Skip to main content

Illumio Segmentation for Kubernetes

What's New in C-VEN and Kubelink

The following are new and changed items in this release from the previous releases of C-VEN and Kubelink:

  • New CLAS architecture option

    Kubelink now can be deployed with a Cluster Local Actor Store (CLAS) module, which manages flows from C-VENs to PCE, and policies from PCE to C-VENs. The CLAS-enabled Kubelink tracks individual pods, and when they are created or destroyed, instead of this being communicated directly to the PCE. To migrate from an existing (non-CLAS) environment to a CLAS-enabled one, set the clusterMode parameter to migrateLegacyToClas i n your deployment YAML file (typically named illumio-values.yaml). See the README.md file accompanying the Helm Chart for full details on this and other Helm Chart parameters.

  • Workloads more closely match Kubernetes architecture

    In CLAS-enabled environments, workloads are now conceptually tied to their containers, instead of being referred to in context of their pods, which more closely matches Kubernetes practice. To reflect this change, such workloads in CLAS environments are called Kubernetes Workloads, regardless of what containers have been spun up or destroyed to run the applications. In non-CLAS environments, the existing term Container Workloads is still used as in prior releases, corresponding to Pods. In mixed environments (with both non-CLAS and CLAS-enabled clusters), the PCE UI shows both Container Workloads and Kubernetes Workloads, as appropriate.

  • Illumio annotations in CLAS mode specified on the workload and not on Pod's template

    Illumio annotations when in CLAS mode are now specified on the Kubernetes Workload and not on the pod's template.

  • Docker support dropped

    The Docker CRI is no longer supported as of this 5.0.0 release of Illumio Core for Kubernetes.