About Calico
What is Calico?
Calico is a single platform for networking, network security, and observability for any Kubernetes distribution in the cloud, on-premises, or at the edge. Whether you're just starting with Kubernetes or operating at scale, Calico's open source, enterprise, and cloud editions provide the networking, security, and observability you need.
The key advantages of Calico are:
- A single platform to address all networking, network security, and observability needs for Kubernetes environments
- Consistent networking and network security controls for any Kubernetes distribution, ensuring workload portability
- Ability to scale networking and network security to multi-cluster applications, VMs, and bare metal servers without additional software
The Calico portfolio of products includes Calico Open Source, Calico Enterprise (self-managed), and Calico Cloud (fully-managed SaaS). Calico Cloud Free is a free version of Calico Cloud that focuses on observability and policy management for a single cluster. All of this is built on Calico Open Source, the most widely used container networking and security solution.
Calico overview
Networking
Ingress Gateway
Enterprise-grade traffic control based on K8s Gateway API
Egress Gateway
Secure outbound traffic with fixed, routable IP assignment
Cluster Mesh
Resilient and secure networking between clusters at scale
Network security
DNS Policies
Simplify policy creation using DNS namess
Staged Policies
Preview and test policies prior to deployment
Policy Tiers
Enforce consistent, network policies with defined precedence
Encryption
High-performance encryption with WireGuard for data in transit
Threat detection, observability, and incident response
Web Application Firewall
Detects malicious traffic targeting web applications, defending against exploits like SQL injection and cross-site scripting.
Visualize traffic
Monitor, visualize, log, and quickly troubleshoot Kubernetes traffic
Packet Capture
Self-service packet capture for troubleshooting and forensics
Alerts & Incident Response
Alert on security events and deploy mitigating policies
CI/CD automation and tools
Policy Board
Author, view and manage Kubernetes network policies
Policy recommendations
Automatically generate policies to isolate namespaces
Calico product editions
Calico Open Source
Open-source networking and security for containers and Kubernetes
Calico Cloud Free
Observability & policy management for a single cluster
Calico Cloud
SaaS platform for Kubernetes networking and security
Calico Enterprise
Self-managed platform for Kubernetes networking and security
Calico Open Source
Calico Open Source is a networking and security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms including Kubernetes, OpenShift, OpenStack, and bare metal services.
Calico Cloud Free
Calico Cloud Free is a free, single-cluster, single user version of Calico Cloud that provides additional enhanced Kubernetes observability and network security capabilities for Calico Open Source users. Calico Cloud Free requires Calico Open Source 3.30 or higher.
Calico can be deployed as a self-managed platform (Calico Enterprise) or a fully-managed SaaS platform (Calico Cloud). Either way, Calico provides a unified network security and observability platform to prevent, detect and mitigate security breaches in Kubernetes clusters.
Calico commercial editions
Calico Cloud and Calico Enterprise
Calico can be deployed as a self-managed platform (Calico Enterprise) or a fully-managed SaaS platform (Calico Cloud). Either way, Calico provides a unified network security and observability platform to prevent, detect, and mitigate security breaches in Kubernetes clusters.
Which product edition is right for me?
| My needs | Calico product edition |
|---|---|
| I want open source, best-in-class networking, network security, and observability capabilities that can work across any Kubernetes distribution, for free. | Calico Open Source Get Started |
| I’m a Calico Open Source user who wants to leverage some of the improved observability and policy management capabilities that are available in Calico Cloud, for free. | Calico Cloud Free Sign up |
| My organization wants a fully managed SaaS platform for network security and observability. | Calico Cloud Get Started |
| My organization wants a self-managed platform for network security and observability. | Calico Enterprise Get Started |
Feature comparison matrix
| Category | Calico Open Source | Calico Cloud Free | Calico Cloud | Calico Enterprise |
|---|---|---|---|---|
| Management and Support | ||||
| Multi-cluster security controls management | ||||
| Data retention | In-memory | 24 hours | 7 days | Unlimited |
| Number of clusters | Unlimited | One | Unlimited | Unlimited |
| Number of users | N/A | One | Unlimited | Unlimited |
| Support and maintenance | Community-driven | Community-driven | Standard/Business | Standard/Business |
| Networking | ||||
| High performance, scalable pod networking | ||||
| Advanced IP address management | ||||
| Direct infrastructure peering without the overlay | ||||
| eBPF data plane | ||||
| Windows data plane | ||||
| nftables data plane | ||||
| iptables data plane | ||||
| VPP data plane | ||||
| Multiple Calico networks on a pod | ||||
| Dual ToR peering | ||||
| Ingress gateway | ||||
| Egress gateway | ||||
| Cluster mesh | ||||
| Network Security | ||||
| Seamless support for Kubernetes network policy | ||||
| Label-based policies for K8s and non-K8s workloads | ||||
| Namespace and cluster-wide scope | ||||
| Global default deny policy design | ||||
| Application layer policy | ||||
| Policy for services | ||||
| Policy board | View only | |||
| DNS/FQDN-based policy | ||||
| Hierarchical tiered network policy | ||||
| Policy recommendations | Manual workflow | |||
| Staged network policy | ||||
| Preview staged policies | ||||
| Network sets to limit IP ranges for egress and ingress traffic to workloads | ||||
| Data-in-transit encryption | ||||
| Universal firewall integration | ||||
| Workload-based IDS/IPS | ||||
| Deep packet inspection | ||||
| DDoS protection | ||||
| Workload-centric WAF | ||||
| Compliance reporting and alerts | ||||
| SIEM integrations | ||||
| Network Security for VMs and Bare Metal | ||||
| Restrict traffic to/from hosts and VMs using network policy | ||||
| Automatic host endpoints | ||||
| Apply policy to host-forwarded traffic | ||||
| Observability | ||||
| Goldmane API to retrieve flow logs | ||||
| Calico Whisker UI | ||||
| Dynamic Service and Threat Graph | ||||
| Application level observability | ||||
| Dynamic packet capture | ||||
| Flow visualizer | ||||
| Logs (flow) | ||||
| Logs (HTTP traffic, audit, BGP, DNS, events) | ||||
| Dashboards | ||||
| Alerts |
How to get started with Calico
Calico powers 100M+ containers across 8M+ nodes in 166 countries, and is supported across all major cloud providers and Kubernetes distributions.
Ready to get started?
Start a free trial or request a demo to see Calico in action.
Installation guides
How to engage
Learning resources
- Blog
- Certifications (self-paced)
- Product tutorials (self-paced)
- Learn guides
- Webinars and workshops (live and on demand)
- Resources
Get involved
Get in touch
- Slack (Calico Open Source users)
- YouTube (@ProjectCalico)
- Contact us