v1.32.13

19 Dec 2024

Included Calico versions

Calico version: v3.27.5
Calico Enterprise version: v3.18.6

Note

This version of Operator is being released to support Calico Enterprise v3.18.6 and does not include any user-visible changes.

v1.32.12

28 Nov 2024

Included Calico versions

Calico version: v3.27.5
Calico Enterprise version: v3.18.5

Other changes

• Disable Policy Recommendation for Windows OS #3568 (@dimitri-nicolo)
• Set "system-node-critical" priority on calico-node-windows pods #3560 (@coutinhop)

v1.36.3

26 Nov 2024

Included Calico versions

Calico version: v3.29.1
Calico Enterprise version: v3.20.0-2.2

Note

This version of Operator is being released to support Calico Enterprise v3.20.0-2.2, and does not include any user-visible changes.

v1.36.2

21 Nov 2024

Included Calico versions

Calico version: v3.29.1
Calico Enterprise version: v3.20.0-2.0

Other changes

• [EV-5401] Add oidc certificate and configs for queryserver #3603 (@ti-afra)

v1.34.7

08 Nov 2024

Included Calico versions

Calico version: v3.28.2
Calico Enterprise version: v3.19.4

Other changes

• Update EGW status only if it has changed #3580 (@sridhartigera)
• Upgrade ES Kibana to 7.17.25 #3565 (@vara2504)
• Set "system-node-critical" priority on calico-node-windows pods #3559 (@coutinhop)
• Use restricted namespace for opensource calico-apiserver #3528 (@mihivagyok)
• the calico-apiserver namespace frequently get stuck for a long time in terminating status when upgrading to enterprise #3443 (@gcosgrave)

v.1.35.3

07 Nov 2024

Included Calico versions

Calico version: v3.28.1
Calico Enterprise version: v3.20.0-1.7

Other changes

• [v1.35] Respect HTTP proxies when rendering Guardian policy #3592 (@pasanw)
• [Pick #3489] Use restricted namespace for opensource calico-apiserver (v1.35) #3529 (@mihivagyok)

v1.36.1

05 Nov 2024

Included Calico versions

Calico version: v3.29.0
Calico Enterprise version: v3.20.0-2.0

Bug fixes

• Update EGW status only if it has changed #3579 (@sridhartigera)

v1.36.0

29 Oct 2024

Included Calico versions

Calico version: v3.29.0

Enhancements

• [CORE-10407] Add support for OpenShift HCP #3389 (@coutinhop)

Bug fixes

• Dynamically add network policy for apiserver egress with configured K8SServicEndpoint #3487 (@tmjd)

Other changes

• Upgrade Elasticsearch and Kibana to 7.17.25 #3561 (@vara2504)
• Set "system-node-critical" priority on calico-node-windows pod. #3557 (@coutinhop)
• Add tolerations for arm64 workloads on GKE. #3554 (@hjiawei)
• Remove Host Numeric rule from coreruleset. #3553 (@radixo)
• Reducing DPI readiness initial delay 90s -> 10s. #3551 (@bartolini)
• Introduce SidecarWebhook status field in ApplicationLayer for UI to determine when deployments can be patched with WAF. #3547 (@radixo)
• Use restricted namespace for opensource calico-apiserver. #3530 (@mihivagyok)
• Enable TPROXY support in ApplicationLayer component. #3522 (@electricjesus)
• Update CRDs. #3521, #3419 (@rene-dekker)
• Adding X-Frames-Options DENY header for Kibana. #3520 (@vikastigera)
• Removes enovyproxy-envoy, sidecar images for envoy. #3515 (@radixo)
• Fix sidecar envoy image. #3510 (@radixo)
• Reduce the number of restart for tigera-manager. #3505 (@asincu)
• Update Prometheus to v2.54.1 and AlertManager to v0.27.0 #3500 (@vikastigera)
• Render NonClusterHost resources. #3493 (@hjiawei)
• DPI Snort rules configurable via intrusiondetection CR. #3488 (@bartolini)
• Add new NonClusterHost resource for log ingestion. #3485 (@hjiawei)
• Add hostendpoints get and list to tigera ui and admin users. #3484 (@hjiawei)
• Respect HTTP proxies when rendering Guardian policy. #3475 (@pasanw)
• Add back services RBAC permissions. #3473 (@LorcanMcVeigh)
• Add IP pool config to disable new allocations. #3472 (@caseydavenport)
• Make capitalization of Dockerfile keywords consistent. #3466 (@rene-dekker)
• Change services permissions to deployments permissions. #3465 (@LorcanMcVeigh)
• Add sidecarInjection to ApplicationLayer resource. #3460 (@radixo)
• Rename and update tigera-crds clusterrole. #3458 (@ti-afra)
• Print image options and ImageSet utility. #3453 (@tmjd)
• Improve OpenShift platform detection accuracy. #3452 (@libesz)
• Fix apiserver certs issue when upgrading to enterprise. #3439 (@gcosgrave)
• Set default values for vxlanVNI and BPFHostConntrackBypass for DockerEE. #3435 (@sridhartigera)
• Bind all tenants to linseed RBAC. #3434 (@asincu)
• Add ES kube controllers as containers. #3430 (@asincu)
• Relax ImageSet validation. #3424 (@tmjd)
• Configure resources for es-kube-controllers via the tenant CR. #3423 (@asincu)
• Fix missing error message in tigerastatus object. #3417 (@rene-dekker)
• Change dashboard name for redirecting users after login. #3416 (@rene-dekker)
• Changes to enable nftables dataplane. #3412 (@caseydavenport)
• Bind all tenants service account for compliance server cluster role. #3411 (@asincu)
• Read elastic username from secrets. #3409 (@asincu)
• External Elastic client should use external certificate. #3407 (@asincu)
• Fix deadlock situation where two controller rely on the same secret. #3406 (@rene-dekker)
• Create namespace before certificates. #3403 (@asincu)
• CSI DaemonSet no longer uses the "default" ServiceAccount. #3399 (@caseydavenport)
• Port creating an MTLS client for ElasticSearch. #3395 (@asincu)
• Make intrusion detection multi-tenant aware. #3394 (@asincu)

v1.35.2

25 Oct 2024

Included Calico versions

Calico version: v3.28.1
Calico Enterprise version: v3.20.0-1.0

Other changes

• Webhooks updates. #3570 (@gantony)
• Set "system-node-critical" priority on calico-node-windows pod. #3558 (@coutinhop)
• Enable TPROXY support in ApplicationLayer component. #3527 (@radixo)

v1.34.6

21 Oct 2024

Included Calico versions

Calico version: v3.28.2
Calico Enterprise version: v3.19.3

Other changes

• Update elasticsearch and Kibana to v7.17.24 #3549 (@rene-dekker)
• Append TIGERA_TPROXY_ENABLED to per host envoy (#3518) #3526 (@radixo)
• Adding X-Frames-Options DENY header for Kibana #3519 (@vikastigera)