v3.0.0-alpha1
Pre-releaseThis is a pre-release of v3.0.0. This release is intended for testing purposes only and is NOT to be used on production systems.
What's new
-
Support for the etcd version 3 datastore.
-
Two new
calicoctl
resources: BGP Configuration and Felix Configuration. -
Those using the Kubernetes API datastore can now use
calicoctl
to create, update, and delete Calico policies. -
The
calicoctl
Policy resource has been split into Network Policy and Global Network Policy. -
The
get
,apply
,create
,delete
, andreplace
commands ofcalicoctl
now include an optional--namespace=<NS>
flag. Refer to thecalicoctl
Command reference section for more details. -
The
get
command ofcalicoctl
now includes an optional--all-namespaces
flag. Refer to the calicoctl get section for more information. -
calicoctl
no longer accepts the following flags inget
commands:--node=<NODE>
,--orchestrator=<ORCH>
,--workload=<WORKLOAD>
, and--scope=<SCOPE>
. These options are now a part of the individual resources. -
calicoctl
no longer includes aconfig
command. To achieve the equivalent functionality: refer to Modifying low-level component configurations. -
You can now name host and workload endpoint ports and reference them by name in your policy rules.
-
The new
ApplyOnForward
flag allows you to specify if a host endpoint policy should apply to forwarded traffic or not. Forwarded traffic includes traffic forwarded between host endpoints and traffic forwarded between a host endpoint and a workload endpoint on the same host. Refer to Using Calico to secure host interfaces for more details. -
Calico now works with Kubernetes network services proxy with IPVS/LVS. Calico enforces network policies with kube-proxy running in ipvs mode for Kubernetes clusters. Currently only workload ingress policy is supported.
-
After a period of deprecation, this release removes support for the
ETCD_AUTHORITY
andETCD_SCHEME
environment variables. Calico no longer reads these values. If you have not transitioned toETCD_ENDPOINTS
, you must do so as of v3.0. Refer to Configuringcalicoctl
- etcdv3 datastore for more information.
Limitations
-
No upgrades: Calico v3.0.0 ends support for etcd version 2. Existing customers must migrate their data to etcd version 3. The alpha release does not provide migration capabilities, nor does it support upgrades. We plan to add migration and upgrade support in the GA release.
-
Integrates only with Kubernetes and host endpoints: the OpenStack, OpenShift, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. (Calico v3.0.0 still supports Docker and rkt containers.) We plan to resume support for the OpenStack, OpenShift, Mesos, DC/OS, and Docker orchestrators in a future release.
-
Lack of
calicoctl
data validation:calicoctl
does not perform as much validation on data, increasing the potential for bad data. Use caution when entering data viacalicoctl
. -
BGP route reflector not supported: large deployments that require the BGP route reflector are not supported. We plan to resume support for the BGP route reflector in a future release.
-
GoBGP not supported: Setting the
CALICO_NETWORKING_BACKEND
environment variable togobgp
is not supported. See Configuring calico/node for more information. We plan to resume support for GoBPG in a future release.