Here’s a sample of some of the major themes from the release notes.
Support for OpenStack
Calico v3.1 reintroduces support for OpenStack. Existing users can upgrade their Calico OpenStack clusters to v3.1 by following the documented procedure.
Calico now supports a new resource type: GlobalNetworkSet. A GlobalNetworkSet contains a set of CIDRs with associated labels, which can be matched by global network policies. This allows for rules to refer to external networks, possibly consisting of thousands of CIDRs. GlobalNetworkSets allow you to write network policies that are more portable across clusters by using labels to select groupings of network CIDRs. To learn more, see the GlobalNetworkSet resource definition.
Beta support for IPVS kube-proxy
Calico v3.1 moves support for the IPVS kube-proxy from alpha to beta with support for pod ingress, pod egress, and host endpoint network policy. The IPVS kube-proxy is itself still beta, but promises greater scale and performance compared to the existing iptables proxy.
Kubernetes IPv6 support
Calico v3.1 includes fixes which better support running an IPv6-based Kubernetes cluster. In Calico v3.1, you can now use the Kubernetes API datastore in IPv6 mode. Additionally, Calico now generates a /48 unique local address (ULA) prefix when no IPv6 pool is specified rather than using a fixed CIDR. This prevents multiple Calico clusters from sharing the same IPv6 address space. Check out the documentation on enabling IPv6 support for more information.
HostEndpoint support for Kubernetes API datastore
Calico now supports configuration of host endpoints when using the Kubernetes API datastore. This allows you to seamlessly apply network policy to Kubernetes host machines and Kubernetes pods alike using Calico global network policies.