From 1bd249b2684d25429bd2e00c964d1daa994ae901 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Sat, 27 May 2023 19:36:16 -0700 Subject: [PATCH] Updates for v3.26.0 release (#7696) * Update values.yaml files for v3.26.0 * Generate manifests * Add release notes * Fix deployment file paths --- charts/calico/values.yaml | 2 +- charts/tigera-operator/values.yaml | 4 +- hack/release/pkg/builder/builder.go | 4 +- .../alp/istio-inject-configmap-1.1.0.yaml | 2 +- .../alp/istio-inject-configmap-1.1.1.yaml | 2 +- .../alp/istio-inject-configmap-1.1.10.yaml | 2 +- .../alp/istio-inject-configmap-1.1.11.yaml | 2 +- .../alp/istio-inject-configmap-1.1.12.yaml | 2 +- .../alp/istio-inject-configmap-1.1.13.yaml | 2 +- .../alp/istio-inject-configmap-1.1.14.yaml | 2 +- .../alp/istio-inject-configmap-1.1.15.yaml | 2 +- .../alp/istio-inject-configmap-1.1.16.yaml | 2 +- .../alp/istio-inject-configmap-1.1.17.yaml | 2 +- .../alp/istio-inject-configmap-1.1.2.yaml | 2 +- .../alp/istio-inject-configmap-1.1.3.yaml | 2 +- .../alp/istio-inject-configmap-1.1.4.yaml | 2 +- .../alp/istio-inject-configmap-1.1.5.yaml | 2 +- .../alp/istio-inject-configmap-1.1.6.yaml | 2 +- .../alp/istio-inject-configmap-1.1.7.yaml | 2 +- .../alp/istio-inject-configmap-1.1.8.yaml | 2 +- .../alp/istio-inject-configmap-1.1.9.yaml | 2 +- .../alp/istio-inject-configmap-1.10.yaml | 4 +- .../alp/istio-inject-configmap-1.15.yaml | 4 +- .../alp/istio-inject-configmap-1.2.0.yaml | 2 +- .../alp/istio-inject-configmap-1.2.1.yaml | 2 +- .../alp/istio-inject-configmap-1.2.2.yaml | 2 +- .../alp/istio-inject-configmap-1.2.3.yaml | 2 +- .../alp/istio-inject-configmap-1.2.4.yaml | 2 +- .../alp/istio-inject-configmap-1.2.5.yaml | 2 +- .../alp/istio-inject-configmap-1.2.6.yaml | 2 +- .../alp/istio-inject-configmap-1.2.7.yaml | 2 +- .../alp/istio-inject-configmap-1.2.8.yaml | 2 +- .../alp/istio-inject-configmap-1.2.9.yaml | 2 +- .../alp/istio-inject-configmap-1.3.0.yaml | 2 +- .../alp/istio-inject-configmap-1.3.1.yaml | 2 +- .../alp/istio-inject-configmap-1.3.2.yaml | 2 +- .../alp/istio-inject-configmap-1.3.3.yaml | 2 +- .../alp/istio-inject-configmap-1.3.4.yaml | 2 +- .../alp/istio-inject-configmap-1.3.5.yaml | 2 +- .../alp/istio-inject-configmap-1.4.0.yaml | 2 +- .../alp/istio-inject-configmap-1.4.1.yaml | 2 +- .../alp/istio-inject-configmap-1.4.2.yaml | 2 +- manifests/alp/istio-inject-configmap-1.6.yaml | 2 +- manifests/alp/istio-inject-configmap-1.7.yaml | 2 +- manifests/alp/istio-inject-configmap-1.9.yaml | 4 +- manifests/apiserver.yaml | 2 +- manifests/calico-bpf.yaml | 10 +-- manifests/calico-etcd.yaml | 8 +-- manifests/calico-policy-only.yaml | 10 +-- manifests/calico-typha.yaml | 12 ++-- manifests/calico-vxlan.yaml | 10 +-- manifests/calico-windows-bgp.yaml | 8 +-- manifests/calico-windows-vxlan.yaml | 6 +- manifests/calico.yaml | 10 +-- manifests/calicoctl-etcd.yaml | 4 +- manifests/calicoctl.yaml | 4 +- manifests/canal-etcd.yaml | 8 +-- manifests/canal.yaml | 8 +-- manifests/csi-driver.yaml | 4 +- manifests/flannel-migration/calico.yaml | 10 +-- manifests/ocp/02-tigera-operator.yaml | 6 +- manifests/tigera-operator.yaml | 4 +- release-notes/v3.26.0-release-notes.md | 70 +++++++++++++++++++ 63 files changed, 182 insertions(+), 112 deletions(-) create mode 100644 release-notes/v3.26.0-release-notes.md diff --git a/charts/calico/values.yaml b/charts/calico/values.yaml index 5d64e065bce..aa5d71d0de8 100644 --- a/charts/calico/values.yaml +++ b/charts/calico/values.yaml @@ -1,5 +1,5 @@ # The Calico version to use when generating manifests. -version: release-v3.26 +version: v3.26.0 # Configure the images to use when generating manifests. node: diff --git a/charts/tigera-operator/values.yaml b/charts/tigera-operator/values.yaml index 34119604669..22c5478c676 100644 --- a/charts/tigera-operator/values.yaml +++ b/charts/tigera-operator/values.yaml @@ -41,8 +41,8 @@ podLabels: {} # Image and registry configuration for the tigera/operator pod. tigeraOperator: image: tigera/operator - version: release-v1.30 + version: v1.30.0 registry: quay.io calicoctl: image: docker.io/calico/ctl - tag: release-v3.26 + tag: v3.26.0 diff --git a/hack/release/pkg/builder/builder.go b/hack/release/pkg/builder/builder.go index 47dddaa6d07..4852dabb594 100644 --- a/hack/release/pkg/builder/builder.go +++ b/hack/release/pkg/builder/builder.go @@ -332,7 +332,7 @@ func (r *ReleaseBuilder) collectGithubArtifacts(ver string) error { if _, err := r.runner.Run("cp", []string{fmt.Sprintf("bin/tigera-operator-%s.tgz", ver), uploadDir}, nil); err != nil { return err } - if _, err := r.runner.Run("cp", []string{"manifests/ocp.tgz", ver, uploadDir}, nil); err != nil { + if _, err := r.runner.Run("cp", []string{"bin/ocp.tgz", uploadDir}, nil); err != nil { return err } @@ -416,7 +416,7 @@ func (r *ReleaseBuilder) buildReleaseTar(ver string, targetDir string) error { } // Add in manifests directory generated from the docs. - if _, err := r.runner.Run("cp", []string{"-r", "/manifests", releaseBase}, nil); err != nil { + if _, err := r.runner.Run("cp", []string{"-r", "manifests", releaseBase}, nil); err != nil { return err } diff --git a/manifests/alp/istio-inject-configmap-1.1.0.yaml b/manifests/alp/istio-inject-configmap-1.1.0.yaml index d2aeb5faae0..b638cb7358c 100644 --- a/manifests/alp/istio-inject-configmap-1.1.0.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.0.yaml @@ -178,7 +178,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.1.yaml b/manifests/alp/istio-inject-configmap-1.1.1.yaml index 6b7009dc2d4..99a7a0060e6 100644 --- a/manifests/alp/istio-inject-configmap-1.1.1.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.1.yaml @@ -178,7 +178,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.10.yaml b/manifests/alp/istio-inject-configmap-1.1.10.yaml index 0d3ed3613f1..b643b1454fa 100644 --- a/manifests/alp/istio-inject-configmap-1.1.10.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.10.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.11.yaml b/manifests/alp/istio-inject-configmap-1.1.11.yaml index f168958cad9..dee493aeb2a 100644 --- a/manifests/alp/istio-inject-configmap-1.1.11.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.11.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.12.yaml b/manifests/alp/istio-inject-configmap-1.1.12.yaml index aa808ab5ae8..8640b9c9f37 100644 --- a/manifests/alp/istio-inject-configmap-1.1.12.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.12.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.13.yaml b/manifests/alp/istio-inject-configmap-1.1.13.yaml index 12f318b398c..addddc6cb82 100644 --- a/manifests/alp/istio-inject-configmap-1.1.13.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.13.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.14.yaml b/manifests/alp/istio-inject-configmap-1.1.14.yaml index 467de8d259d..56dbeb86cf0 100644 --- a/manifests/alp/istio-inject-configmap-1.1.14.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.14.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.15.yaml b/manifests/alp/istio-inject-configmap-1.1.15.yaml index 651dfba4277..ed7c5f150e5 100644 --- a/manifests/alp/istio-inject-configmap-1.1.15.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.15.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.16.yaml b/manifests/alp/istio-inject-configmap-1.1.16.yaml index 2384c57f4d8..d4d539a5007 100644 --- a/manifests/alp/istio-inject-configmap-1.1.16.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.16.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.17.yaml b/manifests/alp/istio-inject-configmap-1.1.17.yaml index a3228abf165..0dd17ebd21f 100644 --- a/manifests/alp/istio-inject-configmap-1.1.17.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.17.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.2.yaml b/manifests/alp/istio-inject-configmap-1.1.2.yaml index 17c749f090f..5dd4c846be0 100644 --- a/manifests/alp/istio-inject-configmap-1.1.2.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.2.yaml @@ -178,7 +178,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.3.yaml b/manifests/alp/istio-inject-configmap-1.1.3.yaml index 3c510015694..be8976ee257 100644 --- a/manifests/alp/istio-inject-configmap-1.1.3.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.3.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.4.yaml b/manifests/alp/istio-inject-configmap-1.1.4.yaml index fd0383c910d..3ec8d88bbe2 100644 --- a/manifests/alp/istio-inject-configmap-1.1.4.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.4.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.5.yaml b/manifests/alp/istio-inject-configmap-1.1.5.yaml index f357c1401cb..ae982cd457b 100644 --- a/manifests/alp/istio-inject-configmap-1.1.5.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.5.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.6.yaml b/manifests/alp/istio-inject-configmap-1.1.6.yaml index 4f7f747750d..f985067071d 100644 --- a/manifests/alp/istio-inject-configmap-1.1.6.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.6.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.7.yaml b/manifests/alp/istio-inject-configmap-1.1.7.yaml index 074f8b16c7e..63ca3431985 100644 --- a/manifests/alp/istio-inject-configmap-1.1.7.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.7.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.8.yaml b/manifests/alp/istio-inject-configmap-1.1.8.yaml index 4496278ca9d..425023186ed 100644 --- a/manifests/alp/istio-inject-configmap-1.1.8.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.8.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.9.yaml b/manifests/alp/istio-inject-configmap-1.1.9.yaml index 78756d9c71f..c36371303b8 100644 --- a/manifests/alp/istio-inject-configmap-1.1.9.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.9.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.10.yaml b/manifests/alp/istio-inject-configmap-1.10.yaml index 98a7aa0ebe5..2e1aae01798 100644 --- a/manifests/alp/istio-inject-configmap-1.10.yaml +++ b/manifests/alp/istio-inject-configmap-1.10.yaml @@ -433,7 +433,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false @@ -720,7 +720,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.15.yaml b/manifests/alp/istio-inject-configmap-1.15.yaml index 417f7eb5237..e551ffa4200 100644 --- a/manifests/alp/istio-inject-configmap-1.15.yaml +++ b/manifests/alp/istio-inject-configmap-1.15.yaml @@ -434,7 +434,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false @@ -719,7 +719,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.0.yaml b/manifests/alp/istio-inject-configmap-1.2.0.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.0.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.0.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.1.yaml b/manifests/alp/istio-inject-configmap-1.2.1.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.1.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.1.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.2.yaml b/manifests/alp/istio-inject-configmap-1.2.2.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.2.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.2.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.3.yaml b/manifests/alp/istio-inject-configmap-1.2.3.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.3.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.3.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.4.yaml b/manifests/alp/istio-inject-configmap-1.2.4.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.4.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.4.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.5.yaml b/manifests/alp/istio-inject-configmap-1.2.5.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.5.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.5.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.6.yaml b/manifests/alp/istio-inject-configmap-1.2.6.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.6.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.6.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.7.yaml b/manifests/alp/istio-inject-configmap-1.2.7.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.7.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.7.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.8.yaml b/manifests/alp/istio-inject-configmap-1.2.8.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.8.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.8.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.9.yaml b/manifests/alp/istio-inject-configmap-1.2.9.yaml index 87a1fb2c3dc..3fd4cd4a0fa 100644 --- a/manifests/alp/istio-inject-configmap-1.2.9.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.9.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.0.yaml b/manifests/alp/istio-inject-configmap-1.3.0.yaml index 44d0bf64e28..a53e2587921 100644 --- a/manifests/alp/istio-inject-configmap-1.3.0.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.0.yaml @@ -327,7 +327,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.1.yaml b/manifests/alp/istio-inject-configmap-1.3.1.yaml index 6617240bddb..f2455b1d532 100644 --- a/manifests/alp/istio-inject-configmap-1.3.1.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.1.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.2.yaml b/manifests/alp/istio-inject-configmap-1.3.2.yaml index 6617240bddb..f2455b1d532 100644 --- a/manifests/alp/istio-inject-configmap-1.3.2.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.2.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.3.yaml b/manifests/alp/istio-inject-configmap-1.3.3.yaml index 6617240bddb..f2455b1d532 100644 --- a/manifests/alp/istio-inject-configmap-1.3.3.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.3.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.4.yaml b/manifests/alp/istio-inject-configmap-1.3.4.yaml index 6617240bddb..f2455b1d532 100644 --- a/manifests/alp/istio-inject-configmap-1.3.4.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.4.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.5.yaml b/manifests/alp/istio-inject-configmap-1.3.5.yaml index 6617240bddb..f2455b1d532 100644 --- a/manifests/alp/istio-inject-configmap-1.3.5.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.5.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.4.0.yaml b/manifests/alp/istio-inject-configmap-1.4.0.yaml index 71f9936b40d..9213be6f487 100644 --- a/manifests/alp/istio-inject-configmap-1.4.0.yaml +++ b/manifests/alp/istio-inject-configmap-1.4.0.yaml @@ -351,7 +351,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.4.1.yaml b/manifests/alp/istio-inject-configmap-1.4.1.yaml index 71f9936b40d..9213be6f487 100644 --- a/manifests/alp/istio-inject-configmap-1.4.1.yaml +++ b/manifests/alp/istio-inject-configmap-1.4.1.yaml @@ -351,7 +351,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.4.2.yaml b/manifests/alp/istio-inject-configmap-1.4.2.yaml index 71f9936b40d..9213be6f487 100644 --- a/manifests/alp/istio-inject-configmap-1.4.2.yaml +++ b/manifests/alp/istio-inject-configmap-1.4.2.yaml @@ -351,7 +351,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.6.yaml b/manifests/alp/istio-inject-configmap-1.6.yaml index aed6fa2fb1c..d0a6b082be8 100644 --- a/manifests/alp/istio-inject-configmap-1.6.yaml +++ b/manifests/alp/istio-inject-configmap-1.6.yaml @@ -363,7 +363,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.7.yaml b/manifests/alp/istio-inject-configmap-1.7.yaml index 501e654c9fa..9faff3a7baf 100644 --- a/manifests/alp/istio-inject-configmap-1.7.yaml +++ b/manifests/alp/istio-inject-configmap-1.7.yaml @@ -369,7 +369,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.9.yaml b/manifests/alp/istio-inject-configmap-1.9.yaml index 421e228788a..f4fdf66d9ac 100644 --- a/manifests/alp/istio-inject-configmap-1.9.yaml +++ b/manifests/alp/istio-inject-configmap-1.9.yaml @@ -428,7 +428,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false @@ -714,7 +714,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:release-v3.26 + image: calico/dikastes:v3.26.0 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/apiserver.yaml b/manifests/apiserver.yaml index cf536cfc68f..61d474ad0b5 100644 --- a/manifests/apiserver.yaml +++ b/manifests/apiserver.yaml @@ -77,7 +77,7 @@ spec: env: - name: DATASTORE_TYPE value: kubernetes - image: calico/apiserver:release-v3.26 + image: calico/apiserver:v3.26.0 livenessProbe: httpGet: path: /version diff --git a/manifests/calico-bpf.yaml b/manifests/calico-bpf.yaml index f0716b9c45c..e15e1f4a634 100644 --- a/manifests/calico-bpf.yaml +++ b/manifests/calico-bpf.yaml @@ -4644,7 +4644,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4683,7 +4683,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4737,7 +4737,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4763,7 +4763,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -4994,7 +4994,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:release-v3.26 + image: docker.io/calico/kube-controllers:v3.26.0 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/calico-etcd.yaml b/manifests/calico-etcd.yaml index 872e0d582ce..8c9968ae0dc 100644 --- a/manifests/calico-etcd.yaml +++ b/manifests/calico-etcd.yaml @@ -302,7 +302,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -348,7 +348,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -374,7 +374,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -614,7 +614,7 @@ spec: hostNetwork: true containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:release-v3.26 + image: docker.io/calico/kube-controllers:v3.26.0 imagePullPolicy: IfNotPresent env: # The location of the etcd cluster. diff --git a/manifests/calico-policy-only.yaml b/manifests/calico-policy-only.yaml index 93bd31166e5..5f393f0217c 100644 --- a/manifests/calico-policy-only.yaml +++ b/manifests/calico-policy-only.yaml @@ -4625,7 +4625,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4662,7 +4662,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4688,7 +4688,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -4876,7 +4876,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:release-v3.26 + image: docker.io/calico/kube-controllers:v3.26.0 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. @@ -4960,7 +4960,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: docker.io/calico/typha:release-v3.26 + - image: docker.io/calico/typha:v3.26.0 imagePullPolicy: IfNotPresent name: calico-typha ports: diff --git a/manifests/calico-typha.yaml b/manifests/calico-typha.yaml index 5e23a198c11..e367227bf6a 100644 --- a/manifests/calico-typha.yaml +++ b/manifests/calico-typha.yaml @@ -4675,7 +4675,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4703,7 +4703,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4746,7 +4746,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4772,7 +4772,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -4995,7 +4995,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:release-v3.26 + image: docker.io/calico/kube-controllers:v3.26.0 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. @@ -5079,7 +5079,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: docker.io/calico/typha:release-v3.26 + - image: docker.io/calico/typha:v3.26.0 imagePullPolicy: IfNotPresent name: calico-typha ports: diff --git a/manifests/calico-vxlan.yaml b/manifests/calico-vxlan.yaml index f56a502268f..72d88c693ba 100644 --- a/manifests/calico-vxlan.yaml +++ b/manifests/calico-vxlan.yaml @@ -4639,7 +4639,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4667,7 +4667,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4710,7 +4710,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4736,7 +4736,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -4951,7 +4951,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:release-v3.26 + image: docker.io/calico/kube-controllers:v3.26.0 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/calico-windows-bgp.yaml b/manifests/calico-windows-bgp.yaml index c4896853e87..7051c75ffd3 100644 --- a/manifests/calico-windows-bgp.yaml +++ b/manifests/calico-windows-bgp.yaml @@ -60,7 +60,7 @@ spec: operator: Exists initContainers: - name: install - image: calico/windows:release-v3.26 + image: calico/windows:v3.26.0 args: - ".\\host-process-install.ps1" imagePullPolicy: Always @@ -76,7 +76,7 @@ spec: fieldPath: spec.nodeName containers: - name: node - image: calico/windows:release-v3.26 + image: calico/windows:v3.26.0 imagePullPolicy: Always args: - ".\\node\\node-service.ps1" @@ -94,7 +94,7 @@ spec: apiVersion: v1 fieldPath: spec.nodeName - name: felix - image: calico/windows:release-v3.26 + image: calico/windows:v3.26.0 imagePullPolicy: Always args: - ".\\felix\\felix-service.ps1" @@ -128,7 +128,7 @@ spec: periodSeconds: 10 timeoutSeconds: 10 - name: confd - image: calico/windows:release-v3.26 + image: calico/windows:v3.26.0 imagePullPolicy: Always args: - ".\\confd\\confd-service.ps1" diff --git a/manifests/calico-windows-vxlan.yaml b/manifests/calico-windows-vxlan.yaml index 2d57c5386e4..ac539c3528e 100644 --- a/manifests/calico-windows-vxlan.yaml +++ b/manifests/calico-windows-vxlan.yaml @@ -60,7 +60,7 @@ spec: operator: Exists initContainers: - name: install - image: calico/windows:release-v3.26 + image: calico/windows:v3.26.0 args: - ".\\host-process-install.ps1" imagePullPolicy: Always @@ -76,7 +76,7 @@ spec: fieldPath: spec.nodeName containers: - name: node - image: calico/windows:release-v3.26 + image: calico/windows:v3.26.0 imagePullPolicy: Always args: - ".\\node\\node-service.ps1" @@ -94,7 +94,7 @@ spec: apiVersion: v1 fieldPath: spec.nodeName - name: felix - image: calico/windows:release-v3.26 + image: calico/windows:v3.26.0 imagePullPolicy: Always args: - ".\\felix\\felix-service.ps1" diff --git a/manifests/calico.yaml b/manifests/calico.yaml index b1d6d213fb6..0550bd9ac6b 100644 --- a/manifests/calico.yaml +++ b/manifests/calico.yaml @@ -4639,7 +4639,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4667,7 +4667,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4710,7 +4710,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4736,7 +4736,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -4953,7 +4953,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:release-v3.26 + image: docker.io/calico/kube-controllers:v3.26.0 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/calicoctl-etcd.yaml b/manifests/calicoctl-etcd.yaml index 8a914ab6133..29f2f5fe3b3 100644 --- a/manifests/calicoctl-etcd.yaml +++ b/manifests/calicoctl-etcd.yaml @@ -1,7 +1,7 @@ # Calico Version master # https://projectcalico.docs.tigera.io/releases#master # This manifest includes the following component versions: -# calico/ctl:release-v3.26 +# calico/ctl:v3.26.0 apiVersion: v1 kind: Pod @@ -14,7 +14,7 @@ spec: hostNetwork: true containers: - name: calicoctl - image: calico/ctl:release-v3.26 + image: calico/ctl:v3.26.0 command: - /calicoctl args: diff --git a/manifests/calicoctl.yaml b/manifests/calicoctl.yaml index 471d5ffd32f..4f859078440 100644 --- a/manifests/calicoctl.yaml +++ b/manifests/calicoctl.yaml @@ -1,7 +1,7 @@ # Calico Version master # https://projectcalico.docs.tigera.io/releases#master # This manifest includes the following component versions: -# calico/ctl:release-v3.26 +# calico/ctl:v3.26.0 apiVersion: v1 kind: ServiceAccount @@ -23,7 +23,7 @@ spec: serviceAccountName: calicoctl containers: - name: calicoctl - image: calico/ctl:release-v3.26 + image: calico/ctl:v3.26.0 command: - /calicoctl args: diff --git a/manifests/canal-etcd.yaml b/manifests/canal-etcd.yaml index 08e8a50bddd..e11d63130f5 100644 --- a/manifests/canal-etcd.yaml +++ b/manifests/canal-etcd.yaml @@ -382,7 +382,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -452,7 +452,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -478,7 +478,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -774,7 +774,7 @@ spec: hostNetwork: true containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:release-v3.26 + image: docker.io/calico/kube-controllers:v3.26.0 imagePullPolicy: IfNotPresent env: # The location of the etcd cluster. diff --git a/manifests/canal.yaml b/manifests/canal.yaml index 917aeee2a7c..9340de3dd08 100644 --- a/manifests/canal.yaml +++ b/manifests/canal.yaml @@ -4648,7 +4648,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4697,7 +4697,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4723,7 +4723,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -4951,7 +4951,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:release-v3.26 + image: docker.io/calico/kube-controllers:v3.26.0 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/csi-driver.yaml b/manifests/csi-driver.yaml index 1e3fe2ee67a..4da1f5a27fd 100644 --- a/manifests/csi-driver.yaml +++ b/manifests/csi-driver.yaml @@ -50,7 +50,7 @@ spec: effect: NoSchedule containers: - name: calico-csi - image: calico/csi:release-v3.26 + image: calico/csi:v3.26.0 imagePullPolicy: IfNotPresent args: - --nodeid=$(KUBE_NODE_NAME) @@ -75,7 +75,7 @@ spec: mountPath: /var/lib/kubelet/ mountPropagation: "Bidirectional" - name: csi-node-driver-registrar - image: calico/node-driver-registrar:release-v3.26 + image: calico/node-driver-registrar:v3.26.0 imagePullPolicy: IfNotPresent args: - --v=5 diff --git a/manifests/flannel-migration/calico.yaml b/manifests/flannel-migration/calico.yaml index 4c5f42ddf1f..640cc161366 100644 --- a/manifests/flannel-migration/calico.yaml +++ b/manifests/flannel-migration/calico.yaml @@ -4641,7 +4641,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4669,7 +4669,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:release-v3.26 + image: docker.io/calico/cni:v3.26.0 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4712,7 +4712,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4738,7 +4738,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:release-v3.26 + image: docker.io/calico/node:v3.26.0 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -4953,7 +4953,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:release-v3.26 + image: docker.io/calico/kube-controllers:v3.26.0 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/ocp/02-tigera-operator.yaml b/manifests/ocp/02-tigera-operator.yaml index 8d78e224e35..17a00379716 100644 --- a/manifests/ocp/02-tigera-operator.yaml +++ b/manifests/ocp/02-tigera-operator.yaml @@ -29,7 +29,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: tigera-operator - image: quay.io/tigera/operator:release-v1.30 + image: quay.io/tigera/operator:v1.30.0 imagePullPolicy: IfNotPresent command: - operator @@ -47,7 +47,7 @@ spec: - name: OPERATOR_NAME value: "tigera-operator" - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION - value: release-v1.30 + value: v1.30.0 envFrom: - configMapRef: name: kubernetes-services-endpoint @@ -66,7 +66,7 @@ spec: name: install-resources-script initContainers: - name: create-initial-resources - image: docker.io/calico/ctl:release-v3.26 + image: docker.io/calico/ctl:v3.26.0 env: - name: DATASTORE_TYPE value: kubernetes diff --git a/manifests/tigera-operator.yaml b/manifests/tigera-operator.yaml index c29d2391ed0..5b7f5c0b2a7 100644 --- a/manifests/tigera-operator.yaml +++ b/manifests/tigera-operator.yaml @@ -21481,7 +21481,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: tigera-operator - image: quay.io/tigera/operator:release-v1.30 + image: quay.io/tigera/operator:v1.30.0 imagePullPolicy: IfNotPresent command: - operator @@ -21499,7 +21499,7 @@ spec: - name: OPERATOR_NAME value: "tigera-operator" - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION - value: release-v1.30 + value: v1.30.0 envFrom: - configMapRef: name: kubernetes-services-endpoint diff --git a/release-notes/v3.26.0-release-notes.md b/release-notes/v3.26.0-release-notes.md new file mode 100644 index 00000000000..fde18d5d07a --- /dev/null +++ b/release-notes/v3.26.0-release-notes.md @@ -0,0 +1,70 @@ +24 May 2023 + +#### Improved Security + +Permissions for core Calico components have been separated and reduced to the minimum required for each component. This change allows us to tweak permissions on the CNI plugin itself regardless of the permissions required to manage the dataplane. + +Pull Requests: + + - Separate calico-node and calico-cni-plugin service accounts [calico #7106](https://github.com/projectcalico/calico/pull/7106) (@MichalFupso) + +#### Performance Enhancements + +Calico now utilizes kernel-side route filtering in order to reduce CPU usage in systems with many different pods. + +Pull Requests: + + - Performance: use kernel-side route filtering when listing routes in the interface monitor. Dramatically reduces CPU usage (and garbage collection) on systems with many interfaces/routes. [calico #7375](https://github.com/projectcalico/calico/pull/7375) (@fasaxc) + - Performance: use kernel-side route filtering when listing routes. Dramatically reduces CPU usage (and garbage collection) on systems with many interfaces/pods/routes. [calico #7364](https://github.com/projectcalico/calico/pull/7364) (@fasaxc) + +#### Windows Server 2022 Support + +Calico now supports Windows Server 2022! + +#### OpenStack Yoga Support + +Calico now supports OpenStack Yoga! + +Pull Requests: + + - OpenStack: Support newer, more scalable version of etcd server [calico #7147](https://github.com/projectcalico/calico/pull/7147) (@nelljerram) + +#### Bug fixes + +##### General + + - Fix 'error while loading shared libraries: libresolv.so.2: cannot open shared object file' on csi-node-driver-registrar. [calico #7587](https://github.com/projectcalico/calico/pull/7587) (@coutinhop) + - Fix the auto iptables detection if ip_tables.ko preloaded on RHEL/CentOS 8 [calico #7111](https://github.com/projectcalico/calico/pull/7111) (@yankay) + - Update pin to use fixed calico/bird image no fix node ST failures. [calico #7562](https://github.com/projectcalico/calico/pull/7562) (@coutinhop) + - Prevents Node kube-controller's internal pod cache from getting out-of-sync thus leaking memory. [calico #7433](https://github.com/projectcalico/calico/pull/7433) (@dilyevsky) + - Fix high CPU usage in syncL2RoutesForLink: ignore incomplete ARP entries when cleaning up the FDB table. Prevents us from telling the kernel to delete an FDB entry with no HwAddr, which fails triggering a retry loop. [calico #7421](https://github.com/projectcalico/calico/pull/7421) (@detailyang) + - Ensure that veths are created with the proper default values from the kernel. [calico #7358](https://github.com/projectcalico/calico/pull/7358) (@radixo) + - Fix that the tunnel IP allocator did not respond to changes in the IP pool's allowedUses field. [calico #7357](https://github.com/projectcalico/calico/pull/7357) (@fasaxc) + - s390x: fix image mislabel in cni, typha and kube-controllers [calico #7333](https://github.com/projectcalico/calico/pull/7333) (@huoqifeng) + - Remove usage of deprecated '--logtostderr' command line flag. [calico #7294](https://github.com/projectcalico/calico/pull/7294) (@coutinhop) + - Fix that Calico API server would reuse UUIDs from the underlying CRD objects that underpin the datamodel (thus confusing Kubernetes ownership tracking and ArgoCD). This will result in the apparent UUIDs of calico "v3" resources changing over upgrade. This was unavoidable in order to split them from the underlying CRD UUIDs. [calico #7291](https://github.com/projectcalico/calico/pull/7291) (@fasaxc) + - Fix generation of `operator-crds.yaml` manifest. [calico #7216](https://github.com/projectcalico/calico/pull/7216) (@caseydavenport) + - Fix that, if a Typha client loads the list of Typha instances just before they all get upgraded, it takes 30s+ to time out. Reload the list of Typha instances between each connection attempt. [calico #7176](https://github.com/projectcalico/calico/pull/7176) (@fasaxc) + +##### eBPF + + - ebpf: prevents infinite restarts when we switch to ebpf after kube-proxy was in ipvs mode. [calico #7174](https://github.com/projectcalico/calico/pull/7174) (@StevenTigera) + +#### Other changes + +##### General + + - When running Calico in policy-only mode, do not write the IP annotations to the node. [calico #7632](https://github.com/projectcalico/calico/pull/7632) (@mgleung) + - Introduce new BGPFilter resource [calico #7271](https://github.com/projectcalico/calico/pull/7271) (@Josh-Tigera) + - Enable s390x architecture support [calico #7249](https://github.com/projectcalico/calico/pull/7249) (@huoqifeng) + - ocp.tgz now hosted on GitHub [calico #7189](https://github.com/projectcalico/calico/pull/7189) (@caseydavenport) + - Replace misleading BUG: logs in the Typha client. [calico #7172](https://github.com/projectcalico/calico/pull/7172) (@fasaxc) + - Add ability to set the deny action as REJECT instead of DROP [calico #5735](https://github.com/projectcalico/calico/pull/5735) (@olljanat) + +##### eBPF + + - ebpf: rules that mark established flows from before ebpf was turned on are installed asap to make transition smoother [calico #7526](https://github.com/projectcalico/calico/pull/7526) (@tomastigera) + - ebpf: BPFEnforceRPF is Loose by default to avoid issues in some environments. If Strict option is required,it has to be set explicitly and the BPFDataIfacePattern may need to be changed accordingly to avoid attaching to "slave" devices. [calico #7518](https://github.com/projectcalico/calico/pull/7518) (@tomastigera) + - ebpf: Jumpmap versionincremented to prevent failures when upgrading from earlier calico versions [calico #7484](https://github.com/projectcalico/calico/pull/7484) (@tomastigera) + - ebpf: Topology Aware Hints supported when/where provided by k8s. [calico #7241](https://github.com/projectcalico/calico/pull/7241) (@StevenTigera) + - ebpf: Setting BPFDSROptoutCIDRs to a list of CIDRs allows clients from these CIDRs to opt out from DSR when DSR is enabled. We recommend enabling DSR and setting BPFDSROptoutCIDRs to 168.63.129.16/32 in AKS. [calico #7211](https://github.com/projectcalico/calico/pull/7211) (@tomastigera)