04 Apr 2021
Included Calico versions
Calico version: v3.18.1
Calico Enterprise version: v3.6.0
Enhancements
- [Calico Enterprise] Enabled tigera plugin for Kibana #1243 (@Brian-McM)
- [Calico Enterprise] inherit nodeReporterPort from felixconfig #1227 (@ozdanborne)
- Add new common version file for projects that have release streams ou… #1150 (@Brian-McM)
- [Calico Enterprise] Add Elasticsearch / Fluentd metrics monitoring #1211 (@Brian-McM)
- [Calico Enterprise] LDAP support for enterpise w/ Authentication CRD #1082 (@rene-dekker)
- [Calico Enterprise] Add eck-operator memory requests/limits to LogStorage CR. #1137 (@vberezny)
Bug fixes
- [Calico Enterprise] Only enable groups params if secrets are present (google oidc) #1232 (@rene-dekker)
- [Calico Enterprise] Validate only operator-managed certificates #1194 (@lmm)
- Add linuxDataplane option and defaulting/extra mounts for BPF #1164 (@fasaxc)
- [Calico Enterprise] Use FQDN elasticsearch and kibana endpoints only for Windows #1151 (@lmm)
- include OS node selector in PodTemplate resource types #1142 (@robbrockbank)
- [Calico Enterprise] Add elasticsearch and kibana cert secrets annotations to kube-controllers #1125 (@lmm)
- [Calico Enterprise] Need to ensure internal manager TLS secret is updated (#1117) #1123 (@lmm)
- [Calico Enterprise] Check that cert is managed by operator by checking cert issuer #1121 (@lmm)
Other changes
- [Calico Enterprise] Update component versions for Enterprise v3.6.0 #1250 (@doublek)
- Improve docs for LinuxDataplaneOption. #1248 (@fasaxc)
- Add rights to access licenkeys for kube-controller #1247 (@asincu)
- Add OIDC Prompt type to Authentication spec #1238 (@rene-dekker)
- Add pull secrets to Elasticsearch metrics deployment #1235 (@Brian-McM)
- Check for nil replicas before accessing #1234 (@caseydavenport)
- Fix previous commit that took out copying the admin secret to the operator namespace #1231 (@Brian-McM)
- [Calico Enterprise] Enable process info by default #1230 (@doublek)
- auto generate product versions in release notes #1229 (@ozdanborne)
- Fix autoscaler to look at labels, not annotations #1222 (@caseydavenport)
- Add a defaulting UT for zero-length IP pools #1219 (@caseydavenport)
- Add Typha prometheus config #1217 (@tmjd)
- Add alternate default values for Registry and ImagePath #1210 (@tmjd)
- Fix validation with HostLocal IPAM #1209 (@tmjd)
- Handle case where there are more Typhas than there are nodes #1204 (@caseydavenport)
- Fix assignment of compliance cert to unused variable #1202 (@rene-dekker)
- Disable waiting on IDS job secret in managed clusters #1201 (@vberezny)
- Fix groups for google connector #1197 (@rene-dekker)
- Expose kube-controllers prometheus metrics #1190 (@caseydavenport)
- Adding checks for export-logs #1174 (@asincu)
- Adjust ImageSet API text #1169 (@caseydavenport)
- typha and namespace adjustments for AKS #1166 (@ozdanborne)
- Standardize intallation enum documentation format #1165 (@caseydavenport)
- Copy ComponentResources struct to eliminate CRD confusion #1163 (@vberezny)
- [Calico Enterprise] Add explanation of unauthenticated for tiered-policy-passthrough #1160 (@tmjd)
- Add watch permissions to kube-controllers on IPAM blocks #1155 (@caseydavenport)
- Fix migration of interface autodetection method #1154 (@caseydavenport)
- Install compliance and intrusion detection if features are active #1148 (@asincu)
- Only merge metadata if it's not set on the desired state #1138 (@caseydavenport)
- Fix the version verification and add separate image dump argument #1136 (@tmjd)
- Move render common and help functions to common package #1135 (@Brian-McM)
- [Calico Enterprise] Add annotation hashes for Manager / KB to roll pods over on kb cert c… #1119 (@Brian-McM)
- [Calico Enterprise] Move managing OIDC elsticsearch user configmap and secret from operator #1118 (@Suraiya-Hameed)
- Adjust SignerName so it renders nicely for the Reference API doc #1113 (@tmjd)
- [master] Fix handling of custom manager TLS certs (#1108) #1112 (@lmm)
- Use 'skipInterface: ^br-.*' for Docker Enterprise ipv4 autodetection … #1110 (@Brian-McM)
- fix maybe-build-release to work on earlier versions of git #1109 (@ozdanborne)
- [Calico Enterprise] [master] Custom certs only need to contain the expected svc DNS names as a subset #1105 (@lmm)
- Disable healthcheck on es client #1100 (@Suraiya-Hameed)