Skip to content

Fix build error #2482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ctauchen merged 1 commit into from
Jan 23, 2026
Merged

Fix build error #2482

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 17 additions & 13 deletions calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,23 +233,27 @@

#### Known issues

* Pod restart may be required after initial deployment with Istio Ambient Mode
* Pod restart may be required after initial deployment with Istio Ambient Mode.

When using Calico eBPF dataplane with Istio ambient mode, pods created before ztunnel/istiod are fully ready may experience HBONE tunnel routing failures. Affected pods show connection resets (curl error 56) or TLS handshake failures when
communicating with other ambient-enrolled pods.
When using Calico eBPF dataplane with Istio ambient mode, pods created before ztunnel/istiod are fully ready may experience HBONE tunnel routing failures.

Check failure on line 238 in calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[CalicoStyle.Substitutions] Use 'data plane' instead of 'dataplane'.

Raw Output:
{"message": "[CalicoStyle.Substitutions] Use 'data plane' instead of 'dataplane'.", "location": {"path": "calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx", "range": {"start": {"line": 238, "column": 26}}}, "severity": "ERROR"}

Check failure on line 238 in calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'dataplane'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'dataplane'?", "location": {"path": "calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx", "range": {"start": {"line": 238, "column": 26}}}, "severity": "ERROR"}
Affected pods show connection resets (curl error 56) or TLS handshake failures when communicating with other ambient-enrolled pods.

Symptoms:
- curl: (56) Recv failure: Connection reset by peer between ambient pods
- ztunnel logs showing received corrupt message of type InvalidContentType
- Traffic works from non-ambient pods and via localhost
Symptoms:
- curl: (56) Recv failure: Connection reset by peer between ambient pods

Check failure on line 242 in calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Recv'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Recv'?", "location": {"path": "calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx", "range": {"start": {"line": 242, "column": 16}}}, "severity": "ERROR"}
- ztunnel logs showing received corrupt message of type InvalidContentType

Check failure on line 243 in calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'ztunnel'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'ztunnel'?", "location": {"path": "calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx", "range": {"start": {"line": 243, "column": 5}}}, "severity": "ERROR"}
- Traffic works from non-ambient pods and via localhost

Workaround:
Restart affected deployments after enabling ambient mode:
kubectl rollout restart deployment -n <namespace>
Workaround:
Restart affected deployments after enabling ambient mode:
```shell
kubectl rollout restart deployment -n <namespace>
```

Root Cause:
Pods created during initial ambient mode setup may have stale ztunnel INPOD socket state, causing HBONE traffic to route to the application port instead of the ztunnel HBONE listener (port 15008).
* There is a bug in the where the image pull secret is not propagated to the target namespace when deploying Istio Ambient mode. Affects only users using a private registry.
Root Cause:
Pods created during initial ambient mode setup may have stale ztunnel INPOD socket state, causing HBONE traffic to route to the application port instead of the ztunnel HBONE listener (port 15008).

Check failure on line 253 in calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'ztunnel'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'ztunnel'?", "location": {"path": "calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx", "range": {"start": {"line": 253, "column": 163}}}, "severity": "ERROR"}

Check failure on line 253 in calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'ztunnel'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'ztunnel'?", "location": {"path": "calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx", "range": {"start": {"line": 253, "column": 65}}}, "severity": "ERROR"}

* There is a bug in which the image pull secret is not propagated to the target namespace when deploying Istio Ambient Mode.
Affects only users using a private registry.


#### Upgrading
Expand Down
Loading