tigera/operator v1.38.0

on GitHub

05 May 2025

Included Calico versions

Calico version: v3.30.0

Enhancements

• Add Gateway API to OSS as well as Enterprise #3788 (@nelljerram)

Other changes

• Mount BPF FS for iptables mode in EE #3895 (@sridhartigera)
• Use explicit verbs in tiered policy passthrough #3888 (@caseydavenport)
• Remove dependency on authentication_controller while #3878 (@rene-dekker)
• Add RBAC to delete secrets #3874 (@asincu)
• Set explicit DNS nameservers for calico/node when needed #3868 (@caseydavenport)
• Fix tigera-operator permission error for Egress Gateway #3865 (@vara2504)
• Add more permissions for guardian for net policy #3864 (@Brian-McM)
• Support non-cluster host scaling with Typha #3836 (@hjiawei)
• Update tigera-network-admin with Kubernetes AdminNetworkPolicy/AdminBaselineNetworkPolicy RBACs #3776 #3824 (@ti-afra)
• Kube-controllers CRD and RBAC update for autoHEPs #3813 (@MichalFupso)
• Make apiserver ports configurable to avoid conflicts on EKS #3806 (@lucastigera)
• Update coreruleset version #3803 (@LorcanMcVeigh)
• Don't create resources in terminating Namespaces #3791 (@caseydavenport)
• Remove bandwidth plugin chaining #3784 (@coutinhop)
• Deploy OS UI (Whisker) with Goldmane #3775 (@Brian-McM)
• Add CLUSTER_CONN_TYPE to Policy Recommendation deployment #3773 (@dimitri-nicolo)
• Remove circular dependency between apiserver and authentication #3761 (@rene-dekker)
• Updated RBAC for idc - list available for cm, secrets and webhooks. #3758 (@bartolini)
• Add RBAC for WAF API #3746 (@LorcanMcVeigh)
• Include staged policy RBAC in Calico open source #3743 (@mazdakn)
• Change felixconfig WAFEventLogsFileEnabled when necessary #3742 (@radixo)
• Upgrade ElasticSearch and Kibana to 8.17.1 #3733 (@vara2504)
• Improve certificate management #3727 (@rene-dekker)
• Remove -waf-log-file flag #3722 (@electricjesus)
• Set BPFEnabled to true when installing in bpf mode. #3721 (@sridhartigera)
• Fix TLSTerminatedRoute mtlsCert secret mount path #3713 (@jaderhs)
• APIServer: move loglevel under spec #3688 (@ti-afra)
• Add serviceaccount list to network-admin and user-ui #3687 (@dimitri-nicolo)
• Include ECK CRDs in those managed by the operator #3681 (@caseydavenport)
• Include dex secrets only when OIDC is non-Tigera or nil #3670 (@vara2504)
• Retain the get/list/watch for calico-kube-controller SA #3660 (@vara2504)
• Update dex binary path #3654 (@pasanw)
• expose logLevel for apiserver containers #3652 (@ti-afra)
• Add Gateway API and Envoy Gateway install to Calico Enterprise #3638 (@nelljerram)
• Update ImageSet docstring #3635 (@petrutlucian94)
• Restrict tigera-operator secret access to namespace only #3630 (@vara2504)
• Adjust connection controller and how it handles the license and network policy #3601 (@tmjd)
• Add egress rule to kubernetes service when configured from configmap #3597 (@rene-dekker)
• Calico apiserver improvements #3481 (@Tamas-Biro1)