Last quarter we announced Calico Cloud’s ‘Cluster Security Score’ feature as part of cluster security posture management. Today, we are excited to announce product and user experience improvements and better user experience for the Calico platform. This blog covers all major updates including VXLAN-based cluster mesh networking, advanced observability and troubleshooting features, improved support for Windows-based containers, third-party integration using webhooks, and enhanced egress gateway high-availability.
By leveraging these new features, organizations can streamline their Kubernetes cluster management, enhance network visibility, and ensure reliable connectivity and security for their applications across clusters.
Enhanced cluster mesh implementation
Kubernetes does not natively support inter-cluster pod to pod communication. While routable IPs is a way to solve this, it requires changes to the underlying network which is both challenging and time consuming. Calico’s new capability solves this by implementing VXLAN support. You no longer need to make any changes to the network to enable pod to pod connectivity across multiple clusters. This allows you to easily deploy applications and services across multiple clusters, and manage them as a single entity.
Calico’s cluster mesh is fully integrated with its policy and security features, so that policies and security controls can be applied consistently across all clusters in the mesh. This ensures that your applications and data are protected, regardless of where they are deployed.
Here are some of the benefits of using Calico’s VXLAN-based cluster mesh networking:
- Simplified network management: Setup a Kubernetes cluster mesh without the need to depend on your network teams enabling faster deployment.
- Enhanced visibility: Calico’s cluster mesh provides a single, centralized view of your entire network, making it easy to manage and troubleshoot.
- Automatic service discovery: A crucial feature of Calico cluster mesh which enables services running in multiple clusters to be discovered automatically.
- Increased security: Calico’s cluster mesh supports data in-transit encryption using WireGuard.
If you’re looking for a simple, scalable, and secure solution for connecting multiple Kubernetes clusters, Calico’s VXLAN-based cluster mesh networking is the ideal choice.
Advanced observability and troubleshooting feature updates
Calico now offers in-depth flow logs for endpoints, such as source, destination, and associated policies with respect to denied traffic. Administrators can quickly pinpoint endpoints that have been denied traffic, enabling them to identify potential security risks. These built-in context-based flow logs in Calico will significantly reduce the time spent troubleshooting traffic flows and eliminate the need for multiple tools.
Simplifying DNS Policy Creation: Calico’s enhanced flow logs now provide valuable information about pod traffic connectivity, including destination domain names outside the cluster. This information serves as a reliable source for developing DNS policies.
Improved deterministic domain name identification: We have made it easier to determine the ‘dest_domains’ field in flow logs. Now, even if multiple pods on the same node connect to different domain names that resolve to the same IP address, the flow logs will accurately display the relevant domain names for each pod.
Improved deployment of Windows based containers
Bootstrapping windows worker nodes with Calico as HostProcess containers: Microsoft has recently announced support for HostProcess/Privileged containers, which opens up new possibilities for simplifying the installation process and upgrades of Calico on Windows worker nodes. This feature allows us to bootstrap Windows worker nodes in the same way as Linux worker nodes, streamlining the deployment and management of Calico on Windows.
Certifying HostProcess Install Mode for Production Use: Some of the benefits of this deployment mode:
- Scaling Windows Worker Nodes with Ease: You can now scale your Windows worker nodes with an auto scaling node pool without the need to manually bootstrap each node.
- Seamless Upgrades for Calico Enterprise: Upgrading your deployment of Calico Enterprise no longer requires the manual upgrade of each Windows node, one at a time.
- Transitioning from Calico Windows Service to HostProcess Containers: You have the flexibility to switch your Windows nodes from a Calico Windows service to the HostProcess-based installation of Calico.
3rd party integration with webhooks
Calico introduces third-party integration using webhooks. This feature allows you to integrate Calico with other tools and services, enabling you to extend the functionality of Calico and automate various tasks. Webhooks can be used to trigger actions in external systems when events occur in Calico, such as policy changes, security alerts, or changes in network configuration. For example, you could use a webhook to send notifications to a chat application or ticketing system when a security alert is triggered in Calico.
Egress gateway high-availability
Egress gateways are used to route traffic from pods in a Kubernetes cluster to the outside world. Calico introduces enhancements that improve the high-availability of egress gateways.
- Egress traffic can now be load-balanced across multiple egress gateways. This means that if one gateway becomes unavailable, traffic will automatically be routed to another gateway, ensuring that pods can continue to communicate with the outside world.
- A new egress gateway health check feature continuously monitors the health of each gateway and automatically removes failed gateways from the load-balancing pool. This ensures that only healthy gateways are used to route traffic, improving the reliability and performance of the cluster.
Conclusion
By leveraging these new features, Calico empowers businesses to deploy and manage Kubernetes clusters with greater ease, scalability, performance, and security. This, in turn, translates to improved customer satisfaction, increased operational efficiency, and accelerated innovation. Calico continues to be a leading solution for organizations seeking to harness the full potential of Kubernetes in their infrastructure.
Go to our docs section to learn more about the announcements:
- https://docs.tigera.io/calico-enterprise/latest/release-notes/
- https://docs.tigera.io/calico-cloud/release-notes/
Ready to try Calico for yourself? Sign up for a free trial of Calico Cloud
Join our mailing list
Get updates on blog posts, workshops, certification programs, new releases, and more!
