-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
b133280
commit a86e41d
Showing
2 changed files
with
89 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,29 +1,28 @@ | ||
- title: v3.22.0-pre | ||
note: "" | ||
- title: v3.22.0 | ||
tigera-operator: | ||
image: tigera/operator | ||
registry: quay.io | ||
version: master | ||
version: v1.25.0 | ||
components: | ||
typha: | ||
version: release-v3.22 | ||
version: v3.22.0 | ||
calicoctl: | ||
version: release-v3.22 | ||
version: v3.22.0 | ||
calico/node: | ||
version: release-v3.22 | ||
version: v3.22.0 | ||
calico/cni: | ||
version: release-v3.22 | ||
version: v3.22.0 | ||
calico/apiserver: | ||
version: release-v3.22 | ||
version: v3.22.0 | ||
calico/kube-controllers: | ||
version: release-v3.22 | ||
version: v3.22.0 | ||
calico/flannel-migration-controller: | ||
version: release-v3.22 | ||
version: v3.22.0 | ||
networking-calico: | ||
version: release-v3.22 | ||
version: v3.22.0 | ||
flannel: | ||
version: v0.13.0 | ||
calico/dikastes: | ||
version: release-v3.22 | ||
version: v3.22.0 | ||
flexvol: | ||
version: release-v3.22 | ||
version: v3.22.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
28 Jan 2022 | ||
|
||
#### Repository restructuring | ||
|
||
Calico has moved to a monorepo appraoch to code and release management. All Calico code is now hosted in the github.com/projectcalico/calico | ||
repository on GitHub. This allows for much improved development and release environment. Note that some release artifacts such as calicoctl have been moved to this new location | ||
and will no longer be hosted at the now-depreacted micro-repos. | ||
|
||
You can find the artifacts in their new location [on the Calico GitHub](https://github.com/projectcalico/calico/releases/tag/v3.22.0) | ||
|
||
#### Convert Kubernetes NetworkPolicy objects to Calico NetworkPolicies | ||
|
||
You can now use calicoctl to convert Kubernetes policies directly to their equivalent representation in the projectcalico.org/v3 API. This allows you | ||
to enhance existing policies to make use of the extended Calico NetworkPolicy API feature set without needing to manually translate between API | ||
representations. | ||
|
||
Pull requests: | ||
|
||
- 'calicoctl convert' can now be used to convert NetworkPolicy resources from Kubernetes API into Calico v3 API [calico #5307](https://github.com/projectcalico/calico/pull/5307) (@coutinhop) | ||
|
||
#### Bug fixes | ||
|
||
**General** | ||
|
||
- Fix a serious regression introduced in v3.21 where the datastore watcher could get stuck and report stale information in clusters with >500 policies/pods/etc. The bug was triggered by needing to do a resync (for example after an etcd compaction) when there were enough resources to trigger the list pager. [calico #5324](https://github.com/projectcalico/calico/pull/5324) (@fasaxc) | ||
- Add newline to the end of some log lines that were missing it [node #1349](https://github.com/projectcalico/node/pull/1349) (@ripta) | ||
- Fix potential panic and memory leak in kube-controllers caused by adding and subsequently deleting IPAM blocks [kube-controllers #911](https://github.com/projectcalico/kube-controllers/pull/911) (@caseydavenport) | ||
- IPAM GC correctly handles multiple IP addresses allocated with the same handle ID. [kube-controllers #901](https://github.com/projectcalico/kube-controllers/pull/901) (@caseydavenport) | ||
- Enable GC of IPAM blocks which no longer belong to an active IP pool [libcalico-go #1549](https://github.com/projectcalico/libcalico-go/pull/1549) (@caseydavenport) | ||
- Fix that the IPAM garbage collector could not release blocks that did not belong to active IP pools. [calico #5319](https://github.com/projectcalico/calico/pull/5319) (@caseydavenport) | ||
- Fix bug where invalid port structures were being sent to Felix, preventing pods with hostPorts specified from working. [libcalico-go #1544](https://github.com/projectcalico/libcalico-go/pull/1544) (@caseydavenport) | ||
- Dikastes: use gRPC graceful shutdown to exit cleanly after getting signal [calico #5210](https://github.com/projectcalico/calico/pull/5210) (@nohajc) | ||
|
||
**eBPF dataplane** | ||
|
||
- Fixed race when creating bpf maps that prevented loading bpf programs. [calico #5511](https://github.com/projectcalico/calico/pull/5511) (@sridhartigera) | ||
- Fix application of the iptables-mode XDP DoS protection program on devices that support driver mode. [calico #5330](https://github.com/projectcalico/calico/pull/5330) (@fasaxc) | ||
- Reattach programs when their configuration changes [felix #3073](https://github.com/projectcalico/felix/pull/3073) (@tomastigera) | ||
- Avoid mixing of CTLB and regular NAT in eBPF [felix #3069](https://github.com/projectcalico/felix/pull/3069) (@tomastigera) | ||
|
||
#### Other changes | ||
|
||
**General** | ||
|
||
- New autodetection method KubernetesInternalIP added [node #1242](https://github.com/projectcalico/node/pull/1242) (@hanamantagoudvk) | ||
- Dual-stack support for host-local IPAM [calico #5313](https://github.com/projectcalico/calico/pull/5313) (@manuelbuil) | ||
- Increase timeout for setting NetworkUnavailable on shutdown [node #1336](https://github.com/projectcalico/node/pull/1336) (@song-jiang) | ||
- Felix now has a LogDebugFilenameRegex config parameter that allows debug logs to be filtered by filename. [felix #3093](https://github.com/projectcalico/felix/pull/3093) (@fasaxc) | ||
- When generating iptables chains for network policies, Felix now adds a comment to the first rule in the chain with the name of the policy. [felix #3088](https://github.com/projectcalico/felix/pull/3088) (@fasaxc) | ||
- Reduce log level on cyclic wireguard logs [felix #3078](https://github.com/projectcalico/felix/pull/3078) (@caseydavenport) | ||
- Align handling ExternalTrafficPolicy=Local with legacy kube-proxy - apply it only to external traffic. Enable InternalTrafficPolicy. [felix #3076](https://github.com/projectcalico/felix/pull/3076) (@tomastigera) | ||
- Restrict Typha server to FIPS compliant cipher suites. [typha #694](https://github.com/projectcalico/typha/pull/694) (@caseydavenport) | ||
- Restrict Calico API server to FIPS compliant cipher suites. https://github.com/golang/go/blob/dev.boringcrypto.go1.13/src/crypto/tls/boring.go [calico #5448](https://github.com/projectcalico/calico/pull/5448) (@strigie) | ||
- Remove remaining references to unsupported and out-of-date GoBGP backend [calico #5479](https://github.com/projectcalico/calico/pull/5479) (@robbrockbank) | ||
- Bump UBI base image to 8.5 for all images [calico #5468](https://github.com/projectcalico/calico/pull/5468) (@coutinhop) | ||
- Handle client creation errors in `calicoctl version`, and print appropriate message [calico #5455](https://github.com/projectcalico/calico/pull/5455) (@turekt) | ||
- Automatic host endpoints now detect internal IPs from the Kubernetes Node API [calico #5405](https://github.com/projectcalico/calico/pull/5405) (@coutinhop) | ||
- Allow specification of block size when performing a flannel to Calico migration [calico #5329](https://github.com/projectcalico/calico/pull/5329) (@sooheng) | ||
- Add debug memory profiling capabilities to kube-controllers [calico #5316](https://github.com/projectcalico/calico/pull/5316) (@caseydavenport) | ||
|
||
**helm chart** | ||
|
||
- Add sources to helm chart [calico #5451](https://github.com/projectcalico/calico/pull/5451) (@EugenMayer) | ||
|
||
**eBPF dataplane** | ||
|
||
- Calico's BPF programs are now dual Apache/GPL licensed to facilitate code sharing with Felix. [felix #3068](https://github.com/projectcalico/felix/pull/3068) (@fasaxc) | ||
- When CTLB is enabled, UDP packets from a source targeting a service stick to the same destination and are no longer distributed to random backends. [felix #3067](https://github.com/projectcalico/felix/pull/3067) (@tomastigera) | ||
- Improve handling of connections that reuse the same TCP source/dest tuple. Detect reuse and treat as new connection. [calico #5308](https://github.com/projectcalico/calico/pull/5308) (@tomastigera) | ||
|
||
**VPP dataplane** | ||
|
||
- VPP dataplane instructions now use operator-based install [calico #5362](https://github.com/projectcalico/calico/pull/5362) (@AloysAugustin) | ||
|
||
**OpenStack** | ||
|
||
- When running with OpenStack, avoid a spurious error at start of day about cleaning up non-existent BPF state. [felix #3034](https://github.com/projectcalico/felix/pull/3034) (@neiljerram) |