v1.48.1

[gardener/gardener-extension-networking-calico]

🐛 Bug Fixes

• [OPERATOR] An issue preventing the networking-calico extension to patch its heartbeat lease is now fixed. by @axel7born [#646]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.48.1
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.48.1
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.48.1

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.48.1
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.48.1

v1.48.0

[gardener/gardener-extension-networking-calico]

⚠️ Breaking Changes

• [OPERATOR] The extension and admission VerticalPodAutoscaler resources now by default specify controlledValues: RequestsOnly. This means that VPA scales only the requests and not the limits. Consider removing memory limits before upgrading to this version as VPA no longer by default scales limits proportionally to the requests. by @ialidzhikov [#636]

📰 Noteworthy

• [OPERATOR] Calico extension now supports a deny-all network policy within the kube-system namespace that will come with kubernetes v1.33 by @domdom82 [#640]

🏃 Others

• [OPERATOR] networking-calico no longer supports Shoots with Кubernetes version <= 1.26. by @RadaBDimitrova [#517]
• [OPERATOR] Write ipFamilies to network.Status instead of network providerStatus. by @axel7born [#632]
• [OPERATOR] Metrics and health ports can now be configured properly via the helm chart values. by @ScheererJ [#622]
• [OPERATOR] Add support for single-stack to dual-stack networking migration. by @axel7born [#615]
• [OPERATOR] The ServiceTrafficDistribution feature is being used on to make Services topology-aware when the runtime Kubernetes version is 1.31+. by @ialidzhikov [#568]
• [OPERATOR] Cleanup rbac permissions by @axel7born [#635]
• [OPERATOR] The networking-calico extension now uses the same helm values as the provider extensions. by @ScheererJ [#624]
• [OPERATOR] Update base image from debian11 to debian12. by @MartinWeindel [#626]
• [OPERATOR] The legacy method of providing monitoring configuration via ConfigMaps labeled with extensions.gardener.cloud/configuration=monitoring has been removed. The extension does now only uses the new contract for providing monitoring configuration. Before upgrading to this version of the extension, make sure that the deployed Gardener version supports the new monitoring contract. by @RadaBDimitrova [#634]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.48.0
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.48.0
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.48.0

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.48.0
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.48.0

v1.47.1

[gardener/gardener-extension-networking-calico]

🏃 Others

• [OPERATOR] Metrics and health ports can now be configured properly via the helm chart values. by @ScheererJ [#622]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.47.1
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.47.1
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.47.1

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.47.1
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.47.1

v1.47.0

[gardener/gardener-extension-networking-calico]

⚠️ Breaking Changes

• [OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-admission-calico admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#572]

🏃 Others

• [OPERATOR] Fix permissions of calico-kube-controllers by @DockToFuture [#577]
• [OPERATOR] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#576]
• [OPERATOR] Prepare for deployment of admission controller by gardener-operator by @MartinWeindel [#572]
• [OPERATOR] Update to calico-v3.29.2 by @axel7born [#599]
• [OPERATOR] The ports used by the extension can now be specified via helm values. by @ScheererJ [#592]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.47.0
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.47.0
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.47.0

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.47.0
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.47.0

v1.46.2

[gardener/gardener-extension-networking-calico]

🏃 Others

• [OPERATOR] Allow enablement of source network address translation in IPv6 scenarios. by @ScheererJ [#585]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.46.2
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.46.2
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.46.2

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.46.2
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.46.2

v1.46.1

🏃 Others

• [OPERATOR] Fix permissions of calico-kube-controllers by @DockToFuture [#577]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.46.1
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.46.1
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.46.1

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.46.1
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.46.1

v1.46.0

[gardener/gardener-extension-networking-calico]

🏃 Others

• [OPERATOR] Do not enable IPIP for non-overlay case when no networkConfig is set. by @DockToFuture [#563]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.46.0
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.46.0
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.46.0

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.46.0
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.46.0

v1.45.0

[gardener/gardener-extension-networking-calico]

🏃 Others

• [OPERATOR] Allow running without overlay configuration. by @axel7born [#546]
• [OPERATOR] Disable masquerading of IPv6 pod traffic which leaves the cluster. by @DockToFuture [#547]
• [OPERATOR] Support VXLAN as overlay. by @DockToFuture [#556]
• [OPERATOR] Update calico to v3.29.1. by @DockToFuture [#558]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.45.0
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.45.0
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.45.0

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.45.0
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.45.0

v1.44.0

[gardener/gardener-extension-networking-calico]

🏃 Others

• [OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @ScheererJ [#503]
• [OPERATOR] Correct iptable backend and iptable rule are set for IPv6 shoot clusters when running with node-local-dns. by @DockToFuture [#506]
• [OPERATOR] Generate dual-stack configuration. by @axel7born [#512]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.44.0
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.44.0
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.44.0

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.44.0
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.44.0

v1.43.0

[gardener/gardener-extension-networking-calico]

🏃 Others

• [OPERATOR] Use host-local ipam for IPv6. by @DockToFuture [#501]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.43.0
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.43.0
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.43.0

Docker Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.43.0
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.43.0