tigera/operator v1.37.0

on GitHub

11 Feb 2025

Included Calico versions

Calico version: v3.29.1
Calico Enterprise version: v3.21.0-1.0

Other changes

• Remove circular dependency between apiserver and #3767 (@rene-dekker)
• Fix dead-lock between degraded controllers due to #3754 (@rene-dekker)
• Bump go dependencies to add 321 CVE #3747 (@vara2504)
• update alertmanager version in enterprise_versions.yml #3737 (@ti-afra)
• upgrade es/kb to 8.17.1 #3734 (@vara2504)
• Fix TLSTerminatedRoute ForwardingMTLS secret mount path #3716 (@jaderhs)
• Move skip tenant crds to generic GetCRDS function #3710 (@vara2504)
• Update CRDs. Add BANP. #3707 (@fasaxc)
• Add serviceaccount list to network-admin and user-ui (#3687) #3700 (@ti-afra)
• Fix dex policy test flake #3694 (@rene-dekker)
• Override ECK mount path such that our plugin continues to #3691 (@rene-dekker)
• apiserver: move loglevel under spec #3689 (@ti-afra)
• Include ECK CRDs in those managed by the operator #3684 (@tmjd)
• Make ES work with ECK 2.16.0 by setting the appropriate #3677 (@rene-dekker)
• Update dex binary path #3674 (@hjiawei)
• Include dex secrets when oidc is non tigera or nil #3672 (@vara2504)
• expose logLevel for apiserver containers (#3652) #3667 (@ti-afra)
• Retain the get/list/watch for calico-kube-controller SA #3666 (@vara2504)
• Gateway API #3655 (@nelljerram)
• Restrict tigera-operator secret access to namespace only #3653 (@vara2504)
• Upgrade to es/kb 8.16.1 - es user id to 10001 #3651 (@vara2504)
• Update the CRDs #3646 (@rene-dekker)
• Fix bad refactor on AWS SG setup #3645 (@coutinhop)
• Update CRDs #3639 (@tmjd)
• Expand proxy detection support to Dex and support proxy configuration #3636 (@pasanw)
• Disable the ValidatingAdmissionPolicy API on k8s v1.28 and older #3631 (@rene-dekker)
• Fix 'intrustion' typo #3628 (@nelljerram)
• Updating make gen-versions for PR 8298 #3619 (@vikastigera)
• Adding AzurePolicyMode to Installation #3618 (@vikastigera)
• add resource req/limits for es-gateway #3612 (@vara2504)
• add new ingress policy to dex for apiserver #3611 (@ti-afra)
• Ensure CRDs are created on boot #3610 (@caseydavenport)
• restrict RBAC for kube controller secrets to the required namespace only #3602 (@vara2504)
• Add oidc certificate and configs for queryserver #3599 (@ti-afra)
• upgrade es and kb to version 8 #3598 (@vara2504)
• move tigera-prometheus secret RBAC from Clusterrole to Role #3595 (@vara2504)
• Update dev doc for adding a new CRD #3589 (@caseydavenport)
• Update EGW status only if it has changed. #3577 (@sridhartigera)
• Remove custom cache option when creating controller manager #3576 (@hjiawei)
• Add VadlidatingAdmissionPolicy RBAC and bump k8s to v1.30 release #3564 (@hjiawei)
• Disable Policy Recommendation for Windows OS #3563 (@dimitri-nicolo)
• Upgrade es,kb to 7.17.25 for 320 cve #3562 (@vara2504)
• Set "system-node-critical" priority on calico-node-windows pods #3556 (@coutinhop)
• Removes Host Numeric rule from coreruleset #3552 (@radixo)
• Update ES&KB to v7.17.24. #3548 (@rene-dekker)
• Add tolerations for arm64 workloads on GKE #3544 (@hjiawei)
• Introdoces SidecarWebhook status #3543 (@radixo)
• Regenerate CRDs. #3536 (@fasaxc)
• Ensure external certs have a hash #3535 (@rene-dekker)
• Adding felix service metric port #3534 (@vikastigera)
• Order volumes and volume mounts #3533 (@asincu)
• Rename es-proxy to ui-apis #3531 (@caseydavenport)
• Append TIGERA_TPROXY_ENABLED to per host envoy #3518 (@radixo)
• Use Go v1.23 and bump k8s libs to v1.29 #3517 (@hjiawei)
• Adding X-Frames-Options DENY header for Kibana #3516 (@vikastigera)
• Removes enovyproxy-envoy, sidecar images for envoy #3514 (@radixo)
• Fix sidecar envoy image #3509 (@radixo)
• Reduce the number of restart for tigera-manager #3503 (@asincu)
• Update CRDs #3502 (@mazdakn)
• Update operator to enable LoadBalancer kube-controller #3490 (@MichalFupso)
• Remove FIPS mode for enterprise users. It is no longer supported. #3455 (@rene-dekker)