-network.yaml b/charts/linkerd-crds/templates/policy/egress-network.yaml index 4289de0577090..f739c4f424832 100644 --- a/charts/linkerd-crds/templates/policy/egress-network.yaml +++ b/charts/linkerd-crds/templates/policy/egress-network.yaml @@ -31,7 +31,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string diff --git a/charts/linkerd-crds/templates/workload/external-workload.yaml b/charts/linkerd-crds/templates/workload/external-workload.yaml index 2e6e43ae60b24..baf5549c6a010 100644 --- a/charts/linkerd-crds/templates/workload/external-workload.yaml +++ b/charts/linkerd-crds/templates/workload/external-workload.yaml @@ -30,7 +30,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -172,7 +172,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string diff --git a/cli/cmd/testdata/install_crds.golden b/cli/cmd/testdata/install_crds.golden index fe21788508d8d..d0e316f7744d7 100644 --- a/cli/cmd/testdata/install_crds.golden +++ b/cli/cmd/testdata/install_crds.golden @@ -130,7 +130,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6798,7 +6798,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6940,7 +6940,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string diff --git a/cli/cmd/testdata/install_crds_with_gateway_api.golden b/cli/cmd/testdata/install_crds_with_gateway_api.golden index 58356ac4bf56f..48cf3e9edb881 100644 --- a/cli/cmd/testdata/install_crds_with_gateway_api.golden +++ b/cli/cmd/testdata/install_crds_with_gateway_api.golden @@ -130,7 +130,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -19704,7 +19704,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -19846,7 +19846,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string diff --git a/cli/cmd/testdata/install_helm_crds_output.golden b/cli/cmd/testdata/install_helm_crds_output.golden index 58c9e840fbd60..4eb0f7de36a80 100644 --- a/cli/cmd/testdata/install_helm_crds_output.golden +++ b/cli/cmd/testdata/install_helm_crds_output.golden @@ -134,7 +134,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6826,7 +6826,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6968,7 +6968,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string diff --git a/cli/cmd/testdata/install_helm_crds_output_ha.golden b/cli/cmd/testdata/install_helm_crds_output_ha.golden index 58c9e840fbd60..4eb0f7de36a80 100644 --- a/cli/cmd/testdata/install_helm_crds_output_ha.golden +++ b/cli/cmd/testdata/install_helm_crds_output_ha.golden @@ -134,7 +134,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6826,7 +6826,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6968,7 +6968,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string diff --git a/cli/cmd/testdata/install_helm_crds_without_gateway_output.golden b/cli/cmd/testdata/install_helm_crds_without_gateway_output.golden index 58c9e840fbd60..4eb0f7de36a80 100644 --- a/cli/cmd/testdata/install_helm_crds_without_gateway_output.golden +++ b/cli/cmd/testdata/install_helm_crds_without_gateway_output.golden @@ -134,7 +134,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6826,7 +6826,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6968,7 +6968,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string diff --git a/cli/cmd/testdata/upgrade_crds_with_gateway_api.golden b/cli/cmd/testdata/upgrade_crds_with_gateway_api.golden index 58356ac4bf56f..48cf3e9edb881 100644 --- a/cli/cmd/testdata/upgrade_crds_with_gateway_api.golden +++ b/cli/cmd/testdata/upgrade_crds_with_gateway_api.golden @@ -130,7 +130,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -19704,7 +19704,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -19846,7 +19846,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string diff --git a/cli/cmd/testdata/upgrade_crds_without_gateway_api.golden b/cli/cmd/testdata/upgrade_crds_without_gateway_api.golden index fe21788508d8d..d0e316f7744d7 100644 --- a/cli/cmd/testdata/upgrade_crds_without_gateway_api.golden +++ b/cli/cmd/testdata/upgrade_crds_without_gateway_api.golden @@ -130,7 +130,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6798,7 +6798,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string @@ -6940,7 +6940,7 @@ spec: type: object required: [spec] properties: - apiVerson: + apiVersion: type: string kind: type: string From 014cbecc6fa205d4577f13753aea8c205f25324f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Nov 2025 10:37:27 -0500 Subject: [PATCH 049/123] build(deps): bump hyper from 1.7.0 to 1.8.0 (#14718) Bumps [hyper](https://github.com/hyperium/hyper) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/hyperium/hyper/releases) - [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md) - [Commits](https://github.com/hyperium/hyper/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: hyper dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 914245e9d3254..1d2b3674471c7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -918,9 +918,9 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" [[package]] name = "hyper" -version = "1.7.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb3aa54a13a0dfe7fbe3a59e0c76093041720fdc77b110cc0fc260fafb4dc51e" +checksum = "1744436df46f0bde35af3eda22aeaba453aada65d8f1c171cd8a5f59030bd69f" dependencies = [ "atomic-waker", "bytes", From 6cce667f6bd1c885f12152be194fcc2b3cdb942b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Nov 2025 10:37:52 -0500 Subject: [PATCH 050/123] build(deps): bump unicode-ident from 1.0.20 to 1.0.22 (#14717) Bumps [unicode-ident](https://github.com/dtolnay/unicode-ident) from 1.0.20 to 1.0.22. - [Release notes](https://github.com/dtolnay/unicode-ident/releases) - [Commits](https://github.com/dtolnay/unicode-ident/compare/1.0.20...1.0.22) --- updated-dependencies: - dependency-name: unicode-ident dependency-version: 1.0.22 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1d2b3674471c7..920f4c16e7bab 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2746,9 +2746,9 @@ checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971" [[package]] name = "unicode-ident" -version = "1.0.20" +version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "462eeb75aeb73aea900253ce739c8e18a67423fadf006037cd3ff27e82748a06" +checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5" [[package]] name = "unsafe-libyaml" From 0858c1c0d89d75b797e155b2b394b5a5d30070fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Nov 2025 10:38:21 -0500 Subject: [PATCH 051/123] build(deps): bump helm.sh/helm/v3 from 3.19.1 to 3.19.2 (#14716) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.19.1 to 3.19.2. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.19.1...v3.19.2) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.19.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 52d2fde90985a..964f1f20fb0a1 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 google.golang.org/protobuf v1.36.10 gopkg.in/yaml.v2 v2.4.0 - helm.sh/helm/v3 v3.19.1 + helm.sh/helm/v3 v3.19.2 k8s.io/api v0.34.1 k8s.io/apiextensions-apiserver v0.34.1 k8s.io/apimachinery v0.34.1 diff --git a/go.sum b/go.sum index 77cd5e4d1523c..a043963d54bc9 100644 --- a/go.sum +++ b/go.sum @@ -721,8 +721,8 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -helm.sh/helm/v3 v3.19.1 h1:QVMzHbanyurO8oynx0drDOfG02XxSvrHqaFrf9yrMf0= -helm.sh/helm/v3 v3.19.1/go.mod h1:gX10tB5ErM+8fr7bglUUS/UfTOO8UUTYWIBH1IYNnpE= +helm.sh/helm/v3 v3.19.2 h1:psQjaM8aIWrSVEly6PgYtLu/y6MRSmok4ERiGhZmtUY= +helm.sh/helm/v3 v3.19.2/go.mod h1:gX10tB5ErM+8fr7bglUUS/UfTOO8UUTYWIBH1IYNnpE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From 252474cc9275d655f1bb73f79b91c8840e72e076 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Nov 2025 11:05:58 -0500 Subject: [PATCH 052/123] build(deps): bump the kube group with 7 updates (#14715) Bumps the kube group with 7 updates: | Package | From | To | | --- | --- | --- | | [k8s.io/api](https://github.com/kubernetes/api) | `0.34.1` | `0.34.2` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.34.1` | `0.34.2` | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.34.1` | `0.34.2` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.34.1` | `0.34.2` | | [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.34.1` | `0.34.2` | | [k8s.io/endpointslice](https://github.com/kubernetes/endpointslice) | `0.34.1` | `0.34.2` | | [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) | `0.34.1` | `0.34.2` | Updates `k8s.io/api` from 0.34.1 to 0.34.2 - [Commits](https://github.com/kubernetes/api/compare/v0.34.1...v0.34.2) Updates `k8s.io/apiextensions-apiserver` from 0.34.1 to 0.34.2 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.34.1...v0.34.2) Updates `k8s.io/apimachinery` from 0.34.1 to 0.34.2 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.34.1...v0.34.2) Updates `k8s.io/client-go` from 0.34.1 to 0.34.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.34.1...v0.34.2) Updates `k8s.io/code-generator` from 0.34.1 to 0.34.2 - [Commits](https://github.com/kubernetes/code-generator/compare/v0.34.1...v0.34.2) Updates `k8s.io/endpointslice` from 0.34.1 to 0.34.2 - [Commits](https://github.com/kubernetes/endpointslice/compare/v0.34.1...v0.34.2) Updates `k8s.io/kube-aggregator` from 0.34.1 to 0.34.2 - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.34.1...v0.34.2) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/apimachinery dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/client-go dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/code-generator dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/endpointslice dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/kube-aggregator dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 16 ++++++++-------- go.sum | 32 ++++++++++++++++---------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index 964f1f20fb0a1..ea3cd1106d5e2 100644 --- a/go.mod +++ b/go.mod @@ -42,14 +42,14 @@ require ( google.golang.org/protobuf v1.36.10 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.19.2 - k8s.io/api v0.34.1 - k8s.io/apiextensions-apiserver v0.34.1 - k8s.io/apimachinery v0.34.1 - k8s.io/client-go v0.34.1 - k8s.io/code-generator v0.34.1 - k8s.io/endpointslice v0.34.1 + k8s.io/api v0.34.2 + k8s.io/apiextensions-apiserver v0.34.2 + k8s.io/apimachinery v0.34.2 + k8s.io/client-go v0.34.2 + k8s.io/code-generator v0.34.2 + k8s.io/endpointslice v0.34.2 k8s.io/klog/v2 v2.130.1 - k8s.io/kube-aggregator v0.34.1 + k8s.io/kube-aggregator v0.34.2 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 sigs.k8s.io/gateway-api v0.8.1 sigs.k8s.io/yaml v1.6.0 @@ -156,7 +156,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/cli-runtime v0.34.0 // indirect - k8s.io/component-base v0.34.1 // indirect + k8s.io/component-base v0.34.2 // indirect k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f // indirect k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect k8s.io/kubectl v0.34.0 // indirect diff --git a/go.sum b/go.sum index a043963d54bc9..902e6cb68920e 100644 --- a/go.sum +++ b/go.sum @@ -729,28 +729,28 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.34.1 h1:jC+153630BMdlFukegoEL8E/yT7aLyQkIVuwhmwDgJM= -k8s.io/api v0.34.1/go.mod h1:SB80FxFtXn5/gwzCoN6QCtPD7Vbu5w2n1S0J5gFfTYk= -k8s.io/apiextensions-apiserver v0.34.1 h1:NNPBva8FNAPt1iSVwIE0FsdrVriRXMsaWFMqJbII2CI= -k8s.io/apiextensions-apiserver v0.34.1/go.mod h1:hP9Rld3zF5Ay2Of3BeEpLAToP+l4s5UlxiHfqRaRcMc= -k8s.io/apimachinery v0.34.1 h1:dTlxFls/eikpJxmAC7MVE8oOeP1zryV7iRyIjB0gky4= -k8s.io/apimachinery v0.34.1/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/api v0.34.2 h1:fsSUNZhV+bnL6Aqrp6O7lMTy6o5x2C4XLjnh//8SLYY= +k8s.io/api v0.34.2/go.mod h1:MMBPaWlED2a8w4RSeanD76f7opUoypY8TFYkSM+3XHw= +k8s.io/apiextensions-apiserver v0.34.2 h1:WStKftnGeoKP4AZRz/BaAAEJvYp4mlZGN0UCv+uvsqo= +k8s.io/apiextensions-apiserver v0.34.2/go.mod h1:398CJrsgXF1wytdaanynDpJ67zG4Xq7yj91GrmYN2SE= +k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4= +k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= k8s.io/cli-runtime v0.34.0 h1:N2/rUlJg6TMEBgtQ3SDRJwa8XyKUizwjlOknT1mB2Cw= k8s.io/cli-runtime v0.34.0/go.mod h1:t/skRecS73Piv+J+FmWIQA2N2/rDjdYSQzEE67LUUs8= -k8s.io/client-go v0.34.1 h1:ZUPJKgXsnKwVwmKKdPfw4tB58+7/Ik3CrjOEhsiZ7mY= -k8s.io/client-go v0.34.1/go.mod h1:kA8v0FP+tk6sZA0yKLRG67LWjqufAoSHA2xVGKw9Of8= -k8s.io/code-generator v0.34.1 h1:WpphT26E+j7tEgIUfFr5WfbJrktCGzB3JoJH9149xYc= -k8s.io/code-generator v0.34.1/go.mod h1:DeWjekbDnJWRwpw3s0Jat87c+e0TgkxoR4ar608yqvg= -k8s.io/component-base v0.34.1 h1:v7xFgG+ONhytZNFpIz5/kecwD+sUhVE6HU7qQUiRM4A= -k8s.io/component-base v0.34.1/go.mod h1:mknCpLlTSKHzAQJJnnHVKqjxR7gBeHRv0rPXA7gdtQ0= -k8s.io/endpointslice v0.34.1 h1:+bxZVXN+6NUCyur42p6UkqBmSvXw6FChrwvvnOSbeho= -k8s.io/endpointslice v0.34.1/go.mod h1:70gpj+tfjoAXm3rPQhAdPAMywVtSPnOTSaau/hTeAYg= +k8s.io/client-go v0.34.2 h1:Co6XiknN+uUZqiddlfAjT68184/37PS4QAzYvQvDR8M= +k8s.io/client-go v0.34.2/go.mod h1:2VYDl1XXJsdcAxw7BenFslRQX28Dxz91U9MWKjX97fE= +k8s.io/code-generator v0.34.2 h1:9bG6jTxmsU3HXE5BNYJTC8AZ1D6hVVfkm8yYSkdkGY0= +k8s.io/code-generator v0.34.2/go.mod h1:dnDDEd6S/z4uZ+PG1aE58ySCi/lR4+qT3a4DddE4/2I= +k8s.io/component-base v0.34.2 h1:HQRqK9x2sSAsd8+R4xxRirlTjowsg6fWCPwWYeSvogQ= +k8s.io/component-base v0.34.2/go.mod h1:9xw2FHJavUHBFpiGkZoKuYZ5pdtLKe97DEByaA+hHbM= +k8s.io/endpointslice v0.34.2 h1:rwG7vAB2Q3/GPeF7lOSvDSRhg184GSx1VHiqJ//2Ehw= +k8s.io/endpointslice v0.34.2/go.mod h1:YhcGfLXNyci+LOcTPyQkWosp+iUuXgVEIxWGlhLPyxU= k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f h1:SLb+kxmzfA87x4E4brQzB33VBbT2+x7Zq9ROIHmGn9Q= k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.34.1 h1:WNLV0dVNoFKmuyvdWLd92iDSyD/TSTjqwaPj0U9XAEU= -k8s.io/kube-aggregator v0.34.1/go.mod h1:RU8j+5ERfp0h+gIvWtxRPfsa5nK7rboDm8RST8BJfYQ= +k8s.io/kube-aggregator v0.34.2 h1:Nn0Vksj67WHBL2x7bJ6vuxL44RbMTK6uRtXX+3vMVJk= +k8s.io/kube-aggregator v0.34.2/go.mod h1:/tp4cc/1p2AvICsS4mjjSJakdrbhcGbRmj0mdHTdR2Q= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= k8s.io/kubectl v0.34.0 h1:NcXz4TPTaUwhiX4LU+6r6udrlm0NsVnSkP3R9t0dmxs= From 256da156edfeed6c21cc87697e64a826c8a73517 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Nov 2025 11:44:44 -0500 Subject: [PATCH 053/123] build(deps): bump golang.org/x/tools from 0.38.0 to 0.39.0 (#14720) * build(deps): bump golang.org/x/tools from 0.38.0 to 0.39.0 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.38.0 to 0.39.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.38.0...v0.39.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * lint: remove usage of deprecated golang.org/x/net/context --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alejandro Pedraza Signed-off-by: Ivan Porta --- controller/api/util/test_util.go | 2 +- go.mod | 18 ++++++++-------- go.sum | 36 ++++++++++++++++---------------- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/controller/api/util/test_util.go b/controller/api/util/test_util.go index 905e3b9fcc322..15f07cdc0f7d7 100644 --- a/controller/api/util/test_util.go +++ b/controller/api/util/test_util.go @@ -1,13 +1,13 @@ package util import ( + "context" "errors" "io" "sync" destinationPb "github.com/linkerd/linkerd2-proxy-api/go/destination" "github.com/linkerd/linkerd2-proxy-api/go/net" - "golang.org/x/net/context" "google.golang.org/grpc" "google.golang.org/grpc/metadata" ) diff --git a/go.mod b/go.mod index ea3cd1106d5e2..80135e5634db0 100644 --- a/go.mod +++ b/go.mod @@ -35,8 +35,8 @@ require ( github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 go.opencensus.io v0.24.0 - golang.org/x/net v0.46.0 - golang.org/x/tools v0.38.0 + golang.org/x/net v0.47.0 + golang.org/x/tools v0.39.0 google.golang.org/grpc v1.76.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 google.golang.org/protobuf v1.36.10 @@ -138,14 +138,14 @@ require ( go.opentelemetry.io/otel/trace v1.37.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.43.0 // indirect - golang.org/x/mod v0.29.0 // indirect + golang.org/x/crypto v0.44.0 // indirect + golang.org/x/mod v0.30.0 // indirect golang.org/x/oauth2 v0.32.0 // indirect - golang.org/x/sync v0.17.0 // indirect - golang.org/x/sys v0.37.0 // indirect - golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect - golang.org/x/term v0.36.0 // indirect - golang.org/x/text v0.30.0 // indirect + golang.org/x/sync v0.18.0 // indirect + golang.org/x/sys v0.38.0 // indirect + golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect + golang.org/x/term v0.37.0 // indirect + golang.org/x/text v0.31.0 // indirect golang.org/x/time v0.12.0 // indirect golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect golang.org/x/tools/godoc v0.1.0-deprecated // indirect diff --git a/go.sum b/go.sum index 902e6cb68920e..a4fa8a0263f9b 100644 --- a/go.sum +++ b/go.sum @@ -471,8 +471,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= -golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= +golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU= +golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -503,8 +503,8 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -526,8 +526,8 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= -golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -543,8 +543,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -570,19 +570,19 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= -golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 h1:LvzTn0GQhWuvKH/kVRS3R3bVAsdQWI7hvfLHGgh9+lU= -golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE= -golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= -golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo= +golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= -golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -620,8 +620,8 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= -golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= +golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= +golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY= golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= From 7d704d8bba30ec1c70d445f8a116f0d4ffd7f55a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Nov 2025 11:31:21 -0800 Subject: [PATCH 054/123] build(deps): bump peter-evans/repository-dispatch from 4.0.0 to 4.0.1 (#14724) Bumps [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](https://github.com/peter-evans/repository-dispatch/compare/5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f...28959ce8df70de7be546dd1250a005dd32156697) --- updated-dependencies: - dependency-name: peter-evans/repository-dispatch dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f4688eb226f2e..60b76f3587527 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -151,7 +151,7 @@ jobs: contents: write steps: - name: Create linkerd/website repository dispatch event - uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 with: token: ${{ secrets.RELEASE_TOKEN }} repository: linkerd/website From 73a1d29f549afe02ecb30a1f87a564c51f1f0f1b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Nov 2025 11:31:47 -0800 Subject: [PATCH 055/123] build(deps): bump DavidAnson/markdownlint-cli2-action (#14723) Bumps [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) from 20.0.0 to 21.0.0. - [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases) - [Commits](https://github.com/davidanson/markdownlint-cli2-action/compare/992badcdf24e3b8eb7e87ff9287fe931bcb00c6e...30a0e04f1870d58f8d717450cc6134995f993c63) --- updated-dependencies: - dependency-name: DavidAnson/markdownlint-cli2-action dependency-version: 21.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/markdown.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/markdown.yml b/.github/workflows/markdown.yml index 9ffbbe1d57114..0d126a76cee89 100644 --- a/.github/workflows/markdown.yml +++ b/.github/workflows/markdown.yml @@ -15,7 +15,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - uses: DavidAnson/markdownlint-cli2-action@992badcdf24e3b8eb7e87ff9287fe931bcb00c6e + - uses: DavidAnson/markdownlint-cli2-action@30a0e04f1870d58f8d717450cc6134995f993c63 with: globs: | **/*.md From ddd2d75be0750a5d794c061054a5273c84e683e3 Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Mon, 17 Nov 2025 15:29:08 -0500 Subject: [PATCH 056/123] test(cni): update k8s and calico (#14707) We were stuck on k8s v1.27 because of k3d-io/k3d#1375, which is no longer an issue. This change removes that constraint and installs the latest version of Calico using the tigera-operator. Signed-off-by: Ivan Porta --- bin/_test-helpers.sh | 6 +--- test/integration/deep/calico-k3d.yml | 5 ---- test/integration/deep/install_test.go | 43 +++++++++++++++++++++------ 3 files changed, 35 insertions(+), 19 deletions(-) delete mode 100644 test/integration/deep/calico-k3d.yml diff --git a/bin/_test-helpers.sh b/bin/_test-helpers.sh index 7393730580c46..b1a0e70295099 100644 --- a/bin/_test-helpers.sh +++ b/bin/_test-helpers.sh @@ -313,11 +313,7 @@ start_test() { config=("$name" "${config[@]}" --no-lb --k3s-arg --cluster-domain=custom.domain --k3s-arg '--disable=servicelb,traefik@server:0' --image "$k8s_version_max") ;; cni-calico-deep) - # This requires k8s v1.27.6-k3s1 because after that Calico won't work. - # We have to use a config file because that version can't be set via the - # --image flag. - # See https://github.com/k3d-io/k3d/issues/1375 - config=("$name" "${config[@]}" --no-lb --k3s-arg --write-kubeconfig-mode=644 --k3s-arg --flannel-backend=none --k3s-arg --cluster-cidr=192.168.0.0/16 --k3s-arg '--disable=servicelb,traefik@server:0' --config "$testdir"/deep/calico-k3d.yml) + config=("$name" "${config[@]}" --no-lb --k3s-arg --write-kubeconfig-mode=644 --k3s-arg --flannel-backend=none --k3s-arg --cluster-cidr=192.168.0.0/16 --k3s-arg '--disable=servicelb,traefik@server:0') ;; multicluster) config=("${config[@]}" --network multicluster-test --image "$k8s_version_max") diff --git a/test/integration/deep/calico-k3d.yml b/test/integration/deep/calico-k3d.yml deleted file mode 100644 index beccbc5a153e0..0000000000000 --- a/test/integration/deep/calico-k3d.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Used by the cni-calico-deep integration test, which requires k8s v1.27.6-k3s1 -# See https://github.com/k3d-io/k3d/issues/1375 -apiVersion: k3d.io/v1alpha4 -kind: Simple -image: rancher/k3s:v1.27.6-k3s1 diff --git a/test/integration/deep/install_test.go b/test/integration/deep/install_test.go index a3fcb55a1e2ae..c8d9b367cef9e 100644 --- a/test/integration/deep/install_test.go +++ b/test/integration/deep/install_test.go @@ -27,17 +27,42 @@ func TestInstallCalico(t *testing.T) { return } - out, err := TestHelper.Kubectl("", []string{"apply", "-f", "https://k3d.io/v5.1.0/usage/advanced/calico.yaml"}...) - if err != nil { - testutil.AnnotatedFatalf(t, "'kubectl apply' command failed", - "kubectl apply command failed\n%s", out) - } + // install Calico as per instructions on + // https://k3d.io/v5.8.3/usage/advanced/calico/#1-create-the-cluster-without-flannel + // there's a lot of waiting involved here as the various components come up, so the easiest + // is to retry the steps until they succeed + var out string + err := testutil.RetryFor(time.Minute, func() error { + var err error + out, err = TestHelper.Kubectl("", []string{"apply", "-f", "https://raw.githubusercontent.com/projectcalico/calico/v3.31.0/manifests/tigera-operator.yaml"}...) + if err != nil { + return err + } + + deploys := map[string]testutil.DeploySpec{ + "tigera-operator": { + Namespace: "tigera-operator", + Replicas: 1, + }, + } + TestHelper.WaitRollout(t, deploys) - time.Sleep(10 * time.Second) - o, err := TestHelper.Kubectl("", "--namespace=kube-system", "wait", "--for=condition=available", "--timeout=120s", "deploy/calico-kube-controllers") + out, err = TestHelper.Kubectl("", []string{"apply", "-f", "https://raw.githubusercontent.com/projectcalico/calico/v3.31.0/manifests/custom-resources.yaml"}...) + if err != nil { + return err + } + + for _, system := range []string{"apiserver", "calico", "goldmane", "ippools", "whisker"} { + out, err = TestHelper.Kubectl("", "wait", "--for=condition=available", "--timeout=120s", "tigerastatus", system) + if err != nil { + return err + } + } + + return nil + }) if err != nil { - testutil.AnnotatedFatalf(t, "failed to wait for condition=available for calico resources", - "failed to wait for condition=available for calico resources: %s: %s", err, o) + testutil.AnnotatedFatalf(t, "failed to install calico", "failed to install calico: %s: %s", err, out) } } From b31a4b196181e37693f466e84a354c268c80b327 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Nov 2025 15:08:10 -0500 Subject: [PATCH 057/123] build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 (#14726) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.76.0 to 1.77.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.76.0...v1.77.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.77.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 13 +++++++------ go.sum | 36 ++++++++++++++++++------------------ 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index 80135e5634db0..dab0adf5a9c35 100644 --- a/go.mod +++ b/go.mod @@ -35,9 +35,8 @@ require ( github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 go.opencensus.io v0.24.0 - golang.org/x/net v0.47.0 golang.org/x/tools v0.39.0 - google.golang.org/grpc v1.76.0 + google.golang.org/grpc v1.77.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 google.golang.org/protobuf v1.36.10 gopkg.in/yaml.v2 v2.4.0 @@ -55,6 +54,8 @@ require ( sigs.k8s.io/yaml v1.6.0 ) +require golang.org/x/net v0.47.0 // indirect + require ( github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect github.com/BurntSushi/toml v1.5.0 // indirect @@ -134,8 +135,8 @@ require ( github.com/spf13/cast v1.7.0 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.opentelemetry.io/otel v1.37.0 // indirect - go.opentelemetry.io/otel/trace v1.37.0 // indirect + go.opentelemetry.io/otel v1.38.0 // indirect + go.opentelemetry.io/otel/trace v1.38.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/crypto v0.44.0 // indirect @@ -150,8 +151,8 @@ require ( golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect golang.org/x/tools/godoc v0.1.0-deprecated // indirect google.golang.org/api v0.143.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index a4fa8a0263f9b..91507d722b010 100644 --- a/go.sum +++ b/go.sum @@ -414,16 +414,16 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 h1:UW0+QyeyBVhn+COBec3nGhfnFe5lwB0ic1JBVjzhk0w= go.opentelemetry.io/contrib/bridges/prometheus v0.57.0/go.mod h1:ppciCHRLsyCio54qbzQv0E4Jyth/fLWDTJYfvWpcSVk= go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 h1:jmTVJ86dP60C01K3slFQa2NQ/Aoi7zA+wy7vMOKD9H4= go.opentelemetry.io/contrib/exporters/autoexport v0.57.0/go.mod h1:EJBheUMttD/lABFyLXhce47Wr6DPWYReCzaZiXadH7g= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= +go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= +go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls= go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs= go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 h1:S+LdBGiQXtJdowoJoQPEtI52syEP/JYBUpjO49EQhV8= @@ -448,16 +448,16 @@ go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 h1:cC2yDI3IQd0Udsu go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0/go.mod h1:2PD5Ex6z8CFzDbTdOlwyNIUywRr1DN0ospafJM1wJ+s= go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWertk= go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= +go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= +go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= +go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= +go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs= go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM= +go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA= +go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= +go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -673,10 +673,10 @@ google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b h1:ULiyYQ0FdsJhwwZUwbaXpZF5yUE3h+RA+gxvBu37ucc= -google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:oDOGiMSXHL4sDTJvFvIB9nRQCGdLP1o/iVaqQK8zB+M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b h1:zPKJod4w6F1+nRGDI9ubnXYhU9NSWoFAijkHkUXeTK8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 h1:mepRgnBZa07I4TRuomDE4sTIYieg/osKmzIf4USdWS4= +google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8/go.mod h1:fDMmzKV90WSg1NbozdqrE64fkuTv6mlq2zxo9ad+3yo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -688,8 +688,8 @@ google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= -google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= +google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= +google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 h1:F29+wU6Ee6qgu9TddPgooOdaqsxTMunOoj8KA5yuS5A= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From 3542c185c869270854a635aeba527fefe0431828 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Nov 2025 15:09:00 -0500 Subject: [PATCH 058/123] build(deps): bump the clap group with 2 updates (#14727) Bumps the clap group with 2 updates: [clap](https://github.com/clap-rs/clap) and [clap_builder](https://github.com/clap-rs/clap). Updates `clap` from 4.5.51 to 4.5.52 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.51...clap_complete-v4.5.52) Updates `clap_builder` from 4.5.51 to 4.5.52 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v4.5.51...v4.5.52) --- updated-dependencies: - dependency-name: clap dependency-version: 4.5.52 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: clap - dependency-name: clap_builder dependency-version: 4.5.52 dependency-type: indirect update-type: version-update:semver-patch dependency-group: clap ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 920f4c16e7bab..85945cb1c26d6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.51" +version = "4.5.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c26d721170e0295f191a69bd9a1f93efcdb0aff38684b61ab5750468972e5f5" +checksum = "aa8120877db0e5c011242f96806ce3c94e0737ab8108532a76a3300a01db2ab8" dependencies = [ "clap_builder", "clap_derive", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.51" +version = "4.5.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75835f0c7bf681bfd05abe44e965760fea999a5286c6eb2d59883634fd02011a" +checksum = "02576b399397b659c26064fbc92a75fede9d18ffd5f80ca1cd74ddab167016e1" dependencies = [ "anstyle", "clap_lex", @@ -555,7 +555,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys 0.61.0", ] [[package]] @@ -2057,7 +2057,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] From adb8329285f8c31329616675b1d778e19fbe7103 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Nov 2025 15:09:30 -0500 Subject: [PATCH 059/123] build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#14729) Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...93cb6efe18208431cddfb8368fd83d5badbf9bfd) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/actions.yml | 4 ++-- .github/workflows/cli-build.yml | 2 +- .github/workflows/codecov.yml | 6 +++--- .github/workflows/codeql.yml | 2 +- .github/workflows/devcontainer.yml | 4 ++-- .github/workflows/go.yml | 8 ++++---- .github/workflows/integration.yml | 16 ++++++++-------- .github/workflows/js.yml | 2 +- .github/workflows/markdown.yml | 2 +- .github/workflows/proto.yml | 2 +- .github/workflows/release.yml | 12 ++++++------ .github/workflows/rust.yml | 12 ++++++------ .github/workflows/shell.yml | 2 +- .github/workflows/sync-proxy.yml | 4 ++-- 14 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index f62eee00fed37..c042067063ef4 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -15,12 +15,12 @@ jobs: timeout-minutes: 10 steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: just-dev lint-actions devcontainer-versions: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: just-dev check-action-images diff --git a/.github/workflows/cli-build.yml b/.github/workflows/cli-build.yml index 5a3793ff1e63e..101eea0f8cfd8 100644 --- a/.github/workflows/cli-build.yml +++ b/.github/workflows/cli-build.yml @@ -17,7 +17,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 20 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 id: build diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index e8f252b6e7f42..4a485d5bf5b78 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -16,7 +16,7 @@ jobs: container: image: golang:1.25 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: go install gotest.tools/gotestsum@v0.4.2 - run: gotestsum -- -cover -coverprofile=coverage.out -v -mod=readonly ./... - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 @@ -31,7 +31,7 @@ jobs: container: image: node:20-stretch steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - name: Yarn setup shell: bash run: bin/scurl -o- https://yarnpkg.com/install.sh | bash -s -- --version 1.21.1 --network-concurrency 1 @@ -54,7 +54,7 @@ jobs: image: docker://rust:1.90.0 options: --security-opt seccomp=unconfined steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - shell: bash run: mkdir -p target && cd target && bin/scurl -v https://github.com/xd009642/tarpaulin/releases/download/0.27.3/cargo-tarpaulin-x86_64-unknown-linux-musl.tar.gz | tar zxvf - && chmod 755 cargo-tarpaulin - run: target/cargo-tarpaulin tarpaulin --workspace --out Xml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7ff546af3f0cc..90aecbfd74ea4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml index 52d888f1b0e05..ef398cb208d04 100644 --- a/.github/workflows/devcontainer.yml +++ b/.github/workflows/devcontainer.yml @@ -17,7 +17,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - shell: bash run: | # Extract current Rust version from the toolchain file. @@ -40,5 +40,5 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: just-dev pull-dev-image diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index f50906ce296b4..940709f32469a 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -8,7 +8,7 @@ jobs: meta: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: tj-actions/changed-files@70069877f29101175ed2b055d210fe8b1d54d7d7 id: changed with: @@ -31,7 +31,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-go steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just go-lint --verbose --timeout=10m @@ -42,7 +42,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-go steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just go-fmt @@ -53,7 +53,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-go steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just go-fetch - run: just go-test diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 43d4f2a32fd01..472ded745d21e 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -26,7 +26,7 @@ jobs: meta: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - id: tag run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" - uses: tj-actions/changed-files@70069877f29101175ed2b055d210fe8b1d54d7d7 @@ -87,7 +87,7 @@ jobs: - proxy timeout-minutes: 20 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: ./.github/actions/docker-build id: build env: @@ -119,7 +119,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 15 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod @@ -174,7 +174,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: olix0r/cargo-action-fmt/setup@9269f3aa1ff01775d95efc97037e2cbdb41d9684 - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: pattern: image-archives-* @@ -236,7 +236,7 @@ jobs: - web timeout-minutes: 15 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: ./.github/actions/docker-build id: build with: @@ -272,7 +272,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 15 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod @@ -300,7 +300,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 30 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod @@ -339,7 +339,7 @@ jobs: - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml index 85874912180e3..1fbade95c5211 100644 --- a/.github/workflows/js.yml +++ b/.github/workflows/js.yml @@ -19,7 +19,7 @@ jobs: env: NODE_ENV: test steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - name: Yarn setup shell: bash run: | diff --git a/.github/workflows/markdown.yml b/.github/workflows/markdown.yml index 0d126a76cee89..c3da860e7edb2 100644 --- a/.github/workflows/markdown.yml +++ b/.github/workflows/markdown.yml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 5 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: DavidAnson/markdownlint-cli2-action@30a0e04f1870d58f8d717450cc6134995f993c63 with: globs: | diff --git a/.github/workflows/proto.yml b/.github/workflows/proto.yml index 8d5d5d4daf8df..74870ffcb014b 100644 --- a/.github/workflows/proto.yml +++ b/.github/workflows/proto.yml @@ -18,7 +18,7 @@ jobs: container: ghcr.io/linkerd/dev:v48-go steps: - run: apt update && apt install -y unzip - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: bin/protoc-go.sh - run: git diff --exit-code diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 60b76f3587527..4cf431ee5e9a7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: tag: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" id: tag - name: Validate edge version @@ -48,7 +48,7 @@ jobs: - web timeout-minutes: 45 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - name: Set tag run: echo 'TAG=${{ needs.tag.outputs.tag }}' >> "$GITHUB_ENV" - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef @@ -98,7 +98,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version-file: go.mod @@ -125,7 +125,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: artifact-ids: ${{ needs.cli.outputs.artifact-id }} @@ -164,7 +164,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge') runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - name: Set install target for stable if: startsWith(github.ref, 'refs/tags/stable') run: echo "INSTALL=install" >> "$GITHUB_ENV" @@ -192,7 +192,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - name: Log into GCP uses: "google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093" with: diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 479d6b6aae851..032c82b6095be 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -36,7 +36,7 @@ jobs: # Prevent sudden announcement of a new advisory from failing Ci. continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: cargo deny --all-features check ${{ matrix.checks }} @@ -45,7 +45,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-check-fmt @@ -54,7 +54,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-fetch - run: just rs-clippy @@ -65,7 +65,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-fetch - run: just rs-check-dirs @@ -76,7 +76,7 @@ jobs: timeout-minutes: 15 container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-fetch - run: just rs-test-build @@ -87,7 +87,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 2 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - shell: bash run: | toolchain_version="$(./bin/rust-toolchain-version)" diff --git a/.github/workflows/shell.yml b/.github/workflows/shell.yml index 60cb4b9923fce..1ec54adb8366f 100644 --- a/.github/workflows/shell.yml +++ b/.github/workflows/shell.yml @@ -17,5 +17,5 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - run: just sh-lint diff --git a/.github/workflows/sync-proxy.yml b/.github/workflows/sync-proxy.yml index 6cd123b3c41f0..79e511aeecd18 100644 --- a/.github/workflows/sync-proxy.yml +++ b/.github/workflows/sync-proxy.yml @@ -64,7 +64,7 @@ jobs: env: VERSION: ${{ needs.meta.outputs.name }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: token: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }} - name: Check if proxy version has changed @@ -98,7 +98,7 @@ jobs: git config --global --add safe.directory "$PWD" # actions/runner#2033 git config --global user.name "$GITHUB_USERNAME" git config --global user.email "$GITHUB_USERNAME"@users.noreply.github.com - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: token: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }} - name: Commit proxy version From 9f43ed80f0235aae9362d202d8d0f9c380ba4896 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Nov 2025 15:12:52 -0500 Subject: [PATCH 060/123] build(deps): bump aws-lc-rs from 1.14.1 to 1.15.0 (#14728) Bumps [aws-lc-rs](https://github.com/aws/aws-lc-rs) from 1.14.1 to 1.15.0. - [Release notes](https://github.com/aws/aws-lc-rs/releases) - [Commits](https://github.com/aws/aws-lc-rs/compare/v1.14.1...v1.15.0) --- updated-dependencies: - dependency-name: aws-lc-rs dependency-version: 1.15.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 85945cb1c26d6..8061768df4181 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -110,9 +110,9 @@ checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" [[package]] name = "aws-lc-rs" -version = "1.14.1" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "879b6c89592deb404ba4dc0ae6b58ffd1795c78991cbb5b8bc441c48a070440d" +checksum = "5932a7d9d28b0d2ea34c6b3779d35e3dd6f6345317c34e73438c4f1f29144151" dependencies = [ "aws-lc-sys", "zeroize", @@ -120,9 +120,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.32.3" +version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "107a4e9d9cab9963e04e84bb8dee0e25f2a987f9a8bad5ed054abd439caa8f8c" +checksum = "1826f2e4cfc2cd19ee53c42fbf68e2f81ec21108e0b7ecf6a71cf062137360fc" dependencies = [ "bindgen", "cc", From 500b55ccc4cb35c3d32282868ddedbe41c746b97 Mon Sep 17 00:00:00 2001 From: l5d-bot <48604953+l5d-bot@users.noreply.github.com> Date: Wed, 19 Nov 2025 06:11:01 -0800 Subject: [PATCH 061/123] proxy: v2.330.0 (#14735) Release notes: https://github.com/linkerd/linkerd2-proxy/releases/tag/release/v2.330.0 Signed-off-by: l5d-bot Co-authored-by: l5d-bot Signed-off-by: Ivan Porta --- .proxy-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.proxy-version b/.proxy-version index 11611220714c2..a431bad585e7d 100644 --- a/.proxy-version +++ b/.proxy-version @@ -1 +1 @@ -v2.329.0 +v2.330.0 From bfe41c069b887d591b922a035dd4ea9f1432541c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Nov 2025 09:14:27 -0500 Subject: [PATCH 062/123] build(deps): bump delegate from 0.13.4 to 0.13.5 (#14733) Bumps [delegate](https://github.com/kobzol/rust-delegate) from 0.13.4 to 0.13.5. - [Release notes](https://github.com/kobzol/rust-delegate/releases) - [Changelog](https://github.com/Kobzol/rust-delegate/blob/main/CHANGELOG.md) - [Commits](https://github.com/kobzol/rust-delegate/compare/v0.13.4...v0.13.5) --- updated-dependencies: - dependency-name: delegate dependency-version: 0.13.5 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8061768df4181..aca22cbaa8f73 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -438,9 +438,9 @@ checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476" [[package]] name = "delegate" -version = "0.13.4" +version = "0.13.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6178a82cf56c836a3ba61a7935cdb1c49bfaa6fa4327cd5bf554a503087de26b" +checksum = "780eb241654bf097afb00fc5f054a09b687dad862e485fdcf8399bb056565370" dependencies = [ "proc-macro2", "quote", From 162bfa83579492c11eee367e1fc26bf1dc43bba7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Nov 2025 09:14:50 -0500 Subject: [PATCH 063/123] build(deps): bump libloading from 0.8.8 to 0.8.9 (#14734) Bumps [libloading](https://github.com/nagisa/rust_libloading) from 0.8.8 to 0.8.9. - [Commits](https://github.com/nagisa/rust_libloading/compare/0.8.8...0.8.9) --- updated-dependencies: - dependency-name: libloading dependency-version: 0.8.9 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index aca22cbaa8f73..a41f3e7b2e06f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1358,12 +1358,12 @@ checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976" [[package]] name = "libloading" -version = "0.8.8" +version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" +checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55" dependencies = [ "cfg-if", - "windows-targets", + "windows-link 0.2.0", ] [[package]] From 8fa943004e907bec03c017194da19ea485da32e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Nov 2025 09:15:14 -0500 Subject: [PATCH 064/123] build(deps): bump github.com/prometheus/common from 0.67.2 to 0.67.3 (#14732) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.67.2 to 0.67.3. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/common/compare/v0.67.2...v0.67.3) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-version: 0.67.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 7 +++++-- go.sum | 6 ++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index dab0adf5a9c35..745fac3453944 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/pkg/browser v0.0.0-20170505125900-c90ca0c84f15 github.com/prometheus/client_golang v1.23.2 github.com/prometheus/client_model v0.6.2 - github.com/prometheus/common v0.67.2 + github.com/prometheus/common v0.67.3 github.com/sergi/go-diff v1.4.0 github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 github.com/sirupsen/logrus v1.9.3 @@ -54,7 +54,10 @@ require ( sigs.k8s.io/yaml v1.6.0 ) -require golang.org/x/net v0.47.0 // indirect +require ( + github.com/golang-jwt/jwt/v5 v5.3.0 // indirect + golang.org/x/net v0.47.0 // indirect +) require ( github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect diff --git a/go.sum b/go.sum index 91507d722b010..6887927bf6768 100644 --- a/go.sum +++ b/go.sum @@ -174,6 +174,8 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo= +github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -352,8 +354,8 @@ github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UH github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.67.2 h1:PcBAckGFTIHt2+L3I33uNRTlKTplNzFctXcWhPyAEN8= -github.com/prometheus/common v0.67.2/go.mod h1:63W3KZb1JOKgcjlIr64WW/LvFGAqKPj0atm+knVGEko= +github.com/prometheus/common v0.67.3 h1:shd26MlnwTw5jksTDhC7rTQIteBxy+ZZDr3t7F2xN2Q= +github.com/prometheus/common v0.67.3/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= From dbbb8fa2dc4263fc9ce78e9ae8c5742b1f8cd8a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 09:32:56 -0500 Subject: [PATCH 065/123] build(deps): bump tj-actions/changed-files (#14740) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 70069877f29101175ed2b055d210fe8b1d54d7d7 to 2d752abc95ba0255af33a2b4d5de03df3954cdf2. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/70069877f29101175ed2b055d210fe8b1d54d7d7...2d752abc95ba0255af33a2b4d5de03df3954cdf2) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: 2d752abc95ba0255af33a2b4d5de03df3954cdf2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/go.yml | 2 +- .github/workflows/integration.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 940709f32469a..1a0918d1ed765 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -9,7 +9,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - - uses: tj-actions/changed-files@70069877f29101175ed2b055d210fe8b1d54d7d7 + - uses: tj-actions/changed-files@2d752abc95ba0255af33a2b4d5de03df3954cdf2 id: changed with: files: | diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 472ded745d21e..4815bdde84494 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - id: tag run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" - - uses: tj-actions/changed-files@70069877f29101175ed2b055d210fe8b1d54d7d7 + - uses: tj-actions/changed-files@2d752abc95ba0255af33a2b4d5de03df3954cdf2 id: core with: files: | From cbbbddb6f7d9ce9aa97c7aeff7fbe5653564a6b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 09:33:27 -0500 Subject: [PATCH 066/123] build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#14739) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/44694675825211faa026b3c33043df3e48a5fa00...4dc6199c7b1a012772edbd06daecab0f50c9053c) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/codeql.yml | 2 +- .github/workflows/integration.yml | 8 ++++---- .github/workflows/release.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 90aecbfd74ea4..85e2247f9a10b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 + - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 4815bdde84494..88432e25bcc9c 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -120,7 +120,7 @@ jobs: timeout-minutes: 15 steps: - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 + - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 @@ -273,7 +273,7 @@ jobs: timeout-minutes: 15 steps: - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 + - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 @@ -301,7 +301,7 @@ jobs: timeout-minutes: 30 steps: - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 + - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 @@ -340,7 +340,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 + - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4cf431ee5e9a7..3249c8345b150 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -99,7 +99,7 @@ jobs: steps: - name: Checkout code uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 + - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod - uses: ./.github/actions/cli-setup From f61283e5ff9937b7f99ba0f0f51ffa9fdc3649a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 09:33:56 -0500 Subject: [PATCH 067/123] build(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 (#14738) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.44.0 to 0.45.0. - [Commits](https://github.com/golang/crypto/compare/v0.44.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 745fac3453944..ede6de9b5adf9 100644 --- a/go.mod +++ b/go.mod @@ -142,7 +142,7 @@ require ( go.opentelemetry.io/otel/trace v1.38.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.44.0 // indirect + golang.org/x/crypto v0.45.0 // indirect golang.org/x/mod v0.30.0 // indirect golang.org/x/oauth2 v0.32.0 // indirect golang.org/x/sync v0.18.0 // indirect diff --git a/go.sum b/go.sum index 6887927bf6768..af47c1f165334 100644 --- a/go.sum +++ b/go.sum @@ -473,8 +473,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU= -golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= From 310ca93d5e20e4a6d7899c4e9b395003ded32445 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 09:34:24 -0500 Subject: [PATCH 068/123] build(deps): bump cc from 1.2.41 to 1.2.46 (#14737) Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.2.41 to 1.2.46. - [Release notes](https://github.com/rust-lang/cc-rs/releases) - [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md) - [Commits](https://github.com/rust-lang/cc-rs/compare/cc-v1.2.41...cc-v1.2.46) --- updated-dependencies: - dependency-name: cc dependency-version: 1.2.46 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a41f3e7b2e06f..b394a948e1948 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -240,9 +240,9 @@ checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a" [[package]] name = "cc" -version = "1.2.41" +version = "1.2.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac9fe6cdbb24b6ade63616c0a0688e45bb56732262c158df3c0c4bea4ca47cb7" +checksum = "b97463e1064cb1b1c1384ad0a0b9c8abd0988e2a91f52606c80ef14aadb63e36" dependencies = [ "find-msvc-tools", "jobserver", @@ -587,9 +587,9 @@ checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" [[package]] name = "find-msvc-tools" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52051878f80a721bb68ebfbc930e07b65ba72f2da88968ea5c06fd6ca3d3a127" +checksum = "3a3076410a55c90011c298b04d0cfa770b00fa04e1e3c97d3f6c9de105a03844" [[package]] name = "fnv" From 112554b4ab22a5014da705c36008aa13f869c906 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 09:34:50 -0500 Subject: [PATCH 069/123] build(deps): bump the clap group with 2 updates (#14736) Bumps the clap group with 2 updates: [clap](https://github.com/clap-rs/clap) and [clap_builder](https://github.com/clap-rs/clap). Updates `clap` from 4.5.52 to 4.5.53 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.52...clap_complete-v4.5.53) Updates `clap_builder` from 4.5.52 to 4.5.53 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v4.5.52...v4.5.53) --- updated-dependencies: - dependency-name: clap dependency-version: 4.5.53 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: clap - dependency-name: clap_builder dependency-version: 4.5.53 dependency-type: indirect update-type: version-update:semver-patch dependency-group: clap ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b394a948e1948..c6e7603f7b2d8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.52" +version = "4.5.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa8120877db0e5c011242f96806ce3c94e0737ab8108532a76a3300a01db2ab8" +checksum = "c9e340e012a1bf4935f5282ed1436d1489548e8f72308207ea5df0e23d2d03f8" dependencies = [ "clap_builder", "clap_derive", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.52" +version = "4.5.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02576b399397b659c26064fbc92a75fede9d18ffd5f80ca1cd74ddab167016e1" +checksum = "d76b5d13eaa18c901fd2f7fca939fefe3a0727a953561fefdf3b2922b8569d00" dependencies = [ "anstyle", "clap_lex", From 20aca80d82012f1357a87ccdaf680dc9bedc885b Mon Sep 17 00:00:00 2001 From: Alex Leong Date: Fri, 21 Nov 2025 16:06:46 -0800 Subject: [PATCH 070/123] feat(proxy, proxy-init): Combine proxy and proxy-init and use minimal base image (#14577) To simplify the docker images we ship, we combine the proxy and proxy-init images into a unified image (named proxy) which includes both the proxy and proxy-init binaries. To reduce the security surface area of this unified image, we build it on a minimal Wolfi-based runtime image via apko instead of building on `gcr.io/distroless/cc-debian12`. This allows us to avoid including unused packages such as `libssl` which can cause spurious security scan alerts in our images. In order to build this minimal runtime base image in CI, we start a local temporary registry so that we can push the apko created runtime image and use it as a base image for the proxy image. We update the Linkerd templates to use this new unified proxy image in the linkerd-init container. Signed-off-by: Alex Leong Signed-off-by: Ivan Porta --- .github/actions/docker-build/action.yml | 4 +++ .github/workflows/integration.yml | 5 +++ .github/workflows/release.yml | 5 +++ Dockerfile-proxy => Dockerfile.proxy | 30 +++++++++++++++-- bin/docker-build-proxy | 20 ++++++++++- charts/linkerd-control-plane/values.yaml | 8 ----- charts/partials/templates/_proxy-init.tpl | 5 +-- cli/cmd/doc.go | 8 ----- cli/cmd/inject.go | 7 ---- cli/cmd/inject_test.go | 24 -------------- cli/cmd/install_helm_test.go | 5 --- cli/cmd/install_test.go | 7 +--- cli/cmd/options.go | 20 ----------- .../expected/injected_nginx.yaml | 4 ++- .../expected/injected_nginx_redis.yaml | 8 +++-- .../expected/injected_redis.yaml | 4 ++- cli/cmd/testdata/inject_contour.golden.yml | 4 ++- ...ject_emojivoto_already_injected.golden.yml | 16 ++++++--- .../inject_emojivoto_deployment.golden.yml | 4 ++- ...emojivoto_deployment_access_log.golden.yml | 4 ++- ...omountServiceAccountToken_false.golden.yml | 4 ++- ...ojivoto_deployment_capabilities.golden.yml | 4 ++- ...oto_deployment_config_overrides.golden.yml | 4 ++- ...voto_deployment_controller_name.golden.yml | 8 +++-- ...ject_emojivoto_deployment_debug.golden.yml | 4 ++- ...voto_deployment_empty_resources.golden.yml | 4 ++- ...to_deployment_hostNetwork_false.golden.yml | 4 ++- ...ivoto_deployment_native_sidecar.golden.yml | 4 ++- ...ojivoto_deployment_opaque_ports.golden.yml | 4 ++- ...emojivoto_deployment_overridden.golden.yml | 4 ++- ...ect_emojivoto_deployment_params.golden.yml | 4 ++- ...ojivoto_deployment_proxyignores.golden.yml | 4 ++- ...inject_emojivoto_deployment_udp.golden.yml | 4 ++- .../testdata/inject_emojivoto_list.golden.yml | 8 +++-- ..._emojivoto_list_empty_resources.golden.yml | 8 +++-- .../testdata/inject_emojivoto_pod.golden.yml | 4 ++- .../inject_emojivoto_pod_ingress.golden.yml | 4 ++- ...ject_emojivoto_pod_proxyignores.golden.yml | 4 ++- ...ect_emojivoto_pod_with_requests.golden.yml | 4 ++- .../inject_emojivoto_statefulset.golden.yml | 4 ++- .../inject_gettest_deployment.good.golden.yml | 8 +++-- .../inject_tap_deployment_debug.golden.yml | 4 ++- ...install_controlplane_tracing_output.golden | 13 ++++---- cli/cmd/testdata/install_custom_domain.golden | 13 ++++---- .../testdata/install_custom_registry.golden | 15 ++++----- cli/cmd/testdata/install_default.golden | 13 ++++---- ...stall_default_override_dst_get_nets.golden | 13 ++++---- cli/cmd/testdata/install_default_token.golden | 13 ++++---- cli/cmd/testdata/install_gid_output.golden | 13 ++++---- cli/cmd/testdata/install_ha_output.golden | 13 ++++---- .../install_ha_with_overrides_output.golden | 13 ++++---- .../install_heartbeat_disabled_output.golden | 13 ++++---- .../install_helm_control_plane_output.golden | 13 ++++---- ...nstall_helm_control_plane_output_ha.golden | 13 ++++---- ...lm_control_plane_output_ha_with_gid.golden | 13 ++++---- .../install_helm_output_ha_labels.golden | 13 ++++---- ...l_helm_output_ha_namespace_selector.golden | 13 ++++---- .../testdata/install_no_init_container.golden | 4 --- cli/cmd/testdata/install_output.golden | 15 ++++----- cli/cmd/testdata/install_proxy_ignores.golden | 13 ++++---- cli/cmd/testdata/install_tracing.golden | 13 ++++---- cli/cmd/testdata/install_values_file.golden | 13 ++++---- .../fake/data/pod-cpu-ratio.json | 9 +++-- .../fake/data/pod-log-level.json | 15 +++++---- .../data/pod-with-custom-debug.patch.json | 15 +++++---- .../fake/data/pod-with-debug.patch.json | 15 +++++---- .../data/pod-with-ns-annotations.patch.json | 15 +++++---- .../proxy-injector/fake/data/pod.patch.json | 15 +++++---- justfile | 5 +-- pkg/charts/linkerd2/values.go | 1 - pkg/charts/linkerd2/values_test.go | 16 --------- pkg/healthcheck/healthcheck_test.go | 16 +-------- pkg/healthcheck/sidecar_test.go | 2 +- pkg/inject/inject.go | 14 -------- pkg/inject/inject_test.go | 17 ++-------- pkg/k8s/labels.go | 7 ---- pkg/version/version.go | 4 --- proxy-runtime.yml | 31 +++++++++++++++++ .../integration/install/inject/inject_test.go | 14 +++----- test/integration/install/install_test.go | 4 --- test/integration/multicluster/install_test.go | 3 -- .../upgrade-edge/upgrade_edge_test.go | 4 --- testutil/inject_validator.go | 33 ------------------- 83 files changed, 383 insertions(+), 423 deletions(-) rename Dockerfile-proxy => Dockerfile.proxy (69%) create mode 100644 proxy-runtime.yml diff --git a/.github/actions/docker-build/action.yml b/.github/actions/docker-build/action.yml index e8fc227fb57a1..d8eea4a590353 100644 --- a/.github/actions/docker-build/action.yml +++ b/.github/actions/docker-build/action.yml @@ -28,11 +28,15 @@ runs: - uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 + with: + driver-opts: network=host - env: DOCKER_REGISTRY: ${{ inputs.docker-registry }} DOCKER_TARGET: ${{ inputs.docker-target }} DOCKER_PUSH: ${{ inputs.docker-push }} TAG: ${{ inputs.tag }} + RUNTIME_IMAGE: localhost:5000/linkerd/proxy-runtime:${{ inputs.tag }} + PUSH_RUNTIME_IMAGE: true shell: bash run: bin/docker-build-${{ inputs.component }} diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 88432e25bcc9c..922cc5139d66f 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -80,6 +80,11 @@ jobs: needs: meta if: needs.meta.outputs.changed == 'true' runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} + services: + registry: + image: registry:3 + ports: + - 5000:5000 strategy: matrix: component: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3249c8345b150..79df9d522060d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,6 +37,11 @@ jobs: contents: read packages: write # for docker/login-action id-token: write # for cosign + services: + registry: + image: registry:3 + ports: + - 5000:5000 strategy: matrix: component: diff --git a/Dockerfile-proxy b/Dockerfile.proxy similarity index 69% rename from Dockerfile-proxy rename to Dockerfile.proxy index e0afeb30c4317..3185642923d25 100644 --- a/Dockerfile-proxy +++ b/Dockerfile.proxy @@ -1,5 +1,6 @@ -ARG RUNTIME_IMAGE=gcr.io/distroless/cc-debian12 ARG BUILDPLATFORM=linux/amd64 +ARG RUNTIME_IMAGE="cr.l5d.io/linkerd/proxy-runtime:latest" +ARG TARGETARCH # Precompile key slow-to-build dependencies FROM --platform=$BUILDPLATFORM golang:1.25-alpine AS go-deps @@ -43,8 +44,33 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build -mod=readonly ./pkg/... COPY proxy-identity proxy-identity RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build -o /out/proxy-identity -mod=readonly -ldflags "-s -w" ./proxy-identity -FROM $RUNTIME_IMAGE AS runtime +## build proxy-init +FROM --platform=$BUILDPLATFORM ghcr.io/linkerd/dev:v48-go AS proxy-init +WORKDIR /build +ARG PROXY_INIT_REPO="linkerd/linkerd2-proxy-init" +ARG PROXY_INIT_REF="proxy-init/v2.4.3" +RUN --mount=type=secret,id=github \ + export GITHUB_TOKEN_FILE=/run/secrets/github; \ + git init --initial-branch=main . && \ + git remote add origin https://github.com/${PROXY_INIT_REPO}.git && \ + git fetch --depth 1 origin ${PROXY_INIT_REF} && \ + git checkout --detach FETCH_HEAD +RUN go mod download +ARG TARGETARCH +RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO111MODULE=on \ + go build -o /out/linkerd2-proxy-init -mod=readonly -ldflags "-s -w" -v ./proxy-init + +FROM $RUNTIME_IMAGE-$TARGETARCH AS runtime LABEL org.opencontainers.image.source=https://github.com/linkerd/linkerd2 + +COPY --from=proxy-init /out/linkerd2-proxy-init /usr/lib/linkerd/linkerd2-proxy-init +# Set sys caps for iptables utilities and proxy-init +USER root +RUN ["/usr/sbin/setcap", "cap_net_raw,cap_net_admin+eip", "/usr/sbin/xtables-legacy-multi"] +RUN ["/usr/sbin/setcap", "cap_net_raw,cap_net_admin+eip", "/usr/sbin/xtables-nft-multi"] +RUN ["/usr/sbin/setcap", "cap_net_raw,cap_net_admin+eip", "/usr/lib/linkerd/linkerd2-proxy-init"] +USER 65534 + COPY --from=fetch /build/target/proxy/LICENSE /usr/lib/linkerd/LICENSE COPY --from=fetch /build/proxy-version /usr/lib/linkerd/linkerd2-proxy-version.txt COPY --from=fetch /build/linkerd2-proxy /usr/lib/linkerd/linkerd2-proxy diff --git a/bin/docker-build-proxy b/bin/docker-build-proxy index cec2a6f42575e..cccb58cb396d4 100755 --- a/bin/docker-build-proxy +++ b/bin/docker-build-proxy @@ -2,6 +2,8 @@ set -eu +apko_version=v0.30.13 + if [ $# -ne 0 ]; then echo "no arguments allowed for ${0##*/}, given: $*" >&2 exit 64 @@ -14,8 +16,11 @@ rootdir=$( cd "$bindir"/.. && pwd ) . "$bindir"/_docker.sh # shellcheck source=_tag.sh . "$bindir"/_tag.sh +# shellcheck source=_os.sh +. "$bindir"/_os.sh -dockerfile=$rootdir/Dockerfile-proxy +dockerfile=$rootdir/Dockerfile.proxy +runtime_image="${RUNTIME_IMAGE:-"cr.l5d.io/linkerd/proxy-runtime:${TAG:-$(head_root_tag)}"}" get_extra_options() { options= @@ -25,9 +30,22 @@ get_extra_options() { echo "$options" } +# Build proxy base image with apko +go install chainguard.dev/apko@$apko_version +export PATH=$PATH:$(go env GOPATH)/bin +# Add --local flag unless PUSH_RUNTIME_IMAGE is set +apko build "$rootdir/proxy-runtime.yml" "$runtime_image" "$rootdir/proxy-runtime.tar" +docker load < "$rootdir/proxy-runtime.tar" +if [[ -n "${PUSH_RUNTIME_IMAGE:-}" ]]; then + for arch in "arm64" "amd64"; do + docker push "$runtime_image-$arch" + done +fi + # We want wordsplit for the extra options here: # shellcheck disable=SC2046 docker_build proxy "${TAG:-$(head_root_tag)}" "$dockerfile" \ + --build-arg RUNTIME_IMAGE="$runtime_image" \ --build-arg LINKERD_VERSION="${TAG:-$(head_root_tag)}" \ --build-arg LINKERD2_PROXY_REPO="${LINKERD2_PROXY_REPO:-linkerd/linkerd2-proxy}" \ --build-arg LINKERD2_PROXY_VERSION="${LINKERD2_PROXY_VERSION:-$(cat .proxy-version)}" \ diff --git a/charts/linkerd-control-plane/values.yaml b/charts/linkerd-control-plane/values.yaml index a021e3586f8dd..0735571633230 100644 --- a/charts/linkerd-control-plane/values.yaml +++ b/charts/linkerd-control-plane/values.yaml @@ -349,14 +349,6 @@ proxyInit: # -- Log format (`plain` or `json`) for the proxy-init # @default -- plain logFormat: "" - image: - # -- Docker image for the proxy-init container - name: cr.l5d.io/linkerd/proxy-init - # -- Pull policy for the proxy-init container image - # @default -- imagePullPolicy - pullPolicy: "" - # -- Tag for the proxy-init container image - version: v2.4.3 # -- Changes the default value for the nf_conntrack_tcp_timeout_close_wait # kernel parameter. If used, runAsRoot needs to be true. closeWaitTimeoutSecs: 0 diff --git a/charts/partials/templates/_proxy-init.tpl b/charts/partials/templates/_proxy-init.tpl index 5e513dd220ea3..9ba2d183d481e 100644 --- a/charts/partials/templates/_proxy-init.tpl +++ b/charts/partials/templates/_proxy-init.tpl @@ -46,8 +46,9 @@ args: - --subnets-to-ignore - {{ .Values.proxyInit.skipSubnets | quote }} {{- end }} -image: {{.Values.proxyInit.image.name}}:{{.Values.proxyInit.image.version}} -imagePullPolicy: {{.Values.proxyInit.image.pullPolicy | default .Values.imagePullPolicy}} +image: {{.Values.proxy.image.name}}:{{.Values.proxy.image.version | default .Values.linkerdVersion}} +command: ["/usr/lib/linkerd/linkerd2-proxy-init"] +imagePullPolicy: {{.Values.proxy.image.pullPolicy | default .Values.imagePullPolicy}} name: linkerd-init {{ include "partials.resources" .Values.proxy.resources }} securityContext: diff --git a/cli/cmd/doc.go b/cli/cmd/doc.go index 8d4a6a21e83d9..30b1bd2a61ff1 100644 --- a/cli/cmd/doc.go +++ b/cli/cmd/doc.go @@ -128,14 +128,6 @@ func generateAnnotationsDocs() []annotationDoc { Name: k8s.ProxyImagePullPolicyAnnotation, Description: "Docker image pull policy", }, - { - Name: k8s.ProxyInitImageAnnotation, - Description: "Linkerd init container image name", - }, - { - Name: k8s.ProxyInitImageVersionAnnotation, - Description: "Linkerd init container image version", - }, { Name: k8s.DebugImageAnnotation, Description: "Linkerd debug container image name", diff --git a/cli/cmd/inject.go b/cli/cmd/inject.go index 2f4156bdc6006..cbd1a5f2368ae 100644 --- a/cli/cmd/inject.go +++ b/cli/cmd/inject.go @@ -417,17 +417,10 @@ func getOverrideAnnotations(values *linkerd2.Values, base *linkerd2.Values) map[ if proxy.Image.Name != baseProxy.Image.Name { overrideAnnotations[k8s.ProxyImageAnnotation] = proxy.Image.Name } - if values.ProxyInit.Image.Name != base.ProxyInit.Image.Name { - overrideAnnotations[k8s.ProxyInitImageAnnotation] = values.ProxyInit.Image.Name - } if values.DebugContainer.Image.Name != base.DebugContainer.Image.Name { overrideAnnotations[k8s.DebugImageAnnotation] = values.DebugContainer.Image.Name } - if values.ProxyInit.Image.Version != base.ProxyInit.Image.Version { - overrideAnnotations[k8s.ProxyInitImageVersionAnnotation] = values.ProxyInit.Image.Version - } - if values.DebugContainer.Image.Version != base.DebugContainer.Image.Version { overrideAnnotations[k8s.DebugImageVersionAnnotation] = values.DebugContainer.Image.Version } diff --git a/cli/cmd/inject_test.go b/cli/cmd/inject_test.go index eeb735e76df33..5fb1276d523d2 100644 --- a/cli/cmd/inject_test.go +++ b/cli/cmd/inject_test.go @@ -782,30 +782,6 @@ func TestProxyImageAnnotations(t *testing.T) { diffOverrides(t, expectedOverrides, overrides) } -func TestProxyInitImageAnnotations(t *testing.T) { - baseValues, err := linkerd2.NewValues() - if err != nil { - t.Fatal(err) - } - values, err := baseValues.DeepCopy() - if err != nil { - t.Fatal(err) - } - values.ProxyInit.Image = &linkerd2.Image{ - Name: "my.registry/linkerd/proxy-init", - Version: "test-proxy-init-version", - } - - expectedOverrides := map[string]string{ - k8s.ProxyInitImageAnnotation: "my.registry/linkerd/proxy-init", - k8s.ProxyInitImageVersionAnnotation: "test-proxy-init-version", - } - - overrides := getOverrideAnnotations(values, baseValues) - - diffOverrides(t, expectedOverrides, overrides) -} - func TestNoAnnotations(t *testing.T) { baseValues, err := linkerd2.NewValues() if err != nil { diff --git a/cli/cmd/install_helm_test.go b/cli/cmd/install_helm_test.go index b963460df7549..821106db68149 100644 --- a/cli/cmd/install_helm_test.go +++ b/cli/cmd/install_helm_test.go @@ -113,11 +113,6 @@ func testRenderHelm(t *testing.T, linkerd2Chart *chart.Chart, additionalValues m "version":"test-proxy-version" } }, - "proxyInit":{ - "image":{ - "version":"test-proxy-init-version" - } - }, "identity":{ "issuer":{ "tls":{ diff --git a/cli/cmd/install_test.go b/cli/cmd/install_test.go index 07b36c4217db5..1aa1d57c2f647 100644 --- a/cli/cmd/install_test.go +++ b/cli/cmd/install_test.go @@ -151,12 +151,7 @@ func TestRender(t *testing.T) { }, }, ProxyInit: &charts.ProxyInit{ - IptablesMode: "legacy", - Image: &charts.Image{ - Name: "ProxyInitImageName", - PullPolicy: "ImagePullPolicy", - Version: "ProxyInitVersion", - }, + IptablesMode: "legacy", IgnoreOutboundPorts: "443", XTMountPath: &charts.VolumeMountPath{ MountPath: "/run", diff --git a/cli/cmd/options.go b/cli/cmd/options.go index 7649a5d896e74..7d09d307b2557 100644 --- a/cli/cmd/options.go +++ b/cli/cmd/options.go @@ -253,23 +253,10 @@ func makeProxyFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet) { return nil }), - flag.NewStringFlag(proxyFlags, "init-image", defaults.ProxyInit.Image.Name, "Linkerd init container image name", - func(values *l5dcharts.Values, value string) error { - values.ProxyInit.Image.Name = value - return nil - }), - - flag.NewStringFlag(proxyFlags, "init-image-version", defaults.ProxyInit.Image.Version, - "Linkerd init container image version", func(values *l5dcharts.Values, value string) error { - values.ProxyInit.Image.Version = value - return nil - }), - flag.NewStringFlag(proxyFlags, "image-pull-policy", defaults.ImagePullPolicy, "Docker image pull policy", func(values *l5dcharts.Values, value string) error { values.ImagePullPolicy = value values.Proxy.Image.PullPolicy = value - values.ProxyInit.Image.PullPolicy = value values.DebugContainer.Image.PullPolicy = value return nil }), @@ -409,7 +396,6 @@ func makeProxyFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet) { values.ControllerImage = cmd.RegistryOverride(values.ControllerImage, value) values.DebugContainer.Image.Name = cmd.RegistryOverride(values.DebugContainer.Image.Name, value) values.Proxy.Image.Name = cmd.RegistryOverride(values.Proxy.Image.Name, value) - values.ProxyInit.Image.Name = cmd.RegistryOverride(values.ProxyInit.Image.Name, value) return nil }) if reg := os.Getenv(flagspkg.EnvOverrideDockerRegistry); reg != "" { @@ -430,8 +416,6 @@ func makeProxyFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet) { proxyFlags.MarkHidden("proxy-image") proxyFlags.MarkHidden("proxy-version") proxyFlags.MarkHidden("image-pull-policy") - proxyFlags.MarkHidden("init-image") - proxyFlags.MarkHidden("init-image-version") } return flags, proxyFlags @@ -573,10 +557,6 @@ func validateProxyValues(values *l5dcharts.Values) error { return fmt.Errorf("%s is not a valid version", values.Proxy.Image.Version) } - if !alphaNumDashDot.MatchString(values.ProxyInit.Image.Version) { - return fmt.Errorf("%s is not a valid version", values.ProxyInit.Image.Version) - } - if values.ImagePullPolicy != "Always" && values.ImagePullPolicy != "IfNotPresent" && values.ImagePullPolicy != "Never" { return fmt.Errorf("--image-pull-policy must be one of: Always, IfNotPresent, Never") } diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml index 6bceffcb10fce..bd15cf248548b 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml @@ -218,7 +218,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:install-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml index 290ccba07a5bf..b5ddf991bfe15 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml @@ -218,7 +218,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:install-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: @@ -472,7 +474,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:install-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml index 999344afac1be..3ba5da26f744c 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml @@ -218,7 +218,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:install-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_contour.golden.yml b/cli/cmd/testdata/inject_contour.golden.yml index 4ff12a5c2cc85..157d96561ac70 100644 --- a/cli/cmd/testdata/inject_contour.golden.yml +++ b/cli/cmd/testdata/inject_contour.golden.yml @@ -258,7 +258,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml index e01f63fd622d6..8c5c4ec7834cd 100644 --- a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml @@ -229,7 +229,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: @@ -494,7 +496,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: @@ -759,7 +763,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: @@ -1024,7 +1030,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml index 21c327d526a5c..e6cc355b8a73f 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml @@ -229,7 +229,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml index 6830f136a28d6..80979bfdbe4ba 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml @@ -232,7 +232,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml index a362a4959f6e9..68a6549b4ccb6 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml @@ -221,7 +221,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:testinjectversion imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml index 706ae5216c18c..3b5b7e5f59b34 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml @@ -243,7 +243,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml index 648fdd2328543..496a67a646248 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml @@ -246,7 +246,9 @@ spec: - 4190,9998,7777,8888 - --outbound-ports-to-ignore - "9999" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:override imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml index b4dbfd4b6547c..719f25fc2e20e 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml @@ -229,7 +229,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: @@ -494,7 +496,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml index d6c89899e5a9d..39d990b487217 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml @@ -242,7 +242,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml index 4569a5d976c5c..d140010ddda6a 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml @@ -229,7 +229,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml index bab24f11599df..313b911e909bd 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml @@ -230,7 +230,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml index 8e916e7cc17aa..f34652d89ea3d 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml @@ -53,7 +53,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml index a3575f103166f..1b070055eab0e 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml @@ -230,7 +230,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml index 88a233384e85d..9d6acbf766b92 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml @@ -230,7 +230,9 @@ spec: - 4190,1234,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_params.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_params.golden.yml index 09402789f2cf2..82be8fd606d2f 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_params.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_params.golden.yml @@ -229,7 +229,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml index a2c8926de43be..1d9f55aa3582b 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml @@ -231,7 +231,9 @@ spec: - 4190,4191,22,8100-8102 - --outbound-ports-to-ignore - "5432" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml index 10fba99879809..a18078f782286 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml @@ -231,7 +231,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_list.golden.yml b/cli/cmd/testdata/inject_emojivoto_list.golden.yml index 7c9d34b962299..64d24ce09b7fb 100644 --- a/cli/cmd/testdata/inject_emojivoto_list.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list.golden.yml @@ -231,7 +231,9 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: @@ -490,7 +492,9 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml index 7fd6cfc5b80f2..1c2d5999b8dd5 100644 --- a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml @@ -231,7 +231,9 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: @@ -490,7 +492,9 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml index 8a7301051facb..41928a37b9112 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml @@ -213,7 +213,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml index 08fd0944c3b32..a1310822709e3 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml @@ -216,7 +216,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml index 630af381022e4..123a89d76717b 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml @@ -215,7 +215,9 @@ spec: - 4190,4191,22,8100-8102 - --outbound-ports-to-ignore - "5432" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml index 50b4a484c1852..b79d53c2707f9 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml @@ -224,7 +224,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml index 699e6097ff2cd..776308d30b5df 100644 --- a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml @@ -230,7 +230,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml index a073c7a7060ef..9e20bccfba161 100644 --- a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml +++ b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml @@ -231,7 +231,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:testinjectversion imagePullPolicy: IfNotPresent name: linkerd-init securityContext: @@ -498,7 +500,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:testinjectversion imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml index 8976836374694..05e9e0a419977 100644 --- a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml @@ -292,7 +292,9 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + command: + - /usr/lib/linkerd/linkerd2-proxy-init + image: cr.l5d.io/linkerd/proxy:test-inject-proxy-version imagePullPolicy: IfNotPresent name: linkerd-init securityContext: diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index ae27b0c9f954c..f0e3131c0dc62 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1207,7 +1203,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1748,7 +1745,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2178,7 +2176,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_custom_domain.golden b/cli/cmd/testdata/install_custom_domain.golden index 7915dfbbf4e95..f1d6be18ae7df 100644 --- a/cli/cmd/testdata/install_custom_domain.golden +++ b/cli/cmd/testdata/install_custom_domain.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1205,7 +1201,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1744,7 +1741,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2174,7 +2172,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index 75babc34aa85f..5f5c40fa7ef46 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: my.custom.registry/linkerd-io/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1205,7 +1201,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: my.custom.registry/linkerd-io/proxy-init:v2.4.3 + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1744,7 +1741,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: my.custom.registry/linkerd-io/proxy-init:v2.4.3 + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2174,7 +2172,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: my.custom.registry/linkerd-io/proxy-init:v2.4.3 + image: my.custom.registry/linkerd-io/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2263,7 +2262,7 @@ spec: --- apiVersion: v1 data: - linkerd-config-overrides: Y29udHJvbGxlckltYWdlOiBteS5jdXN0b20ucmVnaXN0cnkvbGlua2VyZC1pby9jb250cm9sbGVyCmRlYnVnQ29udGFpbmVyOgogIGltYWdlOgogICAgbmFtZTogbXkuY3VzdG9tLnJlZ2lzdHJ5L2xpbmtlcmQtaW8vZGVidWcKICAgIHZlcnNpb246IGluc3RhbGwtZGVidWctdmVyc2lvbgpoZWFydGJlYXRTY2hlZHVsZTogMSAyIDMgNCA1CmlkZW50aXR5OgogIGlzc3VlcjoKICAgIHRsczoKICAgICAgY3J0UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICAgICAgTUlJQndEQ0NBV2VnQXdJQkFnSVJBSlJJZ1o4UnRPOEV3ZzFYZXBmOFQ0NHdDZ1lJS29aSXpqMEVBd0l3S1RFbgogICAgICAgIE1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQjRYRFRJd01EZ3kKICAgICAgICBPREEzTVRNME4xb1hEVE13TURneU5qQTNNVE0wTjFvd0tURW5NQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1CiAgICAgICAgYTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMS9GcAogICAgICAgIGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MmRRdlJhWWFudXhEMzZEdDEKICAgICAgICAyL0p4eWlTZ3hLV1Jkb2F5K2FOd01HNHdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCCiAgICAgICAgQWY4Q0FRQXdIUVlEVlIwT0JCWUVGSTFXbnJxTVlLYUhIT28renB5aWlEcTJwTzBLTUNrR0ExVWRFUVFpTUNDQwogICAgICAgIEhtbGtaVzUwYVhSNUxteHBibXRsY21RdVkyeDFjM1JsY2k1c2IyTmhiREFLQmdncWhrak9QUVFEQWdOSEFEQkUKICAgICAgICBBaUF0dW9JNVh1Q3RyR1ZSelNtUlRsMnJhMjhhVjlNeVRVN2Q1cW5UQUZIS1NnSWdSS0N2bHVPU2dBNU8yMXA1CiAgICAgICAgNTF0ZHJta0hFWlJyMHFsTFNKZEhZZ0VmTXprPQogICAgICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KICAgICAga2V5UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCiAgICAgICAgTUhjQ0FRRUVJQUFlOG5mYnpadTljL09CMis4eEpNMEZ6N05Vd1RRYXp1bGtGTnM0VEk1K29Bb0dDQ3FHU000OQogICAgICAgIEF3RUhvVVFEUWdBRTEvRnBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzIKICAgICAgICBkUXZSYVlhbnV4RDM2RHQxMi9KeHlpU2d4S1dSZG9heStRPT0KICAgICAgICAtLS0tLUVORCBFQyBQUklWQVRFIEtFWS0tLS0tCmlkZW50aXR5VHJ1c3RBbmNob3JzUEVNOiB8CiAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgTUlJQndUQ0NBV2FnQXdJQkFnSVFlRFpwNWxEYUl5Z1E1VWZNS1pyRkFUQUtCZ2dxaGtqT1BRUURBakFwTVNjdwogIEpRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXJaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dIaGNOTWpBd09ESTQKICBNRGN4TWpRM1doY05NekF3T0RJMk1EY3hNalEzV2pBcE1TY3dKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyCiAgWlhKa0xtTnNkWE4wWlhJdWJHOWpZV3d3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVJxYzcwWgogIGwxdmd3NzlyakI1dVNJVElDVUE2R3lmdlNGZmN1SWlzN0IvWEZTa2t3QUhVNVMvczFBQVArUjBUWDdIQldVQzQKICB1YUc0V1dzaXdKS05uN21nbzNBd2JqQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCCiAgL3dJQkFUQWRCZ05WSFE0RUZnUVU1WXRqVlZQZmQ3STdOTEhzbjJDMjZFQnlHVjB3S1FZRFZSMFJCQ0l3SUlJZQogIGFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUMKICBJUUNON2xCRkxERHZqeDZWMCtYa2pwS0VSUnNKWWY1YWRNdm5sb0ZsNDhpbEpnSWhBTnR4aG5kY3IrUUpQdUM4CiAgdmdVQzBkMi85Rk11ZUlWTWIrNDZXVENPanNxcgogIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KbGlua2VyZFZlcnNpb246IGluc3RhbGwtY29udHJvbC1wbGFuZS12ZXJzaW9uCnBvbGljeVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcG9saWN5IHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcm9maWxlVmFsaWRhdG9yOgogIGNhQnVuZGxlOiBwcm9maWxlIHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcm94eToKICBpbWFnZToKICAgIG5hbWU6IG15LmN1c3RvbS5yZWdpc3RyeS9saW5rZXJkLWlvL3Byb3h5CiAgICB2ZXJzaW9uOiBpbnN0YWxsLXByb3h5LXZlcnNpb24KcHJveHlJbml0OgogIGltYWdlOgogICAgbmFtZTogbXkuY3VzdG9tLnJlZ2lzdHJ5L2xpbmtlcmQtaW8vcHJveHktaW5pdApwcm94eUluamVjdG9yOgogIGNhQnVuZGxlOiBwcm94eSBpbmplY3RvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQo= + linkerd-config-overrides: Y29udHJvbGxlckltYWdlOiBteS5jdXN0b20ucmVnaXN0cnkvbGlua2VyZC1pby9jb250cm9sbGVyCmRlYnVnQ29udGFpbmVyOgogIGltYWdlOgogICAgbmFtZTogbXkuY3VzdG9tLnJlZ2lzdHJ5L2xpbmtlcmQtaW8vZGVidWcKICAgIHZlcnNpb246IGluc3RhbGwtZGVidWctdmVyc2lvbgpoZWFydGJlYXRTY2hlZHVsZTogMSAyIDMgNCA1CmlkZW50aXR5OgogIGlzc3VlcjoKICAgIHRsczoKICAgICAgY3J0UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICAgICAgTUlJQndEQ0NBV2VnQXdJQkFnSVJBSlJJZ1o4UnRPOEV3ZzFYZXBmOFQ0NHdDZ1lJS29aSXpqMEVBd0l3S1RFbgogICAgICAgIE1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQjRYRFRJd01EZ3kKICAgICAgICBPREEzTVRNME4xb1hEVE13TURneU5qQTNNVE0wTjFvd0tURW5NQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1CiAgICAgICAgYTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMS9GcAogICAgICAgIGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MmRRdlJhWWFudXhEMzZEdDEKICAgICAgICAyL0p4eWlTZ3hLV1Jkb2F5K2FOd01HNHdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCCiAgICAgICAgQWY4Q0FRQXdIUVlEVlIwT0JCWUVGSTFXbnJxTVlLYUhIT28renB5aWlEcTJwTzBLTUNrR0ExVWRFUVFpTUNDQwogICAgICAgIEhtbGtaVzUwYVhSNUxteHBibXRsY21RdVkyeDFjM1JsY2k1c2IyTmhiREFLQmdncWhrak9QUVFEQWdOSEFEQkUKICAgICAgICBBaUF0dW9JNVh1Q3RyR1ZSelNtUlRsMnJhMjhhVjlNeVRVN2Q1cW5UQUZIS1NnSWdSS0N2bHVPU2dBNU8yMXA1CiAgICAgICAgNTF0ZHJta0hFWlJyMHFsTFNKZEhZZ0VmTXprPQogICAgICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KICAgICAga2V5UEVNOiB8CiAgICAgICAgLS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCiAgICAgICAgTUhjQ0FRRUVJQUFlOG5mYnpadTljL09CMis4eEpNMEZ6N05Vd1RRYXp1bGtGTnM0VEk1K29Bb0dDQ3FHU000OQogICAgICAgIEF3RUhvVVFEUWdBRTEvRnBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzIKICAgICAgICBkUXZSYVlhbnV4RDM2RHQxMi9KeHlpU2d4S1dSZG9heStRPT0KICAgICAgICAtLS0tLUVORCBFQyBQUklWQVRFIEtFWS0tLS0tCmlkZW50aXR5VHJ1c3RBbmNob3JzUEVNOiB8CiAgLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgTUlJQndUQ0NBV2FnQXdJQkFnSVFlRFpwNWxEYUl5Z1E1VWZNS1pyRkFUQUtCZ2dxaGtqT1BRUURBakFwTVNjdwogIEpRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXJaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dIaGNOTWpBd09ESTQKICBNRGN4TWpRM1doY05NekF3T0RJMk1EY3hNalEzV2pBcE1TY3dKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyCiAgWlhKa0xtTnNkWE4wWlhJdWJHOWpZV3d3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVJxYzcwWgogIGwxdmd3NzlyakI1dVNJVElDVUE2R3lmdlNGZmN1SWlzN0IvWEZTa2t3QUhVNVMvczFBQVArUjBUWDdIQldVQzQKICB1YUc0V1dzaXdKS05uN21nbzNBd2JqQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCCiAgL3dJQkFUQWRCZ05WSFE0RUZnUVU1WXRqVlZQZmQ3STdOTEhzbjJDMjZFQnlHVjB3S1FZRFZSMFJCQ0l3SUlJZQogIGFXUmxiblJwZEhrdWJHbHVhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUMKICBJUUNON2xCRkxERHZqeDZWMCtYa2pwS0VSUnNKWWY1YWRNdm5sb0ZsNDhpbEpnSWhBTnR4aG5kY3IrUUpQdUM4CiAgdmdVQzBkMi85Rk11ZUlWTWIrNDZXVENPanNxcgogIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KbGlua2VyZFZlcnNpb246IGluc3RhbGwtY29udHJvbC1wbGFuZS12ZXJzaW9uCnBvbGljeVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcG9saWN5IHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcm9maWxlVmFsaWRhdG9yOgogIGNhQnVuZGxlOiBwcm9maWxlIHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcm94eToKICBpbWFnZToKICAgIG5hbWU6IG15LmN1c3RvbS5yZWdpc3RyeS9saW5rZXJkLWlvL3Byb3h5CiAgICB2ZXJzaW9uOiBpbnN0YWxsLXByb3h5LXZlcnNpb24KcHJveHlJbmplY3RvcjoKICBjYUJ1bmRsZTogcHJveHkgaW5qZWN0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUK kind: Secret metadata: labels: diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index 7915dfbbf4e95..f1d6be18ae7df 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1205,7 +1201,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1744,7 +1741,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2174,7 +2172,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_default_override_dst_get_nets.golden b/cli/cmd/testdata/install_default_override_dst_get_nets.golden index 307c6175fd4f9..21419b00c9002 100644 --- a/cli/cmd/testdata/install_default_override_dst_get_nets.golden +++ b/cli/cmd/testdata/install_default_override_dst_get_nets.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1205,7 +1201,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1744,7 +1741,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2174,7 +2172,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_default_token.golden b/cli/cmd/testdata/install_default_token.golden index 282bb5000dc46..42ddb15267e5a 100644 --- a/cli/cmd/testdata/install_default_token.golden +++ b/cli/cmd/testdata/install_default_token.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1203,7 +1199,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1733,7 +1730,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2154,7 +2152,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_gid_output.golden b/cli/cmd/testdata/install_gid_output.golden index 479788d71b0de..6ea93a5e20926 100755 --- a/cli/cmd/testdata/install_gid_output.golden +++ b/cli/cmd/testdata/install_gid_output.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1209,7 +1205,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1754,7 +1751,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2189,7 +2187,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index f1d7bba1bef06..99dcba3ea2e94 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -808,10 +808,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1288,7 +1284,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1879,7 +1876,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2351,7 +2349,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 2a74860ab550a..b1f5407b24b61 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -808,10 +808,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1288,7 +1284,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1879,7 +1876,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2351,7 +2349,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index bb08a48a98a3f..42344f4bf6d31 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -712,10 +712,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1136,7 +1132,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1675,7 +1672,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2021,7 +2019,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_control_plane_output.golden b/cli/cmd/testdata/install_helm_control_plane_output.golden index 0b6ecf7f8fece..384b4dc8ceb1d 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output.golden @@ -758,10 +758,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: "222" ignoreOutboundPorts: "111" - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: test-proxy-init-version iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1178,7 +1174,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1719,7 +1716,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2153,7 +2151,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden index 31245f4116427..6d85137673d52 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden @@ -785,10 +785,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: "222" ignoreOutboundPorts: "111" - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: test-proxy-init-version iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1261,7 +1257,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1854,7 +1851,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2330,7 +2328,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_control_plane_output_ha_with_gid.golden b/cli/cmd/testdata/install_helm_control_plane_output_ha_with_gid.golden index 30ff784d0f4e3..b8d04948de559 100755 --- a/cli/cmd/testdata/install_helm_control_plane_output_ha_with_gid.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output_ha_with_gid.golden @@ -785,10 +785,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: "222" ignoreOutboundPorts: "111" - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: test-proxy-init-version iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1265,7 +1261,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1864,7 +1861,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2345,7 +2343,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_output_ha_labels.golden b/cli/cmd/testdata/install_helm_output_ha_labels.golden index bf2d25bdd7ff8..24c6e7a0f9b76 100644 --- a/cli/cmd/testdata/install_helm_output_ha_labels.golden +++ b/cli/cmd/testdata/install_helm_output_ha_labels.golden @@ -789,10 +789,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: "444" ignoreOutboundPorts: "333" - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: test-proxy-init-version iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1269,7 +1265,8 @@ spec: - "4190,4191,444" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1866,7 +1863,8 @@ spec: - "4190,4191,444" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2350,7 +2348,8 @@ spec: - "4190,4191,444" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden index bad2061302c37..b1ed1264ac44f 100644 --- a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden +++ b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden @@ -780,10 +780,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: "222" ignoreOutboundPorts: "111" - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: test-proxy-init-version iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1251,7 +1247,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1844,7 +1841,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2320,7 +2318,8 @@ spec: - "4190,4191,222" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:test-proxy-init-version + image: cr.l5d.io/linkerd/proxy:test-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index 8c05e89a8cf2c..b6b4a3dc5d39d 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index 2811f0d9ecd42..de0e9be4d2a5e 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -733,10 +733,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: "" ignoreOutboundPorts: "443" - image: - name: ProxyInitImageName - pullPolicy: ImagePullPolicy - version: ProxyInitVersion iptablesMode: legacy kubeAPIServerPorts: "" logFormat: "" @@ -1136,7 +1132,8 @@ spec: - "2102" - --inbound-ports-to-ignore - "4190,4191" - image: ProxyInitImageName:ProxyInitVersion + image: ProxyImageName:ProxyVersion + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: ImagePullPolicy name: linkerd-init resources: @@ -1671,7 +1668,8 @@ spec: - "2102" - --inbound-ports-to-ignore - "4190,4191" - image: ProxyInitImageName:ProxyInitVersion + image: ProxyImageName:ProxyVersion + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: ImagePullPolicy name: linkerd-init resources: @@ -2093,7 +2091,8 @@ spec: - "2102" - --inbound-ports-to-ignore - "4190,4191" - image: ProxyInitImageName:ProxyInitVersion + image: ProxyImageName:ProxyVersion + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: ImagePullPolicy name: linkerd-init resources: @@ -2189,7 +2188,7 @@ spec: --- apiVersion: v1 data: - linkerd-config-overrides: Y2xpVmVyc2lvbjogQ2xpVmVyc2lvbgpjbHVzdGVyTmV0d29ya3M6IENsdXN0ZXJOZXR3b3Jrcwpjb250cm9sbGVyR0lEOiAyMTAzCmNvbnRyb2xsZXJJbWFnZTogQ29udHJvbGxlckltYWdlCmNvbnRyb2xsZXJMb2dGb3JtYXQ6IENvbnRyb2xsZXJMb2dGb3JtYXQKY29udHJvbGxlckxvZ0xldmVsOiBDb250cm9sbGVyTG9nTGV2ZWwKZGVidWdDb250YWluZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBEZWJ1Z0ltYWdlTmFtZQogICAgcHVsbFBvbGljeTogRGVidWdJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IERlYnVnVmVyc2lvbgpkaXNhYmxlSVB2NjogZmFsc2UKZW5hYmxlRW5kcG9pbnRTbGljZXM6IGZhbHNlCmhlYXJ0YmVhdFNjaGVkdWxlOiAxIDIgMyA0IDUKaWRlbnRpdHk6CiAgaXNzdWVyOgogICAgdGxzOgogICAgICBjcnRQRU06IHwKICAgICAgICAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KICAgICAgICBNSUlCd0RDQ0FXZWdBd0lCQWdJUkFKUklnWjhSdE84RXdnMVhlcGY4VDQ0d0NnWUlLb1pJemowRUF3SXdLVEVuCiAgICAgICAgTUNVR0ExVUVBeE1lYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01CNFhEVEl3TURneQogICAgICAgIE9EQTNNVE0wTjFvWERUTXdNRGd5TmpBM01UTTBOMW93S1RFbk1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHUKICAgICAgICBhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUxL0ZwCiAgICAgICAgZmNSbkRjZWRMNkFqVWFYWVB2NERJTUJhSnVmT0k1Tld0eStYU1g3SmpYZ1p0TTcyZFF2UmFZYW51eEQzNkR0MQogICAgICAgIDIvSnh5aVNneEtXUmRvYXkrYU53TUc0d0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUIKICAgICAgICBBZjhDQVFBd0hRWURWUjBPQkJZRUZJMVducnFNWUthSEhPbyt6cHlpaURxMnBPMEtNQ2tHQTFVZEVRUWlNQ0NDCiAgICAgICAgSG1sa1pXNTBhWFI1TG14cGJtdGxjbVF1WTJ4MWMzUmxjaTVzYjJOaGJEQUtCZ2dxaGtqT1BRUURBZ05IQURCRQogICAgICAgIEFpQXR1b0k1WHVDdHJHVlJ6U21SVGwycmEyOGFWOU15VFU3ZDVxblRBRkhLU2dJZ1JLQ3ZsdU9TZ0E1TzIxcDUKICAgICAgICA1MXRkcm1rSEVaUnIwcWxMU0pkSFlnRWZNems9CiAgICAgICAgLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQogICAgICBrZXlQRU06IHwKICAgICAgICAtLS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KICAgICAgICBNSGNDQVFFRUlBQWU4bmZielp1OWMvT0IyKzh4Sk0wRno3TlV3VFFhenVsa0ZOczRUSTUrb0FvR0NDcUdTTTQ5CiAgICAgICAgQXdFSG9VUURRZ0FFMS9GcGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MgogICAgICAgIGRRdlJhWWFudXhEMzZEdDEyL0p4eWlTZ3hLV1Jkb2F5K1E9PQogICAgICAgIC0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0KaWRlbnRpdHlUcnVzdEFuY2hvcnNQRU06IHwKICAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KICBNSUlCd1RDQ0FXYWdBd0lCQWdJUWVEWnA1bERhSXlnUTVVZk1LWnJGQVRBS0JnZ3Foa2pPUFFRREFqQXBNU2N3CiAgSlFZRFZRUURFeDVwWkdWdWRHbDBlUzVzYVc1clpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d0hoY05NakF3T0RJNAogIE1EY3hNalEzV2hjTk16QXdPREkyTURjeE1qUTNXakFwTVNjd0pRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXIKICBaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBUnFjNzBaCiAgbDF2Z3c3OXJqQjV1U0lUSUNVQTZHeWZ2U0ZmY3VJaXM3Qi9YRlNra3dBSFU1Uy9zMUFBUCtSMFRYN0hCV1VDNAogIHVhRzRXV3Npd0pLTm43bWdvM0F3YmpBT0JnTlZIUThCQWY4RUJBTUNBUVl3RWdZRFZSMFRBUUgvQkFnd0JnRUIKICAvd0lCQVRBZEJnTlZIUTRFRmdRVTVZdGpWVlBmZDdJN05MSHNuMkMyNkVCeUdWMHdLUVlEVlIwUkJDSXdJSUllCiAgYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Bb0dDQ3FHU000OUJBTUNBMGtBTUVZQwogIElRQ043bEJGTEREdmp4NlYwK1hranBLRVJSc0pZZjVhZE12bmxvRmw0OGlsSmdJaEFOdHhobmRjcitRSlB1QzgKICB2Z1VDMGQyLzlGTXVlSVZNYis0NldUQ09qc3FyCiAgLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQppbWFnZVB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQppbWFnZVB1bGxTZWNyZXRzOiBudWxsCmxpbmtlcmRWZXJzaW9uOiBMaW5rZXJkVmVyc2lvbgpuZXR3b3JrVmFsaWRhdG9yOgogIGNvbm5lY3RBZGRyOiAxLjEuMS4xOjIwMDAxCiAgbGlzdGVuQWRkcjogJ1s6Ol06NDE0MCcKICBzZWN1cml0eUNvbnRleHQ6IG51bGwKcG9kTW9uaXRvcjogbnVsbApwb2xpY3lDb250cm9sbGVyOgogIGxvZ0xldmVsOiBsb2ctbGV2ZWwKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIGxpbWl0OiBjcHUtbGltaXQKICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgIG1lbW9yeToKICAgICAgbGltaXQ6IG1lbW9yeS1saW1pdAogICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdApwb2xpY3lWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHBvbGljeSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJpb3JpdHlDbGFzc05hbWU6IFByaW9yaXR5Q2xhc3NOYW1lCnByb2ZpbGVWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHByb2ZpbGUgdmFsaWRhdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCnByb3h5OgogIGNvbnRyb2w6IG51bGwKICBkZWZhdWx0SW5ib3VuZFBvbGljeTogZGVmYXVsdC1hbGxvdy1wb2xpY3kKICBnaWQ6IDIxMDIKICBpbWFnZToKICAgIG5hbWU6IFByb3h5SW1hZ2VOYW1lCiAgICBwdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IFByb3h5VmVyc2lvbgogIGluYm91bmRDb25uZWN0VGltZW91dDogIiIKICBpbmJvdW5kRGlzY292ZXJ5Q2FjaGVVbnVzZWRUaW1lb3V0OiAiIgogIGxvZ0xldmVsOiB3YXJuLGxpbmtlcmQ9aW5mbwogIG9wYXF1ZVBvcnRzOiAyNSw0NDMsNTg3LDMzMDYsNTQzMiwxMTIxMQogIG91dGJvdW5kQ29ubmVjdFRpbWVvdXQ6ICIiCiAgb3V0Ym91bmREaXNjb3ZlcnlDYWNoZVVudXNlZFRpbWVvdXQ6ICIiCiAgb3V0Ym91bmRUcmFuc3BvcnRNb2RlOiAiIgogIHJlc291cmNlczoKICAgIGNwdToKICAgICAgbGltaXQ6IGNwdS1saW1pdAogICAgICByZXF1ZXN0OiBjcHUtcmVxdWVzdAogICAgbWVtb3J5OgogICAgICBsaW1pdDogbWVtb3J5LWxpbWl0CiAgICAgIHJlcXVlc3Q6IG1lbW9yeS1yZXF1ZXN0CiAgc2VjdXJpdHlDb250ZXh0OiBudWxsCiAgc3RhcnR1cFByb2JlOiBudWxsCnByb3h5Q29udGFpbmVyTmFtZTogUHJveHlDb250YWluZXJOYW1lCnByb3h5SW5pdDoKICBpZ25vcmVJbmJvdW5kUG9ydHM6ICIiCiAgaWdub3JlT3V0Ym91bmRQb3J0czogIjQ0MyIKICBpbWFnZToKICAgIG5hbWU6IFByb3h5SW5pdEltYWdlTmFtZQogICAgcHVsbFBvbGljeTogSW1hZ2VQdWxsUG9saWN5CiAgICB2ZXJzaW9uOiBQcm94eUluaXRWZXJzaW9uCiAgaXB0YWJsZXNNb2RlOiBsZWdhY3kKICBrdWJlQVBJU2VydmVyUG9ydHM6ICIiCnByb3h5SW5qZWN0b3I6CiAgY2FCdW5kbGU6IHByb3h5IGluamVjdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCnNwVmFsaWRhdG9yOiBudWxsCndlYmhvb2tGYWlsdXJlUG9saWN5OiBXZWJob29rRmFpbHVyZVBvbGljeQo= + linkerd-config-overrides: Y2xpVmVyc2lvbjogQ2xpVmVyc2lvbgpjbHVzdGVyTmV0d29ya3M6IENsdXN0ZXJOZXR3b3Jrcwpjb250cm9sbGVyR0lEOiAyMTAzCmNvbnRyb2xsZXJJbWFnZTogQ29udHJvbGxlckltYWdlCmNvbnRyb2xsZXJMb2dGb3JtYXQ6IENvbnRyb2xsZXJMb2dGb3JtYXQKY29udHJvbGxlckxvZ0xldmVsOiBDb250cm9sbGVyTG9nTGV2ZWwKZGVidWdDb250YWluZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBEZWJ1Z0ltYWdlTmFtZQogICAgcHVsbFBvbGljeTogRGVidWdJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IERlYnVnVmVyc2lvbgpkaXNhYmxlSVB2NjogZmFsc2UKZW5hYmxlRW5kcG9pbnRTbGljZXM6IGZhbHNlCmhlYXJ0YmVhdFNjaGVkdWxlOiAxIDIgMyA0IDUKaWRlbnRpdHk6CiAgaXNzdWVyOgogICAgdGxzOgogICAgICBjcnRQRU06IHwKICAgICAgICAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KICAgICAgICBNSUlCd0RDQ0FXZWdBd0lCQWdJUkFKUklnWjhSdE84RXdnMVhlcGY4VDQ0d0NnWUlLb1pJemowRUF3SXdLVEVuCiAgICAgICAgTUNVR0ExVUVBeE1lYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01CNFhEVEl3TURneQogICAgICAgIE9EQTNNVE0wTjFvWERUTXdNRGd5TmpBM01UTTBOMW93S1RFbk1DVUdBMVVFQXhNZWFXUmxiblJwZEhrdWJHbHUKICAgICAgICBhMlZ5WkM1amJIVnpkR1Z5TG14dlkyRnNNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUxL0ZwCiAgICAgICAgZmNSbkRjZWRMNkFqVWFYWVB2NERJTUJhSnVmT0k1Tld0eStYU1g3SmpYZ1p0TTcyZFF2UmFZYW51eEQzNkR0MQogICAgICAgIDIvSnh5aVNneEtXUmRvYXkrYU53TUc0d0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUIKICAgICAgICBBZjhDQVFBd0hRWURWUjBPQkJZRUZJMVducnFNWUthSEhPbyt6cHlpaURxMnBPMEtNQ2tHQTFVZEVRUWlNQ0NDCiAgICAgICAgSG1sa1pXNTBhWFI1TG14cGJtdGxjbVF1WTJ4MWMzUmxjaTVzYjJOaGJEQUtCZ2dxaGtqT1BRUURBZ05IQURCRQogICAgICAgIEFpQXR1b0k1WHVDdHJHVlJ6U21SVGwycmEyOGFWOU15VFU3ZDVxblRBRkhLU2dJZ1JLQ3ZsdU9TZ0E1TzIxcDUKICAgICAgICA1MXRkcm1rSEVaUnIwcWxMU0pkSFlnRWZNems9CiAgICAgICAgLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQogICAgICBrZXlQRU06IHwKICAgICAgICAtLS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KICAgICAgICBNSGNDQVFFRUlBQWU4bmZielp1OWMvT0IyKzh4Sk0wRno3TlV3VFFhenVsa0ZOczRUSTUrb0FvR0NDcUdTTTQ5CiAgICAgICAgQXdFSG9VUURRZ0FFMS9GcGZjUm5EY2VkTDZBalVhWFlQdjRESU1CYUp1Zk9JNU5XdHkrWFNYN0pqWGdadE03MgogICAgICAgIGRRdlJhWWFudXhEMzZEdDEyL0p4eWlTZ3hLV1Jkb2F5K1E9PQogICAgICAgIC0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0KaWRlbnRpdHlUcnVzdEFuY2hvcnNQRU06IHwKICAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KICBNSUlCd1RDQ0FXYWdBd0lCQWdJUWVEWnA1bERhSXlnUTVVZk1LWnJGQVRBS0JnZ3Foa2pPUFFRREFqQXBNU2N3CiAgSlFZRFZRUURFeDVwWkdWdWRHbDBlUzVzYVc1clpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d0hoY05NakF3T0RJNAogIE1EY3hNalEzV2hjTk16QXdPREkyTURjeE1qUTNXakFwTVNjd0pRWURWUVFERXg1cFpHVnVkR2wwZVM1c2FXNXIKICBaWEprTG1Oc2RYTjBaWEl1Ykc5allXd3dXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBUnFjNzBaCiAgbDF2Z3c3OXJqQjV1U0lUSUNVQTZHeWZ2U0ZmY3VJaXM3Qi9YRlNra3dBSFU1Uy9zMUFBUCtSMFRYN0hCV1VDNAogIHVhRzRXV3Npd0pLTm43bWdvM0F3YmpBT0JnTlZIUThCQWY4RUJBTUNBUVl3RWdZRFZSMFRBUUgvQkFnd0JnRUIKICAvd0lCQVRBZEJnTlZIUTRFRmdRVTVZdGpWVlBmZDdJN05MSHNuMkMyNkVCeUdWMHdLUVlEVlIwUkJDSXdJSUllCiAgYVdSbGJuUnBkSGt1YkdsdWEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Bb0dDQ3FHU000OUJBTUNBMGtBTUVZQwogIElRQ043bEJGTEREdmp4NlYwK1hranBLRVJSc0pZZjVhZE12bmxvRmw0OGlsSmdJaEFOdHhobmRjcitRSlB1QzgKICB2Z1VDMGQyLzlGTXVlSVZNYis0NldUQ09qc3FyCiAgLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQppbWFnZVB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQppbWFnZVB1bGxTZWNyZXRzOiBudWxsCmxpbmtlcmRWZXJzaW9uOiBMaW5rZXJkVmVyc2lvbgpuZXR3b3JrVmFsaWRhdG9yOgogIGNvbm5lY3RBZGRyOiAxLjEuMS4xOjIwMDAxCiAgbGlzdGVuQWRkcjogJ1s6Ol06NDE0MCcKICBzZWN1cml0eUNvbnRleHQ6IG51bGwKcG9kTW9uaXRvcjogbnVsbApwb2xpY3lDb250cm9sbGVyOgogIGxvZ0xldmVsOiBsb2ctbGV2ZWwKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIGxpbWl0OiBjcHUtbGltaXQKICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgIG1lbW9yeToKICAgICAgbGltaXQ6IG1lbW9yeS1saW1pdAogICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdApwb2xpY3lWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHBvbGljeSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJpb3JpdHlDbGFzc05hbWU6IFByaW9yaXR5Q2xhc3NOYW1lCnByb2ZpbGVWYWxpZGF0b3I6CiAgY2FCdW5kbGU6IHByb2ZpbGUgdmFsaWRhdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCnByb3h5OgogIGNvbnRyb2w6IG51bGwKICBkZWZhdWx0SW5ib3VuZFBvbGljeTogZGVmYXVsdC1hbGxvdy1wb2xpY3kKICBnaWQ6IDIxMDIKICBpbWFnZToKICAgIG5hbWU6IFByb3h5SW1hZ2VOYW1lCiAgICBwdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IFByb3h5VmVyc2lvbgogIGluYm91bmRDb25uZWN0VGltZW91dDogIiIKICBpbmJvdW5kRGlzY292ZXJ5Q2FjaGVVbnVzZWRUaW1lb3V0OiAiIgogIGxvZ0xldmVsOiB3YXJuLGxpbmtlcmQ9aW5mbwogIG9wYXF1ZVBvcnRzOiAyNSw0NDMsNTg3LDMzMDYsNTQzMiwxMTIxMQogIG91dGJvdW5kQ29ubmVjdFRpbWVvdXQ6ICIiCiAgb3V0Ym91bmREaXNjb3ZlcnlDYWNoZVVudXNlZFRpbWVvdXQ6ICIiCiAgb3V0Ym91bmRUcmFuc3BvcnRNb2RlOiAiIgogIHJlc291cmNlczoKICAgIGNwdToKICAgICAgbGltaXQ6IGNwdS1saW1pdAogICAgICByZXF1ZXN0OiBjcHUtcmVxdWVzdAogICAgbWVtb3J5OgogICAgICBsaW1pdDogbWVtb3J5LWxpbWl0CiAgICAgIHJlcXVlc3Q6IG1lbW9yeS1yZXF1ZXN0CiAgc2VjdXJpdHlDb250ZXh0OiBudWxsCiAgc3RhcnR1cFByb2JlOiBudWxsCnByb3h5Q29udGFpbmVyTmFtZTogUHJveHlDb250YWluZXJOYW1lCnByb3h5SW5pdDoKICBpZ25vcmVJbmJvdW5kUG9ydHM6ICIiCiAgaWdub3JlT3V0Ym91bmRQb3J0czogIjQ0MyIKICBpcHRhYmxlc01vZGU6IGxlZ2FjeQogIGt1YmVBUElTZXJ2ZXJQb3J0czogIiIKcHJveHlJbmplY3RvcjoKICBjYUJ1bmRsZTogcHJveHkgaW5qZWN0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKc3BWYWxpZGF0b3I6IG51bGwKd2ViaG9va0ZhaWx1cmVQb2xpY3k6IFdlYmhvb2tGYWlsdXJlUG9saWN5Cg== kind: Secret metadata: labels: diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index 805c2066c2e8b..73f0da71bc1bf 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 22,8100-8102 ignoreOutboundPorts: "5432" - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1205,7 +1201,8 @@ spec: - "4190,4191,22,8100-8102" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1744,7 +1741,8 @@ spec: - "4190,4191,22,8100-8102" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2174,7 +2172,8 @@ spec: - "4190,4191,22,8100-8102" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_tracing.golden b/cli/cmd/testdata/install_tracing.golden index 660132faa2f5f..776efca8cbff7 100644 --- a/cli/cmd/testdata/install_tracing.golden +++ b/cli/cmd/testdata/install_tracing.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1224,7 +1220,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1791,7 +1788,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2249,7 +2247,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_values_file.golden b/cli/cmd/testdata/install_values_file.golden index c08747216cc6d..6998f0d9e69f8 100644 --- a/cli/cmd/testdata/install_values_file.golden +++ b/cli/cmd/testdata/install_values_file.golden @@ -781,10 +781,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: 4567,4568 ignoreOutboundPorts: 4567,4568 - image: - name: cr.l5d.io/linkerd/proxy-init - pullPolicy: "" - version: v2.4.3 iptablesMode: nft kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1205,7 +1201,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1744,7 +1741,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2174,7 +2172,8 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.4.3 + image: cr.l5d.io/linkerd/proxy:install-proxy-version + command: ["/usr/lib/linkerd/linkerd2-proxy-init"] imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/controller/proxy-injector/fake/data/pod-cpu-ratio.json b/controller/proxy-injector/fake/data/pod-cpu-ratio.json index 6f80d797ec455..b221c95ab194a 100644 --- a/controller/proxy-injector/fake/data/pod-cpu-ratio.json +++ b/controller/proxy-injector/fake/data/pod-cpu-ratio.json @@ -63,8 +63,11 @@ "--outbound-ports-to-ignore", "4567,4568" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.4.3", + "image": "cr.l5d.io/linkerd/proxy:dev-undefined", "imagePullPolicy": "IfNotPresent", + "command": [ + "/usr/lib/linkerd/linkerd2-proxy-init" + ], "name": "linkerd-init", "resources": { "requests": { @@ -303,8 +306,8 @@ "value": "30s" }, { - "name": "LINKERD2_PROXY_OUTBOUND_METRICS_HOSTNAME_LABELS", - "value": "false" + "name": "LINKERD2_PROXY_OUTBOUND_METRICS_HOSTNAME_LABELS", + "value": "false" }, { "name": "LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL", diff --git a/controller/proxy-injector/fake/data/pod-log-level.json b/controller/proxy-injector/fake/data/pod-log-level.json index bd6e49e493216..729d4166fb8fa 100644 --- a/controller/proxy-injector/fake/data/pod-log-level.json +++ b/controller/proxy-injector/fake/data/pod-log-level.json @@ -63,8 +63,11 @@ "--outbound-ports-to-ignore", "4567,4568" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.4.3", + "image": "cr.l5d.io/linkerd/proxy:dev-undefined", "imagePullPolicy": "IfNotPresent", + "command": [ + "/usr/lib/linkerd/linkerd2-proxy-init" + ], "name": "linkerd-init", "resources": null, "securityContext": { @@ -151,12 +154,12 @@ } }, { - "name": "_pod_ip", - "valueFrom": { - "fieldRef": { - "fieldPath": "status.podIP" - } + "name": "_pod_ip", + "valueFrom": { + "fieldRef": { + "fieldPath": "status.podIP" } + } }, { "name": "_pod_nodeName", diff --git a/controller/proxy-injector/fake/data/pod-with-custom-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-custom-debug.patch.json index cafbfd6559199..9bf30f44a5a3c 100644 --- a/controller/proxy-injector/fake/data/pod-with-custom-debug.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-custom-debug.patch.json @@ -63,8 +63,11 @@ "--outbound-ports-to-ignore", "4567,4568" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.4.3", + "image": "cr.l5d.io/linkerd/proxy:dev-undefined", "imagePullPolicy": "IfNotPresent", + "command": [ + "/usr/lib/linkerd/linkerd2-proxy-init" + ], "name": "linkerd-init", "resources": null, "securityContext": { @@ -175,12 +178,12 @@ } }, { - "name": "_pod_ip", - "valueFrom": { - "fieldRef": { - "fieldPath": "status.podIP" - } + "name": "_pod_ip", + "valueFrom": { + "fieldRef": { + "fieldPath": "status.podIP" } + } }, { "name": "_pod_nodeName", diff --git a/controller/proxy-injector/fake/data/pod-with-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-debug.patch.json index db73decdbcdfe..7e5ebacaa5a1f 100644 --- a/controller/proxy-injector/fake/data/pod-with-debug.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-debug.patch.json @@ -63,8 +63,11 @@ "--outbound-ports-to-ignore", "4567,4568" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.4.3", + "image": "cr.l5d.io/linkerd/proxy:dev-undefined", "imagePullPolicy": "IfNotPresent", + "command": [ + "/usr/lib/linkerd/linkerd2-proxy-init" + ], "name": "linkerd-init", "resources": null, "securityContext": { @@ -175,12 +178,12 @@ } }, { - "name": "_pod_ip", - "valueFrom": { - "fieldRef": { - "fieldPath": "status.podIP" - } + "name": "_pod_ip", + "valueFrom": { + "fieldRef": { + "fieldPath": "status.podIP" } + } }, { "name": "_pod_nodeName", diff --git a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json index b5c962eb12fe9..a106c415702a6 100644 --- a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json @@ -73,8 +73,11 @@ "--outbound-ports-to-ignore", "34567" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.4.3", + "image": "cr.l5d.io/linkerd/proxy:dev-undefined", "imagePullPolicy": "IfNotPresent", + "command": [ + "/usr/lib/linkerd/linkerd2-proxy-init" + ], "name": "linkerd-init", "resources": null, "securityContext": { @@ -161,12 +164,12 @@ } }, { - "name": "_pod_ip", - "valueFrom": { - "fieldRef": { - "fieldPath": "status.podIP" - } + "name": "_pod_ip", + "valueFrom": { + "fieldRef": { + "fieldPath": "status.podIP" } + } }, { "name": "_pod_nodeName", diff --git a/controller/proxy-injector/fake/data/pod.patch.json b/controller/proxy-injector/fake/data/pod.patch.json index 726942e53611a..fcc8b2aabc1b2 100644 --- a/controller/proxy-injector/fake/data/pod.patch.json +++ b/controller/proxy-injector/fake/data/pod.patch.json @@ -63,8 +63,11 @@ "--outbound-ports-to-ignore", "4567,4568" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.4.3", + "image": "cr.l5d.io/linkerd/proxy:dev-undefined", "imagePullPolicy": "IfNotPresent", + "command": [ + "/usr/lib/linkerd/linkerd2-proxy-init" + ], "name": "linkerd-init", "resources": null, "securityContext": { @@ -151,12 +154,12 @@ } }, { - "name": "_pod_ip", - "valueFrom": { - "fieldRef": { - "fieldPath": "status.podIP" - } + "name": "_pod_ip", + "valueFrom": { + "fieldRef": { + "fieldPath": "status.podIP" } + } }, { "name": "_pod_nodeName", diff --git a/justfile b/justfile index 351db369c4b07..fbc80bbc22aa7 100644 --- a/justfile +++ b/justfile @@ -304,7 +304,6 @@ _gateway-url := if GATEWAY_API_VERSION != "linkerd" { "https://github.com/kubern # # We execute these commands lazily in case `yq` isn't present (so that other # just recipes can succeed). -_proxy-init-image-cmd := "yq '.proxyInit.image | \"ghcr.io/linkerd/proxy-init:\" + .version' charts/linkerd-control-plane/values.yaml" _cni-plugin-image-cmd := "yq '.image | \"ghcr.io/linkerd/cni-plugin:\" + .version' charts/linkerd2-cni/values.yaml" _prometheus-image-cmd := "yq '.prometheus.image | .registry + \"/\" + .name + \":\" + .tag' viz/charts/linkerd-viz/values.yaml" @@ -330,7 +329,6 @@ linkerd-install *args='': linkerd-load linkerd-crds-install && _linkerd-ready --set='linkerdVersion={{ linkerd-tag }}' \ --set='proxy.image.name={{ proxy-image }}' \ --set='proxy.image.version={{ linkerd-tag }}' \ - --set='proxyInit.image.name=ghcr.io/linkerd/proxy-init' \ {{ args }} \ | {{ _kubectl }} apply -f - @@ -343,7 +341,7 @@ linkerd-load: _linkerd-images _k3d-init for i in {1..3} ; do {{ _k3d-load }} \ '{{ controller-image }}:{{ linkerd-tag }}' \ '{{ proxy-image }}:{{ linkerd-tag }}' \ - $({{ _proxy-init-image-cmd }}) && exit || sleep 1 ; done + && exit || sleep 1 ; done linkerd-load-cni: docker pull -q $({{ _cni-plugin-image-cmd }}) @@ -355,7 +353,6 @@ linkerd-build: _controller-build _linkerd-images: #!/usr/bin/env bash set -xeuo pipefail - docker pull -q $({{ _proxy-init-image-cmd }}) for img in \ '{{ controller-image }}:{{ linkerd-tag }}' \ '{{ proxy-image }}:{{ linkerd-tag }}' diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index f3d18479fb62b..de5c89d461e5f 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -225,7 +225,6 @@ type ( SkipSubnets string `json:"skipSubnets"` LogLevel string `json:"logLevel"` LogFormat string `json:"logFormat"` - Image *Image `json:"image"` SAMountPath *VolumeMountPath `json:"saMountPath"` XTMountPath *VolumeMountPath `json:"xtMountPath"` /* DEPRECATED: should be removed after stable-2.16.0, left in for bc */ diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index ff61f1b12c4f3..62bf3a3f7a0dc 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -16,8 +16,6 @@ func TestNewValues(t *testing.T) { t.Fatalf("Unexpected error: %v\n", err) } - testVersion := "linkerd-dev" - matchExpressionsSimple := []metav1.LabelSelectorRequirement{ { Key: "config.linkerd.io/admission-webhooks", @@ -227,10 +225,6 @@ func TestNewValues(t *testing.T) { KubeAPIServerPorts: "443,6443", LogLevel: "", LogFormat: "", - Image: &Image{ - Name: "cr.l5d.io/linkerd/proxy-init", - Version: testVersion, - }, XTMountPath: &VolumeMountPath{ Name: "linkerd-proxy-init-xtables-lock", MountPath: "/run", @@ -291,11 +285,6 @@ func TestNewValues(t *testing.T) { Egress: &Egress{GlobalEgressNetworkNamespace: "linkerd-egress"}, } - // pin the versions to ensure consistent test result. - // in non-test environment, the default versions are read from the - // values.yaml. - actual.ProxyInit.Image.Version = testVersion - // Make Add-On Values nil to not have to check for their defaults actual.ImagePullSecrets = nil @@ -361,11 +350,6 @@ func TestNewValues(t *testing.T) { }, } - // pin the versions to ensure consistent test result. - // in non-test environment, the default versions are read from the - // values.yaml. - actual.ProxyInit.Image.Version = testVersion - if diff := deep.Equal(expected, actual); diff != nil { t.Errorf("HA Helm values\n%+v", diff) } diff --git a/pkg/healthcheck/healthcheck_test.go b/pkg/healthcheck/healthcheck_test.go index 3652c40fa4d63..306da1b2a714c 100644 --- a/pkg/healthcheck/healthcheck_test.go +++ b/pkg/healthcheck/healthcheck_test.go @@ -1854,11 +1854,6 @@ data: GID: 2102, }, ProxyInit: &linkerd2.ProxyInit{ - Image: &linkerd2.Image{ - Name: "ProxyInitImageName", - PullPolicy: "ImagePullPolicy", - Version: "ProxyInitVersion", - }, XTMountPath: &linkerd2.VolumeMountPath{ MountPath: "/run", Name: "linkerd-proxy-init-xtables-lock", @@ -1879,7 +1874,7 @@ data: global: | {"linkerdNamespace":"linkerd","cniEnabled":false,"version":"install-control-plane-version","identityContext":{"trustDomain":"cluster.local","trustAnchorsPem":"fake-trust-anchors-pem","issuanceLifetime":"86400s","clockSkewAllowance":"20s"}} proxy: | - {"proxyImage":{"imageName":"cr.l5d.io/linkerd/proxy","pullPolicy":"IfNotPresent"},"proxyInitImage":{"imageName":"cr.l5d.io/linkerd/proxy-init","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","proxyGid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxy_init_image_version":"v2.3.0","debugImage":{"imageName":"cr.l5d.io/linkerd/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} + {"proxyImage":{"imageName":"cr.l5d.io/linkerd/proxy","pullPolicy":"IfNotPresent"},"controlPort":{"port":4190},"ignoreInboundPorts":[],"ignoreOutboundPorts":[],"inboundPort":{"port":4143},"adminPort":{"port":4191},"outboundPort":{"port":4140},"resource":{"requestCpu":"","requestMemory":"","limitCpu":"","limitMemory":""},"proxyUid":"2102","proxyGid":"2102","logLevel":{"level":"warn,linkerd=info"},"disableExternalProfiles":true,"proxyVersion":"install-proxy-version","proxy_init_image_version":"v2.3.0","debugImage":{"imageName":"cr.l5d.io/linkerd/debug","pullPolicy":"IfNotPresent"},"debugImageVersion":"install-debug-version"} install: | {"cliVersion":"dev-undefined","flags":[]} values: | @@ -1939,10 +1934,6 @@ data: closeWaitTimeoutSecs: 0 ignoreInboundPorts: "" ignoreOutboundPorts: "" - image: - name: ProxyInitImageName - pullPolicy: ImagePullPolicy - version: ProxyInitVersion resources: saMountPath: null xtMountPath: @@ -1995,11 +1986,6 @@ data: GID: 2102, }, ProxyInit: &linkerd2.ProxyInit{ - Image: &linkerd2.Image{ - Name: "ProxyInitImageName", - PullPolicy: "ImagePullPolicy", - Version: "ProxyInitVersion", - }, XTMountPath: &linkerd2.VolumeMountPath{ MountPath: "/run", Name: "linkerd-proxy-init-xtables-lock", diff --git a/pkg/healthcheck/sidecar_test.go b/pkg/healthcheck/sidecar_test.go index 687c5bd68c005..edcdd6d4f9ed7 100644 --- a/pkg/healthcheck/sidecar_test.go +++ b/pkg/healthcheck/sidecar_test.go @@ -108,7 +108,7 @@ func TestHasExistingSidecars(t *testing.T) { podSpec: &corev1.PodSpec{ InitContainers: []corev1.Container{ { - Image: "cr.l5d.io/linkerd/proxy-init:2.2.0", + Image: "cr.l5d.io/linkerd/proxy:1.0.0", }, }, }, diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index 685af6e356c44..ab163099a5c26 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -46,8 +46,6 @@ var ( k8s.ProxyEnableExternalProfilesAnnotation, k8s.ProxyImagePullPolicyAnnotation, k8s.ProxyInboundPortAnnotation, - k8s.ProxyInitImageAnnotation, - k8s.ProxyInitImageVersionAnnotation, k8s.ProxyOutboundPortAnnotation, k8s.ProxyPodInboundPortsAnnotation, k8s.ProxyCPULimitAnnotation, @@ -225,10 +223,6 @@ func ApplyAnnotationOverrides(values *l5dcharts.Values, annotations map[string]s values.Proxy.Image.PullPolicy = override } - if override, ok := annotations[k8s.ProxyInitImageVersionAnnotation]; ok { - values.ProxyInit.Image.Version = override - } - if override, ok := annotations[k8s.ProxyControlPortAnnotation]; ok { controlPort, err := strconv.ParseInt(override, 10, 32) if err == nil { @@ -490,14 +484,6 @@ func ApplyAnnotationOverrides(values *l5dcharts.Values, annotations map[string]s } } - if override, ok := annotations[k8s.ProxyInitImageAnnotation]; ok { - values.ProxyInit.Image.Name = override - } - - if override, ok := annotations[k8s.ProxyImagePullPolicyAnnotation]; ok { - values.ProxyInit.Image.PullPolicy = override - } - if override, ok := annotations[k8s.ProxyIgnoreInboundPortsAnnotation]; ok { values.ProxyInit.IgnoreInboundPorts = override } diff --git a/pkg/inject/inject_test.go b/pkg/inject/inject_test.go index 8369a63e9bbb8..56de2031035e7 100644 --- a/pkg/inject/inject_test.go +++ b/pkg/inject/inject_test.go @@ -6,7 +6,6 @@ import ( "github.com/go-test/deep" l5dcharts "github.com/linkerd/linkerd2/pkg/charts/linkerd2" "github.com/linkerd/linkerd2/pkg/k8s" - "github.com/linkerd/linkerd2/pkg/version" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" k8sResource "k8s.io/apimachinery/pkg/api/resource" @@ -42,7 +41,6 @@ func TestGetOverriddenValues(t *testing.T) { Annotations: map[string]string{ k8s.ProxyImageAnnotation: "cr.l5d.io/linkerd/proxy", k8s.ProxyImagePullPolicyAnnotation: pullPolicy, - k8s.ProxyInitImageAnnotation: "cr.l5d.io/linkerd/proxy-init", k8s.ProxyControlPortAnnotation: "4000", k8s.ProxyInboundPortAnnotation: "5000", k8s.ProxyAdminPortAnnotation: "5001", @@ -112,9 +110,6 @@ func TestGetOverriddenValues(t *testing.T) { } values.Proxy.UID = 8500 values.Proxy.GID = 8500 - values.ProxyInit.Image.Name = "cr.l5d.io/linkerd/proxy-init" - values.ProxyInit.Image.PullPolicy = pullPolicy - values.ProxyInit.Image.Version = version.ProxyInitVersion values.ProxyInit.IgnoreInboundPorts = "4222,6222" values.ProxyInit.IgnoreOutboundPorts = "8079,8080" values.ProxyInit.SkipSubnets = "172.17.0.0/16" @@ -169,7 +164,6 @@ func TestGetOverriddenValues(t *testing.T) { nsAnnotations: map[string]string{ k8s.ProxyImageAnnotation: "cr.l5d.io/linkerd/proxy", k8s.ProxyImagePullPolicyAnnotation: pullPolicy, - k8s.ProxyInitImageAnnotation: "cr.l5d.io/linkerd/proxy-init", k8s.ProxyControlPortAnnotation: "4000", k8s.ProxyInboundPortAnnotation: "5000", k8s.ProxyAdminPortAnnotation: "5001", @@ -232,9 +226,6 @@ func TestGetOverriddenValues(t *testing.T) { } values.Proxy.UID = 8500 values.Proxy.GID = 8500 - values.ProxyInit.Image.Name = "cr.l5d.io/linkerd/proxy-init" - values.ProxyInit.Image.PullPolicy = pullPolicy - values.ProxyInit.Image.Version = version.ProxyInitVersion values.ProxyInit.IgnoreInboundPorts = "4222,6222" values.ProxyInit.IgnoreOutboundPorts = "8079,8080" values.Proxy.OutboundConnectTimeout = "6000ms" @@ -363,9 +354,7 @@ func TestApplyAnnotationOverridesMissingProxyTracing(t *testing.T) { Ports: &l5dcharts.Ports{}, Metrics: &l5dcharts.ProxyMetrics{}, }, - ProxyInit: &l5dcharts.ProxyInit{ - Image: &l5dcharts.Image{}, - }, + ProxyInit: &l5dcharts.ProxyInit{}, } annotations := map[string]string{ @@ -390,9 +379,7 @@ func TestApplyAnnotationOverridesInitializesTracingLabels(t *testing.T) { Ports: &l5dcharts.Ports{}, Metrics: &l5dcharts.ProxyMetrics{}, }, - ProxyInit: &l5dcharts.ProxyInit{ - Image: &l5dcharts.Image{}, - }, + ProxyInit: &l5dcharts.ProxyInit{}, } annotations := map[string]string{ diff --git a/pkg/k8s/labels.go b/pkg/k8s/labels.go index f76f04cc18f7e..b433e1a0afd0a 100644 --- a/pkg/k8s/labels.go +++ b/pkg/k8s/labels.go @@ -137,13 +137,6 @@ const ( // proxyImagePullPolicy and proxyInitImagePullPolicy configs. ProxyImagePullPolicyAnnotation = ProxyConfigAnnotationsPrefix + "/image-pull-policy" - // ProxyInitImageAnnotation can be used to override the proxyInitImage - // config. - ProxyInitImageAnnotation = ProxyConfigAnnotationsPrefix + "/init-image" - - // ProxyInitImageVersionAnnotation can be used to override the proxy-init image version - ProxyInitImageVersionAnnotation = ProxyConfigAnnotationsPrefix + "/init-image-version" - // DebugImageAnnotation can be used to override the debugImage config. DebugImageAnnotation = ProxyConfigAnnotationsPrefix + "/debug-image" diff --git a/pkg/version/version.go b/pkg/version/version.go index 73eb4db0fad3e..3abffa44c166e 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -12,10 +12,6 @@ import ( // DO NOT EDIT var Version = undefinedVersion -// ProxyInitVersion is the pinned version of the proxy-init, from -// https://github.com/linkerd/linkerd2-proxy-init This has to be kept in sync -// with the default version in the control plane's values.yaml. -var ProxyInitVersion = "v2.4.3" var LinkerdCNIVersion = "v1.6.4" const ( diff --git a/proxy-runtime.yml b/proxy-runtime.yml new file mode 100644 index 0000000000000..7eeb197680fe3 --- /dev/null +++ b/proxy-runtime.yml @@ -0,0 +1,31 @@ +contents: + repositories: + - https://packages.wolfi.dev/os + keyring: + - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub + packages: + - ca-certificates-bundle + - glibc + - iptables + - ip6tables + - libnetfilter_conntrack + - libnfnetlink + - libmnl + - libgcc + - nftables-slim + - libcap-utils +archs: + - x86_64 + - aarch64 +paths: +- path: /run + type: directory + permissions: 0o755 +accounts: + users: + - username: nonroot + uid: 65532 + - username: nobody + uid: 65534 + run-as: 65532 +work-dir: /home/nonroot diff --git a/test/integration/install/inject/inject_test.go b/test/integration/install/inject/inject_test.go index fdbb089e5089b..2444a5e2b8cc0 100644 --- a/test/integration/install/inject/inject_test.go +++ b/test/integration/install/inject/inject_test.go @@ -12,7 +12,6 @@ import ( "github.com/linkerd/linkerd2/controller/gen/client/clientset/versioned/scheme" "github.com/linkerd/linkerd2/pkg/flags" "github.com/linkerd/linkerd2/pkg/k8s" - "github.com/linkerd/linkerd2/pkg/version" "github.com/linkerd/linkerd2/testutil" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" @@ -64,7 +63,6 @@ func TestInjectManualParams(t *testing.T) { NoInitContainer: TestHelper.CNI(), Version: "proxy-version", Image: reg + "/proxy-image", - InitImage: reg + "/init-image", ImagePullPolicy: "Never", ControlPort: 123, SkipInboundPorts: "234,345", @@ -126,8 +124,6 @@ func TestInjectAutoParams(t *testing.T) { EnableDebug: true, ImagePullPolicy: "Never", InboundPort: 8882, - InitImage: "init-image", - InitImageVersion: "init-image-version", OutboundPort: 8883, CPULimit: "160m", CPURequest: "150m", @@ -389,13 +385,9 @@ func TestInjectAutoPod(t *testing.T) { initUser := int64(65534) initGroup := int64(65534) seccompProfile := &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault} - reg := "cr.l5d.io/linkerd" - if override := os.Getenv(flags.EnvOverrideDockerRegistry); override != "" { - reg = override - } expectedInitContainer := v1.Container{ - Name: k8s.InitContainerName, - Image: reg + "/proxy-init:" + version.ProxyInitVersion, + Name: k8s.InitContainerName, + Command: []string{"/usr/lib/linkerd/linkerd2-proxy-init"}, Args: []string{ "--firewall-bin-path", "iptables-nft", "--firewall-save-bin-path", "iptables-nft-save", @@ -496,6 +488,8 @@ func TestInjectAutoPod(t *testing.T) { } // Removed token volume name from comparison because it contains a random string initContainer.VolumeMounts[1].Name = "" + // Expect the init container image to use the proxy container image + expectedInitContainer.Image = testutil.GetProxyContainer(pods[0].Spec.Containers).Image if diff := deep.Equal(expectedInitContainer, initContainer); diff != nil { testutil.AnnotatedFatalf(t, "malformed init container", "malformed init container:\n%v", diff) } diff --git a/test/integration/install/install_test.go b/test/integration/install/install_test.go index 2e46d951fa854..2efed2b978828 100644 --- a/test/integration/install/install_test.go +++ b/test/integration/install/install_test.go @@ -360,7 +360,6 @@ func helmUpgradeFlags(root *tls.CA) ([]string, []string) { if override := os.Getenv(flags.EnvOverrideDockerRegistry); override != "" { coreArgs = append(coreArgs, "--set", "proxy.image.name="+cmd.RegistryOverride("cr.l5d.io/linkerd/proxy", override), - "--set", "proxyInit.image.name="+cmd.RegistryOverride("cr.l5d.io/linkerd/proxy-init", override), "--set", "controllerImage="+cmd.RegistryOverride("cr.l5d.io/linkerd/controller", override), "--set", "debugContainer.image.name="+cmd.RegistryOverride("cr.l5d.io/linkerd/debug", override), ) @@ -610,9 +609,6 @@ func TestOverridesSecret(t *testing.T) { "version": TestHelper.GetVersion(), }, } - knownKeys["proxyInit"].(tree.Tree)["image"] = tree.Tree{ - "name": reg + "/proxy-init", - } } // Check for fields that were added during upgrade diff --git a/test/integration/multicluster/install_test.go b/test/integration/multicluster/install_test.go index dd37c9d300ceb..74bf528ce09f3 100644 --- a/test/integration/multicluster/install_test.go +++ b/test/integration/multicluster/install_test.go @@ -16,7 +16,6 @@ import ( mcHealthcheck "github.com/linkerd/linkerd2/multicluster/cmd" "github.com/linkerd/linkerd2/pkg/healthcheck" - "github.com/linkerd/linkerd2/pkg/version" "github.com/linkerd/linkerd2/testutil" ) @@ -118,8 +117,6 @@ func TestInstall(t *testing.T) { cmd = []string{ "install", "--controller-log-level", "debug", - "--set", "proxyInit.image.name=ghcr.io/linkerd/proxy-init", - "--set", fmt.Sprintf("proxyInit.image.version=%s", version.ProxyInitVersion), "--set", fmt.Sprintf("proxy.image.version=%s", TestHelper.GetVersion()), "--set", "heartbeatSchedule=1 2 3 4 5", "--identity-trust-anchors-file", rootPath, diff --git a/test/integration/upgrade-edge/upgrade_edge_test.go b/test/integration/upgrade-edge/upgrade_edge_test.go index 40a1ff92f7742..28f1376f903e9 100644 --- a/test/integration/upgrade-edge/upgrade_edge_test.go +++ b/test/integration/upgrade-edge/upgrade_edge_test.go @@ -380,10 +380,6 @@ func TestOverridesSecret(t *testing.T) { "name": reg + "/proxy", }, } - knownKeys["proxyInit"].(tree.Tree)["image"] = tree.Tree{ - "name": reg + "/proxy-init", - } - } // Check if the keys in overridesTree match with knownKeys diff --git a/testutil/inject_validator.go b/testutil/inject_validator.go index 2dfe6c07bd005..9f6fff186630a 100644 --- a/testutil/inject_validator.go +++ b/testutil/inject_validator.go @@ -25,8 +25,6 @@ type InjectValidator struct { EnableExternalProfiles bool ImagePullPolicy string InboundPort int - InitImage string - InitImageVersion string OutboundPort int CPULimit string EphemeralStorageLimit string @@ -333,27 +331,6 @@ func (iv *InjectValidator) validateInitContainer(pod *v1.PodSpec) error { return fmt.Errorf("container %s missing", k8s.InitContainerName) } - if iv.InitImage != "" || iv.InitImageVersion != "" { - - image := strings.Split(initContainer.Image, ":") - - if len(image) != 2 { - return fmt.Errorf("invalid proxy init image string: %s", initContainer.Image) - } - - if iv.InitImage != "" { - if image[0] != iv.InitImage { - return fmt.Errorf("proxyInitImage: expected %s, actual %s", iv.InitImage, image[0]) - } - } - - if iv.InitImageVersion != "" { - if image[1] != iv.InitImageVersion { - return fmt.Errorf("proxyInitImageVersion: expected %s, actual %s", iv.InitImageVersion, image[1]) - } - } - } - if iv.InboundPort != 0 { if err := iv.validateArg(initContainer, "--incoming-proxy-port", strconv.Itoa(iv.InboundPort)); err != nil { return err @@ -470,16 +447,6 @@ func (iv *InjectValidator) GetFlagsAndAnnotations() ([]string, map[string]string flags = append(flags, fmt.Sprintf("--inbound-port=%s", strconv.Itoa(iv.InboundPort))) } - if iv.InitImage != "" { - annotations[k8s.ProxyInitImageAnnotation] = iv.InitImage - flags = append(flags, fmt.Sprintf("--init-image=%s", iv.InitImage)) - } - - if iv.InitImageVersion != "" { - annotations[k8s.ProxyInitImageVersionAnnotation] = iv.InitImageVersion - flags = append(flags, fmt.Sprintf("--init-image-version=%s", iv.InitImageVersion)) - } - if iv.OutboundPort != 0 { annotations[k8s.ProxyOutboundPortAnnotation] = strconv.Itoa(iv.OutboundPort) flags = append(flags, fmt.Sprintf("--outbound-port=%s", strconv.Itoa(iv.OutboundPort))) From e58375d1c8d6751a74cb49d7213e69e86e1e1ce3 Mon Sep 17 00:00:00 2001 From: l5d-bot <48604953+l5d-bot@users.noreply.github.com> Date: Wed, 26 Nov 2025 09:24:49 -0800 Subject: [PATCH 071/123] proxy: v2.331.0 (#14759) Release notes: https://github.com/linkerd/linkerd2-proxy/releases/tag/release/v2.331.0 Signed-off-by: l5d-bot Co-authored-by: l5d-bot Signed-off-by: Ivan Porta --- .proxy-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.proxy-version b/.proxy-version index a431bad585e7d..b48b60a15a835 100644 --- a/.proxy-version +++ b/.proxy-version @@ -1 +1 @@ -v2.330.0 +v2.331.0 From cc44e2625202f6f0009602901e1f6d55ac4220da Mon Sep 17 00:00:00 2001 From: Alex Leong Date: Wed, 26 Nov 2025 12:48:10 -0800 Subject: [PATCH 072/123] fix(policy): respect timeout field on gateway API HTTPRoutes (#14750) Fixes #14713 The [Linkerd documentation](https://linkerd.io/2-edge/reference/timeouts/#configuring-timeouts) specifies that: > If the [request timeout](https://gateway-api.sigs.k8s.io/api-types/httproute/#timeouts-optional) field is set on an HTTPRoute resource, it will be used as the timeout.linkerd.io/request timeout. However, if both the field and the annotation are specified, the annotation will take priority. This is true for policy.linkerd.io/HTTPRoute resources but not for `gateway.networking.k8s.io/HTTPRoute` resources. We update the policy controller to consider the request timeout field on `gateway.networking.k8s.io/HTTPRoute` and add API tests. Signed-off-by: Alex Leong Signed-off-by: Ivan Porta --- .../k8s/index/src/outbound/index/http.rs | 15 +- policy-test/tests/outbound_api_http.rs | 151 ++++++++++++++++++ testutil/test_helper.go | 2 +- 3 files changed, 166 insertions(+), 2 deletions(-) diff --git a/policy-controller/k8s/index/src/outbound/index/http.rs b/policy-controller/k8s/index/src/outbound/index/http.rs index 4901036ecdd2d..124507c472642 100644 --- a/policy-controller/k8s/index/src/outbound/index/http.rs +++ b/policy-controller/k8s/index/src/outbound/index/http.rs @@ -159,7 +159,7 @@ fn convert_gateway_rule( rule: gateway::HTTPRouteRules, cluster: &ClusterInfo, resource_info: &HashMap, - timeouts: RouteTimeouts, + mut timeouts: RouteTimeouts, retry: Option>, ) -> Result> { let matches = rule @@ -183,6 +183,19 @@ fn convert_gateway_rule( .map(convert_gateway_filter) .collect::>()?; + timeouts.request = timeouts.request.or_else(|| { + rule.timeouts.as_ref().and_then(|timeouts| { + let timeout = parse_duration(timeouts.request.as_ref()?).ok()?; + + // zero means "no timeout", per GEP-1742 + if timeout == time::Duration::ZERO { + return None; + } + + Some(timeout) + }) + }); + Ok(OutboundRouteRule { matches, backends, diff --git a/policy-test/tests/outbound_api_http.rs b/policy-test/tests/outbound_api_http.rs index 47b93a1486557..5df878500056c 100644 --- a/policy-test/tests/outbound_api_http.rs +++ b/policy-test/tests/outbound_api_http.rs @@ -1,3 +1,5 @@ +use std::time::Duration; + use futures::StreamExt; use linkerd2_proxy_api::{self as api, outbound}; use linkerd_policy_controller_k8s_api::{self as k8s, gateway, policy}; @@ -701,6 +703,155 @@ async fn http_route_retries_and_timeouts() { test::().await; } +#[tokio::test(flavor = "current_thread")] +async fn http_route_linkerd_timeouts() { + async fn test() { + tracing::debug!( + parent = %P::kind(&P::DynamicType::default()), + ); + with_temp_ns(|client, ns| async move { + // Create a parent + let parent = create(&client, P::make_parent(&ns)).await; + let port = 4191; + // Create a backend + let backend_port = 8888; + let backend = match P::make_backend(&ns) { + Some(b) => create(&client, b).await, + None => parent.clone(), + }; + + let route = policy::HttpRoute { + metadata: k8s::ObjectMeta { + namespace: Some(ns.to_string()), + name: Some("foo-route".to_string()), + ..Default::default() + }, + spec: policy::HttpRouteSpec { + parent_refs: Some(vec![parent.obj_ref()]), + hostnames: None, + rules: Some(vec![policy::httproute::HttpRouteRule { + matches: Some(vec![]), + filters: None, + timeouts: Some(policy::httproute::HttpRouteTimeouts { + request: Some(Duration::from_secs(5).into()), + backend_request: None, + }), + backend_refs: Some(vec![backend.backend_ref(backend_port)]), + }]), + }, + status: None, + }; + + let route = create(&client, route).await; + await_route_accepted(&client, &route).await; + + let mut rx = retry_watch_outbound_policy(&client, &ns, parent.ip(), port).await; + let config = rx + .next() + .await + .expect("watch must not fail") + .expect("watch must return an initial config"); + tracing::trace!(?config); + assert_resource_meta(&config.metadata, parent.obj_ref(), port); + + policy::HttpRoute::routes(&config, |routes| { + let outbound_route = routes.first().expect("route must exist"); + assert!(route.meta_eq(policy::HttpRoute::extract_meta(outbound_route))); + let rule = assert_singleton(&outbound_route.rules); + let timeout = rule + .timeouts + .as_ref() + .expect("timeouts expected") + .request + .as_ref() + .expect("request timeout expected"); + assert_eq!(timeout.seconds, 5); + }); + }) + .await; + } + + test::().await; + test::().await; +} + +// The timeout field on HTTPRoute is only available in Gateway API v1.2+. +#[cfg(feature = "gateway-api-experimental")] +#[tokio::test(flavor = "current_thread")] +async fn http_route_gateway_timeouts() { + async fn test() { + tracing::debug!( + parent = %P::kind(&P::DynamicType::default()), + ); + with_temp_ns(|client, ns| async move { + // Create a parent + let parent = create(&client, P::make_parent(&ns)).await; + let port = 4191; + // Create a backend + let backend_port = 8888; + let backend = match P::make_backend(&ns) { + Some(b) => create(&client, b).await, + None => parent.clone(), + }; + + let route = gateway::HTTPRoute { + metadata: k8s::ObjectMeta { + namespace: Some(ns.to_string()), + name: Some("foo-route".to_string()), + ..Default::default() + }, + spec: gateway::HTTPRouteSpec { + parent_refs: Some(vec![parent.obj_ref()]), + hostnames: None, + rules: Some(vec![gateway::HTTPRouteRules { + name: None, + matches: Some(vec![]), + filters: None, + timeouts: Some(gateway::HTTPRouteRulesTimeouts { + request: Some("5s".to_string()), + backend_request: None, + }), + retry: None, + backend_refs: Some(vec![backend.backend_ref(backend_port)]), + session_persistence: None, + }]), + }, + status: None, + }; + + let route = create(&client, route).await; + await_route_accepted(&client, &route).await; + + let mut rx = retry_watch_outbound_policy(&client, &ns, parent.ip(), port).await; + let config = rx + .next() + .await + .expect("watch must not fail") + .expect("watch must return an initial config"); + tracing::trace!(?config); + assert_resource_meta(&config.metadata, parent.obj_ref(), port); + + gateway::HTTPRoute::routes(&config, |routes| { + let outbound_route = routes.first().expect("route must exist"); + assert!(route.meta_eq(gateway::HTTPRoute::extract_meta(outbound_route))); + let rule = assert_singleton(&outbound_route.rules); + let timeout = rule + .timeouts + .as_ref() + .expect("timeouts expected") + .request + .as_ref() + .expect("request timeout expected"); + assert_eq!(timeout.seconds, 5); + }); + }) + .await; + } + + test::().await; + test::().await; +} + #[tokio::test(flavor = "current_thread")] async fn parent_retries_and_timeouts() { async fn test>() { diff --git a/testutil/test_helper.go b/testutil/test_helper.go index 1af14e8cb6dac..88f973bb66ab1 100644 --- a/testutil/test_helper.go +++ b/testutil/test_helper.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -const GATEWAY_API_VERSION = "v1.1.1" +const GATEWAY_API_VERSION = "v1.2.0" // TestHelper provides helpers for running the linkerd integration tests. type TestHelper struct { From a1abafcc1b2c98260190cf738f2a3c4d0bd2198a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:35:16 -0500 Subject: [PATCH 073/123] build(deps): bump node-forge from 1.3.0 to 1.3.2 in /web/app (#14761) Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.0 to 1.3.2. - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.0...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/app/yarn.lock b/web/app/yarn.lock index 2523771a611a6..99df3b3efc1b5 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -7548,9 +7548,9 @@ no-case@^3.0.4: tslib "^2.0.3" node-forge@>=0.10.0, node-forge@^1: - version "1.3.0" - resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.0.tgz#37a874ea723855f37db091e6c186e5b67a01d4b2" - integrity sha512-08ARB91bUi6zNKzVmaj3QO7cr397uiDT2nJ63cHjyNtCTWIgvS47j3eT0WfzUwS9+6Z5YshRaoasFkXCKrIYbA== + version "1.3.2" + resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.2.tgz#d0d2659a26eef778bf84d73e7f55c08144ee7750" + integrity sha512-6xKiQ+cph9KImrRh0VsjH2d8/GXA4FIMlgU4B757iI1ApvcyA9VlouP0yZJha01V+huImO+kKMU7ih+2+E14fw== node-gettext@^3.0.0: version "3.0.0" From ce07a144688e28afdafeed6f20e36ddf18d34509 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:35:47 -0500 Subject: [PATCH 074/123] build(deps): bump github.com/prometheus/common from 0.67.3 to 0.67.4 (#14756) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.67.3 to 0.67.4. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/common/compare/v0.67.3...v0.67.4) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-version: 0.67.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ede6de9b5adf9..ea399b5a174de 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/pkg/browser v0.0.0-20170505125900-c90ca0c84f15 github.com/prometheus/client_golang v1.23.2 github.com/prometheus/client_model v0.6.2 - github.com/prometheus/common v0.67.3 + github.com/prometheus/common v0.67.4 github.com/sergi/go-diff v1.4.0 github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index af47c1f165334..172dbc08a2989 100644 --- a/go.sum +++ b/go.sum @@ -354,8 +354,8 @@ github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UH github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.67.3 h1:shd26MlnwTw5jksTDhC7rTQIteBxy+ZZDr3t7F2xN2Q= -github.com/prometheus/common v0.67.3/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= +github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc= +github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= From 5cbbda756fdad64db079c62ffe4e74a020586233 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:37:05 -0500 Subject: [PATCH 075/123] build(deps): bump use-query-params from 2.2.1 to 2.2.2 in /web/app (#14755) Bumps [use-query-params](https://github.com/pbeshai/use-query-params) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/pbeshai/use-query-params/releases) - [Commits](https://github.com/pbeshai/use-query-params/commits) --- updated-dependencies: - dependency-name: use-query-params dependency-version: 2.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index 3ca8bd9f3b258..fe47132f5a954 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -37,7 +37,7 @@ "react-router-dom": "5.3.4", "react-router-prop-types": "1.0.5", "regenerator-runtime": "^0.14.1", - "use-query-params": "2.2.1", + "use-query-params": "2.2.2", "whatwg-fetch": "3.6.20" }, "devDependencies": { diff --git a/web/app/yarn.lock b/web/app/yarn.lock index 99df3b3efc1b5..5fd37c99d2ff1 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -8882,10 +8882,10 @@ serialize-javascript@^6.0.2: dependencies: randombytes "^2.1.0" -serialize-query-params@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/serialize-query-params/-/serialize-query-params-2.0.2.tgz#598a3fb9e13f4ea1c1992fbd20231aa16b31db81" - integrity sha512-1chMo1dST4pFA9RDXAtF0Rbjaut4is7bzFbI1Z26IuMub68pNCILku85aYmeFhvnY//BXUPUhoRMjYcsT93J/Q== +serialize-query-params@^2.0.3: + version "2.0.3" + resolved "https://registry.yarnpkg.com/serialize-query-params/-/serialize-query-params-2.0.3.tgz#1bbc9d5353a3a90c782129549e0ec34a9575f0a0" + integrity sha512-PyDK5dkxtWa9jo9qJDy19x/haAcTQnUfIGsCXIv53HlgTCH5pC2KHIqrtM+VOruqRmH2XwYZZyn7BNHN0W58EQ== serve-index@^1.9.1: version "1.9.1" @@ -9903,12 +9903,12 @@ url-loader@^4.1.1: mime-types "^2.1.27" schema-utils "^3.0.0" -use-query-params@2.2.1: - version "2.2.1" - resolved "https://registry.yarnpkg.com/use-query-params/-/use-query-params-2.2.1.tgz#c558ab70706f319112fbccabf6867b9f904e947d" - integrity sha512-i6alcyLB8w9i3ZK3caNftdb+UnbfBRNPDnc89CNQWkGRmDrm/gfydHvMBfVsQJRq3NoHOM2dt/ceBWG2397v1Q== +use-query-params@2.2.2: + version "2.2.2" + resolved "https://registry.yarnpkg.com/use-query-params/-/use-query-params-2.2.2.tgz#a029b00b24a680ceffea1e3ae0ce8ac9c5c77645" + integrity sha512-OwGab8u8/x2xZp9uSyBsx0kXlkR9IR436zbygsYVGikPYY3OJosvve6IJVGwIJPcfyb/YHwvPrUNu65/JR++Kw== dependencies: - serialize-query-params "^2.0.2" + serialize-query-params "^2.0.3" util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1: version "1.0.2" From b2938ccd5c0f690790412973f737897adf5ff8ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:37:43 -0500 Subject: [PATCH 076/123] build(deps-dev): bump webpack-bundle-analyzer in /web/app (#14754) Bumps [webpack-bundle-analyzer](https://github.com/webpack/webpack-bundle-analyzer) from 4.10.2 to 5.0.1. - [Changelog](https://github.com/webpack/webpack-bundle-analyzer/blob/main/CHANGELOG.md) - [Commits](https://github.com/webpack/webpack-bundle-analyzer/compare/v4.10.2...v5.0.1) --- updated-dependencies: - dependency-name: webpack-bundle-analyzer dependency-version: 5.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 28 +++++----------------------- 2 files changed, 6 insertions(+), 24 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index fe47132f5a954..fd89997de9ba1 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -79,7 +79,7 @@ "style-loader": "^4.0.0", "url-loader": "^4.1.1", "webpack": "^5.101.3", - "webpack-bundle-analyzer": "4.10.2", + "webpack-bundle-analyzer": "5.0.1", "webpack-cli": "6.0.1", "webpack-dev-server": "5.2.2" }, diff --git a/web/app/yarn.lock b/web/app/yarn.lock index 5fd37c99d2ff1..09001d7fdc510 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -4112,11 +4112,6 @@ dunder-proto@^1.0.0, dunder-proto@^1.0.1: es-errors "^1.3.0" gopd "^1.2.0" -duplexer@^0.1.2: - version "0.1.2" - resolved "https://registry.yarnpkg.com/duplexer/-/duplexer-0.1.2.tgz#3abe43aef3835f8ae077d136ddce0f276b0400e6" - integrity sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg== - eastasianwidth@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/eastasianwidth/-/eastasianwidth-0.2.0.tgz#696ce2ec0aa0e6ea93a397ffcf24aa7840c827cb" @@ -5529,13 +5524,6 @@ graphemer@^1.4.0: resolved "https://registry.yarnpkg.com/graphemer/-/graphemer-1.4.0.tgz#fb2f1d55e0e3a1849aeffc90c4fa0dd53a0e66c6" integrity sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag== -gzip-size@^6.0.0: - version "6.0.0" - resolved "https://registry.yarnpkg.com/gzip-size/-/gzip-size-6.0.0.tgz#065367fd50c239c0671cbcbad5be3e2eeb10e462" - integrity sha512-ax7ZYomf6jqPTQ4+XCpUGyXKHk5WweS+e05MBO4/y3WJ5RkmPXNKvX+bx1behVILVwr6JSQvZAku021CHPXG3Q== - dependencies: - duplexer "^0.1.2" - handle-thing@^2.0.0: version "2.0.1" resolved "https://registry.yarnpkg.com/handle-thing/-/handle-thing-2.0.1.tgz#857f79ce359580c340d43081cc648970d0bb234e" @@ -7980,12 +7968,7 @@ performance-now@^2.1.0: resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b" integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns= -picocolors@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.0.tgz#cb5bdc74ff3f51892236eaf79d68bc44564ab81c" - integrity sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ== - -picocolors@^1.1.1: +picocolors@^1.0.0, picocolors@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== @@ -9997,10 +9980,10 @@ webidl-conversions@^7.0.0: resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-7.0.0.tgz#256b4e1882be7debbf01d05f0aa2039778ea080a" integrity sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g== -webpack-bundle-analyzer@4.10.2: - version "4.10.2" - resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.2.tgz#633af2862c213730be3dbdf40456db171b60d5bd" - integrity sha512-vJptkMm9pk5si4Bv922ZbKLV8UTT4zib4FPgXMhgzUny0bfDDkLXAVQs3ly3fS4/TN9ROFtb0NFrm04UXFE/Vw== +webpack-bundle-analyzer@5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-5.0.1.tgz#51bd8cc3bd991b70d5e6d54937827f01fe859633" + integrity sha512-PUp3YFOHysSw8t+13rcF+8o5SGaP/AZ5KnIF3qJfFodv4xJkmixnfcyy+LOwNadpzvyrEKpaMlewAG2sFUfdpw== dependencies: "@discoveryjs/json-ext" "0.5.7" acorn "^8.0.4" @@ -10008,7 +9991,6 @@ webpack-bundle-analyzer@4.10.2: commander "^7.2.0" debounce "^1.2.1" escape-string-regexp "^4.0.0" - gzip-size "^6.0.0" html-escaper "^2.0.2" opener "^1.5.2" picocolors "^1.0.0" From 9deb34be10d6ee24fd0b5e6b0c4a5dcad3468732 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:38:23 -0500 Subject: [PATCH 077/123] build(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#14748) Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/93cb6efe18208431cddfb8368fd83d5badbf9bfd...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/actions.yml | 4 ++-- .github/workflows/cli-build.yml | 2 +- .github/workflows/codecov.yml | 6 +++--- .github/workflows/codeql.yml | 2 +- .github/workflows/devcontainer.yml | 4 ++-- .github/workflows/go.yml | 8 ++++---- .github/workflows/integration.yml | 16 ++++++++-------- .github/workflows/js.yml | 2 +- .github/workflows/markdown.yml | 2 +- .github/workflows/proto.yml | 2 +- .github/workflows/release.yml | 12 ++++++------ .github/workflows/rust.yml | 12 ++++++------ .github/workflows/shell.yml | 2 +- .github/workflows/sync-proxy.yml | 4 ++-- 14 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index c042067063ef4..c8eeecd841aee 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -15,12 +15,12 @@ jobs: timeout-minutes: 10 steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: just-dev lint-actions devcontainer-versions: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: just-dev check-action-images diff --git a/.github/workflows/cli-build.yml b/.github/workflows/cli-build.yml index 101eea0f8cfd8..fba3696c8d5e4 100644 --- a/.github/workflows/cli-build.yml +++ b/.github/workflows/cli-build.yml @@ -17,7 +17,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 20 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 id: build diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 4a485d5bf5b78..2ac9686a3cd45 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -16,7 +16,7 @@ jobs: container: image: golang:1.25 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: go install gotest.tools/gotestsum@v0.4.2 - run: gotestsum -- -cover -coverprofile=coverage.out -v -mod=readonly ./... - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 @@ -31,7 +31,7 @@ jobs: container: image: node:20-stretch steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - name: Yarn setup shell: bash run: bin/scurl -o- https://yarnpkg.com/install.sh | bash -s -- --version 1.21.1 --network-concurrency 1 @@ -54,7 +54,7 @@ jobs: image: docker://rust:1.90.0 options: --security-opt seccomp=unconfined steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - shell: bash run: mkdir -p target && cd target && bin/scurl -v https://github.com/xd009642/tarpaulin/releases/download/0.27.3/cargo-tarpaulin-x86_64-unknown-linux-musl.tar.gz | tar zxvf - && chmod 755 cargo-tarpaulin - run: target/cargo-tarpaulin tarpaulin --workspace --out Xml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 85e2247f9a10b..47e4482709f49 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml index ef398cb208d04..4c8c0178be9e6 100644 --- a/.github/workflows/devcontainer.yml +++ b/.github/workflows/devcontainer.yml @@ -17,7 +17,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - shell: bash run: | # Extract current Rust version from the toolchain file. @@ -40,5 +40,5 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: just-dev pull-dev-image diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 1a0918d1ed765..172e6a00ace9e 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -8,7 +8,7 @@ jobs: meta: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: tj-actions/changed-files@2d752abc95ba0255af33a2b4d5de03df3954cdf2 id: changed with: @@ -31,7 +31,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-go steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just go-lint --verbose --timeout=10m @@ -42,7 +42,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-go steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just go-fmt @@ -53,7 +53,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-go steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just go-fetch - run: just go-test diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 922cc5139d66f..d6fbf6291b997 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -26,7 +26,7 @@ jobs: meta: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - id: tag run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" - uses: tj-actions/changed-files@2d752abc95ba0255af33a2b4d5de03df3954cdf2 @@ -92,7 +92,7 @@ jobs: - proxy timeout-minutes: 20 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: ./.github/actions/docker-build id: build env: @@ -124,7 +124,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 15 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod @@ -179,7 +179,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: olix0r/cargo-action-fmt/setup@9269f3aa1ff01775d95efc97037e2cbdb41d9684 - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: pattern: image-archives-* @@ -241,7 +241,7 @@ jobs: - web timeout-minutes: 15 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: ./.github/actions/docker-build id: build with: @@ -277,7 +277,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 15 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod @@ -305,7 +305,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 30 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod @@ -344,7 +344,7 @@ jobs: - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml index 1fbade95c5211..4c684aa126dc6 100644 --- a/.github/workflows/js.yml +++ b/.github/workflows/js.yml @@ -19,7 +19,7 @@ jobs: env: NODE_ENV: test steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - name: Yarn setup shell: bash run: | diff --git a/.github/workflows/markdown.yml b/.github/workflows/markdown.yml index c3da860e7edb2..1205db3dd935b 100644 --- a/.github/workflows/markdown.yml +++ b/.github/workflows/markdown.yml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 5 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: DavidAnson/markdownlint-cli2-action@30a0e04f1870d58f8d717450cc6134995f993c63 with: globs: | diff --git a/.github/workflows/proto.yml b/.github/workflows/proto.yml index 74870ffcb014b..64a9a9abcb946 100644 --- a/.github/workflows/proto.yml +++ b/.github/workflows/proto.yml @@ -18,7 +18,7 @@ jobs: container: ghcr.io/linkerd/dev:v48-go steps: - run: apt update && apt install -y unzip - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: bin/protoc-go.sh - run: git diff --exit-code diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 79df9d522060d..f60c7cd697976 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: tag: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" id: tag - name: Validate edge version @@ -53,7 +53,7 @@ jobs: - web timeout-minutes: 45 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - name: Set tag run: echo 'TAG=${{ needs.tag.outputs.tag }}' >> "$GITHUB_ENV" - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef @@ -103,7 +103,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod @@ -130,7 +130,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: artifact-ids: ${{ needs.cli.outputs.artifact-id }} @@ -169,7 +169,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge') runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - name: Set install target for stable if: startsWith(github.ref, 'refs/tags/stable') run: echo "INSTALL=install" >> "$GITHUB_ENV" @@ -197,7 +197,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - name: Log into GCP uses: "google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093" with: diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 032c82b6095be..a459b3bc4ce1c 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -36,7 +36,7 @@ jobs: # Prevent sudden announcement of a new advisory from failing Ci. continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: cargo deny --all-features check ${{ matrix.checks }} @@ -45,7 +45,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-check-fmt @@ -54,7 +54,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-fetch - run: just rs-clippy @@ -65,7 +65,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-fetch - run: just rs-check-dirs @@ -76,7 +76,7 @@ jobs: timeout-minutes: 15 container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-fetch - run: just rs-test-build @@ -87,7 +87,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 2 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - shell: bash run: | toolchain_version="$(./bin/rust-toolchain-version)" diff --git a/.github/workflows/shell.yml b/.github/workflows/shell.yml index 1ec54adb8366f..96d702c710ff2 100644 --- a/.github/workflows/shell.yml +++ b/.github/workflows/shell.yml @@ -17,5 +17,5 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - run: just sh-lint diff --git a/.github/workflows/sync-proxy.yml b/.github/workflows/sync-proxy.yml index 79e511aeecd18..bb920c6373128 100644 --- a/.github/workflows/sync-proxy.yml +++ b/.github/workflows/sync-proxy.yml @@ -64,7 +64,7 @@ jobs: env: VERSION: ${{ needs.meta.outputs.name }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 with: token: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }} - name: Check if proxy version has changed @@ -98,7 +98,7 @@ jobs: git config --global --add safe.directory "$PWD" # actions/runner#2033 git config --global user.name "$GITHUB_USERNAME" git config --global user.email "$GITHUB_USERNAME"@users.noreply.github.com - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 with: token: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }} - name: Commit proxy version From 53b308e3b8153f64730b27cb8dfa39bcb38395d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:39:01 -0500 Subject: [PATCH 078/123] build(deps): bump core-js from 3.45.1 to 3.47.0 in /web/app (#14751) Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.45.1 to 3.47.0. - [Release notes](https://github.com/zloirock/core-js/releases) - [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/zloirock/core-js/commits/v3.47.0/packages/core-js) --- updated-dependencies: - dependency-name: core-js dependency-version: 3.47.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index fd89997de9ba1..6cdf088ee762a 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -16,7 +16,7 @@ "@material-ui/icons": "4.11.3", "@material-ui/lab": "^4.0.0-alpha.61", "classnames": "2.5.1", - "core-js": "^3.45.1", + "core-js": "^3.47.0", "css-mediaquery": "^0.1.2", "d3-drag": "3.0.0", "d3-force": "3.0.0", diff --git a/web/app/yarn.lock b/web/app/yarn.lock index 09001d7fdc510..851ac7af04003 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -3619,10 +3619,10 @@ core-js-compat@^3.43.0: dependencies: browserslist "^4.25.1" -core-js@^3.45.1: - version "3.45.1" - resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.45.1.tgz#5810e04a1b4e9bc5ddaa4dd12e702ff67300634d" - integrity sha512-L4NPsJlCfZsPeXukyzHFlg/i7IIVwHSItR0wg0FLNqYClJ4MQYTYLbC7EkjKYRLZF2iof2MUgN0EGy7MdQFChg== +core-js@^3.47.0: + version "3.47.0" + resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.47.0.tgz#436ef07650e191afeb84c24481b298bd60eb4a17" + integrity sha512-c3Q2VVkGAUyupsjRnaNX6u8Dq2vAdzm9iuPj5FW0fRxzlxgq9Q39MDq10IvmQSpLgHQNyQzQmOo6bgGHmH3NNg== core-util-is@~1.0.0: version "1.0.3" From 02d8f4c01a786316cf9a4da1dac5e524303402d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:39:37 -0500 Subject: [PATCH 079/123] build(deps): bump hyper from 1.8.0 to 1.8.1 (#14746) Bumps [hyper](https://github.com/hyperium/hyper) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/hyperium/hyper/releases) - [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md) - [Commits](https://github.com/hyperium/hyper/compare/v1.8.0...v1.8.1) --- updated-dependencies: - dependency-name: hyper dependency-version: 1.8.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c6e7603f7b2d8..74dc1d638a01f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -555,7 +555,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.0", + "windows-sys 0.52.0", ] [[package]] @@ -918,9 +918,9 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" [[package]] name = "hyper" -version = "1.8.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1744436df46f0bde35af3eda22aeaba453aada65d8f1c171cd8a5f59030bd69f" +checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11" dependencies = [ "atomic-waker", "bytes", @@ -2057,7 +2057,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] From 43ba9493c995d1e9acc10c299148335d0733f0a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:40:05 -0500 Subject: [PATCH 080/123] build(deps-dev): bump html-webpack-plugin in /web/app (#14752) Bumps [html-webpack-plugin](https://github.com/jantimon/html-webpack-plugin) from 5.6.4 to 5.6.5. - [Release notes](https://github.com/jantimon/html-webpack-plugin/releases) - [Changelog](https://github.com/jantimon/html-webpack-plugin/blob/main/CHANGELOG.md) - [Commits](https://github.com/jantimon/html-webpack-plugin/compare/v5.6.4...v5.6.5) --- updated-dependencies: - dependency-name: html-webpack-plugin dependency-version: 5.6.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index 6cdf088ee762a..24e681ee51991 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -69,7 +69,7 @@ "eslint-webpack-plugin": "^4.2.0", "file-loader": "^6.2.0", "history": "5.3.0", - "html-webpack-plugin": "^5.6.4", + "html-webpack-plugin": "^5.6.5", "jest": "^30.1.3", "jest-environment-jsdom": "^30.2.0", "lodash-webpack-plugin": "^0.11.6", diff --git a/web/app/yarn.lock b/web/app/yarn.lock index 851ac7af04003..500ff778e2ab1 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -5692,10 +5692,10 @@ html-minifier-terser@^6.0.2: relateurl "^0.2.7" terser "^5.7.2" -html-webpack-plugin@^5.6.4: - version "5.6.4" - resolved "https://registry.yarnpkg.com/html-webpack-plugin/-/html-webpack-plugin-5.6.4.tgz#d8cb0f7edff7745ae7d6cccb0bff592e9f7f7959" - integrity sha512-V/PZeWsqhfpE27nKeX9EO2sbR+D17A+tLf6qU+ht66jdUsN0QLKJN27Z+1+gHrVMKgndBahes0PU6rRihDgHTw== +html-webpack-plugin@^5.6.5: + version "5.6.5" + resolved "https://registry.yarnpkg.com/html-webpack-plugin/-/html-webpack-plugin-5.6.5.tgz#d57defb83cabbf29bf56b2d4bf10b67b650066be" + integrity sha512-4xynFbKNNk+WlzXeQQ+6YYsH2g7mpfPszQZUi3ovKlj+pDmngQ7vRXjrrmGROabmKwyQkcgcX5hqfOwHbFmK5g== dependencies: "@types/html-minifier-terser" "^6.0.0" html-minifier-terser "^6.0.2" From 167cd26e30ab5fe50c9c841b6251a1d73996a821 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:41:43 -0500 Subject: [PATCH 081/123] build(deps): bump axum from 0.8.6 to 0.8.7 (#14744) Bumps [axum](https://github.com/tokio-rs/axum) from 0.8.6 to 0.8.7. - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.8.6...axum-v0.8.7) --- updated-dependencies: - dependency-name: axum dependency-version: 0.8.7 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 74dc1d638a01f..ecdb1bc242357 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -133,9 +133,9 @@ dependencies = [ [[package]] name = "axum" -version = "0.8.6" +version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18ed336352031311f4e0b4dd2ff392d4fbb370777c9d18d7fc9d7359f73871" +checksum = "5b098575ebe77cb6d14fc7f32749631a6e44edbef6b796f89b020e99ba20d425" dependencies = [ "axum-core", "bytes", From 6bfc0bbd8675eb57e56376f1901015d664574c59 Mon Sep 17 00:00:00 2001 From: Sergei Zhekpisov Date: Thu, 27 Nov 2025 14:42:32 +0000 Subject: [PATCH 082/123] Fix references to linkerd-crds in README (#14758) Updated README to reflect correct chart installation requirements. Signed-off-by: Sergei Zhekpisov <205766156+szhekpisov-katanox@users.noreply.github.com> Signed-off-by: Ivan Porta --- charts/linkerd-control-plane/README.md.gotmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/linkerd-control-plane/README.md.gotmpl b/charts/linkerd-control-plane/README.md.gotmpl index 0a30132064fcc..be7569a13bba8 100644 --- a/charts/linkerd-control-plane/README.md.gotmpl +++ b/charts/linkerd-control-plane/README.md.gotmpl @@ -47,7 +47,7 @@ Note that the provided certificates must be ECDSA certificates. ## Adding Linkerd's Helm repository Included here for completeness-sake, but should have already been added when -`linkerd-base` was installed. +`linkerd-crds` was installed. ```bash # To add the repo for Linkerd edge releases: @@ -68,7 +68,7 @@ helm install linkerd-control-plane -n linkerd \ ``` Note that you require to install this chart in the same namespace you installed -the `linkerd-base` chart. +the `linkerd-crds` chart. ## Setting High-Availability From 0153ee2afb796ab019b66953fc2169b6bfdeadfc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:43:02 -0500 Subject: [PATCH 083/123] build(deps): bump rustls-webpki from 0.103.7 to 0.103.8 (#14745) Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.103.7 to 0.103.8. - [Release notes](https://github.com/rustls/webpki/releases) - [Commits](https://github.com/rustls/webpki/compare/v/0.103.7...v/0.103.8) --- updated-dependencies: - dependency-name: rustls-webpki dependency-version: 0.103.8 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ecdb1bc242357..cf40f73a6af56 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2121,9 +2121,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.7" +version = "0.103.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e10b3f4191e8a80e6b43eebabfac91e5dcecebb27a71f04e820c47ec41d314bf" +checksum = "2ffdfa2f5286e2247234e03f680868ac2815974dc39e00ea15adc445d0aafe52" dependencies = [ "aws-lc-rs", "ring", From e1a51d4d23d04177697c74536540ee4f1c8e68a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:57:21 -0500 Subject: [PATCH 084/123] build(deps-dev): bump webpack from 5.101.3 to 5.103.0 in /web/app (#14753) Bumps [webpack](https://github.com/webpack/webpack) from 5.101.3 to 5.103.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.101.3...v5.103.0) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.103.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 104 +++++++++++++++++++++++-------------------- 2 files changed, 56 insertions(+), 50 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index 24e681ee51991..20bf0b2f478b0 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -78,7 +78,7 @@ "sinon-stub-promise": "4.0.0", "style-loader": "^4.0.0", "url-loader": "^4.1.1", - "webpack": "^5.101.3", + "webpack": "^5.103.0", "webpack-bundle-analyzer": "5.0.1", "webpack-cli": "6.0.1", "webpack-dev-server": "5.2.2" diff --git a/web/app/yarn.lock b/web/app/yarn.lock index 500ff778e2ab1..53b7de73a0de6 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -3054,6 +3054,11 @@ base64-js@^1.3.1: resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== +baseline-browser-mapping@^2.8.25: + version "2.8.31" + resolved "https://registry.yarnpkg.com/baseline-browser-mapping/-/baseline-browser-mapping-2.8.31.tgz#16c0f1814638257932e0486dbfdbb3348d0a5710" + integrity sha512-a28v2eWrrRWPpJSzxc+mKwm0ZtVx/G8SepdQZDArnXYU/XS+IF6mp8aB/4E+hH1tyGCoDo3KlUCdlSxGDsRkAw== + batch@0.6.1: version "0.6.1" resolved "https://registry.yarnpkg.com/batch/-/batch-0.6.1.tgz#dc34314f4e679318093fc760272525f94bf25c16" @@ -3140,15 +3145,16 @@ braces@^3.0.1, braces@^3.0.2, braces@^3.0.3, braces@~3.0.2: dependencies: fill-range "^7.1.1" -browserslist@^4.24.0, browserslist@^4.25.1: - version "4.25.1" - resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.25.1.tgz#ba9e8e6f298a1d86f829c9b975e07948967bb111" - integrity sha512-KGj0KoOMXLpSNkkEI6Z6mShmQy0bc1I+T7K9N81k4WWMrfz+6fQ6es80B/YLAeRoKvjYE1YSHHOW1qe9xIVzHw== +browserslist@^4.24.0, browserslist@^4.25.1, browserslist@^4.26.3: + version "4.28.0" + resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.28.0.tgz#9cefece0a386a17a3cd3d22ebf67b9deca1b5929" + integrity sha512-tbydkR/CxfMwelN0vwdP/pLkDwyAASZ+VfWm4EOwlB6SWhx1sYnWLqo8N5j0rAzPfzfRaxt0mM/4wPU/Su84RQ== dependencies: - caniuse-lite "^1.0.30001726" - electron-to-chromium "^1.5.173" - node-releases "^2.0.19" - update-browserslist-db "^1.1.3" + baseline-browser-mapping "^2.8.25" + caniuse-lite "^1.0.30001754" + electron-to-chromium "^1.5.249" + node-releases "^2.0.27" + update-browserslist-db "^1.1.4" bser@2.1.1: version "2.1.1" @@ -3285,10 +3291,10 @@ camelcase@^6.3.0: resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-6.3.0.tgz#5685b95eb209ac9c0c177467778c9c84df58ba9a" integrity sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA== -caniuse-lite@^1.0.30001726: - version "1.0.30001727" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001727.tgz#22e9706422ad37aa50556af8c10e40e2d93a8b85" - integrity sha512-pB68nIHmbN6L/4C6MH1DokyR3bYqFwjaSs/sWDHGj4CTcFtQUQMuJftVwWkXq7mNWOybD3KhUv3oWHoGxgP14Q== +caniuse-lite@^1.0.30001754: + version "1.0.30001757" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001757.tgz#a46ff91449c69522a462996c6aac4ef95d7ccc5e" + integrity sha512-r0nnL/I28Zi/yjk1el6ilj27tKcdjLsNqAOZr0yVjWPrSQyHgKI2INaEWw21bAQSv2LXRt1XuCS/GomNpWOxsQ== chai@4.5.0: version "4.5.0" @@ -4122,10 +4128,10 @@ ee-first@1.1.1: resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0= -electron-to-chromium@^1.5.173: - version "1.5.182" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.182.tgz#4ab73104f893938acb3ab9c28d7bec170c116b3e" - integrity sha512-Lv65Btwv9W4J9pyODI6EWpdnhfvrve/us5h1WspW8B2Fb0366REPtY3hX7ounk1CkV/TBjWCEvCBBbYbmV0qCA== +electron-to-chromium@^1.5.249: + version "1.5.262" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.262.tgz#c31eed591c6628908451c9ca0f0758ed514aa003" + integrity sha512-NlAsMteRHek05jRUxUR0a5jpjYq9ykk6+kO0yRaMi5moe7u0fVIOeQ3Y30A8dIiWFBNUoQGi1ljb1i5VtS9WQQ== emittery@^0.13.1: version "0.13.1" @@ -7176,10 +7182,10 @@ linkify-it@^2.0.3: dependencies: uc.micro "^1.0.1" -loader-runner@^4.2.0: - version "4.2.0" - resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-4.2.0.tgz#d7022380d66d14c5fb1d496b89864ebcfd478384" - integrity sha512-92+huvxMvYlMzMt0iIOukcwYBFpkYJdpl2xsZ7LrlayO7E8SOv+JJUEK17B/dJIHAOLMfh2dZZ/Y18WgmGtYNw== +loader-runner@^4.3.1: + version "4.3.1" + resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-4.3.1.tgz#6c76ed29b0ccce9af379208299f07f876de737e3" + integrity sha512-IWqP2SCPhyVFTBtRcgMHdzlf9ul25NwaFx4wCEH/KjAXuuHY4yNjvPXsBokp8jCB936PyWRaPKUNh8NvylLp2Q== loader-utils@^2.0.0: version "2.0.4" @@ -7552,10 +7558,10 @@ node-int64@^0.4.0: resolved "https://registry.yarnpkg.com/node-int64/-/node-int64-0.4.0.tgz#87a9065cdb355d3182d8f94ce11188b825c68a3b" integrity sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs= -node-releases@^2.0.19: - version "2.0.19" - resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.19.tgz#9e445a52950951ec4d177d843af370b411caf314" - integrity sha512-xxOWJsBKtzAq7DY0J+DTzuz58K8e7sJbdgwkbMWQe8UYB6ekmsQ45q0M/tJDsGaZmbC+l7n57UV8Hl5tHxO9uw== +node-releases@^2.0.27: + version "2.0.27" + resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.27.tgz#eedca519205cf20f650f61d56b070db111231e4e" + integrity sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA== normalize-path@^3.0.0, normalize-path@~3.0.0: version "3.0.0" @@ -8801,10 +8807,10 @@ schema-utils@^3.0.0: ajv "^6.12.5" ajv-keywords "^3.5.2" -schema-utils@^4.0.0, schema-utils@^4.2.0, schema-utils@^4.3.0, schema-utils@^4.3.2: - version "4.3.2" - resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-4.3.2.tgz#0c10878bf4a73fd2b1dfd14b9462b26788c806ae" - integrity sha512-Gn/JaSk/Mt9gYubxTtSn/QCV4em9mpAPiR1rqy/Ocu19u/G9J5WWdNoUT4SiV6mFC3y6cxyFcFwdzPM3FgxGAQ== +schema-utils@^4.0.0, schema-utils@^4.2.0, schema-utils@^4.3.0, schema-utils@^4.3.3: + version "4.3.3" + resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-4.3.3.tgz#5b1850912fa31df90716963d45d9121fdfc09f46" + integrity sha512-eflK8wEtyOE6+hsaRVPxvUKYCpRgzLqDTb8krvAsRIwOGlHoSgYLgBXoubGgLd2fT41/OUYdb48v4k4WWHQurA== dependencies: "@types/json-schema" "^7.0.9" ajv "^8.9.0" @@ -9427,10 +9433,10 @@ synckit@^0.11.8: dependencies: "@pkgr/core" "^0.2.4" -tapable@^2.0.0, tapable@^2.1.1, tapable@^2.2.0: - version "2.2.1" - resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0" - integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== +tapable@^2.0.0, tapable@^2.2.0, tapable@^2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.3.0.tgz#7e3ea6d5ca31ba8e078b560f0d83ce9a14aa8be6" + integrity sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg== terser-webpack-plugin@^5.3.11: version "5.3.14" @@ -9862,10 +9868,10 @@ unrs-resolver@^1.7.11: "@unrs/resolver-binding-win32-ia32-msvc" "1.9.0" "@unrs/resolver-binding-win32-x64-msvc" "1.9.0" -update-browserslist-db@^1.1.3: - version "1.1.3" - resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz#348377dd245216f9e7060ff50b15a1b740b75420" - integrity sha512-UxhIZQ+QInVdunkDAaiazvvT/+fXL5Osr0JZlJulepYu6Jd7qJtDZjlur0emRlT71EN3ScPoE7gvsuIKKNavKw== +update-browserslist-db@^1.1.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.1.4.tgz#7802aa2ae91477f255b86e0e46dbc787a206ad4a" + integrity sha512-q0SPT4xyU84saUX+tomz1WLkxUbuaJnR1xWt17M7fJtEJigJeWUNGUqrauFXsHnqev9y9JTRGwk13tFBuKby4A== dependencies: escalade "^3.2.0" picocolors "^1.1.1" @@ -9953,10 +9959,10 @@ walker@^1.0.8: dependencies: makeerror "1.0.12" -watchpack@^2.4.1: - version "2.4.1" - resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.4.1.tgz#29308f2cac150fa8e4c92f90e0ec954a9fed7fff" - integrity sha512-8wrBCMtVhqcXP2Sup1ctSkga6uc2Bx0IIvKyT7yTFier5AXHooSI+QyQQAtTb7+E0IUCCKyTFmXqdqgum2XWGg== +watchpack@^2.4.4: + version "2.4.4" + resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.4.4.tgz#473bda72f0850453da6425081ea46fc0d7602947" + integrity sha512-c5EGNOiyxxV5qmTtAB7rbiXxi1ooX1pQKMLX/MIabJjRA0SJBQOjKF+KSVfHkr9U1cADPon0mRiVe/riyaiDUA== dependencies: glob-to-regexp "^0.4.1" graceful-fs "^4.1.2" @@ -10076,10 +10082,10 @@ webpack-sources@^3.3.3: resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.3.3.tgz#d4bf7f9909675d7a070ff14d0ef2a4f3c982c723" integrity sha512-yd1RBzSGanHkitROoPFd6qsrxt+oFhg/129YzheDGqeustzX0vTZJZsSsQjVQC4yzBQ56K55XU8gaNCtIzOnTg== -webpack@^5.101.3: - version "5.101.3" - resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.101.3.tgz#3633b2375bb29ea4b06ffb1902734d977bc44346" - integrity sha512-7b0dTKR3Ed//AD/6kkx/o7duS8H3f1a4w3BYpIriX4BzIhjkn4teo05cptsxvLesHFKK5KObnadmCHBwGc+51A== +webpack@^5.103.0: + version "5.103.0" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.103.0.tgz#17a7c5a5020d5a3a37c118d002eade5ee2c6f3da" + integrity sha512-HU1JOuV1OavsZ+mfigY0j8d1TgQgbZ6M+J75zDkpEAwYeXjWSqrGJtgnPblJjd/mAyTNQ7ygw0MiKOn6etz8yw== dependencies: "@types/eslint-scope" "^3.7.7" "@types/estree" "^1.0.8" @@ -10089,7 +10095,7 @@ webpack@^5.101.3: "@webassemblyjs/wasm-parser" "^1.14.1" acorn "^8.15.0" acorn-import-phases "^1.0.3" - browserslist "^4.24.0" + browserslist "^4.26.3" chrome-trace-event "^1.0.2" enhanced-resolve "^5.17.3" es-module-lexer "^1.2.1" @@ -10098,13 +10104,13 @@ webpack@^5.101.3: glob-to-regexp "^0.4.1" graceful-fs "^4.2.11" json-parse-even-better-errors "^2.3.1" - loader-runner "^4.2.0" + loader-runner "^4.3.1" mime-types "^2.1.27" neo-async "^2.6.2" - schema-utils "^4.3.2" - tapable "^2.1.1" + schema-utils "^4.3.3" + tapable "^2.3.0" terser-webpack-plugin "^5.3.11" - watchpack "^2.4.1" + watchpack "^2.4.4" webpack-sources "^3.3.3" websocket-driver@>=0.5.1, websocket-driver@^0.7.4: From 8e72e5b42f992a74d57be3608f46dff8504b2e14 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 09:57:53 -0500 Subject: [PATCH 085/123] build(deps): bump bytes from 1.10.1 to 1.11.0 (#14743) Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.10.1 to 1.11.0. - [Release notes](https://github.com/tokio-rs/bytes/releases) - [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/bytes/compare/v1.10.1...v1.11.0) --- updated-dependencies: - dependency-name: bytes dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cf40f73a6af56..7dbdebeca0d89 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -234,9 +234,9 @@ checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43" [[package]] name = "bytes" -version = "1.10.1" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a" +checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3" [[package]] name = "cc" @@ -555,7 +555,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys 0.61.0", ] [[package]] @@ -2057,7 +2057,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] From 43a3cfc772fb99270160e0b669b38366b046cea5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 09:15:09 -0500 Subject: [PATCH 086/123] build(deps): bump softprops/action-gh-release from 2.4.2 to 2.5.0 (#14774) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.4.2 to 2.5.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/5be0e66d93ac7ed76da52eca8bb058f665c3a5fe...a06a81a03ee405af7f2048a818ed3f03bbf83c7b) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f60c7cd697976..1b8fa9ec93bbb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -137,7 +137,7 @@ jobs: path: cli - name: Create release id: create_release - uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b with: name: "${{ needs.tag.outputs.tag }}" generate_release_notes: true From 3834184607f04fbbe67ac05ae0bea84816bd9c25 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 09:15:49 -0500 Subject: [PATCH 087/123] build(deps): bump the tracing group across 1 directory with 4 updates (#14770) Bumps the tracing group with 2 updates in the / directory: [tracing](https://github.com/tokio-rs/tracing) and [tracing-subscriber](https://github.com/tokio-rs/tracing). Updates `tracing` from 0.1.41 to 0.1.43 - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.41...tracing-0.1.43) Updates `tracing-subscriber` from 0.3.20 to 0.3.22 - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.20...tracing-subscriber-0.3.22) Updates `tracing-attributes` from 0.1.30 to 0.1.31 - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-attributes-0.1.30...tracing-attributes-0.1.31) Updates `tracing-core` from 0.1.34 to 0.1.35 - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-core-0.1.34...tracing-core-0.1.35) --- updated-dependencies: - dependency-name: tracing dependency-version: 0.1.43 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: tracing - dependency-name: tracing-subscriber dependency-version: 0.3.22 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: tracing - dependency-name: tracing-attributes dependency-version: 0.1.31 dependency-type: indirect update-type: version-update:semver-patch dependency-group: tracing - dependency-name: tracing-core dependency-version: 0.1.35 dependency-type: indirect update-type: version-update:semver-patch dependency-group: tracing ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 16 ++++++++-------- policy-controller/k8s/status/Cargo.toml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7dbdebeca0d89..39d13a15b316f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2636,9 +2636,9 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" [[package]] name = "tracing" -version = "0.1.41" +version = "0.1.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0" +checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647" dependencies = [ "log", "pin-project-lite", @@ -2648,9 +2648,9 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.30" +version = "0.1.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" dependencies = [ "proc-macro2", "quote", @@ -2659,9 +2659,9 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.34" +version = "0.1.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678" +checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c" dependencies = [ "once_cell", "valuable", @@ -2690,9 +2690,9 @@ dependencies = [ [[package]] name = "tracing-subscriber" -version = "0.3.20" +version = "0.3.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2054a14f5307d601f88daf0553e1cbf472acc4f2c51afab632431cdcd72124d5" +checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e" dependencies = [ "matchers", "nu-ansi-term", diff --git a/policy-controller/k8s/status/Cargo.toml b/policy-controller/k8s/status/Cargo.toml index c4b15f5d7516f..91a67ceb890ba 100644 --- a/policy-controller/k8s/status/Cargo.toml +++ b/policy-controller/k8s/status/Cargo.toml @@ -16,7 +16,7 @@ serde = "1" serde_json = "1.0.145" thiserror = "2" tokio = { version = "1", features = ["macros"] } -tracing = "0.1.41" +tracing = "0.1.43" linkerd-policy-controller-core = { workspace = true } linkerd-policy-controller-k8s-api = { workspace = true } From 667893f62d719239257b8359c4aef80d570700b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 09:16:21 -0500 Subject: [PATCH 088/123] build(deps): bump signal-hook-registry from 1.4.6 to 1.4.7 (#14766) Bumps [signal-hook-registry](https://github.com/vorner/signal-hook) from 1.4.6 to 1.4.7. - [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md) - [Commits](https://github.com/vorner/signal-hook/compare/registry-v1.4.6...registry-v1.4.7) --- updated-dependencies: - dependency-name: signal-hook-registry dependency-version: 1.4.7 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 39d13a15b316f..9f5c9cc5f92d8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2337,9 +2337,9 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "signal-hook-registry" -version = "1.4.6" +version = "1.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2a4719bff48cee6b39d12c020eeb490953ad2443b7055bd0b21fca26bd8c28b" +checksum = "7664a098b8e616bdfcc2dc0e9ac44eb231eedf41db4e9fe95d8d32ec728dedad" dependencies = [ "libc", ] From 84db64d6e402965e68037b423db9f6e3aec8a3f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 09:16:59 -0500 Subject: [PATCH 089/123] build(deps): bump the pest group with 4 updates (#14764) Bumps the pest group with 4 updates: [pest](https://github.com/pest-parser/pest), [pest_derive](https://github.com/pest-parser/pest), [pest_generator](https://github.com/pest-parser/pest) and [pest_meta](https://github.com/pest-parser/pest). Updates `pest` from 2.8.3 to 2.8.4 - [Release notes](https://github.com/pest-parser/pest/releases) - [Commits](https://github.com/pest-parser/pest/compare/v2.8.3...v2.8.4) Updates `pest_derive` from 2.8.3 to 2.8.4 - [Release notes](https://github.com/pest-parser/pest/releases) - [Commits](https://github.com/pest-parser/pest/compare/v2.8.3...v2.8.4) Updates `pest_generator` from 2.8.3 to 2.8.4 - [Release notes](https://github.com/pest-parser/pest/releases) - [Commits](https://github.com/pest-parser/pest/compare/v2.8.3...v2.8.4) Updates `pest_meta` from 2.8.3 to 2.8.4 - [Release notes](https://github.com/pest-parser/pest/releases) - [Commits](https://github.com/pest-parser/pest/compare/v2.8.3...v2.8.4) --- updated-dependencies: - dependency-name: pest dependency-version: 2.8.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: pest - dependency-name: pest_derive dependency-version: 2.8.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: pest - dependency-name: pest_generator dependency-version: 2.8.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: pest - dependency-name: pest_meta dependency-version: 2.8.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: pest ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9f5c9cc5f92d8..75e8189802448 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1761,9 +1761,9 @@ checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" [[package]] name = "pest" -version = "2.8.3" +version = "2.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "989e7521a040efde50c3ab6bbadafbe15ab6dc042686926be59ac35d74607df4" +checksum = "cbcfd20a6d4eeba40179f05735784ad32bdaef05ce8e8af05f180d45bb3e7e22" dependencies = [ "memchr", "ucd-trie", @@ -1771,9 +1771,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.8.3" +version = "2.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "187da9a3030dbafabbbfb20cb323b976dc7b7ce91fcd84f2f74d6e31d378e2de" +checksum = "51f72981ade67b1ca6adc26ec221be9f463f2b5839c7508998daa17c23d94d7f" dependencies = [ "pest", "pest_generator", @@ -1781,9 +1781,9 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.8.3" +version = "2.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49b401d98f5757ebe97a26085998d6c0eecec4995cad6ab7fc30ffdf4b052843" +checksum = "dee9efd8cdb50d719a80088b76f81aec7c41ed6d522ee750178f83883d271625" dependencies = [ "pest", "pest_meta", @@ -1794,9 +1794,9 @@ dependencies = [ [[package]] name = "pest_meta" -version = "2.8.3" +version = "2.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72f27a2cfee9f9039c4d86faa5af122a0ac3851441a34865b8a043b46be0065a" +checksum = "bf1d70880e76bdc13ba52eafa6239ce793d85c8e43896507e43dd8984ff05b82" dependencies = [ "pest", "sha2", From f5063b9cd560838cf0bc88b21d8cbc67ad47ce33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 09:17:29 -0500 Subject: [PATCH 090/123] build(deps): bump google.golang.org/grpc/cmd/protoc-gen-go-grpc (#14762) Bumps [google.golang.org/grpc/cmd/protoc-gen-go-grpc](https://github.com/grpc/grpc-go) from 1.5.1 to 1.6.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.5.1...v1.6.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc/cmd/protoc-gen-go-grpc dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ea399b5a174de..06440afe36702 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( go.opencensus.io v0.24.0 golang.org/x/tools v0.39.0 google.golang.org/grpc v1.77.0 - google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 + google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.0 google.golang.org/protobuf v1.36.10 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.19.2 diff --git a/go.sum b/go.sum index 172dbc08a2989..997f083d05190 100644 --- a/go.sum +++ b/go.sum @@ -692,8 +692,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 h1:F29+wU6Ee6qgu9TddPgooOdaqsxTMunOoj8KA5yuS5A= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.0 h1:6Al3kEFFP9VJhRz3DID6quisgPnTeZVr4lep9kkxdPA= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.0/go.mod h1:QLvsjh0OIR0TYBeiu2bkWGTJBUNQ64st52iWj/yA93I= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 14d136d68a9f826a256ee7049ebb2112941deca8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 09:24:39 -0500 Subject: [PATCH 091/123] build(deps): bump mio from 1.0.4 to 1.1.0 (#14765) Bumps [mio](https://github.com/tokio-rs/mio) from 1.0.4 to 1.1.0. - [Release notes](https://github.com/tokio-rs/mio/releases) - [Changelog](https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/mio/compare/v1.0.4...v1.1.0) --- updated-dependencies: - dependency-name: mio dependency-version: 1.1.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 75e8189802448..23d99b0537e5d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1618,13 +1618,13 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "mio" -version = "1.0.4" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78bed444cc8a2160f01cbcf811ef18cac863ad68ae8ca62092e8db51d51c761c" +checksum = "69d83b0086dc8ecf3ce9ae2874b2d1290252e2a30720bea58a5c6639b0092873" dependencies = [ "libc", "wasi 0.11.1+wasi-snapshot-preview1", - "windows-sys 0.59.0", + "windows-sys 0.61.0", ] [[package]] @@ -2057,7 +2057,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] From 394f98fb59dc12ecfa670ada5aa67b5919e7ed2a Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Thu, 4 Dec 2025 13:27:35 -0500 Subject: [PATCH 092/123] test(policy): address timeouts and flakiness (#14773) Policy tests are very flaky. Currently one of the main culprits is that service account creation sometimes isn't caught as an event by the watcher, blocking `await_service_account` until it times out after 60s. We already have in place up to 3 retries when calling `cargo nextest`, but these tests are sequential and the 60s timeouts start accumulating until we reach the CI job timeout at 20min. This change first lowers the service account creation timeout down to 15s, understanding that if the watcher catches that event it will do pretty quickly or else block indefinitely. So better to fail faster and trigger the test retry ASAP. With this change, `test-policy (v1.34, linkerd, experimental)` is finally passing, taking 17m due to the large number of retries: ``` Summary [ 779.409s] 151 tests run: 151 passed (15 flaky), 0 skipped FLAKY 2/4 [ 0.069s] linkerd-policy-test::admit_network_authentication rejects_invalid_cidr FLAKY 3/4 [ 15.019s] linkerd-policy-test::e2e_audit ns_audit FLAKY 2/4 [ 10.964s] linkerd-policy-test::e2e_authorization_policy targets_route FLAKY 3/4 [ 3.830s] linkerd-policy-test::e2e_egress_network default_traffic_policy_http_allow FLAKY 2/4 [ 37.004s] linkerd-policy-test::e2e_http_local_ratelimit_policy ratelimit_total FLAKY 2/4 [ 7.947s] linkerd-policy-test::e2e_server_authorization network FLAKY 2/4 [ 0.142s] linkerd-policy-test::inbound_http_route_status inbound_accepted_parent FLAKY 2/4 [ 0.167s] linkerd-policy-test::inbound_http_route_status inbound_multiple_parents FLAKY 2/4 [ 1.681s] linkerd-policy-test::outbound_api multiple_routes FLAKY 2/4 [ 1.013s] linkerd-policy-test::outbound_api routes_without_backends FLAKY 3/4 [ 1.153s] linkerd-policy-test::outbound_api service_with_routes_with_cross_namespace_backend FLAKY 2/4 [ 0.282s] linkerd-policy-test::outbound_api_failure_accrual consecutive_failure_accrual FLAKY 3/4 [ 0.290s] linkerd-policy-test::outbound_api_failure_accrual default_failure_accrual FLAKY 2/4 [ 0.354s] linkerd-policy-test::outbound_api_http http_route_gateway_timeouts FLAKY 2/4 [ 0.740s] linkerd-policy-test::outbound_api_http http_route_retries_and_timeouts ``` After having measured this, we also added a watcher for the namespace, vastly reducing flakiness: ``` Summary [ 517.330s] 151 tests run: 151 passed (2 flaky), 0 skipped FLAKY 2/4 [ 0.941s] linkerd-policy-test::outbound_api routes_without_backends FLAKY 2/4 [ 0.459s] linkerd-policy-test::outbound_api_tcp multiple_tcp_routes ``` Finally, the jaeger chart version has to be pinned to an earlier one as the latest one is presenting some breaking changes that are making the tracing test fail. Signed-off-by: Ivan Porta --- policy-test/src/lib.rs | 56 +++++++++++++------ .../tracing/tracing/tracing_test.go | 2 +- 2 files changed, 41 insertions(+), 17 deletions(-) diff --git a/policy-test/src/lib.rs b/policy-test/src/lib.rs index 7383947bd8037..1b30a99ff50e9 100644 --- a/policy-test/src/lib.rs +++ b/policy-test/src/lib.rs @@ -708,7 +708,7 @@ where .await; tracing::trace!(?ns); tokio::time::timeout( - tokio::time::Duration::from_secs(60), + tokio::time::Duration::from_secs(15), await_service_account(&client, &ns.name_unchecked(), "default"), ) .await @@ -754,33 +754,57 @@ where } } -pub async fn await_service_account(client: &kube::Client, ns: &str, name: &str) { +async fn await_resource( + mut watcher: impl futures::Stream< + Item = Result, kube::runtime::watcher::Error>, + > + Unpin, + predicate: impl Fn(&T) -> bool, +) where + T: kube::Resource + std::fmt::Debug, +{ use futures::StreamExt; - tracing::trace!(%name, %ns, "Waiting for serviceaccount"); - tokio::pin! { - let sas = kube::runtime::watcher( - kube::Api::::namespaced(client.clone(), ns), - Default::default(), - ); - } loop { - let ev = sas + let ev = watcher .next() .await - .expect("serviceaccounts watch must not end") - .expect("serviceaccounts watch must not fail"); + .expect("watch must not end") + .expect("watch must not fail"); tracing::info!(?ev); match ev { - kube::runtime::watcher::Event::InitApply(sa) - | kube::runtime::watcher::Event::Apply(sa) - if sa.name_unchecked() == name => + kube::runtime::watcher::Event::InitApply(resource) + | kube::runtime::watcher::Event::Apply(resource) + if predicate(&resource) => { - return + break } _ => {} } } +} + +pub async fn await_service_account(client: &kube::Client, ns: &str, name: &str) { + tracing::trace!(%ns, "Waiting for namespace"); + + let label_selector = format!("kubernetes.io/metadata.name={}", ns); + let watcher_config = kube::runtime::watcher::Config::default().labels(&label_selector); + tokio::pin! { + let namespaces = kube::runtime::watcher( + kube::Api::::all(client.clone()), + watcher_config, + ); + } + await_resource(namespaces, |namespace| namespace.name_unchecked() == ns).await; + + tracing::trace!(%name, %ns, "Waiting for serviceaccount"); + + tokio::pin! { + let sas = kube::runtime::watcher( + kube::Api::::namespaced(client.clone(), ns), + Default::default(), + ); + } + await_resource(sas, |sa| sa.name_unchecked() == name).await; // XXX In some versions of k8s, it may be appropriate to wait for the // ServiceAccount's secret to be created, but, as of v1.24, diff --git a/test/integration/tracing/tracing/tracing_test.go b/test/integration/tracing/tracing/tracing_test.go index db329b6786c1a..95d4676c21885 100644 --- a/test/integration/tracing/tracing/tracing_test.go +++ b/test/integration/tracing/tracing/tracing_test.go @@ -134,7 +134,7 @@ func installTracing(t *testing.T, namespace string) { if err != nil { testutil.AnnotatedFatalf(t, "failed to add OpenTelemetry repository", "failed to add OpenTelemetry repository\n%s\n------\n%s\n", stdout, stderr) } - stdout, stderr, err = TestHelper.HelmRun("install", "jaeger", "jaegertracing/jaeger", "--namespace=tracing", "--values=testdata/jaeger-aio-values.yaml") + stdout, stderr, err = TestHelper.HelmRun("install", "jaeger", "jaegertracing/jaeger", "--namespace=tracing", "--values=testdata/jaeger-aio-values.yaml", "--version=3.4.1") if err != nil { testutil.AnnotatedFatalf(t, "failed to install jaeger", "failed to install jaeger\n%s\n------\n%s\n", stdout, stderr) } From 22d9829d92065f9beb3920ba93804777fa6bf2bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 14:53:18 -0500 Subject: [PATCH 093/123] build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 (#14778) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.10.1 to 1.10.2. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 06440afe36702..ea20b9aecb78d 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( github.com/sergi/go-diff v1.4.0 github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 github.com/sirupsen/logrus v1.9.3 - github.com/spf13/cobra v1.10.1 + github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 go.opencensus.io v0.24.0 golang.org/x/tools v0.39.0 diff --git a/go.sum b/go.sum index 997f083d05190..307e5727960d8 100644 --- a/go.sum +++ b/go.sum @@ -384,8 +384,8 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= -github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= From de7185c00300bac46a5e9866c29432e69ee6c02e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 14:53:35 -0500 Subject: [PATCH 094/123] build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#14776) Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/actions.yml | 4 ++-- .github/workflows/cli-build.yml | 2 +- .github/workflows/codecov.yml | 6 +++--- .github/workflows/codeql.yml | 2 +- .github/workflows/devcontainer.yml | 4 ++-- .github/workflows/go.yml | 8 ++++---- .github/workflows/integration.yml | 16 ++++++++-------- .github/workflows/js.yml | 2 +- .github/workflows/markdown.yml | 2 +- .github/workflows/proto.yml | 2 +- .github/workflows/release.yml | 12 ++++++------ .github/workflows/rust.yml | 12 ++++++------ .github/workflows/shell.yml | 2 +- .github/workflows/sync-proxy.yml | 4 ++-- 14 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index c8eeecd841aee..9a1492e159903 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -15,12 +15,12 @@ jobs: timeout-minutes: 10 steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: just-dev lint-actions devcontainer-versions: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: just-dev check-action-images diff --git a/.github/workflows/cli-build.yml b/.github/workflows/cli-build.yml index fba3696c8d5e4..4cce8c97ea627 100644 --- a/.github/workflows/cli-build.yml +++ b/.github/workflows/cli-build.yml @@ -17,7 +17,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 20 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 id: build diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 2ac9686a3cd45..0d3a4259375c1 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -16,7 +16,7 @@ jobs: container: image: golang:1.25 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: go install gotest.tools/gotestsum@v0.4.2 - run: gotestsum -- -cover -coverprofile=coverage.out -v -mod=readonly ./... - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 @@ -31,7 +31,7 @@ jobs: container: image: node:20-stretch steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - name: Yarn setup shell: bash run: bin/scurl -o- https://yarnpkg.com/install.sh | bash -s -- --version 1.21.1 --network-concurrency 1 @@ -54,7 +54,7 @@ jobs: image: docker://rust:1.90.0 options: --security-opt seccomp=unconfined steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - shell: bash run: mkdir -p target && cd target && bin/scurl -v https://github.com/xd009642/tarpaulin/releases/download/0.27.3/cargo-tarpaulin-x86_64-unknown-linux-musl.tar.gz | tar zxvf - && chmod 755 cargo-tarpaulin - run: target/cargo-tarpaulin tarpaulin --workspace --out Xml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 47e4482709f49..013e010a3463f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml index 4c8c0178be9e6..1899695f6e83c 100644 --- a/.github/workflows/devcontainer.yml +++ b/.github/workflows/devcontainer.yml @@ -17,7 +17,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - shell: bash run: | # Extract current Rust version from the toolchain file. @@ -40,5 +40,5 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: just-dev pull-dev-image diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 172e6a00ace9e..ce51392a7d96a 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -8,7 +8,7 @@ jobs: meta: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: tj-actions/changed-files@2d752abc95ba0255af33a2b4d5de03df3954cdf2 id: changed with: @@ -31,7 +31,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-go steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just go-lint --verbose --timeout=10m @@ -42,7 +42,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-go steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just go-fmt @@ -53,7 +53,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-go steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just go-fetch - run: just go-test diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index d6fbf6291b997..0bff4a80699f4 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -26,7 +26,7 @@ jobs: meta: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - id: tag run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" - uses: tj-actions/changed-files@2d752abc95ba0255af33a2b4d5de03df3954cdf2 @@ -92,7 +92,7 @@ jobs: - proxy timeout-minutes: 20 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: ./.github/actions/docker-build id: build env: @@ -124,7 +124,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 15 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod @@ -179,7 +179,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: olix0r/cargo-action-fmt/setup@9269f3aa1ff01775d95efc97037e2cbdb41d9684 - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: pattern: image-archives-* @@ -241,7 +241,7 @@ jobs: - web timeout-minutes: 15 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: ./.github/actions/docker-build id: build with: @@ -277,7 +277,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 15 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod @@ -305,7 +305,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 30 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod @@ -344,7 +344,7 @@ jobs: - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml index 4c684aa126dc6..447695d2937e4 100644 --- a/.github/workflows/js.yml +++ b/.github/workflows/js.yml @@ -19,7 +19,7 @@ jobs: env: NODE_ENV: test steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - name: Yarn setup shell: bash run: | diff --git a/.github/workflows/markdown.yml b/.github/workflows/markdown.yml index 1205db3dd935b..ceff8cb589e9c 100644 --- a/.github/workflows/markdown.yml +++ b/.github/workflows/markdown.yml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 5 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: DavidAnson/markdownlint-cli2-action@30a0e04f1870d58f8d717450cc6134995f993c63 with: globs: | diff --git a/.github/workflows/proto.yml b/.github/workflows/proto.yml index 64a9a9abcb946..6fa554c502e84 100644 --- a/.github/workflows/proto.yml +++ b/.github/workflows/proto.yml @@ -18,7 +18,7 @@ jobs: container: ghcr.io/linkerd/dev:v48-go steps: - run: apt update && apt install -y unzip - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: bin/protoc-go.sh - run: git diff --exit-code diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1b8fa9ec93bbb..e8b430eeded20 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: tag: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" id: tag - name: Validate edge version @@ -53,7 +53,7 @@ jobs: - web timeout-minutes: 45 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - name: Set tag run: echo 'TAG=${{ needs.tag.outputs.tag }}' >> "$GITHUB_ENV" - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef @@ -103,7 +103,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod @@ -130,7 +130,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: artifact-ids: ${{ needs.cli.outputs.artifact-id }} @@ -169,7 +169,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge') runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - name: Set install target for stable if: startsWith(github.ref, 'refs/tags/stable') run: echo "INSTALL=install" >> "$GITHUB_ENV" @@ -197,7 +197,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - name: Log into GCP uses: "google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093" with: diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index a459b3bc4ce1c..1133cb42b01fa 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -36,7 +36,7 @@ jobs: # Prevent sudden announcement of a new advisory from failing Ci. continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: cargo deny --all-features check ${{ matrix.checks }} @@ -45,7 +45,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-check-fmt @@ -54,7 +54,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-fetch - run: just rs-clippy @@ -65,7 +65,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-fetch - run: just rs-check-dirs @@ -76,7 +76,7 @@ jobs: timeout-minutes: 15 container: ghcr.io/linkerd/dev:v48-rust steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - run: just rs-fetch - run: just rs-test-build @@ -87,7 +87,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 2 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - shell: bash run: | toolchain_version="$(./bin/rust-toolchain-version)" diff --git a/.github/workflows/shell.yml b/.github/workflows/shell.yml index 96d702c710ff2..993f12dcdd73a 100644 --- a/.github/workflows/shell.yml +++ b/.github/workflows/shell.yml @@ -17,5 +17,5 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: linkerd/dev/actions/setup-tools@v48 - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: just sh-lint diff --git a/.github/workflows/sync-proxy.yml b/.github/workflows/sync-proxy.yml index bb920c6373128..03ebd1588d2fc 100644 --- a/.github/workflows/sync-proxy.yml +++ b/.github/workflows/sync-proxy.yml @@ -64,7 +64,7 @@ jobs: env: VERSION: ${{ needs.meta.outputs.name }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: token: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }} - name: Check if proxy version has changed @@ -98,7 +98,7 @@ jobs: git config --global --add safe.directory "$PWD" # actions/runner#2033 git config --global user.name "$GITHUB_USERNAME" git config --global user.email "$GITHUB_USERNAME"@users.noreply.github.com - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: token: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }} - name: Commit proxy version From 177a60a79fe41f54f78ab7031ee0be891b80a7f3 Mon Sep 17 00:00:00 2001 From: l5d-bot <48604953+l5d-bot@users.noreply.github.com> Date: Thu, 4 Dec 2025 12:20:34 -0800 Subject: [PATCH 095/123] proxy: v2.332.0 (#14775) Release notes: https://github.com/linkerd/linkerd2-proxy/releases/tag/release/v2.332.0 Signed-off-by: l5d-bot Co-authored-by: l5d-bot Co-authored-by: Scott Fleener Signed-off-by: Ivan Porta --- .proxy-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.proxy-version b/.proxy-version index b48b60a15a835..fbab87bb46502 100644 --- a/.proxy-version +++ b/.proxy-version @@ -1 +1 @@ -v2.331.0 +v2.332.0 From ff87cd9b4f3b139172ec88b470c0f4c5ad3a21d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 15:35:34 -0500 Subject: [PATCH 096/123] build(deps): bump tj-actions/changed-files (#14771) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 2d752abc95ba0255af33a2b4d5de03df3954cdf2 to abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/2d752abc95ba0255af33a2b4d5de03df3954cdf2...abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/go.yml | 2 +- .github/workflows/integration.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index ce51392a7d96a..f0d11f42925f7 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -9,7 +9,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - - uses: tj-actions/changed-files@2d752abc95ba0255af33a2b4d5de03df3954cdf2 + - uses: tj-actions/changed-files@abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b id: changed with: files: | diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 0bff4a80699f4..c801f39e990a1 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - id: tag run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" - - uses: tj-actions/changed-files@2d752abc95ba0255af33a2b4d5de03df3954cdf2 + - uses: tj-actions/changed-files@abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b id: core with: files: | From 5299c2c58a8ca5e5518e44340148e744944aa7ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 16:06:54 -0500 Subject: [PATCH 097/123] build(deps): bump Swatinem/rust-cache from 2.8.1 to 2.8.2 (#14760) Bumps [Swatinem/rust-cache](https://github.com/swatinem/rust-cache) from 2.8.1 to 2.8.2. - [Release notes](https://github.com/swatinem/rust-cache/releases) - [Changelog](https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md) - [Commits](https://github.com/swatinem/rust-cache/compare/f13886b937689c021905a6b90929199931d60db1...779680da715d629ac1d338a641029a2f4372abb5) --- updated-dependencies: - dependency-name: Swatinem/rust-cache dependency-version: 2.8.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index c801f39e990a1..3c8ca5259cc5e 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -204,7 +204,7 @@ jobs: tar -xzf nextest.tar.gz mv cargo-nextest ~/.cargo/bin/ chmod +x ~/.cargo/bin/cargo-nextest - - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 + - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 - run: just policy-test-build - run: just k3d-k8s='${{ matrix.k8s }}' k3d-create - run: docker load Date: Fri, 5 Dec 2025 08:47:32 -0500 Subject: [PATCH 098/123] fix(cli): improved support for native sidecar servers in `linkerd authz` (#14780) (Extracted from #14566) The logic behind the `linkerd authz` command wasn't accounting for ports in init containers, so authorization policies pointing to those ports were not reported by the command. Say for example you had a strict auth policy for the `linkerd-admin` port, allowing only access from prometheus. For emojivoto's web workload you could set that up like this: ```yaml apiVersion: policy.linkerd.io/v1beta3 kind: Server metadata: annotations: name: admin namespace: emojivoto spec: accessPolicy: deny podSelector: matchLabels: app: web-svc port: linkerd-admin proxyProtocol: HTTP/1 --- apiVersion: policy.linkerd.io/v1alpha1 kind: MeshTLSAuthentication metadata: namespace: emojivoto name: prometheus spec: identities: - "prometheus.linkerd-viz.serviceaccount.identity.linkerd.cluster.local" --- apiVersion: policy.linkerd.io/v1alpha1 kind: AuthorizationPolicy metadata: namespace: emojivoto name: web-http-sa spec: targetRef: group: policy.linkerd.io kind: Server name: admin requiredAuthenticationRefs: - name: prometheus kind: MeshTLSAuthentication group: policy.linkerd.io ``` Invoking `linkerd authz` would return nothing, but after this change we can see the auth: ``` $ linkerd authz -n emojivoto deploy/web ROUTE SERVER AUTHORIZATION_POLICY SERVER_AUTHORIZATION * admin web-http-sa ``` Signed-off-by: Ivan Porta --- pkg/k8s/policy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/k8s/policy.go b/pkg/k8s/policy.go index aaab050b96b7f..5109cc57c5922 100644 --- a/pkg/k8s/policy.go +++ b/pkg/k8s/policy.go @@ -247,7 +247,7 @@ func serverIncludesPod(server serverv1beta3.Server, pods []corev1.Pod) bool { for _, pod := range pods { if selector.Matches(labels.Set(pod.Labels)) { - for _, container := range pod.Spec.Containers { + for _, container := range append(pod.Spec.InitContainers, pod.Spec.Containers...) { for _, p := range container.Ports { if server.Spec.Port.IntVal == p.ContainerPort || server.Spec.Port.StrVal == p.Name { return true From 89ceb3612594d6220a88ec63abd61fe2fce88a17 Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Fri, 5 Dec 2025 08:47:48 -0500 Subject: [PATCH 099/123] fix(cli): improved support for native sidecar servers in `linkerd check --proxy` (#14779) (Extracted from #14566) The "opaque ports are properly annotated" check had a bug where it only validated regular containers, missing ports in init containers (native sidecars). This meant mismatched annotations between pods and services could go undetected when the port belonged to an init container. When a service had the opaque-ports annotation but the corresponding pod did not, the check would incorrectly pass if the port was defined in an init container instead of a regular container. This commit extends the check to validate ports in both regular containers and init containers, ensuring consistent opaque-ports annotations across pods and services regardless of where the port is defined. Signed-off-by: Ivan Porta --- pkg/healthcheck/healthcheck.go | 4 +-- pkg/healthcheck/healthcheck_test.go | 56 +++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/pkg/healthcheck/healthcheck.go b/pkg/healthcheck/healthcheck.go index 62dbf0fceb4b0..0f25e3158b01e 100644 --- a/pkg/healthcheck/healthcheck.go +++ b/pkg/healthcheck/healthcheck.go @@ -2492,7 +2492,7 @@ func misconfiguredOpaqueAnnotation(service *corev1.Service, pod *corev1.Pod) err func checkPodPorts(service *corev1.Service, pod *corev1.Pod, podPorts []string, port int) error { for _, sp := range service.Spec.Ports { if int(sp.Port) == port { - for _, c := range pod.Spec.Containers { + for _, c := range append(pod.Spec.InitContainers, pod.Spec.Containers...) { for _, cp := range c.Ports { if cp.ContainerPort == sp.TargetPort.IntVal || cp.Name == sp.TargetPort.StrVal { // The pod exposes a container port that would be @@ -2544,7 +2544,7 @@ func checkServiceNamePorts(service *corev1.Service, pod *corev1.Pod, port int, s // port to check. continue } - for _, c := range pod.Spec.Containers { + for _, c := range append(pod.Spec.InitContainers, pod.Spec.Containers...) { for _, cp := range c.Ports { if int(cp.ContainerPort) == port { // This is the containerPort that maps to the opaque port diff --git a/pkg/healthcheck/healthcheck_test.go b/pkg/healthcheck/healthcheck_test.go index 306da1b2a714c..0f3473a1c755d 100644 --- a/pkg/healthcheck/healthcheck_test.go +++ b/pkg/healthcheck/healthcheck_test.go @@ -2973,6 +2973,62 @@ subsets: }, expected: nil, }, + { + resources: []string{` +apiVersion: v1 +kind: Service +metadata: + name: svc + namespace: test-ns + annotations: + config.linkerd.io/opaque-ports: "9200" +spec: + selector: + app: test + ports: + - name: test + port: 9200 + targetPort: 9200 +`, + ` +apiVersion: v1 +kind: Pod +metadata: + name: pod + namespace: test-ns + labels: + app: test +spec: + initContainers: + - name: test + image: test + restartPolicy: Always + ports: + - name: test + containerPort: 9200 +`, + ` +apiVersion: v1 +kind: Endpoints +metadata: + name: svc + namespace: test-ns +subsets: +- addresses: + - ip: 10.244.3.12 + nodeName: nod + targetRef: + kind: Pod + name: pod + namespace: test-ns + ports: + - name: test + port: 9200 + protocol: TCP +`, + }, + expected: fmt.Errorf("\t* service svc expects target port 9200 to be opaque; add it to pod pod config.linkerd.io/opaque-ports annotation"), + }, } for i, tc := range testCases { From 5bd79db95d855dc6f922f9a41381ef1e2b088c29 Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Fri, 5 Dec 2025 08:48:17 -0500 Subject: [PATCH 100/123] fix(injector): improved support for native sidecar servers (#14767) (Extracted from #14566) This improves the injector logic by accounting for ports exposed in native sidecar containers: - when consuming the `config.linkerd.io/opaque-ports` annotations pointing to (named or integer) ports in init containers - when populating the proxy's `LINKERD2_PROXY_INBOUND_PORTS` env var The `webhook_tests.go` have been expanded to test injection to a pod with a memcached native sidecar container (never mind the contrivedness of the example). Signed-off-by: Ivan Porta --- .../fake/data/filter-pod-opaque-ports.yaml | 6 + .../fake/data/filtered-pod-opaque-ports.json | 2 +- .../pod-nativesidecar-inject-enabled.yaml | 28 ++ .../fake/data/pod.nativesidecar.patch.json | 438 ++++++++++++++++++ controller/proxy-injector/webhook_test.go | 22 + pkg/inject/inject.go | 6 +- 6 files changed, 498 insertions(+), 4 deletions(-) create mode 100644 controller/proxy-injector/fake/data/pod-nativesidecar-inject-enabled.yaml create mode 100644 controller/proxy-injector/fake/data/pod.nativesidecar.patch.json diff --git a/controller/proxy-injector/fake/data/filter-pod-opaque-ports.yaml b/controller/proxy-injector/fake/data/filter-pod-opaque-ports.yaml index 75733f2332f48..3b26903797a68 100644 --- a/controller/proxy-injector/fake/data/filter-pod-opaque-ports.yaml +++ b/controller/proxy-injector/fake/data/filter-pod-opaque-ports.yaml @@ -5,6 +5,12 @@ metadata: labels: app: test spec: + initContainers: + - name: memcached + image: memcached + restartPolicy: Always + ports: + - containerPort: 11211 containers: - name: foo image: mysql diff --git a/controller/proxy-injector/fake/data/filtered-pod-opaque-ports.json b/controller/proxy-injector/fake/data/filtered-pod-opaque-ports.json index cd0455f7694f4..a730d5b97e9f0 100644 --- a/controller/proxy-injector/fake/data/filtered-pod-opaque-ports.json +++ b/controller/proxy-injector/fake/data/filtered-pod-opaque-ports.json @@ -7,6 +7,6 @@ { "op": "add", "path": "/metadata/annotations/config.linkerd.io~1opaque-ports", - "value": "3306" + "value": "11211,3306" } ] diff --git a/controller/proxy-injector/fake/data/pod-nativesidecar-inject-enabled.yaml b/controller/proxy-injector/fake/data/pod-nativesidecar-inject-enabled.yaml new file mode 100644 index 0000000000000..42c92665f2e20 --- /dev/null +++ b/controller/proxy-injector/fake/data/pod-nativesidecar-inject-enabled.yaml @@ -0,0 +1,28 @@ +kind: Pod +apiVersion: apps/v1 +metadata: + name: nginx + namespace: kube-public + annotations: + linkerd.io/inject: enabled + config.linkerd.io/opaque-ports: memcached + labels: + app: nginx +spec: + initContainers: + - name: memcached + image: memcached + restartPolicy: Always + ports: + - containerPort: 11211 + name: memcached + containers: + - name: nginx + image: nginx + ports: + - name: http + containerPort: 80 + readinessProbe: + httpGet: + path: /metrics + port: 9090 diff --git a/controller/proxy-injector/fake/data/pod.nativesidecar.patch.json b/controller/proxy-injector/fake/data/pod.nativesidecar.patch.json new file mode 100644 index 0000000000000..c23ea762121bf --- /dev/null +++ b/controller/proxy-injector/fake/data/pod.nativesidecar.patch.json @@ -0,0 +1,438 @@ +[ + { + "op": "add", + "path": "/metadata/annotations/linkerd.io~1proxy-version", + "value": "dev-undefined" + }, + { + "op": "add", + "path": "/metadata/annotations/linkerd.io~1trust-root-sha256", + "value": "5090806bcf2daff5d54739ba02a8e7b919f7e62b2a46757e11089c916ec97fc2" + }, + { + "op": "add", + "path": "/metadata/labels/linkerd.io~1control-plane-ns", + "value": "linkerd" + }, + { + "op": "add", + "path": "/metadata/labels/linkerd.io~1proxy-deployment", + "value": "owner-deployment" + }, + { + "op": "add", + "path": "/metadata/labels/linkerd.io~1workload-ns", + "value": "kube-public" + }, + { + "op": "add", + "path": "/spec/volumes", + "value": [] + }, + { + "op": "add", + "path": "/spec/volumes/-", + "value": { + "emptyDir": {}, + "name": "linkerd-proxy-init-xtables-lock" + } + }, + { + "op": "add", + "path": "/spec/initContainers/-", + "value": + { + "args": [ + "--firewall-bin-path", + "iptables-nft", + "--firewall-save-bin-path", + "iptables-nft-save", + "--ipv6=false", + "--incoming-proxy-port", + "4143", + "--outgoing-proxy-port", + "4140", + "--proxy-uid", + "2102", + "--inbound-ports-to-ignore", + "4190,4191,4567,4568", + "--outbound-ports-to-ignore", + "4567,4568" + ], + "command": [ + "/usr/lib/linkerd/linkerd2-proxy-init" + ], + "image": "cr.l5d.io/linkerd/proxy:dev-undefined", + "imagePullPolicy": "IfNotPresent", + "name": "linkerd-init", + "resources": null, + "securityContext": { + "allowPrivilegeEscalation": false, + "capabilities": { + "add": [ + "NET_ADMIN", + "NET_RAW" + ] + }, + "privileged": false, + "readOnlyRootFilesystem": true, + "runAsGroup": 65534, + "runAsNonRoot": true, + "runAsUser": 65534, + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "terminationMessagePolicy": "FallbackToLogsOnError", + "volumeMounts": [ + { + "mountPath": "/run", + "name": "linkerd-proxy-init-xtables-lock" + } + ] + } + }, + { + "op": "add", + "path": "/spec/volumes/-", + "value": { + "name": "linkerd-identity-end-entity", + "emptyDir": { + "medium": "Memory" + } + } + }, + { + "op": "add", + "path": "/spec/volumes/-", + "value": + { + "name": "linkerd-identity-token", + "projected": { + "sources": [ + { + "serviceAccountToken": { + "audience": "identity.l5d.io", + "expirationSeconds": 86400, + "path": "linkerd-identity-token" + } + } + ] + } + } + }, + { + "op": "add", + "path": "/spec/containers/0", + "value": + { + "env": [ + { + "name": "_pod_name", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.name" + } + } + }, + { + "name": "_pod_ns", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "_pod_uid", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.uid" + } + } + }, + { + "name": "_pod_ip", + "valueFrom": { + "fieldRef": { + "fieldPath": "status.podIP" + } + } + }, + { + "name": "_pod_nodeName", + "valueFrom": { + "fieldRef": { + "fieldPath": "spec.nodeName" + } + } + }, + { + "name": "_pod_containerName", + "value": "linkerd-proxy" + }, + { + "name": "LINKERD2_PROXY_CORES", + "value": "1" + }, + { + "name": "LINKERD2_PROXY_CORES_MIN", + "value": "1" + }, + { + "name": "LINKERD2_PROXY_SHUTDOWN_ENDPOINT_ENABLED", + "value": "false" + }, + { + "name": "LINKERD2_PROXY_LOG", + "value": "warn,linkerd=info,hickory=error,[{headers}]=off,[{request}]=off" + }, + { + "name": "LINKERD2_PROXY_LOG_FORMAT", + "value": "plain" + }, + { + "name": "LINKERD2_PROXY_DESTINATION_SVC_ADDR", + "value": "linkerd-dst-headless.linkerd.svc.cluster.local.:8086" + }, + { + "name": "LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS", + "value": "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8" + }, + { + "name": "LINKERD2_PROXY_POLICY_SVC_ADDR", + "value": "linkerd-policy.linkerd.svc.cluster.local.:8090" + }, + { + "name": "LINKERD2_PROXY_POLICY_WORKLOAD", + "value": "{\"ns\":\"$(_pod_ns)\", \"pod\":\"$(_pod_name)\"}\n" + }, + { + "name": "LINKERD2_PROXY_INBOUND_DEFAULT_POLICY", + "value": "all-unauthenticated" + }, + { + "name": "LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS", + "value": "10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8" + }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT", + "value": "3s" + }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT", + "value": "5m" + }, + { + "name": "LINKERD2_PROXY_CONTROL_STREAM_LIFETIME", + "value": "1h" + }, + { + "name": "LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT", + "value": "100ms" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT", + "value": "1000ms" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT", + "value": "5s" + }, + { + "name": "LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT", + "value": "90s" + }, + { + "name": "LINKERD2_PROXY_CONTROL_LISTEN_ADDR", + "value": "0.0.0.0:4190" + }, + { + "name": "LINKERD2_PROXY_ADMIN_LISTEN_ADDR", + "value": "0.0.0.0:4191" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR", + "value": "127.0.0.1:4140" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS", + "value": "127.0.0.1:4140" + }, + { + "name": "LINKERD2_PROXY_INBOUND_LISTEN_ADDR", + "value": "0.0.0.0:4143" + }, + { + "name": "LINKERD2_PROXY_INBOUND_IPS", + "valueFrom": { + "fieldRef": { + "fieldPath": "status.podIPs" + } + } + }, + { + "name": "LINKERD2_PROXY_INBOUND_PORTS", + "value": "11211,80,9090" + }, + { + "name": "LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES", + "value": "svc.cluster.local." + }, + { + "name": "LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE", + "value": "10000ms" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE", + "value": "10000ms" + }, + { + "name": "LINKERD2_PROXY_INBOUND_ACCEPT_USER_TIMEOUT", + "value": "30s" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_CONNECT_USER_TIMEOUT", + "value": "30s" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_METRICS_HOSTNAME_LABELS", + "value": "false" + }, + { + "name": "LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL", + "value": "10s" + }, + { + "name": "LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT", + "value": "3s" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL", + "value": "10s" + }, + { + "name": "LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT", + "value": "3s" + }, + { + "name": "LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION", + "value": "11211" + }, + { + "name": "LINKERD2_PROXY_DESTINATION_CONTEXT", + "value": "{\"ns\":\"$(_pod_ns)\", \"nodeName\":\"$(_pod_nodeName)\", \"pod\":\"$(_pod_name)\"}\n" + }, + { + "name": "_pod_sa", + "valueFrom": { + "fieldRef": { + "fieldPath": "spec.serviceAccountName" + } + } + }, + { + "name": "_l5d_ns", + "value": "linkerd" + }, + { + "name": "_l5d_trustdomain", + "value": "cluster.local" + }, + { + "name": "LINKERD2_PROXY_IDENTITY_DIR", + "value": "/var/run/linkerd/identity/end-entity" + }, + { + "name": "LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS", + "value": "IdentityTrustAnchorsPEM\n" + }, + { + "name": "LINKERD2_PROXY_IDENTITY_TOKEN_FILE", + "value": "/var/run/secrets/tokens/linkerd-identity-token" + }, + { + "name": "LINKERD2_PROXY_IDENTITY_SVC_ADDR", + "value": "linkerd-identity-headless.linkerd.svc.cluster.local.:8080" + }, + { + "name": "LINKERD2_PROXY_IDENTITY_LOCAL_NAME", + "value": "$(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local" + }, + { + "name": "LINKERD2_PROXY_IDENTITY_SVC_NAME", + "value": "linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local" + }, + { + "name": "LINKERD2_PROXY_DESTINATION_SVC_NAME", + "value": "linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local" + }, + { + "name": "LINKERD2_PROXY_POLICY_SVC_NAME", + "value": "linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local" + } + ], + "image": "cr.l5d.io/linkerd/proxy:dev-undefined", + "imagePullPolicy": "IfNotPresent", + "lifecycle": { + "postStart": { + "exec": { + "command": [ + "/usr/lib/linkerd/linkerd-await", + "--timeout=2m", + "--port=4191" + ] + } + } + }, + "livenessProbe": { + "httpGet": { + "path": "/live", + "port": 4191 + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 1 + }, + "name": "linkerd-proxy", + "ports": [ + { + "containerPort": 4143, + "name": "linkerd-proxy" + }, + { + "containerPort": 4191, + "name": "linkerd-admin" + } + ], + "readinessProbe": { + "httpGet": { + "path": "/ready", + "port": 4191 + }, + "initialDelaySeconds": 2, + "timeoutSeconds": 1 + }, + "resources": null, + "securityContext": { + "allowPrivilegeEscalation": false, + "readOnlyRootFilesystem": true, + "runAsNonRoot": true, + "runAsUser": 2102, + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "terminationMessagePolicy": "FallbackToLogsOnError", + "volumeMounts": [ + { + "mountPath": "/var/run/linkerd/identity/end-entity", + "name": "linkerd-identity-end-entity" + }, + { + "mountPath": "/var/run/secrets/tokens", + "name": "linkerd-identity-token" + } + ] + } + } +] diff --git a/controller/proxy-injector/webhook_test.go b/controller/proxy-injector/webhook_test.go index 48dcbc43c7c14..11d574f5dfbf6 100644 --- a/controller/proxy-injector/webhook_test.go +++ b/controller/proxy-injector/webhook_test.go @@ -263,6 +263,28 @@ func TestGetPodPatch(t *testing.T) { t.Errorf("Expected empty patch") } }) + + t.Run("by injecting pod already having a native sidecar container", func(t *testing.T) { + pod := fileContents(factory, t, "pod-nativesidecar-inject-enabled.yaml") + fakeReq := getFakePodReq(pod) + fullConf := confNsDisabled(). + WithKind(fakeReq.Kind.Kind). + WithOwnerRetriever(ownerRetrieverFake) + _, err = fullConf.ParseMetaAndYAML(fakeReq.Object.Raw) + if err != nil { + t.Fatal(err) + } + + patchJSON, err := fullConf.GetPodPatch(true, inject.GetOverriddenValues) + if err != nil { + t.Fatalf("Unexpected PatchForAdmissionRequest error: %s", err) + } + actualPatch := unmarshalPatch(t, patchJSON) + _, expectedPatch := loadPatch(factory, t, "pod.nativesidecar.patch.json") + if diff := deep.Equal(expectedPatch, actualPatch); diff != nil { + t.Fatalf("The actual patch didn't match what was expected.\n%+v", diff) + } + }) } func TestGetAnnotationPatch(t *testing.T) { diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index ab163099a5c26..ff7acfa729290 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -197,7 +197,7 @@ func GetOverriddenValues(rc *ResourceConfig) (*l5dcharts.Values, error) { namedPorts := make(map[string]int32) if rc.HasPodTemplate() { - namedPorts = util.GetNamedPorts(rc.pod.spec.Containers) + namedPorts = util.GetNamedPorts(append(rc.pod.spec.InitContainers, rc.pod.spec.Containers...)) } ApplyAnnotationOverrides(copyValues, rc.GetAnnotationOverrides(), rc.GetLabelOverrides(), namedPorts) @@ -854,7 +854,7 @@ func (conf *ResourceConfig) CreateOpaquePortsPatch() ([]byte, error) { // are also in the given default opaque ports list. func (conf *ResourceConfig) FilterPodOpaquePorts(defaultPorts []string) []string { var filteredPorts []string - for _, c := range conf.pod.spec.Containers { + for _, c := range append(conf.pod.spec.InitContainers, conf.pod.spec.Containers...) { for _, p := range c.Ports { port := strconv.Itoa(int(p.ContainerPort)) if util.ContainsString(port, defaultPorts) { @@ -1366,7 +1366,7 @@ func ToWholeCPUCores(q k8sResource.Quantity) (int64, error) { func getPodInboundPorts(podSpec *corev1.PodSpec) string { ports := make(map[int32]struct{}) if podSpec != nil { - for _, container := range podSpec.Containers { + for _, container := range append(podSpec.InitContainers, podSpec.Containers...) { for _, port := range container.Ports { ports[port.ContainerPort] = struct{}{} } From 4ebf6fc3f6158e879eb3802c5df00153d7c09737 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Dec 2025 10:58:16 -0500 Subject: [PATCH 101/123] build(deps): bump syn from 2.0.110 to 2.0.111 (#14783) Bumps [syn](https://github.com/dtolnay/syn) from 2.0.110 to 2.0.111. - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](https://github.com/dtolnay/syn/compare/2.0.110...2.0.111) --- updated-dependencies: - dependency-name: syn dependency-version: 2.0.111 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 23d99b0537e5d..74b4e1e34ea39 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2380,9 +2380,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.110" +version = "2.0.111" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a99801b5bd34ede4cf3fc688c5919368fea4e4814a4664359503e6015b280aea" +checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87" dependencies = [ "proc-macro2", "quote", From 035780aa7565a89f96201654432bbb0ad4f47fc8 Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Mon, 8 Dec 2025 09:12:02 -0500 Subject: [PATCH 102/123] fix(destination): properly discover hostports in native sidecars (#14786) Those types of ports were getting ignored in `getProfile` responses. A new test case was added that clarifies an example, that wouldn't pass before this fix. (Extracted from #14566) Signed-off-by: Ivan Porta --- controller/api/destination/watcher/k8s.go | 2 +- .../watcher/workload_watcher_test.go | 22 ++++++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/controller/api/destination/watcher/k8s.go b/controller/api/destination/watcher/k8s.go index e802ef079cc3d..ecb14f2d00b1f 100644 --- a/controller/api/destination/watcher/k8s.go +++ b/controller/api/destination/watcher/k8s.go @@ -145,7 +145,7 @@ func InitializeIndexers(k8sAPI *k8s.API) error { // each of its containers' ports that exposes a host port, add // that hostIP:hostPort endpoint to the indexer. addrs := []string{} - for _, c := range pod.Spec.Containers { + for _, c := range append(pod.Spec.InitContainers, pod.Spec.Containers...) { for _, p := range c.Ports { if p.HostPort == 0 { continue diff --git a/controller/api/destination/watcher/workload_watcher_test.go b/controller/api/destination/watcher/workload_watcher_test.go index ed40110442954..945638585b085 100644 --- a/controller/api/destination/watcher/workload_watcher_test.go +++ b/controller/api/destination/watcher/workload_watcher_test.go @@ -11,6 +11,7 @@ import ( func TestIpWatcherGetPod(t *testing.T) { podIP := "10.255.0.1" hostIP := "172.0.0.1" + var hostPort0 uint32 = 22344 var hostPort1 uint32 = 22345 var hostPort2 uint32 = 22346 expectedPodName := "hostPortPod1" @@ -21,9 +22,16 @@ metadata: name: hostPortPod1 namespace: ns spec: + initContainers: + - image: test + name: hostPortInitContainer + ports: + - containerPort: 12344 + hostPort: 22344 containers: - image: test name: hostPortContainer1 + restartPolicy: Always ports: - containerPort: 12345 hostIP: 172.0.0.1 @@ -67,8 +75,20 @@ status: }), } + // Get host IP pod that is mapped to the port `hostPort0` (in an init container) + pod, err := ww.getPodByHostIP(hostIP, hostPort0) + if err != nil { + t.Fatalf("failed to get pod: %s", err) + } + if pod == nil { + t.Fatalf("failed to find pod mapped to %s:%d", hostIP, hostPort1) + } + if pod.Name != expectedPodName { + t.Fatalf("expected pod name to be %s, but got %s", expectedPodName, pod.Name) + } + // Get host IP pod that is mapped to the port `hostPort1` - pod, err := ww.getPodByHostIP(hostIP, hostPort1) + pod, err = ww.getPodByHostIP(hostIP, hostPort1) if err != nil { t.Fatalf("failed to get pod: %s", err) } From 2390cdb037d5b3391be8b9fd36419f6d5ec328a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Dec 2025 12:14:41 -0500 Subject: [PATCH 103/123] build(deps): bump golang.org/x/tools from 0.39.0 to 0.40.0 (#14790) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.39.0 to 0.40.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.39.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 18 +++++++++--------- go.sum | 36 ++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index ea20b9aecb78d..d02148c11b259 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 go.opencensus.io v0.24.0 - golang.org/x/tools v0.39.0 + golang.org/x/tools v0.40.0 google.golang.org/grpc v1.77.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.0 google.golang.org/protobuf v1.36.10 @@ -56,7 +56,7 @@ require ( require ( github.com/golang-jwt/jwt/v5 v5.3.0 // indirect - golang.org/x/net v0.47.0 // indirect + golang.org/x/net v0.48.0 // indirect ) require ( @@ -142,14 +142,14 @@ require ( go.opentelemetry.io/otel/trace v1.38.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.45.0 // indirect - golang.org/x/mod v0.30.0 // indirect + golang.org/x/crypto v0.46.0 // indirect + golang.org/x/mod v0.31.0 // indirect golang.org/x/oauth2 v0.32.0 // indirect - golang.org/x/sync v0.18.0 // indirect - golang.org/x/sys v0.38.0 // indirect - golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect - golang.org/x/term v0.37.0 // indirect - golang.org/x/text v0.31.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc // indirect + golang.org/x/term v0.38.0 // indirect + golang.org/x/text v0.32.0 // indirect golang.org/x/time v0.12.0 // indirect golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect golang.org/x/tools/godoc v0.1.0-deprecated // indirect diff --git a/go.sum b/go.sum index 307e5727960d8..5740229466085 100644 --- a/go.sum +++ b/go.sum @@ -473,8 +473,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= -golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -505,8 +505,8 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= -golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= +golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= +golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -528,8 +528,8 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= -golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -545,8 +545,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= -golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -572,19 +572,19 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= -golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo= -golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ= -golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= -golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc h1:bH6xUXay0AIFMElXG2rQ4uiE+7ncwtiOdPfYK1NK2XA= +golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ= +golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= +golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= -golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -622,8 +622,8 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= -golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= +golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= +golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY= golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= From 763801446fc121f070498dde9e0e82b14385eca1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Dec 2025 12:15:01 -0500 Subject: [PATCH 104/123] build(deps): bump github.com/go-openapi/spec from 0.22.1 to 0.22.2 (#14789) Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.22.1 to 0.22.2. - [Release notes](https://github.com/go-openapi/spec/releases) - [Commits](https://github.com/go-openapi/spec/compare/v0.22.1...v0.22.2) --- updated-dependencies: - dependency-name: github.com/go-openapi/spec dependency-version: 0.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 20 ++++++++++---------- go.sum | 50 ++++++++++++++++++++++++++------------------------ 2 files changed, 36 insertions(+), 34 deletions(-) diff --git a/go.mod b/go.mod index d02148c11b259..c20d47ae5d7e5 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/evanphx/json-patch v5.9.11+incompatible github.com/fatih/color v1.18.0 github.com/fsnotify/fsnotify v1.9.0 - github.com/go-openapi/spec v0.22.1 + github.com/go-openapi/spec v0.22.2 github.com/go-test/deep v1.1.1 github.com/golang/protobuf v1.5.4 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 @@ -84,16 +84,16 @@ require ( github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-logr/logr v1.4.3 // indirect - github.com/go-openapi/jsonpointer v0.22.1 // indirect - github.com/go-openapi/jsonreference v0.21.3 // indirect + github.com/go-openapi/jsonpointer v0.22.4 // indirect + github.com/go-openapi/jsonreference v0.21.4 // indirect github.com/go-openapi/swag v0.23.0 // indirect - github.com/go-openapi/swag/conv v0.25.1 // indirect - github.com/go-openapi/swag/jsonname v0.25.1 // indirect - github.com/go-openapi/swag/jsonutils v0.25.1 // indirect - github.com/go-openapi/swag/loading v0.25.1 // indirect - github.com/go-openapi/swag/stringutils v0.25.1 // indirect - github.com/go-openapi/swag/typeutils v0.25.1 // indirect - github.com/go-openapi/swag/yamlutils v0.25.1 // indirect + github.com/go-openapi/swag/conv v0.25.4 // indirect + github.com/go-openapi/swag/jsonname v0.25.4 // indirect + github.com/go-openapi/swag/jsonutils v0.25.4 // indirect + github.com/go-openapi/swag/loading v0.25.4 // indirect + github.com/go-openapi/swag/stringutils v0.25.4 // indirect + github.com/go-openapi/swag/typeutils v0.25.4 // indirect + github.com/go-openapi/swag/yamlutils v0.25.4 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect diff --git a/go.sum b/go.sum index 5740229466085..4b95f89ed8deb 100644 --- a/go.sum +++ b/go.sum @@ -140,30 +140,32 @@ github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk= -github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM= -github.com/go-openapi/jsonreference v0.21.3 h1:96Dn+MRPa0nYAR8DR1E03SblB5FJvh7W6krPI0Z7qMc= -github.com/go-openapi/jsonreference v0.21.3/go.mod h1:RqkUP0MrLf37HqxZxrIAtTWW4ZJIK1VzduhXYBEeGc4= -github.com/go-openapi/spec v0.22.1 h1:beZMa5AVQzRspNjvhe5aG1/XyBSMeX1eEOs7dMoXh/k= -github.com/go-openapi/spec v0.22.1/go.mod h1:c7aeIQT175dVowfp7FeCvXXnjN/MrpaONStibD2WtDA= +github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4= +github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80= +github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8= +github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4= +github.com/go-openapi/spec v0.22.2 h1:KEU4Fb+Lp1qg0V4MxrSCPv403ZjBl8Lx1a83gIPU8Qc= +github.com/go-openapi/spec v0.22.2/go.mod h1:iIImLODL2loCh3Vnox8TY2YWYJZjMAKYyLH2Mu8lOZs= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= -github.com/go-openapi/swag/conv v0.25.1 h1:+9o8YUg6QuqqBM5X6rYL/p1dpWeZRhoIt9x7CCP+he0= -github.com/go-openapi/swag/conv v0.25.1/go.mod h1:Z1mFEGPfyIKPu0806khI3zF+/EUXde+fdeksUl2NiDs= -github.com/go-openapi/swag/jsonname v0.25.1 h1:Sgx+qbwa4ej6AomWC6pEfXrA6uP2RkaNjA9BR8a1RJU= -github.com/go-openapi/swag/jsonname v0.25.1/go.mod h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo= -github.com/go-openapi/swag/jsonutils v0.25.1 h1:AihLHaD0brrkJoMqEZOBNzTLnk81Kg9cWr+SPtxtgl8= -github.com/go-openapi/swag/jsonutils v0.25.1/go.mod h1:JpEkAjxQXpiaHmRO04N1zE4qbUEg3b7Udll7AMGTNOo= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1 h1:DSQGcdB6G0N9c/KhtpYc71PzzGEIc/fZ1no35x4/XBY= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1/go.mod h1:kjmweouyPwRUEYMSrbAidoLMGeJ5p6zdHi9BgZiqmsg= -github.com/go-openapi/swag/loading v0.25.1 h1:6OruqzjWoJyanZOim58iG2vj934TysYVptyaoXS24kw= -github.com/go-openapi/swag/loading v0.25.1/go.mod h1:xoIe2EG32NOYYbqxvXgPzne989bWvSNoWoyQVWEZicc= -github.com/go-openapi/swag/stringutils v0.25.1 h1:Xasqgjvk30eUe8VKdmyzKtjkVjeiXx1Iz0zDfMNpPbw= -github.com/go-openapi/swag/stringutils v0.25.1/go.mod h1:JLdSAq5169HaiDUbTvArA2yQxmgn4D6h4A+4HqVvAYg= -github.com/go-openapi/swag/typeutils v0.25.1 h1:rD/9HsEQieewNt6/k+JBwkxuAHktFtH3I3ysiFZqukA= -github.com/go-openapi/swag/typeutils v0.25.1/go.mod h1:9McMC/oCdS4BKwk2shEB7x17P6HmMmA6dQRtAkSnNb8= -github.com/go-openapi/swag/yamlutils v0.25.1 h1:mry5ez8joJwzvMbaTGLhw8pXUnhDK91oSJLDPF1bmGk= -github.com/go-openapi/swag/yamlutils v0.25.1/go.mod h1:cm9ywbzncy3y6uPm/97ysW8+wZ09qsks+9RS8fLWKqg= +github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4= +github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU= +github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= +github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= +github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA= +github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM= +github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s= +github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE= +github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8= +github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0= +github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw= +github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE= +github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw= +github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc= +github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4= +github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg= github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= @@ -366,8 +368,8 @@ github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0 github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= -github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= From 0409bb2fe5e1c57e387f0c5958b7a7bf0913463d Mon Sep 17 00:00:00 2001 From: l5d-bot <48604953+l5d-bot@users.noreply.github.com> Date: Wed, 10 Dec 2025 05:30:04 -0800 Subject: [PATCH 105/123] proxy: v2.333.0 (#14793) Release notes: https://github.com/linkerd/linkerd2-proxy/releases/tag/release/v2.333.0 Signed-off-by: l5d-bot Co-authored-by: l5d-bot Signed-off-by: Ivan Porta --- .proxy-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.proxy-version b/.proxy-version index fbab87bb46502..09538bbc36879 100644 --- a/.proxy-version +++ b/.proxy-version @@ -1 +1 @@ -v2.332.0 +v2.333.0 From 864765a981638b694f776434299ae290fce701cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Dec 2025 12:12:24 -0500 Subject: [PATCH 106/123] build(deps): bump DavidAnson/markdownlint-cli2-action from 21.0.0 to 22.0.0 (#14794) * build(deps): bump DavidAnson/markdownlint-cli2-action Bumps [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) from 21.0.0 to 22.0.0. - [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases) - [Commits](https://github.com/davidanson/markdownlint-cli2-action/compare/30a0e04f1870d58f8d717450cc6134995f993c63...07035fd053f7be764496c0f8d8f9f41f98305101) --- updated-dependencies: - dependency-name: DavidAnson/markdownlint-cli2-action dependency-version: 22.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * chore: wrap long lines Signed-off-by: katelyn martin --------- Signed-off-by: dependabot[bot] Signed-off-by: katelyn martin Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: katelyn martin Signed-off-by: Ivan Porta --- .github/workflows/markdown.yml | 2 +- CHANGES.md | 9 +++++---- TEST.md | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/markdown.yml b/.github/workflows/markdown.yml index ceff8cb589e9c..bcdcc9a4e9595 100644 --- a/.github/workflows/markdown.yml +++ b/.github/workflows/markdown.yml @@ -15,7 +15,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - - uses: DavidAnson/markdownlint-cli2-action@30a0e04f1870d58f8d717450cc6134995f993c63 + - uses: DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101 with: globs: | **/*.md diff --git a/CHANGES.md b/CHANGES.md index 101056760ead4..b8e5b51fb857d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -2441,7 +2441,8 @@ Projections, used to set up the pods' identities. These tokens are bounded specifically for this use case and are rotated daily, replacing the usage of the default tokens injected by Kubernetes which are overly permissive. -Note that this edge release updates the minimum supported kubernetes version to 1.20. +Note that this edge release updates the minimum supported kubernetes version to +1.20. * Updated the minimum supported kubernetes version to 1.20 * Use Service Account Token Volume Projections to set up the pods' identities; @@ -2787,9 +2788,9 @@ to work. ## edge-21.8.3 This release adds support for dynamic inbound policies. The proxy now discovers -policies from the policy-controller API for all application ports documented in a -pod spec. Rejected connections are logged. Policies are not yet reflected in the -proxy's metrics. +policies from the policy-controller API for all application ports documented in +a pod spec. Rejected connections are logged. Policies are not yet reflected in +the proxy's metrics. These policies also allow the proxy to skip protocol detection when a server is explicitly annotated as HTTP/2 or when the server is documented to be opaque or diff --git a/TEST.md b/TEST.md index e69b340e6bc95..417acf4bf218f 100644 --- a/TEST.md +++ b/TEST.md @@ -192,8 +192,8 @@ bin/tests $PWD/bin/linkerd ``` **Note**: As stated above, if running tests in an existing KinD cluster by -passing `--skip-cluster-create`, `bin/kind-load` must be run so that the images are -available to the cluster +passing `--skip-cluster-create`, `bin/kind-load` must be run so that the images +are available to the cluster #### Special tests: cluster-domain, cni-calico-deep and multicluster From 161b7daf63061c39453ca142d8f6d81732032277 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Dec 2025 12:13:21 -0500 Subject: [PATCH 107/123] build(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 (#14795) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.1 to 5.5.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/5a1091511ad55cbe89839c7260b706298ca349f7...671740ac38dd9b0130fbe1cec585b89eea48d3de) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.5.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/codecov.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 0d3a4259375c1..c0453aeca38cb 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - run: go install gotest.tools/gotestsum@v0.4.2 - run: gotestsum -- -cover -coverprofile=coverage.out -v -mod=readonly ./... - - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 + - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de with: files: ./coverage.out flags: unittests,golang @@ -41,7 +41,7 @@ jobs: export NODE_ENV=test bin/web --frozen-lockfile bin/web test --reporters="jest-progress-bar-reporter" --reporters="./gh_ann_reporter.js" --coverage - - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 + - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de with: directory: ./web/app/coverage flags: unittests,javascript @@ -58,6 +58,6 @@ jobs: - shell: bash run: mkdir -p target && cd target && bin/scurl -v https://github.com/xd009642/tarpaulin/releases/download/0.27.3/cargo-tarpaulin-x86_64-unknown-linux-musl.tar.gz | tar zxvf - && chmod 755 cargo-tarpaulin - run: target/cargo-tarpaulin tarpaulin --workspace --out Xml - - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 + - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de with: flags: unittests,rust From efa0c0e854e4e796b20816d2f8540187a20dc4e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 14:19:46 -0800 Subject: [PATCH 108/123] build(deps): bump actions/download-artifact (#14809) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...37930b1c2abaa49bbe596cd826c3c89aef350131) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/actions/cli-setup/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/cli-setup/action.yaml b/.github/actions/cli-setup/action.yaml index 6085bf78f4309..014079b5e188c 100644 --- a/.github/actions/cli-setup/action.yaml +++ b/.github/actions/cli-setup/action.yaml @@ -13,7 +13,7 @@ inputs: runs: using: composite steps: - - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: artifact-ids: ${{ inputs.artifact-id }} path: ${{ runner.temp }}/cli From 43b59e4ef57507e420b8b8a371fb9ff96bd596f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 14:20:04 -0800 Subject: [PATCH 109/123] build(deps): bump dessant/lock-threads from 5.0.1 to 6.0.0 (#14808) Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 5.0.1 to 6.0.0. - [Release notes](https://github.com/dessant/lock-threads/releases) - [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md) - [Commits](https://github.com/dessant/lock-threads/compare/1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771...7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7) --- updated-dependencies: - dependency-name: dessant/lock-threads dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/lock.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index fb866a1baf5cc..f5e72d3093357 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -11,7 +11,7 @@ jobs: action: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 + - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 with: issue-inactive-days: "30" process-only: "issues" From 91618ff20589ce4d1d8760864b9f066131091f58 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 14:20:32 -0800 Subject: [PATCH 110/123] build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 (#14805) Bumps google.golang.org/protobuf from 1.36.10 to 1.36.11. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c20d47ae5d7e5..63f3e06d97af6 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( golang.org/x/tools v0.40.0 google.golang.org/grpc v1.77.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.0 - google.golang.org/protobuf v1.36.10 + google.golang.org/protobuf v1.36.11 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.19.2 k8s.io/api v0.34.2 diff --git a/go.sum b/go.sum index 4b95f89ed8deb..cf02659f4b6ea 100644 --- a/go.sum +++ b/go.sum @@ -706,8 +706,8 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 370e89b7bb9b695591385bc67d20fb39971afbdc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 14:49:25 -0800 Subject: [PATCH 111/123] build(deps): bump tokio-metrics from 0.4.5 to 0.4.6 (#14784) Bumps [tokio-metrics](https://github.com/tokio-rs/tokio-metrics) from 0.4.5 to 0.4.6. - [Release notes](https://github.com/tokio-rs/tokio-metrics/releases) - [Changelog](https://github.com/tokio-rs/tokio-metrics/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/tokio-metrics/commits) --- updated-dependencies: - dependency-name: tokio-metrics dependency-version: 0.4.6 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 74b4e1e34ea39..a7fda42d899f9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -555,7 +555,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.0", + "windows-sys 0.52.0", ] [[package]] @@ -2474,9 +2474,9 @@ dependencies = [ [[package]] name = "tokio-metrics" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a01bbf7db0b3f5eee8930a119fe99bfa1438de1095fe3d26b25e652a5933ef3f" +checksum = "a34e87dd30650518a4e041bca77c931f3f5a19621eecdcd794f5c1813bca9e98" dependencies = [ "futures-util", "pin-project-lite", From e8c4399616eacaee7c4e37834bd85e6cbfcf09a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 14:49:42 -0800 Subject: [PATCH 112/123] build(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 (#14807) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...37930b1c2abaa49bbe596cd826c3c89aef350131) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/integration.yml | 10 +++++----- .github/workflows/release.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 3c8ca5259cc5e..d4cbb74c14807 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -128,7 +128,7 @@ jobs: - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod - - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: pattern: image-archives-* path: image-archives @@ -180,7 +180,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: olix0r/cargo-action-fmt/setup@9269f3aa1ff01775d95efc97037e2cbdb41d9684 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: pattern: image-archives-* path: image-archives @@ -281,7 +281,7 @@ jobs: - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod - - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: pattern: image-archives-* path: image-archives @@ -309,7 +309,7 @@ jobs: - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod - - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: pattern: image-archives-* path: image-archives @@ -348,7 +348,7 @@ jobs: - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version-file: go.mod - - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: pattern: image-archives-* path: image-archives diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8b430eeded20..98bde1241b844 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -131,7 +131,7 @@ jobs: contents: write steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: artifact-ids: ${{ needs.cli.outputs.artifact-id }} path: cli From 7ba3ac3ec7087b44780c8511c857c0f6bb120717 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 14:50:07 -0800 Subject: [PATCH 113/123] build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#14806) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/cli-build.yml | 2 +- .github/workflows/integration.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cli-build.yml b/.github/workflows/cli-build.yml index 4cce8c97ea627..5ce4dcdd5da2f 100644 --- a/.github/workflows/cli-build.yml +++ b/.github/workflows/cli-build.yml @@ -32,7 +32,7 @@ jobs: push: false load: false outputs: type=local,dest=. - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f id: upload with: name: cli-bin-${{ inputs.version }}-${{ inputs.target }} diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index d4cbb74c14807..d3ff0f6e36ce2 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -106,7 +106,7 @@ jobs: run: | mkdir -p /home/runner/archives docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar' - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: name: image-archives-${{ matrix.component }} path: /home/runner/archives @@ -253,7 +253,7 @@ jobs: run: | mkdir -p /home/runner/archives docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar' - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: name: image-archives-${{ matrix.component }} path: /home/runner/archives From c43850f6714f5dd5ad0434fdaa84d5d7fd4214fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 15:01:49 -0800 Subject: [PATCH 114/123] build(deps): bump helm.sh/helm/v3 from 3.19.2 to 3.19.4 (#14804) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.19.2 to 3.19.4. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.19.2...v3.19.4) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.19.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 63f3e06d97af6..86991b887f8e1 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,7 @@ require ( google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.0 google.golang.org/protobuf v1.36.11 gopkg.in/yaml.v2 v2.4.0 - helm.sh/helm/v3 v3.19.2 + helm.sh/helm/v3 v3.19.4 k8s.io/api v0.34.2 k8s.io/apiextensions-apiserver v0.34.2 k8s.io/apimachinery v0.34.2 @@ -77,7 +77,7 @@ require ( github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect - github.com/cyphar/filepath-securejoin v0.6.0 // indirect + github.com/cyphar/filepath-securejoin v0.6.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.2 // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect @@ -159,11 +159,11 @@ require ( gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/cli-runtime v0.34.0 // indirect + k8s.io/cli-runtime v0.34.2 // indirect k8s.io/component-base v0.34.2 // indirect k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f // indirect k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect - k8s.io/kubectl v0.34.0 // indirect + k8s.io/kubectl v0.34.2 // indirect oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect diff --git a/go.sum b/go.sum index cf02659f4b6ea..091493a9c4e7f 100644 --- a/go.sum +++ b/go.sum @@ -86,8 +86,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.6.0 h1:BtGB77njd6SVO6VztOHfPxKitJvd/VPT+OFBFMOi1Is= -github.com/cyphar/filepath-securejoin v0.6.0/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= +github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE= +github.com/cyphar/filepath-securejoin v0.6.1/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -725,8 +725,8 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -helm.sh/helm/v3 v3.19.2 h1:psQjaM8aIWrSVEly6PgYtLu/y6MRSmok4ERiGhZmtUY= -helm.sh/helm/v3 v3.19.2/go.mod h1:gX10tB5ErM+8fr7bglUUS/UfTOO8UUTYWIBH1IYNnpE= +helm.sh/helm/v3 v3.19.4 h1:E2yFBejmZBczWr5LblhjZbvAOAwVumfBO1AtN3nqI30= +helm.sh/helm/v3 v3.19.4/go.mod h1:PC1rk7PqacpkV4acUFMLStOOis7QM9Jq3DveHBInu4s= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -739,8 +739,8 @@ k8s.io/apiextensions-apiserver v0.34.2 h1:WStKftnGeoKP4AZRz/BaAAEJvYp4mlZGN0UCv+ k8s.io/apiextensions-apiserver v0.34.2/go.mod h1:398CJrsgXF1wytdaanynDpJ67zG4Xq7yj91GrmYN2SE= k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4= k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/cli-runtime v0.34.0 h1:N2/rUlJg6TMEBgtQ3SDRJwa8XyKUizwjlOknT1mB2Cw= -k8s.io/cli-runtime v0.34.0/go.mod h1:t/skRecS73Piv+J+FmWIQA2N2/rDjdYSQzEE67LUUs8= +k8s.io/cli-runtime v0.34.2 h1:cct1GEuWc3IyVT8MSCoIWzRGw9HJ/C5rgP32H60H6aE= +k8s.io/cli-runtime v0.34.2/go.mod h1:X13tsrYexYUCIq8MarCBy8lrm0k0weFPTpcaNo7lms4= k8s.io/client-go v0.34.2 h1:Co6XiknN+uUZqiddlfAjT68184/37PS4QAzYvQvDR8M= k8s.io/client-go v0.34.2/go.mod h1:2VYDl1XXJsdcAxw7BenFslRQX28Dxz91U9MWKjX97fE= k8s.io/code-generator v0.34.2 h1:9bG6jTxmsU3HXE5BNYJTC8AZ1D6hVVfkm8yYSkdkGY0= @@ -757,8 +757,8 @@ k8s.io/kube-aggregator v0.34.2 h1:Nn0Vksj67WHBL2x7bJ6vuxL44RbMTK6uRtXX+3vMVJk= k8s.io/kube-aggregator v0.34.2/go.mod h1:/tp4cc/1p2AvICsS4mjjSJakdrbhcGbRmj0mdHTdR2Q= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= -k8s.io/kubectl v0.34.0 h1:NcXz4TPTaUwhiX4LU+6r6udrlm0NsVnSkP3R9t0dmxs= -k8s.io/kubectl v0.34.0/go.mod h1:bmd0W5i+HuG7/p5sqicr0Li0rR2iIhXL0oUyLF3OjR4= +k8s.io/kubectl v0.34.2 h1:+fWGrVlDONMUmmQLDaGkQ9i91oszjjRAa94cr37hzqA= +k8s.io/kubectl v0.34.2/go.mod h1:X2KTOdtZZNrTWmUD4oHApJ836pevSl+zvC5sI6oO2YQ= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= From 7246e5692ecc97bf602673003988170dc2da94fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 15:02:10 -0800 Subject: [PATCH 115/123] build(deps-dev): bump webpack-bundle-analyzer in /web/app (#14802) Bumps [webpack-bundle-analyzer](https://github.com/webpack/webpack-bundle-analyzer) from 5.0.1 to 5.1.0. - [Changelog](https://github.com/webpack/webpack-bundle-analyzer/blob/main/CHANGELOG.md) - [Commits](https://github.com/webpack/webpack-bundle-analyzer/compare/v5.0.1...v5.1.0) --- updated-dependencies: - dependency-name: webpack-bundle-analyzer dependency-version: 5.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- web/app/package.json | 2 +- web/app/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/web/app/package.json b/web/app/package.json index 20bf0b2f478b0..8a7e3330af091 100644 --- a/web/app/package.json +++ b/web/app/package.json @@ -79,7 +79,7 @@ "style-loader": "^4.0.0", "url-loader": "^4.1.1", "webpack": "^5.103.0", - "webpack-bundle-analyzer": "5.0.1", + "webpack-bundle-analyzer": "5.1.0", "webpack-cli": "6.0.1", "webpack-dev-server": "5.2.2" }, diff --git a/web/app/yarn.lock b/web/app/yarn.lock index 53b7de73a0de6..7fa65dc2138aa 100644 --- a/web/app/yarn.lock +++ b/web/app/yarn.lock @@ -9986,10 +9986,10 @@ webidl-conversions@^7.0.0: resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-7.0.0.tgz#256b4e1882be7debbf01d05f0aa2039778ea080a" integrity sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g== -webpack-bundle-analyzer@5.0.1: - version "5.0.1" - resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-5.0.1.tgz#51bd8cc3bd991b70d5e6d54937827f01fe859633" - integrity sha512-PUp3YFOHysSw8t+13rcF+8o5SGaP/AZ5KnIF3qJfFodv4xJkmixnfcyy+LOwNadpzvyrEKpaMlewAG2sFUfdpw== +webpack-bundle-analyzer@5.1.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-5.1.0.tgz#f5f2af23eeb4558c506eec27ea6dc3a3d3d70115" + integrity sha512-WAWwIoIUx4yC2AEBqXbDkcmh/LzAaenv0+nISBflP5l+XIXO9/x6poWarGA3RTrfavk9H3oWQ64Wm0z26/UGKA== dependencies: "@discoveryjs/json-ext" "0.5.7" acorn "^8.0.4" From 011f24ead6ba2fa352c21b53518bb2011fc40a29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 15:04:55 -0800 Subject: [PATCH 116/123] build(deps): bump tj-actions/changed-files (#14799) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b to e0021407031f5be11a464abee9a0776171c79891. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b...e0021407031f5be11a464abee9a0776171c79891) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: e0021407031f5be11a464abee9a0776171c79891 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- .github/workflows/go.yml | 2 +- .github/workflows/integration.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index f0d11f42925f7..fbcd8cfe0c11d 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -9,7 +9,7 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - - uses: tj-actions/changed-files@abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b + - uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 id: changed with: files: | diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index d3ff0f6e36ce2..4cbfe300e5026 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - id: tag run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" - - uses: tj-actions/changed-files@abdd2f68ea150cee8f236d4a9fb4e0f2491abf1b + - uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 id: core with: files: | From 1b5e08163e8e6e0656be2e1eea2d4f9ee91073e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 15:15:54 -0800 Subject: [PATCH 117/123] build(deps): bump indexmap from 2.12.0 to 2.12.1 (#14785) Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.12.0 to 2.12.1. - [Changelog](https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md) - [Commits](https://github.com/indexmap-rs/indexmap/compare/2.12.0...2.12.1) --- updated-dependencies: - dependency-name: indexmap dependency-version: 2.12.1 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a7fda42d899f9..12aa4fab43bd8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -810,9 +810,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d" +checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" [[package]] name = "headers" @@ -1043,12 +1043,12 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" [[package]] name = "indexmap" -version = "2.12.0" +version = "2.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6717a8d2a5a929a1a2eb43a12812498ed141a0bcfb7e8f7844fbdbe4303bba9f" +checksum = "0ad4bb2b565bca0645f4d68c5c9af97fba094e9791da685bf83cb5f3ce74acf2" dependencies = [ "equivalent", - "hashbrown 0.16.0", + "hashbrown 0.16.1", ] [[package]] From 2aa3cebffa4c52105b866467bd01764957072cd6 Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Tue, 16 Dec 2025 18:44:57 -0500 Subject: [PATCH 118/123] fix(destination): properly deal with native sidecar port opacity in getProfile (#14791) (Extracted from #14566) When hitting pods directly at their their IPs, ports in native sidecars that were marked as opaque via the `config.linkerd.io/opaque-ports` annotation, weren't really being marked as opaque. More concretely, the issue layed in the getProfile API, that was forgoing init containers when iterating over containers in this particular case. Endpoint profile translator tests got expanded, testing for opaque ports in both init and regular containers. Signed-off-by: Ivan Porta --- .../endpoint_profile_translator_test.go | 68 +++++++++++++++---- .../destination/watcher/workload_watcher.go | 2 +- 2 files changed, 54 insertions(+), 16 deletions(-) diff --git a/controller/api/destination/endpoint_profile_translator_test.go b/controller/api/destination/endpoint_profile_translator_test.go index f9a3df8873c02..cbda933c03193 100644 --- a/controller/api/destination/endpoint_profile_translator_test.go +++ b/controller/api/destination/endpoint_profile_translator_test.go @@ -18,20 +18,49 @@ func TestEndpointProfileTranslator(t *testing.T) { // logging.SetLevel(logging.TraceLevel) // defer logging.SetLevel(logging.PanicLevel) + pod := corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + consts.ProxyOpaquePortsAnnotation: "sidecar,http", + }, + }, + Spec: corev1.PodSpec{ + InitContainers: []corev1.Container{ + corev1.Container{ + Ports: []corev1.ContainerPort{ + corev1.ContainerPort{ + Name: "sidecar", + ContainerPort: 8081, + }, + }, + }, + }, + Containers: []corev1.Container{ + corev1.Container{ + Ports: []corev1.ContainerPort{ + corev1.ContainerPort{ + Name: "http", + ContainerPort: 8080, + }, + }, + }, + }, + }, + } + addr := &watcher.Address{ IP: "10.10.11.11", Port: 8080, } - podAddr := &watcher.Address{ + podAddr1 := &watcher.Address{ IP: "10.10.11.11", Port: 8080, - Pod: &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - consts.ProxyOpaquePortsAnnotation: "8080", - }, - }, - }, + Pod: &pod, + } + podAddr2 := &watcher.Address{ + IP: "10.10.11.11", + Port: 8081, + Pod: &pod, } t.Run("Sends update", func(t *testing.T) { @@ -68,13 +97,22 @@ func TestEndpointProfileTranslator(t *testing.T) { case <-time.After(1 * time.Second): } - if err := translator.Update(podAddr); err != nil { + if err := translator.Update(podAddr1); err != nil { t.Fatal("Expected update") } - select { - case p := <-mockGetProfileServer.profilesReceived: - log.Debugf("Received update: %v", p) - case <-time.After(1 * time.Second): + + p1 := <-mockGetProfileServer.profilesReceived + if !p1.GetOpaqueProtocol() { + t.Errorf("Expected port 8080 to be opaque") + } + + if err := translator.Update(podAddr2); err != nil { + t.Fatal("Expected update") + } + + p2 := <-mockGetProfileServer.profilesReceived + if !p2.GetOpaqueProtocol() { + t.Errorf("Expected port 8081 to be opaque") } }) @@ -97,7 +135,7 @@ func TestEndpointProfileTranslator(t *testing.T) { // queue and we can test the overflow behavior. for i := 0; i < queueCapacity/2; i++ { - if err := translator.Update(podAddr); err != nil { + if err := translator.Update(podAddr1); err != nil { t.Fatal("Expected update") } select { @@ -118,7 +156,7 @@ func TestEndpointProfileTranslator(t *testing.T) { // The queue should be full and the next update should fail. t.Logf("Queue length=%d capacity=%d", translator.queueLen(), queueCapacity) - if err := translator.Update(podAddr); err == nil { + if err := translator.Update(podAddr1); err == nil { if !errors.Is(err, http.ErrServerClosed) { t.Fatalf("Expected update to fail; queue=%d; capacity=%d", translator.queueLen(), queueCapacity) } diff --git a/controller/api/destination/watcher/workload_watcher.go b/controller/api/destination/watcher/workload_watcher.go index e9660fcd5d153..17ecd153afde6 100644 --- a/controller/api/destination/watcher/workload_watcher.go +++ b/controller/api/destination/watcher/workload_watcher.go @@ -794,7 +794,7 @@ func GetAnnotatedOpaquePorts(pod *corev1.Pod, defaultPorts map[uint32]struct{}) return defaultPorts } opaquePorts := make(map[uint32]struct{}) - namedPorts := util.GetNamedPorts(pod.Spec.Containers) + namedPorts := util.GetNamedPorts(append(pod.Spec.InitContainers, pod.Spec.Containers...)) if annotation != "" { for _, pr := range util.ParseContainerOpaquePorts(annotation, namedPorts) { for _, port := range pr.Ports() { From d3020af7c07454ae2a2c265e2991d8b09a62217e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 16:54:53 -0800 Subject: [PATCH 119/123] build(deps): bump the kube group with 7 updates (#14797) Bumps the kube group with 7 updates: | Package | From | To | | --- | --- | --- | | [k8s.io/api](https://github.com/kubernetes/api) | `0.34.2` | `0.34.3` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.34.2` | `0.34.3` | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.34.2` | `0.34.3` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.34.2` | `0.34.3` | | [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.34.2` | `0.34.3` | | [k8s.io/endpointslice](https://github.com/kubernetes/endpointslice) | `0.34.2` | `0.34.3` | | [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) | `0.34.2` | `0.34.3` | Updates `k8s.io/api` from 0.34.2 to 0.34.3 - [Commits](https://github.com/kubernetes/api/compare/v0.34.2...v0.34.3) Updates `k8s.io/apiextensions-apiserver` from 0.34.2 to 0.34.3 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.34.2...v0.34.3) Updates `k8s.io/apimachinery` from 0.34.2 to 0.34.3 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.34.2...v0.34.3) Updates `k8s.io/client-go` from 0.34.2 to 0.34.3 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.34.2...v0.34.3) Updates `k8s.io/code-generator` from 0.34.2 to 0.34.3 - [Commits](https://github.com/kubernetes/code-generator/compare/v0.34.2...v0.34.3) Updates `k8s.io/endpointslice` from 0.34.2 to 0.34.3 - [Commits](https://github.com/kubernetes/endpointslice/compare/v0.34.2...v0.34.3) Updates `k8s.io/kube-aggregator` from 0.34.2 to 0.34.3 - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.34.2...v0.34.3) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/apimachinery dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/client-go dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/code-generator dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/endpointslice dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube - dependency-name: k8s.io/kube-aggregator dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kube ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- go.mod | 17 +++++++++-------- go.sum | 36 ++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 86991b887f8e1..ba6b84deca1d9 100644 --- a/go.mod +++ b/go.mod @@ -41,14 +41,14 @@ require ( google.golang.org/protobuf v1.36.11 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.19.4 - k8s.io/api v0.34.2 - k8s.io/apiextensions-apiserver v0.34.2 - k8s.io/apimachinery v0.34.2 - k8s.io/client-go v0.34.2 - k8s.io/code-generator v0.34.2 - k8s.io/endpointslice v0.34.2 + k8s.io/api v0.34.3 + k8s.io/apiextensions-apiserver v0.34.3 + k8s.io/apimachinery v0.34.3 + k8s.io/client-go v0.34.3 + k8s.io/code-generator v0.34.3 + k8s.io/endpointslice v0.34.3 k8s.io/klog/v2 v2.130.1 - k8s.io/kube-aggregator v0.34.2 + k8s.io/kube-aggregator v0.34.3 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 sigs.k8s.io/gateway-api v0.8.1 sigs.k8s.io/yaml v1.6.0 @@ -56,6 +56,7 @@ require ( require ( github.com/golang-jwt/jwt/v5 v5.3.0 // indirect + github.com/rogpeppe/go-internal v1.14.1 // indirect golang.org/x/net v0.48.0 // indirect ) @@ -160,7 +161,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/cli-runtime v0.34.2 // indirect - k8s.io/component-base v0.34.2 // indirect + k8s.io/component-base v0.34.3 // indirect k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f // indirect k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect k8s.io/kubectl v0.34.2 // indirect diff --git a/go.sum b/go.sum index 091493a9c4e7f..337afacc6a44a 100644 --- a/go.sum +++ b/go.sum @@ -368,8 +368,8 @@ github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0 github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= @@ -733,28 +733,28 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.34.2 h1:fsSUNZhV+bnL6Aqrp6O7lMTy6o5x2C4XLjnh//8SLYY= -k8s.io/api v0.34.2/go.mod h1:MMBPaWlED2a8w4RSeanD76f7opUoypY8TFYkSM+3XHw= -k8s.io/apiextensions-apiserver v0.34.2 h1:WStKftnGeoKP4AZRz/BaAAEJvYp4mlZGN0UCv+uvsqo= -k8s.io/apiextensions-apiserver v0.34.2/go.mod h1:398CJrsgXF1wytdaanynDpJ67zG4Xq7yj91GrmYN2SE= -k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4= -k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= +k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= +k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g= +k8s.io/apiextensions-apiserver v0.34.3/go.mod h1:aujxvqGFRdb/cmXYfcRTeppN7S2XV/t7WMEc64zB5A0= +k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= +k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= k8s.io/cli-runtime v0.34.2 h1:cct1GEuWc3IyVT8MSCoIWzRGw9HJ/C5rgP32H60H6aE= k8s.io/cli-runtime v0.34.2/go.mod h1:X13tsrYexYUCIq8MarCBy8lrm0k0weFPTpcaNo7lms4= -k8s.io/client-go v0.34.2 h1:Co6XiknN+uUZqiddlfAjT68184/37PS4QAzYvQvDR8M= -k8s.io/client-go v0.34.2/go.mod h1:2VYDl1XXJsdcAxw7BenFslRQX28Dxz91U9MWKjX97fE= -k8s.io/code-generator v0.34.2 h1:9bG6jTxmsU3HXE5BNYJTC8AZ1D6hVVfkm8yYSkdkGY0= -k8s.io/code-generator v0.34.2/go.mod h1:dnDDEd6S/z4uZ+PG1aE58ySCi/lR4+qT3a4DddE4/2I= -k8s.io/component-base v0.34.2 h1:HQRqK9x2sSAsd8+R4xxRirlTjowsg6fWCPwWYeSvogQ= -k8s.io/component-base v0.34.2/go.mod h1:9xw2FHJavUHBFpiGkZoKuYZ5pdtLKe97DEByaA+hHbM= -k8s.io/endpointslice v0.34.2 h1:rwG7vAB2Q3/GPeF7lOSvDSRhg184GSx1VHiqJ//2Ehw= -k8s.io/endpointslice v0.34.2/go.mod h1:YhcGfLXNyci+LOcTPyQkWosp+iUuXgVEIxWGlhLPyxU= +k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A= +k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM= +k8s.io/code-generator v0.34.3 h1:6ipJKsJZZ9q21BO8I2jEj4OLN3y8/1n4aihKN0xKmQk= +k8s.io/code-generator v0.34.3/go.mod h1:oW73UPYpGLsbRN8Ozkhd6ZzkF8hzFCiYmvEuWZDroI4= +k8s.io/component-base v0.34.3 h1:zsEgw6ELqK0XncCQomgO9DpUIzlrYuZYA0Cgo+JWpVk= +k8s.io/component-base v0.34.3/go.mod h1:5iIlD8wPfWE/xSHTRfbjuvUul2WZbI2nOUK65XL0E/c= +k8s.io/endpointslice v0.34.3 h1:32oWlrm3hetct8EPo+Y4kRWkBSQFAWt4+TkRCS6YeJU= +k8s.io/endpointslice v0.34.3/go.mod h1:FBwVCXSb/1NK7FYk+Bk8iDnzksui+/8TLpHpJL/cj2Y= k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f h1:SLb+kxmzfA87x4E4brQzB33VBbT2+x7Zq9ROIHmGn9Q= k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.34.2 h1:Nn0Vksj67WHBL2x7bJ6vuxL44RbMTK6uRtXX+3vMVJk= -k8s.io/kube-aggregator v0.34.2/go.mod h1:/tp4cc/1p2AvICsS4mjjSJakdrbhcGbRmj0mdHTdR2Q= +k8s.io/kube-aggregator v0.34.3 h1:rKsZWTD2As4dKuv+zzdJU0uo5H7bFlAEoSucai4mW6M= +k8s.io/kube-aggregator v0.34.3/go.mod h1:d4D8PV2FK4Qlq6u442FSum1tHPhK9tKdKBfH/A3R0I0= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= k8s.io/kubectl v0.34.2 h1:+fWGrVlDONMUmmQLDaGkQ9i91oszjjRAa94cr37hzqA= From 7556f2de5fd87e9e8cd761984b8291479baf6b81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Dec 2025 17:07:14 -0800 Subject: [PATCH 120/123] build(deps): bump rustls-pki-types from 1.13.0 to 1.13.1 (#14810) Bumps [rustls-pki-types](https://github.com/rustls/pki-types) from 1.13.0 to 1.13.1. - [Release notes](https://github.com/rustls/pki-types/releases) - [Commits](https://github.com/rustls/pki-types/compare/v/1.13.0...v/1.13.1) --- updated-dependencies: - dependency-name: rustls-pki-types dependency-version: 1.13.1 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 12aa4fab43bd8..69943d5c4bc05 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2112,9 +2112,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.13.0" +version = "1.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94182ad936a0c91c324cd46c6511b9510ed16af436d7b5bab34beab0afd55f7a" +checksum = "708c0f9d5f54ba0272468c1d306a52c495b31fa155e91bc25371e6df7996908c" dependencies = [ "zeroize", ] From 299cb2ff9415128e792a5b8e78d2f49aa6f3e093 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Dec 2025 17:07:47 -0800 Subject: [PATCH 121/123] build(deps): bump socket2 from 0.6.0 to 0.6.1 (#14811) Bumps [socket2](https://github.com/rust-lang/socket2) from 0.6.0 to 0.6.1. - [Release notes](https://github.com/rust-lang/socket2/releases) - [Changelog](https://github.com/rust-lang/socket2/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/socket2/compare/v0.6.0...v0.6.1) --- updated-dependencies: - dependency-name: socket2 dependency-version: 0.6.1 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 97 +++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 81 insertions(+), 16 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 69943d5c4bc05..bba823621156b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -757,7 +757,7 @@ dependencies = [ "cfg-if", "libc", "wasi 0.13.3+wasi-0.2.2", - "windows-targets", + "windows-targets 0.52.6", ] [[package]] @@ -2358,12 +2358,12 @@ checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" [[package]] name = "socket2" -version = "0.6.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "233504af464074f9d066d7b5416c5f9b894a5862a6506e306f7b816cdd6f1807" +checksum = "17129e116933cf371d018bb80ae557e889637989d8638274fb25622827b03881" dependencies = [ "libc", - "windows-sys 0.59.0", + "windows-sys 0.60.2", ] [[package]] @@ -2935,16 +2935,16 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets", + "windows-targets 0.52.6", ] [[package]] name = "windows-sys" -version = "0.59.0" +version = "0.60.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" dependencies = [ - "windows-targets", + "windows-targets 0.53.4", ] [[package]] @@ -2962,14 +2962,31 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_gnullvm", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm 0.52.6", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", +] + +[[package]] +name = "windows-targets" +version = "0.53.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d42b7b7f66d2a06854650af09cfdf8713e427a439c97ad65a6375318033ac4b" +dependencies = [ + "windows-link 0.2.0", + "windows_aarch64_gnullvm 0.53.1", + "windows_aarch64_msvc 0.53.1", + "windows_i686_gnu 0.53.1", + "windows_i686_gnullvm 0.53.1", + "windows_i686_msvc 0.53.1", + "windows_x86_64_gnu 0.53.1", + "windows_x86_64_gnullvm 0.53.1", + "windows_x86_64_msvc 0.53.1", ] [[package]] @@ -2978,48 +2995,96 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53" + [[package]] name = "windows_aarch64_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" +[[package]] +name = "windows_aarch64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006" + [[package]] name = "windows_i686_gnu" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" +[[package]] +name = "windows_i686_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3" + [[package]] name = "windows_i686_gnullvm" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" +[[package]] +name = "windows_i686_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c" + [[package]] name = "windows_i686_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" +[[package]] +name = "windows_i686_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2" + [[package]] name = "windows_x86_64_gnu" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" +[[package]] +name = "windows_x86_64_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499" + [[package]] name = "windows_x86_64_gnullvm" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1" + [[package]] name = "windows_x86_64_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" +[[package]] +name = "windows_x86_64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650" + [[package]] name = "wit-bindgen-rt" version = "0.33.0" From 7889cff627548b4c2856b1b271d78ec29e41c3c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Dec 2025 17:09:37 -0800 Subject: [PATCH 122/123] build(deps): bump hostname from 0.4.1 to 0.4.2 (#14787) Bumps [hostname](https://github.com/djc/hostname) from 0.4.1 to 0.4.2. - [Release notes](https://github.com/djc/hostname/releases) - [Commits](https://github.com/djc/hostname/compare/v0.4.1...v0.4.2) --- updated-dependencies: - dependency-name: hostname dependency-version: 0.4.2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ivan Porta --- Cargo.lock | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bba823621156b..43df07d54f952 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -274,7 +274,7 @@ dependencies = [ "iana-time-zone", "num-traits", "serde", - "windows-link 0.2.0", + "windows-link", ] [[package]] @@ -861,13 +861,13 @@ dependencies = [ [[package]] name = "hostname" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a56f203cd1c76362b69e3863fd987520ac36cf70a8c92627449b2f64a8cf7d65" +checksum = "617aaa3557aef3810a6369d0a99fac8a080891b68bd9f9812a1eeda0c0730cbd" dependencies = [ "cfg-if", "libc", - "windows-link 0.1.3", + "windows-link", ] [[package]] @@ -1363,7 +1363,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55" dependencies = [ "cfg-if", - "windows-link 0.2.0", + "windows-link", ] [[package]] @@ -1740,7 +1740,7 @@ dependencies = [ "libc", "redox_syscall", "smallvec", - "windows-link 0.2.0", + "windows-link", ] [[package]] @@ -2872,7 +2872,7 @@ checksum = "6844ee5416b285084d3d3fffd743b925a6c9385455f64f6d4fa3031c4c2749a9" dependencies = [ "windows-implement", "windows-interface", - "windows-link 0.2.0", + "windows-link", "windows-result", "windows-strings", ] @@ -2899,12 +2899,6 @@ dependencies = [ "syn", ] -[[package]] -name = "windows-link" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a" - [[package]] name = "windows-link" version = "0.2.0" @@ -2917,7 +2911,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7084dcc306f89883455a206237404d3eaf961e5bd7e0f312f7c91f57eb44167f" dependencies = [ - "windows-link 0.2.0", + "windows-link", ] [[package]] @@ -2926,7 +2920,7 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7218c655a553b0bed4426cf54b20d7ba363ef543b52d515b3e48d7fd55318dda" dependencies = [ - "windows-link 0.2.0", + "windows-link", ] [[package]] @@ -2953,7 +2947,7 @@ version = "0.61.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e201184e40b2ede64bc2ea34968b28e33622acdbbf37104f0e4a33f7abe657aa" dependencies = [ - "windows-link 0.2.0", + "windows-link", ] [[package]] From c4dea9bee98b3ccbf26b0aba0c0337f7fb641d69 Mon Sep 17 00:00:00 2001 From: Ivan Porta Date: Thu, 18 Dec 2025 20:07:48 +0900 Subject: [PATCH 123/123] Add new line in values-ha --- charts/linkerd-control-plane/values-ha.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/linkerd-control-plane/values-ha.yaml b/charts/linkerd-control-plane/values-ha.yaml index fcffca09630c3..e3b8cbc0701b3 100644 --- a/charts/linkerd-control-plane/values-ha.yaml +++ b/charts/linkerd-control-plane/values-ha.yaml @@ -60,4 +60,4 @@ webhookFailurePolicy: Fail spValidatorResources: *controller_resources # flag for linkerd check -highAvailability: true \ No newline at end of file +highAvailability: true