Container networking
Fast, scalable, and highly available pod-to-pod networking for single and multi-cluster Kubernetes environments.
Choice of data planes, including eBPF, Standard Linux, and Windows HNS for network traffic.
Unified networking across hosts, virtual machines, bare metal, and containers for interoperability across clusters and environments.
Data-in-transit encryption with WireGuard for better performance and lower CPU consumption compared to standard encryption approaches.
Egress gateway & universal firewall integration
Provides stable, routable IP addresses assigned to egress traffic from a pod or namespace.
Enables firewalls to identify and secure egress traffic from specific workloads and namespaces.
Extends network firewall rules to secure Kubernetes workloads.
Cluster mesh
Provides pod-to-pod connectivity across clusters.
Enables service discovery of Kubernetes services running across multiple clusters.
Enforces network policies and provides network traffic visibility for local and remote workloads across clusters in a single pane of glass.
Egress access controls and microsegmentation
Enforces DNS policies and network sets for simplified egress access controls.
Deploys Layer 7 network security policies for application-level protection.
Automatically isolates namespaces to prevent the risk of lateral movement.
Enables microsegmentation based on environments, application tiers, compliance needs, user access, or individual workload requirements.
Network policy lifecycle management
Single pane of glass to view, recommend, stage, preview, order, and troubleshoot network security controls across multi-cluster environments.
Enable multiple teams to create security policies using policy tiers and customize the order of enforcement based on organizational structure.
Supports more extensive policies than Kubernetes, including policy ordering, deny rules, DNS names, and IP ranges.
Shift left: CI/CD integration
Deploys network security policies as code to automate the enforcement of consistent security across the cluster, including any necessary security changes.
Integrates policy deployment with CI/CD tools like ArgoCD, Jenkins, and others.
Network visibility, analytics dashboards
Aggregates and correlates flow logs with rich Kubernetes context, including network, DNS, application, service, process, sockets, and audit logs.
Provides fine-grained observability with a graph-based representation of network topology, traffic flows, and network policy enforcement with suspicious event alerts.
Pre-built and custom dashboards to analyze network flow data at the workload-level, such as DNS, L7 (HTTP) traffic, TCP, and flow logs for troubleshooting.
Built-in packet capture for network activity analysis on each workload, for faster troubleshooting with Kubernetes RBAC integration.
Compliance & audit
Supports major compliance standards, including PCI DSS, HIPAA, GDPR, SOC 2, NIST, CCPA, and any custom frameworks.
Provides real-time, continuous monitoring to detect compliance violations and leverages automatically generated audit-ready reports.
Author compliance controls as code to continuously collect, correlate, and prepare data to provide proof of compliance at any time. Monitors and logs all changes to compliance policies with Calico.
