This logging functionality is uncovered by way of two new elements:
- Goldmane: A gRPC-based API endpoint that aggregates movement logs from Calico’s Felix element, which runs on every node.
- Whisker: An online-based visualization software constructed with React and TypeScript that connects to the Goldmane API.
The mix of those elements supplies detailed visibility into community visitors patterns inside Kubernetes clusters, addressing a typical ache level for Kubernetes directors who must troubleshoot connectivity points or confirm safety insurance policies.
Staged insurance policies allow safer community coverage implementation
Community insurance policies in Kubernetes are highly effective however probably disruptive if misconfigured. Calico 3.30 introduces staged insurance policies that permit directors to check coverage adjustments earlier than enforcement.
Kelly defined that staged coverage permits community directors to do a dry run of what would occur if a selected coverage is utilized in a Kubernetes cluster. Calico 3.30 is ready to generate movement logs to simulate the affect of how the applying of a selected coverage will affect the cluster. This strategy considerably reduces the chance of service disruptions when implementing community insurance policies, as directors can validate coverage habits earlier than committing to enforcement.
Hierarchical coverage administration with tiers
Past the power to validate coverage earlier than implementation, Calico 3.30 provides new layers of coverage granularity general. Calico 3.30 additionally brings coverage tiers to the open-source version, enabling extra refined coverage administration.
The tier system permits organizations to implement defense-in-depth methods and preserve clear separation between safety insurance policies and application-specific community guidelines. It additionally underpins Calico’s implementation of the Kubernetes Admin Community Coverage function, which is presently in alpha within the Kubernetes undertaking.