The new version includes key improvements in observability, network policies, and ingress traffic management for enterprise Kubernetes environments.
Tigera, the company behind Project Calico, has announced the release of Calico Open Source 3.30, the largest functional update to date of this widely adopted networking and security solution for containers. With over 8 million nodes managed daily in 166 countries, Calico solidifies its role as a key component for organizations looking to scale Kubernetes securely and efficiently.
Advanced visibility with Goldmane and Whisker
The new version enhances traffic observability between services thanks to Goldmane, a gRPC API that provides centralized access to flow logs and metrics generated by Calico. This system enables DevOps teams to troubleshoot clusters more quickly by providing workload-specific context and the ability to easily share logs.
As a complement, Whisker is included, a web tool that connects with Goldmane and allows users to visualize, filter, and analyze logs in real-time. These capabilities reduce incident diagnosis time from days to minutes and facilitate the validation of network policies.
Policies in test mode for secure micro-segmentation
Implementing network policies is key to improving security posture in Kubernetes, but many organizations hesitate to apply them without assessing their impact. To address this challenge, Calico 3.30 introduces GlobalStagedNetworkPolicy and StagedNetworkPolicy, which allow users to simulate policy behavior before enforcement. This functionality, visible in flow logs and metrics, enables a gradual and secure micro-segmentation strategy.
Advanced ingress traffic management with Gateway API
Managing external traffic to clusters is another strong point of this release. Calico Open Source 3.30 includes Calico Ingress Gateway, an enterprise implementation of the Gateway API based on Envoy Gateway. This tool standardizes and modernizes ingress traffic management, surpassing traditional Ingress controllers’ capabilities by incorporating load balancing, fault tolerance, and rate limiting.
Direct connection to Calico Cloud
With this new version, any cluster running Calico 3.30 can connect directly to the free edition of Calico Cloud without installing additional components. This integration provides visual access to communication between workloads through Service Graph, automatic generation of suggested policies, and simplified management of network rules, all in a stateless and read-only environment.
A strong step toward a more secure Kubernetes network
Phil DiCorpo, Senior Product Director at Tigera, stated: “These improvements reinforce our commitment to the open-source community. Calico 3.30 offers unprecedented visibility into traffic, simplifies network segmentation, and strengthens ingress traffic management in Kubernetes.”
With this release, Tigera expands access to tools previously reserved for its commercial editions and prepares for its CalicoCon 2025 event, which will take place on April 1 as a parallel event to KubeCon + CloudNativeCon Europe 2025. The company will also be present at booth S330 during the in-person event.
Calico 3.30 marks a new milestone in the evolution of secure and observable Kubernetes. For system administrators, DevOps, and security leads, this version represents an opportunity to enhance network control, increase operational efficiency, and move toward a Zero Trust architecture.