Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package linkerd-cli-edge for
openSUSE:Factory checked in at 2025-12-11 18:40:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/linkerd-cli-edge (Old)
and /work/SRC/openSUSE:Factory/.linkerd-cli-edge.new.1939 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "linkerd-cli-edge"
Thu Dec 11 18:40:25 2025 rev:60 rq:1322147 version:25.12.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/linkerd-cli-edge/linkerd-cli-edge.changes
2025-12-05 16:58:38.645466947 +0100
+++
/work/SRC/openSUSE:Factory/.linkerd-cli-edge.new.1939/linkerd-cli-edge.changes
2025-12-11 18:43:13.126205928 +0100
@@ -1,0 +2,20 @@
+Thu Dec 11 07:55:00 UTC 2025 - Johannes Kastl
<[email protected]>
+
+- Update to version 25.12.2:
+ CLI-related changes in the changelog
+ * fix(cli): improved support for native sidecar servers in
+ `linkerd check --proxy` (#14779)
+ * fix(cli): improved support for native sidecar servers in
+ `linkerd authz` (#14780)
+ Dependencies
+ * build(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2
+ (#14795)
+ * build(deps): bump DavidAnson/markdownlint-cli2-action from
+ 21.0.0 to 22.0.0 (#14794)
+ * build(deps): bump github.com/go-openapi/spec from 0.22.1 to
+ 0.22.2 (#14789)
+ * build(deps): bump golang.org/x/tools from 0.39.0 to 0.40.0
+ (#14790)
+ * build(deps): bump syn from 2.0.110 to 2.0.111 (#14783)
+
+-------------------------------------------------------------------
Old:
----
linkerd-cli-edge-25.12.1.obscpio
New:
----
linkerd-cli-edge-25.12.2.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ linkerd-cli-edge.spec ++++++
--- /var/tmp/diff_new_pack.dj4klL/_old 2025-12-11 18:43:14.102246937 +0100
+++ /var/tmp/diff_new_pack.dj4klL/_new 2025-12-11 18:43:14.102246937 +0100
@@ -19,7 +19,7 @@
%define linkerd_executable_name linkerd
Name: linkerd-cli-edge
-Version: 25.12.1
+Version: 25.12.2
Release: 0
Summary: CLI for the linkerd service mesh for Kubernetes
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.dj4klL/_old 2025-12-11 18:43:14.138248449 +0100
+++ /var/tmp/diff_new_pack.dj4klL/_new 2025-12-11 18:43:14.142248618 +0100
@@ -3,8 +3,8 @@
<param name="url">https://github.com/linkerd/linkerd2</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">edge-25.12.1</param>
- <param name="match-tag">edge-25.12.1</param>
+ <param name="revision">edge-25.12.2</param>
+ <param name="match-tag">edge-25.12.2</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">edge-(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.dj4klL/_old 2025-12-11 18:43:14.162249458 +0100
+++ /var/tmp/diff_new_pack.dj4klL/_new 2025-12-11 18:43:14.166249626 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/linkerd/linkerd2</param>
- <param
name="changesrevision">7a1a06cb8d9137eb29233a77304edd34892c9a43</param></service></servicedata>
+ <param
name="changesrevision">468ce74aa236f3576d6502dc3d27f63d03f85d63</param></service></servicedata>
(No newline at EOF)
++++++ linkerd-cli-edge-25.12.1.obscpio -> linkerd-cli-edge-25.12.2.obscpio
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linkerd-cli-edge-25.12.1/.proxy-version
new/linkerd-cli-edge-25.12.2/.proxy-version
--- old/linkerd-cli-edge-25.12.1/.proxy-version 2025-12-04 22:06:54.000000000
+0100
+++ new/linkerd-cli-edge-25.12.2/.proxy-version 2025-12-10 18:13:21.000000000
+0100
@@ -1 +1 @@
-v2.332.0
+v2.333.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linkerd-cli-edge-25.12.1/CHANGES.md
new/linkerd-cli-edge-25.12.2/CHANGES.md
--- old/linkerd-cli-edge-25.12.1/CHANGES.md 2025-12-04 22:06:54.000000000
+0100
+++ new/linkerd-cli-edge-25.12.2/CHANGES.md 2025-12-10 18:13:21.000000000
+0100
@@ -2441,7 +2441,8 @@
specifically for this use case and are rotated daily, replacing the usage of
the
default tokens injected by Kubernetes which are overly permissive.
-Note that this edge release updates the minimum supported kubernetes version
to 1.20.
+Note that this edge release updates the minimum supported kubernetes version to
+1.20.
* Updated the minimum supported kubernetes version to 1.20
* Use Service Account Token Volume Projections to set up the pods' identities;
@@ -2787,9 +2788,9 @@
## edge-21.8.3
This release adds support for dynamic inbound policies. The proxy now discovers
-policies from the policy-controller API for all application ports documented
in a
-pod spec. Rejected connections are logged. Policies are not yet reflected in
the
-proxy's metrics.
+policies from the policy-controller API for all application ports documented in
+a pod spec. Rejected connections are logged. Policies are not yet reflected in
+the proxy's metrics.
These policies also allow the proxy to skip protocol detection when a server is
explicitly annotated as HTTP/2 or when the server is documented to be opaque or
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linkerd-cli-edge-25.12.1/Cargo.lock
new/linkerd-cli-edge-25.12.2/Cargo.lock
--- old/linkerd-cli-edge-25.12.1/Cargo.lock 2025-12-04 22:06:54.000000000
+0100
+++ new/linkerd-cli-edge-25.12.2/Cargo.lock 2025-12-10 18:13:21.000000000
+0100
@@ -2380,9 +2380,9 @@
[[package]]
name = "syn"
-version = "2.0.110"
+version = "2.0.111"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "a99801b5bd34ede4cf3fc688c5919368fea4e4814a4664359503e6015b280aea"
+checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87"
dependencies = [
"proc-macro2",
"quote",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linkerd-cli-edge-25.12.1/TEST.md
new/linkerd-cli-edge-25.12.2/TEST.md
--- old/linkerd-cli-edge-25.12.1/TEST.md 2025-12-04 22:06:54.000000000
+0100
+++ new/linkerd-cli-edge-25.12.2/TEST.md 2025-12-10 18:13:21.000000000
+0100
@@ -192,8 +192,8 @@
```
**Note**: As stated above, if running tests in an existing KinD cluster by
-passing `--skip-cluster-create`, `bin/kind-load` must be run so that the
images are
-available to the cluster
+passing `--skip-cluster-create`, `bin/kind-load` must be run so that the images
+are available to the cluster
#### Special tests: cluster-domain, cni-calico-deep and multicluster
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/linkerd-cli-edge-25.12.1/controller/api/destination/watcher/k8s.go
new/linkerd-cli-edge-25.12.2/controller/api/destination/watcher/k8s.go
--- old/linkerd-cli-edge-25.12.1/controller/api/destination/watcher/k8s.go
2025-12-04 22:06:54.000000000 +0100
+++ new/linkerd-cli-edge-25.12.2/controller/api/destination/watcher/k8s.go
2025-12-10 18:13:21.000000000 +0100
@@ -145,7 +145,7 @@
// each of its containers' ports that exposes a host port, add
// that hostIP:hostPort endpoint to the indexer.
addrs := []string{}
- for _, c := range pod.Spec.Containers {
+ for _, c := range append(pod.Spec.InitContainers,
pod.Spec.Containers...) {
for _, p := range c.Ports {
if p.HostPort == 0 {
continue
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/linkerd-cli-edge-25.12.1/controller/api/destination/watcher/workload_watcher_test.go
new/linkerd-cli-edge-25.12.2/controller/api/destination/watcher/workload_watcher_test.go
---
old/linkerd-cli-edge-25.12.1/controller/api/destination/watcher/workload_watcher_test.go
2025-12-04 22:06:54.000000000 +0100
+++
new/linkerd-cli-edge-25.12.2/controller/api/destination/watcher/workload_watcher_test.go
2025-12-10 18:13:21.000000000 +0100
@@ -11,6 +11,7 @@
func TestIpWatcherGetPod(t *testing.T) {
podIP := "10.255.0.1"
hostIP := "172.0.0.1"
+ var hostPort0 uint32 = 22344
var hostPort1 uint32 = 22345
var hostPort2 uint32 = 22346
expectedPodName := "hostPortPod1"
@@ -21,9 +22,16 @@
name: hostPortPod1
namespace: ns
spec:
+ initContainers:
+ - image: test
+ name: hostPortInitContainer
+ ports:
+ - containerPort: 12344
+ hostPort: 22344
containers:
- image: test
name: hostPortContainer1
+ restartPolicy: Always
ports:
- containerPort: 12345
hostIP: 172.0.0.1
@@ -67,8 +75,20 @@
}),
}
+ // Get host IP pod that is mapped to the port `hostPort0` (in
an init container)
+ pod, err := ww.getPodByHostIP(hostIP, hostPort0)
+ if err != nil {
+ t.Fatalf("failed to get pod: %s", err)
+ }
+ if pod == nil {
+ t.Fatalf("failed to find pod mapped to %s:%d", hostIP,
hostPort1)
+ }
+ if pod.Name != expectedPodName {
+ t.Fatalf("expected pod name to be %s, but got %s",
expectedPodName, pod.Name)
+ }
+
// Get host IP pod that is mapped to the port `hostPort1`
- pod, err := ww.getPodByHostIP(hostIP, hostPort1)
+ pod, err = ww.getPodByHostIP(hostIP, hostPort1)
if err != nil {
t.Fatalf("failed to get pod: %s", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/linkerd-cli-edge-25.12.1/controller/proxy-injector/fake/data/filter-pod-opaque-ports.yaml
new/linkerd-cli-edge-25.12.2/controller/proxy-injector/fake/data/filter-pod-opaque-ports.yaml
---
old/linkerd-cli-edge-25.12.1/controller/proxy-injector/fake/data/filter-pod-opaque-ports.yaml
2025-12-04 22:06:54.000000000 +0100
+++
new/linkerd-cli-edge-25.12.2/controller/proxy-injector/fake/data/filter-pod-opaque-ports.yaml
2025-12-10 18:13:21.000000000 +0100
@@ -5,6 +5,12 @@
labels:
app: test
spec:
+ initContainers:
+ - name: memcached
+ image: memcached
+ restartPolicy: Always
+ ports:
+ - containerPort: 11211
containers:
- name: foo
image: mysql
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/linkerd-cli-edge-25.12.1/controller/proxy-injector/fake/data/filtered-pod-opaque-ports.json
new/linkerd-cli-edge-25.12.2/controller/proxy-injector/fake/data/filtered-pod-opaque-ports.json
---
old/linkerd-cli-edge-25.12.1/controller/proxy-injector/fake/data/filtered-pod-opaque-ports.json
2025-12-04 22:06:54.000000000 +0100
+++
new/linkerd-cli-edge-25.12.2/controller/proxy-injector/fake/data/filtered-pod-opaque-ports.json
2025-12-10 18:13:21.000000000 +0100
@@ -7,6 +7,6 @@
{
"op": "add",
"path": "/metadata/annotations/config.linkerd.io~1opaque-ports",
- "value": "3306"
+ "value": "11211,3306"
}
]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/linkerd-cli-edge-25.12.1/controller/proxy-injector/fake/data/pod-nativesidecar-inject-enabled.yaml
new/linkerd-cli-edge-25.12.2/controller/proxy-injector/fake/data/pod-nativesidecar-inject-enabled.yaml
---
old/linkerd-cli-edge-25.12.1/controller/proxy-injector/fake/data/pod-nativesidecar-inject-enabled.yaml
1970-01-01 01:00:00.000000000 +0100
+++
new/linkerd-cli-edge-25.12.2/controller/proxy-injector/fake/data/pod-nativesidecar-inject-enabled.yaml
2025-12-10 18:13:21.000000000 +0100
@@ -0,0 +1,28 @@
+kind: Pod
+apiVersion: apps/v1
+metadata:
+ name: nginx
+ namespace: kube-public
+ annotations:
+ linkerd.io/inject: enabled
+ config.linkerd.io/opaque-ports: memcached
+ labels:
+ app: nginx
+spec:
+ initContainers:
+ - name: memcached
+ image: memcached
+ restartPolicy: Always
+ ports:
+ - containerPort: 11211
+ name: memcached
+ containers:
+ - name: nginx
+ image: nginx
+ ports:
+ - name: http
+ containerPort: 80
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: 9090
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/linkerd-cli-edge-25.12.1/controller/proxy-injector/fake/data/pod.nativesidecar.patch.json
new/linkerd-cli-edge-25.12.2/controller/proxy-injector/fake/data/pod.nativesidecar.patch.json
---
old/linkerd-cli-edge-25.12.1/controller/proxy-injector/fake/data/pod.nativesidecar.patch.json
1970-01-01 01:00:00.000000000 +0100
+++
new/linkerd-cli-edge-25.12.2/controller/proxy-injector/fake/data/pod.nativesidecar.patch.json
2025-12-10 18:13:21.000000000 +0100
@@ -0,0 +1,438 @@
+[
+ {
+ "op": "add",
+ "path": "/metadata/annotations/linkerd.io~1proxy-version",
+ "value": "dev-undefined"
+ },
+ {
+ "op": "add",
+ "path": "/metadata/annotations/linkerd.io~1trust-root-sha256",
+ "value": "5090806bcf2daff5d54739ba02a8e7b919f7e62b2a46757e11089c916ec97fc2"
+ },
+ {
+ "op": "add",
+ "path": "/metadata/labels/linkerd.io~1control-plane-ns",
+ "value": "linkerd"
+ },
+ {
+ "op": "add",
+ "path": "/metadata/labels/linkerd.io~1proxy-deployment",
+ "value": "owner-deployment"
+ },
+ {
+ "op": "add",
+ "path": "/metadata/labels/linkerd.io~1workload-ns",
+ "value": "kube-public"
+ },
+ {
+ "op": "add",
+ "path": "/spec/volumes",
+ "value": []
+ },
+ {
+ "op": "add",
+ "path": "/spec/volumes/-",
+ "value": {
+ "emptyDir": {},
+ "name": "linkerd-proxy-init-xtables-lock"
+ }
+ },
+ {
+ "op": "add",
+ "path": "/spec/initContainers/-",
+ "value":
+ {
+ "args": [
+ "--firewall-bin-path",
+ "iptables-nft",
+ "--firewall-save-bin-path",
+ "iptables-nft-save",
+ "--ipv6=false",
+ "--incoming-proxy-port",
+ "4143",
+ "--outgoing-proxy-port",
+ "4140",
+ "--proxy-uid",
+ "2102",
+ "--inbound-ports-to-ignore",
+ "4190,4191,4567,4568",
+ "--outbound-ports-to-ignore",
+ "4567,4568"
+ ],
+ "command": [
+ "/usr/lib/linkerd/linkerd2-proxy-init"
+ ],
+ "image": "cr.l5d.io/linkerd/proxy:dev-undefined",
+ "imagePullPolicy": "IfNotPresent",
+ "name": "linkerd-init",
+ "resources": null,
+ "securityContext": {
+ "allowPrivilegeEscalation": false,
+ "capabilities": {
+ "add": [
+ "NET_ADMIN",
+ "NET_RAW"
+ ]
+ },
+ "privileged": false,
+ "readOnlyRootFilesystem": true,
+ "runAsGroup": 65534,
+ "runAsNonRoot": true,
+ "runAsUser": 65534,
+ "seccompProfile": {
+ "type": "RuntimeDefault"
+ }
+ },
+ "terminationMessagePolicy": "FallbackToLogsOnError",
+ "volumeMounts": [
+ {
+ "mountPath": "/run",
+ "name": "linkerd-proxy-init-xtables-lock"
+ }
+ ]
+ }
+ },
+ {
+ "op": "add",
+ "path": "/spec/volumes/-",
+ "value": {
+ "name": "linkerd-identity-end-entity",
+ "emptyDir": {
+ "medium": "Memory"
+ }
+ }
+ },
+ {
+ "op": "add",
+ "path": "/spec/volumes/-",
+ "value":
+ {
+ "name": "linkerd-identity-token",
+ "projected": {
+ "sources": [
+ {
+ "serviceAccountToken": {
+ "audience": "identity.l5d.io",
+ "expirationSeconds": 86400,
+ "path": "linkerd-identity-token"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "op": "add",
+ "path": "/spec/containers/0",
+ "value":
+ {
+ "env": [
+ {
+ "name": "_pod_name",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.name"
+ }
+ }
+ },
+ {
+ "name": "_pod_ns",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "_pod_uid",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.uid"
+ }
+ }
+ },
+ {
+ "name": "_pod_ip",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "status.podIP"
+ }
+ }
+ },
+ {
+ "name": "_pod_nodeName",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "spec.nodeName"
+ }
+ }
+ },
+ {
+ "name": "_pod_containerName",
+ "value": "linkerd-proxy"
+ },
+ {
+ "name": "LINKERD2_PROXY_CORES",
+ "value": "1"
+ },
+ {
+ "name": "LINKERD2_PROXY_CORES_MIN",
+ "value": "1"
+ },
+ {
+ "name": "LINKERD2_PROXY_SHUTDOWN_ENDPOINT_ENABLED",
+ "value": "false"
+ },
+ {
+ "name": "LINKERD2_PROXY_LOG",
+ "value":
"warn,linkerd=info,hickory=error,[{headers}]=off,[{request}]=off"
+ },
+ {
+ "name": "LINKERD2_PROXY_LOG_FORMAT",
+ "value": "plain"
+ },
+ {
+ "name": "LINKERD2_PROXY_DESTINATION_SVC_ADDR",
+ "value": "linkerd-dst-headless.linkerd.svc.cluster.local.:8086"
+ },
+ {
+ "name": "LINKERD2_PROXY_DESTINATION_PROFILE_NETWORKS",
+ "value":
"10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8"
+ },
+ {
+ "name": "LINKERD2_PROXY_POLICY_SVC_ADDR",
+ "value": "linkerd-policy.linkerd.svc.cluster.local.:8090"
+ },
+ {
+ "name": "LINKERD2_PROXY_POLICY_WORKLOAD",
+ "value": "{\"ns\":\"$(_pod_ns)\", \"pod\":\"$(_pod_name)\"}\n"
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_DEFAULT_POLICY",
+ "value": "all-unauthenticated"
+ },
+ {
+ "name": "LINKERD2_PROXY_POLICY_CLUSTER_NETWORKS",
+ "value":
"10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,fd00::/8"
+ },
+ {
+ "name": "LINKERD2_PROXY_CONTROL_STREAM_INITIAL_TIMEOUT",
+ "value": "3s"
+ },
+ {
+ "name": "LINKERD2_PROXY_CONTROL_STREAM_IDLE_TIMEOUT",
+ "value": "5m"
+ },
+ {
+ "name": "LINKERD2_PROXY_CONTROL_STREAM_LIFETIME",
+ "value": "1h"
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_CONNECT_TIMEOUT",
+ "value": "100ms"
+ },
+ {
+ "name": "LINKERD2_PROXY_OUTBOUND_CONNECT_TIMEOUT",
+ "value": "1000ms"
+ },
+ {
+ "name": "LINKERD2_PROXY_OUTBOUND_DISCOVERY_IDLE_TIMEOUT",
+ "value": "5s"
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT",
+ "value": "90s"
+ },
+ {
+ "name": "LINKERD2_PROXY_CONTROL_LISTEN_ADDR",
+ "value": "0.0.0.0:4190"
+ },
+ {
+ "name": "LINKERD2_PROXY_ADMIN_LISTEN_ADDR",
+ "value": "0.0.0.0:4191"
+ },
+ {
+ "name": "LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR",
+ "value": "127.0.0.1:4140"
+ },
+ {
+ "name": "LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS",
+ "value": "127.0.0.1:4140"
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_LISTEN_ADDR",
+ "value": "0.0.0.0:4143"
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_IPS",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "status.podIPs"
+ }
+ }
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_PORTS",
+ "value": "11211,80,9090"
+ },
+ {
+ "name": "LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES",
+ "value": "svc.cluster.local."
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_ACCEPT_KEEPALIVE",
+ "value": "10000ms"
+ },
+ {
+ "name": "LINKERD2_PROXY_OUTBOUND_CONNECT_KEEPALIVE",
+ "value": "10000ms"
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_ACCEPT_USER_TIMEOUT",
+ "value": "30s"
+ },
+ {
+ "name": "LINKERD2_PROXY_OUTBOUND_CONNECT_USER_TIMEOUT",
+ "value": "30s"
+ },
+ {
+ "name": "LINKERD2_PROXY_OUTBOUND_METRICS_HOSTNAME_LABELS",
+ "value": "false"
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL",
+ "value": "10s"
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT",
+ "value": "3s"
+ },
+ {
+ "name": "LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_INTERVAL",
+ "value": "10s"
+ },
+ {
+ "name": "LINKERD2_PROXY_OUTBOUND_SERVER_HTTP2_KEEP_ALIVE_TIMEOUT",
+ "value": "3s"
+ },
+ {
+ "name": "LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION",
+ "value": "11211"
+ },
+ {
+ "name": "LINKERD2_PROXY_DESTINATION_CONTEXT",
+ "value": "{\"ns\":\"$(_pod_ns)\",
\"nodeName\":\"$(_pod_nodeName)\", \"pod\":\"$(_pod_name)\"}\n"
+ },
+ {
+ "name": "_pod_sa",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "spec.serviceAccountName"
+ }
+ }
+ },
+ {
+ "name": "_l5d_ns",
+ "value": "linkerd"
+ },
+ {
+ "name": "_l5d_trustdomain",
+ "value": "cluster.local"
+ },
+ {
+ "name": "LINKERD2_PROXY_IDENTITY_DIR",
+ "value": "/var/run/linkerd/identity/end-entity"
+ },
+ {
+ "name": "LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS",
+ "value": "IdentityTrustAnchorsPEM\n"
+ },
+ {
+ "name": "LINKERD2_PROXY_IDENTITY_TOKEN_FILE",
+ "value": "/var/run/secrets/tokens/linkerd-identity-token"
+ },
+ {
+ "name": "LINKERD2_PROXY_IDENTITY_SVC_ADDR",
+ "value":
"linkerd-identity-headless.linkerd.svc.cluster.local.:8080"
+ },
+ {
+ "name": "LINKERD2_PROXY_IDENTITY_LOCAL_NAME",
+ "value":
"$(_pod_sa).$(_pod_ns).serviceaccount.identity.linkerd.cluster.local"
+ },
+ {
+ "name": "LINKERD2_PROXY_IDENTITY_SVC_NAME",
+ "value":
"linkerd-identity.linkerd.serviceaccount.identity.linkerd.cluster.local"
+ },
+ {
+ "name": "LINKERD2_PROXY_DESTINATION_SVC_NAME",
+ "value":
"linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local"
+ },
+ {
+ "name": "LINKERD2_PROXY_POLICY_SVC_NAME",
+ "value":
"linkerd-destination.linkerd.serviceaccount.identity.linkerd.cluster.local"
+ }
+ ],
+ "image": "cr.l5d.io/linkerd/proxy:dev-undefined",
+ "imagePullPolicy": "IfNotPresent",
+ "lifecycle": {
+ "postStart": {
+ "exec": {
+ "command": [
+ "/usr/lib/linkerd/linkerd-await",
+ "--timeout=2m",
+ "--port=4191"
+ ]
+ }
+ }
+ },
+ "livenessProbe": {
+ "httpGet": {
+ "path": "/live",
+ "port": 4191
+ },
+ "initialDelaySeconds": 10,
+ "timeoutSeconds": 1
+ },
+ "name": "linkerd-proxy",
+ "ports": [
+ {
+ "containerPort": 4143,
+ "name": "linkerd-proxy"
+ },
+ {
+ "containerPort": 4191,
+ "name": "linkerd-admin"
+ }
+ ],
+ "readinessProbe": {
+ "httpGet": {
+ "path": "/ready",
+ "port": 4191
+ },
+ "initialDelaySeconds": 2,
+ "timeoutSeconds": 1
+ },
+ "resources": null,
+ "securityContext": {
+ "allowPrivilegeEscalation": false,
+ "readOnlyRootFilesystem": true,
+ "runAsNonRoot": true,
+ "runAsUser": 2102,
+ "seccompProfile": {
+ "type": "RuntimeDefault"
+ }
+ },
+ "terminationMessagePolicy": "FallbackToLogsOnError",
+ "volumeMounts": [
+ {
+ "mountPath": "/var/run/linkerd/identity/end-entity",
+ "name": "linkerd-identity-end-entity"
+ },
+ {
+ "mountPath": "/var/run/secrets/tokens",
+ "name": "linkerd-identity-token"
+ }
+ ]
+ }
+ }
+]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/linkerd-cli-edge-25.12.1/controller/proxy-injector/webhook_test.go
new/linkerd-cli-edge-25.12.2/controller/proxy-injector/webhook_test.go
--- old/linkerd-cli-edge-25.12.1/controller/proxy-injector/webhook_test.go
2025-12-04 22:06:54.000000000 +0100
+++ new/linkerd-cli-edge-25.12.2/controller/proxy-injector/webhook_test.go
2025-12-10 18:13:21.000000000 +0100
@@ -263,6 +263,28 @@
t.Errorf("Expected empty patch")
}
})
+
+ t.Run("by injecting pod already having a native sidecar container",
func(t *testing.T) {
+ pod := fileContents(factory, t,
"pod-nativesidecar-inject-enabled.yaml")
+ fakeReq := getFakePodReq(pod)
+ fullConf := confNsDisabled().
+ WithKind(fakeReq.Kind.Kind).
+ WithOwnerRetriever(ownerRetrieverFake)
+ _, err = fullConf.ParseMetaAndYAML(fakeReq.Object.Raw)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ patchJSON, err := fullConf.GetPodPatch(true,
inject.GetOverriddenValues)
+ if err != nil {
+ t.Fatalf("Unexpected PatchForAdmissionRequest error:
%s", err)
+ }
+ actualPatch := unmarshalPatch(t, patchJSON)
+ _, expectedPatch := loadPatch(factory, t,
"pod.nativesidecar.patch.json")
+ if diff := deep.Equal(expectedPatch, actualPatch); diff != nil {
+ t.Fatalf("The actual patch didn't match what was
expected.\n%+v", diff)
+ }
+ })
}
func TestGetAnnotationPatch(t *testing.T) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linkerd-cli-edge-25.12.1/go.mod
new/linkerd-cli-edge-25.12.2/go.mod
--- old/linkerd-cli-edge-25.12.1/go.mod 2025-12-04 22:06:54.000000000 +0100
+++ new/linkerd-cli-edge-25.12.2/go.mod 2025-12-10 18:13:21.000000000 +0100
@@ -13,7 +13,7 @@
github.com/evanphx/json-patch v5.9.11+incompatible
github.com/fatih/color v1.18.0
github.com/fsnotify/fsnotify v1.9.0
- github.com/go-openapi/spec v0.22.1
+ github.com/go-openapi/spec v0.22.2
github.com/go-test/deep v1.1.1
github.com/golang/protobuf v1.5.4
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674
@@ -35,7 +35,7 @@
github.com/spf13/cobra v1.10.2
github.com/spf13/pflag v1.0.10
go.opencensus.io v0.24.0
- golang.org/x/tools v0.39.0
+ golang.org/x/tools v0.40.0
google.golang.org/grpc v1.77.0
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.0
google.golang.org/protobuf v1.36.10
@@ -56,7 +56,7 @@
require (
github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
- golang.org/x/net v0.47.0 // indirect
+ golang.org/x/net v0.48.0 // indirect
)
require (
@@ -84,16 +84,16 @@
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-logr/logr v1.4.3 // indirect
- github.com/go-openapi/jsonpointer v0.22.1 // indirect
- github.com/go-openapi/jsonreference v0.21.3 // indirect
+ github.com/go-openapi/jsonpointer v0.22.4 // indirect
+ github.com/go-openapi/jsonreference v0.21.4 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
- github.com/go-openapi/swag/conv v0.25.1 // indirect
- github.com/go-openapi/swag/jsonname v0.25.1 // indirect
- github.com/go-openapi/swag/jsonutils v0.25.1 // indirect
- github.com/go-openapi/swag/loading v0.25.1 // indirect
- github.com/go-openapi/swag/stringutils v0.25.1 // indirect
- github.com/go-openapi/swag/typeutils v0.25.1 // indirect
- github.com/go-openapi/swag/yamlutils v0.25.1 // indirect
+ github.com/go-openapi/swag/conv v0.25.4 // indirect
+ github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+ github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+ github.com/go-openapi/swag/loading v0.25.4 // indirect
+ github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+ github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+ github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da //
indirect
@@ -142,14 +142,14 @@
go.opentelemetry.io/otel/trace v1.38.0 // indirect
go.yaml.in/yaml/v2 v2.4.3 // indirect
go.yaml.in/yaml/v3 v3.0.4 // indirect
- golang.org/x/crypto v0.45.0 // indirect
- golang.org/x/mod v0.30.0 // indirect
+ golang.org/x/crypto v0.46.0 // indirect
+ golang.org/x/mod v0.31.0 // indirect
golang.org/x/oauth2 v0.32.0 // indirect
- golang.org/x/sync v0.18.0 // indirect
- golang.org/x/sys v0.38.0 // indirect
- golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect
- golang.org/x/term v0.37.0 // indirect
- golang.org/x/text v0.31.0 // indirect
+ golang.org/x/sync v0.19.0 // indirect
+ golang.org/x/sys v0.39.0 // indirect
+ golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc // indirect
+ golang.org/x/term v0.38.0 // indirect
+ golang.org/x/text v0.32.0 // indirect
golang.org/x/time v0.12.0 // indirect
golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated //
indirect
golang.org/x/tools/godoc v0.1.0-deprecated // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linkerd-cli-edge-25.12.1/go.sum
new/linkerd-cli-edge-25.12.2/go.sum
--- old/linkerd-cli-edge-25.12.1/go.sum 2025-12-04 22:06:54.000000000 +0100
+++ new/linkerd-cli-edge-25.12.2/go.sum 2025-12-10 18:13:21.000000000 +0100
@@ -140,30 +140,32 @@
github.com/go-logr/logr v1.4.3/go.mod
h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod
h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/jsonpointer v0.22.1
h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk=
-github.com/go-openapi/jsonpointer v0.22.1/go.mod
h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM=
-github.com/go-openapi/jsonreference v0.21.3
h1:96Dn+MRPa0nYAR8DR1E03SblB5FJvh7W6krPI0Z7qMc=
-github.com/go-openapi/jsonreference v0.21.3/go.mod
h1:RqkUP0MrLf37HqxZxrIAtTWW4ZJIK1VzduhXYBEeGc4=
-github.com/go-openapi/spec v0.22.1
h1:beZMa5AVQzRspNjvhe5aG1/XyBSMeX1eEOs7dMoXh/k=
-github.com/go-openapi/spec v0.22.1/go.mod
h1:c7aeIQT175dVowfp7FeCvXXnjN/MrpaONStibD2WtDA=
+github.com/go-openapi/jsonpointer v0.22.4
h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4=
+github.com/go-openapi/jsonpointer v0.22.4/go.mod
h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80=
+github.com/go-openapi/jsonreference v0.21.4
h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8=
+github.com/go-openapi/jsonreference v0.21.4/go.mod
h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4=
+github.com/go-openapi/spec v0.22.2
h1:KEU4Fb+Lp1qg0V4MxrSCPv403ZjBl8Lx1a83gIPU8Qc=
+github.com/go-openapi/spec v0.22.2/go.mod
h1:iIImLODL2loCh3Vnox8TY2YWYJZjMAKYyLH2Mu8lOZs=
github.com/go-openapi/swag v0.23.0
h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
github.com/go-openapi/swag v0.23.0/go.mod
h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
-github.com/go-openapi/swag/conv v0.25.1
h1:+9o8YUg6QuqqBM5X6rYL/p1dpWeZRhoIt9x7CCP+he0=
-github.com/go-openapi/swag/conv v0.25.1/go.mod
h1:Z1mFEGPfyIKPu0806khI3zF+/EUXde+fdeksUl2NiDs=
-github.com/go-openapi/swag/jsonname v0.25.1
h1:Sgx+qbwa4ej6AomWC6pEfXrA6uP2RkaNjA9BR8a1RJU=
-github.com/go-openapi/swag/jsonname v0.25.1/go.mod
h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo=
-github.com/go-openapi/swag/jsonutils v0.25.1
h1:AihLHaD0brrkJoMqEZOBNzTLnk81Kg9cWr+SPtxtgl8=
-github.com/go-openapi/swag/jsonutils v0.25.1/go.mod
h1:JpEkAjxQXpiaHmRO04N1zE4qbUEg3b7Udll7AMGTNOo=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1
h1:DSQGcdB6G0N9c/KhtpYc71PzzGEIc/fZ1no35x4/XBY=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1/go.mod
h1:kjmweouyPwRUEYMSrbAidoLMGeJ5p6zdHi9BgZiqmsg=
-github.com/go-openapi/swag/loading v0.25.1
h1:6OruqzjWoJyanZOim58iG2vj934TysYVptyaoXS24kw=
-github.com/go-openapi/swag/loading v0.25.1/go.mod
h1:xoIe2EG32NOYYbqxvXgPzne989bWvSNoWoyQVWEZicc=
-github.com/go-openapi/swag/stringutils v0.25.1
h1:Xasqgjvk30eUe8VKdmyzKtjkVjeiXx1Iz0zDfMNpPbw=
-github.com/go-openapi/swag/stringutils v0.25.1/go.mod
h1:JLdSAq5169HaiDUbTvArA2yQxmgn4D6h4A+4HqVvAYg=
-github.com/go-openapi/swag/typeutils v0.25.1
h1:rD/9HsEQieewNt6/k+JBwkxuAHktFtH3I3ysiFZqukA=
-github.com/go-openapi/swag/typeutils v0.25.1/go.mod
h1:9McMC/oCdS4BKwk2shEB7x17P6HmMmA6dQRtAkSnNb8=
-github.com/go-openapi/swag/yamlutils v0.25.1
h1:mry5ez8joJwzvMbaTGLhw8pXUnhDK91oSJLDPF1bmGk=
-github.com/go-openapi/swag/yamlutils v0.25.1/go.mod
h1:cm9ywbzncy3y6uPm/97ysW8+wZ09qsks+9RS8fLWKqg=
+github.com/go-openapi/swag/conv v0.25.4
h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
+github.com/go-openapi/swag/conv v0.25.4/go.mod
h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
+github.com/go-openapi/swag/jsonname v0.25.4
h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
+github.com/go-openapi/swag/jsonname v0.25.4/go.mod
h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
+github.com/go-openapi/swag/jsonutils v0.25.4
h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
+github.com/go-openapi/swag/jsonutils v0.25.4/go.mod
h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4
h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod
h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
+github.com/go-openapi/swag/loading v0.25.4
h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
+github.com/go-openapi/swag/loading v0.25.4/go.mod
h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
+github.com/go-openapi/swag/stringutils v0.25.4
h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
+github.com/go-openapi/swag/stringutils v0.25.4/go.mod
h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
+github.com/go-openapi/swag/typeutils v0.25.4
h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
+github.com/go-openapi/swag/typeutils v0.25.4/go.mod
h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
+github.com/go-openapi/swag/yamlutils v0.25.4
h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
+github.com/go-openapi/swag/yamlutils v0.25.4/go.mod
h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2
h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod
h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
github.com/go-openapi/testify/v2 v2.0.2
h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
github.com/go-openapi/testify/v2 v2.0.2/go.mod
h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
github.com/go-task/slim-sprig/v3 v3.0.0
h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
@@ -366,8 +368,8 @@
github.com/redis/go-redis/v9 v9.7.3/go.mod
h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA=
github.com/rogpeppe/fastuuid v1.2.0/go.mod
h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod
h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.14.1
h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
-github.com/rogpeppe/go-internal v1.14.1/go.mod
h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
+github.com/rogpeppe/go-internal v1.13.1
h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod
h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/russross/blackfriday/v2 v2.1.0
h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod
h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ=
@@ -473,8 +475,8 @@
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod
h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod
h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod
h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -505,8 +507,8 @@
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod
h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
-golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -528,8 +530,8 @@
golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod
h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -545,8 +547,8 @@
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
-golang.org/x/sync v0.18.0/go.mod
h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod
h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -572,19 +574,19 @@
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54
h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo=
-golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod
h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
-golang.org/x/term v0.37.0/go.mod
h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc
h1:bH6xUXay0AIFMElXG2rQ4uiE+7ncwtiOdPfYK1NK2XA=
+golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc/go.mod
h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod
h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod
h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod
h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -622,8 +624,8 @@
golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod
h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod
h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod
h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
-golang.org/x/tools v0.39.0/go.mod
h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod
h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
golang.org/x/tools/go/expect v0.1.0-deprecated
h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY=
golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod
h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated
h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/linkerd-cli-edge-25.12.1/pkg/healthcheck/healthcheck.go
new/linkerd-cli-edge-25.12.2/pkg/healthcheck/healthcheck.go
--- old/linkerd-cli-edge-25.12.1/pkg/healthcheck/healthcheck.go 2025-12-04
22:06:54.000000000 +0100
+++ new/linkerd-cli-edge-25.12.2/pkg/healthcheck/healthcheck.go 2025-12-10
18:13:21.000000000 +0100
@@ -2492,7 +2492,7 @@
func checkPodPorts(service *corev1.Service, pod *corev1.Pod, podPorts
[]string, port int) error {
for _, sp := range service.Spec.Ports {
if int(sp.Port) == port {
- for _, c := range pod.Spec.Containers {
+ for _, c := range append(pod.Spec.InitContainers,
pod.Spec.Containers...) {
for _, cp := range c.Ports {
if cp.ContainerPort ==
sp.TargetPort.IntVal || cp.Name == sp.TargetPort.StrVal {
// The pod exposes a container
port that would be
@@ -2544,7 +2544,7 @@
// port to check.
continue
}
- for _, c := range pod.Spec.Containers {
+ for _, c := range append(pod.Spec.InitContainers,
pod.Spec.Containers...) {
for _, cp := range c.Ports {
if int(cp.ContainerPort) == port {
// This is the containerPort that maps
to the opaque port
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/linkerd-cli-edge-25.12.1/pkg/healthcheck/healthcheck_test.go
new/linkerd-cli-edge-25.12.2/pkg/healthcheck/healthcheck_test.go
--- old/linkerd-cli-edge-25.12.1/pkg/healthcheck/healthcheck_test.go
2025-12-04 22:06:54.000000000 +0100
+++ new/linkerd-cli-edge-25.12.2/pkg/healthcheck/healthcheck_test.go
2025-12-10 18:13:21.000000000 +0100
@@ -2973,6 +2973,62 @@
},
expected: nil,
},
+ {
+ resources: []string{`
+apiVersion: v1
+kind: Service
+metadata:
+ name: svc
+ namespace: test-ns
+ annotations:
+ config.linkerd.io/opaque-ports: "9200"
+spec:
+ selector:
+ app: test
+ ports:
+ - name: test
+ port: 9200
+ targetPort: 9200
+`,
+ `
+apiVersion: v1
+kind: Pod
+metadata:
+ name: pod
+ namespace: test-ns
+ labels:
+ app: test
+spec:
+ initContainers:
+ - name: test
+ image: test
+ restartPolicy: Always
+ ports:
+ - name: test
+ containerPort: 9200
+`,
+ `
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: svc
+ namespace: test-ns
+subsets:
+- addresses:
+ - ip: 10.244.3.12
+ nodeName: nod
+ targetRef:
+ kind: Pod
+ name: pod
+ namespace: test-ns
+ ports:
+ - name: test
+ port: 9200
+ protocol: TCP
+`,
+ },
+ expected: fmt.Errorf("\t* service svc expects target
port 9200 to be opaque; add it to pod pod config.linkerd.io/opaque-ports
annotation"),
+ },
}
for i, tc := range testCases {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linkerd-cli-edge-25.12.1/pkg/inject/inject.go
new/linkerd-cli-edge-25.12.2/pkg/inject/inject.go
--- old/linkerd-cli-edge-25.12.1/pkg/inject/inject.go 2025-12-04
22:06:54.000000000 +0100
+++ new/linkerd-cli-edge-25.12.2/pkg/inject/inject.go 2025-12-10
18:13:21.000000000 +0100
@@ -197,7 +197,7 @@
namedPorts := make(map[string]int32)
if rc.HasPodTemplate() {
- namedPorts = util.GetNamedPorts(rc.pod.spec.Containers)
+ namedPorts =
util.GetNamedPorts(append(rc.pod.spec.InitContainers,
rc.pod.spec.Containers...))
}
ApplyAnnotationOverrides(copyValues, rc.GetAnnotationOverrides(),
rc.GetLabelOverrides(), namedPorts)
@@ -854,7 +854,7 @@
// are also in the given default opaque ports list.
func (conf *ResourceConfig) FilterPodOpaquePorts(defaultPorts []string)
[]string {
var filteredPorts []string
- for _, c := range conf.pod.spec.Containers {
+ for _, c := range append(conf.pod.spec.InitContainers,
conf.pod.spec.Containers...) {
for _, p := range c.Ports {
port := strconv.Itoa(int(p.ContainerPort))
if util.ContainsString(port, defaultPorts) {
@@ -1366,7 +1366,7 @@
func getPodInboundPorts(podSpec *corev1.PodSpec) string {
ports := make(map[int32]struct{})
if podSpec != nil {
- for _, container := range podSpec.Containers {
+ for _, container := range append(podSpec.InitContainers,
podSpec.Containers...) {
for _, port := range container.Ports {
ports[port.ContainerPort] = struct{}{}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linkerd-cli-edge-25.12.1/pkg/k8s/policy.go
new/linkerd-cli-edge-25.12.2/pkg/k8s/policy.go
--- old/linkerd-cli-edge-25.12.1/pkg/k8s/policy.go 2025-12-04
22:06:54.000000000 +0100
+++ new/linkerd-cli-edge-25.12.2/pkg/k8s/policy.go 2025-12-10
18:13:21.000000000 +0100
@@ -247,7 +247,7 @@
for _, pod := range pods {
if selector.Matches(labels.Set(pod.Labels)) {
- for _, container := range pod.Spec.Containers {
+ for _, container := range
append(pod.Spec.InitContainers, pod.Spec.Containers...) {
for _, p := range container.Ports {
if server.Spec.Port.IntVal ==
p.ContainerPort || server.Spec.Port.StrVal == p.Name {
return true
++++++ linkerd-cli-edge.obsinfo ++++++
--- /var/tmp/diff_new_pack.dj4klL/_old 2025-12-11 18:43:15.866321055 +0100
+++ /var/tmp/diff_new_pack.dj4klL/_new 2025-12-11 18:43:15.874321392 +0100
@@ -1,5 +1,5 @@
name: linkerd-cli-edge
-version: 25.12.1
-mtime: 1764882414
-commit: 7a1a06cb8d9137eb29233a77304edd34892c9a43
+version: 25.12.2
+mtime: 1765386801
+commit: 468ce74aa236f3576d6502dc3d27f63d03f85d63
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/linkerd-cli-edge/vendor.tar.gz
/work/SRC/openSUSE:Factory/.linkerd-cli-edge.new.1939/vendor.tar.gz differ:
char 140, line 1
