01 Feb 2021
Included Calico versions
Calico version: v3.17.1
Calico Enterprise version: v3.5.0
Enhancements
- [Calico Enterprise] Copy ad-job elasticsearch user secret to intrusion detection namespace #1081 (@Brian-McM)
- [Calico Enterprise] Add L7 access in RBAC and syslog types #1008 (@mgleung)
- [Calico Enterprise] Add ILM policy for L7 logs #1004 (@mgleung)
- [Calico Enterprise] dns-templates #989 (@manojah99)
- [Calico Enterprise] Use ILM to manage ES Index #944 (@Suraiya-Hameed)
Bug fixes
- [Calico Enterprise] Custom certs only need to contain the expected svc DNS names as a subset #1104 (@lmm)
- [Calico Enterprise] [release-v1.14] Recreate manager, compliance, and ES+KB pub certs if DNS names change… #1103 (@lmm)
- [Calico Enterprise] Fix a permission error that occurs for elasticsearch on OCP 4.6 #1051 (@mgleung)
- Add replicas and shards to bgp index #1025 (@asincu)
- Update README for running locally #1011 (@tmjd)
Other changes
- [Calico Enterprise] Updating Enterprise component versions for v3.5.0 release. #1132 (@stevegaossou)
- [Calico Enterprise] Disable cert management for variant=calico for v1.14 only #1116 (@rene-dekker)
- [Calico Enterprise] Until the cert initialization is available for OS treat it as private #1115 (@tmjd)
- Update controller-runtime and omit Licensekey resource from client cache #1097 (@tmjd)
- Switch PriorityClass from v1beta to v1 #1094 (@tmjd)
- Recreate manager, compliance, and ES+KB pub certs if DNS names change #1092 (@lmm)
- Apply imageset for windows fluentd #1088 (@lmm)
- Use existing logger for Elasticsearch client #1084 (@Suraiya-Hameed)
- Update permission for OIDC users Elasticsearch secrets #1083 (@Suraiya-Hameed)
- [Calico Enterprise] recreate ES/kibana certs when DNS names change #1080 (@lmm)
- Update permission for kube-controller to access secret #1078 (@Suraiya-Hameed)
- Pass elasticsearch license type to kube-controller #1077 (@Suraiya-Hameed)
- Added a missing nil check #1075 (@rene-dekker)
- Update the OIDC users Elasticsearch secret name #1073 (@Suraiya-Hameed)
- Add Elasticsearch version and Kibana URL to Manager environment variables #1072 (@Brian-McM)
- Intrusion detection can read/watch license #1070 (@asincu)
- Fix fluentd volume hostpaths #1069 (@lmm)
- Use default Windows flowlogs path #1068 (@lmm)
- Bump Elasticsearch and Kibana to 7.10.1 #1067 (@Brian-McM)
- Add fluentd-windows to enterprise versions #1066 (@lmm)
- Respect scopes for Google, change default scopes, don't respect scope… #1065 (@Brian-McM)
- Imageset #1064 (@tmjd)
- [Calico Enterprise] Fix environment name #1063 (@robbrockbank)
- Add fluentd component for Windows #1062 (@lmm)
- Use requested scopes (if specified) in dex #1060 (@Brian-McM)
- Enable service info in flow logs by default #1059 (@robbrockbank)
- Use binary readiness probe for Elasticsearch instead of bash script #1058 (@Brian-McM)
- Support Elasticsearch native users #1057 (@Suraiya-Hameed)
- avoid virtual nodes in aks #1048 (@ozdanborne)
- fix the dex common name #1047 (@Suraiya-Hameed)
- expose option to set typha affinity #1046 (@ozdanborne)
- Nodeselectors tolerations #1043 (@ozdanborne)
- Remove ECK webhook (2/2) #1042 (@rene-dekker)
- Remove the validatingwebhookconfiguration for elasticsearch. #1041 (@rene-dekker)
- Fix logstorage always degraded #1040 (@lmm)
- Don't hardcode the iptables backend #1039 (@caseydavenport)
- Fix IPv6 pool natOutgoing not working #1038 (@moycat)
- Add certificate management for calico and minimal enterprise clusters. #1037 (@rene-dekker)
- Disable Elasticsearch features based on license type #1036 (@Suraiya-Hameed)
- Follow-up fixes to cert SANs #1035 (@lmm)
- [Calico Enterprise] Make apiserver run as UID 0 #1034 (@tmjd)
- Add some checks for dirty and formating to ci #1032 (@tmjd)
- Use FQDN service references #1029 (@lmm)
- Fix dex bug where svc.cluster.local was hardcoded. #1028 (@rene-dekker)
- Switch Updates after defaulting to use Patch #1026 (@tmjd)
- Use a constant length for git abbreviations #1019 (@caseydavenport)
- Propagate kubernetes service environment variables to CNI plugin #1018 (@fasaxc)
- Propagate the KUBERNETES_SERVICE_XXX variables to API server. #1015 (@fasaxc)
- Propagate the KUBERNETES_SERVICE_XXX variables to kube-controllers. #1014 (@fasaxc)
- Don't panic if we have an empty logStorage spec #1009 (@caseydavenport)
- Move RootCA to alpine trusted cert location #1007 (@rene-dekker)
- increase resiliency of new overlay feature #1002 (@ozdanborne)
- Add migration check for nodes when typha is deployed #1001 (@tmjd)
- [Calico Enterprise] add linux nodeselector to elastic, kibana, and ids job #1000 (@ozdanborne)
- Adjust route table range for GKE CNI plugin #999 (@caseydavenport)
- Allow overrides of 'default' installation resource through second 'overrides' installation resource #995 (@ozdanborne)
- Changes for auto MTU detection #963 (@caseydavenport)
- Fix building API reference doc #939 (@tmjd)
- Adjust typha autoscale #638 (@tmjd)