Case study: Calico on AWS enables turnkey networking and security for Rafay’s enterprise-grade Kubernetes Operations Platform

Organizations are adopting Kubernetes on Amazon Web Services (AWS) to modernize their applications. But Kubernetes clusters and application lifecycles demand a considerable investment of cost and resources, especially for edge applications.

Rafay’s SaaS-based Kubernetes operations platform (KOP) helps platform teams deploy, scale, and manage their fleet without requiring anyone on the platform team to be a Kubernetes expert. Hosted on AWS Elastic Kubernetes Services (EKS), Rafay’s unified, enterprise-grade KOP supports Kubernetes and application lifecycle management through automation and self-service with the right standardization, control, and governance level. Rafay empowers organizations to accelerate their digital transformation while limiting operating costs.

In partnership with AWS and Tigera, Rafay shares the story of how it leveraged Calico on AWS to secure its turnkey offering in an exclusive case study. Here are the highlights.


To secure its KOP and enable customers with little to no Kubernetes experience, Rafay required a scalable, Kubernetes-native security solution that could:

  1. Provide and enforce networking and security policy for multi-tenant environments through workload isolation with identify-aware microsegmentation
  2. Eliminate IP address exhaustion issues and deliver automated flexible IP address management (IPAM) to allow for agile scaling without increasing operational overhead
  3. Seamlessly integrate with Amazon EKS, where Rafay’s KOP is hosted, and allow access to several Amazon AWS services from a single panel

Calico on EKS: Seamless integration, secured operations

Rafay provides automation, security, visibility, and governance for Amazon EKS. Its KOP solution is hosted on Amazon EKS, and thus is required to be fully compatible with its host.

“EKS is the most mature cloud on the market that’s incredibly customizable, scalable, and easy to operate but operationalizing the workload lifecycle requires ensuring security guardrails are in place,” comments Mohan Atreya, Senior VP of Product and Solutions at Rafay. Tigera is also a proud Advanced Technology Partner in AWS’s Partner Network, offering native integration benefits. Calico provided compatibility with EKS and a security policy engine that scales with Rafay and Amazon EKS platforms.

Scalable container networking and security policy with Calico

For anyone who is not a Kubernetes expert, writing a security policy can take anywhere from a week to a month, excluding staging and testing.

Calico’s policy engine simplifies policy creation and allows users to implement microsegmentation and tenant isolation for workload isolation and compliance, while also being compatible with Kubernetes’s network policy. Calico’s design principles are based on best practices for cloud-native design, combined with trusted network protocols that are used by some of the largest Internet carriers. This resulted in a scalable solution that perfectly fit Rafay’s goals.

Learn more: Kubernetes Network Policy: Code Example and Best Practices

Solving IP address exhaustion with Calico’s flexible IPAM

IP addresses can quickly become a scarce commodity in Kubernetes. If a user runs out of IP addresses (i.e. IP address exhaustion), it will limit the application’s scale, create extra work, and may cause the application to become unavailable.

Calico’s IPAM system lets users maximize their IP resources by creating private networks inside their cluster. Calico uses IP pools to determine which IP ranges can be assigned to pods. These IP pools are set up by an administrator. When using Calico’s overlay mode, the IP pools can be any private network IP range.

Enabling turnkey networking and security for Rafay’s enterprise-grade KOP

Together with Calico, Rafay’s KOP is a simple turnkey solution that can be activated without extensive Calico or Kubernetes knowledge, enabling organizations to digitally transform and scale even faster without worrying about IP address exhaustion.

Mohan Atreya, Senior VP of Product and Solutions at Rafay, on why Calico is the default choice for the company’s KOP.

Want to see the details of Rafay’s use case? Read the full case study: Achieving turnkey Kubernetes security with Calico on AWS

Join our mailing list

Get updates on blog posts, workshops, certification programs, new releases, and more!