Tigera, the creator
of Project Calico, announced the addition of significant new functionality to
Calico Open Source with the release of Calico OSS 3.30. These latest upgrades
will enhance the observability, security, and scalability of Kubernetes
deployments for all enterprises leveraging the solution.
Calico Open Source was derived
from Project Calico, a project established to make Kubernetes networking
seamless, reliable, and scalable for all organizations. Calico Open Source has
grown to become the most widely adopted container networking and security
solution, now powering more than 8 million nodes daily across 166
countries.
With the release of Calico OSS
3.30, Tigera is extending access to its proven observability and security tools
from the company's commercial editions to all organizations. These new features
enable organizations to gain unmatched visibility into their service-to-service
communications, while also extending Calico deployments to manage ingress
traffic.
Enhanced observability with
Calico's flow logs, metrics, and Whisker
Troubleshooting applications
running in Kubernetes is a common pain point for DevOps teams. Given the
dynamic nature of Kubernetes workloads, developers often struggle to accurately
depict and analyze network traffic inside and outside of the cluster. The
latest version of Calico Open Source introduces Goldmane, a gRPC-based API
endpoint that provides streamlined access to flow logs and metrics generated by
Calico.
The feature makes it easier for
DevOps teams to troubleshoot clusters by providing increased visibility into
service-to-service communications alongside workload-specific context and also
facilitates collaboration with the ability to share logs. When used with Calico
network sets, flow logs enable organizations to gain visibility into traffic
across public and private IP spaces. The user-defined network sets appear as
additional metadata in flow logs, cutting down the time spent troubleshooting
during an incident from days to minutes.
In addition, Calico Open Source
now includes Whisker, a web-based tool that connects to Goldmane,
providing users with instant access to flow logs generated by Calico. It
includes filtering capabilities and the ability to view all flow log metadata
enabling organizations to easily troubleshoot connectivity issues in their
cluster, author new policies, or test how new, enforced or staged policies are
evaluating traffic.
Simplified microsegmentation
with staged policies
Network policies improve the
security posture of workloads in a cluster, however, developers are hesitant to
use and enforce policies without testing them, as a single misconfigured policy
can cause a business outage.
The introduction of Calico OSS
3.30 combats this challenge. Calico Open Source now includes support for
GlobalStagedNetworkPolicy and StagedNetworkPolicy. These policies allow users
to implement namespace isolation and various other forms of microsegmentation.
Staged policies enable organizations to test and audit the behavior of a Calico
policy before it is actively enforced. The behavior of a staged policy appears
in flow logs and generates metrics akin to any other policy simulating a live
environment.
Advanced ingress management
with Kubernetes Gateway API
Ingress is one of the most
critical aspects of deploying and using Kubernetes, and provides a way for
clients external to a Kubernetes cluster to communicate with services, APIs,
and applications running inside of a cluster.
Calico OSS 3.30 includes Calico
Ingress Gateway, a 100% upstream, enterprise-ready implementation of the
Gateway API based on Envoy Gateway. Calico Ingress Gateway provides a
standardized, vendor-neutral approach to ingress management, and delivers more functionality
than traditional ingress controllers, from load balancing and failover
strategies to rate limiting.
Streamlined access to Calico
Cloud
With the release of Calico OSS
3.30, Tigera enables any open source cluster running Calico 3.30 to seamlessly
connect to the free forever edition of Calico Cloud without installing any
additional components. Calico Cloud free forever edition provides read-only,
stateless access to clusters to manage policies, visualize workload
communication with Service Graph and automatically generate recommended
policies for namespace isolation.
"At Tigera, we are
dedicated to providing the open source community with the tools needed to scale
Kubernetes environments efficiently and securely," said Phil DiCorpo,
Senior Director of Product Management at Tigera. "The extensive updates to
Calico Open Source announced today solidifies this commitment. These latest
enhancements will provide organizations with unmatched visibility into the
traffic within their clusters, simplify microsegmentation and namespace
isolation capabilities, and deliver comprehensive ingress management."