Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proxy: v2.155.0 #6802

Merged
merged 2 commits into from
Sep 3, 2021
Merged

proxy: v2.155.0 #6802

merged 2 commits into from
Sep 3, 2021

Conversation

olix0r
Copy link
Member

@olix0r olix0r commented Sep 3, 2021

This release features some performance improvements: tokio has been
updated to pick up tokio-rs/tokio#4055, and link-time optimizations have
been enabled in release builds. These changes reduce CPU and memory
overhead in benchmarks.

Inbound policy enforcement has been updated so that TCP forwarding is
interrupted if a policy update revokes a previously-established
authorization. New metrics are exposed to reflect how policies are used
by the proxy: inbound_http_authz_{allow,deny}_total and
inbound_tcp_authz_{allow,deny,terminate}_total.

The proxy's error metrics, {inbound,outbound}_{http,tcp}_errors_total,
have been updated to include the traffic target. And the traffic_addr
metric label is augmented by target_ip and target_port labels to
support more flexible prometheus queries.

Inbound TCP metrics now only include a srv_name label, as it can't be
expected for all inbound connections to include authorization labels
(hence the new authz metrics). However, all inbound HTTP metrics--except
for the HTTP errors metric, which includes only a srv_name
label--include both srv_name and saz_name label.

Finally, the inbound and outbound proxies now only exports
Route-oriented metrics when a ServiceProfile is enabled, preventing
redundant metrics from being exported with no differentiating labels.


This release features some performance improvements: tokio has been
updated to pick up tokio-rs/tokio#4055, and link-time optimizations have
been enabled in release builds. These changes reduce CPU and memory
overhead in benchmarks.

Inbound policy enforcement has been updated so that TCP forwarding is
interrupted if a policy update revokes a previously-established
authorization. New metrics are exposed to reflect how policies are used
by the proxy: `inbound_http_authz_{allow,deny}_total` and
`inbound_tcp_authz_{allow,deny,terminate}_total`.

The proxy's error metrics, `{inbound,outbound}_{http,tcp}_errors_total`,
have been updated to include the traffic target. And the `traffic_addr`
metric label is augmented by `target_ip` and `target_port` labels to
support more flexible prometheus queries.

Inbound TCP metrics now only include a `srv_name` label, as it can't be
expected for all inbound connections to include authorization labels
(hence the new authz metrics). However, all inbound HTTP metrics--except
for the HTTP errors metric, which includes only a `srv_name`
label--include both `srv_name` and `saz_name` label.

Finally, the inbound and outbound proxies now only exports
Route-oriented metrics when a ServiceProfile is enabled, preventing
redundant metrics from being exported with no differentiating labels.

---

* profiles: Avoid creating a default route stack (linkerd/linkerd2-proxy#1223)
* build(deps): bump arbitrary from 1.0.1 to 1.0.2 (linkerd/linkerd2-proxy#1224)
* build(deps): bump trust-dns-resolver from `f08860c` to `3d0667a` (linkerd/linkerd2-proxy#1225)
* build(deps): bump libc from 0.2.100 to 0.2.101 (linkerd/linkerd2-proxy#1226)
* Enable link-time optimizations (linkerd/linkerd2-proxy#1227)
* build(deps): bump serde_json from 1.0.66 to 1.0.67 (linkerd/linkerd2-proxy#1228)
* build(deps): bump flate2 from 1.0.20 to 1.0.21 (linkerd/linkerd2-proxy#1230)
* build(deps): bump thiserror from 1.0.26 to 1.0.28 (linkerd/linkerd2-proxy#1231)
* build(deps): bump futures from 0.3.16 to 0.3.17 (linkerd/linkerd2-proxy#1232)
* build(deps): bump parking_lot from 0.11.1 to 0.11.2 (linkerd/linkerd2-proxy#1234)
* build(deps): bump trust-dns-resolver from `3d0667a` to `v0.21.0-alpha.2` (linkerd/linkerd2-proxy#1233)
* Rename push_on_response to push_on_service (linkerd/linkerd2-proxy#1235)
* build(deps): bump tokio from 1.10.1 to 1.11.0 (linkerd/linkerd2-proxy#1236)
* metrics: Add `target_ip` and `target_port` labels (linkerd/linkerd2-proxy#1238)
* inbound: Improve policy metrics (linkerd/linkerd2-proxy#1237)
* inbound: Include server labels in tap responses (linkerd/linkerd2-proxy#1239)
* Revert rustc update for release builds
@olix0r olix0r requested a review from a team as a code owner September 3, 2021 03:45
Copy link
Contributor

@Pothulapati Pothulapati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :shipit:

@olix0r olix0r merged commit 1df507f into main Sep 3, 2021
@olix0r olix0r deleted the ver/proxy-155 branch September 3, 2021 05:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants