Tigera, creator and maintainer of Calico Open Source announced the availability of Calico Container Networking Interface (CNI) for Azure Kubernetes Service (AKS), Microsoft’s managed Kubernetes service.
In addition to using Calico’s networking and security policy engine, AKS users will be able to use Calico Open Source as a CNI for robust, scalable and higher performance networking for their environments with a choice of Windows, eBPF and Linux data planes.
The release of Calico CNI comes on the heels of Microsoft’s BYO (Bring Your Own) CNI initiative, which allows enterprises to choose their own CNI to address their needs. Administrators receive access to full support from Tigera for Calico Open Source and can deploy Tigera’s Calico Cloud-Native Application Protection Platform (CNAPP) for active zero-trust based container security across build, deploy and runtime stages via their Azure Marketplace portal.
Calico Open Source serves as a foundation for zero-trust workload security for tens of thousands of companies. Calico CNI is a used container networking interface recognized for its performance capabilities, scalability, flexibility, power, efficiency and support for multiple data planes including eBPF, Linux and Windows.
Users can build zero-trust workload security, access a top-notch runtime threat defense solution and achieve container security with the foundation of Calico CNI in AKS. Users also can deploy Calico CNAPP for comprehensive protection for their containerized workloads on AKS.
Calico as CNI for AKS will address industry pain points and provide users with these benefits:
- Best-in-class security and traffic throughput – Calico’s security policy model makes it easy to restrict communication between endpoints as required. With built-in support for WireGuard encryption, securing pod-to-pod traffic across the network comes with lower CPU usage and occupancy and higher performance. Depending on user preference, Calico uses either Windows, eBPF or Linux data plane to deliver high-performance networking.
- Choice and flexibility – Whichever data plane they use, users receive the same easy to use, base networking, security policy and IP address management capabilities that have made Calico Open Source a trusted networking and security policy solution for mission-critical cloud-native applications.
- Ease of use – Calico is the best-suited solution to mitigate IP address exhaustion on AKS as one of the most deployed CNIs in the market offering zero-trust for workload security. Calico CNI’s IP address management (IPAM) plugin allocates IP addresses for pods out of one or more configurable IP address ranges, dynamically allocating small blocks of IPs per node as required. The result is a more efficient IP address space usage compared to many other CNI IPAM plugins, including the host local IPAM plugin, which is used in many container networking solutions.
For enterprises adopting multi-cloud or hybrid environments, Calico CNI ensures these organizations have a single security policy starting from AKS, Amazon Elastic Kubernetes Service (EKS), GCP, Rancher, Red Hat OpenShift, VMware Tanzu, Upstream Kubernetes and other supported distributions without the need to familiarize themselves with an additional CNI plugin. Users can have unified networking capabilities across disparate cloud environments, leveraging Calico CNI IPAM capabilities the same way in AKS as they would in other managed cloud distributions.
Project Calico is a fundamentally open-source solution, and there is no cost for the use of Calico CNI, Calico IPAM or Calico networking and security policies on Azure AKS.
For more comprehensive protection, AKS users can upgrade to Calico CNAPP via Azure Marketplace to prevent, detect, troubleshoot and mitigate exposure risks of security issues in build, deploy, and runtime stages.