v1.32.11

19 Aug 2024

Included Calico versions

Calico version: v3.27.4
Calico Enterprise version: v3.18.5

Other changes

• Bump ElasticSearch/Kibana versions to fix CVEs #3457 (@rene-dekker)

v1.35.0

02 Aug 2024

Included Calico versions

Calico version: v3.28.1
Calico Enterprise version: v3.20.0-1.0

Bug Fixes

• Fix missing error message in tigerastatus object. #3420 (@rene-dekker)
• Fix calico-apiserver namespace frequently getting stuck in terminating status when upgrading to Calico Enterprise #3444 (@gcosgrave)

Other changes

• Set default values for vxlanVNI and BPFHostConntrackBypass for Docker EE #3442 (@sridhartigera)
• Relax ImageSet validation #3426 (@tmjd)

v1.34.3

31 Jul 2024

Included Calico versions

Calico version: v3.28.1
Calico Enterprise version: v3.19.1

Note

This release of Tigera Operator adds support for Calico v3.28.1, but contains no other changes from Operator v1.34.2.

v1.34.2

24 Jul 2024

Included Calico versions

Calico version: v3.28.0
Calico Enterprise version: v3.19.1

Note

Starting with k8s v1.29, AKS applies an ImageSet to the cluster. As a result, users wishing to upgrade Calico to Calico Enterprise may get stuck unknowingly, because the operator is checking for an ImageSet matching the target release version. This patch release modifies the check for an ImageSet, so that the operator will only consider the ImageSet for the same Calico variant that is configured.

Bug fixes

• Fix missing error message in tigerastatus object. #3421 (@rene-dekker)
• Fix deadlock situation where two controller rely on the #3404 (@rene-dekker)

Other changes

• Relax ImageSet validation #3427 (@tmjd)

v1.32.10

09 Jul 2024

Included Calico versions

Calico version: v3.27.4
Calico Enterprise version: v3.18.4

Bug Fixes

• Removed a mutual dependency between logstorage and other components if certificates are missing required key usages. #3402 (@rene-dekker)

v1.34.1

21 Jun 2024

Included Calico versions

Calico version: v3.28.0
Calico Enterprise version: v3.19.1

Bug fixes

• Fix deadlock where terminating resources were never #3385 (@caseydavenport)
• Limit TLSRoute lists to the tenant namespace in multi-tenant clusters (#3367) #3369 (@gcosgrave)
• Set mount type to DirectoryOrCreate for hostPath needed by Calico #3358 (@mazdakn)
• Force a Linseed restart when the credentials to connect to Elastic change #3355 (@asincu)

Other changes

• Bump ElasticSearch and Kibana to v7.17.21 #3383 (@rene-dekker)
• Shorten kibana session #3380 (@asincu)
• Attach OpenShift SCC to Calico components #3373 (@hjiawei)
• License Usage Collection #3362 (@pasanw)

v1.32.9

14 Jun 2024

Included Calico versions

Calico version: v3.27.3
Calico Enterprise version: v3.18.4

Other changes

• Bump ElasticSearch and Kibana to v7.17.21 #3382 (@rene-dekker)
• Attach OpenShift SCC to Calico components #3375 (@hjiawei)
• Set mount type to DirectoryOrCreate for hostPath needed by Calico #3360 (@mazdakn)
• Fix security-context for apiserver #3308 (@mihivagyok)

v1.34.0

10 May 2024

Included Calico versions

Calico version: v3.28.0
Calico Enterprise version: v3.19.0-2.0

Enhancements

• Prototype: IP pool controller #3253 (@caseydavenport)
• IP pool controller for more powerful IP pool UX #2658 (@caseydavenport)

Bug fixes

• Fix autodetection of current RKE2 #3168 (@nelljerram)

Other changes

• Update prometheus operator permissions to v0.73.2 #3338 (@rene-dekker)
• Update ILM policy when warm index readonly setting changes #3336 (@gantony)
• Name Packet capture operator v1 CRD as PacketCaptureAPI #3335 (@vara2504)
• Update ILM policy to keep warm tigera_secure_ee_events indices writable #3330 (@gantony)
• Fix annotation data ordering issues from k8s listing in #3328 (@Brian-McM)
• move packet capture watch inside enterpriseCRD exist check #3324 (@vara2504)
• Rev Go to v1.22, Kubernetes to v1.28.9 #3317 (@fasaxc)
• Fix annotations for voltron tls route configuration (too long #3315 (@Brian-McM)
• Remove cloud-controller references #3312 (@gantony)
• Fix security-context for apiserver - audit logs are supported only in Enterprise version #3310 (@mihivagyok)
• Added Add HSTS header to dex and upgrade to 2.39 #3305 (@vara2504)
• Fix broken policy rec req limit reconcilation #3303 (@vara2504)
• Send the list of all ips to egress gateway to support dual stack #3301 (@mazdakn)
• The dashboard name has changed in the installer repo, change #3297 (@rene-dekker)
• Add egress rule to allow dashboards to connect to external Kibana #3295 (@asincu)
• Remove elastic secrets dependency for compliance and only deploy server in a multi-tenant environment #3289 (@asincu)
• Deprecate AWS SG integeration #3279 (@vara2504)
• Remove special key-cert-provisioner image code #3278 (@rene-dekker)
• Make monitor controller aware that there are multi tenant options #3274 (@asincu)
• Switch the backoff to use Ticker #3273 (@tmjd)
• Move Encapsulation validation into IP pool controller #3268 (@caseydavenport)
• Fix secret not available messages #3263 (@rene-dekker)
• Allow intrusion-detection-controller to read alert exceptions #3257 (@gantony)
• Fix setting of resources for the CSI node driver #3255 (@caseydavenport)
• Add container name in comments for Deployments,daemonset and other resources #3250 (@vara2504)
• Disable keep alive for the elasticsearch client #3238 (@Brian-McM)
• Cleanups based on move from coreruleset 3.3.5 to 4.x #3237 (@electricjesus)
• Remove bpf dual stack validation #3236 (@sridhartigera)
• Update libs to patch CVEs #3232 (@rene-dekker)
• Enable Dashboards Controller to know when running in external or internal elastic mode #3231 (@asincu)
• Grant es-kube-controller access managed service per tenant #3230 (@asincu)
• Make resource requests/limits configurable for tigera-guardian #3225 (@vara2504)
• Make resource requests/limits configurable for KB, prometheus, Alert Manager #3224 (@vara2504)
• Fix features annotations #3222 (@lwr20)
• Make resource requests/limits configurable for Application Layer #3216 (@vara2504)
• Set tenant ID for intrusion detection #3214 (@asincu)
• Update elastic stack versions #3211 (@rene-dekker)
• Update the CRDs #3210 (@rene-dekker)
• Make resource requests/limits configurable for compliance components #3209 (@vara2504)
• Move test utilities to test package from utils folder to move ginkgo v1 import #3208 (@Brian-McM)
• Make resource requests/limits configurable for logstorage components #3207 (@vara2504)
• Make resource requests/limits configurable for Logcollector #3206 (@vara2504)
• Make resource request/limits configurable for dex,IDC #3205 (@vara2504)
• Configure voltron routes with TLS Route CRs #3199 (@Brian-McM)
• Filter 'openshift-' namespace from policy recommendation #3196 (@dimitri-nicolo)
• PolicyRecommendation controller overwrites tigera-ca bundle per tenant #3191 (@asincu)
• Add priorityClassName to EgressGateway CRD #3190 (@mazdakn)
• Fix expected files for waf #3189 (@electricjesus)
• Namespace migration - Fix potential namespace migration problem with one node cluster #3188 (@mihivagyok)
• Adds PolicySetupTimeoutSeconds option to CalicoNetwork #3186 (@aaaaaaaalex)
• Sort logstorage secrets map to ensure consistent order #3185 (@tmjd)
• Remove auth that was not supported since ee v3.4 #3184 (@rene-dekker)
• Enable BPF without disruption #3183 (@song-jiang)
• Add support for TKG 2.4.1 #3179 (@rene-dekker)
• Include Windows nodes in image list command #3177 (@tmjd)
• Decrease the validity of JWTs issued by Dex to 15m #3175 (@rene-dekker)
• Add back esgateway certificate to the trusted bundle #3174 (@asincu)
• Report dashboard status #3173 (@asincu)
• Refactor to set kube network based on cni type instead of provider #3166 (@davidgiga1993)
• Fix static files check failure #3163 (@electricjesus)
• Fixes for ES Gateway #3162 (@tmjd)
• Disable packetcapture-api in multitenant environment #3160 (@vara2504)
• WAF integration fixes / improvements #3158 (@electricjesus)
• Do not ignore non-migrated nodes for typha scheduling #3156 (@mihivagyok)
• Update copyrights #3149 (@Brian-McM)
• Update K8s pins to 0.27.9 and controller-runtime to 0.15.3 / fix incompatibilities #3146 (@Brian-McM)
• Fix the Compliance namespace in Voltron's proxy targets #3145 (@rene-dekker)
• Update envoy config template #3144 (@hjiawei)
• Dex binary changed location inside of Dockerfile #3143 (@rene-dekker)
• Deploy es-kube-controllers in a multi-tenant environment #3142 (@asincu)
• Ensure degraded status is cleared for tiers controller #3139 (@pasanw)
• Migrate job installer to run inside elasticsearch namespace #3137 (@asincu)
• Fix trusted-bundle conflict in ES secret controller #3135 (@caseydavenport)
• Report TigeraStatus for tiers #3130 (@pasanw)
• Fix panic that can be caused when removing the logstorage resource. #3128 (@rene-dekker)
• Add tigera operator scheme to the unit tests for authn. #3127 (@rene-dekker)
• Bump Elasticsearch and Kibana versions to v7.17.16 #3126 (@hjiawei)
• Support zeroed kub...

v1.32.8

26 Apr 2024

Included Calico versions

Calico version: v3.27.3
Calico Enterprise version: v3.18.3

Other changes

• Update to golang 1.21.9 via go-build bump to v0.89 #3326 (@rene-dekker)
• Update dependencies #3321 (@Behnam-Shobiri)
• Send the list of all ips to egress gateway to support dual stack #3300 (@mazdakn)

v1.32.7

01 Apr 2024

Included Calico versions

Calico version: v3.27.3
Calico Enterprise version: v3.18.2

Bug fixes

• Fix security-context for apiserver - audit logs are supported only in Enterprise version #2906 (@mihivagyok) this was incorrectly included as fixed in this release but the change was not included