Tigera extends cloud-native networking with Calico 3.30

This logging capability is exposed through two new components:

1. Goldmane: A gRPC-based API endpoint that aggregates flow logs from Calico’s Felix component, which runs on each node.
2. Whisker: A web-based visualization tool built with React and TypeScript that connects to the Goldmane API.

The combination of these components provides detailed visibility into network traffic patterns within Kubernetes clusters, addressing a common pain point for Kubernetes administrators who need to troubleshoot connectivity issues or verify security policies.

Staged policies enable safer network policy implementation

Network policies in Kubernetes are powerful but potentially disruptive if misconfigured. Calico 3.30 introduces staged policies that allow administrators to test policy changes before enforcement.

Kelly explained that staged policy allows network administrators to do a dry run of what would happen if a particular policy is applied in a Kubernetes cluster. Calico 3.30 is able to generate flow logs to simulate the impact of how the application of a particular policy will impact the cluster. This approach significantly reduces the risk of service disruptions when implementing network policies, as administrators can validate policy behavior before committing to enforcement.

Hierarchical policy management with tiers

Beyond the ability to validate policy before implementation, Calico 3.30 adds new layers of policy granularity overall. Calico 3.30 also brings policy tiers to the open-source edition, enabling more sophisticated policy management.

The tier system allows organizations to implement defense-in-depth strategies and maintain clear separation between security policies and application-specific network rules. It also underpins Calico’s implementation of the Kubernetes Admin Network Policy feature, which is currently in alpha in the Kubernetes project.