Project Calico 2.4 Released!!!

Project Calico 2.4 Released!!!

#ReleaseTheCalico

Building on the last two minor releases, Project Calico 2.4 brings with it readiness and liveness checks, pre-DNAT policy support, BGP with KDD support, CIDR policy match support, and more!

» Felix and Typha now support Kubernetes readiness and liveness checks
Felix and Typha now expose health-check endpoints which can be exposed as Kubernetes readiness and liveness checks in the Calico self-hosted manifests. Enabling the readiness probe provides a better rolling-upgrade experience when using those manifests by pausing the upgrade if a new deployment of Calico fails to become ready. Enabling the liveness probe helps ensure that Calico is alive and healthy on each node in the cluster, gracefully restarting Calico on a node that reports itself as unhealthy.
» Pre-DNAT policy support
Calico v2.4.0 introduces Pre-DNAT Policy – a new flavor of Calico Policy that is enforced before any DNAT that a cluster node may do (for example kube-proxy). Pre-DNAT Policy is useful for securing the perimeter of a cluster against incoming traffic, except for pinholes that are expressed in terms of particular IP addresses and/or ports that external clients are allowed to connect in to.  For more information please see the documentation on pre-DNAT Policy.
» Kubernetes datastore driver now supports BGP configuration [beta]
Calico v2.4.0 introduces support for BGP global configuration and BGP peering configuration when using the Kubernetes API datastore driver (KDD).  This lets you configure Calico to peer with route reflectors or on-premise infrastructure using the calicoctl command line tool.  For more information, see the documentation on configuring BGP peers.
» Support for multiple CIDR matches in Policy rules
Calico Policies now support the “nets” and “notNets” fields, which allow for the specification of multiple CIDRs in a single policy rule.  This makes declaring a policy which matches multiple networks much easier.  The “net” and “notNet” fields have been deprecated.
» Calico now implements the networking.k8s.io/NetworkPolicy API semantics as defined by Kubernetes when using the etcd datastore
Calico v2.3.0 introduced support for the `networking.k8s.io/v1` NetworkPolicy API when using the Kubernetes API datastore driver as discussed in this blog post. Calico v2.4.0 brings those features to Calico when using the etcd datastore.

View the full list as well as specific updates to individual components in the 2.4 Release Notes.

What do you think about these new features?
Tweet @ProjectCalico with hashtag #ReleaseTheCalico
Have Questions about this Release? Ask them on Slack
Author of Undisturbed REST, Michael Stowe has spoken at conferences around the world. An active advocate for creating better architectures and interfaces, his work has also been featured on ProgrammableWeb, DZone, and InfoQ. You can view his past talks and slides at http://www.mikestowe.com/slides and follow him on Twitter @mikegstowe