Releases: tigera/operator
Releases · tigera/operator
v1.32.9
14 Jun 2024
Included Calico versions
Calico version: v3.27.3
Calico Enterprise version: v3.18.4
Other changes
- Bump ElasticSearch and Kibana to v7.17.21 #3382 (@rene-dekker)
- Attach OpenShift SCC to Calico components #3375 (@hjiawei)
- Set mount type to DirectoryOrCreate for hostPath needed by Calico #3360 (@mazdakn)
- Fix security-context for apiserver #3308 (@mihivagyok)
v1.34.0
10 May 2024
Included Calico versions
Calico version: v3.28.0
Calico Enterprise version: v3.19.0-2.0
Enhancements
- Prototype: IP pool controller #3253 (@caseydavenport)
- IP pool controller for more powerful IP pool UX #2658 (@caseydavenport)
Bug fixes
- Fix autodetection of current RKE2 #3168 (@nelljerram)
Other changes
- Update prometheus operator permissions to v0.73.2 #3338 (@rene-dekker)
- Update ILM policy when warm index readonly setting changes #3336 (@gantony)
- Name Packet capture operator v1 CRD as PacketCaptureAPI #3335 (@vara2504)
- Update ILM policy to keep warm tigera_secure_ee_events indices writable #3330 (@gantony)
- Fix annotation data ordering issues from k8s listing in #3328 (@Brian-McM)
- move packet capture watch inside enterpriseCRD exist check #3324 (@vara2504)
- Rev Go to v1.22, Kubernetes to v1.28.9 #3317 (@fasaxc)
- Fix annotations for voltron tls route configuration (too long #3315 (@Brian-McM)
- Remove cloud-controller references #3312 (@gantony)
- Fix security-context for apiserver - audit logs are supported only in Enterprise version #3310 (@mihivagyok)
- Added Add HSTS header to dex and upgrade to 2.39 #3305 (@vara2504)
- Fix broken policy rec req limit reconcilation #3303 (@vara2504)
- Send the list of all ips to egress gateway to support dual stack #3301 (@mazdakn)
- The dashboard name has changed in the installer repo, change #3297 (@rene-dekker)
- Add egress rule to allow dashboards to connect to external Kibana #3295 (@asincu)
- Remove elastic secrets dependency for compliance and only deploy server in a multi-tenant environment #3289 (@asincu)
- Deprecate AWS SG integeration #3279 (@vara2504)
- Remove special key-cert-provisioner image code #3278 (@rene-dekker)
- Make monitor controller aware that there are multi tenant options #3274 (@asincu)
- Switch the backoff to use Ticker #3273 (@tmjd)
- Move Encapsulation validation into IP pool controller #3268 (@caseydavenport)
- Fix secret not available messages #3263 (@rene-dekker)
- Allow intrusion-detection-controller to read alert exceptions #3257 (@gantony)
- Fix setting of resources for the CSI node driver #3255 (@caseydavenport)
- Add container name in comments for Deployments,daemonset and other resources #3250 (@vara2504)
- Disable keep alive for the elasticsearch client #3238 (@Brian-McM)
- Cleanups based on move from coreruleset 3.3.5 to 4.x #3237 (@electricjesus)
- Remove bpf dual stack validation #3236 (@sridhartigera)
- Update libs to patch CVEs #3232 (@rene-dekker)
- Enable Dashboards Controller to know when running in external or internal elastic mode #3231 (@asincu)
- Grant es-kube-controller access managed service per tenant #3230 (@asincu)
- Make resource requests/limits configurable for tigera-guardian #3225 (@vara2504)
- Make resource requests/limits configurable for KB, prometheus, Alert Manager #3224 (@vara2504)
- Fix features annotations #3222 (@lwr20)
- Make resource requests/limits configurable for Application Layer #3216 (@vara2504)
- Set tenant ID for intrusion detection #3214 (@asincu)
- Update elastic stack versions #3211 (@rene-dekker)
- Update the CRDs #3210 (@rene-dekker)
- Make resource requests/limits configurable for compliance components #3209 (@vara2504)
- Move test utilities to test package from utils folder to move ginkgo v1 import #3208 (@Brian-McM)
- Make resource requests/limits configurable for logstorage components #3207 (@vara2504)
- Make resource requests/limits configurable for Logcollector #3206 (@vara2504)
- Make resource request/limits configurable for dex,IDC #3205 (@vara2504)
- Configure voltron routes with TLS Route CRs #3199 (@Brian-McM)
- Filter 'openshift-' namespace from policy recommendation #3196 (@dimitri-nicolo)
- PolicyRecommendation controller overwrites tigera-ca bundle per tenant #3191 (@asincu)
- Add priorityClassName to EgressGateway CRD #3190 (@mazdakn)
- Fix expected files for waf #3189 (@electricjesus)
- Namespace migration - Fix potential namespace migration problem with one node cluster #3188 (@mihivagyok)
- Adds PolicySetupTimeoutSeconds option to CalicoNetwork #3186 (@aaaaaaaalex)
- Sort logstorage secrets map to ensure consistent order #3185 (@tmjd)
- Remove auth that was not supported since ee v3.4 #3184 (@rene-dekker)
- Enable BPF without disruption #3183 (@song-jiang)
- Add support for TKG 2.4.1 #3179 (@rene-dekker)
- Include Windows nodes in image list command #3177 (@tmjd)
- Decrease the validity of JWTs issued by Dex to 15m #3175 (@rene-dekker)
- Add back esgateway certificate to the trusted bundle #3174 (@asincu)
- Report dashboard status #3173 (@asincu)
- Refactor to set kube network based on cni type instead of provider #3166 (@davidgiga1993)
- Fix static files check failure #3163 (@electricjesus)
- Fixes for ES Gateway #3162 (@tmjd)
- Disable packetcapture-api in multitenant environment #3160 (@vara2504)
- WAF integration fixes / improvements #3158 (@electricjesus)
- Do not ignore non-migrated nodes for typha scheduling #3156 (@mihivagyok)
- Update copyrights #3149 (@Brian-McM)
- Update K8s pins to 0.27.9 and controller-runtime to 0.15.3 / fix incompatibilities #3146 (@Brian-McM)
- Fix the Compliance namespace in Voltron's proxy targets #3145 (@rene-dekker)
- Update envoy config template #3144 (@hjiawei)
- Dex binary changed location inside of Dockerfile #3143 (@rene-dekker)
- Deploy es-kube-controllers in a multi-tenant environment #3142 (@asincu)
- Ensure degraded status is cleared for tiers controller #3139 (@pasanw)
- Migrate job installer to run inside elasticsearch namespace #3137 (@asincu)
- Fix trusted-bundle conflict in ES secret controller #3135 (@caseydavenport)
- Report TigeraStatus for tiers #3130 (@pasanw)
- Fix panic that can be caused when removing the logstorage resource. #3128 (@rene-dekker)
- Add tigera operator scheme to the unit tests for authn. #3127 (@rene-dekker)
- Bump Elasticsearch and Kibana versions to v7.17.16 #3126 (@hjiawei)
- Support zeroed kub...
v1.32.8
26 Apr 2024
Included Calico versions
Calico version: v3.27.3
Calico Enterprise version: v3.18.3
Other changes
- Update to golang 1.21.9 via go-build bump to v0.89 #3326 (@rene-dekker)
- Update dependencies #3321 (@Behnam-Shobiri)
- Send the list of all ips to egress gateway to support dual stack #3300 (@mazdakn)
v1.32.7
01 Apr 2024
Included Calico versions
Calico version: v3.27.3
Calico Enterprise version: v3.18.2
Bug fixes
Fix security-context for apiserver - audit logs are supported only in Enterprise version #2906 (@mihivagyok)this was incorrectly included as fixed in this release but the change was not included
v1.32.6
25 Mar 2024
Included Calico versions
Calico version: v3.27.2
Calico Enterprise version: v3.18.2
Other changes
- Add priorityClassName to EgressGateway CRD #3197/#3246 (@mazdakn / @sridhartigera)
- Disable keep alive for the elasticsearch client #3239 (@Brian-McM)
- Update libs to patch CVEs #3234 (@rene-dekker)
- Decrease the validity of JWTs issued by Dex to 15m #3220 (@rene-dekker)
- Voltron and/or es-proxy should have kibana's certificate in the bundle #3217 (@rene-dekker)
- Update Elasticsearch to use 7.17.18 #3213 (@rene-dekker)
- Filter 'openshift-' namespace from policy reccommendation #3201 (@dimitri-nicolo)
- Add support for TKG 2.4.1 #3180 (@rene-dekker)
v1.30.10
14 Mar 2024
Included Calico versions
Calico version: v3.26.4
Calico Enterprise version: v3.17.4
Other changes
- Decrease the validity of JWTs issued by dex to 15m #3219 (@rene-dekker)
- Update elastic stack to 7.17.18 #3212 (@rene-dekker)
- Filter 'openshift-' namespace from policy rec #3203 (@dimitri-nicolo)
- Add priorityClassName to EgressGateway CRD #3194 (@sridhartigera)
- Support zeroed kube-controllers metric port #3131 (@pasanw)
- Configure Linux OS affinity for policy-recommendation #3046 #3047 (@vara2504)
- Add Linseed RBAC,envvars for eks log forwarding #3039 (@vara2504)
v1.32.5
17 Feb 2024
Included Calico versions
Calico version: v3.27.2
Calico Enterprise version: v3.18.1
Enhancements
Bug Fixes
- Fix autodetection of current RKE2 #3170 (@nelljerram)
v1.33.0
31 Jan 2024
Included Calico versions
Calico version: v3.27.0
Calico Enterprise version: v3.19.0-1.0
Other changes
- Fix panic that can be caused when removing the logstorage #3129 (@rene-dekker)
- Fix unset linseed url. When missing, clusters with #3122 (@rene-dekker)
- Webhooks-controller should now be rendered on management clusters. #3117 (@bartolini)
- Fix unset linseed url. When missing, clusters with clusterDomain set … #3116 (@rene-dekker)
- run make gen-versions #3108 (@rene-dekker)
- Update coreos stack to reduce CVEs #3107 (@rene-dekker)
- Webhooks should be able to watch config maps and secrets for changes. #3106 (@bartolini)
- Set tenant claim to be the id of the tenant (#3093) #3104 (@asincu)
- Update golang/x/crypto #3100 (@Behnam-Shobiri)
- Set tenant claim to be the id of the tenant #3093 (@asincu)
- Webhooks should be able to watch config maps and secrets for changes. #3092 (@bartolini)
- Avoid endless reconcile loop when image pull secrets are #3084 (@rene-dekker)
- Only watch the monitor CR if the CRD exists. #3082 (@rene-dekker)
- Only watch the monitor CR if the CRD exists. #3081 (@rene-dekker)
- WAF: Revert change from modsecurity to coraza engine #3080 (@mikestephen)
- Break infinite reconciliation loop #3075 (@rene-dekker)
- CSR Image must be instantiated #3072 (@rene-dekker)
- Make gen-files #3070 (@rene-dekker)
- Fix issue where controller is watching a secret that is never #3068 (@rene-dekker)
- Fix issue where controller is watching a secret that is never created #3067 (@rene-dekker)
- Ev 4104 csr controller (#3010) #3065 (@rene-dekker)
- Feature external monitoring #3063 (@rene-dekker)
- PolicyRecommendation needs to access resource within a tenant namespa… #3062 (@asincu)
- fix: missing logging arguments for dikastes #3058 (@electricjesus)
- PolicyRecommendation needs to access resource within a tenant namespace #3052 (@asincu)
v1.32.4
18 Jan 2024
Included Calico versions
Calico version: v3.27.0
Calico Enterprise version: v3.18.1
Other changes
- Fix unset linseed url #3123 (@rene-dekker)
- Update coreos stack to reduce CVEs #3110 (@rene-dekker)
- Update base image and crypto #3099 (@Behnam-Shobiri)
v1.32.3
15 Dec 2023
Included Calico versions
Calico version: v3.27.0
Calico Enterprise version: v3.18.0-2.0
Enhancements
- [Calico Enterprise] Update CoreRuleset payload for dikastes' new WAF engine #2991 (@electricjesus)
Other changes
- Configure Linux OS affinity for policy-recommendation #3046 (@vara2504)
- Add Linseed RBAC,envvars for eks log forwarding #3040 (@vara2504)
- Allow configuration of replicas per-tenant #3033 (@vara2504)
- Added new controller to the operator that can sign CertificateSigningRequests for select TLS assets #3010 (@rene-dekker)
- [Calico Enterprise] Remove usage of ES ConfigMap and PublicCertSecret #2954 (@Josh-Tigera)
- Clean up network policies watches #2888 (@asincu)