v2.6.8

Bug Fixes

• Ignore hidden files when checking for etcd certificates to copy over when installing CNI. cni-plugin #474 (@tmjd)
• Sanitize Mesos labels by stripping preceding and succeeding special characters and converting the rest to periods. cni-plugin #467 (@ozdanborne)

v3.0.2

Important: Review the documentation carefully before attempting an upgrade.
You must upgrade to Calico v2.6.5 or later before you can upgrade to Calico v3.0.2.

Bug Fixes

• Fixed a bug where Calico would silently lose its connection to etcd and never recover when the etcd server was terminated. libcalico-go #780 (@caseydavenport)
• Fixed a bug when multiple nodes are restarted simultaneously and swap IP addresses calico #1681 (@caseydavenport)
• Fixed a route scan issue where upon startup bird did not notice that tunneled routes needed to be updated to be non-tunneled. calico #1679 (@caseydavenport)
• Enable Kubernetes node references for automatic cleanup of Node resources in etcd. calico #1678 (@caseydavenport)
• Fixed a panic when BGP is disabled. calico #1674 (@tmjd)
• Kubernetes self-hosted manifests now enable BGP IP address auto-detection by default. calico #1588 (@caseydavenport)

v2.6.7

Bug Fixes

• libcalico-go #774: Fixed bug where Felix would crash when parsing a NetworkPolicy with a named port (@caseydavenport)
• Calico #1625: Fix a route scan issue where upon startup bird did not spot that a tunneled route needed to be updated to be non-tunneled. (@robbrockbank)

v2.6.6

Bug Fixes

• Updates the calico/node startup logging format to be consistent with other Calico logs.
• Updates Typha and Felix to send logs to stdout instead of stderr.
• Resolves an issue when upgrading from old versions of Calico where the k8s-policy-no-match network policy was not removed as expected.

v3.0.1

Calico/node v3.0.1.

Important: This release includes breaking changes to the data and resource
model. Review the documentation carefully before attempting an upgrade.
Some highlights include:

• You must upgrade to Calico v2.6.5 before you can upgrade to v3.0.1.
• Calico deployments that access the etcd datastore directly must complete
  a one-time migration.
• You must convert any customized Calico manifests via calicoctl convert
  before you can use them with v3.0.1.

What's new

Support for etcdv3

• Calico now stores its data in etcd version 3.

Support for Windows in policy-only mode

• Felix now compiles and runs on Windows in policy-only mode. felix #1638 (@nwoodmsft)

Migration and upgrade from v2.6.5

• This version of Calico supports migration and upgrade from Calico v2.6.5.

calicoctl enhancements

• Those using the Kubernetes API datastore can now use calicoctl to create, read, update, and delete Calico policies.

• calicoctl features two new resources: BGP Configuration and Felix Configuration.

• The calicoctl policy resource has been split into new network policy and global network policy resources.

• Network policy resources can include a namespace value, allowing you to create policies that only apply to workload endpoint resources in the same namespace.

• You can now specify namespaceSelector expressions in network policy and global network policy rules to select one or more namespaces in their entirety.

• The get, apply, create, delete, and replace commands of calicoctl now include an optional --namespace=<NS> flag. Refer to the calicoctl Command reference section for more details.

• The get command of calicoctl now includes optional --all-namespaces and --export flags. Refer to the calicoctl get section for more information.

• calicoctl no longer accepts the following flags in get commands: --node=<NODE>, --orchestrator=<ORCH>, --workload=<WORKLOAD>, and --scope=<SCOPE>. These options are now a part of the individual resources.

• calicoctl no longer includes a config command. To achieve the equivalent functionality, refer to Modifying low-level component configurations.

• You can now name host and workload endpoint ports and reference them by name in your policy rules.

• calicoctl now allows a 0 value for ICMP entries in policy resources, enabling ping responses. In addition, it now rejects 255 values in the type field due to lack of kernel support. Refer to the reference documentation of the network policy and global network policy resources for more information.

• calicoctl now offers a new convert command, allowing 2.6.x manifests stored under version control to be converted to the v3.x format. calicoctl #1782 (@gunjan5)

Host endpoint policies can be applied to forwarded traffic

• The new ApplyOnForward flag allows you to specify if a host endpoint policy should apply to forwarded traffic or not. Forwarded traffic includes traffic forwarded between host endpoints and traffic forwarded between a host endpoint and a workload endpoint on the same host. Refer to Using Calico to secure host interfaces for more details.

CNI plugin changes

• Calico now assigns the host side of veth pairs a MAC address of ee:ee:ee:ee:ee:ee. If this fails, it uses a kernel-generated MAC address as before. For more information, refer to the Troubleshooting FAQ. cni-plugin #436 (@tmjd)

• The CNI plugin now offers an optional environment variable called CNI_OLD_CONF_NAME. If set, the CNI plug-in cleans up old configuration data during an upgrade, making it easier to migrate to a new CNI_CONF_NAME value. cni-plugin #392(@weikinhuang)

• The CNI plugin no longer throws a file exists message when programming routes. cni-plugin #406 (@gunjan5)

• After a period of deprecation, this release removes support for the ETCD_AUTHORITY and ETCD_SCHEME environment variables. Calico no longer reads these values. If you have not transitioned to ETCD_ENDPOINTS, you must do so as of v3.0. Refer to Configuring calicoctl - etcdv3 datastore for more information.

• A new node controller for Kubernetes deployments clears data associated with deleted nodes from the Calico datastore, preventing conflicts that can lead to crash loops. Refer to Configuring the Calico Kubernetes controllers for more information.

Other changes

• Calico now works with Kubernetes network services proxy with IPVS/LVS. Calico enforces network policies with kube-proxy running in IPVS mode for Kubernetes clusters. Currently only workload ingress policy is supported.

• Rolling update is now enabled by default in the Kubernetes self-hosted manifests. calico #1506 (@caseydavenport)

• The CoreOS version used for the Kubernetes Vagrant tutorial has been updated, resolving an issue causing kubectl to hang. calico #1487 (@2ffs2nns)

• Typha no longer sends incorrect updateTypes to Felix, increasing the accuracy of Felix statistics. typha #70 (@fasaxc)

• The CNI plugin now offers an optional environment variable called CNI_OLD_CONF_NAME. If set, the CNI plug-in cleans up old configuration data during an upgrade, making it easier to migrate to a new CNI_CONF_NAME value. cni-plugin #392(@weikinhuang)

Limitations

• Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

• GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See [Configuring calico/node] (https://docs.projectcalico.org/v3.0/reference/node/configuration) for more information. We plan to resume support for GoBPG in a future release.

• Route reflectors cannot be clustered: We plan to resume support for this in a future release.

v2.6.5

Bug Fixes

• Resolves an issue which may lead to a brief loss of connectivity while upgrading
  to v3.0.0 from v2.6.4 when using an etcd datastore. [https://github.com/projectcalico/felix/pull/1676].

v3.0.0

Calico/node v3.0.0.

Important: Due to a known issue in this release that can cause potential
brief losses of connectivity after upgrading from v2.6.4, this release is
deprecated. Use v3.0.1 instead. This issue does not affect those using the
Kubernetes API datastore or running in policy-only mode.

v2.6.4

Calico v2.6.4:

Important: Due to a known issue in this release that can cause potential
brief losses of connectivity while upgrading from v2.6.4, this release is
deprecated. Use v2.6.5 instead. This issue does not affect those using the
Kubernetes API datastore or running in policy-only mode.

v2.6.4-rc3

Calico/node v2.6.4-rc3 is a release candidate for testing purposes only. This release includes:

• A felix fix for "liveness" checking: projectcalico/felix#1662

v2.6.4-rc2

This is a pre-release candidate for testing purposes only and is NOT suitable for production clusters.

RC2 adds:

• Update to how we report "liveness" - report healthy while connecting to the datastore. See projectcalico/felix#1652