Calico 3.30 introduces new components that enhance logging capabilities within Kubernetes clusters, providing valuable insights into network traffic patterns. These components include Goldmane, a gRPC-based API endpoint that aggregates flow logs from Calico’s Felix component on each node, and Whisker, a web-based visualization tool built with React and TypeScript that connects to the Goldmane API.
Goldmane and Whisker work together to offer detailed visibility for Kubernetes administrators, allowing them to troubleshoot connectivity issues and verify security policies effectively.
Staged policies are a notable feature in Calico 3.30 that enable safer network policy implementation. Network policies in Kubernetes can be powerful but disruptive if not configured correctly. With staged policies, administrators can test policy changes before enforcing them, reducing the risk of service disruptions. This feature allows administrators to simulate the impact of applying a particular policy in the cluster by generating flow logs.
Additionally, Calico 3.30 introduces hierarchical policy management with tiers, offering new layers of policy granularity. The tier system allows organizations to implement defense-in-depth strategies and maintain clear separation between security policies and application-specific network rules. This feature also supports Calico’s implementation of the Kubernetes Admin Network Policy feature, currently in alpha in the Kubernetes project.
Overall, Calico 3.30 brings advanced capabilities for network visibility and policy management within Kubernetes clusters, empowering administrators to optimize network performance and security effectively.
