Networking for Containers and Kubernetes with Calico

Implement container networking best practices for performance, reliability, and scalability

Tigera will deliver instructor-led training focused on networking for containers and Kubernetes with Calico. Our instructors are field practitioners with extensive hands-on experience in designing and implementing container networking at scale. Our training content incorporates network design best practices and uses hands-on labs to reinforce the learning.

Estimated Time

This is a sixteen-hour intensive course designed to educate attendees on networking for containers and Kubernetes with Calico and fundamental Kubernetes networking concepts.


The following is the curriculum for the sixteen-hour course:

Overview of Kubernetes container network interface (CNI) and why it is needed
Configure and deploy Calico (Open Source, Cloud, Enterprise) as the CNI provider in a Kubernetes environment
Configure Calico IPAM to implement advanced IPAM scenarios
Overview of various networking modes (overlay and non-overlay) supported by Calico
Configure Calico in overlay mode (VXLAN), non-overlay mode (BGP), and advertise Kubernetes services beyond the scope of Kubernetes cluster using BGP
Gain an in-depth understanding of how Kubernetes services is implemented in iptables
Configure and deploy Kubernetes services and Kubernetes DNS
Deploy Calico Cloud and Enterprise Egress Gateway to control egress traffic based on zero-trust workload security principles
Gain an in-depth understanding of the Calico eBPF dataplane
Configure a Kubernetes cluster to use the Calico eBPF dataplane

Service Components

Instructor-led training
Includes theoretical and lab modules
Delivered to up to fifteen (15) trainees
Dedicated lab environment per trainee
Combination of slides and hands-on product training

Service Milestones

Training planning and setup
Kubernetes security foundation training


Lab credentials
Training material

Who should attend this training?

Systems administrators, solutions architects, DevOps engineers, platform engineers, network engineers, and security engineers will benefit from taking this course.

Training Details

The following sections provide details about the activities typically performed as part of this service.

Training Planning, Setup, and Delivery

Tigera’s Responsibilities

Work with the customer to determine the list of trainees and training schedule.
Send a remote video conferencing invitation to the trainees, according to the training schedule agreed upon with the customer.
Set up a dedicated lab instance per trainee and deliver the login credential to the trainees.
Deliver the training material document to the trainees.

Customer’s Responsibilities

Provide Tigera with a list of trainees, along with their contact details and their roles in the organization.
Agree with Tigera on a training schedule, in accordance with the lead time section
Ensure the trainees are available to test the lab access, review the training material document, and attend the training.
Notify Tigera about any issues related to the lab or training material.
Resolve issues related to the training material or lab that are related to the customer environment, such as proxy, web filter, DNS, or firewall issues.


Deliver three (3) remote training sessions, including some or all of the theoretical and lab modules described in the training curriculum section.
Maintain one (1) lab instance for the trainees for the duration of the training.
Ensure all the trainees participate in the training sessions.

Training Curriculum

Course Introduction

Tigera product offerings
The functionalities of Calico Enterprise and Calico Cloud’s main components
Calico-node main processes

Calico Container Network Interface (CNI)

Why a CNI is necessary
The responsibilities of a CNI
Pod lifecycle
Calico CNI install requirements
Calico CNI logging
Examine CNI configurations

Calico IPAM

Why Calico IPAM is necessary
How Calico IPAM works
Resources used to configure Calico IPAM
Advanced Calico IPAM features
Calico IPAM best practices

Calico Cross-Node Networking

Kubernetes networking model
Calico networking modes
Calico BGP configuration resources
How various Calico networking modes work
Calico overlay configuration resources
The difference between various overlay networking modes
Networking mode MTU sizes

Kubernetes Services & DNS

Why Kubernetes services are necessary
The role of kube-proxy
Different kube-proxy modes
Different types of services
How services are implemented in IPTables
Service discovery in Kubernetes
CoreDNS implementation in Kubernetes
DNS policies in Kubernetes

Calico Egress Gateway

Why Calico Egress Gateway is necessary
Egress Gateway use cases and characteristics
Egress Gateway health checks
Egress Gateway best practices and governance
Egress Gateway routing and sequence of events
Egress Gateway deployment
How to perform a graceful upgrade of Egress Gateway pods

Calico eBPF Dataplane

What eBPF is and its key terminologies
Differences between Calico iptables dataplane and eBPF dataplane
How eBPF works under the hood


Trainees are required to have basic knowledge in Kubernetes networking and security, including:
  • Basic knowledge in Linux kernel and networking
  • Basic knowledge in Kubernetes
  • Basic knowledge in infrastructure networking including BGP routing protocol and overlay networking using IPIP and VXLAN
  • Basic knowledge in infrastructure security, including firewalls
Following is a list of recommended trainings to acquire basic knowledge in Kubernetes and Calico Networking and Security: