Updates for release v3.19.0 (#4582)

AUTHORS.md

@@ -18,6 +18,7 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | Alex Pollitt                             | @lxpollitt |
 | Alex Rowley                              | @rowleyaj |
 | Alexander Golovko                        | @0xBF |
+| Alexey Magdich                           | @alexeymagdich-tigera |
 | Alina Militaru                           | @asincu |
 | Aloÿs                                    | @AloysAugustin |
 | Anatoly Popov                            | @aensidhe |
@@ -45,6 +46,7 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | Bryan                                    | @bryanmr |
 | Carlos Alberto (Euprogramador)           | @euprogramador |
 | Casey Davenport                          | @caseydavenport |
+| Changsu                                  | @cxsu |
 | Chris Hoge                               | @hogepodge |
 | Christian Simon                          | @simonswine |
 | Christophe van de Kerchove               | @zopanix |
@@ -65,6 +67,7 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | depay                                    | @depay |
 | Derek McQuay                             | @dmmcquay |
 | Didier Durand                            | @didier-durand |
+| Divsiq                                   | @Kolya-kostevich |
 | Doug Collier                             | @doucol |
 | Doug Davis                               | @duglin |
 | Dries Harnie                             | @Botje |
@@ -95,7 +98,6 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | He Yi                                    | @heyi-arm |
 | Helen Chang                              | @c6h3un |
 | Huanle Han                               | @hanxueluo |
-| Hui Kang                                 | @huikang |
 | Iago López Galeiras                      | @iaguis |
 | ijump                                    | @ijumps |
 | IWAMOTO Toshihiro                        | @toshiiw |
@@ -119,9 +121,11 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | Justin Nauman                            | @jrnt30 |
 | Justin Ohms                              | @JustinOhms |
 | Karthik Krishnan Ramasubramanian         | @doublek |
+| Kasakaze                                 | @njuptlzf |
 | Kashif Saadat                            | @KashifSaadat |
 | Ketan Kulkarni                           | @ketkulka |
 | Kirill Buev                              | @NeonSludge |
+| Kris G                                   | @kgtw |
 | Krzesimir Nowak                          | @krnowak |
 | Krzysztof Cieplucha                      | @krisiasty |
 | Lance Robson                             | @lwr20 |
@@ -142,6 +146,7 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | M. Frister                               | @mfrister |
 | maao                                     | @maaoBit |
 | Manjunath Kumatagi                       | @mkumatag |
+| Marc Crebassa                            | @aalaesar |
 | Mark Fermor                              | @markfermor |
 | Mark Petrovic                            | @ae6rt |
 | Markus Lippert                           | @lippertmarkus |
@@ -151,15 +156,19 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | Mat Meredith                             | @MatMeredith |
 | Mateusz Gozdek                           | @invidian |
 | Matt Dupre                               | @matthewdupre |
+| Matt Fenwick                             | @mattfenwick |
 | Matt Kelly                               | @mattkelly |
 | Matt Leung                               | @mgleung |
 | Max S                                    | @maxstr |
 | Maxim Ivanov                             | @redbaron |
 | Maxime Guyot                             | @Miouge1 |
 | Maximilian Bischoff                      | @maxbischoff |
+| Mayo                                     | @mayocream |
 | meijin                                   | @marviniter |
 | Michael Stowe                            | @mikestowe |
 | Mike Frisch                              | @EmmEff |
+| Mike Kostersitz                          | @mkostersitz |
+| Mike Palmer                              | @mkhpalm |
 | Mike Scherbakov                          | @mihgen |
 | Mike Spreitzer                           | @MikeSpreitzer |
 | Mridul Gain                              | @mridulgain |
@@ -172,17 +181,18 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | Nick Bartos                              | @nbartos |
 | Nick Wood                                | @nwoodmsft |
 | Nirman Narang                            | @nirmannarang |
-| njuptlzf                                 | @njuptlzf |
 | Noah Treuhaft                            | @nwt |
 | Otto Sulin                               | @ottosulin |
 | Patrik Lundin                            | @eest |
 | Paul Tiplady                             | @paultiplady |
 | Pavel Khusainov                          | @alvelcom |
 | Penkey Suresh                            | @penkeysuresh |
+| Peter Kelly                              | @petercork |
 | Peter L Nordquist                        | @plnordquist |
 | Peter White                              | @plwhite |
 | Pierre Grimaud                           | @pgrimaud |
 | Pike                                     | @pikeszfish |
+| Pushkar Joglekar                         | @PushkarJ |
 | Qiu Yu                                   | @unicell |
 | Rahul Krishna Upadhyaya                  | @rakrup |
 | rao yunkun                               | @yunkunrao |
@@ -194,6 +204,7 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | Richard Laughlin                         | @rcythr |
 | Rob Brockbank                            | @robbrockbank |
 | Roberto Alcântara                        | @robertoalcantara |
+| Roman Danko                              | @elcomtik |
 | Ronnie P. Thomas                         | @rpthms |
 | Rush Tehrani                             | @rushtehrani |
 | Rustam Zagirov                           | @stamm |
@@ -218,13 +229,16 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | TAKAHASHI Shuuji                         | @shuuji3 |
 | Tamal Saha                               | @tamalsaha |
 | Thilo Fromm                              | @t-lo |
+| Tim Bart                                 | @pims |
 | Timothy Briggs                           | @TrimBiggs |
 | Tom Denham                               | @tomdee |
 | Tom Pointon                              | @tompntn |
 | Tomas                                    | @ToroNZ |
 | Tomas Hruby                              | @tomastigera |
 | Tomas Mazak                              | @tomas-mazak |
+| Tommaso Pozzetti                         | @tommasopozzetti |
 | Uwe Krueger                              | @mandelsoft |
+| Viacheslav Vasilyev                      | @avoidik |
 | Vinayak Shinde                           | @svInfra17 |
 | Vincent Schwarzer                        | @VincentS |
 | Wei Kin Huang                            | @weikinhuang |
@@ -236,7 +250,6 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | Yecheng Fu                               | @cofyc |
 | Yumo Yang                                | @elementyang |
 | Àbéjídé Àyodélé                          | @bjhaid |
-| ---                                      | @alexeymagdich-tigera |
 | ---                                      | @alexvarsh |
 | ---                                      | @anton-klokau |
 | ---                                      | @bartek-lopatka |
@@ -254,10 +267,9 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | ---                                      | @gdziwoki |
 | ---                                      | @joshti |
 | ---                                      | @joshuactm |
-| ---                                      | @krishgobinath |
-| ---                                      | @markruler |
 | ---                                      | @marvin-tigera |
 | ---                                      | @maxkudosh |
+| ---                                      | @mchtech |
 | ---                                      | @mikev |
 | ---                                      | @mofelee |
 | ---                                      | @oldtree2k |
@@ -273,3 +285,4 @@ by GitHub for the core repositories within the projectcalico/ organization. It i
 | ---                                      | @vixns |
 | ---                                      | @weizhouBlue |
 | ---                                      | @wwgfhf |
+| ---                                      | @yanyan8566 |

_data/archives.yml

@@ -6,6 +6,8 @@
 # To support 'branch-per-directory', an entry named 'legacy' can be specified which is a dictionary describing
 # all releases using the old model.
 # Order matters - place latest releases first
+- v3.18
+- v3.17
 - v3.16
 - v3.15
 - v3.14

_includes/release-notes/v3.19.0-release-notes.md

@@ -0,0 +1,70 @@
+30 Apr 2021
+
+#### VPP data plane (tech-preview)
+
+We’re very excited to announce that Calico v3.19 includes tech-preview support for Cisco’s Vector Packet Processing (VPP) data plane, joining Calico’s existing iptables, eBPF, and Windows dataplanes. 
+
+The VPP data plane promises high performance Kubernetes networking with support for network policy, encryption via Wireguard or IPSec, and MagLev service load balancing. 
+
+Interested? Try it out by following the [tech-preview getting started guide](https://docs.projectcalico.org/archive/v3.19/getting-started/kubernetes/vpp/)!
+
+#### Resource management with kubectl (tech-preview)
+
+In previous versions of Calico, the “calicoctl” command line tool was required to properly manage Calico API resources. In Calico v3.19, we’ve introduced a new tech-preview feature that allows you to manage all projectcalico.org API resources directly with kubectl using an optional API server addon.
+
+Try it out on your cluster by [following the guide](https://docs.projectcalico.org/archive/v3.19/getting-started/kubernetes/apiserver-preview)!
+
+#### Windows data plane support for containerd
+
+Calico v3.19 introduces support for Calico for Windows users to deploy containers using containerd in addition to the already supported Docker runtime.
+
+The Calico for Windows quickstart guide has been updated to configure Calico for containerd. Try out the [quickstart guide](https://docs.projectcalico.org/archive/v3.19/getting-started/windows-calico/quickstart)!
+
+**References**:
+ - Windows packaging for containerd support [node #933](https://github.com/projectcalico/node/pull/933) (@lmm)
+
+#### Bug fixes
+
+**General**:
+ - Fix issue with where pushed node images were not expanded correctly with the common Makefile [node #935](https://github.com/projectcalico/node/pull/935) (@fasaxc)
+ - Fixes a bug where IPv6 networks were not handled properly by the failsafe rules [felix #2742](https://github.com/projectcalico/felix/pull/2742) (@mgleung)
+ - Fix support for Kubernetes named ports with SCTP. [libcalico-go #1399](https://github.com/projectcalico/libcalico-go/pull/1399) (@fasaxc)
+ - When interpreting Kubernetes NetworkPolicy ports, Calico now interprets an empty port struct as "all TCP" as per the NetworkPolicy spec.  Previously, empty structs were ignored. [libcalico-go #1370](https://github.com/projectcalico/libcalico-go/pull/1370) (@mattfenwick)
+ - IPPool CIDR permits ipv6 full representation and ipv4 with host bit set. [libcalico-go #1369](https://github.com/projectcalico/libcalico-go/pull/1369) (@halfcrazy)
+ - Properly report not found when WorkloadEndpoint doesn't exist. Fixes https://github.com/projectcalico/calico/issues/4235 [libcalico-go #1363](https://github.com/projectcalico/libcalico-go/pull/1363) (@tommasopozzetti)
+ - Fix concurrent map access bug in confd [confd #479](https://github.com/projectcalico/confd/pull/479) (@caseydavenport)
+ - Fix concurrent map access panic in kube-controllers [kube-controllers #669](https://github.com/projectcalico/kube-controllers/pull/669) (@caseydavenport)
+ - Fix potential memory-leak in kube-controllers [kube-controllers #641](https://github.com/projectcalico/kube-controllers/pull/641) (@caseydavenport)
+
+**eBPF data plane**:
+ - [eBPF] Fix sctp named port handling [felix #2771](https://github.com/projectcalico/felix/pull/2771) (@sridhartigera)
+ - In BPF mode: Fix that changing the type of a service or having multiple services with overlapping external IPs would result in incorrect load balancing, even after the overlap was resolved. [felix #2770](https://github.com/projectcalico/felix/pull/2770) (@fasaxc)
+ - Fix externalTrafficPolicy for LB services in eBPF data plane [felix #2686](https://github.com/projectcalico/felix/pull/2686) (@caseydavenport)
+ - Fix that, in eBPF mode, a Log rule would result in an error instead of being ignored.  Log rules are not supported but they should be ignored, not cause a failure. [felix #2683](https://github.com/projectcalico/felix/pull/2683) (@fasaxc)
+ - Fix that, in eBPF mode, a Log rule would result in an error instead of being ignored.  Log rules are not supported but they should be ignored, not cause a failure. [felix #2682](https://github.com/projectcalico/felix/pull/2682) (@fasaxc)
+
+#### Other changes
+
+**General**:
+ - Bump UBI from 8.1 to 8.3 [node #885](https://github.com/projectcalico/node/pull/885) (@PushkarJ)
+ - Update ipables version to 1.8.4-15 [node #813](https://github.com/projectcalico/node/pull/813) (@Brian-McM)
+ - Fix that, after a netlink read failure, Felix would tight loop reading from a closed channel.  Restart the event poll in that case. [felix #2710](https://github.com/projectcalico/felix/pull/2710) (@fasaxc)
+ - Prevent looping through a service external IP when traffic is sent to the wrong port for the external IP. [felix #2690](https://github.com/projectcalico/felix/pull/2690) (@neiljerram)
+ - FailsafeInboundHostPorts & FailsafeOutboundHostPorts now support restricting to specific cidrs. New format <protocol>:<net>:<port> [felix #2646](https://github.com/projectcalico/felix/pull/2646) (@kgtw)
+ - calicoctl will no longer display Kubernetes network polices when operating in KDD mode [libcalico-go #1398](https://github.com/projectcalico/libcalico-go/pull/1398) (@caseydavenport)
+ - CHANGE REVERTED: Fix that Felix would incorrectly treat any deleted pod as immediately finished.  This meant that pods networked with non-Calico CNIs would not have connectivity in the termination grace period. [libcalico-go #1397](https://github.com/projectcalico/libcalico-go/pull/1397) (@fasaxc)
+ - Reduce log level on spammy logs in host-local IPAM mode [libcalico-go #1374](https://github.com/projectcalico/libcalico-go/pull/1374) (@caseydavenport)
+ - By default, limit each node to 20 IP address blocks. This value can be overridden through IPAM configuration. [libcalico-go #1368](https://github.com/projectcalico/libcalico-go/pull/1368) (@caseydavenport)
+ - Kubernetes Network Policy EndPort is now supported [libcalico-go #1357](https://github.com/projectcalico/libcalico-go/pull/1357) (@rikatz)
+ - Add support for liveness probes in kube-controllers [kube-controllers #655](https://github.com/projectcalico/kube-controllers/pull/655) (@hakman)
+
+**eBPF data plane**:
+ - Add CIDRs to the failsafe rule handling in BPF. [felix #2769](https://github.com/projectcalico/felix/pull/2769) (@mgleung)
+ - Introduce a new Felix configuration parameter that can be set to mark packets from external hosts to services.  This is useful for working around an incompatibility with the Amazon VPC CNI's source based routing rules.  In EKS, BPFExtToServiceConnmark should be set to 0x80. [felix #2767](https://github.com/projectcalico/felix/pull/2767) (@tomastigera)
+ - [eBPF] Calculate ICMP csum as L4 not to confuse offloading [felix #2705](https://github.com/projectcalico/felix/pull/2705) (@tomastigera)
+ - In eBPF mode, ensure that SYN retries to a NATted destination go to the same backing workload to prevent spurious RSTs after a SYN-ACK is lost. [felix #2675](https://github.com/projectcalico/felix/pull/2675) (@fasaxc)
+ - [eBPF] For eBPF dataplane, fallback to Kubernetes Node IPs if none auto-detected [libcalico-go #1387](https://github.com/projectcalico/libcalico-go/pull/1387) (@sridhartigera)
+
+**Windows**:
+ - Add support for containerd to Windows [cni-plugin #1054](https://github.com/projectcalico/cni-plugin/pull/1054) (@lmm)
+