Tigera Supercharges Kubernetes Observability and Security with Calico OSS 3.30
- Cyber Jack
- Apr 2
- 3 min read
From flow logs to staged policies, the open-source networking leader sharpens its edge with enterprise-grade tools for all.
In a major boost to Kubernetes practitioners everywhere, Tigera—stewards of the widely adopted Project Calico—has rolled out version 3.30 of Calico Open Source, arming DevOps teams with deeper observability, simplified policy enforcement, and advanced ingress control straight out of the box.
The release marks a milestone in Calico’s evolution from a foundational networking layer into a full-fledged security and troubleshooting suite. With more than 8 million nodes powered daily across 166 countries, Calico’s open-source footprint is massive. But with 3.30, Tigera is signaling a shift: enterprise-grade tooling is no longer gated behind commercial editions.
“At Tigera, we are dedicated to providing the open source community with the tools needed to scale Kubernetes environments efficiently and securely,” said Phil DiCorpo, Senior Director of Product Management at Tigera. “These latest enhancements will provide organizations with unmatched visibility into the traffic within their clusters, simplify microsegmentation and namespace isolation capabilities, and deliver comprehensive ingress management.”
Here’s a breakdown of what’s new—and why it matters.
A New Era of Observability: Flow Logs Go Goldmane
Kubernetes observability remains one of the biggest pain points in modern cloud-native environments. Dynamic workloads, ephemeral services, and shifting endpoints make troubleshooting akin to hitting a moving target.
Enter Goldmane, a new gRPC-based API that exposes Calico’s powerful flow logs and metrics to developers and operators. By surfacing contextual, workload-specific traffic data, Goldmane eliminates the guesswork that often comes with diagnosing connectivity issues inside a cluster.
Goldmane’s logs can now incorporate user-defined network sets—meaning organizations can instantly see whether traffic is traversing known, trusted spaces or unexpected IP blocks. That visibility, once reserved for commercial tools, is now native to Calico OSS.
Whisker: A Front Row Seat to Your Cluster Traffic
Complementing Goldmane is Whisker, a browser-based interface designed to visualize traffic data in real time. With intuitive filtering, metadata inspection, and log sharing, Whisker allows teams to dive deep into traffic patterns, identify anomalies, and simulate policy effects before pulling the trigger.
Think of it as a window into your Kubernetes environment—with the ability to test, tweak, and troubleshoot in one place.
Microsegmentation Without the Fear Factor
One of the biggest barriers to enforcing network policies in Kubernetes isn’t complexity—it’s caution. A single misconfigured policy can kill communication between services, taking apps offline and engineers off guard.
Calico 3.30 introduces a solution: StagedNetworkPolicy and GlobalStagedNetworkPolicy. These new resource types let teams test policy behavior in a simulated mode. Logs and metrics reflect what would happen if a policy were enforced—without actually blocking traffic.
It’s a safe sandbox that allows for real-world evaluation of microsegmentation strategies, particularly useful in high-stakes or production environments where precision is non-negotiable.
Enterprise-Grade Ingress, Open Source Style
Ingress management is the gateway—literally—into any Kubernetes cluster. With version 3.30, Tigera introduces the Calico Ingress Gateway, a vendor-neutral, upstream-compliant implementation of the Kubernetes Gateway API built on Envoy.
Compared to traditional ingress controllers, Calico’s new gateway offers deeper control over routing, failover, load balancing, and rate limiting. It's designed to be drop-in compatible with the modern Kubernetes ecosystem while retaining Calico’s signature performance and reliability.
Calico Cloud, Now a Click Away
Rounding out the release is a streamlined integration with Calico Cloud’s free forever edition. Any cluster running Calico OSS 3.30 can now connect to the cloud platform without additional setup. While read-only, the integration lets users visualize service communication with Service Graph, generate recommended policies, and audit traffic—offering an instant upgrade to Calico’s baseline capabilities.
From Backbone to Brain: Calico’s Strategic Shift
Calico has long been the backbone of container networking. With 3.30, it’s evolving into something more strategic: a toolset not just for getting packets from A to B, but for understanding, managing, and securing everything in between.
By bridging the gap between open-source accessibility and enterprise-grade functionality, Tigera is laying down a marker: Kubernetes networking and security doesn’t need to be a tradeoff between power and usability.
With Calico OSS 3.30, DevOps teams get both.
