diff --git a/AUTHORS.md b/AUTHORS.md index 6a3525c8b30..7fc63282b41 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -12,14 +12,18 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Alban Crequy | @alban | | Albert Vaca Cintora | @albertvaka | | Alejo Carballude | @AlejoAsd | +| Aleksandr Dubinsky | @almson | | Alessandro Rossi | @kubealex | | Alex Altair | @alexaltair | | Alex Chan | @alexwlchan | +| Alex O Regan | @aaaaaaaalex | | Alex Pollitt | @lxpollitt | | Alex Rowley | @rowleyaj | | Alexander Golovko | @0xBF | +| Alexey Magdich | @alexeymagdich-tigera | | Alina Militaru | @asincu | | Aloÿs | @AloysAugustin | +| Amim Knabben | @knabben | | Anatoly Popov | @aensidhe | | Andrei Nistor | @andrein | | Andrew Randall | @ahrkrak | @@ -28,6 +32,7 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Artem Panchenko | @artem-panchenko | | Artyom Rymarchik | @mechanicalbot | | Ashley | @CallMeFoxie | +| Atkins | @AtkinsChang | | Avi Deitcher | @deitch | | Ayoub Elhamdani | @BigYopy | | Ben Allen | @bensallen | @@ -45,7 +50,9 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Bryan | @bryanmr | | Carlos Alberto (Euprogramador) | @euprogramador | | Casey Davenport | @caseydavenport | +| Changsu | @cxsu | | Chris Hoge | @hogepodge | +| Chris Tomkins | @cdtomkins | | Christian Simon | @simonswine | | Christophe van de Kerchove | @zopanix | | Christopher LIJLENSTOLPE | @liljenstolpe | @@ -59,12 +66,14 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Dario Nieuwenhuis | @Dirbaio | | Darren Chin | @digaxfr | | Dave Langridge | @DaveLangridge | +| David Igou | @David-Igou | | David Tesar | @dtzar | | David Wilder | @djlwilder | | Denis Iskandarov | @den-is | | depay | @depay | | Derek McQuay | @dmmcquay | | Didier Durand | @didier-durand | +| Divsiq | @Kolya-kostevich | | Doug Collier | @doucol | | Doug Davis | @duglin | | Dries Harnie | @Botje | @@ -87,7 +96,6 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Giancarlo Rubio | @gianrubio | | Gianluca | @gianlucam76 | | Guang Ya Liu | @gyliu513 | -| Guangming Wang | @beautytiger | | Gunjan "Grass-fed Rabbit" Patel | @gunjan5 | | Gunther Boeckmann | @gunboe | | Guy Templeton | @gjtempleton | @@ -95,7 +103,6 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | He Yi | @heyi-arm | | Helen Chang | @c6h3un | | Huanle Han | @hanxueluo | -| Hui Kang | @huikang | | Iago López Galeiras | @iaguis | | ijump | @ijumps | | IWAMOTO Toshihiro | @toshiiw | @@ -107,9 +114,11 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Jeff Schroeder | @SEJeff | | Jesper Dangaard Brouer | @netoptimizer | | JG | @elfchief | +| Jiawei Huang | @hjiawei | | jie zhang | @kadisi | | Joel Bastos | @kintoandar | | Johan Fleury | @johanfleury | +| Johannes Scheerer | @ScheererJ | | Johannes Scheuermann | @johscheuer | | Jonathan Palardy | @jpalardy | | Jonathan Sabo | @jsabo | @@ -117,11 +126,13 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Jonathan Wilbur | @JonathanWilbur | | Josh Conant | @insequent | | Justin Nauman | @jrnt30 | -| Justin Ohms | @JustinOhms | +| Justin Sievenpiper | @jsievenpiper | | Karthik Krishnan Ramasubramanian | @doublek | +| Kasakaze | @njuptlzf | | Kashif Saadat | @KashifSaadat | | Ketan Kulkarni | @ketkulka | | Kirill Buev | @NeonSludge | +| Kris G | @kgtw | | Krzesimir Nowak | @krnowak | | Krzysztof Cieplucha | @krisiasty | | Lance Robson | @lwr20 | @@ -142,6 +153,7 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | M. Frister | @mfrister | | maao | @maaoBit | | Manjunath Kumatagi | @mkumatag | +| Marc Crebassa | @aalaesar | | Mark Fermor | @markfermor | | Mark Petrovic | @ae6rt | | Markus Lippert | @lippertmarkus | @@ -151,17 +163,24 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Mat Meredith | @MatMeredith | | Mateusz Gozdek | @invidian | | Matt Dupre | @matthewdupre | +| Matt Fenwick | @mattfenwick | | Matt Kelly | @mattkelly | | Matt Leung | @mgleung | | Max S | @maxstr | | Maxim Ivanov | @redbaron | | Maxime Guyot | @Miouge1 | | Maximilian Bischoff | @maxbischoff | +| Mayo | @mayocream | +| Mazdak Nasab | @mazdakn | | meijin | @marviniter | | Michael Stowe | @mikestowe | | Mike Frisch | @EmmEff | +| Mike Kostersitz | @mkostersitz | +| Mike Palmer | @mkhpalm | | Mike Scherbakov | @mihgen | | Mike Spreitzer | @MikeSpreitzer | +| Mike Stephen | @mikestephen | +| ml | @ml- | | Mridul Gain | @mridulgain | | Muhammad Saghir | @msagheer | | Muhammet Arslan | @iammuho | @@ -172,17 +191,20 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Nick Bartos | @nbartos | | Nick Wood | @nwoodmsft | | Nirman Narang | @nirmannarang | -| njuptlzf | @njuptlzf | | Noah Treuhaft | @nwt | | Otto Sulin | @ottosulin | +| Patrick Marques | @pmarques | | Patrik Lundin | @eest | | Paul Tiplady | @paultiplady | | Pavel Khusainov | @alvelcom | +| Pedro Coutinho | @coutinhop | | Penkey Suresh | @penkeysuresh | +| Peter Kelly | @petercork | | Peter L Nordquist | @plnordquist | | Peter White | @plwhite | | Pierre Grimaud | @pgrimaud | | Pike | @pikeszfish | +| Pushkar Joglekar | @PushkarJ | | Qiu Yu | @unicell | | Rahul Krishna Upadhyaya | @rakrup | | rao yunkun | @yunkunrao | @@ -194,6 +216,7 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Richard Laughlin | @rcythr | | Rob Brockbank | @robbrockbank | | Roberto Alcântara | @robertoalcantara | +| Roman Danko | @elcomtik | | Ronnie P. Thomas | @rpthms | | Rush Tehrani | @rushtehrani | | Rustam Zagirov | @stamm | @@ -218,13 +241,17 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | TAKAHASHI Shuuji | @shuuji3 | | Tamal Saha | @tamalsaha | | Thilo Fromm | @t-lo | +| Tim Bart | @pims | | Timothy Briggs | @TrimBiggs | | Tom Denham | @tomdee | | Tom Pointon | @tompntn | | Tomas | @ToroNZ | | Tomas Hruby | @tomastigera | | Tomas Mazak | @tomas-mazak | +| Tommaso Pozzetti | @tommasopozzetti | +| tuti. | @radTuti | | Uwe Krueger | @mandelsoft | +| Viacheslav Vasilyev | @avoidik | | Vinayak Shinde | @svInfra17 | | Vincent Schwarzer | @VincentS | | Wei Kin Huang | @weikinhuang | @@ -234,9 +261,9 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | Xin He | @KevinTHU | | YAMAMOTO Takashi | @yamt | | Yecheng Fu | @cofyc | +| Yongkun Anfernee Gui | @anfernee | | Yumo Yang | @elementyang | | Àbéjídé Àyodélé | @bjhaid | -| --- | @alexeymagdich-tigera | | --- | @alexvarsh | | --- | @anton-klokau | | --- | @bartek-lopatka | @@ -254,10 +281,9 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | --- | @gdziwoki | | --- | @joshti | | --- | @joshuactm | -| --- | @krishgobinath | -| --- | @markruler | | --- | @marvin-tigera | | --- | @maxkudosh | +| --- | @mchtech | | --- | @mikev | | --- | @mofelee | | --- | @oldtree2k | @@ -268,8 +294,11 @@ by GitHub for the core repositories within the projectcalico/ organization. It i | --- | @saumohos | | --- | @sedefsavas | | --- | @sridhartigera | +| --- | @Stanislav-Galchynski | | --- | @tathagatachowdhury | | --- | @Teller-Ulam | | --- | @vixns | | --- | @weizhouBlue | | --- | @wwgfhf | +| --- | @yang59324 | +| --- | @yanyan8566 | diff --git a/Makefile b/Makefile index 26b9b2e4ca7..b02fa245eb8 100644 --- a/Makefile +++ b/Makefile @@ -392,6 +392,7 @@ helm-index: release-prereqs rm -rf charts ## Generates release notes for the given version. +.PHONY: release-notes release-notes: #release-prereqs VERSION=$(CALICO_VER) GITHUB_TOKEN=$(GITHUB_TOKEN) python2 ./release-scripts/generate-release-notes.py diff --git a/_data/archives.yml b/_data/archives.yml index c1e26b863d4..5a9f81e649d 100644 --- a/_data/archives.yml +++ b/_data/archives.yml @@ -6,6 +6,9 @@ # To support 'branch-per-directory', an entry named 'legacy' can be specified which is a dictionary describing # all releases using the old model. # Order matters - place latest releases first +- v3.19 +- v3.18 +- v3.17 - v3.16 - v3.15 - v3.14 diff --git a/_data/versions.yml b/_data/versions.yml index 12f2d809b71..96ec826ce31 100644 --- a/_data/versions.yml +++ b/_data/versions.yml @@ -1,31 +1,31 @@ -- title: v3.20 +- title: v3.20.0 note: "" chart: version: 1 tigera-operator: image: tigera/operator registry: quay.io - version: release-v1.20 + version: v1.20.0 components: typha: - version: release-v3.20 + version: v3.20.0 calicoctl: - version: release-v3.20 + version: v3.20.0 calico/node: - version: release-v3.20 + version: v3.20.0 calico/cni: - version: release-v3.20 + version: v3.20.0 calico/apiserver: - version: release-v3.20 + version: v3.20.0 calico/kube-controllers: - version: release-v3.20 + version: v3.20.0 calico/flannel-migration-controller: - version: release-v3.20 + version: v3.20.0 networking-calico: - version: release-v3.20 + version: v3.20.0 flannel: version: v0.14.0 calico/dikastes: - version: release-v3.20 + version: v3.20.0 flexvol: - version: release-v3.20 + version: v3.20.0 diff --git a/_includes/release-notes/v3.20.0-release-notes.md b/_includes/release-notes/v3.20.0-release-notes.md index e69de29bb2d..621cc412060 100644 --- a/_includes/release-notes/v3.20.0-release-notes.md +++ b/_includes/release-notes/v3.20.0-release-notes.md @@ -0,0 +1,77 @@ +30 Jul 2021 + +#### Service-based egress rules + +Calico NetworkPolicy and GlobalNetworkPolicy now support egress rules which match on Kubernetes service names. Service matches in egress rules can be used to allow or deny access to in-cluster services, as well as services typically not backed by pods (for example, the Kubernetes API). Address and port information is learned from the individual endpoints within the service, making it easier to keep your network policy in-sync with your workloads. + +Relevant PRs: + + - Felix support for matching Kubernetes services in egress rules. [felix #2916](https://github.com/projectcalico/felix/pull/2916) (@caseydavenport) + - Support for Services in NetworkPolicy egress rules [libcalico-go #1468](https://github.com/projectcalico/libcalico-go/pull/1468) (@caseydavenport) + +#### Golang API + +In Calico v3.19, we introduced a tech-preview API server which allows management of Calico resources directly with kubectl. In v3.20, we’re building upon that with a new Golang API for Calico! + +Install the API server and import the Golang API to manage Calico network policies and more, in your own applications!. See the [projectcalico/api](https://github.com/projectcalico/api) repository for more information. + +#### Configurable BGP graceful restart timer + +If you’re using BGP in your cluster, the graceful restart timer is used during rolling updates to ensure a graceful upgrade of Calico without disrupting network traffic. For large or heavily burdened clusters, sometimes an update of a particular node can take longer than the 2 minutes BGP typically allows due to load on the Kubernetes control plane. Calico v3.20 now allows configuration of the BGP graceful restart timer to better work in these scenarios. + +See the `maxRestartTime` configuration option in the BGPPeer API. + +Relevant PRs: + + - Add support for configuring the BGP graceful restart timer [confd #543](https://github.com/projectcalico/confd/pull/543) (@coutinhop) + +#### BPF mode support for DoNotTrack policy for DoS prevention + +Calico’s eBPF dataplane has not previously supported any DoNotTrack policy. Calico v3.20 adds tech preview support for a specific subset of DoNotTrack policy, using XDP to implement that. The specific subset is any DoNotTrack ingress deny policy, i.e. policy whose effect is only to drop certain traffic on ingress, and is useful for preventing denial of service attacks from known malicious IPs. More general DoNotTrack policy support, for the eBPF dataplane, is in progress and should arrive in a subsequent release in the near future. + +Relevant PRs: + + - Use XDP to implement untracked deny policies in BPF mode. [felix #2905](https://github.com/projectcalico/felix/pull/2905) (@neiljerram) + +#### Bug fixes + + - Fix that calico/node would fail to set NetworkUnavailable to false for etcd clusters with mismatched node names. [node #944](https://github.com/projectcalico/node/pull/944) (@caseydavenport) + - Stop ARP traffic being dropped due to RPF check [felix #2820](https://github.com/projectcalico/felix/pull/2820) (@mikestephen) + - Fix that, with Wireguard enabled, felix would delete and re-add the Wireguard routing rule every 90 seconds causing occasional dropped packets. [felix #2818](https://github.com/projectcalico/felix/pull/2818) (@mikestephen) + - Disable VXLAN tunnel checksum offload on kernels < v5.7. Works around https://github.com/projectcalico/calico/issues/3145. [felix #2811](https://github.com/projectcalico/felix/pull/2811) (@fasaxc) + - Improve routing loop prevention to handle when advertising Service LoadBalancer IPs [felix #2798](https://github.com/projectcalico/felix/pull/2798) (@caseydavenport) + - Retry setting AWS EC2 source/destination check until successful. [felix #2795](https://github.com/projectcalico/felix/pull/2795) (@hjiawei) + - Install blackhole routes in VXLAN mode. [felix #2696](https://github.com/projectcalico/felix/pull/2696) (@electricjesus) + - Fix that podIP annotation could be incorrectly clobbered for stateful set pods: https://github.com/projectcalico/calico/issues/4710 [libcalico-go #1481](https://github.com/projectcalico/libcalico-go/pull/1481) (@fasaxc) + - Reinstates logic that falls back to the status of the pod during termination if the pod IP annotation is not set by the Calico CNI plugin. [libcalico-go #1446](https://github.com/projectcalico/libcalico-go/pull/1446) (@song-jiang) + - Fix issue with serviceaccount names larger than 63 characters. [libcalico-go #1422](https://github.com/projectcalico/libcalico-go/pull/1422) (@caseydavenport) + - Fix error parsing pod deletion updates in kube-controllers [kube-controllers #707](https://github.com/projectcalico/kube-controllers/pull/707) (@caseydavenport) + +#### Other changes + +**General** + + - Enable management of CNI plugins by default [node #1008](https://github.com/projectcalico/node/pull/1008) (@caseydavenport) + - calico/node marks nodes with NetworkUnavailable=true on shutdown [node #993](https://github.com/projectcalico/node/pull/993) (@song-jiang) + - Typha now gives newly connected clients an extra grace period to catch up after sending the snapshot. Should reduce the possibility of cyclic disconnects. [typha #619](https://github.com/projectcalico/typha/pull/619) (@fasaxc) + - Wireguard MTU calculation on AKS and ANI allows for underlying network [felix #2840](https://github.com/projectcalico/felix/pull/2840) (@mikestephen) + - Add basic Wireguard prometheus statistics [felix #2853](https://github.com/projectcalico/felix/pull/2853) (@electricjesus) + - Wireguard is now compatible with the AKS CNI plugin. This requires Felix's RouteSource configuration parameter to be set to "WorkloadIPs". In "workload IP" mode, Wireguard now encrypts all traffic between Calico hosts themselves as well as traffic between Calico hosts and remote pods. [felix #2781](https://github.com/projectcalico/felix/pull/2781) (@mikestephen) + - Added enhanced error logging for IPAM failures [libcalico-go #1436](https://github.com/projectcalico/libcalico-go/pull/1436) (@coutinhop) + - Add IPAM GC LeakGracePeriod configuration. [libcalico-go #1429](https://github.com/projectcalico/libcalico-go/pull/1429) (@caseydavenport) + - Add IP address garbage collection to kube-controllers [kube-controllers #744](https://github.com/projectcalico/kube-controllers/pull/744) (@caseydavenport) + - Calico will now release empty IPAM blocks from nodes that no longer need them so they can be used elsewhere. [kube-controllers #799](https://github.com/projectcalico/kube-controllers/pull/799) (@caseydavenport) + - Remove dependence on unmaintained UUID library. [libcalico-go #1427](https://github.com/projectcalico/libcalico-go/pull/1427) (@fasaxc) + - Adds support for the Envoy v3 API. [app-policy #172](https://github.com/projectcalico/app-policy/pull/172) (@AtkinsChang) + - Add support for Istio 1.9 and 1.10 [calico #4742](https://github.com/projectcalico/calico/pull/4742) (@mgleung) + - Adds a helm index to the docs. Helm users can now install by running `helm repo add projectcalico https://docs.projectcalico.org/charts` and `helm install calico projectcalico/tigera-operator --version=` [calico #4629](https://github.com/projectcalico/calico/pull/4629) (@lwr20) + - Mount CNI plugin directory into calico/node to enable configuration updates. [calico #4655](https://github.com/projectcalico/calico/pull/4655) (@caseydavenport) + +**Windows dataplane**: + + - [Windows] Create VXLAN tunnel address in node - previously this was done in cni-plugin when the first pod is set up [node #1064](https://github.com/projectcalico/node/pull/1064) (@lmm) + - [Windows] Disable IPv6DualStack in VXLAN mode [node #1018](https://github.com/projectcalico/node/pull/1018) (@lmm) + +**BPF dataplane**: + - In eBPF mode, disable Felix's BPF map repinning logic by default. This logic was intended to avoid the need to mount the BPF filesystem into the calico/node container but it was flawed because program maps are emptied by the kernel when they are not pinned. [felix #2827](https://github.com/projectcalico/felix/pull/2827) (@neiljerram) + - Reduce log spam from eBPF dataplane and add eBPF dataplane components to loop summary. [felix #2812](https://github.com/projectcalico/felix/pull/2812) (@fasaxc)