When deploying a new microservice, security policies must be created to define which other microservices it can and should connect to. But before deployment, each new policy and service must be reviewed to ensure it will not override or interfere with an existing policy. Review and approval typically occurs at a central point of control, creating a choke-point when microservice deployments scale.
Using policy tiers, Calico enables SREs, and developer teams to easily make self-service security policy changes to a cluster without the risk of overriding an existing policy. No central manager or control point is required to create, review, or approve new policies. Deployment of new microservices along with the creation of necessary security policies is a fully-automated process.
Maintain compliance: Microservices can be deployed along with security policies, without the risk of overriding other critical security policies required for compliance.
Automatically identify and eliminate any potential problems caused by incorrect, incomplete, or conflicting security policy deployments.
Fully automate and accelerate the end-to-end microservices deployment process, including any necessary security changes, using policy-as-code.
Calico policy tiers enables developers to safely deploy their services to secure clusters using “policy as code” within an automated, self-service security policy process. With policy tiers, developers can create policies without having to learn the intricacies of YAML. Policy tiers define the order in which security policies are evaluated. Calico automates review and validation steps that preview and stage policies to ensure they are working properly before being committed to deployment.