github tigera/operator v1.39.0
on GitHub

latest releases: v1.36.13, v1.34.14, v1.38.6...
pre-releaseone month ago

06 Aug 2025

Included Calico versions

Calico version: v3.30.2
Calico Enterprise version: v3.22.0-1.0

Enhancements and changes

  • Fixed an issue that prevented the operator from detecting HTTP proxies set on the Guardian container. #4041 (@pasanw)
  • Fix security contexts for init containers when certificate management is enabled, so the certificates have the right permissions set on them. #4029 (@rene-dekker)
  • Operator now annotates Guardian pods with cluster version information #4024 (@vara2504)
  • Increase the lifecycle.poll_interval for Elasticsearch. In a case where a cluster has many indices, the default setting can cause ES performance issues. #3996 (@rene-dekker)
  • Component Migration: To support a minimal footprint and simplify resource management, the calico-apiserver component and its associated resources have been moved from the calico-apiserver namespace to the calico-system namespace in Calico OSS . #3989 (@vara2504)
  • Don't modify user-provided registry in Installation specification. #3976 (@caseydavenport)
  • Add nodes CA to goldmanes trusted bundle to support legacy / BYO node certificates that weren't signed by the operator #3973 (@Brian-McM)
  • Component Migration: To support a minimal footprint and simplify resource management, the tigera-apiserver component and its associated resources have been moved from the tigera-system namespace to the calico-system namespace #3960 (@vara2504)
  • Calico Enterprise now supports archiving logs from non-cluster hosts. Additional stores (e.g. S3, Splunk, Syslog) configured on the LogCollector resource will have non-cluster logs forwarded to them by default. A HostScope parameter has been added to each additional store spec to configure which hosts will have their logs forwarded to the specified store. #3954 (@pasanw)
  • Allow non-cluster host process to list and update HEPs #3942 (@hjiawei)
  • Use correct cluster domain for Goldmane #3941 (@caseydavenport)
  • Added a new parameter in the Installation CR - TLSCipherSuites that will allow users to configure ciphers. #3938 (@lucastigera)
  • Allow the migration to operator-based installation when loadbalancer kube-controller is enabled #3933 (@MichalFupso)
  • Fix migrating a ebpf cluster from manual to operator. #3932 (@sridhartigera)
  • Don't run kube-controllers if there are no enabled controllers #3917 (@caseydavenport)
  • Use explicit verbs in tiered policy passthrough to prevent admission controllers from blocking object creation. #3887 (@caseydavenport)
  • Update Envoy Gateway from v1.2.6 to v1.3.2 #3891 (@nelljerram)
  • Extend the Installation resource to allow specifying directories for installing CNI binaries and configuration files #3882 (@a-yohe1)
  • Set explicit DNS nameservers for calico/node when needed #3866 (@caseydavenport)
  • Skip Typha scaling checks when we're terminating #3862 (@caseydavenport)
  • Don't block the controller is authentication is not ready to prevent a mutual dependency. #3854 (@rene-dekker)
  • The GatewayAPI CR now allows controlling the type and properties of the external load balancer that is provisioned for each Gateway. It also has enhanced configurability in other ways, including the number of replicas provisioned for each Gateway, or whether to provision a DaemonSet instead of a Deployment. #3852 (@nelljerram)
  • Wait for defaulter to run before validation #3851 (@jsturtevant)
  • Add notifications flag to disable notifications in the UI #3848 (@WilliamTigera)
  • Fix certificate management with ECK 2.16.1. #3814 (@rene-dekker)
Check out latest releases or
releases around tigera/operator v1.39.0

Don't miss a new operator release

NewReleases is sending notifications on new releases.

Get notifications