Tigera empowers organizations to secure, observe, and troubleshoot containers, Kubernetes, and cloud. Its commercial products include Calico Enterprise, a self-managed security and observability platform, and Calico Cloud, a Kubernetes-native cloud service that extends the declarative nature of Kubernetes. Its open-source offering, Calico Open Source, is the most widely adopted container networking and security solution. Tigera’s solutions specify security and observability as code to ensure consistent enforcement of security policies, which enables DevOps, platform, and security teams to protect workloads, detect threats, achieve continuous compliance, and troubleshoot service issues in real time.
Security and observability
Cloud-native applications deployed in Kubernetes have ephemeral components with dynamic IPs that are distributed across multiple clusters, clouds, and hybrid environments. This makes it impossible to secure and troubleshoot these applications using traditional approaches. We solve this by enabling DevOps teams to specify security and observability as code (SOaC). SOaC is the configuration of security and observability at deployment time employing Kubernetes primitives and declarative models, using the same versioning that DevOps teams use for source code.
Following the principle that the same source code generates the same binary, a SOaC approach ensures that any Kubernetes component generated with the code has the exact same security and observability confirmation regardless of the deployment model, type of distribution, or container type.Watch the Video
Kubernetes-native architecture for security and observability
We are Kubernetes-native and offer rich security and observability functionality by deeply integrating with Kubernetes’s core. We provide this functionality in Kubernetes clusters by adding new custom APIs and controllers, as well as providing infrastructure plugins for the core components of networking, storage, and container runtime. Being Kubernetes-native, we work with the Kubernetes command line interface (kubectl), which can be seamlessly integrated with Kubernetes features such as role-based access control (RBAC), service accounts, audit logs, etc.
Calico offers a number of additional custom resource definitions (CRDs) that extend Kubernetes APIs. Examples include GlobalNetworkPolicy, GlobalThreatFeed, GlobalAlerts, PacketCapture, StagedNetworkPolicy, and HostEndpoint.
Since Calico is Kubernetes-native, all of its security and observability features can be accessed via Kubernetes API server, making it possible to programmatically configure functionality.
Being Kubernetes-native means that the same functionality will work across multiple clusters, distributions, and deployment models.
Commitment to open source
We are committed to developing, cultivating and supporting open source projects and communities.
Project Calico: We are the creator and maintainer of Project Calico, which delivers open source Calico, the most widely adopted solution for container networking and security, powering 1M+ nodes daily across 166 countries.
eBPF and Envoy: We actively use and promote popular open source projects like eBPF and Envoy. Calico provides a pluggable data plane architecture enabling support for multiple data planes, including standard Linux, eBPF, and Windows. Calico also integrates with Envoy to provide observability functionality.
Loved by the community
The global Calico community is large and growing. We deliver more than 100 free technical training sessions annually to thousands of community members. We also offer free, self-paced Calico certification programs.
Trusted by companies all over the world
Calico is used by leading companies, including HanseMerkur, Merck, Mindbody, RealPage, L3Harris, Discover, AT&T, and ServiceNow.