A Sneak Peek at the “Certified Calico Operator: AWS Expert” Course

This One’s All About You

Recently, we released our new “Certified Calico Operator: AWS Expert” course. You can read more about why we created this course and how it can benefit your organization in the introductory blog post.

This blog post is different; it’s an opportunity for you, the potential learner, to get a glimpse of just a few interesting parts of the course. You won’t learn all the answers here, but you’ll learn some of the questions!

If you find that you already know the answers, then you’re all set to grab yourself a shiny badge. If not, consider taking some time to invest in your personal development and pick up some new knowledge in AWS and container networking—really current and relevant knowledge.

Let’s take a sneak peek at what the “Certified Calico Operator: AWS Expert” course has to offer.

Considering Cluster Types

There are several ways to build a Kubernetes cluster in AWS. There is no single “right” way. What are the considerations your organization should have in mind, and how can you help your organization make an informed choice?

You will review, amongst many other things, how to decide:

  • Whether to pursue a managed cluster or BYOC (bring your own cluster)
  • Whether avoiding vendor lock-in is an important consideration
  • How to implement pod interconnectivity
  • How to implement security
  • How to achieve interoperability with infrastructure components (both outside of the cluster, and within AWS)
  • How to implement visibility and make the cluster auditable

Holding on to Identity

Depending on the implementation, a Kubernetes cluster’s networking sometimes obfuscates the real source IP address of the requesting user or service. Under what circumstances does this occur, and how can it be mitigated?

You will discover the reasons that the original source IP can be lost in Kubernetes networking, and how this can be avoided.

You’ll learn:

  • What are the technical reasons this happens?
  • What are the implications?
  • What are the options to avoid source IP obfuscation?

Data Planes

What’s a Calico data plane? What options are available in AWS? What advantages do the different options offer?

We’ll uncover the different Calico data planes available in AWS, and the advantages each can bring to the cluster. The course contrasts the benefits and requirements of the Linux iptables and Linux eBPF Calico data planes.

Do you know the answers to the following questions?

  • Why is there not just one “universal” data plane for all use-cases?
  • Why do network nodes generally separate out these functionalities?
  • What’s eBPF, and how does Calico make use of it in AWS?

If not, you’ll find them in this course.

Expanding Your AWS Kubernetes Toolbox

How can you deploy Kubernetes in AWS? What are the pros and cons of the different options?

Using the right tools, deploying a Kubernetes cluster in AWS can be reduced to just a few manageable steps. However, depending on the use case, there are many tools that might be the right fit.

The course provides an overview of:

  • The AWS CLI and Management Console
  • CloudFormation
  • kOps
  • kubeadm
  • Kubespray
  • K3s

Seven is the Magic Layer

Is Application Layer Policy available in Kubernetes cluster deployments in AWS? What features are available?

Application Layer Policy can help you deliver a zero-trust network in the public cloud.

Have questions? We thought you might.

  • How can you deploy an Application Load Balancer in AWS?
  • What features can you expect?
  • What are the advantages, and are there any caveats?

You guessed it, you can find the answers in this course.

Protecting Data in Flight

Can data on-the-wire between nodes in an AWS Kubernetes cluster be protected? If so, how?

Your organization might already have a requirement to protect data “at rest” in your public cloud environments. What about data in flight, though?


  • What cryptographic options the various cluster types offer
  • How does Calico extend this offering?
  • What are the performance implications of protecting data in flight?
  • How do you turn on these features, and ensure they’re working?

It’s (Public) Cloudy – Take Some Time to Learn to Fly

Hopefully this post has piqued your interest, either because you already know the answers or because it has posed some interesting questions! The reality of public cloud deployments, including those in AWS, is that there are many factors to consider. It’s unlikely that you will make all the right decisions, and that’s okay.

This course aims to help attendees recognize the known unknowns and consider how their organizational needs should influence their choices. If you think it would be valuable to you and your organization, you can sign up here. It’s free, and you can adapt the course to your busy calendar. There’s no time like the present!

More questions? You can read more about Tigera’s Calico certification program here.


Get Calico certified. Sign up now!


Join our mailing list

Get updates on blog posts, workshops, certification programs, new releases, and more!