Skip to main content

Coverage Matrix

Generate IaC Pull RequestsAvailable (Request Preview in Free Tier)
Curated Release Notes to latest
Guided & Automated Safety Checks to latest
Rapid Upgrade AssessmentsAvailable
Upgrade Templates & PlansIn-Place, Blue-Green
Upgrade AdvisoriesAvailable
PreverificationAvailable
End-Of-Life (EOL) InformationAvailable
Version Incompatibility InformationAvailable
Operational Risk DetectionAvailable
Supported PackagesHelm, Kustomize, Kube
Private RegistriesCovered
Custom Built ImagesCovered

Calico Operator Overview

Calico is an open-source Cloud Native networking and security solution that provides high-performance pod networking and policy enforcement. The Tigera Calico Operator simplifies Calico management through a declarative CRD-based interface, automating BGP peering, IP pool management, and policy lifecycles. Calico supports multiple dataplanes, including standard Linux networking, overlay modes (VXLAN, IP-in-IP), and advanced eBPF acceleration. It enables robust zero-trust network segmentation using NetworkPolicy and Calico’s GlobalNetworkPolicy resources. The operator-driven approach reduces manual intervention, ensuring consistent configuration and seamless upgrades.

Chkk Coverage

Curated Release Notes

Chkk delivers curated summaries of official Calico Operator releases, highlighting impactful changes like IP pool updates, BGP enhancements, security fixes, and critical CRD modifications. Instead of reviewing extensive upstream notes, platform engineers receive targeted alerts relevant to their deployments. For instance, if default IP pool settings or global policy handling change, Chkk clearly explains the operational implications, allowing proactive adjustments ahead of upgrades. This reduces risks during upgrades and prevents unforeseen networking disruptions.

Preflight & Postflight Checks

Chkk conducts thorough preflight validations before Calico upgrades, confirming Kubernetes version compatibility, CRD correctness, and absence of risky configurations like overlapping IP pools or deprecated fields. Postflight checks verify the health and consistency of Calico nodes, network policies, and pod connectivity immediately after upgrades. This proactive approach swiftly identifies lingering nodes or incomplete rollouts, reducing troubleshooting overhead. Such rigorous validation ensures seamless upgrades and maintains network stability.

Version Recommendations

Chkk continuously tracks Calico’s lifecycle, alerting platform teams when deployed versions near end-of-life or critical updates become available. It offers context-specific guidance tailored to compatibility and operational considerations. Recommendations highlight known risks, like dropping security patch support or significant BGP bug fixes, and suggest stable upgrade targets backed by community feedback. This guidance ensures environments remain secure, stable, and supported without unnecessary disruptions.

Upgrade Templates

Chkk provides detailed Upgrade Templates for both in-place upgrades and blue-green deployments. In-place upgrades utilize a controlled rollout strategy, updating nodes incrementally to minimize disruption. Blue-green templates deploy parallel Calico installations, enabling controlled workload migration and extensive testing before full transition. Templates integrate seamlessly with GitOps/CI-CD workflows, reducing human error and enabling predictable, safe upgrades.

Preverification

Chkk’s preverification feature rehearses upgrades in an isolated “digital twin” cluster replicating production Calico configurations. This process uncovers potential issues such as CRD conflicts, IP pool overlaps, and resource constraints before affecting production. By simulating real-world upgrades, platform engineers can proactively resolve issues identified during rehearsals. Preverification significantly reduces upgrade risks, ensuring smooth transitions in live environments.

Supported Packages

Chkk supports Calico installations via the official operator, Helm charts, Operator Lifecycle Manager (OLM), or direct YAML manifests. It fully respects custom configurations, private registries, and vendor-specific builds without forcing workflow changes. If using GitOps for Calico manifests, Chkk precisely identifies required updates, preserving custom resources and minimizing disruption. This flexibility ensures consistent upgrades regardless of deployment method.

Additional Resources