Releases: tigera/operator
Releases · tigera/operator
v1.30.0
26 May 2023
Included Calico versions
Calico version: v3.26.0
Calico Enterprise version: v3.16.1
Enhancements
- Check more indicators for EKS discovery #2615 (@tmjd)
- [Calico Enterprise] Application-Layer Policies via per-host/per-node envoy support #2218 (@electricjesus)
Bug fixes
- Move BGPFilter permissions from EE-only to OSS+EE in apiserver #2617 (@coutinhop)
- [Calico Enterprise] Removes named resource clause on applicationlayers resource. #2567 (@mikestephen)
- [RS-749] - Sets fluentd env vars for RS index replicas and shards. #2485 (@mikestephen)
Other changes
- Automated cherry pick of #2668: Fix! Windows needs c: prefix for the token path #2669 (@rene-dekker)
- [EV-3431] Add linseed resources to policy recommendation (#2621) #2667 (@dimitri-nicolo)
- Update CRDs #2666 (@tmjd)
- Revert "Add dynamic layers to tigera infra layer in SG EV-3506" #2663 (@vara2504)
- [Release 1.30] Update golang to 1.20.4 #2659 (@Behnam-Shobiri)
- Automated cherry pick of #2653: Remove GeoIP downloader from Elasticsearch as we have no #2655 (@rene-dekker)
- Remove GeoIP downloader from Elasticsearch as we have no use for it. #2653 (@rene-dekker)
- Merge pull request #2645 from sridhartigera/host-path-init #2651 (@sridhartigera)
- Cherry-pick #2639 Add dynamic layers to tigera infra layer in SG EV-3506 #2649 (@vara2504)
- Update CRDs [r1.30] #2648 (@tmjd)
- Use correct calico-node UID when running in non-privileged mode. #2645 (@sridhartigera)
- [Release 1.30] Update base image to UBI 8.8 #2641 (@Behnam-Shobiri)
- Update base image to UBI 8.8 #2640 (@Behnam-Shobiri)
- Add dynamic layers to tigera infra layer in SG EV-3506 #2639 (@vara2504)
- [v1.30] Enforce default deny for calico-system #2638 (@pasanw)
- [cherry-pick] Make es-gateway use rolling update instead of recreate strategy (#2632) #2637 (@asincu)
- Enforce default deny for calico-system #2636 (@pasanw)
- Update CRDs: felixconfigurations #2635 (@tmjd)
- [release-v1.30] Bump Prometheus version to v2.43.1 #2634 (@hjiawei)
- Update CRDs: felixconfigurations update #2633 (@tmjd)
- Make es-gateway use rolling update instead of recreate strategy #2632 (@asincu)
- Bump Prometheus version to v2.43.1 #2631 (@hjiawei)
- Update CRDs: felixconfigurations update [r1.30] #2629 (@tmjd)
- Check more indicators for EKS discovery [pick 2615, r1.30] #2627 (@tmjd)
- [1.30] Do not manage Kibana certs/secrets in Managed clusters #2625 (@pasanw)
- Do not manage Kibana certs/secrets in Managed clusters #2624 (@pasanw)
- Cherrypick Add policy to support nodelocal dnscache #2623 (@ti-afra)
- [EV-3431] Add linseed resources to policy recommendation #2621 (@dimitri-nicolo)
- Add policyrecommendationscopes to CRDs list #2620 (@danudey)
- [Cherry-pick] Rever secrets rbac & add rolling update strategy to linseed deployment #2616 (@asincu)
- Revert access to secrets for Linseed #2614 (@asincu)
- Egress gateway policy CRD update #2613 (@tmjd)
- Add policy to support nodelocal dnscache #2612 (@ti-afra)
- Fix! Linseed should have a rolling deployment strategy #2610 (@asincu)
- Cherry-pick iptables backend to 3.17 #2609 (@sridhartigera)
- [cherry-pick] Fix! Linseed controller needs get and create for secrets #2607 (@asincu)
- Handle iptablesbackend felix config changes in EGW controller #2606 (@sridhartigera)
- Fix! Linseed controller needs get and create for secrets #2605 (@asincu)
- s390x: build s390x binary and image #2604 (@huoqifeng)
- [Cherry-pick 1.30] Support Egress Gateway Policy resource - EE 3.17 #2602 (@mazdakn)
- Add egress gateway policy to API server RBAC #2600 (@mazdakn)
- migrate typha deployment affinities #2598 (@Tamas-Biro1)
- [cherry-pick] Compliance reporter needs access to flows #2597 (@asincu)
- Fix! Reporter is missing access to flows #2596 (@asincu)
- [Cherry-pick] Fix volumes for compliance and rbac roles for intrusion detection #2595 (@asincu)
- Fix! Mount linseed tokens as secret instead of config maps #2594 (@asincu)
- Fix! Missing rbac for flowlogs and snapshots and benchmarks #2593 (@asincu)
- A couple of development improvements #2590 (@caseydavenport)
- Update CRDs #2589 (@tmjd)
- Ensure precommit checks happen on PR code #2588 (@tmjd)
- [EV-3352][EV-3353] Update manager-role, network-admin and ui-user clu… #2587 (@dimitri-nicolo)
- Upgrade golang to v1.20.3 and k8s deps to 1.26 release #2586 (@hjiawei)
- Support for Linseed access tokens #2585 (@caseydavenport)
- Support Egress Gateway Policy resource #2584 (@mazdakn)
- [EV-2059] Create default PolicyRecommendationScope resource #2583 (@dimitri-nicolo)
- Add patch permissions to tigera-network-admin for services #2582 (@LorcanMcVeigh)
- Fix periodic reconcile logic #2576 (@pasanw)
- Allow connection between DPI and linseed #2575 (@asincu)
- Remove unused K8s registry #2574 (@tmjd)
- Add BGPFilter and ExternalNetwork RBAC to node #2573 (@coutinhop)
- Add shards and replicas to Linseed #2572 (@asincu)
- Updates for MCM with Linseed #2571 (@caseydavenport)
- Configure certificate path for Windows setup #2566 (@asincu)
- Prevent installation of PSPs in OCP in order to use SCCs instead #2564 (@mgleung)
- Update Calico Enterprise Compliance to use Linseed #2561 (@caseydavenport)
- check for cniLogging nil values before referencing #2559 (@ti-afra)
- Add PSP PolicyRule for anomaly detection detectors #2555 (@hjiawei)
- Automated cherry pick of #2551: Add clusterrolebinding for OCP w/ federation #2553 (@rene-dekker)
- Update CRDs #2548 (@ti-afra)
- Update readme #2547 (@MichalFupso)
- Update the CRDs #2544 (@rene-dekker)
- update go-build to v0.82 (golang 1.19.7) #2541 (@rene-dekker)
- Trim extraneous lines in operator CRD yamls #2539 (@tmjd)
- Bump alertmanager version to v0.25.0 #2538 (@hjiawei)
- Add patch permissions for services/status #2536 (@LorcanMcVeigh)
- [master] Add missing egress flow to Guardian access policy #2535 (@pasanw)
- Intrusion detection migration to Linseed API [#2532](https://github...
Contributors
danudey, electricjesus, and 20 other contributors
Assets 2
v1.28.13
17 May 2023
Included Calico versions
Calico version: v3.24.6
Calico Enterprise version: v3.15.3
Bug fixes
- Update pin to calico/bird image to fix node tests. calico #7564 (@coutinhop)
- Fix generation of
operator-crds.yamlmanifest. calico #7218 (@caseydavenport) - Fix incorrect cleanup in the service policy index after having both ingress and egress rules that reference the same service, resulting in missed IP set updates after one rule was deactivated. calico #7152 (@fasaxc)
- eBPF: CLTB resolves service when IPv4 is masked as IPv4. Commonly happens with gRPC. calico #7091 (@tomastigera)
- Disable VXLAN checksum offload by default for all kernels. calico #7007 (@pasanw)
- Fix panic in calico-node when invalid spoofed IP range provided on a pod. calico #7082 (@caseydavenport)
- Prevents node kube-controller's internal pod cache from getting out-of-sync, thus leaking memory. calico #7540 (@dilyevsky)
Other changes
- Remove usage of deprecated '--logtostderr' command line flag. calico #7616 (@coutinhop)
ocp.tgznow hosted on GitHub. calico #7213 (@caseydavenport)- By default, skip 'nodelocaldns' interface in IP auto-detection. calico #7108 (@caseydavenport)
Contributors
fasaxc, dilyevsky, and 4 other contributors
Assets 2
v1.28.12
v1.29.4
v1.29.3
v1.28.11
22 Mar 2023
Included Calico versions
Calico version: v3.24.5
Calico Enterprise version: v3.15.2
Other changes
- Prepare for release 3.15.2 #2570 (@danudey)
- Cherry pick (#2517) to rel-1.28 #2563 (@ti-afra)
- Add clusterrolebinding for OCP w/ federation #2551 (@rene-dekker)
- Automated cherry pick of #2541: Use golang 1.19.7 and controller-gen v0.11.3 #2549 (@rene-dekker)
- [1.28] Add missing egress flow to Guardian access policy #2533 (@pasanw)
- Update ECK to 2.6.1 #2528 (@rene-dekker)
- [release-v1.28] Bump Kibana version to v7.17.9 #2523 (@hjiawei)
- [release-v1.28] Bump Elasticsearch version to v7.17.9 #2521 (@hjiawei)
- [pick #2483] CSI driver should tolerate all like l7 and node [r1.28] #2509 (@tmjd)
- [Release 1.28] Update dependencies (cherry-pick 2500) #2502 (@Behnam-Shobiri)
- [release-v1.28] Mount legacy SSL_CERT_FILE in system-wide trust store #2490 (@hjiawei)
- Increase timeout to 20s #2479 (@rene-dekker)
- [1.28] Omit updates for NetworkPolicy/Tier when Spec is identical #2462 (@pasanw)
- [release-v1.28] Increase Elasticsearch readiness probe threshold and timeout #2458 (@hjiawei)
- Update pins for tigera/api and k8s.io #2449 (@tmjd)
- Automated cherry pick of #2446: Use the right registry for OSS cni-fips #2448 (@rene-dekker)
Contributors
danudey, hjiawei, and 5 other contributors
Assets 2
v1.29.2
16 Mar 2023
Included Calico versions
Calico version: v3.25.0
Calico Enterprise version: v3.16.1-1
Other changes
- Prepare EE v3.16.1-1 pre-release #2558 (@danudey)
- Automated cherry pick of #2551: Add clusterrolebinding for OCP w/ federation #2552 (@rene-dekker)
- Automated cherry pick of #2541: Use golang 1.19.7 and controller-gen v0.11.3 #2550 (@rene-dekker)
- [1.29] Add missing egress flow to Guardian access policy #2534 (@pasanw)
- Merge pull request #2516 from gantony/add_viewer_waf_runtime #2531 (@gantony)
- Automated cherry pick of #2528: Update ECK to 2.6.1 #2530 (@rene-dekker)
- release-v1.29 cherry pick of #2377: Fix race condition where trusted bundle is rendered twice #2526 (@ozdanborne)
- Add NET_RAW capability to ocp scc. (#2524) #2525 (@sridhartigera)
- [release-v1.29] Bump Kibana version to v7.17.9 #2522 (@hjiawei)
- [release-v1.29] Bump Elasticsearch version to v7.17.9 #2520 (@hjiawei)
- [release-v1.29] Add and update PodSecurityPolicy to match SecurityContext #2514 (@hjiawei)
- Cherry-pick PR 2499 #2512 (@sridhartigera)
- [pick #2483] CSI driver should tolerate all like l7 and node [r1.29] #2510 (@tmjd)
- [Release 1.29] Update dependencies (cherry-pick 2500) #2501 (@Behnam-Shobiri)
- (PICK release v1.29) Application-Layer Policies via per-host/per-node envoy support #2497 (@electricjesus)
- Fix EGW icmp probes (#2493) #2496 (@sridhartigera)
- Automated cherry pick of #2479: Increase timeout to 20s #2494 (@rene-dekker)
- [release-v1.29] Mount legacy SSL_CERT_FILE in system-wide trust store #2489 (@hjiawei)
Contributors
danudey, electricjesus, and 8 other contributors
Assets 2
v1.29.1
15 Feb 2023
Included Calico versions
Calico version: v3.25.0
Calico Enterprise version: v3.16.0
Other changes
- Prepare v3.16.0 #2480 (@rene-dekker)
- [release-v1.29] Add chown to the elastic init keystore container securitycontext #2477 (@hjiawei)
- [release-calient-v1.29] Don't render SecurityContext for Windows fluentd #2472 (@hjiawei)
- Cherry-pick openshift scc changes to 1.29 #2467 (@sridhartigera)
- [release-v1.29] Increase Elasticsearch readiness probe threshold and timeout #2457 (@hjiawei)
- [release-v1.29] Apply more restrictive SecurityContext to components #2455 (@hjiawei)
- [release-v1.29] Update runAsUser for es-proxy and aws securitygroup #2454 (@hjiawei)
- Omit updates for NetworkPolicy/Tier when Spec is identical #2450 (@pasanw)
- Automated cherry pick of #2446: Use the right registry for OSS cni-fips #2447 (@rene-dekker)
- Cherry-pick #2437 to v1.29 #2438 (@sridhartigera)
- Merge pull request #2432 from caseydavenport/casey-del-passthru #2436 (@sridhartigera)
- Cherry-pick #2427 to 1.29 #2430 (@sridhartigera)
- [release-v1.29] Allow query server talk to Prometheus #2426 (@hjiawei)
- [RS-707] - Allow tigera-ui-user to view WAF config (#2422) #2425 (@mikestephen)
- [pick 2421 r1.29] Move guardian hash annotation to podTemplate #2423 (@tmjd)
- Automated cherry pick of #2417: Remove max-tls-flag. It is no longer necessary for FIPS mode #2419 (@rene-dekker)
- Automated cherry pick of #2413: Add some missing certificates to the bundles of various #2416 (@rene-dekker)
- Automated cherry pick of #2390: Add private flexvol image (#2363) #2414 (@rene-dekker)
- [release-v1.29] Update ids controller healthz path #2409 (@hjiawei)
- Fix EGW upgrade and crd comments for doc (#2406) #2407 (@sridhartigera)
- Automated cherry pick of #2403: Fix: incompatible job spec caused controller to fail #2405 (@rene-dekker)
- Add externalNetwork to the EGW operator CRD (#2398) #2401 (@sridhartigera)
- Egress Gateway - operator changes (#2336) #2396 (@sridhartigera)
- Automated cherry pick of #2382: Run job until it eventually completes #2385 (@rene-dekker)
Contributors
mikestephen, hjiawei, and 4 other contributors
Assets 2
v1.28.10
28 Jan 2023
Included Calico versions
Calico version: v3.24.5
Calico Enterprise version: v3.15.1
Other changes
- Prepare EE v3.15.1 with Operator version v1.28.10 #2435 (@rene-dekker)
- [release-v1.28] Allow query server talk to Prometheus #2428 (@hjiawei)
- [pick 2421 r1.28] Move guardian hash annotation to podTemplate #2424 (@tmjd)
- Automated cherry pick of #2417: Remove max-tls-flag. It is no longer necessary for FIPS mode #2418 (@rene-dekker)
- Automated cherry pick of #2413: Add some missing certificates to the bundles of various #2415 (@rene-dekker)
- [release-v1.28] Update ids controller healthz path #2410 (@hjiawei)
- Automated cherry pick of #2403: Fix: incompatible job spec caused controller to fail #2404 (@rene-dekker)
Contributors
hjiawei, tmjd, and rene-dekker
Assets 2
v1.28.9
17 Jan 2023
Included Calico versions
Calico version: v3.24.5
Calico Enterprise version: v3.15.0-1
Other changes
- Prepare EE v3.15.0-1 pre release. #2400 (@rene-dekker)
- Automated cherry pick of #2390: Add private flexvol image (#2363) #2391 (@rene-dekker)
Contributors
rene-dekker