TNS
VOXPOP
How has the recent turmoil within the OpenAI offices changed your plans to use GPT in a business process or product in 2024?
Increased uncertainty means we are more likely to evaluate alternative AI chatbots and LLMs.
0%
No change in plans, though we will keep an eye on the situation.
0%
With Sam Altman back in charge, we are more likely to go all-in with GPT and LLMs.
0%
What recent turmoil?
0%
Containers / Kubernetes / Security

Calico Enterprise 3.9 Brings Live Packet Troubleshooting

Sep 20th, 2021 3:00am by
Featued image for: Calico Enterprise 3.9 Brings Live Packet Troubleshooting
Feature image by Uriel Soberanes on Unsplash.

I’ve been recommending Calico Open Source, for container networking and security not long after it rolled out about six years ago. But, if you’d like more help and features, Calico Enterprise, a self-managed platform for Kubernetes security and observability across hybrid or multicloud configurations — any cloud, any Kubernetes distribution — VMs and bare metal also demands your attention.

That’s truer now more than ever with Calico Enterprise 3.9, which provides faster and simpler live troubleshooting using Dynamic Packet Capture that needs to access the underlying data.

There are many problems with organizational-level packet capture.  These include:

  • Limiting access to packet capture by organizational roles.
  • Takes hours to days to set up packet capture instead of making it part of the code. The mere thought of trying to do this with Wireshark makes me shudder.
  • Extremely difficult to capture the right amount of data without blowing your storage and compute costs.
  • Spend days and weeks correlating data collected from different Kubernetes components such as namespaces, workloads, pods, and microservices.

With Dynamic Packet Capture, parent company Tigera claims you can collect the data you need when you need it without blood, sweat and tears. That done, you can filter the data based on protocol and port to fine-tune their capture for faster debugging and subsequent analysis for shorter time-to-resolution. It also makes it easier to correlate data across different Kubernetes services, namespaces, workloads, and pods. With all that at hand, along with workload and Kubernetes context you can quickly pinpoint problems and then resolve them. I like this. I like this a lot.

The Dynamic Packet Capture functionality also can work hand-in-glove with Kubernetes role-based access control (RBAC). That means you can assign access by role to cut down your security and compliance risk. Good-bye unintentional HIPAA, PCI, SOC2, etc., etc. compliance violations.

The latest Calico Enterprise 3.9 also provides Envoy integration with the data plane as a DaemonSet. This makes it less invasive to microservice pods. This is handy for application-level observability and control.

This can be a lot easier than setting up a service mesh for the same jobs, That’s because:

  • Users only need to manage and operate one Envoy proxy per node, instead of multiple sidecars for each pod. That’s a much smaller potential attack surface.
  • Application-level information that includes Kubernetes-related context and correlation with other components allows for easier troubleshooting.
  • The use of DaemonSet instead of multiple sidecars on a per-node basis leads to less CPU and memory consumption.

Last, but by no means least, with 3.9 you get data-in-transit encryption for node-to-node communication within Microsoft AKS and Amazon Web Services‘ EKS.

Sounds good to you? Already know and like Calico? Give this a try. It might be just what you need for your Kubernetes network and security.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Tigera.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.