Releases: tigera/operator
Releases · tigera/operator
v1.28.14
12 Sep 2023
Included Calico versions
Calico version: v3.24.6
Calico Enterprise version: v3.15.4
Other changes
- Update ElasticSearch and Kibana to v7.17.11. #2817 (@rene-dekker)
- Remove duplicate Felix Health Port for Openshift #2799 (@rene-dekker)
- Don't use subPath on windows #2743 (@rene-dekker)
- Update base image to UBI 8.8 #2643 (@Behnam-Shobiri)
Contributors
rene-dekker and Behnam-Shobiri
Assets 2
v1.29.6
05 Sep 2023
Included Calico versions
Calico version: v3.25.2
Calico Enterprise version: v3.16.3
Bug Fixes
- Update v3.25.2 #2854 (@mgleung)
- Internal-manager-tls should contain only K8S services #2805 (@asincu)
- Automated cherry pick of #2796: Remove duplicate Felix Health Port for Openshift #2798 (@rene-dekker)
- [release-v1.29] Add SecurityContext for Prometheus service container #2789 (@hjiawei)
- Merge pull request #2779 from sridhartigera/openshift-egw #2782 (@sridhartigera)
- [release-v1.29] Add PSP for dex #2769 (@hjiawei)
- Openshift PodSecurity #2764 (@MichalFupso)
- Automated cherry pick of #2740: Don't use subPath on windows: #2744 (@rene-dekker)
- Update operator bundle generation code #2741 (@lwr20)
- Cherry-pick #2687 Openshift namespace label #2690 (@MichalFupso)
Contributors
mgleung, lwr20, and 5 other contributors
Assets 2
v1.31.1
v1.31.0
31 Aug 2023
Included Calico versions
Calico version: v3.26.1
Calico Enterprise version: v3.18.0
Bug fixes
- Correctly generate pkg/render/applicationlayer #2819 (@electricjesus)
- Fix watch that is monitoring the wrong namespace #2815 (@rene-dekker)
- Internal-manager-tls should contain only K8S services (#2810) #2811 (@asincu)
- Remove duplicate Felix Health Port for Openshift #2797 (@rene-dekker)
- Fix EGW deployment in OpenShift 4.13 #2781 (@sridhartigera)
- Fix typo in filename to pod_security_policy.go #2725 (@anthonytwh)
- WAF rules should be intialized as DetectionOnly post-install #2716 (@electricjesus)
- Set DNS trusted servers using FelixConfig instead of FELIX_ env var #2700 (@nelljerram)
- Fix missing certificate management configurations #2697 (@rene-dekker)
- Move BGPFilter permissions from EE-only to OSS+EE in apiserver #2617 (@coutinhop)
Other changes
- Relax Linseed Policy in case we have DPI installed (#2831) #2837 (@asincu)
- Update felixConfiguration CRD description #2830 (@ti-afra)
- Update coreruleset to 3.3.5 (#2821) #2822 (@electricjesus)
- Use default non-root SecurityContext for manager #2812 (@hjiawei)
- Create internal manager tls inside of manager_controller #2808 (@rene-dekker)
- Increase probes timeout for calico components #2801 (@hjiawei)
- Certs: Return specific error type when key usage is wrong #2793 (@rene-dekker)
- Add SecurityContext for Prometheus service container #2787 (@hjiawei)
- Recreate certificates that are only specified to be used as server certs #2777 (@tmjd)
- Update more felixConfiguration CRD patterns #2766 (@ti-afra)
- Add PSPs for dex and policy recommendation #2761 (@hjiawei)
- Update felixConfiguration CRD patterns #2760 (@ti-afra)
- Add watch for managed cluster linseed cert in compliance #2756 (@tmjd)
- Increase probes timeout for calico components #2746 (@hjiawei)
- Don't use subPath on windows: moby/moby#30555 #2740 (@rene-dekker)
- Use internal manager tls certificate for es-proxy and linseed #2739 (@asincu)
- Update golang to 1.20.6 #2735 (@Behnam-Shobiri)
- Update ES&KB to v7.17.11 #2730 (@rene-dekker)
- Revert k8s126 update #2727 (@tmjd)
- Add annotation for OpenShift PodSecurity #2724 (@MichalFupso)
- Add watch for ES PublicCertSecret #2718 (@tmjd)
- Add networkpolicies to policy rec clusterrole #2714 (@dimitri-nicolo)
- Postpone policy recommendation scope watches until apiserver is up and running #2713 (@rene-dekker)
- Drop cluster name from intrusion detection controller #2710 (@asincu)
- Linseed must be able to verify Voltron's certificate #2706 (@caseydavenport)
- Add gatewayPreference to egress gateway policies CRD #2702 (@sridhartigera)
- Remove cluster name as an environment variable needed for Compliance #2699 (@asincu)
- Update and clarify release instructions #2693 (@danudey)
- Modify Linseed deployment to set Elastic credentials #2688 (@Josh-Tigera)
- Set Openshift namespace label #2687 (@MichalFupso)
- Remove tigera-prometheus-api deployment that may have been installed in an older version #2684 (@rene-dekker)
- Support HostPorts in eBPF mode #2679 (@StevenTigera)
- Anomaly detection jobs should query Linseed #2678 (@asincu)
- Add RBAC for threat feeds #2674 (@asincu)
- Add missing namespaces to SG layer tigera infrastructure #2671 (@vara2504)
- Add temporary role for calico-node during namespace migration #2670 (@MichalFupso)
- Add c: prefix for token path on Windows #2668 (@asincu)
- Update description for tierName in policy recommendation scopes CRD #2665 (@tmjd)
- Changes to pick fips image for all the components #2661 (@sridhartigera)
- Enable user-configurable envoy XFF settings #2657 (@electricjesus)
- Remove /etc/calico host path volume #2654 (@uhthomas)
Contributors
danudey, electricjesus, and 16 other contributors
Assets 2
v1.30.5
04 Aug 2023
Included Calico versions
Calico version: v3.26.1
Calico Enterprise version: v3.17.1
Changes
- Update operator bundle generation code #2749 (@lwr20)
- Remove duplicate Felix Health Port for Openshift #2796 (@rene-dekker)
- Certs: Returning specific error type when key usage is #2791 (@rene-dekker)
- Add SecurityContext for Prometheus service container #2788 (@hjiawei)
- Fix EGW deployment in openshift 4.13 #2780 (@sridhartigera)
- Recreate certificates that are only specified to be used as server certs [r1.30] #2778 (@tmjd)
- Openshift PodSecurity #2763 (@MichalFupso)
- Add PSPs for dex and policy recommendation #2762 (@hjiawei)
- Add watch for managed cluster linseed cert in compliance [r1.30] #2754 (@tmjd)
- Adjust linseed probe timeout and period seconds #2750 (@hjiawei)
- Don't use subPath on windows: #2745 (@rene-dekker)
- Use internal manager tls certificate for es-proxy and linseed (#2739) #2742 (@asincu)
- Update golang to 1.20.6 #2736 (@Behnam-Shobiri)
- Update ES&KB to v7.17.11. #2733 (@rene-dekker)
- Revert k8s 1.26 update [r1.30] #2729 (@tmjd)
- Add networkpolicies to policy rec clusterrole #2722 (@dimitri-nicolo)
- Compliance: Add watch for ES PubliceCertSecret [r1.30] #2719 (@tmjd)
- Postpone policy recommendation scope watches until apiserver is up and running #2717 (@rene-dekker)
- Anomaly detection jobs should query Linseed (#2678) #2711 (@asincu)
- Linseed must be able to verify Voltron's certificate #2707 (@caseydavenport)
- Fix missing certificate management configurations #2705 (@rene-dekker)
- Drop cluster name from intrusion detection controller #2703 (@asincu)
- Remove CLUSTER_NAME for compliance; Will rely on Voltron to setup the… #2701 (@asincu)
- Modify Linseed deployment to set Elastic credentials (cherry-pick) #2698 (@Josh-Tigera)
- [applicationlayer] configurable envoy xff settings (#2657) #2691 (@electricjesus)
Contributors
electricjesus, caseydavenport, and 10 other contributors
Assets 2
v1.30.4
v1.30.3
v1.29.5
09 Jun 2023
Included Calico versions
Calico version: v3.25.1
Calico Enterprise version: v3.16.3
Bug fixes
- Move BGPFilter permissions from EE-only to OSS+EE in #2618 (@coutinhop)
- Fix periodic reconcile logic #2580 (@pasanw)
- Hostpath init fix #2652 (@sridhartigera)
Other changes
- Cherry-pick fips changes to 1.29 #2685 (@sridhartigera)
- Remove GeoIP downloader from Elasticsearch #2656 (@rene-dekker)
- Update UBI for 1.29 #2642 (@Behnam-Shobiri)
- Check more indicators for EKS discovery #2628 (@tmjd)
- Handle iptablesbackend felix config changes in EGW controller #2608 (@sridhartigera)
Contributors
coutinhop, pasanw, and 4 other contributors
Assets 2
v1.30.2
29 May 2023
Included Calico versions
Calico version: v3.26.0
Calico Enterprise version: v3.17.0
Other changes
- Fix the registry #2677 (@rene-dekker)
Contributors
rene-dekker
Assets 2
v1.30.1
29 May 2023
Included Calico versions
Calico version: v3.26.0
Calico Enterprise version: v3.17.0
Other changes
- [ev-3754] Prepare ee-v3.17.0 #2676 (@rene-dekker)
- cherry-pick #2671 Add missing namespaces to SG layer tigera infrastructure EV-3506 #2673 (@vara2504)
Contributors
rene-dekker and vara2504