Skip to content

Updates for CE 3.22.1 release #2442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ctauchen merged 1 commit into from
Dec 22, 2025
Merged

Updates for CE 3.22.1 release #2442

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions calico-cloud/compliance/istio/about-istio-ambient.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ description: An overview of Calico's bundled version of Istio Ambient Mode
You can use $[prodname] to deploy and manage an Istio service mesh on your cluster.
$[prodname] installs Istio in ambient mode, which conserves resources while providing the same robust mTLS encryption for your services.

:::note

Istio Ambient Mode is a tech preview feature.
Tech preview features are subject to significant changes before they become GA.

:::

## About Istio Ambient Mode

Istio is a service mesh that manages and secures communication between microservices.
Expand Down
7 changes: 7 additions & 0 deletions calico-cloud/compliance/istio/deploy-istio-ambient.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ description: This page explains how to deploy Calico's bundled version of Istio

You can deploy Calico's bundled version of Istio in ambient mode to provide mTLS encryption to your workloads.

:::note

Istio Ambient Mode is a tech preview feature.
Tech preview features are subject to significant changes before they become GA.

:::

## Limitations

* [Application layer network policies](../../network-policy/application-layer-policies/alp.mdx) are not compatible with the Istio service mesh.
Expand Down
7 changes: 7 additions & 0 deletions calico-enterprise/compliance/istio/about-istio-ambient.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ description: An overview of Calico's bundled version of Istio Ambient Mode
You can use $[prodname] to deploy and manage an Istio service mesh on your cluster.
$[prodname] installs Istio in ambient mode, which conserves resources while providing the same robust mTLS encryption for your services.

:::note

Istio Ambient Mode is a tech preview feature.
Tech preview features are subject to significant changes before they become GA.

:::

## About Istio Ambient Mode

Istio is a service mesh that manages and secures communication between microservices.
Expand Down
7 changes: 7 additions & 0 deletions calico-enterprise/compliance/istio/deploy-istio-ambient.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ description: This page explains how to deploy Calico's bundled version of Istio

You can deploy Calico's bundled version of Istio in ambient mode to provide mTLS encryption to your workloads.

:::note

Istio Ambient Mode is a tech preview feature.
Tech preview features are subject to significant changes before they become GA.

:::

## Limitations

* [Application layer network policies](../../network-policy/application-layer-policies/alp.mdx) are not compatible with the Istio service mesh.
Expand Down
9 changes: 8 additions & 1 deletion ...terprise_versioned_docs/version-3.22-2/compliance/istio/about-istio-ambient.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ description: An overview of Calico's bundled version of Istio Ambient Mode
You can use $[prodname] to deploy and manage an Istio service mesh on your cluster.
$[prodname] installs Istio in ambient mode, which conserves resources while providing the same robust mTLS encryption for your services.

:::note

Istio Ambient Mode is a tech preview feature.
Tech preview features are subject to significant changes before they become GA.

:::

## About Istio Ambient Mode

Istio is a service mesh that manages and secures communication between microservices.
Expand Down Expand Up @@ -43,4 +50,4 @@ Existing network policies need to be adapted to allow communication to port 1500

## Additional resources
* [Overview of Istio ambient mode](https://istio.io/latest/docs/ambient/overview/).
* [Ambient and Kubernetes NetworkPolicy](https://istio.io/latest/docs/ambient/usage/networkpolicy/)
* [Ambient and Kubernetes NetworkPolicy](https://istio.io/latest/docs/ambient/usage/networkpolicy/)
7 changes: 7 additions & 0 deletions ...erprise_versioned_docs/version-3.22-2/compliance/istio/deploy-istio-ambient.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ description: This page explains how to deploy Calico's bundled version of Istio

You can deploy Calico's bundled version of Istio in ambient mode to provide mTLS encryption to your workloads.

:::note

Istio Ambient Mode is a tech preview feature.
Tech preview features are subject to significant changes before they become GA.

:::

## Limitations

* [Application layer network policies](../../network-policy/application-layer-policies/alp.mdx) are not compatible with the Istio service mesh.
Expand Down
7 changes: 7 additions & 0 deletions calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@

For more information, see [Customize gateway deployment and features](../networking/ingress-gateway/customize-ingress-gateway.mdx#customize-gateway-deployment-and-features).

### Istio Ambient Mode (tech preview)
Calico now provides a bundled version of Istio in ambient mode, a sidecarless architecture that delivers robust mTLS encryption and service mesh security while significantly reducing resource consumption and operational overhead. This implementation, managed by the Tigera Operator, features an enhanced zTunnel proxy that preserves original destination ports to ensure existing Calico and Kubernetes network policies continue to function seamlessly without requiring rewrites.

Check failure on line 34 in calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'zTunnel'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'zTunnel'?", "location": {"path": "calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx", "range": {"start": {"line": 34, "column": 305}}}, "severity": "ERROR"}

Check failure on line 34 in calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'sidecarless'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'sidecarless'?", "location": {"path": "calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx", "range": {"start": {"line": 34, "column": 67}}}, "severity": "ERROR"}

For more information, see [Istio Ambient Mode](../compliance/istio/about-istio-ambient.mdx).
### HTTP header-based matching for application layer policies

This release includes support for HTTP header-based matching for application layer policies.
Expand Down Expand Up @@ -176,6 +180,9 @@

This release is supported for use in production.

This release adds the following features:
* [Istio Ambient Mode](#istio-ambient-mode-tech-preview)

#### Enhancements

* TBD
Comment on lines 186 to 188
Copy link

Copilot AI Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The placeholder "TBD" should be replaced with actual enhancement information or the section should be removed if there are no enhancements to document for this release.

Copilot uses AI. Check for mistakes.
Expand Down
6 changes: 3 additions & 3 deletions calico-enterprise_versioned_docs/version-3.22-2/variables.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@ const releases = require('./releases.json');
const componentImage = require('../../src/components/utils/componentImage');

const variables = {
releaseTitle: 'v3.22.0-2.0',
releaseTitle: 'v3.22.1',
prodname: 'Calico Enterprise',
prodnamedash: 'calico-enterprise',
version: 'v3.22',
openSourceVersion: releases[0].calico.minor_version.slice(1),
baseUrl: '/calico-enterprise/latest',
filesUrl: 'https://downloads.tigera.io/ee/v3.22.0-2.0',
filesUrl: 'https://downloads.tigera.io/ee/v3.22.1',
rpmsUrl: 'https://downloads.tigera.io/ee/rpms/' + releases[0].title.slice(0, 5),
tutorialFilesURL: 'https://docs.tigera.io/files',
tmpScriptsURL: 'https://docs.tigera.io/calico-enterprise/3.22',
Expand All @@ -20,7 +20,7 @@ const variables = {
rootDirWindows: 'C:\\TigeraCalico',
registry: 'quay.io/',
envoyVersion: '1.5.0',
chart_version_name: 'v3.22.0-2.0-0',
chart_version_name: 'v3.22.1-0',
tigeraOperator: releases[0]['tigera-operator'],
dikastesVersion: releases[0].components.dikastes.version,
releases,
Expand Down