Google Cloud Platform and GKE

Get Kubernetes security, observability, and networking on Google Kubernetes Engine (GKE), and for self-managed Kubernetes on Google Cloud VMs


Deploy and manage a consistent set of networking and security policies for Kubernetes clusters on Google Cloud Platform (GCP). Tigera’s Calico Cloud gives teams a single pane of glass across multi-cluster and hybrid clouds to deploy a standard set of egress access controls, enforce consistent security policies for compliance, and easily observe and troubleshoot applications.


With GCP and Tigera you can address the most common use cases for Kubernetes networking, security, and observability in Google Kubernetes Engine (GKE) with Calico:

  • Manage egress access: Kubernetes has no built-in capability to enforce network policy. Calico can securely control egress access to external resources with the following:
    • DNS policy
    • Egress access gateway
  • Enterprise security and compliance: Get data-in-transit encryption with industry-leading performance, as well as compliance reporting for security policies and controls. Leverage an incredibly rich intrusion detection feature set that includes threat feeds to identify known bad actors, custom alerts for known attacks, anomaly detection, and honeypods.
  • Observe and troubleshoot: Detect, identify, and resolve the performance hotspots, anomalies, and connectivity issues between microservices running on GKE clusters.

How It Works


Calico provides a common networking and security policy model using Kubernetes constructs like labels and selectors to control and restrict access to specific namespaces, microservices, and pods.

Get Started

Getting started with Calico and GKE is easy. Everything you need to get Calico installed and configured in your GCP GKE cluster is available here.

User Guide

Learn More


Get Started

Learn More

Self-managed Kubernetes in GCP

Learn More

Free eBook

Learn More

Become a Tigera Partner