Unified Control

Centralized multi-cluster approach to Kubernetes security and observability across on-premises, hybrid, and multi-cloud environments running multiple Kubernetes distributions and data planes.



Organizations are scaling Kubernetes deployments with a mix of on-premises, hybrid, and multi-cloud infrastructure. There is no standardized approach to building multiple clusters, due to the heterogeneous development environments of multiple Kubernetes distros and data planes, such as Windows, Linux, and eBPF.

A centralized, unified multi-cluster approach to security and observability can help with faster troubleshooting, adherence to compliance requirements, and uniform policy enforcements across clouds, distros and dataplanes.


Secure Multiple Clusters

Any Cloud, on Any K8s Distro

Data Plane Choice

Federate Resources Across Clusters

Key Features

Single Pane of Glass

Centrally secure clusters and workloads running on different infrastructure and Kubernetes distributions

Enable and ensure consistent security and policy management across the environment.

Any Cloud, Any Kubernetes Distribution

  • Works anywhere
    • On-premises, hybrid, and multi-cloud
  • Improves observability
    • Simplifies and speeds up troubleshooting and support
  • Provides consistency
    • Across complex, distributed architecture

Choice of Pluggable Dataplanes

  • Linux
  • eBPF
  • Windows
  • VPP

Federate Resources by Identity, Policy & Service

  • Federate by identity: Use security policy to protect traffic between pods.
    • A pod can recognize other pods and is aware of policy rules that reference pods running in other clusters.
  • Federate by policy: Apply the same policy across several clusters.
    • Define policies once and apply across all clusters.
  • Federate by service: Apply policy to single application or microservice spread across multiple clusters.
    • Pods don’t connect directly to pods, but rather to services that contain those pods

How It Works


Unified controls in Calico enable security and observability across multi-cluster, multi-cloud, and hybrid cloud environments, and provide a single pane of glass to ensure consistent application of security controls across both containers and VMs. Built on Calico open source, the most widely adopted Kubernetes CNI, Calico Cloud and Enterprise also support third-party CNIs including EKS VPC, Azure CNI, and GKE to expand your choice of public cloud providers.


Free eBook


Calico Cloud Datasheet

Learn More