Calico Network Policy and Calico Global Network Policy are the fundamental resources to secure workloads and hosts, and to adopt a zero trust security model.

Adopt a zero trust network model for security

Best practices to adopt a zero trust network model to secure workloads and hosts. Learn 5 key requirements to control network access for cloud-native strategy.

Try out the node-to-node encryption tech preview

Try out enabling WireGuard for state-of-the-art cryptographic security between pods for Calico clusters.

Get started with policy

If you are new to Kubernetes, start with "Kubernetes policy" and learn the basics of enforcing policy for pod traffic. Otherwise, dive in and create more powerful policies with Calico policy. The good news is, Kubernetes and Calico policies are very similar and work alongside each other -- so managing both types is easy.

Policy rules

Control traffic to/from endpoints using Calico network policy rules.

Policy for hosts

Use the same Calico network policy for workloads to restrict traffic between hosts and the outside world.

Policy for services

Apply Calico policy to Kubernetes node ports, and to services that are exposed externally as cluster IPs.

Policy for Istio

Configure the Calico "application layer policy" with application layer-specific attributes for Istio service mesh.

Policy for extreme traffic

Use Calico network policy early in the Linux packet processing pipeline to handle extreme traffic scenarios.

Secure Calico component communications

Secure communications for Calico components.

Calico Enterprise

Learn about the value-added features for implementing a CaaS platform in our commercial product, Calico Enterprise.