Releases

The following table shows component versioning for Calico v3.0.

Use the version selector at the top-right of this page to view a different release.

v3.0.9

Release archive with Kubernetes manifests, Docker images and binaries.

09 November 2018

Important: Review the documentation carefully before attempting an upgrade. You must upgrade to Calico v2.6.5 or later before you can upgrade to Calico v3.0.8.

Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.7
calicoctl v2.0.7
calico/node v3.0.9
calico/cni v2.0.7
calico/kube-controllers v2.0.6
calico/routereflector v0.5.1
flannel v0.9.1

v3.0.8

Release archive with Kubernetes manifests, Docker images and binaries.

30 May 2018

Important: Review the documentation carefully before attempting an upgrade. You must upgrade to Calico v2.6.5 or later before you can upgrade to Calico v3.0.8.

Bug Fixes

  • Fix a bug in the CNI plugin where IP allocations were not properly updated on container restart cni-plugin #537 (@caseydavenport)
  • The install-cni container now maintains the original mode on certificates copied from Kubernetes secrets. cni-plugin #531 (@caseydavenport)
  • The install-cni container now writes the calico-kubeconfig file with mode 600 by default. It can be configured by setting the KUBECONFIG_MODE option. cni-plugin #531 (@caseydavenport)
  • The install-cni container now only writes the calico-kubeconfig file when running as a Kubernetes pod. cni-plugin #531 (@caseydavenport)
  • Fix etcd cert file existence check in calico/cni cni-plugin #531 (@bjhaid)
  • When run as a pod, CNI will be configured with the Kubernetes certificate authority for TLS verification. cni-plugin #531 (@tmjd)
  • For updated Kubernetes clusters that allow it, you may include both a pod and namespace selector on a NetworkPolicyPeer. libcalico-go #871 (@spikecurtis)
  • Fix a bug where IPAM would not use existing IP blocks. libcalico-go #869 (@gunjan5)

Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.6
calicoctl v2.0.6
calico/node v3.0.8
calico/cni v2.0.6
calico/kube-controllers v2.0.5
calico/routereflector v0.5.0
flannel v0.9.1

v3.0.7

Release archive with Kubernetes manifests, Docker images and binaries.

17 May 2018

Important: Review the documentation carefully before attempting an upgrade. You must upgrade to Calico v2.6.5 or later before you can upgrade to Calico v3.0.7.

Bug Fixes

  • Fix invalid filter in “calicoctl node diags” command calicoctl #1855 (@bcreane)

  • Felix supports watching a configurable interface prefix when using the Kubernetes API datastore libcalico-go #864 (@caseydavenport)

Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.5
calicoctl v2.0.5
calico/node v3.0.7
calico/cni v2.0.5
calico/kube-controllers v2.0.4
calico/routereflector v0.5.0
flannel v0.9.1

v3.0.6

Release archive with Kubernetes manifests, Docker images and binaries.

20 April 2018

Important: Review the documentation carefully before attempting an upgrade. You must upgrade to Calico v2.6.5 or later before you can upgrade to Calico v3.0.6.

Bug Fixes

  • Fix bug in parsing of empty namespace selectors libcalico-go #856 (@caseydavenport)

Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.4
calicoctl v2.0.4
calico/node v3.0.6
calico/cni v2.0.5
calico/kube-controllers v2.0.4
calico/routereflector v0.5.0
flannel v0.9.1

v3.0.5

Release archive with Kubernetes manifests, Docker images and binaries.

16 April 2018

Important: Review the documentation carefully before attempting an upgrade. You must upgrade to Calico v2.6.5 or later before you can upgrade to Calico v3.0.5.

Bug Fixes

  • Add support for configuring container IP forwarding via the CNI configuration file. cni-plugin #508 (@caseydavenport)
  • When auto-detecting a node name, Calico will convert the hostname to lowercase. calico #1880 (@robbrockbank)
  • Fix bug typha #118 where calico/node and Typha race to create the cluster information resource, causing Typha to crash. libcalico-go #845 (@robbrockbank)
  • Improve confd behavior when using the Kubernetes API datastore with node-to-node mesh disabled. libcalico-go #838 (@caseydavenport)
  • Support ‘.’ character in interface names libcalico-go #832 (@codertux)
  • Fix an interaction between failsafe inbound/outbound ports and do-not-track policy that resulted in failsafe ports being blocked if do-not-track policy was added. felix #1775 (@fasaxc)

Build changes

Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.3
calicoctl v2.0.3
calico/node v3.0.5
calico/cni v2.0.4
calico/kube-controllers v2.0.3
calico/routereflector v0.5.0
flannel v0.9.1

v3.0.4

Release archive with Kubernetes manifests, Docker images and binaries.

21 March 2018

Important: Review the documentation carefully before attempting an upgrade. You must upgrade to Calico v2.6.5 or later before you can upgrade to Calico v3.0.4.

Bug Fixes

  • Fixes a bug where the calico/cni container would ignore termination signals. cni-plugin #487 (@ketkulka)

  • Closes a number of race conditions and failure scenarios in IPAM block allocation and releasing. libcalico-go #819 (@caseydavenport)

  • Improves log output around IPAM block allocation and releasing. libcalico-go #819 (@caseydavenport)

  • Fixes a bug where IPs could be assigned from disabled IP pools. libcalico-go #819 (@ozdanborne)

  • Fixes a rare bug where a node could, in some circumstances, advertise /26 blocks that it didn’t own calico #1751 (@caseydavenport)

Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.2
calicoctl v2.0.2
calico/node v3.0.4
calico/cni v2.0.3
calico/kube-controllers v2.0.2
calico/routereflector v0.5.0
flannel v0.9.1

v3.0.3

Release archive with Kubernetes manifests, Docker images and binaries.

23 February 2018

Important: Review the documentation carefully before attempting an upgrade. You must upgrade to Calico v2.6.5 or later before you can upgrade to Calico v3.0.3.

Bug Fixes

  • Improved error messages when failing to initialize a connection to etcd libcalico-go #794 (@ozdanborne)

  • Ignore hidden files when checking for etcd certificates to copy over when installing CNI. cni-plugin #473 (@tmjd)

Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.2
calicoctl v2.0.1
calico/node v3.0.3
calico/cni v2.0.1
calico/kube-controllers v2.0.1
calico/routereflector v0.5.0
flannel v0.9.1

v3.0.2

Release archive with Kubernetes manifests, Docker images and binaries.

09 February 2018

Important: Review the documentation carefully before attempting an upgrade. You must upgrade to Calico v2.6.5 or later before you can upgrade to Calico v3.0.2.

Bug Fixes

  • Fixed a bug where Calico would silently lose its connection to etcd and never recover when the etcd server was terminated. libcalico-go #780 (@caseydavenport)

  • Fixed a bug when multiple nodes are restarted simultaneously and swap IP addresses calico #1681 (@caseydavenport)

  • Fixed a route scan issue where upon startup bird did not notice that tunneled routes needed to be updated to be non-tunneled. calico #1679 (@caseydavenport)

  • Enable Kubernetes node references for automatic cleanup of Node resources in etcd. calico #1678 (@caseydavenport)

  • Fixed a panic when BGP is disabled. calico #1674 (@tmjd)

  • Kubernetes self-hosted manifests now enable BGP IP address auto-detection by default. calico #1588 (@caseydavenport)

Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.1
calicoctl v2.0.0
calico/node v3.0.2
calico/cni v2.0.0
calico/kube-controllers v2.0.0
calico/routereflector v0.5.0
flannel v0.9.1

v3.0.1

Release archive with Kubernetes manifests, Docker images and binaries.

22 December 2017

Important: This release includes breaking changes to the data and resource model. Review the documentation carefully before attempting an upgrade. Some highlights include:

  • You must upgrade to Calico v2.6.5 before you can upgrade to v3.0.1.
  • Calico deployments that access the etcd datastore directly must complete a one-time migration.
  • You must convert any customized Calico manifests via calicoctl convert before you can use them with v3.0.1.

#### What’s new

##### Support for etcdv3

##### Support for Windows in policy-only mode

  • Felix now compiles and runs on Windows in policy-only mode. felix #1638 (@nwoodmsft)

##### Migration and upgrade from v2.6.5

##### calicoctl enhancements

  • Those using the Kubernetes API datastore can now use calicoctl to create, read, update, and delete Calico policies.

  • calicoctl features two new resources: BGP Configuration and Felix Configuration.

  • The calicoctl policy resource has been split into new network policy and global network policy resources.

  • Network policy resources can include a namespace value, allowing you to create policies that only apply to workload endpoint resources in the same namespace.

  • You can now specify namespaceSelector expressions in network policy and global network policy rules to select one or more namespaces in their entirety.

  • The get, apply, create, delete, and replace commands of calicoctl now include an optional --namespace=<NS> flag. Refer to the calicoctl Command reference section for more details.

  • The get command of calicoctl now includes optional --all-namespaces and --export flags. Refer to the calicoctl get section for more information.

  • calicoctl no longer accepts the following flags in get commands: --node=<NODE>, --orchestrator=<ORCH>, --workload=<WORKLOAD>, and --scope=<SCOPE>. These options are now a part of the individual resources.

  • calicoctl no longer includes a config command. To achieve the equivalent functionality, refer to Modifying low-level component configurations.

  • You can now name host and workload endpoint ports and reference them by name in your policy rules.

  • calicoctl now allows a 0 value for ICMP entries in policy resources, enabling ping responses. In addition, it now rejects 255 values in the type field due to lack of kernel support. Refer to the reference documentation of the network policy and global network policy resources for more information.

  • calicoctl now offers a new convert command, allowing 2.6.x manifests stored under version control to be converted to the v3.x format. calicoctl #1782 (@gunjan5)

##### Host endpoint policies can be applied to forwarded traffic

  • The new ApplyOnForward flag allows you to specify if a host endpoint policy should apply to forwarded traffic or not. Forwarded traffic includes traffic forwarded between host endpoints and traffic forwarded between a host endpoint and a workload endpoint on the same host. Refer to Using Calico to secure host interfaces for more details.

##### CNI plugin changes

  • Calico now assigns the host side of veth pairs a MAC address of ee:ee:ee:ee:ee:ee. If this fails, it uses a kernel-generated MAC address as before. For more information, refer to the Troubleshooting FAQ. cni-plugin #436 (@tmjd)

  • The CNI plugin now offers an optional environment variable called CNI_OLD_CONF_NAME. If set, the CNI plug-in cleans up old configuration data during an upgrade, making it easier to migrate to a new CNI_CONF_NAME value. cni-plugin #392(@weikinhuang)

  • The CNI plugin no longer throws a file exists message when programming routes. cni-plugin #406 (@gunjan5)

  • After a period of deprecation, this release removes support for the ETCD_AUTHORITY and ETCD_SCHEME environment variables. Calico no longer reads these values. If you have not transitioned to ETCD_ENDPOINTS, you must do so as of v3.0. Refer to Configuring calicoctl - etcdv3 datastore for more information.

  • A new node controller for Kubernetes deployments clears data associated with deleted nodes from the Calico datastore, preventing conflicts that can lead to crash loops. Refer to Configuring the Calico Kubernetes controllers for more information.

##### Other changes

  • Calico now works with Kubernetes network services proxy with IPVS/LVS. Calico enforces network policies with kube-proxy running in IPVS mode for Kubernetes clusters. Currently only workload ingress policy is supported.

  • Rolling update is now enabled by default in the Kubernetes self-hosted manifests. calico #1506 (@caseydavenport)

  • The CoreOS version used for the Kubernetes Vagrant tutorial has been updated, resolving an issue causing kubectl to hang. calico #1487 (@2ffs2nns)

  • Typha no longer sends incorrect updateTypes to Felix, increasing the accuracy of Felix statistics. typha #70 (@fasaxc)

  • The CNI plugin now offers an optional environment variable called CNI_OLD_CONF_NAME. If set, the CNI plug-in cleans up old configuration data during an upgrade, making it easier to migrate to a new CNI_CONF_NAME value. cni-plugin #392(@weikinhuang)

#### Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.0
calicoctl v2.0.0
calico/node v3.0.1
calico/cni v2.0.0
calico/kube-controllers v2.0.0
calico/routereflector v0.5.0
flannel v0.9.1

v3.0.0

Release archive with Kubernetes manifests, Docker images and binaries.

21 December 2017

Important: Due to a known issue in this release that can cause potential brief losses of connectivity after upgrading from v2.6.4, this release is deprecated. Use v3.0.1 instead. This issue does not affect those using the Kubernetes API datastore or running in policy-only mode.

What’s new

Support for etcdv3
Migration and upgrade from v2.6.4
calicoctl enhancements
  • Those using the Kubernetes API datastore can now use calicoctl to create, read, update, and delete Calico policies.

  • calicoctl features two new resources: BGP Configuration and Felix Configuration.

  • The calicoctl policy resource has been split into new network policy and global network policy resources.

  • Network policy resources can include a namespace value, allowing you to create policies that only apply to workload endpoint resources in the same namespace.

  • You can now specify namespaceSelector expressions in network policy and global network policy rules to select one or more namespaces in their entirety.

  • The get, apply, create, delete, and replace commands of calicoctl now include an optional --namespace=<NS> flag. Refer to the calicoctl Command reference section for more details.

  • The get command of calicoctl now includes optional --all-namespaces and --export flags. Refer to the calicoctl get section for more information.

  • calicoctl no longer accepts the following flags in get commands: --node=<NODE>, --orchestrator=<ORCH>, --workload=<WORKLOAD>, and --scope=<SCOPE>. These options are now a part of the individual resources.

  • calicoctl no longer includes a config command. To achieve the equivalent functionality, refer to Modifying low-level component configurations.

  • You can now name host and workload endpoint ports and reference them by name in your policy rules.

  • calicoctl now allows a 0 value for ICMP entries in policy resources, enabling ping responses. In addition, it now rejects 255 values in the type field due to lack of kernel support. Refer to the reference documentation of the network policy and global network policy resources for more information.

  • calicoctl now offers a new convert command, allowing 2.6.x manifests stored under version control to be converted to the v3.x format. calicoctl #1782 (@gunjan5)

Host endpoint policies can be applied to forwarded traffic
  • The new ApplyOnForward flag allows you to specify if a host endpoint policy should apply to forwarded traffic or not. Forwarded traffic includes traffic forwarded between host endpoints and traffic forwarded between a host endpoint and a workload endpoint on the same host. Refer to Using Calico to secure host interfaces for more details.
CNI plugin changes
  • Calico now assigns the host side of veth pairs a MAC address of ee:ee:ee:ee:ee:ee. If this fails, it uses a kernel-generated MAC address as before. For more information, refer to the Troubleshooting FAQ. cni-plugin #436 (@tmjd)

  • The CNI plugin now offers an optional environment variable called CNI_OLD_CONF_NAME. If set, the CNI plug-in cleans up old configuration data during an upgrade, making it easier to migrate to a new CNI_CONF_NAME value. cni-plugin #392(@weikinhuang)

  • The CNI plugin no longer throws a file exists message when programming routes. cni-plugin #406 (@gunjan5)

  • After a period of deprecation, this release removes support for the ETCD_AUTHORITY and ETCD_SCHEME environment variables. Calico no longer reads these values. If you have not transitioned to ETCD_ENDPOINTS, you must do so as of v3.0. Refer to Configuring calicoctl - etcdv3 datastore for more information.

  • A new node controller for Kubernetes deployments clears data associated with deleted nodes from the Calico datastore, preventing conflicts that can lead to crash loops. Refer to Configuring the Calico Kubernetes controllers for more information.

Other changes
  • Felix now compiles and runs on Windows in policy-only mode. felix #1638 (@nwoodmsft)

  • Calico now works with Kubernetes network services proxy with IPVS/LVS. Calico enforces network policies with kube-proxy running in IPVS mode for Kubernetes clusters. Currently only workload ingress policy is supported.

  • Rolling update is now enabled by default in the Kubernetes self-hosted manifests. calico #1506 (@caseydavenport)

  • The CoreOS version used for the Kubernetes Vagrant tutorial has been updated, resolving an issue causing kubectl to hang. calico #1487 (@2ffs2nns)

  • Typha no longer sends incorrect updateTypes to Felix, increasing the accuracy of Felix statistics. typha #70 (@fasaxc)

Limitations

  • Offers only Kubernetes, OpenShift, and host endpoint integrations: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
typha v0.6.0
calicoctl v2.0.0
calico/node v3.0.0
calico/cni v2.0.0
calico/kube-controllers v2.0.0
calico/routereflector v0.5.0