tigera/operator v1.29.0

on GitHub

12 Jan 2023

Included Calico versions

Calico version: v3.25.0
Calico Enterprise version: v3.15.0

Enhancements

• [Calico Enterprise] [RS-647] Adds access to applicationlayer resources #2335 (@mikestephen)
• Add support for Typha graceful shutdown #2303 (@fasaxc)
• Add IPv6 Wireguard and IPv6 VXLAN custom MTU support #2087 (@coutinhop)

Bug fixes

• Fix that operator could not remove a ClusterIP. #2353 (@fasaxc)
• Fixed a bug that caused the Tigera Operator to incorrectly (de-)serialize ports in FelixConfigurations #2339 (@tmjd)
• Use headless services for metrics ports. #2304 (@fasaxc)
• [Calico Enterprise] Configure dnsTrustedServers correctly for RKE2 #2181 (@nelljerram)

Other changes

• Update to Calico v3.25.0 #2395 (@mgleung)
• update crds #2384 (@rene-dekker)
• Run job until it eventually completes #2382 (@rene-dekker)
• Update CRDs - generate filles/versions #2381 (@mazdakn)
• Bump golang version to 1.18 #2380 (@Brian-McM)
• CalicoVersion added to installation status #2376 (@sridhartigera)
• [master] Work around upgrade issue upgrading from versions that don't support TPROXY. #2372 (@fasaxc)
• Automated cherry pick of #2360: Support rolling updates during upgrades by preserving #2361 (@rene-dekker)
• Create node trustedbundle with root certificates. #2352 (@sridhartigera)
• Add permissions for bgpfilters and externalnetworks to the apiserver. #2351 (@sridhartigera)
• Update general dependencies #2348 (@Behnam-Shobiri)
• Update golang to 1.18.9 #2342 (@Behnam-Shobiri)
• Make gen-files make validate-gen-versions, make gen-versions #2338 (@rene-dekker)
• Add calico-typha ClusterRole permissions for newly added bgpfilters a… #2337 (@Josh-Tigera)
• Egress Gateway - operator changes #2336 (@sridhartigera)
• Add system root ca in order to trust external identities providers #2334 (@asincu)
• add support override for csi-node-driver #2331 (@zoezhangmattr)
• Update CRDs to the latest #2330 (@hjiawei)
• Update CRDs #2326 (@freecaykes)
• fix(render/ids): correct claim name in deployment #2325 (@freecaykes)
• upgrade kibana from 7.17.5 to 7.17.7 #2321 (@vara2504)
• Use our own TyphaDeploymentStategy #2319 (@fasaxc)
• Add functionality to include system root certs into the tigera-ca-bundle #2312 (@rene-dekker)
• Node selectors for prometheus resources overridden fix #2309 (@rene-dekker)
• add gen-files and fix #2308 (@rene-dekker)
• Update Elasticsearch version to v7.17.7 #2305 (@hjiawei)
• Add prometheus annotations to kube-controllers metrics service #2302 (@lmm)
• fix(render/ids): render ad api with privilege user if persistent storage is used #2300 (@freecaykes)
• IDS controller use root when syslog forwarding is enabled #2294 (@hjiawei)
• Revert "[EV-2765] Add v1 namespaces get to tigera-manager-role Cluste… #2293 (@dimitri-nicolo)
• [Release 1.28] Update golang.org/x/text [cherry-pick 2291] #2292 (@Behnam-Shobiri)
• Update golang.org/x/text #2291 (@Behnam-Shobiri)
• Fix make manifests #2290 (@sridhartigera)
• Bump compliance benchmarker and reporter liveness period #2286 (@hjiawei)
• Update doc for syslog possible values (EV-2821,EV-2822) #2284 (@vara2504)
• Remove unconditional ServiceAccountName on CSI daemonset #2281 (@Josh-Tigera)
• Update base to UBI 8.7 #2275 (@Behnam-Shobiri)
• Update tigera-ca-bundle path to /etc/pki/tigera #2273 (@vara2504)
• Update golang to 1.18.8 #2265 (@Behnam-Shobiri)
• Fix kibana certificate in esgateway trusted bundle EV-2686 #2262 (@vara2504)
• Modsecurity rule set updated to v3.3.4 (latest stable release). #2260 (@bartolini)
• fix(render/ids): remove privilege from #2258 (@freecaykes)
• [EV-2765] Add v1 namespaces get to tigera-manager-role ClusterRole #2257 (@dimitri-nicolo)
• GlobalAlertTemplates for detectors: multivariable flow and dns tunnel #2250 (@freecaykes)
• Add support for topology spread constraints to core components #2246 (@caseydavenport)
• [Cherry-pick #2243 to v1.27] prevent operator lockup when unused apiservices are down #2244 (@ozdanborne)
• prevent operator lockup when unused apiservices are down #2243 (@ozdanborne)
• Support k8s 1.25 for CE 3.15 #2241 (@pasanw)
• Add syslog tls changes - EV-2481 #2240 (@vara2504)
• Update CRDs to the latest #2237 (@hjiawei)
• Update CRDs to the latest #2235 (@hjiawei)
• Bump elasticsearch version to v7.17.6 #2234 (@hjiawei)
• Update CRDs #2230 (@freecaykes)
• Render PSPs for CSI driver pods #2226 (@freecaykes)
• Add PSP for Guardian for RKE2 CIS -Hardened clusters #2220 (@freecaykes)
• Update golang to 1.18.7 #2210 (@Behnam-Shobiri)
• Update dex security context in deploy when PSS is restricted #2205 (@hjiawei)
• Remove ADJ api pod when fips is enabled #2204 (@hjiawei)
• Propagate imagePullSecrets from Installation resource th... #2202 (@Josh-Tigera)
• Update aws sdk go #2197 (@Behnam-Shobiri)
• update ip_pools CRDs #2195 (@freecaykes)
• fix(guardian): minimize PS for deployment #2194 (@freecaykes)
• Modify L7 logging and WAF to use CSI volume instead of flexvolume volume #2186 (@Josh-Tigera)
• Fix apiserver name comment #2184 (@caseydavenport)
• Hide anomaly detection when FIPS is enabled #2182 (@rene-dekker)
• Update crds #2168 (@rene-dekker)
• Update pins #2167 (@rene-dekker)
• Update CRDs to the latest #2164 (@hjiawei)
• Let the pcap server trust dex by mounting the ca-bundle #2162 (@rene-dekker)
• update dependencies #2158 (@Behnam-Shobiri)
• update crds #2157 (@rene-dekker)
• Add BPFDisableLinuxConntrack to Calico Enterprise Api #2156 (@mazdakn)
• update UBI base image from 8.5 to 8.6 #2151 (@Behnam-Shobiri)
• Update GO_BUILD_VERSION #2146 (@rene-dekker)
• Add BPFDisableLinuxConntrack to Calico Api #2145 (@mazdakn)
• Allow IP forwarding during manifest-to-operator migration #2144 (@Josh-Tigera)
• upgrade kibana from 7.16.2 to 7.17.5 #2143 (@vara2504)
• Default LogCollector instance first-thing #2142 (@caseydavenport)
• Update CRDs to the latest #2141 (@hjiawei)
• Add expiry to kb session #2140 (@rene-dekker)
• Change audit api version to v1 #2138 (@rene-dekker)
• Fix misspelling of variant in imageset #2136 (@cavcrosby)
• Support Prometheus metrics scraping from queryserver #2126 (@hjiawei)
• Update CRDs #2125 (@tmjd)
• Set the csi-node-driver DaemonSet PriorityClass to system-node-critical #2124 (@innossh)
• Update CSI node registrar image #2119 (@mgleung)
• FIPS changes for Elastic. #2115 (@rene-dekker)
• Support Compliance CR omission #2111 (@pasanw)
• Add option for Persistent Storage for AD API #2094 (@freecaykes)
• Adding Status conditions for CRs #2062 (@vara2504)