Calico Network Policy and Calico Global Network Policy are the fundamental resources to secure workloads and hosts, and to adopt a zero trust security model.

Best practices to adopt a zero trust network model to secure workloads and hosts. Learn 5 key requirements to control network access for cloud-native strategy.

Run long-lived Calico components without root or system admin privileges.

If you are new to Kubernetes, start with "Kubernetes policy" and learn the basics of enforcing policy for pod traffic. Otherwise, dive in and create more powerful policies with Calico policy. The good news is, Kubernetes and Calico policies are very similar and work alongside each other -- so managing both types is easy.

Control traffic to/from endpoints using Calico network policy rules.

Use the same Calico network policy for workloads to restrict traffic between hosts and the outside world.

Apply Calico policy to Kubernetes node ports, and to services that are exposed externally as cluster IPs.

Configure the Calico "application layer policy" with application layer-specific attributes for Istio service mesh.

Use Calico network policy early in the Linux packet processing pipeline to handle extreme traffic scenarios.

Enable WireGuard for state-of-the-art cryptographic security between pods for Calico clusters.

Secure communications for Calico components.

Learn about the value-added features for implementing a CaaS platform in our commercial product, Calico Enterprise.