tigera/operator v1.14.0

on GitHub

01 Feb 2021

Included Calico versions

Calico version: v3.17.1
Calico Enterprise version: v3.5.0

Enhancements

• [Calico Enterprise] Copy ad-job elasticsearch user secret to intrusion detection namespace #1081 (@Brian-McM)
• [Calico Enterprise] Add L7 access in RBAC and syslog types #1008 (@mgleung)
• [Calico Enterprise] Add ILM policy for L7 logs #1004 (@mgleung)
• [Calico Enterprise] dns-templates #989 (@manojah99)
• [Calico Enterprise] Use ILM to manage ES Index #944 (@Suraiya-Hameed)

Bug fixes

• [Calico Enterprise] Custom certs only need to contain the expected svc DNS names as a subset #1104 (@lmm)
• [Calico Enterprise] [release-v1.14] Recreate manager, compliance, and ES+KB pub certs if DNS names change… #1103 (@lmm)
• [Calico Enterprise] Fix a permission error that occurs for elasticsearch on OCP 4.6 #1051 (@mgleung)
• Add replicas and shards to bgp index #1025 (@asincu)
• Update README for running locally #1011 (@tmjd)

Other changes

• [Calico Enterprise] Updating Enterprise component versions for v3.5.0 release. #1132 (@stevegaossou)
• [Calico Enterprise] Disable cert management for variant=calico for v1.14 only #1116 (@rene-dekker)
• [Calico Enterprise] Until the cert initialization is available for OS treat it as private #1115 (@tmjd)
• Update controller-runtime and omit Licensekey resource from client cache #1097 (@tmjd)
• Switch PriorityClass from v1beta to v1 #1094 (@tmjd)
• Recreate manager, compliance, and ES+KB pub certs if DNS names change #1092 (@lmm)
• Apply imageset for windows fluentd #1088 (@lmm)
• Use existing logger for Elasticsearch client #1084 (@Suraiya-Hameed)
• Update permission for OIDC users Elasticsearch secrets #1083 (@Suraiya-Hameed)
• [Calico Enterprise] recreate ES/kibana certs when DNS names change #1080 (@lmm)
• Update permission for kube-controller to access secret #1078 (@Suraiya-Hameed)
• Pass elasticsearch license type to kube-controller #1077 (@Suraiya-Hameed)
• Added a missing nil check #1075 (@rene-dekker)
• Update the OIDC users Elasticsearch secret name #1073 (@Suraiya-Hameed)
• Add Elasticsearch version and Kibana URL to Manager environment variables #1072 (@Brian-McM)
• Intrusion detection can read/watch license #1070 (@asincu)
• Fix fluentd volume hostpaths #1069 (@lmm)
• Use default Windows flowlogs path #1068 (@lmm)
• Bump Elasticsearch and Kibana to 7.10.1 #1067 (@Brian-McM)
• Add fluentd-windows to enterprise versions #1066 (@lmm)
• Respect scopes for Google, change default scopes, don't respect scope… #1065 (@Brian-McM)
• Imageset #1064 (@tmjd)
• [Calico Enterprise] Fix environment name #1063 (@robbrockbank)
• Add fluentd component for Windows #1062 (@lmm)
• Use requested scopes (if specified) in dex #1060 (@Brian-McM)
• Enable service info in flow logs by default #1059 (@robbrockbank)
• Use binary readiness probe for Elasticsearch instead of bash script #1058 (@Brian-McM)
• Support Elasticsearch native users #1057 (@Suraiya-Hameed)
• avoid virtual nodes in aks #1048 (@ozdanborne)
• fix the dex common name #1047 (@Suraiya-Hameed)
• expose option to set typha affinity #1046 (@ozdanborne)
• Nodeselectors tolerations #1043 (@ozdanborne)
• Remove ECK webhook (2/2) #1042 (@rene-dekker)
• Remove the validatingwebhookconfiguration for elasticsearch. #1041 (@rene-dekker)
• Fix logstorage always degraded #1040 (@lmm)
• Don't hardcode the iptables backend #1039 (@caseydavenport)
• Fix IPv6 pool natOutgoing not working #1038 (@moycat)
• Add certificate management for calico and minimal enterprise clusters. #1037 (@rene-dekker)
• Disable Elasticsearch features based on license type #1036 (@Suraiya-Hameed)
• Follow-up fixes to cert SANs #1035 (@lmm)
• [Calico Enterprise] Make apiserver run as UID 0 #1034 (@tmjd)
• Add some checks for dirty and formating to ci #1032 (@tmjd)
• Use FQDN service references #1029 (@lmm)
• Fix dex bug where svc.cluster.local was hardcoded. #1028 (@rene-dekker)
• Switch Updates after defaulting to use Patch #1026 (@tmjd)
• Use a constant length for git abbreviations #1019 (@caseydavenport)
• Propagate kubernetes service environment variables to CNI plugin #1018 (@fasaxc)
• Propagate the KUBERNETES_SERVICE_XXX variables to API server. #1015 (@fasaxc)
• Propagate the KUBERNETES_SERVICE_XXX variables to kube-controllers. #1014 (@fasaxc)
• Don't panic if we have an empty logStorage spec #1009 (@caseydavenport)
• Move RootCA to alpine trusted cert location #1007 (@rene-dekker)
• increase resiliency of new overlay feature #1002 (@ozdanborne)
• Add migration check for nodes when typha is deployed #1001 (@tmjd)
• [Calico Enterprise] add linux nodeselector to elastic, kibana, and ids job #1000 (@ozdanborne)
• Adjust route table range for GKE CNI plugin #999 (@caseydavenport)
• Allow overrides of 'default' installation resource through second 'overrides' installation resource #995 (@ozdanborne)
• Changes for auto MTU detection #963 (@caseydavenport)
• Fix building API reference doc #939 (@tmjd)
• Adjust typha autoscale #638 (@tmjd)