Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This release features some performance improvements: tokio has been
updated to pick up tokio-rs/tokio#4055, and link-time optimizations have
been enabled in release builds. These changes reduce CPU and memory
overhead in benchmarks.
Inbound policy enforcement has been updated so that TCP forwarding is
interrupted if a policy update revokes a previously-established
authorization. New metrics are exposed to reflect how policies are used
by the proxy:
inbound_http_authz_{allow,deny}_total
andinbound_tcp_authz_{allow,deny,terminate}_total
.The proxy's error metrics,
{inbound,outbound}_{http,tcp}_errors_total
,have been updated to include the traffic target. And the
traffic_addr
metric label is augmented by
target_ip
andtarget_port
labels tosupport more flexible prometheus queries.
Inbound TCP metrics now only include a
srv_name
label, as it can't beexpected for all inbound connections to include authorization labels
(hence the new authz metrics). However, all inbound HTTP metrics--except
for the HTTP errors metric, which includes only a
srv_name
label--include both
srv_name
andsaz_name
label.Finally, the inbound and outbound proxies now only exports
Route-oriented metrics when a ServiceProfile is enabled, preventing
redundant metrics from being exported with no differentiating labels.
f08860c
to3d0667a
(build(deps): bump trust-dns-resolver fromf08860c
to3d0667a
linkerd2-proxy#1225)3d0667a
tov0.21.0-alpha.2
(build(deps): bump trust-dns-resolver from3d0667a
tov0.21.0-alpha.2
linkerd2-proxy#1233)target_ip
andtarget_port
labels (metrics: Addtarget_ip
andtarget_port
labels linkerd2-proxy#1238)