What’s New in Calico v3.21

It’s that time again; we’re really happy to announce Calico v3.21! As always, thank you to everyone who contributed to this release! For detailed release notes, please go here. Alongside the usual-but-essential bug fixes and other improvements, there are some big new improvements to be aware of:

BGP Improvements

Calico supports BGP, which is used within the cluster in some scenarios, and to allow you to integrate cluster routing with your upstream network devices. Now though, you can even view the status of your BGP sessions, including RIB / FIB contents, and agent health via the new CalicoNodeStatus API. See the API documentation for more details.

In addition, you get more granular control; you can control BGP advertisement of certain prefixes using the new disableBGPExport option on each IP pool.

Service-based network policy improvements

If you aren’t already familiar with them, the egress policy rules that can match on Kubernetes services, introduced in v3.20, are pretty transformative. However we have improved even further upon them in two ways:

  • Now, you can use service matches in Calico NetworkPolicy and GlobalNetworkPolicy ingress rules.
  • And, you can even now use service-based network policy rules on Windows nodes!

Option to run Calico as non-privileged and non-root

Calico can now optionally run in non-privileged and non-root mode. Generally, the fewer things running in privileged mode, the better! However, there are a few limitations you should be aware of. See the documentation for more information.

IPReservations API

You can use the new IPReservations API to reserve certain IP addresses so that they will not be used by Calico IPAM. This allows for fine-grained control of the IP space in your cluster.

Did you know you can become a certified Calico operator? Learn Kubernetes networking and security fundamentals using Calico in this free, self-paced certification course.

Join our mailing list

Get updates on blog posts, new releases and more!