v1.30.5

04 Aug 2023

Included Calico versions

Calico version: v3.26.1
Calico Enterprise version: v3.17.1

Changes

• Update operator bundle generation code #2749 (@lwr20)
• Remove duplicate Felix Health Port for Openshift #2796 (@rene-dekker)
• Certs: Returning specific error type when key usage is #2791 (@rene-dekker)
• Add SecurityContext for Prometheus service container #2788 (@hjiawei)
• Fix EGW deployment in openshift 4.13 #2780 (@sridhartigera)
• Recreate certificates that are only specified to be used as server certs [r1.30] #2778 (@tmjd)
• Openshift PodSecurity #2763 (@MichalFupso)
• Add PSPs for dex and policy recommendation #2762 (@hjiawei)
• Add watch for managed cluster linseed cert in compliance [r1.30] #2754 (@tmjd)
• Adjust linseed probe timeout and period seconds #2750 (@hjiawei)
• Don't use subPath on windows: #2745 (@rene-dekker)
• Use internal manager tls certificate for es-proxy and linseed (#2739) #2742 (@asincu)
• Update golang to 1.20.6 #2736 (@Behnam-Shobiri)
• Update ES&KB to v7.17.11. #2733 (@rene-dekker)
• Revert k8s 1.26 update [r1.30] #2729 (@tmjd)
• Add networkpolicies to policy rec clusterrole #2722 (@dimitri-nicolo)
• Compliance: Add watch for ES PubliceCertSecret [r1.30] #2719 (@tmjd)
• Postpone policy recommendation scope watches until apiserver is up and running #2717 (@rene-dekker)
• Anomaly detection jobs should query Linseed (#2678) #2711 (@asincu)
• Linseed must be able to verify Voltron's certificate #2707 (@caseydavenport)
• Fix missing certificate management configurations #2705 (@rene-dekker)
• Drop cluster name from intrusion detection controller #2703 (@asincu)
• Remove CLUSTER_NAME for compliance; Will rely on Voltron to setup the… #2701 (@asincu)
• Modify Linseed deployment to set Elastic credentials (cherry-pick) #2698 (@Josh-Tigera)
• [applicationlayer] configurable envoy xff settings (#2657) #2691 (@electricjesus)