Security

Calico Network Policy and Calico Global Network Policy are the fundamental resources to secure workloads and hosts, and to adopt a zero trust security model.

Adopt a zero trust network model for security

Best practices to adopt a zero trust network model to secure workloads and hosts. Learn 5 key requirements to control network access for cloud-native strategy.

Get started

If you are new to Kubernetes, start with "Kubernetes policy" and learn the basics of enforcing policy for pod traffic. Otherwise, dive in and create more powerful policies with Calico policy. The good news is, Kubernetes and Calico policies are very similar -- so managing both types is easy.

Policy rules

Control traffic to/from endpoints using namespaces, service accounts, external IPs or networks, and ICMP ping using Calico network policy rules.

Policy for hosts

Use the same Calico network policy for workloads to restrict traffic between hosts and the outside world.

Policy for services

Apply policy to Kubernetes node ports, and to services that are exposed externally as cluster IPs.

Policy for Istio

Configure the Calico "application layer policy" with application layer-specific attributes for Istio service mesh.

Policy for extreme traffic

Use Calico network policy early in the Linux packet processing pipeline to handle extreme traffic scenarios.

Secure Calico component communications

Secure communications for Calico components.

Calico Enterprise

Learn about value-added features in our commercial product, Calico Enterprise.