19 Mar 2026
Included Calico versions
Calico version: v3.30.7
Calico Enterprise version: v3.21.6
Bug fixes
- Fixed rendering resource limits and requests for Egress Gateway. #4431 (@sridhartigera)
Other changes
- Add validation for logstorage node count and replicas setting. #4556 (@tianfeng92)
- Surface certificate metadata (issuer, expiry, DNS SANs, IP SANs) as annotations and add filtering labels (secret-type, signer) on TLS secrets produced by Secret() and CreateSelfSignedSecret(). Display the Degraded condition's message when running
kubectl get tigerastatus, making it easier to see error details at a glance without needing to describe the resource. #4508 (@rene-dekker) - ECK certificates are now rotated 30d before expiry just like all certificates that are managed by this operator. #4485 (@rene-dekker)
- Dropped support for non-privileged mode and deprecated the
Installation.spec.nonPrivilegedfield. The Operator now ignores this setting and will mark Calico as Degraded if it is set to Enabled. #4467 (@lucastigera)