diff --git a/static/calico-enterprise/llms-full.txt b/static/calico-enterprise/llms-full.txt index 60339673a1..44279aacd5 100644 --- a/static/calico-enterprise/llms-full.txt +++ b/static/calico-enterprise/llms-full.txt @@ -869,9 +869,9 @@ A Linux host that meets the following requirements. 2. Install the Tigera Operator and custom resource definitions. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 3. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -879,7 +879,7 @@ A Linux host that meets the following requirements. > **SECONDARY:** If you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 4. Install your pull secret. @@ -897,13 +897,13 @@ A Linux host that meets the following requirements. 5. Optional: Compliance and packet capture features are optional. To enable these features during installation, download and review the custom-resources.yaml file. Uncomment the necessary CRs and use this custom-resources.yaml for installation. ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 6. Install the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` Monitor progress with the following command: @@ -1138,11 +1138,11 @@ The geeky details of what you get: 1. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -1160,7 +1160,7 @@ The geeky details of what you get: > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -1184,13 +1184,13 @@ The geeky details of what you get: 5. (Optional) Compliance and packet capture features are optional. To enable these features during installation, download and review the custom-resources.yaml file. Uncomment the necessary CRs and use this custom-resources.yaml for installation. ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 6. Install the Tigera custom resources. For more information on configuration options available, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` You can now monitor progress with the following command: @@ -1264,7 +1264,7 @@ helm repo add tigera-ee https://downloads.tigera.io/ee/charts helm repo update -helm pull tigera-ee/tigera-operator --version v3.22.2 +helm pull tigera-ee/tigera-operator --version v3.22.3 ``` ### Prepare the Installation Configuration[​](#prepare-the-installation-configuration) @@ -1320,13 +1320,13 @@ To install a standard Calico Enterprise cluster with Helm: 2. Optional: Compliance and packetcapture features are optional. To enable these features, review the `values.yaml` file and set the flag to `enabled: true`. In the next step, use this modified `values.yaml` for the Helm install. ```bash - helm show values ./tigera-operator-v3.22.2-0.tgz >values.yaml + helm show values ./tigera-operator-v3.22.3-0.tgz >values.yaml ``` 3. Install the Tigera Operator and custom resource definitions using the Helm 3 chart: ```bash - helm install calico-enterprise tigera-operator-v3.22.2-0.tgz \ + helm install calico-enterprise tigera-operator-v3.22.3-0.tgz \ --set-file imagePullSecrets.tigera-pull-secret=,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret= \ @@ -1338,7 +1338,7 @@ To install a standard Calico Enterprise cluster with Helm: or if you created a `values.yaml` above: ```bash - helm install calico-enterprise tigera-operator-v3.22.2-0.tgz -f values.yaml \ + helm install calico-enterprise tigera-operator-v3.22.3-0.tgz -f values.yaml \ --set-file imagePullSecrets.tigera-pull-secret=,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret= \ @@ -1676,7 +1676,7 @@ Download the Calico Enterprise manifests for OpenShift and add t ```bash mkdir calico -wget -qO- https://downloads.tigera.io/ee/v3.22.2/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico +wget -qO- https://downloads.tigera.io/ee/v3.22.3/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico cp calico/* manifests/ ``` @@ -1746,7 +1746,7 @@ oc create -f Apply the custom resources for enterprise features. ```bash -oc create -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-enterprise-resources.yaml +oc create -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-enterprise-resources.yaml ``` Apply the Calico Enterprise manifests for the Prometheus operator. @@ -1772,7 +1772,7 @@ Apply the Calico Enterprise manifests for the Prometheus operato > that you manage yourself. ```bash -oc create -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-prometheus-operator.yaml +oc create -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-prometheus-operator.yaml ``` You can now monitor progress with the following command: @@ -1786,7 +1786,7 @@ When it shows all components with status `Available`, proceed to the next step. (Optional) Apply the full CRDs including descriptions. ```bash -oc apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml +oc apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ## Next steps[​](#next-steps) @@ -1930,7 +1930,7 @@ Download the Calico Enterprise manifests for OpenShift: ```bash mkdir calico -wget -qO- https://downloads.tigera.io/ee/v3.22.2/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico +wget -qO- https://downloads.tigera.io/ee/v3.22.3/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico ``` ### Add an image pull secret[​](#add-an-image-pull-secret) @@ -2010,7 +2010,7 @@ oc create -f Apply the custom resources for enterprise features. ```bash -oc create -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-enterprise-resources.yaml +oc create -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-enterprise-resources.yaml ``` Apply the Calico Enterprise manifests for the Prometheus operator. @@ -2036,7 +2036,7 @@ Apply the Calico Enterprise manifests for the Prometheus operato > that you manage yourself. ```bash -oc create -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-prometheus-operator.yaml +oc create -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-prometheus-operator.yaml ``` You can now monitor progress with the following command: @@ -2050,7 +2050,7 @@ When it shows all components with status `Available`, proceed to the next step. (Optional) Apply the full CRDs including descriptions. ```bash -oc apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml +oc apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ## Next steps[​](#next-steps) @@ -2153,7 +2153,7 @@ Download the Calico Enterprise manifests for OpenShift: ```bash mkdir calico -wget -qO- https://downloads.tigera.io/ee/v3.22.2/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico +wget -qO- https://downloads.tigera.io/ee/v3.22.3/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico ``` ### Add an image pull secret[​](#add-an-image-pull-secret) @@ -2233,7 +2233,7 @@ oc create -f Apply the custom resources for enterprise features. ```bash -oc create -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-enterprise-resources.yaml +oc create -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-enterprise-resources.yaml ``` Apply the Calico Enterprise manifests for the Prometheus operator. @@ -2259,7 +2259,7 @@ Apply the Calico Enterprise manifests for the Prometheus operato > that you manage yourself. ```bash -oc create -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-prometheus-operator.yaml +oc create -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-prometheus-operator.yaml ``` You can now monitor progress with the following command: @@ -2273,7 +2273,7 @@ When it shows all components with status `Available`, proceed to the next step. (Optional) Apply the full CRDs including descriptions. ```bash -oc apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml +oc apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ## Next steps[​](#next-steps) @@ -2372,11 +2372,11 @@ Install Calico Enterprise on an AKS managed Kubernetes cluster. 1. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -2394,7 +2394,7 @@ Install Calico Enterprise on an AKS managed Kubernetes cluster. > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -2414,7 +2414,7 @@ Install Calico Enterprise on an AKS managed Kubernetes cluster. 5. Install the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/aks/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/aks/custom-resources.yaml ``` You can now monitor progress with the following command: @@ -2432,11 +2432,11 @@ Wait until the `apiserver` shows a status of `Available`, then proceed toCalico Enterprise metrics. @@ -2454,7 +2454,7 @@ Wait until the `apiserver` shows a status of `Available`, then proceed toCalico Enterprise metrics. @@ -2578,7 +2578,7 @@ Install Calico Enterprise on an EKS managed Kubernetes cluster. > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -2598,7 +2598,7 @@ Install Calico Enterprise on an EKS managed Kubernetes cluster. 5. Install the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/eks/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/eks/custom-resources.yaml ``` You can now monitor progress with the following command: @@ -2638,11 +2638,11 @@ Before you get started, make sure you have downloaded and configured the 2. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 3. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -2660,7 +2660,7 @@ Before you get started, make sure you have downloaded and configured the > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 4. Install your pull secret. @@ -2680,7 +2680,7 @@ Before you get started, make sure you have downloaded and configured the 6. To configure Calico Enterprise for use with the Calico CNI plugin, we must create an `Installation` resource that has `spec.cni.type: Calico`. Install the `custom-resources-calico-cni.yaml` manifest, which includes this configuration. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/eks/custom-resources-calico-cni.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/eks/custom-resources-calico-cni.yaml ``` 7. Finally, add nodes to the cluster. @@ -2778,11 +2778,11 @@ The geeky details of what you get: 1. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -2800,7 +2800,7 @@ The geeky details of what you get: > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -2820,7 +2820,7 @@ The geeky details of what you get: 5. Install the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` You can now monitor progress with the following command: @@ -3079,9 +3079,9 @@ The geeky details of what you get: 3. Install the Tigera Operator and custom resource definitions. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 4. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -3089,7 +3089,7 @@ The geeky details of what you get: > **SECONDARY:** If you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 5. Install your pull secret. @@ -3109,7 +3109,7 @@ The geeky details of what you get: 7. Install the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` Monitor progress with the following command: @@ -3250,9 +3250,9 @@ In a new terminal, install the Calico Enterprise CNI. 2. Install the Tigera Operator and custom resource definitions. ```bash - kubectl apply --server-side -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl apply --server-side -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 3. Install your pull secret. @@ -3274,13 +3274,13 @@ In a new terminal, install the Calico Enterprise CNI. 5. Optional: Compliance and packet capture features are optional. To enable these features during installation, download and review the `custom-resources.yaml` file. Uncomment the necessary CRs and use this `custom-resources.yaml` for installation. ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 6. Install the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 7. Restrict privileged container access in the `tigera-elasticsearch` namespace to only the necessary Tigera and Elasticsearch service accounts using an MKE admission policy annotation. @@ -3382,9 +3382,9 @@ The geeky details of what you get: 2. Install the Tigera Operator and custom resource definitions. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 3. Install the Prometheus operator and related custom resource definitions. The Prometheus operator is used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -3392,7 +3392,7 @@ The geeky details of what you get: > **SECONDARY:** If you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 4. Install your pull secret. @@ -3412,7 +3412,7 @@ The geeky details of what you get: 6. Install the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` Monitor progress with the following command: @@ -3505,9 +3505,9 @@ The geeky details of what you get: 2. Install the Tigera Operator and custom resource definitions. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 3. Install the Prometheus operator and related custom resource definitions. The Prometheus operator is used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -3515,7 +3515,7 @@ The geeky details of what you get: > **SECONDARY:** If you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 4. Install your pull secret. @@ -3535,7 +3535,7 @@ The geeky details of what you get: 6. Install the Tigera custom resources. For more information on configuration options available, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/rancher/custom-resources-rke2.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/rancher/custom-resources-rke2.yaml ``` Monitor progress with the following command: @@ -3770,11 +3770,11 @@ The geeky details of what you get: 1. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -3792,7 +3792,7 @@ The geeky details of what you get: > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -3816,13 +3816,13 @@ The geeky details of what you get: 5. (Optional) Compliance and packet capture features are optional. To enable these features during installation, download and review the custom-resources.yaml file. Uncomment the necessary CRs and use this custom-resources.yaml for installation. ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 6. Install the Tigera custom resources. For more information on configuration options available, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` You can now monitor progress with the following command: @@ -4437,11 +4437,11 @@ To create a Charmed Kubernetes cluster without a CNI, you can customize your dep 1. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -4459,7 +4459,7 @@ To create a Charmed Kubernetes cluster without a CNI, you can customize your dep > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -4483,13 +4483,13 @@ To create a Charmed Kubernetes cluster without a CNI, you can customize your dep 5. (Optional) Compliance and packet capture features are optional. To enable these features during installation, download and review the custom-resources.yaml file. Uncomment the necessary CRs and use this custom-resources.yaml for installation. ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 6. Install the Tigera custom resources. For more information on configuration options available, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` You can now monitor progress with the following command: @@ -5298,15 +5298,15 @@ The following steps will outline the installation of Calico Enterprise networkin 1. Install the Tigera Operator and custom resource definitions. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Download the necessary Installation custom resources. ```bash - wget https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + wget https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 3. Update the `calicoNetwork` options, ensuring that the correct pod CIDR is set. (Rancher uses `10.42.0.0/16` by default.) Below are sample installations for VXLAN and BGP networking using the default Rancher pod CIDR: @@ -6599,331 +6599,331 @@ In order to install images from your private registry, you must first pull the i 1. Use the following commands to pull the required Calico Enterprise images. 2. ```bash - docker pull quay.io/tigera/operator:v1.40.6 + docker pull quay.io/tigera/operator:v1.40.9 - docker pull quay.io/tigera/alertmanager:v3.22.2 + docker pull quay.io/tigera/alertmanager:v3.22.3 - docker pull quay.io/tigera/calicoctl:v3.22.2 + docker pull quay.io/tigera/calicoctl:v3.22.3 - docker pull quay.io/tigera/calicoq:v3.22.2 + docker pull quay.io/tigera/calicoq:v3.22.3 - docker pull quay.io/tigera/apiserver:v3.22.2 + docker pull quay.io/tigera/apiserver:v3.22.3 - docker pull quay.io/tigera/kube-controllers:v3.22.2 + docker pull quay.io/tigera/kube-controllers:v3.22.3 - docker pull quay.io/tigera/manager:v3.22.2 + docker pull quay.io/tigera/manager:v3.22.3 - docker pull quay.io/tigera/node:v3.22.2 + docker pull quay.io/tigera/node:v3.22.3 - docker pull quay.io/tigera/queryserver:v3.22.2 + docker pull quay.io/tigera/queryserver:v3.22.3 - docker pull quay.io/tigera/compliance-benchmarker:v3.22.2 + docker pull quay.io/tigera/compliance-benchmarker:v3.22.3 - docker pull quay.io/tigera/compliance-controller:v3.22.2 + docker pull quay.io/tigera/compliance-controller:v3.22.3 - docker pull quay.io/tigera/compliance-reporter:v3.22.2 + docker pull quay.io/tigera/compliance-reporter:v3.22.3 - docker pull quay.io/tigera/compliance-server:v3.22.2 + docker pull quay.io/tigera/compliance-server:v3.22.3 - docker pull quay.io/tigera/compliance-snapshotter:v3.22.2 + docker pull quay.io/tigera/compliance-snapshotter:v3.22.3 - docker pull quay.io/tigera/csi:v3.22.2 + docker pull quay.io/tigera/csi:v3.22.3 - docker pull quay.io/tigera/node-driver-registrar:v3.22.2 + docker pull quay.io/tigera/node-driver-registrar:v3.22.3 - docker pull quay.io/tigera/deep-packet-inspection:v3.22.2 + docker pull quay.io/tigera/deep-packet-inspection:v3.22.3 - docker pull quay.io/tigera/dex:v3.22.2 + docker pull quay.io/tigera/dex:v3.22.3 - docker pull quay.io/tigera/dikastes:v3.22.2 + docker pull quay.io/tigera/dikastes:v3.22.3 - docker pull quay.io/tigera/egress-gateway:v3.22.2 + docker pull quay.io/tigera/egress-gateway:v3.22.3 - docker pull quay.io/tigera/intrusion-detection-job-installer:v3.22.2 + docker pull quay.io/tigera/intrusion-detection-job-installer:v3.22.3 - docker pull quay.io/tigera/elasticsearch:v3.22.2 + docker pull quay.io/tigera/elasticsearch:v3.22.3 - docker pull quay.io/tigera/elasticsearch-metrics:v3.22.2 + docker pull quay.io/tigera/elasticsearch-metrics:v3.22.3 - docker pull quay.io/tigera/eck-operator:v3.22.2 + docker pull quay.io/tigera/eck-operator:v3.22.3 - docker pull quay.io/tigera/envoy:v3.22.2 + docker pull quay.io/tigera/envoy:v3.22.3 - docker pull quay.io/tigera/es-gateway:v3.22.2 + docker pull quay.io/tigera/es-gateway:v3.22.3 - docker pull quay.io/tigera/firewall-integration:v3.22.2 + docker pull quay.io/tigera/firewall-integration:v3.22.3 - docker pull quay.io/tigera/pod2daemon-flexvol:v3.22.2 + docker pull quay.io/tigera/pod2daemon-flexvol:v3.22.3 - docker pull quay.io/tigera/fluentd:v3.22.2 + docker pull quay.io/tigera/fluentd:v3.22.3 - docker pull quay.io/tigera/envoy-gateway:v3.22.2 + docker pull quay.io/tigera/envoy-gateway:v3.22.3 - docker pull quay.io/tigera/envoy-proxy:v3.22.2 + docker pull quay.io/tigera/envoy-proxy:v3.22.3 - docker pull quay.io/tigera/envoy-ratelimit:v3.22.2 + docker pull quay.io/tigera/envoy-ratelimit:v3.22.3 - docker pull quay.io/tigera/guardian:v3.22.2 + docker pull quay.io/tigera/guardian:v3.22.3 - docker pull quay.io/tigera/ingress-collector:v3.22.2 + docker pull quay.io/tigera/ingress-collector:v3.22.3 - docker pull quay.io/tigera/intrusion-detection-controller:v3.22.2 + docker pull quay.io/tigera/intrusion-detection-controller:v3.22.3 - docker pull quay.io/tigera/key-cert-provisioner:v3.22.2 + docker pull quay.io/tigera/key-cert-provisioner:v3.22.3 - docker pull quay.io/tigera/kibana:v3.22.2 + docker pull quay.io/tigera/kibana:v3.22.3 - docker pull quay.io/tigera/l7-admission-controller:v3.22.2 + docker pull quay.io/tigera/l7-admission-controller:v3.22.3 - docker pull quay.io/tigera/l7-collector:v3.22.2 + docker pull quay.io/tigera/l7-collector:v3.22.3 - docker pull quay.io/tigera/license-agent:v3.22.2 + docker pull quay.io/tigera/license-agent:v3.22.3 - docker pull quay.io/tigera/linseed:v3.22.2 + docker pull quay.io/tigera/linseed:v3.22.3 - docker pull quay.io/tigera/packetcapture:v3.22.2 + docker pull quay.io/tigera/packetcapture:v3.22.3 - docker pull quay.io/tigera/policy-recommendation:v3.22.2 + docker pull quay.io/tigera/policy-recommendation:v3.22.3 - docker pull quay.io/tigera/prometheus:v3.22.2 + docker pull quay.io/tigera/prometheus:v3.22.3 - docker pull quay.io/tigera/prometheus-config-reloader:v3.22.2 + docker pull quay.io/tigera/prometheus-config-reloader:v3.22.3 - docker pull quay.io/tigera/prometheus-operator:v3.22.2 + docker pull quay.io/tigera/prometheus-operator:v3.22.3 - docker pull quay.io/tigera/cni:v3.22.2 + docker pull quay.io/tigera/cni:v3.22.3 - docker pull quay.io/tigera/prometheus-service:v3.22.2 + docker pull quay.io/tigera/prometheus-service:v3.22.3 - docker pull quay.io/tigera/typha:v3.22.2 + docker pull quay.io/tigera/typha:v3.22.3 - docker pull quay.io/tigera/ui-apis:v3.22.2 + docker pull quay.io/tigera/ui-apis:v3.22.3 - docker pull quay.io/tigera/voltron:v3.22.2 + docker pull quay.io/tigera/voltron:v3.22.3 - docker pull quay.io/tigera/waf-http-filter:v3.22.2 + docker pull quay.io/tigera/waf-http-filter:v3.22.3 - docker pull quay.io/tigera/webhooks-processor:v3.22.2 + docker pull quay.io/tigera/webhooks-processor:v3.22.3 ``` Retag the images with the name of your private registry `$PRIVATE_REGISTRY`. ```bash - docker tag quay.io/tigera/operator:v1.40.6 $PRIVATE_REGISTRY/tigera/operator:v1.40.6 + docker tag quay.io/tigera/operator:v1.40.9 $PRIVATE_REGISTRY/tigera/operator:v1.40.9 - docker tag quay.io/tigera/alertmanager:v3.22.2 $PRIVATE_REGISTRY/tigera/alertmanager:v3.22.2 + docker tag quay.io/tigera/alertmanager:v3.22.3 $PRIVATE_REGISTRY/tigera/alertmanager:v3.22.3 - docker tag quay.io/tigera/calicoctl:v3.22.2 $PRIVATE_REGISTRY/tigera/calicoctl:v3.22.2 + docker tag quay.io/tigera/calicoctl:v3.22.3 $PRIVATE_REGISTRY/tigera/calicoctl:v3.22.3 - docker tag quay.io/tigera/calicoq:v3.22.2 $PRIVATE_REGISTRY/tigera/calicoq:v3.22.2 + docker tag quay.io/tigera/calicoq:v3.22.3 $PRIVATE_REGISTRY/tigera/calicoq:v3.22.3 - docker tag quay.io/tigera/apiserver:v3.22.2 $PRIVATE_REGISTRY/tigera/apiserver:v3.22.2 + docker tag quay.io/tigera/apiserver:v3.22.3 $PRIVATE_REGISTRY/tigera/apiserver:v3.22.3 - docker tag quay.io/tigera/kube-controllers:v3.22.2 $PRIVATE_REGISTRY/tigera/kube-controllers:v3.22.2 + docker tag quay.io/tigera/kube-controllers:v3.22.3 $PRIVATE_REGISTRY/tigera/kube-controllers:v3.22.3 - docker tag quay.io/tigera/manager:v3.22.2 $PRIVATE_REGISTRY/tigera/manager:v3.22.2 + docker tag quay.io/tigera/manager:v3.22.3 $PRIVATE_REGISTRY/tigera/manager:v3.22.3 - docker tag quay.io/tigera/node:v3.22.2 $PRIVATE_REGISTRY/tigera/node:v3.22.2 + docker tag quay.io/tigera/node:v3.22.3 $PRIVATE_REGISTRY/tigera/node:v3.22.3 - docker tag quay.io/tigera/queryserver:v3.22.2 $PRIVATE_REGISTRY/tigera/queryserver:v3.22.2 + docker tag quay.io/tigera/queryserver:v3.22.3 $PRIVATE_REGISTRY/tigera/queryserver:v3.22.3 - docker tag quay.io/tigera/compliance-benchmarker:v3.22.2 $PRIVATE_REGISTRY/tigera/compliance-benchmarker:v3.22.2 + docker tag quay.io/tigera/compliance-benchmarker:v3.22.3 $PRIVATE_REGISTRY/tigera/compliance-benchmarker:v3.22.3 - docker tag quay.io/tigera/compliance-controller:v3.22.2 $PRIVATE_REGISTRY/tigera/compliance-controller:v3.22.2 + docker tag quay.io/tigera/compliance-controller:v3.22.3 $PRIVATE_REGISTRY/tigera/compliance-controller:v3.22.3 - docker tag quay.io/tigera/compliance-reporter:v3.22.2 $PRIVATE_REGISTRY/tigera/compliance-reporter:v3.22.2 + docker tag quay.io/tigera/compliance-reporter:v3.22.3 $PRIVATE_REGISTRY/tigera/compliance-reporter:v3.22.3 - docker tag quay.io/tigera/compliance-server:v3.22.2 $PRIVATE_REGISTRY/tigera/compliance-server:v3.22.2 + docker tag quay.io/tigera/compliance-server:v3.22.3 $PRIVATE_REGISTRY/tigera/compliance-server:v3.22.3 - docker tag quay.io/tigera/compliance-snapshotter:v3.22.2 $PRIVATE_REGISTRY/tigera/compliance-snapshotter:v3.22.2 + docker tag quay.io/tigera/compliance-snapshotter:v3.22.3 $PRIVATE_REGISTRY/tigera/compliance-snapshotter:v3.22.3 - docker tag quay.io/tigera/csi:v3.22.2 $PRIVATE_REGISTRY/tigera/csi:v3.22.2 + docker tag quay.io/tigera/csi:v3.22.3 $PRIVATE_REGISTRY/tigera/csi:v3.22.3 - docker tag quay.io/tigera/node-driver-registrar:v3.22.2 $PRIVATE_REGISTRY/tigera/node-driver-registrar:v3.22.2 + docker tag quay.io/tigera/node-driver-registrar:v3.22.3 $PRIVATE_REGISTRY/tigera/node-driver-registrar:v3.22.3 - docker tag quay.io/tigera/deep-packet-inspection:v3.22.2 $PRIVATE_REGISTRY/tigera/deep-packet-inspection:v3.22.2 + docker tag quay.io/tigera/deep-packet-inspection:v3.22.3 $PRIVATE_REGISTRY/tigera/deep-packet-inspection:v3.22.3 - docker tag quay.io/tigera/dex:v3.22.2 $PRIVATE_REGISTRY/tigera/dex:v3.22.2 + docker tag quay.io/tigera/dex:v3.22.3 $PRIVATE_REGISTRY/tigera/dex:v3.22.3 - docker tag quay.io/tigera/dikastes:v3.22.2 $PRIVATE_REGISTRY/tigera/dikastes:v3.22.2 + docker tag quay.io/tigera/dikastes:v3.22.3 $PRIVATE_REGISTRY/tigera/dikastes:v3.22.3 - docker tag quay.io/tigera/egress-gateway:v3.22.2 $PRIVATE_REGISTRY/tigera/egress-gateway:v3.22.2 + docker tag quay.io/tigera/egress-gateway:v3.22.3 $PRIVATE_REGISTRY/tigera/egress-gateway:v3.22.3 - docker tag quay.io/tigera/intrusion-detection-job-installer:v3.22.2 $PRIVATE_REGISTRY/tigera/intrusion-detection-job-installer:v3.22.2 + docker tag quay.io/tigera/intrusion-detection-job-installer:v3.22.3 $PRIVATE_REGISTRY/tigera/intrusion-detection-job-installer:v3.22.3 - docker tag quay.io/tigera/elasticsearch:v3.22.2 $PRIVATE_REGISTRY/tigera/elasticsearch:v3.22.2 + docker tag quay.io/tigera/elasticsearch:v3.22.3 $PRIVATE_REGISTRY/tigera/elasticsearch:v3.22.3 - docker tag quay.io/tigera/elasticsearch-metrics:v3.22.2 $PRIVATE_REGISTRY/tigera/elasticsearch-metrics:v3.22.2 + docker tag quay.io/tigera/elasticsearch-metrics:v3.22.3 $PRIVATE_REGISTRY/tigera/elasticsearch-metrics:v3.22.3 - docker tag quay.io/tigera/eck-operator:v3.22.2 $PRIVATE_REGISTRY/tigera/eck-operator:v3.22.2 + docker tag quay.io/tigera/eck-operator:v3.22.3 $PRIVATE_REGISTRY/tigera/eck-operator:v3.22.3 - docker tag quay.io/tigera/envoy:v3.22.2 $PRIVATE_REGISTRY/tigera/envoy:v3.22.2 + docker tag quay.io/tigera/envoy:v3.22.3 $PRIVATE_REGISTRY/tigera/envoy:v3.22.3 - docker tag quay.io/tigera/es-gateway:v3.22.2 $PRIVATE_REGISTRY/tigera/es-gateway:v3.22.2 + docker tag quay.io/tigera/es-gateway:v3.22.3 $PRIVATE_REGISTRY/tigera/es-gateway:v3.22.3 - docker tag quay.io/tigera/firewall-integration:v3.22.2 $PRIVATE_REGISTRY/tigera/firewall-integration:v3.22.2 + docker tag quay.io/tigera/firewall-integration:v3.22.3 $PRIVATE_REGISTRY/tigera/firewall-integration:v3.22.3 - docker tag quay.io/tigera/pod2daemon-flexvol:v3.22.2 $PRIVATE_REGISTRY/tigera/pod2daemon-flexvol:v3.22.2 + docker tag quay.io/tigera/pod2daemon-flexvol:v3.22.3 $PRIVATE_REGISTRY/tigera/pod2daemon-flexvol:v3.22.3 - docker tag quay.io/tigera/fluentd:v3.22.2 $PRIVATE_REGISTRY/tigera/fluentd:v3.22.2 + docker tag quay.io/tigera/fluentd:v3.22.3 $PRIVATE_REGISTRY/tigera/fluentd:v3.22.3 - docker tag quay.io/tigera/envoy-gateway:v3.22.2 $PRIVATE_REGISTRY/tigera/envoy-gateway:v3.22.2 + docker tag quay.io/tigera/envoy-gateway:v3.22.3 $PRIVATE_REGISTRY/tigera/envoy-gateway:v3.22.3 - docker tag quay.io/tigera/envoy-proxy:v3.22.2 $PRIVATE_REGISTRY/tigera/envoy-proxy:v3.22.2 + docker tag quay.io/tigera/envoy-proxy:v3.22.3 $PRIVATE_REGISTRY/tigera/envoy-proxy:v3.22.3 - docker tag quay.io/tigera/envoy-ratelimit:v3.22.2 $PRIVATE_REGISTRY/tigera/envoy-ratelimit:v3.22.2 + docker tag quay.io/tigera/envoy-ratelimit:v3.22.3 $PRIVATE_REGISTRY/tigera/envoy-ratelimit:v3.22.3 - docker tag quay.io/tigera/guardian:v3.22.2 $PRIVATE_REGISTRY/tigera/guardian:v3.22.2 + docker tag quay.io/tigera/guardian:v3.22.3 $PRIVATE_REGISTRY/tigera/guardian:v3.22.3 - docker tag quay.io/tigera/ingress-collector:v3.22.2 $PRIVATE_REGISTRY/tigera/ingress-collector:v3.22.2 + docker tag quay.io/tigera/ingress-collector:v3.22.3 $PRIVATE_REGISTRY/tigera/ingress-collector:v3.22.3 - docker tag quay.io/tigera/intrusion-detection-controller:v3.22.2 $PRIVATE_REGISTRY/tigera/intrusion-detection-controller:v3.22.2 + docker tag quay.io/tigera/intrusion-detection-controller:v3.22.3 $PRIVATE_REGISTRY/tigera/intrusion-detection-controller:v3.22.3 - docker tag quay.io/tigera/key-cert-provisioner:v3.22.2 $PRIVATE_REGISTRY/tigera/key-cert-provisioner:v3.22.2 + docker tag quay.io/tigera/key-cert-provisioner:v3.22.3 $PRIVATE_REGISTRY/tigera/key-cert-provisioner:v3.22.3 - docker tag quay.io/tigera/kibana:v3.22.2 $PRIVATE_REGISTRY/tigera/kibana:v3.22.2 + docker tag quay.io/tigera/kibana:v3.22.3 $PRIVATE_REGISTRY/tigera/kibana:v3.22.3 - docker tag quay.io/tigera/l7-admission-controller:v3.22.2 $PRIVATE_REGISTRY/tigera/l7-admission-controller:v3.22.2 + docker tag quay.io/tigera/l7-admission-controller:v3.22.3 $PRIVATE_REGISTRY/tigera/l7-admission-controller:v3.22.3 - docker tag quay.io/tigera/l7-collector:v3.22.2 $PRIVATE_REGISTRY/tigera/l7-collector:v3.22.2 + docker tag quay.io/tigera/l7-collector:v3.22.3 $PRIVATE_REGISTRY/tigera/l7-collector:v3.22.3 - docker tag quay.io/tigera/license-agent:v3.22.2 $PRIVATE_REGISTRY/tigera/license-agent:v3.22.2 + docker tag quay.io/tigera/license-agent:v3.22.3 $PRIVATE_REGISTRY/tigera/license-agent:v3.22.3 - docker tag quay.io/tigera/linseed:v3.22.2 $PRIVATE_REGISTRY/tigera/linseed:v3.22.2 + docker tag quay.io/tigera/linseed:v3.22.3 $PRIVATE_REGISTRY/tigera/linseed:v3.22.3 - docker tag quay.io/tigera/packetcapture:v3.22.2 $PRIVATE_REGISTRY/tigera/packetcapture:v3.22.2 + docker tag quay.io/tigera/packetcapture:v3.22.3 $PRIVATE_REGISTRY/tigera/packetcapture:v3.22.3 - docker tag quay.io/tigera/policy-recommendation:v3.22.2 $PRIVATE_REGISTRY/tigera/policy-recommendation:v3.22.2 + docker tag quay.io/tigera/policy-recommendation:v3.22.3 $PRIVATE_REGISTRY/tigera/policy-recommendation:v3.22.3 - docker tag quay.io/tigera/prometheus:v3.22.2 $PRIVATE_REGISTRY/tigera/prometheus:v3.22.2 + docker tag quay.io/tigera/prometheus:v3.22.3 $PRIVATE_REGISTRY/tigera/prometheus:v3.22.3 - docker tag quay.io/tigera/prometheus-config-reloader:v3.22.2 $PRIVATE_REGISTRY/tigera/prometheus-config-reloader:v3.22.2 + docker tag quay.io/tigera/prometheus-config-reloader:v3.22.3 $PRIVATE_REGISTRY/tigera/prometheus-config-reloader:v3.22.3 - docker tag quay.io/tigera/prometheus-operator:v3.22.2 $PRIVATE_REGISTRY/tigera/prometheus-operator:v3.22.2 + docker tag quay.io/tigera/prometheus-operator:v3.22.3 $PRIVATE_REGISTRY/tigera/prometheus-operator:v3.22.3 - docker tag quay.io/tigera/cni:v3.22.2 $PRIVATE_REGISTRY/tigera/cni:v3.22.2 + docker tag quay.io/tigera/cni:v3.22.3 $PRIVATE_REGISTRY/tigera/cni:v3.22.3 - docker tag quay.io/tigera/prometheus-service:v3.22.2 $PRIVATE_REGISTRY/tigera/prometheus-service:v3.22.2 + docker tag quay.io/tigera/prometheus-service:v3.22.3 $PRIVATE_REGISTRY/tigera/prometheus-service:v3.22.3 - docker tag quay.io/tigera/typha:v3.22.2 $PRIVATE_REGISTRY/tigera/typha:v3.22.2 + docker tag quay.io/tigera/typha:v3.22.3 $PRIVATE_REGISTRY/tigera/typha:v3.22.3 - docker tag quay.io/tigera/ui-apis:v3.22.2 $PRIVATE_REGISTRY/tigera/ui-apis:v3.22.2 + docker tag quay.io/tigera/ui-apis:v3.22.3 $PRIVATE_REGISTRY/tigera/ui-apis:v3.22.3 - docker tag quay.io/tigera/voltron:v3.22.2 $PRIVATE_REGISTRY/tigera/voltron:v3.22.2 + docker tag quay.io/tigera/voltron:v3.22.3 $PRIVATE_REGISTRY/tigera/voltron:v3.22.3 - docker tag quay.io/tigera/waf-http-filter:v3.22.2 $PRIVATE_REGISTRY/tigera/waf-http-filter:v3.22.2 + docker tag quay.io/tigera/waf-http-filter:v3.22.3 $PRIVATE_REGISTRY/tigera/waf-http-filter:v3.22.3 - docker tag quay.io/tigera/webhooks-processor:v3.22.2 $PRIVATE_REGISTRY/tigera/webhooks-processor:v3.22.2 + docker tag quay.io/tigera/webhooks-processor:v3.22.3 $PRIVATE_REGISTRY/tigera/webhooks-processor:v3.22.3 ``` 3. Push the images to your private registry. ```bash - docker push $PRIVATE_REGISTRY/tigera/operator:v1.40.6 + docker push $PRIVATE_REGISTRY/tigera/operator:v1.40.9 - docker push $PRIVATE_REGISTRY/tigera/alertmanager:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/alertmanager:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/calicoctl:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/calicoctl:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/calicoq:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/calicoq:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/apiserver:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/apiserver:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/kube-controllers:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/kube-controllers:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/manager:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/manager:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/node:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/node:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/queryserver:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/queryserver:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/compliance-benchmarker:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/compliance-benchmarker:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/compliance-controller:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/compliance-controller:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/compliance-reporter:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/compliance-reporter:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/compliance-server:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/compliance-server:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/compliance-snapshotter:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/compliance-snapshotter:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/csi:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/csi:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/node-driver-registrar:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/node-driver-registrar:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/deep-packet-inspection:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/deep-packet-inspection:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/dex:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/dex:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/dikastes:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/dikastes:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/egress-gateway:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/egress-gateway:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/intrusion-detection-job-installer:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/intrusion-detection-job-installer:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/elasticsearch:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/elasticsearch:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/elasticsearch-metrics:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/elasticsearch-metrics:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/eck-operator:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/eck-operator:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/envoy:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/envoy:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/es-gateway:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/es-gateway:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/firewall-integration:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/firewall-integration:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/pod2daemon-flexvol:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/pod2daemon-flexvol:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/fluentd:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/fluentd:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/envoy-gateway:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/envoy-gateway:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/envoy-proxy:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/envoy-proxy:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/envoy-ratelimit:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/envoy-ratelimit:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/guardian:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/guardian:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/ingress-collector:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/ingress-collector:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/intrusion-detection-controller:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/intrusion-detection-controller:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/key-cert-provisioner:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/key-cert-provisioner:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/kibana:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/kibana:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/l7-admission-controller:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/l7-admission-controller:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/l7-collector:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/l7-collector:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/license-agent:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/license-agent:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/linseed:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/linseed:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/packetcapture:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/packetcapture:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/policy-recommendation:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/policy-recommendation:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/prometheus:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/prometheus:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/prometheus-config-reloader:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/prometheus-config-reloader:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/prometheus-operator:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/prometheus-operator:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/cni:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/cni:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/prometheus-service:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/prometheus-service:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/typha:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/typha:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/ui-apis:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/ui-apis:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/voltron:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/voltron:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/waf-http-filter:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/waf-http-filter:v3.22.3 - docker push $PRIVATE_REGISTRY/tigera/webhooks-processor:v3.22.2 + docker push $PRIVATE_REGISTRY/tigera/webhooks-processor:v3.22.3 ``` > **WARNING:** @@ -6943,11 +6943,11 @@ In order to install images from your private registry, you must first pull the i For hybrid Linux + Windows clusters, use `crane cp` on the following Windows images to copy them to your private registry. ```bash - crane cp quay.io/tigera/node-windows:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/node-windows:v3.22.2 + crane cp quay.io/tigera/node-windows:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/node-windows:v3.22.3 - crane cp quay.io/tigera/fluentd-windows:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/fluentd-windows:v3.22.2 + crane cp quay.io/tigera/fluentd-windows:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/fluentd-windows:v3.22.3 - crane cp quay.io/tigera/cni-windows:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/cni-windows:v3.22.2 + crane cp quay.io/tigera/cni-windows:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/cni-windows:v3.22.3 ``` > **WARNING:** @@ -7059,329 +7059,329 @@ In order to install images from your private registry, you must first pull the i 1. Use the following commands to pull the required Calico Enterprise images. 2. ```bash - docker pull quay.io/tigera/operator:v1.40.6 + docker pull quay.io/tigera/operator:v1.40.9 - docker pull quay.io/tigera/alertmanager:v3.22.2 + docker pull quay.io/tigera/alertmanager:v3.22.3 - docker pull quay.io/tigera/calicoctl:v3.22.2 + docker pull quay.io/tigera/calicoctl:v3.22.3 - docker pull quay.io/tigera/calicoq:v3.22.2 + docker pull quay.io/tigera/calicoq:v3.22.3 - docker pull quay.io/tigera/apiserver:v3.22.2 + docker pull quay.io/tigera/apiserver:v3.22.3 - docker pull quay.io/tigera/kube-controllers:v3.22.2 + docker pull quay.io/tigera/kube-controllers:v3.22.3 - docker pull quay.io/tigera/manager:v3.22.2 + docker pull quay.io/tigera/manager:v3.22.3 - docker pull quay.io/tigera/node:v3.22.2 + docker pull quay.io/tigera/node:v3.22.3 - docker pull quay.io/tigera/queryserver:v3.22.2 + docker pull quay.io/tigera/queryserver:v3.22.3 - docker pull quay.io/tigera/compliance-benchmarker:v3.22.2 + docker pull quay.io/tigera/compliance-benchmarker:v3.22.3 - docker pull quay.io/tigera/compliance-controller:v3.22.2 + docker pull quay.io/tigera/compliance-controller:v3.22.3 - docker pull quay.io/tigera/compliance-reporter:v3.22.2 + docker pull quay.io/tigera/compliance-reporter:v3.22.3 - docker pull quay.io/tigera/compliance-server:v3.22.2 + docker pull quay.io/tigera/compliance-server:v3.22.3 - docker pull quay.io/tigera/compliance-snapshotter:v3.22.2 + docker pull quay.io/tigera/compliance-snapshotter:v3.22.3 - docker pull quay.io/tigera/csi:v3.22.2 + docker pull quay.io/tigera/csi:v3.22.3 - docker pull quay.io/tigera/node-driver-registrar:v3.22.2 + docker pull quay.io/tigera/node-driver-registrar:v3.22.3 - docker pull quay.io/tigera/deep-packet-inspection:v3.22.2 + docker pull quay.io/tigera/deep-packet-inspection:v3.22.3 - docker pull quay.io/tigera/dex:v3.22.2 + docker pull quay.io/tigera/dex:v3.22.3 - docker pull quay.io/tigera/dikastes:v3.22.2 + docker pull quay.io/tigera/dikastes:v3.22.3 - docker pull quay.io/tigera/egress-gateway:v3.22.2 + docker pull quay.io/tigera/egress-gateway:v3.22.3 - docker pull quay.io/tigera/intrusion-detection-job-installer:v3.22.2 + docker pull quay.io/tigera/intrusion-detection-job-installer:v3.22.3 - docker pull quay.io/tigera/elasticsearch:v3.22.2 + docker pull quay.io/tigera/elasticsearch:v3.22.3 - docker pull quay.io/tigera/elasticsearch-metrics:v3.22.2 + docker pull quay.io/tigera/elasticsearch-metrics:v3.22.3 - docker pull quay.io/tigera/eck-operator:v3.22.2 + docker pull quay.io/tigera/eck-operator:v3.22.3 - docker pull quay.io/tigera/envoy:v3.22.2 + docker pull quay.io/tigera/envoy:v3.22.3 - docker pull quay.io/tigera/es-gateway:v3.22.2 + docker pull quay.io/tigera/es-gateway:v3.22.3 - docker pull quay.io/tigera/firewall-integration:v3.22.2 + docker pull quay.io/tigera/firewall-integration:v3.22.3 - docker pull quay.io/tigera/pod2daemon-flexvol:v3.22.2 + docker pull quay.io/tigera/pod2daemon-flexvol:v3.22.3 - docker pull quay.io/tigera/fluentd:v3.22.2 + docker pull quay.io/tigera/fluentd:v3.22.3 - docker pull quay.io/tigera/envoy-gateway:v3.22.2 + docker pull quay.io/tigera/envoy-gateway:v3.22.3 - docker pull quay.io/tigera/envoy-proxy:v3.22.2 + docker pull quay.io/tigera/envoy-proxy:v3.22.3 - docker pull quay.io/tigera/envoy-ratelimit:v3.22.2 + docker pull quay.io/tigera/envoy-ratelimit:v3.22.3 - docker pull quay.io/tigera/guardian:v3.22.2 + docker pull quay.io/tigera/guardian:v3.22.3 - docker pull quay.io/tigera/ingress-collector:v3.22.2 + docker pull quay.io/tigera/ingress-collector:v3.22.3 - docker pull quay.io/tigera/intrusion-detection-controller:v3.22.2 + docker pull quay.io/tigera/intrusion-detection-controller:v3.22.3 - docker pull quay.io/tigera/key-cert-provisioner:v3.22.2 + docker pull quay.io/tigera/key-cert-provisioner:v3.22.3 - docker pull quay.io/tigera/kibana:v3.22.2 + docker pull quay.io/tigera/kibana:v3.22.3 - docker pull quay.io/tigera/l7-admission-controller:v3.22.2 + docker pull quay.io/tigera/l7-admission-controller:v3.22.3 - docker pull quay.io/tigera/l7-collector:v3.22.2 + docker pull quay.io/tigera/l7-collector:v3.22.3 - docker pull quay.io/tigera/license-agent:v3.22.2 + docker pull quay.io/tigera/license-agent:v3.22.3 - docker pull quay.io/tigera/linseed:v3.22.2 + docker pull quay.io/tigera/linseed:v3.22.3 - docker pull quay.io/tigera/packetcapture:v3.22.2 + docker pull quay.io/tigera/packetcapture:v3.22.3 - docker pull quay.io/tigera/policy-recommendation:v3.22.2 + docker pull quay.io/tigera/policy-recommendation:v3.22.3 - docker pull quay.io/tigera/prometheus:v3.22.2 + docker pull quay.io/tigera/prometheus:v3.22.3 - docker pull quay.io/tigera/prometheus-config-reloader:v3.22.2 + docker pull quay.io/tigera/prometheus-config-reloader:v3.22.3 - docker pull quay.io/tigera/prometheus-operator:v3.22.2 + docker pull quay.io/tigera/prometheus-operator:v3.22.3 - docker pull quay.io/tigera/cni:v3.22.2 + docker pull quay.io/tigera/cni:v3.22.3 - docker pull quay.io/tigera/prometheus-service:v3.22.2 + docker pull quay.io/tigera/prometheus-service:v3.22.3 - docker pull quay.io/tigera/typha:v3.22.2 + docker pull quay.io/tigera/typha:v3.22.3 - docker pull quay.io/tigera/ui-apis:v3.22.2 + docker pull quay.io/tigera/ui-apis:v3.22.3 - docker pull quay.io/tigera/voltron:v3.22.2 + docker pull quay.io/tigera/voltron:v3.22.3 - docker pull quay.io/tigera/waf-http-filter:v3.22.2 + docker pull quay.io/tigera/waf-http-filter:v3.22.3 - docker pull quay.io/tigera/webhooks-processor:v3.22.2 + docker pull quay.io/tigera/webhooks-processor:v3.22.3 ``` Retag the images with the name of your private registry `$PRIVATE_REGISTRY` and `$IMAGE_PATH`. 3. ```bash - docker tag quay.io/tigera/operator:v1.40.6 $PRIVATE_REGISTRY/$IMAGE_PATH/operator:v1.40.6 + docker tag quay.io/tigera/operator:v1.40.9 $PRIVATE_REGISTRY/$IMAGE_PATH/operator:v1.40.9 - docker tag quay.io/tigera/alertmanager:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/alertmanager:v3.22.2 + docker tag quay.io/tigera/alertmanager:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/alertmanager:v3.22.3 - docker tag quay.io/tigera/calicoctl:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/calicoctl:v3.22.2 + docker tag quay.io/tigera/calicoctl:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/calicoctl:v3.22.3 - docker tag quay.io/tigera/calicoq:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/calicoq:v3.22.2 + docker tag quay.io/tigera/calicoq:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/calicoq:v3.22.3 - docker tag quay.io/tigera/apiserver:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/apiserver:v3.22.2 + docker tag quay.io/tigera/apiserver:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/apiserver:v3.22.3 - docker tag quay.io/tigera/kube-controllers:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/kube-controllers:v3.22.2 + docker tag quay.io/tigera/kube-controllers:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/kube-controllers:v3.22.3 - docker tag quay.io/tigera/manager:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/manager:v3.22.2 + docker tag quay.io/tigera/manager:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/manager:v3.22.3 - docker tag quay.io/tigera/node:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/node:v3.22.2 + docker tag quay.io/tigera/node:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/node:v3.22.3 - docker tag quay.io/tigera/queryserver:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/queryserver:v3.22.2 + docker tag quay.io/tigera/queryserver:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/queryserver:v3.22.3 - docker tag quay.io/tigera/compliance-benchmarker:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-benchmarker:v3.22.2 + docker tag quay.io/tigera/compliance-benchmarker:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-benchmarker:v3.22.3 - docker tag quay.io/tigera/compliance-controller:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-controller:v3.22.2 + docker tag quay.io/tigera/compliance-controller:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-controller:v3.22.3 - docker tag quay.io/tigera/compliance-reporter:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-reporter:v3.22.2 + docker tag quay.io/tigera/compliance-reporter:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-reporter:v3.22.3 - docker tag quay.io/tigera/compliance-server:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-server:v3.22.2 + docker tag quay.io/tigera/compliance-server:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-server:v3.22.3 - docker tag quay.io/tigera/compliance-snapshotter:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-snapshotter:v3.22.2 + docker tag quay.io/tigera/compliance-snapshotter:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-snapshotter:v3.22.3 - docker tag quay.io/tigera/csi:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/csi:v3.22.2 + docker tag quay.io/tigera/csi:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/csi:v3.22.3 - docker tag quay.io/tigera/node-driver-registrar:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/node-driver-registrar:v3.22.2 + docker tag quay.io/tigera/node-driver-registrar:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/node-driver-registrar:v3.22.3 - docker tag quay.io/tigera/deep-packet-inspection:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/deep-packet-inspection:v3.22.2 + docker tag quay.io/tigera/deep-packet-inspection:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/deep-packet-inspection:v3.22.3 - docker tag quay.io/tigera/dex:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/dex:v3.22.2 + docker tag quay.io/tigera/dex:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/dex:v3.22.3 - docker tag quay.io/tigera/dikastes:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/dikastes:v3.22.2 + docker tag quay.io/tigera/dikastes:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/dikastes:v3.22.3 - docker tag quay.io/tigera/egress-gateway:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/egress-gateway:v3.22.2 + docker tag quay.io/tigera/egress-gateway:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/egress-gateway:v3.22.3 - docker tag quay.io/tigera/intrusion-detection-job-installer:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/intrusion-detection-job-installer:v3.22.2 + docker tag quay.io/tigera/intrusion-detection-job-installer:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/intrusion-detection-job-installer:v3.22.3 - docker tag quay.io/tigera/elasticsearch:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/elasticsearch:v3.22.2 + docker tag quay.io/tigera/elasticsearch:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/elasticsearch:v3.22.3 - docker tag quay.io/tigera/elasticsearch-metrics:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/elasticsearch-metrics:v3.22.2 + docker tag quay.io/tigera/elasticsearch-metrics:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/elasticsearch-metrics:v3.22.3 - docker tag quay.io/tigera/eck-operator:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/eck-operator:v3.22.2 + docker tag quay.io/tigera/eck-operator:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/eck-operator:v3.22.3 - docker tag quay.io/tigera/envoy:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/envoy:v3.22.2 + docker tag quay.io/tigera/envoy:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/envoy:v3.22.3 - docker tag quay.io/tigera/es-gateway:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/es-gateway:v3.22.2 + docker tag quay.io/tigera/es-gateway:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/es-gateway:v3.22.3 - docker tag quay.io/tigera/firewall-integration:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/firewall-integration:v3.22.2 + docker tag quay.io/tigera/firewall-integration:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/firewall-integration:v3.22.3 - docker tag quay.io/tigera/pod2daemon-flexvol:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/pod2daemon-flexvol:v3.22.2 + docker tag quay.io/tigera/pod2daemon-flexvol:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/pod2daemon-flexvol:v3.22.3 - docker tag quay.io/tigera/fluentd:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/fluentd:v3.22.2 + docker tag quay.io/tigera/fluentd:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/fluentd:v3.22.3 - docker tag quay.io/tigera/envoy-gateway:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-gateway:v3.22.2 + docker tag quay.io/tigera/envoy-gateway:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-gateway:v3.22.3 - docker tag quay.io/tigera/envoy-proxy:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-proxy:v3.22.2 + docker tag quay.io/tigera/envoy-proxy:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-proxy:v3.22.3 - docker tag quay.io/tigera/envoy-ratelimit:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-ratelimit:v3.22.2 + docker tag quay.io/tigera/envoy-ratelimit:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-ratelimit:v3.22.3 - docker tag quay.io/tigera/guardian:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/guardian:v3.22.2 + docker tag quay.io/tigera/guardian:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/guardian:v3.22.3 - docker tag quay.io/tigera/ingress-collector:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/ingress-collector:v3.22.2 + docker tag quay.io/tigera/ingress-collector:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/ingress-collector:v3.22.3 - docker tag quay.io/tigera/intrusion-detection-controller:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/intrusion-detection-controller:v3.22.2 + docker tag quay.io/tigera/intrusion-detection-controller:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/intrusion-detection-controller:v3.22.3 - docker tag quay.io/tigera/key-cert-provisioner:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/key-cert-provisioner:v3.22.2 + docker tag quay.io/tigera/key-cert-provisioner:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/key-cert-provisioner:v3.22.3 - docker tag quay.io/tigera/kibana:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/kibana:v3.22.2 + docker tag quay.io/tigera/kibana:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/kibana:v3.22.3 - docker tag quay.io/tigera/l7-admission-controller:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/l7-admission-controller:v3.22.2 + docker tag quay.io/tigera/l7-admission-controller:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/l7-admission-controller:v3.22.3 - docker tag quay.io/tigera/l7-collector:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/l7-collector:v3.22.2 + docker tag quay.io/tigera/l7-collector:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/l7-collector:v3.22.3 - docker tag quay.io/tigera/license-agent:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/license-agent:v3.22.2 + docker tag quay.io/tigera/license-agent:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/license-agent:v3.22.3 - docker tag quay.io/tigera/linseed:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/linseed:v3.22.2 + docker tag quay.io/tigera/linseed:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/linseed:v3.22.3 - docker tag quay.io/tigera/packetcapture:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/packetcapture:v3.22.2 + docker tag quay.io/tigera/packetcapture:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/packetcapture:v3.22.3 - docker tag quay.io/tigera/policy-recommendation:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/policy-recommendation:v3.22.2 + docker tag quay.io/tigera/policy-recommendation:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/policy-recommendation:v3.22.3 - docker tag quay.io/tigera/prometheus:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus:v3.22.2 + docker tag quay.io/tigera/prometheus:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus:v3.22.3 - docker tag quay.io/tigera/prometheus-config-reloader:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-config-reloader:v3.22.2 + docker tag quay.io/tigera/prometheus-config-reloader:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-config-reloader:v3.22.3 - docker tag quay.io/tigera/prometheus-operator:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-operator:v3.22.2 + docker tag quay.io/tigera/prometheus-operator:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-operator:v3.22.3 - docker tag quay.io/tigera/cni:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/cni:v3.22.2 + docker tag quay.io/tigera/cni:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/cni:v3.22.3 - docker tag quay.io/tigera/prometheus-service:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-service:v3.22.2 + docker tag quay.io/tigera/prometheus-service:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-service:v3.22.3 - docker tag quay.io/tigera/typha:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/typha:v3.22.2 + docker tag quay.io/tigera/typha:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/typha:v3.22.3 - docker tag quay.io/tigera/ui-apis:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/ui-apis:v3.22.2 + docker tag quay.io/tigera/ui-apis:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/ui-apis:v3.22.3 - docker tag quay.io/tigera/voltron:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/voltron:v3.22.2 + docker tag quay.io/tigera/voltron:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/voltron:v3.22.3 - docker tag quay.io/tigera/waf-http-filter:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/waf-http-filter:v3.22.2 + docker tag quay.io/tigera/waf-http-filter:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/waf-http-filter:v3.22.3 - docker tag quay.io/tigera/webhooks-processor:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/webhooks-processor:v3.22.2 + docker tag quay.io/tigera/webhooks-processor:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/webhooks-processor:v3.22.3 ``` Push the images to your private registry. 4. ```bash - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/operator:v1.40.6docker push $PRIVATE_REGISTRY/$IMAGE_PATH/alertmanager:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/operator:v1.40.9docker push $PRIVATE_REGISTRY/$IMAGE_PATH/alertmanager:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/calicoctl:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/calicoctl:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/calicoq:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/calicoq:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/apiserver:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/apiserver:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/kube-controllers:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/kube-controllers:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/manager:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/manager:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/node:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/node:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/queryserver:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/queryserver:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-benchmarker:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-benchmarker:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-controller:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-controller:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-reporter:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-reporter:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-server:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-server:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-snapshotter:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/compliance-snapshotter:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/csi:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/csi:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/node-driver-registrar:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/node-driver-registrar:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/deep-packet-inspection:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/deep-packet-inspection:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/dex:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/dex:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/dikastes:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/dikastes:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/egress-gateway:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/egress-gateway:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/intrusion-detection-job-installer:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/intrusion-detection-job-installer:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/elasticsearch:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/elasticsearch:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/elasticsearch-metrics:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/elasticsearch-metrics:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/eck-operator:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/eck-operator:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/envoy:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/envoy:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/es-gateway:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/es-gateway:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/firewall-integration:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/firewall-integration:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/pod2daemon-flexvol:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/pod2daemon-flexvol:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/fluentd:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/fluentd:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-gateway:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-gateway:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-proxy:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-proxy:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-ratelimit:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/envoy-ratelimit:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/guardian:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/guardian:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/ingress-collector:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/ingress-collector:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/intrusion-detection-controller:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/intrusion-detection-controller:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/key-cert-provisioner:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/key-cert-provisioner:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/kibana:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/kibana:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/l7-admission-controller:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/l7-admission-controller:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/l7-collector:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/l7-collector:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/license-agent:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/license-agent:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/linseed:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/linseed:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/packetcapture:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/packetcapture:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/policy-recommendation:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/policy-recommendation:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-config-reloader:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-config-reloader:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-operator:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-operator:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/cni:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/cni:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-service:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/prometheus-service:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/typha:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/typha:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/ui-apis:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/ui-apis:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/voltron:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/voltron:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/waf-http-filter:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/waf-http-filter:v3.22.3 - docker push $PRIVATE_REGISTRY/$IMAGE_PATH/webhooks-processor:v3.22.2 + docker push $PRIVATE_REGISTRY/$IMAGE_PATH/webhooks-processor:v3.22.3 ``` > **WARNING:** @@ -7401,11 +7401,11 @@ In order to install images from your private registry, you must first pull the i For hybrid Linux + Windows clusters, use `crane cp` on the following Windows images to copy them to your private registry. ```bash - crane cp quay.io/tigera/node-windows:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/node-windows:v3.22.2 + crane cp quay.io/tigera/node-windows:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/node-windows:v3.22.3 - crane cp quay.io/tigera/fluentd-windows:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/fluentd-windows:v3.22.2 + crane cp quay.io/tigera/fluentd-windows:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/fluentd-windows:v3.22.3 - crane cp quay.io/tigera/cni-windows:v3.22.2 $PRIVATE_REGISTRY/$IMAGE_PATH/cni-windows:v3.22.2 + crane cp quay.io/tigera/cni-windows:v3.22.3 $PRIVATE_REGISTRY/$IMAGE_PATH/cni-windows:v3.22.3 ``` > **WARNING:** @@ -8116,17 +8116,17 @@ Calico Enterprise creates a default-deny for the calico-system namespace. If you 1. Get the Helm chart ```bash - curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.22.2-0.tgz + curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.22.3-0.tgz ``` 2. Install the Calico Enterprise custom resource definitions. ```bash - kubectl apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml - kubectl apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.2/manifests/prometheus-operator-crds.yaml + kubectl apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.3/manifests/prometheus-operator-crds.yaml - kubectl apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.2/manifests/eck-operator-crds.yaml + kubectl apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.3/manifests/eck-operator-crds.yaml ``` 3. If your cluster is v3.19 or older, update `values.yaml` with `packetCaptureAPI` enabled to true. @@ -8144,7 +8144,7 @@ Calico Enterprise creates a default-deny for the calico-system namespace. If you If you are using default `values.yaml`, copy the custom `values.yaml` and update packetCaptureAPI's `enabled` to `true`. Then, replace `` in the next step with this modified `values.yaml` for the Helm upgrade. ```bash - helm show values ./tigera-operator-v3.22.2-0.tgz >values.yaml + helm show values ./tigera-operator-v3.22.3-0.tgz >values.yaml ``` 4. Optional: Compliance and packetcapture features are optional. To enable or maintain the enabled status, review the `values.yaml` file and set the flag to `enabled: true`. @@ -8166,13 +8166,13 @@ Calico Enterprise creates a default-deny for the calico-system namespace. If you If you are using default `values.yaml`, copy the custom `values.yaml` and update compliance and packetCaptureAPI's `enabled` to `true`. Then, replace `` in the next step with this modified `values.yaml` for the Helm upgrade. ```bash - helm show values ./tigera-operator-v3.22.2-0.tgz >values.yaml + helm show values ./tigera-operator-v3.22.3-0.tgz >values.yaml ``` 5. Run the Helm upgrade command for `tigera-operator` and make sure to either update `values.yaml` with your configuration or use custom `values.yaml` file: ```bash -helm upgrade calico-enterprise --values= tigera-operator-v3.22.2-0.tgz \ +helm upgrade calico-enterprise --values= tigera-operator-v3.22.3-0.tgz \ --set-file imagePullSecrets.tigera-pull-secret=,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret= \ @@ -8250,7 +8250,7 @@ For Calico Enterprise, upgrading multi-cluster management setups must include up 1. Download the new manifests for Tigera Operator. ```bash - curl -L -O https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + curl -L -O https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Download the new manifests for Prometheus operator. @@ -8260,7 +8260,7 @@ For Calico Enterprise, upgrading multi-cluster management setups must include up > If you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher. ```bash - curl -L -O https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + curl -L -O https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. If you previously [installed using a private registry](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry), you will need to [push the new images ](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#push-calico-enterprise-images-to-your-private-registry)and then [update the manifest](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#run-the-operator-using-images-from-your-private-registry) downloaded in the previous step. @@ -8418,7 +8418,7 @@ If the `active-namespace` is `tigera-operator-enterprise`, then the cluster was 1. Download the new manifests for Tigera Operator. ```bash - curl -L -o tigera-operator.yaml https://downloads.tigera.io/ee/v3.22.2/manifests/aks/tigera-operator-upgrade.yaml + curl -L -o tigera-operator.yaml https://downloads.tigera.io/ee/v3.22.3/manifests/aks/tigera-operator-upgrade.yaml ``` 2. Download the new manifests for Prometheus operator. @@ -8428,7 +8428,7 @@ If the `active-namespace` is `tigera-operator-enterprise`, then the cluster was > If you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher. ```bash - curl -L -O https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + curl -L -O https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. If you previously [installed using a private registry](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry), you will need to [push the new images ](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#push-calico-enterprise-images-to-your-private-registry)and then [update the manifest](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#run-the-operator-using-images-from-your-private-registry) downloaded in the previous step. @@ -8652,7 +8652,7 @@ Download the Calico Enterprise manifests for OpenShift and add t ```bash mkdir calico -wget -qO- https://downloads.tigera.io/ee/v3.22.2/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico --exclude=03-cr-* --exclude=02-pull-secret.yaml +wget -qO- https://downloads.tigera.io/ee/v3.22.3/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico --exclude=03-cr-* --exclude=02-pull-secret.yaml cp calico/* manifests/ ``` @@ -8690,7 +8690,7 @@ cp calico/* manifests/ > that you manage yourself. ```bash - oc apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-prometheus-operator.yaml + oc apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-prometheus-operator.yaml ``` 3. If your cluster is a management cluster, apply a [ManagementCluster](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api#managementcluster) CR to your cluster. @@ -8786,13 +8786,13 @@ cp calico/* manifests/ If your cluster is a **managed** cluster, run this command: ```bash - kubectl delete -f https://downloads.tigera.io/ee/v3.22.2/manifests/default-tier-policies-managed.yaml + kubectl delete -f https://downloads.tigera.io/ee/v3.22.3/manifests/default-tier-policies-managed.yaml ``` For other clusters, run this command: ```bash - kubectl delete -f https://downloads.tigera.io/ee/v3.22.2/manifests/default-tier-policies.yaml + kubectl delete -f https://downloads.tigera.io/ee/v3.22.3/manifests/default-tier-policies.yaml ``` ### Upgrade from Calico to Calico Enterprise @@ -8864,7 +8864,7 @@ If you receive error indicating the custom resource definitions or resource type 1. Download the new manifests for Tigera Operator. ```bash - curl -L -O https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + curl -L -O https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Download the new manifests for Prometheus operator. @@ -8874,7 +8874,7 @@ If you receive error indicating the custom resource definitions or resource type > If you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher. ```bash - curl -L -O https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + curl -L -O https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. If you previously [installed using a private registry](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry), you will need to [push the new images ](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#push-calico-enterprise-images-to-your-private-registry)and then [update the manifest](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#run-the-operator-using-images-from-your-private-registry) downloaded in the previous step. @@ -8906,7 +8906,7 @@ If you receive error indicating the custom resource definitions or resource type 7. Install the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources-upgrade-from-calico.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources-upgrade-from-calico.yaml ``` **Tab: EKS** @@ -8914,7 +8914,7 @@ If you receive error indicating the custom resource definitions or resource type 1. Download the new manifests for Tigera Operator. ```bash - curl -L -O https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + curl -L -O https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Download the new manifests for Prometheus operator. @@ -8924,7 +8924,7 @@ If you receive error indicating the custom resource definitions or resource type > If you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher. ```bash - curl -L -O https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + curl -L -O https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. If you previously [installed using a private registry](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry), you will need to [push the new images ](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#push-calico-enterprise-images-to-your-private-registry)and then [update the manifest](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#run-the-operator-using-images-from-your-private-registry) downloaded in the previous step. @@ -8956,7 +8956,7 @@ If you receive error indicating the custom resource definitions or resource type 7. Install the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/eks/custom-resources-upgrade-from-calico.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/eks/custom-resources-upgrade-from-calico.yaml ``` **Tab: AKS** @@ -8982,7 +8982,7 @@ These upgrade instructions will upgrade your AKS clusters with Azure CNI and an 2. Download the new manifests for Tigera Operator. ```bash - curl -L -o tigera-operator.yaml https://downloads.tigera.io/ee/v3.22.2/manifests/aks/tigera-operator-upgrade.yaml + curl -L -o tigera-operator.yaml https://downloads.tigera.io/ee/v3.22.3/manifests/aks/tigera-operator-upgrade.yaml ``` 3. Download the new manifests for Prometheus operator. @@ -8992,7 +8992,7 @@ These upgrade instructions will upgrade your AKS clusters with Azure CNI and an > If you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher. ```bash - curl -L -O https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + curl -L -O https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 4. If you previously [installed using a private registry](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry), you will need to [push the new images ](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#push-calico-enterprise-images-to-your-private-registry)and then [update the manifest](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry/private-registry-regular#run-the-operator-using-images-from-your-private-registry) downloaded in the previous step. @@ -9024,7 +9024,7 @@ These upgrade instructions will upgrade your AKS clusters with Azure CNI and an 8. Download the custom resources manifest. ```bash - curl -L -o custom-resources.yaml https://downloads.tigera.io/ee/v3.22.2/manifests/aks/custom-resources-upgrade-from-calico.yaml + curl -L -o custom-resources.yaml https://downloads.tigera.io/ee/v3.22.3/manifests/aks/custom-resources-upgrade-from-calico.yaml ``` 9. If you are [installing using a private registry](https://docs.tigera.io/calico-enterprise/latest/getting-started/install-on-clusters/private-registry), you will need to update the manifest downloaded in the previous step. Update the `spec.registry`, `spec.imagePath`, and `spec.imagePrefix` fields of the installation resource with the registry name, image path, and image prefix of your private registry. @@ -9087,17 +9087,17 @@ If you receive error indicating the custom resource definitions or resource type 1. Get the Helm chart ```bash - curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.22.2-0.tgz + curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.22.3-0.tgz ``` 2. Install the Calico Enterprise custom resource definitions. ```bash - kubectl apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/prometheus-operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/prometheus-operator-crds.yaml - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/eck-operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/eck-operator-crds.yaml ``` 3. [Configure a storage class for Calico Enterprise](https://docs.tigera.io/calico-enterprise/latest/operations/logstorage/create-storage) @@ -9105,7 +9105,7 @@ If you receive error indicating the custom resource definitions or resource type 4. Run the Helm upgrade command for `tigera-operator`: ```bash - helm upgrade calico tigera-operator-v3.22.2-0.tgz \ + helm upgrade calico tigera-operator-v3.22.3-0.tgz \ --set-file imagePullSecrets.tigera-pull-secret=,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret= \ @@ -9186,7 +9186,7 @@ Download the Calico Enterprise manifests for OpenShift and add t ```bash mkdir calico -wget -qO- https://downloads.tigera.io/ee/v3.22.2/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico --exclude=03-cr-* +wget -qO- https://downloads.tigera.io/ee/v3.22.3/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico --exclude=03-cr-* cp calico/* manifests/ ``` @@ -9218,7 +9218,7 @@ sed -i "s/SECRET/${SECRET}/" manifests/02-pull-secret.yaml 3. Create the custom resources for Calico Enterprise features, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - oc apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-enterprise-resources.yaml + oc apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-enterprise-resources.yaml ``` 4. Patch installation. @@ -9268,7 +9268,7 @@ Apply the Calico Enterprise manifests for the Prometheus operato > that you manage yourself. ```bash -oc apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-prometheus-operator.yaml +oc apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-prometheus-operator.yaml ``` You can now monitor progress with the following command: @@ -9296,6 +9296,7 @@ This feature is: | Patch version | Release archive link | | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | + | v3.22.3 | [https://downloads.tigera.io/ee/archives/release-v3.22.3-v1.40.9.tgz](https://downloads.tigera.io/ee/archives/release-v3.22.3-v1.40.9.tgz) | | v3.22.2 | [https://downloads.tigera.io/ee/archives/release-v3.22.2-v1.40.6.tgz](https://downloads.tigera.io/ee/archives/release-v3.22.2-v1.40.6.tgz) | | v3.22.1 | [https://downloads.tigera.io/ee/archives/release-v3.22.1-v1.40.5.tgz](https://downloads.tigera.io/ee/archives/release-v3.22.1-v1.40.5.tgz) | | v3.22.0-3.0 | [https://downloads.tigera.io/ee/archives/release-v3.22.0-3.0-v1.40.4.tgz](https://downloads.tigera.io/ee/archives/release-v3.22.0-3.0-v1.40.4.tgz) | @@ -25591,7 +25592,7 @@ The basic workflow is: ### Create a config map with FortiGate and FortiManager information[​](#create-a-config-map-with-fortigate-and-fortimanager-information) -1. In the [FortiGate ConfigMap manifest](https://downloads.tigera.io/ee/v3.22.2/manifests/fortinet-device-configmap.yaml), add your FortiGate firewall information in the data section, `tigera.firewall.fortigate`. +1. In the [FortiGate ConfigMap manifest](https://downloads.tigera.io/ee/v3.22.3/manifests/fortinet-device-configmap.yaml), add your FortiGate firewall information in the data section, `tigera.firewall.fortigate`. Where: @@ -25636,7 +25637,7 @@ The basic workflow is: vdom: fortigate-vdom2 ``` -2. In the [FortiManager ConfigMap manifest](https://downloads.tigera.io/ee/v3.22.2/manifests/fortinet-device-configmap.yaml), add your FortiManager information in the data section, `tigera.firewall.fortimgr`. +2. In the [FortiManager ConfigMap manifest](https://downloads.tigera.io/ee/v3.22.3/manifests/fortinet-device-configmap.yaml), add your FortiManager information in the data section, `tigera.firewall.fortimgr`. Where: @@ -25675,7 +25676,7 @@ The basic workflow is: 1. Apply the manifest. ```text - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/fortinet-device-configmap.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/fortinet-device-configmap.yaml ``` ### Install FortiGate ApiKey and FortiManager password as secrets[​](#install-fortigate-apikey-and-fortimanager-password-as-secrets) @@ -25715,7 +25716,7 @@ The basic workflow is: 2. Apply the manifest. ```text - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/fortinet.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/fortinet.yaml ``` ## Verify the integration[​](#verify-the-integration) @@ -25810,7 +25811,7 @@ Create a [Calico Enterprise tier](https://docs.tigera.io/calico-enterprise/lates kubectl create namespace tigera-firewall-controller ``` -2. In this [FortiManager ConfigMap manifest](https://downloads.tigera.io/ee/v3.22.2/manifests/fortimanager-device-configmap.yaml), add your FortiManager device information in the data section: `tigera.firewall.fortimanager-policies`. For example: +2. In this [FortiManager ConfigMap manifest](https://downloads.tigera.io/ee/v3.22.3/manifests/fortimanager-device-configmap.yaml), add your FortiManager device information in the data section: `tigera.firewall.fortimanager-policies`. For example: ```yaml tigera.firewall.fortimanager-policies: | @@ -25853,7 +25854,7 @@ Create a [Calico Enterprise tier](https://docs.tigera.io/calico-enterprise/lates 3. Apply the manifest. ```bash - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/fortimanager-device-configmap.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/fortimanager-device-configmap.yaml ``` ## Install FortiManager password as secrets[​](#install-fortimanager-password-as-secrets) @@ -25885,7 +25886,7 @@ kubectl create secret generic fortimgr-east1 \ 2. Apply the manifest. ```bash - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/fortimanager.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/fortimanager.yaml ``` ## Verify the integration[​](#verify-the-integration) @@ -32624,11 +32625,11 @@ Follow these steps in the cluster you intend to use as the managed cluster. 1. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -32646,7 +32647,7 @@ Follow these steps in the cluster you intend to use as the managed cluster. > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -32670,13 +32671,13 @@ Follow these steps in the cluster you intend to use as the managed cluster. 5. (Optional) Compliance and packet capture features are optional. To enable these features during installation, download and review the custom-resources.yaml file. Uncomment the necessary CRs and use this custom-resources.yaml for installation. ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 6. Download the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` Remove the `Manager` custom resource from the manifest file. @@ -32824,11 +32825,11 @@ kubectl create clusterrolebinding mcm-user-admin --serviceaccount=default:mcm-us 1. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -32846,7 +32847,7 @@ kubectl create clusterrolebinding mcm-user-admin --serviceaccount=default:mcm-us > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -32866,7 +32867,7 @@ kubectl create clusterrolebinding mcm-user-admin --serviceaccount=default:mcm-us 5. Download the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` Remove the `Manager` custom resource from the manifest file. @@ -33014,11 +33015,11 @@ kubectl create clusterrolebinding mcm-user-admin --serviceaccount=default:mcm-us 1. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -33036,7 +33037,7 @@ kubectl create clusterrolebinding mcm-user-admin --serviceaccount=default:mcm-us > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -33056,7 +33057,7 @@ kubectl create clusterrolebinding mcm-user-admin --serviceaccount=default:mcm-us 5. Download the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/eks/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/eks/custom-resources.yaml ``` Remove the `Manager` custom resource from the manifest file. @@ -33142,11 +33143,11 @@ Before you get started, make sure you have downloaded and configured the 2. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 3. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -33164,7 +33165,7 @@ Before you get started, make sure you have downloaded and configured the > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 4. Install your pull secret. @@ -33186,7 +33187,7 @@ Before you get started, make sure you have downloaded and configured the 7. Download the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/eks/custom-resources-calico-cni.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/eks/custom-resources-calico-cni.yaml ``` Remove the `Manager` custom resource from the manifest file. @@ -33348,11 +33349,11 @@ kubectl create clusterrolebinding mcm-user-admin --serviceaccount=default:mcm-us 1. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 2. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -33370,7 +33371,7 @@ kubectl create clusterrolebinding mcm-user-admin --serviceaccount=default:mcm-us > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 3. Install your pull secret. @@ -33390,7 +33391,7 @@ kubectl create clusterrolebinding mcm-user-admin --serviceaccount=default:mcm-us 5. Download the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/aks/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/aks/custom-resources.yaml ``` Remove the `Manager` custom resource from the manifest file. @@ -33454,11 +33455,11 @@ Wait until the `apiserver` shows a status of `Available`, then proceed to the ne 2. Install the Tigera Operator and custom resource definitions. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` 3. Install the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics. @@ -33476,7 +33477,7 @@ Wait until the `apiserver` shows a status of `Available`, then proceed to the ne > , your Prometheus operator must be v0.40.0 or higher. ```text - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-prometheus-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-prometheus-operator.yaml ``` 4. Install your pull secret. @@ -33496,7 +33497,7 @@ Wait until the `apiserver` shows a status of `Available`, then proceed to the ne 6. Download the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/aks/custom-resources-calico-cni.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/aks/custom-resources-calico-cni.yaml ``` Remove the `Manager` custom resource from the manifest file. @@ -33746,7 +33747,7 @@ Download the Calico Enterprise manifests for OpenShift and add t ```bash mkdir calico -wget -qO- https://downloads.tigera.io/ee/v3.22.2/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico +wget -qO- https://downloads.tigera.io/ee/v3.22.3/manifests/ocp.tgz | tar xvz --strip-components=1 -C calico cp calico/* manifests/ ``` @@ -33800,7 +33801,7 @@ Calico Enterprise requires storage for logs and reports. Before finishin Download the Tigera custom resources. For more information on configuration options available in this manifest, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash -curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-enterprise-resources.yaml +curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-enterprise-resources.yaml ``` Remove the `Manager` custom resource from the manifest file. @@ -33872,7 +33873,7 @@ Apply the Calico Enterprise manifests for the Prometheus operato > that you manage yourself. ```bash -oc create -f https://downloads.tigera.io/ee/v3.22.2/manifests/ocp/tigera-prometheus-operator.yaml +oc create -f https://downloads.tigera.io/ee/v3.22.3/manifests/ocp/tigera-prometheus-operator.yaml ``` You can now monitor progress with the following command: @@ -33886,7 +33887,7 @@ When it shows all components with status `Available`, proceed to the next step. (Optional) Apply the full CRDs including descriptions. ```bash -oc apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml +oc apply --server-side --force-conflicts -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml ``` #### Create the connection manifest for your managed cluster[​](#create-the-connection-manifest-for-your-managed-cluster) @@ -34027,7 +34028,7 @@ helm repo add tigera-ee https://downloads.tigera.io/ee/charts helm repo update -helm pull tigera-ee/tigera-operator --version v3.22.2 +helm pull tigera-ee/tigera-operator --version v3.22.3 ``` ### Prepare the Installation Configuration[​](#prepare-the-installation-configuration) @@ -34159,7 +34160,7 @@ managedClusters: 1. Install the Tigera Operator and custom resource definitions using the Helm 3 chart: ```bash -helm install calico-enterprise tigera-operator-v3.22.2-0.tgz -f values.yaml \ +helm install calico-enterprise tigera-operator-v3.22.3-0.tgz -f values.yaml \ --set-file imagePullSecrets.tigera-pull-secret=,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret= \ @@ -34271,7 +34272,7 @@ managementCluster: 1. Install the Tigera Operator and custom resource definitions using the Helm 3 chart: ```bash -helm install calico-enterprise tigera-operator-v3.22.2-0.tgz -f values.yaml \ +helm install calico-enterprise tigera-operator-v3.22.3-0.tgz -f values.yaml \ --set-file imagePullSecrets.tigera-pull-secret=,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret= \ @@ -34377,7 +34378,7 @@ helm repo add tigera-ee https://downloads.tigera.io/ee/charts helm repo update -helm pull tigera-ee/tigera-operator --version v3.22.2 +helm pull tigera-ee/tigera-operator --version v3.22.3 ``` ### Prepare the Installation Configuration[​](#prepare-the-installation-configuration) @@ -34489,7 +34490,7 @@ managementClusterConnection: 1. Install the Tigera Operator and custom resource definitions using the Helm 3 chart: ```bash -helm install calico-enterprise tigera-operator-v3.22.2-0.tgz -f values.yaml \ +helm install calico-enterprise tigera-operator-v3.22.3-0.tgz -f values.yaml \ --set-file imagePullSecrets.tigera-pull-secret=,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret= \ @@ -34891,7 +34892,7 @@ The steps in this section assume that a management cluster is up and running. 3. Install the Tigera custom resources. For more information, see [the installation reference](https://docs.tigera.io/calico-enterprise/latest/reference/installation/api). ```bash - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 4. Monitor the progress with the following command: @@ -35023,13 +35024,13 @@ In this section, we will create a `kubeconfig` for each cluster. This `kubeconfi 1. Create the ServiceAccount used by remote clusters for authentication: ```bash - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/federation-remote-sa.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/federation-remote-sa.yaml ``` 2. Create the ClusterRole and ClusterRoleBinding used by remote clusters for authorization: ```bash - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/federation-rem-rbac-kdd.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/federation-rem-rbac-kdd.yaml ``` 3. Create the ServiceAccount token that will be used in the `kubeconfig`: @@ -36827,7 +36828,7 @@ In this section we will look at how to add Tor and VPN feeds to Calico Enterpris ```shell - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/threatdef/vpn-feed.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/threatdef/vpn-feed.yaml ``` @@ -36837,7 +36838,7 @@ In this section we will look at how to add Tor and VPN feeds to Calico Enterpris ```shell - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/threatdef/tor-exit-feed.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/threatdef/tor-exit-feed.yaml ``` 2. Now, you can monitor the Dashboard for any malicious activity. The dashboard can be found at the Calico Enterprise web console, go to "kibana" and then go to "Dashboard". Select "Tor-VPN Dashboard". @@ -38527,13 +38528,13 @@ To run a report on demand: For management and standalone clusters: ```bash - curl -O https://downloads.tigera.io/ee/v3.22.2/manifests/compliance-reporter-pod.yaml + curl -O https://downloads.tigera.io/ee/v3.22.3/manifests/compliance-reporter-pod.yaml ``` For managed clusters: ```bash - curl https://downloads.tigera.io/ee/v3.22.2/manifests/compliance-reporter-pod-managed.yaml -o compliance-reporter-pod.yaml + curl https://downloads.tigera.io/ee/v3.22.3/manifests/compliance-reporter-pod-managed.yaml -o compliance-reporter-pod.yaml ``` 2. Edit the template as follows: @@ -38726,13 +38727,13 @@ To manually run a report: For management and standalone clusters: ```bash - curl -O https://downloads.tigera.io/ee/v3.22.2/manifests/compliance-reporter-pod.yaml + curl -O https://downloads.tigera.io/ee/v3.22.3/manifests/compliance-reporter-pod.yaml ``` For managed clusters: ```bash - curl https://downloads.tigera.io/ee/v3.22.2/manifests/compliance-reporter-pod-managed.yaml -o compliance-reporter-pod.yaml + curl https://downloads.tigera.io/ee/v3.22.3/manifests/compliance-reporter-pod-managed.yaml -o compliance-reporter-pod.yaml ``` 2. Edit the template as follows: @@ -41715,7 +41716,7 @@ Log into the host, open a terminal prompt, and navigate to the location where yo Use the following command to download the `calicoctl` binary. ```bash -curl -o calicoctl -L https://downloads.tigera.io/ee/binaries/v3.22.2/calicoctl +curl -o calicoctl -L https://downloads.tigera.io/ee/binaries/v3.22.3/calicoctl ``` Set the file to be executable. @@ -41737,13 +41738,13 @@ Use the following commands to download the `calicoctl` binary. - ARM64 (Apple Silicon): ```bash - curl -o calicoctl -L https://downloads.tigera.io/ee/binaries/v3.22.2/calicoctl-darwin-arm64 + curl -o calicoctl -L https://downloads.tigera.io/ee/binaries/v3.22.3/calicoctl-darwin-arm64 ``` - AMD64 (Intel): ```bash - curl -o calicoctl -L https://downloads.tigera.io/ee/binaries/v3.22.2/calicoctl-darwin-amd64 + curl -o calicoctl -L https://downloads.tigera.io/ee/binaries/v3.22.3/calicoctl-darwin-amd64 ``` Set the file to be executable. @@ -41763,7 +41764,7 @@ Use the following PowerShell command to download the `calicoctl` binary. > **SUCCESS:** Consider running PowerShell as administrator and navigating to a location that's in your `PATH`. For example, `C:\Windows`. ```bash -Invoke-WebRequest -Uri "https://downloads.tigera.io/ee/binaries/v3.22.2/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe" +Invoke-WebRequest -Uri "https://downloads.tigera.io/ee/binaries/v3.22.3/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe" ``` @@ -41781,7 +41782,7 @@ Log into the host, open a terminal prompt, and navigate to the location where yo Use the following command to download the `calicoctl` binary. ```bash -curl -o kubectl-calico -L https://downloads.tigera.io/ee/binaries/v3.22.2/calicoctl +curl -o kubectl-calico -L https://downloads.tigera.io/ee/binaries/v3.22.3/calicoctl ``` Set the file to be executable. @@ -41803,13 +41804,13 @@ Use the following commands to download the `calicoctl` binary. - ARM64 (Apple Silicon): ```bash - curl -o kubectl-calico -L https://downloads.tigera.io/ee/binaries/v3.22.2/calicoctl-darwin-arm64 + curl -o kubectl-calico -L https://downloads.tigera.io/ee/binaries/v3.22.3/calicoctl-darwin-arm64 ``` - AMD64 (Intel): ```bash - curl -o kubectl-calico -L https://downloads.tigera.io/ee/binaries/v3.22.2/calicoctl-darwin-amd64 + curl -o kubectl-calico -L https://downloads.tigera.io/ee/binaries/v3.22.3/calicoctl-darwin-amd64 ``` Set the file to be executable. @@ -41829,7 +41830,7 @@ Use the following PowerShell command to download the `calicoctl` binary. > **SUCCESS:** Consider running PowerShell as administrator and navigating to a location that's in your `PATH`. For example, `C:\Windows`. ```bash -Invoke-WebRequest -Uri "https://downloads.tigera.io/ee/binaries/v3.22.2/calicoctl-windows-amd64.exe" -OutFile "kubectl-calico.exe" +Invoke-WebRequest -Uri "https://downloads.tigera.io/ee/binaries/v3.22.3/calicoctl-windows-amd64.exe" -OutFile "kubectl-calico.exe" ``` @@ -41883,7 +41884,7 @@ You can now run any `calicoctl` subcommands through `kubectl calico`. 5. Use the following commands to pull the `calicoctl` image from the Tigera registry. ```bash - docker pull quay.io/tigera/calicoctl:v3.22.2 + docker pull quay.io/tigera/calicoctl:v3.22.3 ``` 6. Confirm that the image has loaded by typing `docker images`. @@ -41891,7 +41892,7 @@ You can now run any `calicoctl` subcommands through `kubectl calico`. ```bash REPOSITORY TAG IMAGE ID CREATED SIZE - tigera/calicoctl v3.22.2 e07d59b0eb8a 2 minutes ago 42MB + tigera/calicoctl v3.22.3 e07d59b0eb8a 2 minutes ago 42MB ``` **Next step**: @@ -42088,7 +42089,7 @@ For step-by-step instructions, refer to the section that corresponds to your des 2. Use the following command to download the `calicoq` binary. ```text - curl -o calicoq -O -L https://downloads.tigera.io/ee/binaries/v3.22.2/calicoq + curl -o calicoq -O -L https://downloads.tigera.io/ee/binaries/v3.22.3/calicoq ``` 3. Set the file to be executable. @@ -42142,7 +42143,7 @@ For step-by-step instructions, refer to the section that corresponds to your des 5. Use the following commands to pull the `calicoq` image from the Tigera registry. ```bash - docker pull quay.io/tigera/calicoq:v3.22.2 + docker pull quay.io/tigera/calicoq:v3.22.3 ``` 6. Confirm that the image has loaded by typing `docker images`. @@ -42150,7 +42151,7 @@ For step-by-step instructions, refer to the section that corresponds to your des ```bash REPOSITORY TAG IMAGE ID CREATED SIZE - tigera/calicoq v3.22.2 e07d59b0eb8a 2 minutes ago 42MB + tigera/calicoq v3.22.3 e07d59b0eb8a 2 minutes ago 42MB ``` **Next step**: @@ -43030,7 +43031,7 @@ export NAMESPACE= ``` ```bash -kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/prometheus/elasticsearch-metrics-service-monitor.yaml -n $NAMESPACE +kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/prometheus/elasticsearch-metrics-service-monitor.yaml -n $NAMESPACE ``` The .yamls have no namespace defined so when you apply `kubectl`, it is applied in the $NAMESPACE. @@ -43072,7 +43073,7 @@ export NAMESPACE= ``` ```bash -kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/prometheus/fluentd-metrics-service-monitor.yaml -n $NAMESPACE +kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/prometheus/fluentd-metrics-service-monitor.yaml -n $NAMESPACE ``` The .yamls have no namespace defined so when you apply `kubectl`, it is applied in the $NAMESPACE. @@ -43114,7 +43115,7 @@ export NAMESPACE= ``` ```bash -kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/prometheus/calico-node-monitor-service-monitor.yaml -n $NAMESPACE +kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/prometheus/calico-node-monitor-service-monitor.yaml -n $NAMESPACE ``` The .yamls have no namespace defined so when you apply `kubectl`, it is applied in $NAMESPACE. @@ -43156,7 +43157,7 @@ export NAMESPACE= ``` ```bash -kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/prometheus/kube-controller-metrics-service-monitor.yaml -n $NAMESPACE +kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/prometheus/kube-controller-metrics-service-monitor.yaml -n $NAMESPACE ``` The .yamls have no namespace defined so when you apply `kubectl`, it is applied in the $NAMESPACE. @@ -43240,7 +43241,7 @@ export NAMESPACE= ``` ```bash -kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/prometheus/felix-metrics-service-monitor.yaml -n $NAMESPACE +kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/prometheus/felix-metrics-service-monitor.yaml -n $NAMESPACE ``` The .yamls have no namespace defined so when you apply `kubectl`, it is applied in the $NAMESPACE. @@ -43274,7 +43275,7 @@ export NAMESPACE= ``` ```bash -kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/prometheus/typha-metrics-service-monitor.yaml -n $NAMESPACE +kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/prometheus/typha-metrics-service-monitor.yaml -n $NAMESPACE ``` The .yamls have no namespace defined so when you apply `kubectl`, it is applied in the $NAMESPACE. @@ -44680,7 +44681,7 @@ To add the license-agent component in a Kubernetes cluster for license metrics, 3. Apply the manifest. ```text - kubectl apply -f https://downloads.tigera.io/ee/v3.22.2/manifests/licenseagent.yaml + kubectl apply -f https://downloads.tigera.io/ee/v3.22.3/manifests/licenseagent.yaml ``` ### Create alerts using Prometheus metrics[​](#create-alerts-using-prometheus-metrics) @@ -45692,7 +45693,7 @@ EOF When the main install guide tells you to apply the `custom-resources.yaml`, typically by running `kubectl create` with the URL of the file directly, you should instead download the file, so that you can edit it: ```bash - curl -o custom-resources.yaml https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -o custom-resources.yaml https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` Edit the file in your editor of choice and find the `Installation` resource, which should be at the top of the file. To enable eBPF mode, we need to add a new `calicoNetwork` section inside the `spec` of the Installation resource, including the `linuxDataplane` field. For EKS Bottlerocket OS only, you should also add the `flexVolumePath` setting as shown below. @@ -46410,9 +46411,9 @@ To use nftables, your Kubernetes installation must be configured to use kube-pro 1. Install the Tigera Operator and custom resource definitions. ```bash - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/operator-crds.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/operator-crds.yaml - kubectl create -f https://downloads.tigera.io/ee/v3.22.2/manifests/tigera-operator.yaml + kubectl create -f https://downloads.tigera.io/ee/v3.22.3/manifests/tigera-operator.yaml ``` > **SECONDARY:** Due to the large size of the CRD bundle, `kubectl apply` might exceed request limits. Instead, use `kubectl create` or `kubectl replace`. @@ -46422,7 +46423,7 @@ To use nftables, your Kubernetes installation must be configured to use kube-pro 1. Download the default `custom-resources.yaml` file: ```bash - curl -O -L https://downloads.tigera.io/ee/v3.22.2/manifests/custom-resources.yaml + curl -O -L https://downloads.tigera.io/ee/v3.22.3/manifests/custom-resources.yaml ``` 2. Enable nftables mode by setting `spec.linuxDataplane` to `nftables` in the `Installation` resource: @@ -57347,7 +57348,7 @@ Increasing conntrack limit Running the following command: -docker run --net=host --privileged --name=calico-node -d --restart=always -e ETCD_SCHEME=http -e HOSTNAME=calico -e ETCD_AUTHORITY=127.0.0.1:2379 -e AS= -e NO_DEFAULT_POOLS= -e ETCD_ENDPOINTS= -e IP= -e IP6= -e CALICO_NETWORKING_BACKEND=bird -v /var/run/docker.sock:/var/run/docker.sock -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /var/log/calico:/var/log/calico -v /run/docker/plugins:/run/docker/plugins quay.io/tigera/node:v3.22.2 +docker run --net=host --privileged --name=calico-node -d --restart=always -e ETCD_SCHEME=http -e HOSTNAME=calico -e ETCD_AUTHORITY=127.0.0.1:2379 -e AS= -e NO_DEFAULT_POOLS= -e ETCD_ENDPOINTS= -e IP= -e IP6= -e CALICO_NETWORKING_BACKEND=bird -v /var/run/docker.sock:/var/run/docker.sock -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /var/log/calico:/var/log/calico -v /run/docker/plugins:/run/docker/plugins quay.io/tigera/node:v3.22.3 Waiting for etcd connection... @@ -77153,6 +77154,84 @@ Then you should observe that the new Calico Enterprise policy is enforced for ne This page lists the specific component versions that go into each release of Calico Enterprise. +## Component versions for Calico Enterprise 3.22.3[​](#component-versions-v3.22.3) + +[Release archive](https://downloads.tigera.io/ee/archives/release-v3.22.3-v1.40.9.tgz) with Kubernetes manifests. Based on Calico v3.31. + +This release comprises the following components, and can be installed using + + + +`quay.io/tigera/operator:v1.40.9` + +| Component | Version | +| ------------------------------ | ------- | +| alertmanager | v3.22.3 | +| calicoctl | v3.22.3 | +| calicoq | v3.22.3 | +| apiserver | v3.22.3 | +| kube-controllers | v3.22.3 | +| manager | v3.22.3 | +| node | v3.22.3 | +| node-windows | v3.22.3 | +| queryserver | v3.22.3 | +| compliance-benchmarker | v3.22.3 | +| compliance-controller | v3.22.3 | +| compliance-reporter | v3.22.3 | +| compliance-server | v3.22.3 | +| compliance-snapshotter | v3.22.3 | +| coreos-alertmanager | v0.32.0 | +| coreos-config-reloader | v0.90.1 | +| coreos-dex | v2.45.1 | +| coreos-fluentd | 1.19.2 | +| upstream-istio | 1.28.1 | +| coreos-prometheus | v3.11.1 | +| coreos-prometheus-operator | v0.90.1 | +| csi | v3.22.3 | +| csi-node-driver-registrar | v3.22.3 | +| deep-packet-inspection | v3.22.3 | +| dex | v3.22.3 | +| dikastes | v3.22.3 | +| eck-elasticsearch | 8.19.14 | +| eck-elasticsearch-operator | 2.16.1 | +| eck-kibana | 8.19.14 | +| egress-gateway | v3.22.3 | +| elastic-tsee-installer | v3.22.3 | +| elasticsearch | v3.22.3 | +| elasticsearch-metrics | v3.22.3 | +| elasticsearch-operator | v3.22.3 | +| envoy | v3.22.3 | +| es-gateway | v3.22.3 | +| firewall-integration | v3.22.3 | +| flexvol | v3.22.3 | +| fluentd | v3.22.3 | +| fluentd-windows | v3.22.3 | +| gateway-api-envoy-gateway | v3.22.3 | +| gateway-api-envoy-proxy | v3.22.3 | +| gateway-api-envoy-ratelimit | v3.22.3 | +| guardian | v3.22.3 | +| ingress-collector | v3.22.3 | +| intrusion-detection-controller | v3.22.3 | +| key-cert-provisioner | v3.22.3 | +| kibana | v3.22.3 | +| l7-admission-controller | v3.22.3 | +| l7-collector | v3.22.3 | +| license-agent | v3.22.3 | +| linseed | v3.22.3 | +| packetcapture | v3.22.3 | +| policy-recommendation | v3.22.3 | +| prometheus | v3.22.3 | +| prometheus-config-reloader | v3.22.3 | +| prometheus-operator | v3.22.3 | +| tigera-cni | v3.22.3 | +| tigera-cni-windows | v3.22.3 | +| tigera-prometheus-service | v3.22.3 | +| typha | v3.22.3 | +| ui-apis | v3.22.3 | +| voltron | v3.22.3 | +| waf-http-filter | v3.22.3 | +| webhooks-processor | v3.22.3 | + ## Component versions for Calico Enterprise 3.22.2[​](#component-versions-v3.22.2) [Release archive](https://downloads.tigera.io/ee/archives/release-v3.22.2-v1.40.6.tgz) with Kubernetes manifests. Based on Calico v3.31. @@ -78156,4 +78235,81 @@ February 20, 2026 - Fix a race condition in EndpointSlice logic for BGP service advertisement that could cause lost BGP advertisements. - Security updates are not included in this hotfix release, but will be included in our next scheduled release. -To update an existing installation of Calico Enterprise 3.21, see [Install a patch release](https://docs.tigera.io/calico-enterprise/latest/getting-started/manifest-archive). +To update an existing installation of Calico Enterprise 3.22, see [Install a patch release](https://docs.tigera.io/calico-enterprise/latest/getting-started/manifest-archive). + +### Calico Enterprise 3.22.3 bug fix release[​](#calico-enterprise-3223-bug-fix-release) + +April 24, 2026 + +#### Enhancements[​](#enhancements-3) + +- Display the `Degraded` condition's message when running `kubectl get tigerastatus`, making it easier to see error details at a glance without needing to describe the resource. + + ```console + $ kubectl get tigerastatus + + NAME AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE + + apiserver True False False 4m51s All objects available + + calico False False True 106s Pod calico-system/calico-node-tjlnv failed to pull container image for: ebpf-bootstrap + + intrusion-detection False False True 11m Error creating TLS certificate: secret tigera-operator/deep-packet-inspection-tls must specify ext key usages: ExtKeyUsageClientAuth, ExtKeyUsageServerAuth + + log-storage-access False False True 11m Pod tigera-elasticsearch/tigera-linseed-58745b7574-p6zmx has crash looping container: tigera-linseed + + manager True False False 6s All objects available; Warning: user provided certificate "manager-tls" expires in 21 days + + ... + ``` + +- Surface certificate metadata (issuer, expiry, DNS SANs, IP SANs) as annotations and add filtering labels (`secret-type`, `signer`) on TLS secrets produced by `Secret()` and `CreateSelfSignedSecret()`. + + ```console + $ kubectl get secrets -n tigera-operator -l operator.tigera.io/signer \ + + -o custom-columns='NAME:.metadata.name,EXPIRY:.metadata.annotations.operator\.tigera\.io/cert-expiry,SIGNER:.metadata.annotations.operator\.tigera\.io/cert-signer' + + NAME EXPIRY SIGNER + + calico-apiserver-certs 2028-05-28T23:56:09Z tigera-operator-signer + + calico-kube-controllers-metrics-tls 2028-05-28T23:56:09Z tigera-operator-signer + + calico-node-prometheus-client-tls 2028-05-29T18:28:09Z tigera-operator-signer + + ... + ``` + +#### Bug fixes[​](#bug-fixes-4) + +- Fixed pod creation failures during manifest-to-operator migration caused by the calico-cni-plugin. +- Dropped support for the non-privileged mode and deprecated the Installation.spec.nonPrivileged field. The Operator ignores this setting and will mark Calico as Degraded if it is set to Enabled. +- Fixed ClusterRoleBinding losing its kube-system subject before all nodes are migrated. +- Fixed calico-apiserver TLS errors on upgrade for long-lived clusters. The operator now correctly reissues certificates with updated SANs when the apiserver namespace changes, instead of treating legacy operator-signed certs as user-provided. +- Added validation for logstorage node count and replicas setting. +- ECK certificates are now rotated 30 days before expiry, just like all certificates that are managed by our operator. +- Voltron's JWT authenticator now accepts a configurable CA signer name (CA\_SIGNER\_NAME) instead of hardcoding tigera-operator-signer, allowing custom operator signer names. +- Fixed a Felix eBPF cleanup race condition that could cause a nil-pointer panic when an interface disappeared during TC qdisc cleanup. +- Fixed a goroutine leak in Felix's interface monitor that could occur on netlink reconnect; fixed a goroutine leak after nflog reader restart; fixed a data race in Felix's BPF endpoint manager when comparing HostEndpoint protobuf messages, which could cause flaky race-detector failures or subtle logic errors under concurrent access. +- Fixed eBPF conntrack counter accounting for NAT-outgoing flows where bytes\_in and packets\_in were always zero. +- Fixed a bug in the eBPF dataplane where egress gateway pods' own outbound traffic (health probes, DNS) was not routed via ExternalNetwork routing tables, causing health probe failures and incorrect routing when using EgressGateway with ExternalNetwork resources. +- Fixed an issue in the eBPF dataplane where link-local discovery packets were incorrectly dropped during strict reverse path forwarding (RPF) checks. +- Multi-NIC support: fixed the projectcalico.org/network label; stripped the namespace prefix added by Multus in recent versions, since the prefix was undocumented and, due to using a / separator, could fail validation when the CNI plugin tried to read a multi-NIC endpoint after node reboot, causing pods to fail to come back up after reboot. +- Fixed a bug where the CNI plugin installer generated a malformed URL for IPv4 addresses, exposed by a fix to the golang URL parser. +- Increased the line-size limit for data ingestion so that threat feeds and compliance no longer fail on lines larger than 64K. +- Changed PolicyMatch.Staged from bool to \*bool so that queries for enforced (non-staged) policies no longer fail against Linseed's empty-PolicyMatch rejection. +- Fixed an issue where pie charts became unreadable when there were too many namespaces to display, by aggregating overflow namespaces into an "Other" bucket so totals remain accurate. +- Added OpenShift-only RBAC for the operator to manage NetworkAttachmentDefinition resources, required for Istio ambient mode with Multus CNI. +- Added list and watch verbs to the operator's ClusterRole for network-attachment-definitions, so the operator's informer cache can start and kubectl delete Istio default no longer hangs on OpenShift. +- Set correct CA\_TRUSTED\_NODE\_ACCOUNTS namespace on OpenShift when using Istio ambient mode. +- Fixed BGP advertisement to also check Service status ingress IPs (not only spec.LoadBalancerIP) when matching /32 and /128 entries in serviceLoadBalancerIPs, so LB IPs assigned from Calico IPPools are advertised. +- Updated the LoadBalancer controller to not run unless explicitly configured via ENABLED\_CONTROLLERS, and to warn only about Calico-managed services when no IP pool is present. +- Fixed BGP advertisement so that externalIPs on ClusterIP-type services are no longer skipped by an earlier short-circuit in the advertisement logic. +- Fixed the LoadBalancer controller to prevent a nil pointer dereference in handleBlockUpdate. +- Fixed calicoctl cluster diags to use fully qualified `..` resource identifiers so CRD and API resource collection is unambiguous on clusters (such as OpenShift) where multiple API groups share the same plural name. +- Fixed l7-admission-controller webhook returning invalid response when pod has sidecar label but no feature annotations. +- Fix Kibana crashloop when upgrading frrom Calico Enterprise 3.20 or earlier to 3.22. The orphan `ingest_manager_settings` saved object left by Fleet 7.17 is now discarded during Kibana 8.x saved-object migration. +- Security updates. + +To update an existing installation of Calico Enterprise 3.22, see [Install a patch release](https://docs.tigera.io/calico-enterprise/latest/getting-started/manifest-archive).