Security and Observability for Containers and Kubernetes with Calico

Implement security controls & graph-based visualization to secure your Kubernetes cluster and workloads

Tigera will deliver instructor-led training focused on securing containerized workloads and Kubernetes with full-stack observability with Calico. Our container and Kubernetes security solution experts are field practitioners with extensive hands-on experience in designing security frameworks, developing security architecture, and implementing container and Kubernetes security.

Estimated Time

This is a sixteen-hour intensive course designed to educate attendees on container and Kubernetes security with full-stack observability based on Calico.


The following is the curriculum of the sixteen-hour course:

Overview: Calico components and how they enable observability
Author configure, and deploy Calico security policy
Overview: Advanced security policy tooling
Configure and implement Calico identity-aware microsegmentation
Author and review security policy security implementation best practices
Configure and deploy DNS security policy
Configure and deploy Kubernetes network encryption
Author, configure, and leverage Calico observability tools
Configure and deploy compliance reporting
Overview: cluster mesh

Service Components

Instructor-led training
Includes theoretical and lab modules
Delivered to up to fifteen (15) trainees
Dedicated lab environment per trainee
Combination of slides and hands-on product training

Service Milestones

Training planning and setup
Security and observability for Containers and Kubernetes with Calico


Lab credentials
Training material

Who should attend this training?

Systems administrators, solutions architects, DevOps engineers, platform engineers, network engineers, and security engineers will benefit from taking this course.

Training Details

The following sections provide details about the activities typically performed as part of this service.

Training Planning, Setup, and Delivery

Tigera’s Responsibilities

Work with the customer to determine the list of trainees and training schedule.
Send a remote video conferencing invitation to the trainees, according to the training schedule agreed upon with the customer.
Set up a dedicated lab instance per trainee and deliver the login credential to the trainees.
Deliver the training material document to the trainees.

Customer’s Responsibilities

Provide Tigera with a list of trainees, along with their contact details and their roles in the organization.
Agree with Tigera on a training schedule, in accordance with the lead time section.
Ensure the trainees are available to test the lab access, review the training material document, and attend the training.
Notify Tigera about any issues related to the lab or training material.
Resolve issues related to the training material or lab that are related to the customer environment, such as proxy, web filter, DNS, or firewall issues.


Deliver three (3) remote training sessions, including some or all of the theoretical and lab modules described in the training curriculum section.
Maintain one (1) lab instance for the trainees for the duration of the training.
Ensure all the trainees participate in the training sessions.

Training Curriculum

Course Introduction

Review Tigera’s Calico product offerings
Explain the functionalities of Calico Enterprise/Calico Cloud’s main components
Hands-on lab

Calico Security Policy

Review Calico Security Policy
Advanced security policy tooling
Security Policy dataplane deep-dive
Hands-on lab

Calico Host Microsegmentation

Calico Host Endpoint Protection for complete protection
Deploy, configure, and manage host endpoint policies
Hands-on lab

DNS Policy

Calico DNS Policy deep-dive
Policy examples and troubleshooting
Hands-on lab

Security Policy Best Practice

Design considerations for Calico Security Policies
Advanced tooling and labelling best practices

Kubernetes Network Encryption

Network encryption using WireGuard
WireGuard configuration, tooling, and best practices
Hands-on lab

Observability with Calico

Why observability is necessary in Kubernetes
Calico Enterprise observability tools and best practices
Hands-on lab

Compliance Reporting

Calico Compliance Dashboards and Reports
Customizable report configuration
Hands-on lab

Multicluster Management and Federation

Advantages of the Calico Cluster Mesh
Calico Cluster Mesh configuration


Trainees are required to have basic knowledge in Kubernetes networking and security, including:
  • Basic knowledge in Linux kernel and networking
  • Basic knowledge in Kubernetes
  • Basic knowledge in infrastructure security, including firewalls
Following is a list of recommended trainings to acquire basic knowledge in Kubernetes and Calico Networking and Security: