diff --git a/calico-enterprise_versioned_docs/version-3.21-2/variables.js b/calico-enterprise_versioned_docs/version-3.21-2/variables.js index b318cbb875..d5ca8923fe 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/variables.js +++ b/calico-enterprise_versioned_docs/version-3.21-2/variables.js @@ -7,7 +7,7 @@ const variables = { prodnamedash: 'calico-enterprise', version: 'v3.21', openSourceVersion: releases[0].calico.minor_version.slice(1), - baseUrl: '/calico-enterprise/latest', + baseUrl: '/calico-enterprise/3.21', filesUrl: 'https://downloads.tigera.io/ee/v3.21.5', rpmsUrl: 'https://downloads.tigera.io/ee/rpms/' + releases[0].title.slice(0, 5), tutorialFilesURL: 'https://docs.tigera.io/files', diff --git a/calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx index 14691897fc..b564914df0 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx @@ -209,5 +209,62 @@ We've also added more feedback into the UI to keep you informed on the progress As a workaround, avoid enabling WAF/L7 functionalities with eBPF dataplane. #### Upgrading + To update an existing installation of Calico Enterprise 3.22, see [Install a patch release](../getting-started/manifest-archive.mdx). +### Calico Enterprise 3.22.1 general availability release + +January 26, 2026 + +Calico Enterprise 3.22.1 is now available as a general availability release. + +This release is supported for use in production. + +#### Breaking changes + +* Renamed the name of the certificate bundle in the tigera-ca-bundle configmaps from tigera-ca-bundle.crt to ca.crt. A copy of the operator signer can still be fond in the original location. This only affects users who use this bundle for features that are not managed by the operator in addition to bringing your own certificates. +* Removed the prefix "cnx-" from image names. The new image names can all be found [here](../getting-started/install-on-clusters/private-registry/private-registry-regular.mdx). +* We are requiring kernel support for the x86-64 v3 architecture in this release as we are beginning to migrate to UBI10. + +#### Bug fixes + +* Fixed an issue causing a panic in Felix when WAF/L7 features are enabled with eBPF dataplane. +* Fixed an issue preventing WAF/L7 features to work on hosts without legacy iptables support, such as Openshift 4.20. +* Fixed an issue where Kibana was making connections to public endpoints. +* Added an egress rule to allow traffic from intrusion detection controller to the tigera-manager deployment. This fixed an issue where traffic would be blocked if the user applies a default deny policy to the namespace. +* Fixed an issue where Guardian was missing the certificate of the Calico API server from its CA bundle. This issue only impacted clusters that were created using an older version of the Operator that did not use a centralized signer. (Calico Enterprise v3.12 and older.) +* Fixed an issue that caused local workloads with borrowed IPs lose connectivity when using the eBPF dataplane. +* Fixed an issue where the VXLAN overlay VNI is always 0 on the eBPF dataplane. [calico 10625](https://github.com/projectcalico/calico/pull/10625) +* Fixed an issue where fragmented UDP packets were incorrectly handled, leading to denied flows. +* Security updates. + + +#### Known issues + +* Pod restart may be required after initial deployment with Istio Ambient Mode. + + When using Calico eBPF dataplane with Istio ambient mode, pods created before ztunnel/istiod are fully ready may experience HBONE tunnel routing failures. + Affected pods show connection resets (curl error 56) or TLS handshake failures when communicating with other ambient-enrolled pods. + + Symptoms: + - curl: (56) Recv failure: Connection reset by peer between ambient pods + - ztunnel logs showing received corrupt message of type InvalidContentType + - Traffic works from non-ambient pods and via localhost + + Workaround: + Restart affected deployments after enabling ambient mode: + ```shell + kubectl rollout restart deployment -n + ``` + + Root Cause: + Pods created during initial ambient mode setup may have stale ztunnel INPOD socket state, causing HBONE traffic to route to the application port instead of the ztunnel HBONE listener (port 15008). + +* There is a bug in which the image pull secret is not propagated to the target namespace when deploying Istio Ambient Mode. + Affects only users using a private registry. +* IPv4 addresses are not currently accepted as valid values for KUBERNETES_SERVICE_HOST - please use a hostname instead.  This issue will be resolved in the next patch release. + + +#### Upgrading + +To update an existing installation of Calico Enterprise 3.22, see [Install a patch release](../getting-started/manifest-archive.mdx). diff --git a/calico-enterprise_versioned_docs/version-3.22-2/releases.json b/calico-enterprise_versioned_docs/version-3.22-2/releases.json index 134450e2c8..ccdff59c33 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/releases.json +++ b/calico-enterprise_versioned_docs/version-3.22-2/releases.json @@ -1,5 +1,266 @@ [ - { + { + "title": "v3.22.1", + "tigera-operator": { + "version": "v1.40.5", + "image": "tigera/operator", + "registry": "quay.io" + }, + "calico": { + "minor_version": "v3.31", + "archive_path": "archive" + }, + "components": { + "alertmanager": { + "version": "v3.22.1", + "image": "tigera/alertmanager" + }, + "calicoctl": { + "version": "v3.22.1", + "image": "tigera/calicoctl" + }, + "calicoq": { + "version": "v3.22.1", + "image": "tigera/calicoq" + }, + "apiserver": { + "version": "v3.22.1", + "image": "tigera/apiserver" + }, + "kube-controllers": { + "version": "v3.22.1", + "image": "tigera/kube-controllers" + }, + "manager": { + "version": "v3.22.1", + "image": "tigera/manager" + }, + "node": { + "version": "v3.22.1", + "image": "tigera/node" + }, + "node-windows": { + "version": "v3.22.1", + "image": "tigera/node-windows" + }, + "queryserver": { + "version": "v3.22.1", + "image": "tigera/queryserver" + }, + "compliance-benchmarker": { + "version": "v3.22.1", + "image": "tigera/compliance-benchmarker" + }, + "compliance-controller": { + "version": "v3.22.1", + "image": "tigera/compliance-controller" + }, + "compliance-reporter": { + "version": "v3.22.1", + "image": "tigera/compliance-reporter" + }, + "compliance-server": { + "version": "v3.22.1", + "image": "tigera/compliance-server" + }, + "compliance-snapshotter": { + "version": "v3.22.1", + "image": "tigera/compliance-snapshotter" + }, + "coreos-alertmanager": { + "version": "v0.28.1" + }, + "coreos-config-reloader": { + "version": "v0.84.0" + }, + "coreos-dex": { + "version": "v2.41.1" + }, + "coreos-fluentd": { + "version": "1.18.0" + }, + "coreos-prometheus": { + "version": "v3.4.1" + }, + "coreos-prometheus-operator": { + "version": "v0.84.0" + }, + "csi": { + "version": "v3.22.1", + "image": "tigera/csi" + }, + "csi-node-driver-registrar": { + "version": "v3.22.1", + "image": "tigera/node-driver-registrar" + }, + "deep-packet-inspection": { + "version": "v3.22.1", + "image": "tigera/deep-packet-inspection" + }, + "dex": { + "version": "v3.22.1", + "image": "tigera/dex" + }, + "dikastes": { + "version": "v3.22.1", + "image": "tigera/dikastes" + }, + "eck-elasticsearch": { + "version": "8.19.10" + }, + "eck-elasticsearch-operator": { + "version": "2.16.1" + }, + "eck-kibana": { + "version": "8.19.10" + }, + "egress-gateway": { + "version": "v3.22.1", + "image": "tigera/egress-gateway" + }, + "elastic-tsee-installer": { + "version": "v3.22.1", + "image": "tigera/intrusion-detection-job-installer" + }, + "elasticsearch": { + "version": "v3.22.1", + "image": "tigera/elasticsearch" + }, + "elasticsearch-metrics": { + "version": "v3.22.1", + "image": "tigera/elasticsearch-metrics" + }, + "elasticsearch-operator": { + "version": "v3.22.1", + "image": "tigera/eck-operator" + }, + "envoy": { + "version": "v3.22.1", + "image": "tigera/envoy" + }, + "es-gateway": { + "version": "v3.22.1", + "image": "tigera/es-gateway" + }, + "firewall-integration": { + "version": "v3.22.1", + "image": "tigera/firewall-integration" + }, + "flexvol": { + "version": "v3.22.1", + "image": "tigera/pod2daemon-flexvol" + }, + "fluentd": { + "version": "v3.22.1", + "image": "tigera/fluentd" + }, + "fluentd-windows": { + "version": "v3.22.1", + "image": "tigera/fluentd-windows" + }, + "gateway-api-envoy-gateway": { + "version": "v3.22.1", + "image": "tigera/envoy-gateway" + }, + "gateway-api-envoy-proxy": { + "version": "v3.22.1", + "image": "tigera/envoy-proxy" + }, + "gateway-api-envoy-ratelimit": { + "version": "v3.22.1", + "image": "tigera/envoy-ratelimit" + }, + "guardian": { + "version": "v3.22.1", + "image": "tigera/guardian" + }, + "ingress-collector": { + "version": "v3.22.1", + "image": "tigera/ingress-collector" + }, + "intrusion-detection-controller": { + "version": "v3.22.1", + "image": "tigera/intrusion-detection-controller" + }, + "key-cert-provisioner": { + "version": "v3.22.1", + "image": "tigera/key-cert-provisioner" + }, + "kibana": { + "version": "v3.22.1", + "image": "tigera/kibana" + }, + "l7-admission-controller": { + "version": "v3.22.1", + "image": "tigera/l7-admission-controller" + }, + "l7-collector": { + "version": "v3.22.1", + "image": "tigera/l7-collector" + }, + "license-agent": { + "version": "v3.22.1", + "image": "tigera/license-agent" + }, + "linseed": { + "version": "v3.22.1", + "image": "tigera/linseed" + }, + "packetcapture": { + "version": "v3.22.1", + "image": "tigera/packetcapture" + }, + "policy-recommendation": { + "version": "v3.22.1", + "image": "tigera/policy-recommendation" + }, + "prometheus": { + "version": "v3.22.1", + "image": "tigera/prometheus" + }, + "prometheus-config-reloader": { + "version": "v3.22.1", + "image": "tigera/prometheus-config-reloader" + }, + "prometheus-operator": { + "version": "v3.22.1", + "image": "tigera/prometheus-operator" + }, + "tigera-cni": { + "version": "v3.22.1", + "image": "tigera/cni" + }, + "tigera-cni-windows": { + "version": "v3.22.1", + "image": "tigera/cni-windows" + }, + "tigera-prometheus-service": { + "version": "v3.22.1", + "image": "tigera/prometheus-service" + }, + "typha": { + "version": "v3.22.1", + "image": "tigera/typha" + }, + "ui-apis": { + "version": "v3.22.1", + "image": "tigera/ui-apis" + }, + "voltron": { + "version": "v3.22.1", + "image": "tigera/voltron" + }, + "waf-http-filter": { + "version": "v3.22.1", + "image": "tigera/waf-http-filter" + }, + "webhooks-processor": { + "version": "v3.22.1", + "image": "tigera/webhooks-processor" + } + } + }, + { "title": "v3.22.0-3.0", "tigera-operator": { "version": "v1.40.4", diff --git a/calico-enterprise_versioned_docs/version-3.22-2/variables.js b/calico-enterprise_versioned_docs/version-3.22-2/variables.js index d77de0df27..996835be68 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/variables.js +++ b/calico-enterprise_versioned_docs/version-3.22-2/variables.js @@ -2,13 +2,13 @@ const releases = require('./releases.json'); const componentImage = require('../../src/components/utils/componentImage'); const variables = { - releaseTitle: 'v3.22.0-3.0', + releaseTitle: 'v3.22.1', prodname: 'Calico Enterprise', prodnamedash: 'calico-enterprise', version: 'v3.22', openSourceVersion: releases[0].calico.minor_version.slice(1), - baseUrl: '/calico-enterprise/3.22', - filesUrl: 'https://downloads.tigera.io/ee/v3.22.0-3.0', + baseUrl: '/calico-enterprise/latest', + filesUrl: 'https://downloads.tigera.io/ee/v3.22.1', rpmsUrl: 'https://downloads.tigera.io/ee/rpms/' + releases[0].title.slice(0, 5), tutorialFilesURL: 'https://docs.tigera.io/files', tmpScriptsURL: 'https://docs.tigera.io/calico-enterprise/3.22', @@ -20,7 +20,7 @@ const variables = { rootDirWindows: 'C:\\TigeraCalico', registry: 'quay.io/', envoyVersion: '1.5.0', - chart_version_name: 'v3.22.0-3.0-0', + chart_version_name: 'v3.22.1-0', tigeraOperator: releases[0]['tigera-operator'], dikastesVersion: releases[0].components.dikastes.version, releases, diff --git a/docusaurus.config.js b/docusaurus.config.js index 401aa56a0a..287813974e 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -435,8 +435,8 @@ export default async function createAsyncConfig() { path: 'calico-enterprise', routeBasePath: 'calico-enterprise', editCurrentVersion: true, - onlyIncludeVersions: [...nextVersion, '3.22-2','3.21-2', '3.20-2', '3.19-2'], - lastVersion: '3.21-2', + onlyIncludeVersions: [...nextVersion, '3.22-2','3.21-2','3.20-2'], + lastVersion: '3.22-2', versions: { current: { label: 'Next', @@ -444,13 +444,13 @@ export default async function createAsyncConfig() { banner: 'unreleased', }, '3.22-2': { - label: '3.22 (early preview)', - path: '3.22', - banner: 'unreleased', + label: '3.22 (latest)', + path: 'latest', + banner: 'none', }, '3.21-2': { - label: '3.21 (latest)', - path: 'latest', + label: '3.21', + path: '3.21', banner: 'none', }, '3.20-2': { diff --git a/src/pages/archive.md b/src/pages/archive.md index b71941469b..b768157cb2 100644 --- a/src/pages/archive.md +++ b/src/pages/archive.md @@ -33,7 +33,7 @@ description: Links to all versions of product documentation for Calico, Calico E * [Calico Enterprise 3.22](https://docs.tigera.io/calico-enterprise/3.22/about) * [Calico Enterprise 3.21](https://docs.tigera.io/calico-enterprise/3.21/about) * [Calico Enterprise 3.20](https://docs.tigera.io/calico-enterprise/3.20/about) -* [Calico Enterprise 3.19](https://docs.tigera.io/calico-enterprise/3.19/about) +* [Calico Enterprise 3.19](https://archive-ce-3-19.netlify.app/calico-enterprise/3.19/about)) * [Calico Enterprise 3.18](https://archive-ce-3-18.netlify.app/calico-enterprise/3.18/about) * [Calico Enterprise 3.17](https://archive-ce-3-17.netlify.app/calico-enterprise/3.17/about) * [Calico Enterprise 3.16](https://archive-ce-3-16.netlify.app/calico-enterprise/3.16/about-calico-enterprise)