Calico Enterprise 3.21 release notes

early preview release

Calico Enterprise 3.21 can be used for previewing and testing purposes only. It is not supported for use in production.

Learn about the new features, bug fixes, and other updates in this release of Calico Enterprise.

New features and enhancements

Introducing Calico Ingress Gateway (tech-preview)

Calico Enterprise now includes the ability to deploy Calico Ingress Gateway which is an Enterprise hardened, 100% upstream distribution of Envoy Gateway. Envoy Gateway is an implementation of the Kubernetes Gateway API with several extensions that provide advanced security and traffic management features.

For more information, see Configure an ingress gateway.

IPAM for load balancers

Calico Enterprise now extends its IPAM capabilities to support service LoadBalancer IP allocation, providing a centralized, automated approach to managing LoadBalancer IPs within Kubernetes clusters.

For more information, see LoadBalancer IP address management

Enhancements

• Control-plane label customization for AKS: We added support for customizing the namespace labels on AKS clusters. By default we apply a control-plane label to namespaces so that they are exempt from Azure Policy. If you wish to apply Azure Policy to our namespaces, you can now override this label.

• Log levels for api-server component: You can now tune the log level for the API server to better support production deployments and troubleshooting scenarios.

• Clusterrolebindings have reduced privileges: Clusterrolebindings for the tigera-operator, calico-kube-controller, and calico-prometheus-operator components have been changed to improve Calico Enterprise's least-privileged security model.

Release details

Calico Enterprise 3.21.0-1.0 (early preview)

February 11, 2025

Calico Enterprise 3.21.0-1.0 is now available as an early preview release. This release is for previewing and testing purposes only. It is not supported for use in production.