Calico Network Policy and Calico Global Network Policy are the fundamental resources to secure workloads and hosts, and to adopt a zero trust security model.
Best practices to adopt a zero trust network model to secure workloads and hosts. Learn 5 key requirements to control network access for cloud-native strategy.
If you are new to Kubernetes, start with "Kubernetes policy" and learn the basics of enforcing policy for pod traffic. Otherwise, dive in and create more powerful policies with Calico policy. The good news is, Kubernetes and Calico policies are very similar -- so managing both types is easy.
Control traffic to/from endpoints using namespaces, service accounts, external IPs or networks, and ICMP ping using Calico network policy rules.
Use the same Calico network policy for workloads to restrict traffic between hosts and the outside world.
Apply policy to Kubernetes node ports, and to services that are exposed externally as cluster IPs.
Configure the Calico "application layer policy" with application layer-specific attributes for Istio service mesh.
Use Calico network policy early in the Linux packet processing pipeline to handle extreme traffic scenarios.
Secure communications for Calico components.
Learn about value-added features in our commercial product, Calico Enterprise.