Releases

The following table shows component versioning for Calico v3.1.

Use the version selector at the top-right of this page to view a different release.

v3.1.4

Release archive with Kubernetes manifests, Docker images and binaries.

09 November 2018

Limitations

  • Offers only Kubernetes, OpenShift, OpenStack, and host endpoint integrations: the Mesos, DC/OS, and libnetwork orchestrators have not been tested. The latest supported release for these orchestrators is v2.6. We plan to resume support for these orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
calico/node v3.1.4
calicoctl v3.1.4
calico/cni v3.1.4
calico/kube-controllers v3.1.4
networking-calico 3.1.3
typha v3.1.4
flannel v0.9.1
calico/routereflector v0.6.1

v3.1.3

Release archive with Kubernetes manifests, Docker images and binaries.

30 May 2018

Bug Fixes

  • Fix a bug in the CNI plugin where IP allocations were not properly updated on container restart cni-plugin #538 (@caseydavenport)
  • Fix etcd cert file existence check in calico/cni cni-plugin #530 (@bjhaid)
  • When run as a pod, the CNI plugin will be configured with the Kubernetes certificate authority for TLS verification. cni-plugin #530 (@tmjd)
  • For updated Kubernetes clusters that allow it, you may include both a pod and namespace selector on a NetworkPolicyPeer. libcalico-go #872 (@spikecurtis)
  • Fix a bug where IPAM would not use existing IP blocks. libcalico-go #870 (@gunjan5)

Limitations

  • Offers only Kubernetes, OpenShift, OpenStack, and host endpoint integrations: the Mesos, DC/OS, and libnetwork orchestrators have not been tested. The latest supported release for these orchestrators is v2.6. We plan to resume support for these orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
calico/node v3.1.3
calicoctl v3.1.3
calico/cni v3.1.3
calico/kube-controllers v3.1.3
networking-calico 3.1.3
typha v0.7.4
flannel v0.9.1
calico/routereflector v0.6.1

v3.1.2

Release archive with Kubernetes manifests, Docker images and binaries.

18 May 2018

Bug Fixes

  • Fix invalid filter in calicoctl node diags command calicoctl #1854 (@bcreane)
  • Felix supports watching a configurable interface prefix when using the Kubernetes API datastore. libcalico-go #865 (@caseydavenport)

Limitations

  • Offers only Kubernetes, OpenShift, OpenStack, and host endpoint integrations: the Mesos, DC/OS, and libnetwork orchestrators have not been tested. The latest supported release for these orchestrators is v2.6. We plan to resume support for these orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
calico/node v3.1.2
calicoctl v3.1.2
calico/cni v3.1.2
calico/kube-controllers v3.1.2
networking-calico 3.1.2
typha v0.7.3
flannel v0.9.1
calico/routereflector v0.6.1

v3.1.1

Release archive with Kubernetes manifests, Docker images and binaries.

20 April 2018

Bug Fixes

  • Fix bug in parsing of empty namespace selectors libcalico-go #857 (@caseydavenport)

  • Add support for configuring container IP forwarding via the CNI configuration file. cni-plugin #509 (@caseydavenport)

Limitations

  • Offers only Kubernetes, OpenShift, OpenStack, and host endpoint integrations: the Mesos, DC/OS, and libnetwork orchestrators have not been tested. The latest supported release for these orchestrators is v2.6. We plan to resume support for these orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
calico/node v3.1.1
calicoctl v3.1.1
calico/cni v3.1.1
calico/kube-controllers v3.1.1
networking-calico 3.1.1
typha v0.7.2
flannel v0.9.1
calico/routereflector v0.6.1

v3.1.0

Release archive with Kubernetes manifests, Docker images and binaries.

06 April 2018

Support for OpenStack

Calico v3.1 reintroduces support for OpenStack. Existing users can upgrade their Calico OpenStack clusters to v3.1 by following the documented procedure.

Introducing GlobalNetworkSets

Calico now supports a new resource type: GlobalNetworkSet. A GlobalNetworkSet contains a set of CIDRs with associated labels, which can be matched by global network policies. This allows for rules to refer to external networks, possibly consisting of thousands of CIDRs. GlobalNetworkSets allow you to write network policies that are more portable across clusters by introducing a label-based abstraction on top of network CIDRs. To learn more, see the GlobalNetworkSet resource definition.

Beta support for IPVS kube-proxy

Calico v3.1 moves support for the IPVS kube-proxy from alpha to beta with support for pod ingress, pod egress, and host endpoint network policy. The IPVS kube-proxy is itself still beta, but promises greater scale and performance compared to the existing iptables proxy.

Kubernetes IPv6 support

Calico v3.1 includes fixes which better support running an IPv6-based Kubernetes cluster. In Calico v3.1, you can now use the Kubernetes API datastore in IPv6 mode. Additionally, Calico now generates a /48 unique local address (ULA) prefix when no IPv6 pool is specified rather than using a fixed CIDR. This prevents multiple Calico clusters from sharing the same IPv6 address space. Check out the documentation on enabling IPv6 support for more information.

HostEndpoint support for Kubernetes API datastore

Calico now supports configuration of host endpoints when using the Kubernetes API datastore. This allows you to seamlessly apply network policy to Kubernetes host machines and Kubernetes pods alike using Calico global network policies.

Other changes

  • The install-cni container now maintains the original mode on certificates copied from Kubernetes secrets. cni-plugin #481 (@caseydavenport)
  • The install-cni container now writes the calico-kubeconfig file with mode 600 by default. It can be configured by setting the KUBECONFIG_MODE option. cni-plugin #481 (@caseydavenport)
  • The Calico CNI plugin by default expects the /var/lib/calico/nodename file to be created by calico/node. To disable this feature, set nodename_file_optional: true in your CNI network configuration. cni-plugin #480 (@caseydavenport)
  • Fix a bug where IPs could be assigned from disabled IP pools. libcalico-go #806 (@ozdanborne)
  • Fix a bug where profiles were periodically and unnecessarily reprogrammed by kube-controllers. libcalico-go #805 (@caseydavenport)
  • Fix a bug where nodes were periodically and unnecessarily processed by kube-controllers. kube-controllers #216 (@caseydavenport)
  • Closes a number of race conditions and failure scenarios in IPAM block allocation and releasing. libcalico-go #785 (@caseydavenport)
  • Improves log output around IPAM block allocation and releasing. libcalico-go #785 (@caseydavenport)
  • The self-hosted Kubernetes manifests now set mode 400 for TLS secrets by default calico #1725 (@caseydavenport)
  • Fix a rare bug where a node could in some circumstances advertise /26 blocks that it didn’t own calico #1712 (@caseydavenport)
  • Use networking.k8s.io api in place of deprecated extensions/v1beta1. calico #1614 (@bcreane)
  • Fix an interaction between failsafe inbound/outbound ports and do-not-track policy that resulted in failsafe ports being blocked if do-not-track policy was added. felix #1718 (@fasaxc)
  • Fix bug in icmp validation where ipVersion was required for all icmp rules. calicoctl #1814 (@ozdanborne)

Limitations

  • Offers only Kubernetes, OpenShift, OpenStack, and host endpoint integrations: the Mesos, DC/OS, and libnetwork orchestrators have not been tested. The latest supported release for these orchestrators is v2.6. We plan to resume support for these orchestrators in a future release.

  • GoBGP not supported: Setting the CALICO_NETWORKING_BACKEND environment variable to gobgp is not supported. See Configuring calico/node for more information. We plan to resume support for GoBGP in a future release.

  • Route reflectors cannot be clustered: We plan to resume support for this in a future release.

Component Version
calico/node v3.1.0
calicoctl v3.1.0
calico/cni v3.1.0
calico/kube-controllers v3.1.0
networking-calico 3.1.0
typha v0.7.1
flannel v0.9.1
calico/routereflector v0.6.1