Skip to main content
Calico Cloud Pro documentation

About Calico

What is Calico?

Calico is a single platform for networking, network security, and observability for any Kubernetes distribution in the cloud, on-premises, or at the edge. Whether you're just starting with Kubernetes or operating at scale, Calico's open source, enterprise, and cloud editions provide the networking, security, and observability you need.

The key advantages of Calico are:

  • A single platform to address all networking, network security, and observability needs for Kubernetes environments
  • Consistent networking and network security controls for any Kubernetes distribution, ensuring workload portability
  • Ability to scale networking and network security to multi-cluster applications, VMs, and bare metal servers without additional software

The Calico portfolio of products includes Calico Open Source, Calico Enterprise (self-managed), and Calico Cloud (fully-managed SaaS). Calico Cloud Free is a free version of Calico Cloud that focuses on observability and policy management for a single cluster. All of this is built on Calico Open Source, the most widely used container networking and security solution.

Calico overview

Networking

Ingress Gateway

Enterprise-grade traffic control based on K8s Gateway API

Egress Gateway

Secure outbound traffic with fixed, routable IP assignment

Cluster Mesh

Resilient and secure networking between clusters at scale

Network security

DNS Policies

Simplify policy creation using DNS namess

Staged Policies

Preview and test policies prior to deployment

Policy Tiers

Enforce consistent, network policies with defined precedence

Encryption

High-performance encryption with WireGuard for data in transit

Threat detection, observability, and incident response

Web Application Firewall

Detects malicious traffic targeting web applications, defending against exploits like SQL injection and cross-site scripting.

Visualize traffic

Monitor, visualize, log, and quickly troubleshoot Kubernetes traffic

Packet Capture

Self-service packet capture for troubleshooting and forensics

Alerts & Incident Response

Alert on security events and deploy mitigating policies

CI/CD automation and tools

Policy Board

Author, view and manage Kubernetes network policies

Policy recommendations

Automatically generate policies to isolate namespaces

Multi-Cluster Controls

Manage network security and observability for multiple clusters

Calico product editions

Calico Open Source icon
Calico Open Source

Open-source networking and security for containers and Kubernetes

Calico Cloud Free Tier icon
Calico Cloud Free

Observability & policy management for a single cluster

Calico Cloud icon
Calico Cloud

SaaS platform for Kubernetes networking and security

Calico Enterprise icon
Calico Enterprise

Self-managed platform for Kubernetes networking and security

Calico Open Source

Calico Open Source is a networking and security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms including Kubernetes, OpenShift, OpenStack, and bare metal services.

Calico Cloud Free

Calico Cloud Free is a free, single-cluster, single user version of Calico Cloud that provides additional enhanced Kubernetes observability and network security capabilities for Calico Open Source users. Calico Cloud Free requires Calico Open Source 3.30 or higher.

Calico can be deployed as a self-managed platform (Calico Enterprise) or a fully-managed SaaS platform (Calico Cloud). Either way, Calico provides a unified network security and observability platform to prevent, detect and mitigate security breaches in Kubernetes clusters.

Calico commercial editions

Calico Cloud and Calico Enterprise

Calico can be deployed as a self-managed platform (Calico Enterprise) or a fully-managed SaaS platform (Calico Cloud). Either way, Calico provides a unified network security and observability platform to prevent, detect, and mitigate security breaches in Kubernetes clusters.

Which product edition is right for me?

My needsCalico product edition
I want open source, best-in-class networking, network security, and observability capabilities that can work across any Kubernetes distribution, for free.Calico Open Source
Get Started
I’m a Calico Open Source user who wants to leverage some of the improved observability and policy management capabilities that are available in Calico Cloud, for free.Calico Cloud Free
Sign up
My organization wants a fully managed SaaS platform for network security and observability.Calico Cloud
Get Started
My organization wants a self-managed platform for network security and observability.Calico Enterprise
Get Started

Feature comparison matrix

CategoryCalico Open SourceCalico Cloud FreeCalico CloudCalico Enterprise
Management and Support
Multi-cluster security controls management
Data retentionIn-memory24 hours7 daysUnlimited
Number of clustersUnlimitedOneUnlimitedUnlimited
Number of usersN/AOneUnlimitedUnlimited
Support and maintenanceCommunity-drivenCommunity-drivenStandard/BusinessStandard/Business
Networking
High performance, scalable pod networking
Advanced IP address management
Direct infrastructure peering without the overlay
eBPF data plane
Windows data plane
nftables data plane
iptables data plane
VPP data plane
Multiple Calico networks on a pod
Dual ToR peering
Ingress gateway
Egress gateway
Cluster mesh
Network Security
Seamless support for Kubernetes network policy
Label-based policies for K8s and non-K8s workloads
Namespace and cluster-wide scope
Global default deny policy design
Application layer policy
Policy for services
Policy boardView only
DNS/FQDN-based policy
Hierarchical tiered network policy
Policy recommendationsManual workflow
Staged network policy
Preview staged policies
Network sets to limit IP ranges for egress and ingress traffic to workloads
Data-in-transit encryption
Universal firewall integration
Workload-based IDS/IPS
Deep packet inspection
DDoS protection
Workload-centric WAF
Compliance reporting and alerts
SIEM integrations
Network Security for VMs and Bare Metal
Restrict traffic to/from hosts and VMs using network policy
Automatic host endpoints
Apply policy to host-forwarded traffic
Observability
Goldmane API to retrieve flow logs
Calico Whisker UI
Dynamic Service and Threat Graph
Application level observability
Dynamic packet capture
Flow visualizer
Logs (flow)
Logs (HTTP traffic, audit, BGP, DNS, events)
Dashboards
Alerts

How to get started with Calico

Calico powers 100M+ containers across 8M+ nodes in 166 countries, and is supported across all major cloud providers and Kubernetes distributions.

Ready to get started?

Start a free trial or request a demo to see Calico in action.

Installation guides

How to engage

Learning resources

Get involved

Get in touch