We are excited to announce Calico Enterprise 3.9, which provides faster and simpler live troubleshooting using Dynamic Packet Capture for organizations while meeting regulatory and compliance requirements to access the underlying data. The release makes application-level observability resource-efficient, less security intrusive, and easier to manage. It also includes pod-to-pod encryption with Microsoft AKS and AWS EKS with AWS CNI.
Enterprises that want to carry out live troubleshooting in their production environments face the following challenges when doing packet capture at an organizational scale:
With Dynamic Packet Capture, organizations can enable DevOps, SREs, service owners to collect the data that they need when they need it. They can filter the data based on protocol and port to fine-tune their capture for faster debugging and subsequent analysis for shorter time-to-resolution. With just-in-time data collection and built-in smart correlation, they get workload and Kubernetes context during data aggregation. DevOps, SREs, and service owners don’t need to spend time collecting massive data and building correlations across different services, namespaces, workloads, and pods. All the information, accompanied by workload and Kubernetes context, is available. This means they can pinpoint the problem and resolve it in minutes.
Dynamic Packet Capture also integrates with Kubernetes role-based access control (RBAC). Teams get live, self-service, on-demand troubleshooting capabilities, according to their roles, that provide visibility into their specific application’s behavior, services, service dependencies, external APIs, and service interactions. Assigning access by role reduces security and compliance risk since teams don’t have unrestricted access to all namespaces within a cluster to initiate packet capture. This eliminates the unintentional HIPAA, PCI, SOC2 compliance violations that may occur on Kubernetes workloads due to incorrect initiation of packet capture.
To summarize, the Dynamic Packet Capture available in 3.9 offers the following observability and troubleshooting benefits:
DevOps, SREs, service owners, and platform engineers now have an operationally simpler alternative to service mesh for application-level observability and control. Calico Enterprise 3.9 provides Envoy integration with the data plane as a DaemonSet, making it less invasive to the pods that make up microservices.
With Calico Enterprise 3.9, operational complexity and performance overhead for application-level observability is reduced due to the following reasons:
With 3.9, users also get data-in-transit encryption for node-to-node communication within Microsoft AKS and AWS EKS.
To try these Calico Enterprise features, sign up for a free 14-day trial of Calico Cloud.
Get updates on blog posts, new releases and more!