Calico Open Source 3.30 Enhances Kubernetes Security and Observability

0
Tigera has introduced major enhancements to Calico Open Source with the release of Calico OSS 3.30. These updates improve observability, security, and scalability for enterprises using Kubernetes.

Calico Open Source was derived from Project Calico, a project established to make Kubernetes networking seamless, reliable, and scalable for all organizations. Calico Open Source has grown to become the most widely adopted container networking and security solution, now powering more than 8 million nodes daily across 166 countries.

With the release of Calico OSS 3.30, Tigera is extending access to its proven observability and security tools from the company’s commercial editions to all organizations. These new features enable organizations to gain unmatched visibility into their service-to-service communications, while also extending Calico deployments to manage ingress traffic.

Enhanced observability with Calico’s flow logs, metrics, and Whisker 

Troubleshooting applications running in Kubernetes is a common pain point for DevOps teams. Given the dynamic nature of Kubernetes workloads, developers often struggle to accurately depict and analyze network traffic inside and outside of the cluster. The latest version of Calico Open Source introduces Goldmane, a gRPC-based API endpoint that provides streamlined access to flow logs and metrics generated by Calico.

The feature makes it easier for DevOps teams to troubleshoot clusters by providing increased visibility into service-to-service communications alongside workload-specific context and also facilitates collaboration with the ability to share logs. When used with Calico network sets, flow logs enable organizations to gain visibility into traffic across public and private IP spaces. The user-defined network sets appear as additional metadata in flow logs, cutting down the time spent troubleshooting during an incident from days to minutes.

In addition, Calico Open Source now includes Whisker, a web-based tool that connects to Goldmane, providing users with instant access to flow logs generated by Calico. It includes filtering capabilities and the ability to view all flow log metadata enabling organizations to easily troubleshoot connectivity issues in their cluster, author new policies, or test how new, enforced or staged policies are evaluating traffic.

Simplified microsegmentation with staged policies

Network policies improve the security posture of workloads in a cluster, however, developers are hesitant to use and enforce policies without testing them, as a single misconfigured policy can cause a business outage.

The introduction of Calico OSS 3.30 combats this challenge. Calico Open Source now includes support for GlobalStagedNetworkPolicy and StagedNetworkPolicy. These policies allow users to implement namespace isolation and various other forms of microsegmentation. Staged policies enable organizations to test and audit the behavior of a Calico policy before it is actively enforced. The behavior of a staged policy appears in flow logs and generates metrics akin to any other policy simulating a live environment.

Advanced ingress management with Kubernetes Gateway API

Ingress is one of the most critical aspects of deploying and using Kubernetes, and provides a way for clients external to a Kubernetes cluster to communicate with services, APIs, and applications running inside of a cluster.

Calico OSS 3.30 includes Calico Ingress Gateway, a 100% upstream, enterprise-ready implementation of the Gateway API based on Envoy Gateway. Calico Ingress Gateway provides a standardized, vendor-neutral approach to ingress management, and delivers more functionality than traditional ingress controllers, from load balancing and failover strategies to rate limiting.

Streamlined access to Calico Cloud 

With the release of Calico OSS 3.30, Tigera enables any open source cluster running Calico 3.30 to seamlessly connect to the free forever edition of Calico Cloud without installing any additional components. Calico Cloud free forever edition provides read-only, stateless access to clusters to manage policies, visualize workload communication with Service Graph and automatically generate recommended policies for namespace isolation.

“At Tigera, we are dedicated to providing the open source community with the tools needed to scale Kubernetes environments efficiently and securely,” said Phil DiCorpo, Senior Director of Product Management at Tigera. “The extensive updates to Calico Open Source announced today solidifies this commitment. These latest enhancements will provide organizations with unmatched visibility into the traffic within their clusters, simplify microsegmentation and namespace isolation capabilities, and deliver comprehensive ingress management.”

Don’t miss out on the enhanced features and improved performance of Calico OSS 3.30. Update now to take full advantage of the cutting-edge capabilities and ensure your organization stays ahead in the ever-evolving digital landscape. Learn more about Calico Open Source platform’s new capabilities at the website here.

Related News:

Tigera and Mirantis Partner to Simplify Calico Deployment

Tigera Calico Ingress Gateway Unifies Kubernetes Networking and Security

Share.

About Author

Taylor Graham, marketing grad with an inner nature to be a perpetual researchist, currently all things IT. Personally and professionally, Taylor is one to know with her tenacity and encouraging spirit. When not working you can find her spending time with friends and family.