From 65fb043a7752c48f507ccc6bfbf75b1bd5d67fc3 Mon Sep 17 00:00:00 2001 From: Christopher Tauchen Date: Wed, 28 Jan 2026 15:37:30 +0000 Subject: [PATCH 1/8] Prepare for release CE 3.21.6 --- .../version-3.21-2/release-notes/index.mdx | 11 + .../version-3.21-2/releases.json | 261 ++++++++++++++++++ .../version-3.21-2/variables.js | 6 +- 3 files changed, 275 insertions(+), 3 deletions(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index fb250e9773..0b8ef00983 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -199,3 +199,14 @@ December 18, 2025 * Security updates are not included in this hotfix release, but will be included in our next scheduled release. To update an existing installation of Calico Enterprise 3.21, see [Install a patch release](../getting-started/manifest-archive.mdx). + +### Calico Enterprise 3.21.6 bug fix release + +January 29, 2025 + +#### Bug fixes + +* TBD + +To update an existing installation of Calico Enterprise 3.21, see [Install a patch release](../getting-started/manifest-archive.mdx). + diff --git a/calico-enterprise_versioned_docs/version-3.21-2/releases.json b/calico-enterprise_versioned_docs/version-3.21-2/releases.json index cefb4f002b..ae892ef6ea 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/releases.json +++ b/calico-enterprise_versioned_docs/version-3.21-2/releases.json @@ -1,4 +1,265 @@ [ + { + "title": "v3.21.6", + "tigera-operator": { + "version": "v1.38.10", + "image": "tigera/operator", + "registry": "quay.io" + }, + "calico": { + "minor_version": "v3.30", + "archive_path": "archive" + }, + "components": { + "alertmanager": { + "version": "v3.21.6", + "image": "tigera/alertmanager" + }, + "calicoctl": { + "version": "v3.21.6", + "image": "tigera/calicoctl" + }, + "calicoq": { + "version": "v3.21.6", + "image": "tigera/calicoq" + }, + "cnx-apiserver": { + "version": "v3.21.6", + "image": "tigera/cnx-apiserver" + }, + "cnx-kube-controllers": { + "version": "v3.21.6", + "image": "tigera/kube-controllers" + }, + "cnx-manager": { + "version": "v3.21.6", + "image": "tigera/cnx-manager" + }, + "cnx-node": { + "version": "v3.21.6", + "image": "tigera/cnx-node" + }, + "cnx-node-windows": { + "version": "v3.21.6", + "image": "tigera/cnx-node-windows" + }, + "cnx-queryserver": { + "version": "v3.21.6", + "image": "tigera/cnx-queryserver" + }, + "compliance-benchmarker": { + "version": "v3.21.6", + "image": "tigera/compliance-benchmarker" + }, + "compliance-controller": { + "version": "v3.21.6", + "image": "tigera/compliance-controller" + }, + "compliance-reporter": { + "version": "v3.21.6", + "image": "tigera/compliance-reporter" + }, + "compliance-server": { + "version": "v3.21.6", + "image": "tigera/compliance-server" + }, + "compliance-snapshotter": { + "version": "v3.21.6", + "image": "tigera/compliance-snapshotter" + }, + "coreos-alertmanager": { + "version": "v0.28.1" + }, + "coreos-config-reloader": { + "version": "v0.76.2" + }, + "coreos-dex": { + "version": "v2.41.1" + }, + "coreos-fluentd": { + "version": "1.18.0" + }, + "coreos-prometheus": { + "version": "v2.55.1" + }, + "coreos-prometheus-operator": { + "version": "v0.76.2" + }, + "csi": { + "version": "v3.21.6", + "image": "tigera/csi" + }, + "csi-node-driver-registrar": { + "version": "v3.21.6", + "image": "tigera/node-driver-registrar" + }, + "deep-packet-inspection": { + "version": "v3.21.6", + "image": "tigera/deep-packet-inspection" + }, + "dex": { + "version": "v3.21.6", + "image": "tigera/dex" + }, + "dikastes": { + "version": "v3.21.6", + "image": "tigera/dikastes" + }, + "eck-elasticsearch": { + "version": "8.18.8" + }, + "eck-elasticsearch-operator": { + "version": "2.16.0" + }, + "eck-kibana": { + "version": "8.18.8" + }, + "egress-gateway": { + "version": "v3.21.6", + "image": "tigera/egress-gateway" + }, + "elastic-tsee-installer": { + "version": "v3.21.6", + "image": "tigera/intrusion-detection-job-installer" + }, + "elasticsearch": { + "version": "v3.21.6", + "image": "tigera/elasticsearch" + }, + "elasticsearch-metrics": { + "version": "v3.21.6", + "image": "tigera/elasticsearch-metrics" + }, + "elasticsearch-operator": { + "version": "v3.21.6", + "image": "tigera/eck-operator" + }, + "envoy": { + "version": "v3.21.6", + "image": "tigera/envoy" + }, + "envoy-init": { + "version": "v3.21.6", + "image": "tigera/envoy-init" + }, + "es-gateway": { + "version": "v3.21.6", + "image": "tigera/es-gateway" + }, + "firewall-integration": { + "version": "v3.21.6", + "image": "tigera/firewall-integration" + }, + "flexvol": { + "version": "v3.21.6", + "image": "tigera/pod2daemon-flexvol" + }, + "fluentd": { + "version": "v3.21.6", + "image": "tigera/fluentd" + }, + "fluentd-windows": { + "version": "v3.21.6", + "image": "tigera/fluentd-windows" + }, + "gateway-api-envoy-gateway": { + "version": "v3.21.6", + "image": "tigera/envoy-gateway" + }, + "gateway-api-envoy-proxy": { + "version": "v3.21.6", + "image": "tigera/envoy-proxy" + }, + "gateway-api-envoy-ratelimit": { + "version": "v3.21.6", + "image": "tigera/envoy-ratelimit" + }, + "guardian": { + "version": "v3.21.6", + "image": "tigera/guardian" + }, + "ingress-collector": { + "version": "v3.21.6", + "image": "tigera/ingress-collector" + }, + "intrusion-detection-controller": { + "version": "v3.21.6", + "image": "tigera/intrusion-detection-controller" + }, + "key-cert-provisioner": { + "version": "v3.21.6", + "image": "tigera/key-cert-provisioner" + }, + "kibana": { + "version": "v3.21.6", + "image": "tigera/kibana" + }, + "l7-admission-controller": { + "version": "v3.21.6", + "image": "tigera/l7-admission-controller" + }, + "l7-collector": { + "version": "v3.21.6", + "image": "tigera/l7-collector" + }, + "license-agent": { + "version": "v3.21.6", + "image": "tigera/license-agent" + }, + "linseed": { + "version": "v3.21.6", + "image": "tigera/linseed" + }, + "packetcapture": { + "version": "v3.21.6", + "image": "tigera/packetcapture" + }, + "policy-recommendation": { + "version": "v3.21.6", + "image": "tigera/policy-recommendation" + }, + "prometheus": { + "version": "v3.21.6", + "image": "tigera/prometheus" + }, + "prometheus-config-reloader": { + "version": "v3.21.6", + "image": "tigera/prometheus-config-reloader" + }, + "prometheus-operator": { + "version": "v3.21.6", + "image": "tigera/prometheus-operator" + }, + "tigera-cni": { + "version": "v3.21.6", + "image": "tigera/cni" + }, + "tigera-cni-windows": { + "version": "v3.21.6", + "image": "tigera/cni-windows" + }, + "tigera-prometheus-service": { + "version": "v3.21.6", + "image": "tigera/prometheus-service" + }, + "typha": { + "version": "v3.21.6", + "image": "tigera/typha" + }, + "ui-apis": { + "version": "v3.21.6", + "image": "tigera/ui-apis" + }, + "voltron": { + "version": "v3.21.6", + "image": "tigera/voltron" + }, + "webhooks-processor": { + "version": "v3.21.6", + "image": "tigera/webhooks-processor" + } + } + }, { "title": "v3.21.5", "tigera-operator": { diff --git a/calico-enterprise_versioned_docs/version-3.21-2/variables.js b/calico-enterprise_versioned_docs/version-3.21-2/variables.js index d5ca8923fe..517cee45ba 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/variables.js +++ b/calico-enterprise_versioned_docs/version-3.21-2/variables.js @@ -2,13 +2,13 @@ const releases = require('./releases.json'); const componentImage = require('../../src/components/utils/componentImage'); const variables = { - releaseTitle: 'v3.21.5', + releaseTitle: 'v3.21.6', prodname: 'Calico Enterprise', prodnamedash: 'calico-enterprise', version: 'v3.21', openSourceVersion: releases[0].calico.minor_version.slice(1), baseUrl: '/calico-enterprise/3.21', - filesUrl: 'https://downloads.tigera.io/ee/v3.21.5', + filesUrl: 'https://downloads.tigera.io/ee/v3.21.6', rpmsUrl: 'https://downloads.tigera.io/ee/rpms/' + releases[0].title.slice(0, 5), tutorialFilesURL: 'https://docs.tigera.io/files', tmpScriptsURL: 'https://docs.tigera.io/calico-enterprise/3.21', @@ -20,7 +20,7 @@ const variables = { rootDirWindows: 'C:\\TigeraCalico', registry: 'quay.io/', envoyVersion: '1.3.2', - chart_version_name: 'v3.21.5-0', + chart_version_name: 'v3.21.6-0', tigeraOperator: releases[0]['tigera-operator'], dikastesVersion: releases[0].components.dikastes.version, releases, From 8a569b1ea5eebad6a72636fc779b6572b82e7e05 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Fri, 6 Feb 2026 16:34:19 -0800 Subject: [PATCH 2/8] Update operator version --- calico-enterprise_versioned_docs/version-3.21-2/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/releases.json b/calico-enterprise_versioned_docs/version-3.21-2/releases.json index ae892ef6ea..ae04eb8b8b 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/releases.json +++ b/calico-enterprise_versioned_docs/version-3.21-2/releases.json @@ -2,7 +2,7 @@ { "title": "v3.21.6", "tigera-operator": { - "version": "v1.38.10", + "version": "v1.38.12", "image": "tigera/operator", "registry": "quay.io" }, From 6d0f34985e23f0d7cee20e98ee7693b99f752abb Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Fri, 6 Feb 2026 16:34:32 -0800 Subject: [PATCH 3/8] Update release date and add known issues --- .../version-3.21-2/release-notes/index.mdx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index 0b8ef00983..8625438a5e 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -202,11 +202,15 @@ To update an existing installation of Calico Enterprise 3.21, see [Install a pat ### Calico Enterprise 3.21.6 bug fix release -January 29, 2025 +February 6, 2025 #### Bug fixes * TBD +#### Known issues + +* Workload-level ApplicationLayer features (WAF, ALP, and L7 Logging) via sidecar injection are not supported on OpenShift (OCP) clusters in this release. This is resolved in v3.22.1. + To update an existing installation of Calico Enterprise 3.21, see [Install a patch release](../getting-started/manifest-archive.mdx). From 4bf0d0123da674404815c786ce259c8b65dc7184 Mon Sep 17 00:00:00 2001 From: Rene Dekker Date: Fri, 6 Feb 2026 16:58:17 -0800 Subject: [PATCH 4/8] docs: Added release notes for v3.21.6 --- .../version-3.21-2/release-notes/index.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index 8625438a5e..9491e6d7b4 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -206,7 +206,8 @@ February 6, 2025 #### Bug fixes -* TBD +* Fixed an issue where fragmented packets where fragmented packets coming from a workload and leaving the node through dual uplink interfaces would have some fragments dropped when using BPF. +* Security updates. #### Known issues From e687ca4237983df2393a5acadd90a92fac920fcd Mon Sep 17 00:00:00 2001 From: Rene Dekker Date: Fri, 6 Feb 2026 17:01:18 -0800 Subject: [PATCH 5/8] docs: Added release notes for v3.21.6 --- .../version-3.21-2/release-notes/index.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index 9491e6d7b4..2b39be3232 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -207,6 +207,7 @@ February 6, 2025 #### Bug fixes * Fixed an issue where fragmented packets where fragmented packets coming from a workload and leaving the node through dual uplink interfaces would have some fragments dropped when using BPF. +* Added a missing network policy rule to allow traffic from intrusion detection controller to the manager. * Security updates. #### Known issues From 7adccc5060f7063ad5a692bfd4f0c735d03baa07 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Fri, 6 Feb 2026 18:30:30 -0800 Subject: [PATCH 6/8] Add microk8s docs site to skiplist for now --- __tests__/crawler.test.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/__tests__/crawler.test.js b/__tests__/crawler.test.js index dfc03dfd27..87a8ee6d09 100644 --- a/__tests__/crawler.test.js +++ b/__tests__/crawler.test.js @@ -199,7 +199,8 @@ test('Crawl the docs and execute tests', async () => { 'https://istio.io/v1.15/docs/setup/install/', 'https://sysctl-explorer.net/net/ipv4/fib_multipath_hash_policy/', 'https://calico-docs.mcp.kapa.ai', - 'https://docs.tigera.io/img/calico-logo-2026-badge.png' + 'https://docs.tigera.io/img/calico-logo-2026-badge.png', + 'https://canonical.com/microk8s/docs/clustering' ]; const lc = linkChecker(); From 01b48489169812c5f86ed4e53be80b24360e5e5f Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Fri, 6 Feb 2026 18:38:08 -0800 Subject: [PATCH 7/8] Revert "Add microk8s docs site to skiplist for now" This reverts commit 7adccc5060f7063ad5a692bfd4f0c735d03baa07. --- __tests__/crawler.test.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/__tests__/crawler.test.js b/__tests__/crawler.test.js index 87a8ee6d09..dfc03dfd27 100644 --- a/__tests__/crawler.test.js +++ b/__tests__/crawler.test.js @@ -199,8 +199,7 @@ test('Crawl the docs and execute tests', async () => { 'https://istio.io/v1.15/docs/setup/install/', 'https://sysctl-explorer.net/net/ipv4/fib_multipath_hash_policy/', 'https://calico-docs.mcp.kapa.ai', - 'https://docs.tigera.io/img/calico-logo-2026-badge.png', - 'https://canonical.com/microk8s/docs/clustering' + 'https://docs.tigera.io/img/calico-logo-2026-badge.png' ]; const lc = linkChecker(); From 222dab1304bbd35ebd5dc682c2c10169747a4673 Mon Sep 17 00:00:00 2001 From: Christopher Tauchen Date: Fri, 6 Feb 2026 08:26:16 +0000 Subject: [PATCH 8/8] Add link to skip list (temp) (#2515) --- __tests__/crawler.test.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/__tests__/crawler.test.js b/__tests__/crawler.test.js index dfc03dfd27..d9cba037b0 100644 --- a/__tests__/crawler.test.js +++ b/__tests__/crawler.test.js @@ -199,7 +199,8 @@ test('Crawl the docs and execute tests', async () => { 'https://istio.io/v1.15/docs/setup/install/', 'https://sysctl-explorer.net/net/ipv4/fib_multipath_hash_policy/', 'https://calico-docs.mcp.kapa.ai', - 'https://docs.tigera.io/img/calico-logo-2026-badge.png' + 'https://docs.tigera.io/img/calico-logo-2026-badge.png', + 'https://microk8s.io/docs/clustering' // TEMP ]; const lc = linkChecker();