From 1b5d26bcb621174b233fa09d4847884d599c3c54 Mon Sep 17 00:00:00 2001
From: Casey Davenport <davenport.cas@gmail.com>
Date: Thu, 14 Apr 2022 09:33:45 -0700
Subject: [PATCH] Updates for v3.21.5

---
 calico/_data/versions.yml                     | 31 +++++++++++++++++++
 .../release-notes/v3.21.5-release-notes.md    |  8 +++++
 2 files changed, 39 insertions(+)
 create mode 100644 calico/_includes/release-notes/v3.21.5-release-notes.md

diff --git a/calico/_data/versions.yml b/calico/_data/versions.yml
index bad31b5e51d..ab08539282b 100644
--- a/calico/_data/versions.yml
+++ b/calico/_data/versions.yml
@@ -1,3 +1,34 @@
+- title: v3.21.5
+  chart:
+    version: 0
+  tigera-operator:
+   image: tigera/operator
+   registry: quay.io
+   version: v1.23.7
+  components:
+     typha:
+      version: v3.21.5
+     calicoctl:
+      version: v3.21.5
+     calico/node:
+      version: v3.21.5
+     calico/cni:
+      version: v3.21.5
+     calico/apiserver:
+      version: v3.21.5
+     calico/kube-controllers:
+      version: v3.21.5
+     calico/flannel-migration-controller:
+      version: v3.21.5
+     networking-calico:
+      version: v3.21.5
+     flannel:
+      version: v0.13.0
+     calico/dikastes:
+      version: v3.21.5
+     flexvol:
+      version: v3.21.5
+
 - title: v3.21.4
   chart:
     version: 0
diff --git a/calico/_includes/release-notes/v3.21.5-release-notes.md b/calico/_includes/release-notes/v3.21.5-release-notes.md
new file mode 100644
index 00000000000..0c7af5c5017
--- /dev/null
+++ b/calico/_includes/release-notes/v3.21.5-release-notes.md
@@ -0,0 +1,8 @@
+14 Apr 2022
+
+#### Bug fixes
+
+ - Update golang version to fix several CVEs [calico #5898](https://github.com/projectcalico/calico/pull/5898) (@caseydavenport)
+ - Add FelixConfiguration option for FloatingIPs [calico #5873](https://github.com/projectcalico/calico/pull/5873) (@caseydavenport)
+ - Handle bootstrapping of Wireguard to ensure felix is able to connect to typha. This fixes a bug that is present when HostEncryptionEnabled is set to true (which is required for using wireguard with AKS). Previously, when nodes shared their wireguard public keys, depending on the order they keys were shared, it was possible to end up with asymmetric node-to- node routing. Packets will be dropped between impacted nodes. If the typha nodes are impacted then it is possible for other nodes to be effectively locked out from connecting to typha and the routing issue will persist. This will be apparent through persistent readiness checks failing on the node. [calico #5845](https://github.com/projectcalico/calico/pull/5845) (@robbrockbank)
+ - Switch to centos stream8 [calico #5558](https://github.com/projectcalico/calico/pull/5558) (@caseydavenport)