Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Networking 2021

Calico 3.20: eBPF and Security Enhancements

K8s Guru
2 min read
#calico #ebpf #wireguard #network-policy #kubernetes
Calico 3.20: eBPF and Security Enhancements

Table of Contents

Introduction

Calico 3.20 — eBPF and Security Enhancements — was released on July 13, 2021.

Policy usually becomes urgent the first time you need to stop a risky manifest from shipping — or when you’re trying to make standards repeatable across teams.

In this release: Calico 3.20 enhances eBPF dataplane capabilities, improves WireGuard encryption, and delivers better observability for zero-trust Kubernetes networking.

eBPF Dataplane Improvements

  • Performance optimizations reduce latency and CPU overhead for pod-to-pod communication.
  • Service mesh acceleration enables high-performance service-to-service communication without sidecars.
  • Network policy enforcement improvements reduce per-packet processing overhead.
  • Connection tracking enhancements improve scalability for high-connection-count workloads.

WireGuard Encryption Enhancements

  1. Key rotation improvements simplify certificate management and rotation for encrypted connections.
  2. Multi-cluster encryption enables secure communication across cluster boundaries.
  3. Performance optimizations reduce encryption overhead while maintaining security.
  4. Observability enhancements provide better visibility into encryption status and key health.

Observability & Monitoring

  • Flow logs improvements provide more detailed network flow information for security analysis.
  • Metrics expansion exposes detailed network and security metrics for Prometheus integration.
  • Service graph visualization shows network topology with policy enforcement overlays.
  • Policy analytics provides insights into network policy effectiveness and coverage.

Network Policy Improvements

  • Policy performance optimizations reduce evaluation time for complex policy rules.
  • Policy validation enhancements provide better error messages and policy testing tools.
  • Global network sets improvements enable more flexible policy definitions.
  • Policy inheritance enables hierarchical policy application across namespaces.

Getting Started

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

Enable eBPF dataplane:

calicoctl patch felixconfiguration default --type merge -p '{"spec":{"bpfEnabled":true}}'

Summary

AspectDetails
Release DateJuly 13, 2021
Headline FeatureseBPF improvements, WireGuard enhancements, better observability
Why it MattersDelivers high-performance, secure networking with comprehensive observability

Calico 3.20 continues to evolve as a leading networking and security solution for Kubernetes, providing teams with powerful tools for zero-trust networking.