Calico 3.8: Zero-Trust Networking Across Clouds
K8s Guru
2 min read
Table of Contents
Introduction
Calico 3.8, released on August 21, 2019, advances policy-driven networking for hybrid Kubernetes estates. The update tightens Windows node support, unlocks managed cloud integrations, and teases a high-performance eBPF dataplane.
Platform Coverage
- Windows GA Support: Full network policy parity for Windows worker nodes with VXLAN encapsulation.
- EKS & AKS Addons: Marketplace images simplify deployment on managed Kubernetes services.
- BGP-Free VXLAN: Production-ready overlays for operators avoiding peering with upstream routers.
Security & Observability
- GlobalNetworkPolicy Enhancements: Prioritized tiers and service account selectors refine zero-trust postures.
- Flow Logs: Integration with Elasticsearch and SIEM pipelines for compliance evidence.
- eBPF Dataplane Preview: Early adopters test lower-latency packet processing with sidecar-friendly NAT.
Operational Tooling
- Calicoctl Profiles: Export/import policies across clusters for disaster recovery.
- Metrics Integration: Prometheus metrics expose conntrack usage, policy verdicts, and felix health.
- Managed Gateway: Calico Enterprise adds multi-cluster policy sync and service graphing.
Getting Started
kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
calicoctl get networkpolicy -o yaml
Windows clusters can leverage the new operator:
Install-Script -Name Install-CalicoWindows
Install-CalicoWindows.ps1 -ManagementIP 10.0.0.50 -CalicoVersion v3.8.0
Summary
| Aspect | Details |
|---|---|
| Release Date | August 21, 2019 |
| Headline Features | Windows GA, flow logs, eBPF dataplane preview |
| Why it Matters | Extends Calico’s zero-trust networking across heterogeneous clouds and operating systems |
Calico 3.8 helps platform teams standardize policy enforcement across Linux and Windows workloads while opening the door to future-ready eBPF performance.