From 4461e9d72f7ad966f9a7599c19ca336e838d3eb0 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Wed, 18 Sep 2024 08:42:22 -0700 Subject: [PATCH 1/4] Add release notes & version updates for Calico v3.28.2 --- charts/calico/values.yaml | 2 +- charts/tigera-operator/values.yaml | 4 ++-- process/testing/winfv-felix/capz/export-env.sh | 2 +- release-notes/v3.28.2-release-notes.md | 15 +++++++++++++++ 4 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 release-notes/v3.28.2-release-notes.md diff --git a/charts/calico/values.yaml b/charts/calico/values.yaml index 8c43d4981dc..ffa53c4e019 100644 --- a/charts/calico/values.yaml +++ b/charts/calico/values.yaml @@ -1,5 +1,5 @@ # The Calico version to use when generating manifests. -version: v3.28.1 +version: v3.28.2 # Configure the images to use when generating manifests. node: diff --git a/charts/tigera-operator/values.yaml b/charts/tigera-operator/values.yaml index 1d5c6a3777b..34f63c61eca 100644 --- a/charts/tigera-operator/values.yaml +++ b/charts/tigera-operator/values.yaml @@ -61,11 +61,11 @@ podLabels: {} # Image and registry configuration for the tigera/operator pod. tigeraOperator: image: tigera/operator - version: v1.34.3 + version: v1.34.4 registry: quay.io calicoctl: image: docker.io/calico/ctl - tag: v3.28.1 + tag: v3.28.2 kubeletVolumePluginPath: /var/lib/kubelet diff --git a/process/testing/winfv-felix/capz/export-env.sh b/process/testing/winfv-felix/capz/export-env.sh index 5cde0b1ba60..7a2e8b423f9 100755 --- a/process/testing/winfv-felix/capz/export-env.sh +++ b/process/testing/winfv-felix/capz/export-env.sh @@ -21,5 +21,5 @@ export KIND_VERSION=v0.24.0 export CLUSTER_API_VERSION="${CLUSTER_API_VERSION:="v1.8.1"}" export AZURE_PROVIDER_VERSION="${AZURE_PROVIDER_VERSION:="v1.13.2"}" export CONTAINERD_VERSION="${CONTAINERD_VERSION:="v1.7.20"}" -export CALICO_VERSION="${CALICO_VERSION:="v3.28.1"}" +export CALICO_VERSION="${CALICO_VERSION:="v3.28.2"}" export YQ_VERSION="${YQ_VERSION:="v4.44.3"}" diff --git a/release-notes/v3.28.2-release-notes.md b/release-notes/v3.28.2-release-notes.md new file mode 100644 index 00000000000..85bf997193f --- /dev/null +++ b/release-notes/v3.28.2-release-notes.md @@ -0,0 +1,15 @@ +18 Sep 2024 + +#### Bug fixes + + - Don't run pprof on prometheus metrics port [calico #9224](https://github.com/projectcalico/calico/pull/9224) (@coutinhop) + - ebpf: Fix for Istio ambient mode - traffic that arrives from host should go back through host and not skip iptables [calico #9199](https://github.com/projectcalico/calico/pull/9199) (@tomastigera) + - [etcd mode] Fix issue where Calico nodes failed to decommission if calico-kube-controllers was running on the terminated node. [calico #9197](https://github.com/projectcalico/calico/pull/9197) (@caseydavenport) + - ebpf: Attach XDP to bond slave devices. [calico #9143](https://github.com/projectcalico/calico/pull/9143) (@sridhartigera) + - BGP: Prevent the advertisement of local kernel routes learned from eBPF interfaces (bpf*.cali) to peers. [calico #9127](https://github.com/projectcalico/calico/pull/9127) (@mazdakn) + - Fix Felix panic when using non-default BPF map sizes. Size was not updated in all places resulting in failure to attach programs. [calico #9118](https://github.com/projectcalico/calico/pull/9118) (@sridhartigera) + - Fix interaction between kube-proxy and Calico's SNAT rules that could cause corrupted VXLAN packets when checksum offload was enabled. Move Calico's rules after kube-proxy's to make sure kube-proxy's mark bit is cleared if both would have done SNAT. [calico #9102](https://github.com/projectcalico/calico/pull/9102) (@tomastigera) + - Fix missing resources in calioctl command help text [calico #9095](https://github.com/projectcalico/calico/pull/9095) (@caseydavenport) + - ebpf: Fix parsing host IP update and re-attach program on all interfaces when there is a host IP update; fix frequently attaching BPF programs when pods annotations/labels change and eventually failing due ro running out of tc priority. [calico #9094](https://github.com/projectcalico/calico/pull/9094) (@sridhartigera) + - Fix Felix panicing when trying to resync a temporary IP set. Temporary IP sets are created in certain scenarios after previous failures. [calico #9078](https://github.com/projectcalico/calico/pull/9078) (@fasaxc) + - Helm: Fix error parsing kubernetesServiceEndpoint.host and kubernetesServiceEndpoint.port as an integer [calico #9068](https://github.com/projectcalico/calico/pull/9068) (@MichalFupso) From 15220306b50b4e2cc83ca2e91add2bcf5b8b3d8e Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Wed, 18 Sep 2024 08:58:20 -0700 Subject: [PATCH 2/4] Update charts/tigera-operator/values.yaml Co-authored-by: Pedro Coutinho --- charts/tigera-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tigera-operator/values.yaml b/charts/tigera-operator/values.yaml index 34f63c61eca..38fd9d4c7f6 100644 --- a/charts/tigera-operator/values.yaml +++ b/charts/tigera-operator/values.yaml @@ -61,7 +61,7 @@ podLabels: {} # Image and registry configuration for the tigera/operator pod. tigeraOperator: image: tigera/operator - version: v1.34.4 + version: v1.34.5 registry: quay.io calicoctl: image: docker.io/calico/ctl From 8e7152ae54b81ec992d9a42d08f97f0c1f0203e4 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Wed, 18 Sep 2024 09:37:26 -0700 Subject: [PATCH 3/4] Update manifests for v3.28.2 --- manifests/alp/istio-inject-configmap-1.1.0.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.1.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.10.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.11.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.12.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.13.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.14.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.15.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.16.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.17.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.2.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.3.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.4.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.5.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.6.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.7.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.8.yaml | 2 +- manifests/alp/istio-inject-configmap-1.1.9.yaml | 2 +- manifests/alp/istio-inject-configmap-1.10.yaml | 4 ++-- manifests/alp/istio-inject-configmap-1.15.yaml | 4 ++-- manifests/alp/istio-inject-configmap-1.2.0.yaml | 2 +- manifests/alp/istio-inject-configmap-1.2.1.yaml | 2 +- manifests/alp/istio-inject-configmap-1.2.2.yaml | 2 +- manifests/alp/istio-inject-configmap-1.2.3.yaml | 2 +- manifests/alp/istio-inject-configmap-1.2.4.yaml | 2 +- manifests/alp/istio-inject-configmap-1.2.5.yaml | 2 +- manifests/alp/istio-inject-configmap-1.2.6.yaml | 2 +- manifests/alp/istio-inject-configmap-1.2.7.yaml | 2 +- manifests/alp/istio-inject-configmap-1.2.8.yaml | 2 +- manifests/alp/istio-inject-configmap-1.2.9.yaml | 2 +- manifests/alp/istio-inject-configmap-1.3.0.yaml | 2 +- manifests/alp/istio-inject-configmap-1.3.1.yaml | 2 +- manifests/alp/istio-inject-configmap-1.3.2.yaml | 2 +- manifests/alp/istio-inject-configmap-1.3.3.yaml | 2 +- manifests/alp/istio-inject-configmap-1.3.4.yaml | 2 +- manifests/alp/istio-inject-configmap-1.3.5.yaml | 2 +- manifests/alp/istio-inject-configmap-1.4.0.yaml | 2 +- manifests/alp/istio-inject-configmap-1.4.1.yaml | 2 +- manifests/alp/istio-inject-configmap-1.4.2.yaml | 2 +- manifests/alp/istio-inject-configmap-1.6.yaml | 2 +- manifests/alp/istio-inject-configmap-1.7.yaml | 2 +- manifests/alp/istio-inject-configmap-1.9.yaml | 4 ++-- manifests/apiserver.yaml | 2 +- manifests/calico-bpf.yaml | 10 +++++----- manifests/calico-etcd.yaml | 8 ++++---- manifests/calico-policy-only.yaml | 10 +++++----- manifests/calico-typha.yaml | 12 ++++++------ manifests/calico-vxlan.yaml | 10 +++++----- manifests/calico.yaml | 10 +++++----- manifests/calicoctl-etcd.yaml | 4 ++-- manifests/calicoctl.yaml | 4 ++-- manifests/canal-etcd.yaml | 8 ++++---- manifests/canal.yaml | 8 ++++---- manifests/csi-driver.yaml | 4 ++-- manifests/flannel-migration/calico.yaml | 10 +++++----- manifests/ocp/02-tigera-operator.yaml | 6 +++--- manifests/tigera-operator.yaml | 4 ++-- 57 files changed, 100 insertions(+), 100 deletions(-) diff --git a/manifests/alp/istio-inject-configmap-1.1.0.yaml b/manifests/alp/istio-inject-configmap-1.1.0.yaml index 12b850a5351..6042edaa4ed 100644 --- a/manifests/alp/istio-inject-configmap-1.1.0.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.0.yaml @@ -178,7 +178,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.1.yaml b/manifests/alp/istio-inject-configmap-1.1.1.yaml index 8aedcec8691..d8865774860 100644 --- a/manifests/alp/istio-inject-configmap-1.1.1.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.1.yaml @@ -178,7 +178,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.10.yaml b/manifests/alp/istio-inject-configmap-1.1.10.yaml index ceaa1a66714..4d5bc0d3919 100644 --- a/manifests/alp/istio-inject-configmap-1.1.10.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.10.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.11.yaml b/manifests/alp/istio-inject-configmap-1.1.11.yaml index 0a8525aedc7..9dadc7a6260 100644 --- a/manifests/alp/istio-inject-configmap-1.1.11.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.11.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.12.yaml b/manifests/alp/istio-inject-configmap-1.1.12.yaml index 4794174aed4..893576640b9 100644 --- a/manifests/alp/istio-inject-configmap-1.1.12.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.12.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.13.yaml b/manifests/alp/istio-inject-configmap-1.1.13.yaml index 44a677ec128..41b9c7923d0 100644 --- a/manifests/alp/istio-inject-configmap-1.1.13.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.13.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.14.yaml b/manifests/alp/istio-inject-configmap-1.1.14.yaml index 242e3a4d121..f67abc95458 100644 --- a/manifests/alp/istio-inject-configmap-1.1.14.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.14.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.15.yaml b/manifests/alp/istio-inject-configmap-1.1.15.yaml index 1dd04d296ce..c294852890d 100644 --- a/manifests/alp/istio-inject-configmap-1.1.15.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.15.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.16.yaml b/manifests/alp/istio-inject-configmap-1.1.16.yaml index c6c10b8f8a2..f5c254e3743 100644 --- a/manifests/alp/istio-inject-configmap-1.1.16.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.16.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.17.yaml b/manifests/alp/istio-inject-configmap-1.1.17.yaml index 4c412d8e9ad..5cde518cf86 100644 --- a/manifests/alp/istio-inject-configmap-1.1.17.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.17.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.2.yaml b/manifests/alp/istio-inject-configmap-1.1.2.yaml index 04ecbd2e388..3e681715ceb 100644 --- a/manifests/alp/istio-inject-configmap-1.1.2.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.2.yaml @@ -178,7 +178,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.3.yaml b/manifests/alp/istio-inject-configmap-1.1.3.yaml index 3c80452facf..ca47bd9b3b4 100644 --- a/manifests/alp/istio-inject-configmap-1.1.3.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.3.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.4.yaml b/manifests/alp/istio-inject-configmap-1.1.4.yaml index 8307a865521..cbdf2befc92 100644 --- a/manifests/alp/istio-inject-configmap-1.1.4.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.4.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.5.yaml b/manifests/alp/istio-inject-configmap-1.1.5.yaml index 4828c01a85e..ede71ae6573 100644 --- a/manifests/alp/istio-inject-configmap-1.1.5.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.5.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.6.yaml b/manifests/alp/istio-inject-configmap-1.1.6.yaml index 6f8ed643191..df62d73038e 100644 --- a/manifests/alp/istio-inject-configmap-1.1.6.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.6.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.7.yaml b/manifests/alp/istio-inject-configmap-1.1.7.yaml index 676cb413150..edcfded0687 100644 --- a/manifests/alp/istio-inject-configmap-1.1.7.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.7.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.8.yaml b/manifests/alp/istio-inject-configmap-1.1.8.yaml index ce56046f5a2..210b3390e86 100644 --- a/manifests/alp/istio-inject-configmap-1.1.8.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.8.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.1.9.yaml b/manifests/alp/istio-inject-configmap-1.1.9.yaml index 86cb9cbd00d..74a04969d8f 100644 --- a/manifests/alp/istio-inject-configmap-1.1.9.yaml +++ b/manifests/alp/istio-inject-configmap-1.1.9.yaml @@ -180,7 +180,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.10.yaml b/manifests/alp/istio-inject-configmap-1.10.yaml index 9885439eccd..651b5a38356 100644 --- a/manifests/alp/istio-inject-configmap-1.10.yaml +++ b/manifests/alp/istio-inject-configmap-1.10.yaml @@ -433,7 +433,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false @@ -720,7 +720,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.15.yaml b/manifests/alp/istio-inject-configmap-1.15.yaml index a48a4273463..c5835d91bbd 100644 --- a/manifests/alp/istio-inject-configmap-1.15.yaml +++ b/manifests/alp/istio-inject-configmap-1.15.yaml @@ -434,7 +434,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false @@ -719,7 +719,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.0.yaml b/manifests/alp/istio-inject-configmap-1.2.0.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.0.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.0.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.1.yaml b/manifests/alp/istio-inject-configmap-1.2.1.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.1.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.1.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.2.yaml b/manifests/alp/istio-inject-configmap-1.2.2.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.2.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.2.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.3.yaml b/manifests/alp/istio-inject-configmap-1.2.3.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.3.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.3.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.4.yaml b/manifests/alp/istio-inject-configmap-1.2.4.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.4.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.4.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.5.yaml b/manifests/alp/istio-inject-configmap-1.2.5.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.5.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.5.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.6.yaml b/manifests/alp/istio-inject-configmap-1.2.6.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.6.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.6.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.7.yaml b/manifests/alp/istio-inject-configmap-1.2.7.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.7.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.7.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.8.yaml b/manifests/alp/istio-inject-configmap-1.2.8.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.8.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.8.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.2.9.yaml b/manifests/alp/istio-inject-configmap-1.2.9.yaml index 663ea2e224d..111eb9e2984 100644 --- a/manifests/alp/istio-inject-configmap-1.2.9.yaml +++ b/manifests/alp/istio-inject-configmap-1.2.9.yaml @@ -301,7 +301,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.0.yaml b/manifests/alp/istio-inject-configmap-1.3.0.yaml index 5bcd23edf58..9aed4840044 100644 --- a/manifests/alp/istio-inject-configmap-1.3.0.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.0.yaml @@ -327,7 +327,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.1.yaml b/manifests/alp/istio-inject-configmap-1.3.1.yaml index 02346c1c1c2..5ffa3af4ff4 100644 --- a/manifests/alp/istio-inject-configmap-1.3.1.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.1.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.2.yaml b/manifests/alp/istio-inject-configmap-1.3.2.yaml index 02346c1c1c2..5ffa3af4ff4 100644 --- a/manifests/alp/istio-inject-configmap-1.3.2.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.2.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.3.yaml b/manifests/alp/istio-inject-configmap-1.3.3.yaml index 02346c1c1c2..5ffa3af4ff4 100644 --- a/manifests/alp/istio-inject-configmap-1.3.3.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.3.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.4.yaml b/manifests/alp/istio-inject-configmap-1.3.4.yaml index 02346c1c1c2..5ffa3af4ff4 100644 --- a/manifests/alp/istio-inject-configmap-1.3.4.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.4.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.3.5.yaml b/manifests/alp/istio-inject-configmap-1.3.5.yaml index 02346c1c1c2..5ffa3af4ff4 100644 --- a/manifests/alp/istio-inject-configmap-1.3.5.yaml +++ b/manifests/alp/istio-inject-configmap-1.3.5.yaml @@ -333,7 +333,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.4.0.yaml b/manifests/alp/istio-inject-configmap-1.4.0.yaml index ebb02b28231..ff52b9796d8 100644 --- a/manifests/alp/istio-inject-configmap-1.4.0.yaml +++ b/manifests/alp/istio-inject-configmap-1.4.0.yaml @@ -351,7 +351,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.4.1.yaml b/manifests/alp/istio-inject-configmap-1.4.1.yaml index ebb02b28231..ff52b9796d8 100644 --- a/manifests/alp/istio-inject-configmap-1.4.1.yaml +++ b/manifests/alp/istio-inject-configmap-1.4.1.yaml @@ -351,7 +351,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.4.2.yaml b/manifests/alp/istio-inject-configmap-1.4.2.yaml index ebb02b28231..ff52b9796d8 100644 --- a/manifests/alp/istio-inject-configmap-1.4.2.yaml +++ b/manifests/alp/istio-inject-configmap-1.4.2.yaml @@ -351,7 +351,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.6.yaml b/manifests/alp/istio-inject-configmap-1.6.yaml index 5a9c48c65c2..f27d694b551 100644 --- a/manifests/alp/istio-inject-configmap-1.6.yaml +++ b/manifests/alp/istio-inject-configmap-1.6.yaml @@ -363,7 +363,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.7.yaml b/manifests/alp/istio-inject-configmap-1.7.yaml index ff52ee76071..2c096a26b62 100644 --- a/manifests/alp/istio-inject-configmap-1.7.yaml +++ b/manifests/alp/istio-inject-configmap-1.7.yaml @@ -369,7 +369,7 @@ data: - mountPath: /var/run/dikastes name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/alp/istio-inject-configmap-1.9.yaml b/manifests/alp/istio-inject-configmap-1.9.yaml index 1f70f937ecd..2fae3b20436 100644 --- a/manifests/alp/istio-inject-configmap-1.9.yaml +++ b/manifests/alp/istio-inject-configmap-1.9.yaml @@ -428,7 +428,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false @@ -714,7 +714,7 @@ data: name: dikastes-sock - name: dikastes - image: calico/dikastes:v3.28.1 + image: calico/dikastes:v3.28.2 args: ["server", "-l", "/var/run/dikastes/dikastes.sock", "-d", "/var/run/felix/nodeagent/socket"] securityContext: allowPrivilegeEscalation: false diff --git a/manifests/apiserver.yaml b/manifests/apiserver.yaml index 3d23593b562..e79f1be1869 100644 --- a/manifests/apiserver.yaml +++ b/manifests/apiserver.yaml @@ -77,7 +77,7 @@ spec: env: - name: DATASTORE_TYPE value: kubernetes - image: calico/apiserver:v3.28.1 + image: calico/apiserver:v3.28.2 name: calico-apiserver readinessProbe: httpGet: diff --git a/manifests/calico-bpf.yaml b/manifests/calico-bpf.yaml index d9e6ef26ea2..ba1ee76c805 100644 --- a/manifests/calico-bpf.yaml +++ b/manifests/calico-bpf.yaml @@ -4801,7 +4801,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4840,7 +4840,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4894,7 +4894,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4920,7 +4920,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -5154,7 +5154,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.1 + image: docker.io/calico/kube-controllers:v3.28.2 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/calico-etcd.yaml b/manifests/calico-etcd.yaml index 4a9629b4540..4a051a5bc9f 100644 --- a/manifests/calico-etcd.yaml +++ b/manifests/calico-etcd.yaml @@ -302,7 +302,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -348,7 +348,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -374,7 +374,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -617,7 +617,7 @@ spec: hostNetwork: true containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.1 + image: docker.io/calico/kube-controllers:v3.28.2 imagePullPolicy: IfNotPresent env: # The location of the etcd cluster. diff --git a/manifests/calico-policy-only.yaml b/manifests/calico-policy-only.yaml index 9ea236fcf50..8921cac7a69 100644 --- a/manifests/calico-policy-only.yaml +++ b/manifests/calico-policy-only.yaml @@ -4782,7 +4782,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4819,7 +4819,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4845,7 +4845,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -5036,7 +5036,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.1 + image: docker.io/calico/kube-controllers:v3.28.2 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. @@ -5125,7 +5125,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: docker.io/calico/typha:v3.28.1 + - image: docker.io/calico/typha:v3.28.2 imagePullPolicy: IfNotPresent name: calico-typha ports: diff --git a/manifests/calico-typha.yaml b/manifests/calico-typha.yaml index 7f4671f8515..55f9c124fb1 100644 --- a/manifests/calico-typha.yaml +++ b/manifests/calico-typha.yaml @@ -4832,7 +4832,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4860,7 +4860,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4903,7 +4903,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4929,7 +4929,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -5155,7 +5155,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.1 + image: docker.io/calico/kube-controllers:v3.28.2 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. @@ -5244,7 +5244,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: docker.io/calico/typha:v3.28.1 + - image: docker.io/calico/typha:v3.28.2 imagePullPolicy: IfNotPresent name: calico-typha ports: diff --git a/manifests/calico-vxlan.yaml b/manifests/calico-vxlan.yaml index 7b0e51afb9e..3dc748aba5b 100644 --- a/manifests/calico-vxlan.yaml +++ b/manifests/calico-vxlan.yaml @@ -4796,7 +4796,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4824,7 +4824,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4867,7 +4867,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4893,7 +4893,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -5111,7 +5111,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.1 + image: docker.io/calico/kube-controllers:v3.28.2 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/calico.yaml b/manifests/calico.yaml index f7f29804bb8..f5ed59ca2de 100644 --- a/manifests/calico.yaml +++ b/manifests/calico.yaml @@ -4796,7 +4796,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4824,7 +4824,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4867,7 +4867,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4893,7 +4893,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -5113,7 +5113,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.1 + image: docker.io/calico/kube-controllers:v3.28.2 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/calicoctl-etcd.yaml b/manifests/calicoctl-etcd.yaml index 61ee7820200..a44cee91a90 100644 --- a/manifests/calicoctl-etcd.yaml +++ b/manifests/calicoctl-etcd.yaml @@ -1,7 +1,7 @@ # Calico Version master # https://projectcalico.docs.tigera.io/releases#master # This manifest includes the following component versions: -# calico/ctl:v3.28.1 +# calico/ctl:v3.28.2 apiVersion: v1 kind: Pod @@ -14,7 +14,7 @@ spec: hostNetwork: true containers: - name: calicoctl - image: calico/ctl:v3.28.1 + image: calico/ctl:v3.28.2 command: - calicoctl args: diff --git a/manifests/calicoctl.yaml b/manifests/calicoctl.yaml index 8d71fcfb80e..377c27753b6 100644 --- a/manifests/calicoctl.yaml +++ b/manifests/calicoctl.yaml @@ -1,7 +1,7 @@ # Calico Version master # https://projectcalico.docs.tigera.io/releases#master # This manifest includes the following component versions: -# calico/ctl:v3.28.1 +# calico/ctl:v3.28.2 apiVersion: v1 kind: ServiceAccount @@ -23,7 +23,7 @@ spec: serviceAccountName: calicoctl containers: - name: calicoctl - image: calico/ctl:v3.28.1 + image: calico/ctl:v3.28.2 command: - calicoctl args: diff --git a/manifests/canal-etcd.yaml b/manifests/canal-etcd.yaml index ba63fb50d06..92722243b94 100644 --- a/manifests/canal-etcd.yaml +++ b/manifests/canal-etcd.yaml @@ -382,7 +382,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -452,7 +452,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -478,7 +478,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -777,7 +777,7 @@ spec: hostNetwork: true containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.1 + image: docker.io/calico/kube-controllers:v3.28.2 imagePullPolicy: IfNotPresent env: # The location of the etcd cluster. diff --git a/manifests/canal.yaml b/manifests/canal.yaml index 8f81f9f187f..21310b5cd75 100644 --- a/manifests/canal.yaml +++ b/manifests/canal.yaml @@ -4805,7 +4805,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4854,7 +4854,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4880,7 +4880,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -5111,7 +5111,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.1 + image: docker.io/calico/kube-controllers:v3.28.2 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/csi-driver.yaml b/manifests/csi-driver.yaml index a88194c2eca..ecb2f6b01fd 100644 --- a/manifests/csi-driver.yaml +++ b/manifests/csi-driver.yaml @@ -50,7 +50,7 @@ spec: effect: NoSchedule containers: - name: calico-csi - image: calico/csi:v3.28.1 + image: calico/csi:v3.28.2 imagePullPolicy: IfNotPresent args: - --nodeid=$(KUBE_NODE_NAME) @@ -75,7 +75,7 @@ spec: mountPath: /var/lib/kubelet/ mountPropagation: "Bidirectional" - name: csi-node-driver-registrar - image: calico/node-driver-registrar:v3.28.1 + image: calico/node-driver-registrar:v3.28.2 imagePullPolicy: IfNotPresent args: - --v=5 diff --git a/manifests/flannel-migration/calico.yaml b/manifests/flannel-migration/calico.yaml index 41da63e34a2..3c970841d6b 100644 --- a/manifests/flannel-migration/calico.yaml +++ b/manifests/flannel-migration/calico.yaml @@ -4798,7 +4798,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -4826,7 +4826,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.28.1 + image: docker.io/calico/cni:v3.28.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -4869,7 +4869,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -4895,7 +4895,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.28.1 + image: docker.io/calico/node:v3.28.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: @@ -5113,7 +5113,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.1 + image: docker.io/calico/kube-controllers:v3.28.2 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/manifests/ocp/02-tigera-operator.yaml b/manifests/ocp/02-tigera-operator.yaml index fdc91749365..ff853cd4330 100644 --- a/manifests/ocp/02-tigera-operator.yaml +++ b/manifests/ocp/02-tigera-operator.yaml @@ -32,7 +32,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: tigera-operator - image: quay.io/tigera/operator:v1.34.3 + image: quay.io/tigera/operator:v1.34.4 imagePullPolicy: IfNotPresent command: - operator @@ -50,7 +50,7 @@ spec: - name: OPERATOR_NAME value: "tigera-operator" - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION - value: v1.34.3 + value: v1.34.4 envFrom: - configMapRef: name: kubernetes-services-endpoint @@ -69,7 +69,7 @@ spec: name: install-resources-script initContainers: - name: create-initial-resources - image: docker.io/calico/ctl:v3.28.1 + image: docker.io/calico/ctl:v3.28.2 env: - name: DATASTORE_TYPE value: kubernetes diff --git a/manifests/tigera-operator.yaml b/manifests/tigera-operator.yaml index ec6aa819a5b..53cc9f86aa1 100644 --- a/manifests/tigera-operator.yaml +++ b/manifests/tigera-operator.yaml @@ -25447,7 +25447,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: tigera-operator - image: quay.io/tigera/operator:v1.34.3 + image: quay.io/tigera/operator:v1.34.4 imagePullPolicy: IfNotPresent command: - operator @@ -25465,7 +25465,7 @@ spec: - name: OPERATOR_NAME value: "tigera-operator" - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION - value: v1.34.3 + value: v1.34.4 envFrom: - configMapRef: name: kubernetes-services-endpoint From 5d10d266ca0e09d8dc5b2ae739657c55d076ebb4 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Wed, 18 Sep 2024 09:44:08 -0700 Subject: [PATCH 4/4] Update manifests for new operator version --- manifests/ocp/02-tigera-operator.yaml | 4 ++-- manifests/tigera-operator.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/ocp/02-tigera-operator.yaml b/manifests/ocp/02-tigera-operator.yaml index ff853cd4330..a4cdc444f2a 100644 --- a/manifests/ocp/02-tigera-operator.yaml +++ b/manifests/ocp/02-tigera-operator.yaml @@ -32,7 +32,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: tigera-operator - image: quay.io/tigera/operator:v1.34.4 + image: quay.io/tigera/operator:v1.34.5 imagePullPolicy: IfNotPresent command: - operator @@ -50,7 +50,7 @@ spec: - name: OPERATOR_NAME value: "tigera-operator" - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION - value: v1.34.4 + value: v1.34.5 envFrom: - configMapRef: name: kubernetes-services-endpoint diff --git a/manifests/tigera-operator.yaml b/manifests/tigera-operator.yaml index 53cc9f86aa1..90db2f96acc 100644 --- a/manifests/tigera-operator.yaml +++ b/manifests/tigera-operator.yaml @@ -25447,7 +25447,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: tigera-operator - image: quay.io/tigera/operator:v1.34.4 + image: quay.io/tigera/operator:v1.34.5 imagePullPolicy: IfNotPresent command: - operator @@ -25465,7 +25465,7 @@ spec: - name: OPERATOR_NAME value: "tigera-operator" - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION - value: v1.34.4 + value: v1.34.5 envFrom: - configMapRef: name: kubernetes-services-endpoint