Calico 3.27: eBPF Networking and Enhanced Security

Calico 3.27: eBPF Networking and Enhanced Security

Introduction

Calico 3.27, released on July 5, 2024, advances Kubernetes networking with eBPF improvements, enhanced network policies, better observability, and performance optimizations. This release makes Calico more powerful and efficient for large-scale deployments.


eBPF Networking

  • eBPF data plane provides high-performance packet processing with reduced CPU overhead.
  • Direct routing improvements reduce latency for pod-to-pod communication.
  • Service handling enhancements improve service load balancing performance.
  • Connection tracking optimizations improve scalability for high-connection workloads.

Network Policy Enhancements

  1. Policy evaluation improvements reduce latency for policy enforcement decisions.
  2. Rule matching optimizations improve performance for complex policy rules.
  3. Policy reporting provides visibility into policy enforcement and violations.
  4. Policy as code support enables version-controlled policy management.

Observability Improvements

  • Flow logs provide detailed visibility into network traffic and policy enforcement.
  • Metrics expansion exposes detailed network and policy metrics for Prometheus.
  • Service graph visualization shows network topology and service dependencies.
  • Troubleshooting tools enable better diagnosis of network and policy issues.

Performance Optimizations

  • Memory efficiency optimizations reduce resource footprint in large clusters.
  • CPU optimization reduces overhead for network policy evaluation.
  • Scaling improvements enable better handling of large numbers of pods and policies.
  • Latency reductions minimize the overhead of networking operations.

Getting Started

# Install Calico using kubectl
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/tigera-operator.yaml
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/custom-resources.yaml

Create a NetworkPolicy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-app
spec:
  podSelector:
    matchLabels:
      app: myapp
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend
    ports:
    - protocol: TCP
      port: 8080

Summary

AspectDetails
Release DateJuly 5, 2024
Headline FeatureseBPF networking, network policy enhancements, observability improvements, performance optimizations
Why it MattersDelivers high-performance networking with enhanced security and observability

Calico 3.27 continues to be a leading choice for Kubernetes networking, providing teams with powerful and efficient networking capabilities.