tigera.io

Last updated: 11/26/2025valid
Independent Directory - Important Information
This llms.txt file was publicly accessible and retrieved from tigera.io. LLMS Central does not claim ownership of this content and hosts it for informational purposes only to help AI systems discover and respect website policies.
This listing is not an endorsement by tigera.io and they have not sponsored this page. We are an independent directory service with no affiliation to the listed domain.
Copyright & Terms: Users should respect the original terms of service of tigera.io. If you believe there is a copyright or terms of service violation, please contact us at support@llmscentral.com for prompt removal. Domain owners can also claim their listing.
Current llms.txt Content

# Tigera

> Structured content to help AI and users discover key resources from our website.

## Home Page
- [Unified Network Security &#038; Observability for Kubernetes](https://www.tigera.io/): A single platform for any Kubernetes distribution in the cloud or on premises. Eliminate tool sprawl, fragmented control, and multi-cluster limitations.

## Calico Project
- [Project Calico](https://www.tigera.io/project-calico/): Free and open source, Project Calico is designed to simplify, scale, and secure container and Kubernetes networks. Invented and maintained by Tigera.

## Tigera Products
- [Calico Commercial Editions](https://www.tigera.io/tigera-products/calico-commercial-editions/)
- [Calico Open Source](https://www.tigera.io/tigera-products/calico/)

## Tigera Solutions
- [Calico for AI Workloads](https://www.tigera.io/tigera-products/ai-workloads/)
- [Calico Dashboards](https://www.tigera.io/features/calico-dashboards/)
- [Calico Ingress Gateway](https://www.tigera.io/tigera-products/ingress-gateway/)
- [Kubernetes Network Security](https://www.tigera.io/tigera-products/kubernetes-network-security/)
- [Calico Egress Gateway](https://www.tigera.io/tigera-products/egress-gateway/)
- [Container Firewall](https://www.tigera.io/tigera-products/container-firewall/)
- [Cluster Mesh](https://www.tigera.io/tigera-products/cluster-mesh/): Calico Cluster Mesh streamlines cluster mesh operations with complete visibility, security, and networking through a centralized management plane.
- [Universal Firewall Integration](https://www.tigera.io/features/firewall-integration/)
- [Multi-Cloud Security](https://www.tigera.io/tigera-products/multi-cloud-security/)
- [High Availability for Kubernetes](https://www.tigera.io/tigera-products/kubernetes-high-availability/)
- [Identity-Aware Microsegmentation](https://www.tigera.io/features/microsegmentation/)
- [Security Policy Management](https://www.tigera.io/features/policy-lifecycle-management/)
- [Zero-Trust Workload Access Security](https://www.tigera.io/tigera-products/zero-trust-workload-security/)
- [Configuration Security](https://www.tigera.io/features/configuration-security/)
- [Observability and Troubleshooting](https://www.tigera.io/tigera-products/observability-and-troubleshooting/)
- [Compliance](https://www.tigera.io/features/compliance-and-audit/)
- [Network Threat Detection](https://www.tigera.io/features/network-threat-detection/)

## Guides
- [eBPF Kubernetes](https://www.tigera.io/learn/guides/ebpf/ebpf-kubernetes/): eBPF is a Linux kernel tech that runs bytecode in-kernel for low-level tracing, monitoring, and security, improving performance and flexibility.
- [Kubernetes Costs](https://www.tigera.io/learn/guides/kubernetes-monitoring/kubernetes-costs/): Kubernetes cost management is the practice of monitoring, controlling, and optimizing expenses incurred by running workloads on Kubernetes clusters.
- [Platform Engineering vs DevOps](https://www.tigera.io/learn/guides/devsecops/platform-engineering-vs-devops/): DevOps bridges software development and IT operations; platform engineering creates internal platforms, enabling efficient, secure app delivery by teams.
- [What is Cloud Native](https://www.tigera.io/learn/guides/cloud-native-security/what-is-cloud-native/): Cloud native refers to a software development approach focused on building and running applications in modern, dynamic, and distributed cloud environments. It leverages microservices, containers, and container orchestration to create scalable, resilient, and easily manageable applications.
- [Kubernetes Distributions](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-distributions/): Kubernetes distributions are packaged Kubernetes systems with added tools, configs, or extensions tailored to specific environments or use cases.
- [Platform Engineering vs SRE](https://www.tigera.io/learn/guides/devsecops/platform-engineering-vs-sre/): Platform engineering builds internal platforms to boost developer efficiency; SRE applies software principles for scalable, reliable infrastructure systems.
- [High Availability Kubernetes](https://www.tigera.io/learn/guides/kubernetes-security/high-availability-kubernetes/): High availability (HA) in Kubernetes ensures critical services remain accessible despite failures like node outages or network disruptions.
- [Kubernetes Statistics](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-statistics/): Kubernetes, an open-source tool automating deployment, scaling, and management of containers, was created by Google, now maintained by CNCF.
- [NGINX Ingress](https://www.tigera.io/learn/guides/kubernetes-security/nginx-ingress/): The NGINX Ingress Controller is a Kubernetes-native component that manages external access to services within a Kubernetes cluster.
- [Kubernetes Security Tools for Enterprises](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-security-tools-for-enterprises/): Enterprises use Kubernetes security tools to automate threat detection, mitigation, secure configurations, and compliance in containerized apps at scale.
- [Kubernetes Security Platforms](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-security-platforms/): Kubernetes security platforms help enforce security in Kubernetes, which manages the deployment, scaling, and operation of containerized apps.
- [eBPF Service Mesh](https://www.tigera.io/learn/guides/ebpf/ebpf-service-mesh/): eBPF lets programs run securely in the Linux kernel. A service mesh manages communication between microservices in distributed architectures.
- [Platform Engineering on Kubernetes](https://www.tigera.io/learn/guides/devsecops/platform-engineering-on-kubernetes/): Platform engineering builds internal developer platforms (IDPs), abstracting infrastructure complexity, streamlining delivery, boosting team productivity.
- [Kubernetes Security Software](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-security-software/): Kubernetes security software refers to tools and solutions that protect Kubernetes clusters throughout their lifecycle.
- [Microsegmentation Software](https://www.tigera.io/learn/guides/microsegmentation/microsegmentation-software/): Microsegmentation software is a network security solution designed to isolate workloads and applications within a broader network.
- [Service Mesh Solutions](https://www.tigera.io/learn/guides/service-mesh/service-mesh-solutions/): Service mesh solutions manage interactions between microservices within a distributed application.
- [Kubernetes Observability Software](https://www.tigera.io/learn/guides/kubernetes-monitoring/kubernetes-observability-software/): Kubernetes observability software refers to tools and solutions that help organizations monitor, analyze, and troubleshoot Kubernetes-based environments.
- [Observability](https://www.tigera.io/learn/guides/observability/): Observability is a strategy for managing IT services and software. It ensures the most relevant and important issues are captured and addressed in operational processes.
- [Microsegmentation Solutions](https://www.tigera.io/learn/guides/microsegmentation/microsegmentation-solutions/): Microsegmentation solutions improve data protection by dividing networks into smaller, isolated segments.
- [Zero Trust Segmentation](https://www.tigera.io/learn/guides/zero-trust/zero-trust-segmentation/): Zero Trust segmentation reduces risk by dividing networks into smaller segments with strict access controls and continuous monitoring.
- [NAC Cyber Security](https://www.tigera.io/learn/guides/microsegmentation/nac-cyber-security/): Network Access Control (NAC) is a security framework designed to manage and monitor devices as they connect to an organization's network.
- [Zero Trust vs Least Privilege](https://www.tigera.io/learn/guides/zero-trust/zero-trust-vs-least-privilege/): Zero Trust assumes no user or system is trusted by default. The Principle of Least Privilege limits access to only what’s needed to complete specific tasks.
- [Network Segmentation PCI DSS](https://www.tigera.io/learn/guides/microsegmentation/network-segmentation-pci-dss/): Network segmentation creates smaller subnetworks to boost security and performance. PCI DSS sets standards to protect credit card data across businesses.
- [Network Segmentation NIST](https://www.tigera.io/learn/guides/microsegmentation/network-segmentation-nist/): Network segmentation divides a network into smaller sub-networks. NIST sets standards and best practices for industries, including cybersecurity.
- [Microsegmentation Zero Trust](https://www.tigera.io/learn/guides/microsegmentation/microsegmentation-zero-trust/): Zero Trust is a security model that operates on the principle of not automatically trusting anything inside or outside an organization's perimeter
- [Microsegmentation Tools](https://www.tigera.io/learn/guides/microsegmentation/microsegmentation-tools/): Microsegmentation tools improve network security by dividing a network into smaller, manageable segments.
- [NIST Zero Trust](https://www.tigera.io/learn/guides/zero-trust/nist-zero-trust/): NIST Zero Trust Architecture is a security framework countering cyber threats, based on not trusting any user or device by default, inside or outside the network.
- [PCI DSS V4](https://www.tigera.io/learn/guides/pci-compliance/pci-dss-v4/): PCI DSS v4.0 is the latest update to the security standards established to protect cardholder data and ensure secure payment processing environments.
- [Microsegmentation VMware](https://www.tigera.io/learn/guides/microsegmentation/microsegmentation-vmware/): Microsegmentation is a security technique that divides a network into smaller, isolated segments to improve visibility, control, and protection against threats.
- [VMware NSX Alternatives](https://www.tigera.io/learn/guides/kubernetes-networking/vmware-nsx-alternatives/): VMware NSX is a network virtualization platform for managing and automating networking services.
- [Kubernetes Ingress](https://www.tigera.io/learn/guides/kubernetes-networking/kubernetes-ingress/): Kubernetes ingress is an API object that manages external access to services within a Kubernetes cluster, typically over HTTP and HTTPS.
- [OpenShift KubeVirt](https://www.tigera.io/learn/guides/kubernetes-networking/openshift-kubevirt/): KubeVirt is an extension of Kubernetes that allows you to run virtual machines (VMs) alongside container workloads in the OpenShift environment.
- [OpenShift Virtualization](https://www.tigera.io/learn/guides/kubernetes-networking/openshift-virtualization/): OpenShift Virtualization allows enterprises to run and manage virtual machines alongside container workloads.
- [Istio Alternatives](https://www.tigera.io/learn/guides/service-mesh/istio-alternatives/): Istio is an open-source service mesh platform that layers transparency over existing distributed applications.
- [Kubernetes Gateway API](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-gateway-api/): The Kubernetes Gateway API intends to provide a modern interface for managing service networking in Kubernetes environments
- [Kubernetes DNS Policy](https://www.tigera.io/learn/guides/kubernetes-networking/kubernetes-dns-policy/): DNS in Kubernetes enables service discovery and inter-pod communication by automatically generating DNS records for created pods and services.
- [Kubernetes Multi Tenancy](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-multi-tenancy/): Kubernetes multi-tenancy allows multiple user groups or applications to run on a single Kubernetes cluster, sharing resources while maintaining isolation.
- [Kubernetes DNS Service](https://www.tigera.io/learn/guides/kubernetes-networking/kubernetes-dns-service/): The Domain Name System (DNS) is used in Kubernetes to enable name resolution within a cluster.
- [Cilium Service Mesh](https://www.tigera.io/learn/guides/cilium-vs-calico/cilium-service-mesh/): Cilium Service Mesh is a networking, security, and observability framework for cloud-native application environments.
- [Container as a Service](https://www.tigera.io/learn/guides/kubernetes-networking/container-as-a-service/): Container as a Service (CaaS) is a cloud service model that allows developers to manage and deploy containers and clusters via container-based virtualization.
- [Kubernetes Namespace](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-namespace/): A Kubernetes namespace is a logical division within a Kubernetes cluster that allows you to partition resources into logically named groups.
- [Cilium](https://www.tigera.io/learn/guides/cilium-vs-calico/cilium/): Cilium is an open-source solution for providing, securing, and observing network connectivity between container workloads.
- [Cilium Cluster Mesh](https://www.tigera.io/learn/guides/cilium-vs-calico/cilium-cluster-mesh/): Cilium Cluster Mesh extends the capabilities of Cilium, an open source Container Network Interface (CNI) solution.
- [Kubernetes Observability](https://www.tigera.io/learn/guides/kubernetes-monitoring/kubernetes-observability/): Kubernetes observability is the set of methods and tools used to track, analyze, and manage the internal state of a Kubernetes environment.
- [Egress Gateway](https://www.tigera.io/learn/guides/kubernetes-networking/egress-gateway/): Egress gateways in Kubernetes are network components that manage the outbound traffic from the cluster to external systems.
- [GKE Security](https://www.tigera.io/learn/guides/kubernetes-security/gke-security/): Google Kubernetes Engine (GKE) is a managed service simplifying container orchestration with Google handling system components and control plane management.
- [AI Safety](https://www.tigera.io/learn/guides/llm-security/ai-safety/): AI safety involves designing and operating AI systems to ensure they perform intended functions without causing harm to humans or the environment.
- [Microservices Security](https://www.tigera.io/learn/guides/microservices-security/): Microservices security includes strategies and technologies that can help protect microservices architectures from unauthorized access and cyber threats.
- [Service Mesh Architecture](https://www.tigera.io/learn/guides/service-mesh/service-mesh-architecture/): A service mesh is a dedicated infrastructure layer that enables service-to-service communication between microservices.
- [Generative AI Cyber Security](https://www.tigera.io/learn/guides/llm-security/generative-ai-cyber-security/): Generative AI is an advanced field of artificial intelligence that focuses on creating new content autonomously, by learning patterns from extensive datasets.
- [OWASP Top 10 LLM](https://www.tigera.io/learn/guides/llm-security/owasp-top-10-llm/): The OWASP Top 10 for LLM Applications is a framework that ranks the top ten security vulnerabilities commonly found in applications involving LLMs.
- [Kubernetes Certification](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-certification/): Kubernetes certifications validate expertise and skills in deploying, managing, and operating Kubernetes clusters.
- [Generative AI Security Risks](https://www.tigera.io/learn/guides/llm-security/generative-ai-security-risks/): Generative AI creates new content leading to potential security/ethical issues like fake content creation, privacy breaches and over-reliance in businesses.
- [Prompt Injection](https://www.tigera.io/learn/guides/llm-security/prompt-injection/): A prompt injection attack manipulates a large language model (LLM) by injecting malicious inputs designed to alter the model’s output.
- [LLM Security](https://www.tigera.io/learn/guides/llm-security/): Large language models (LLM) are AI systems trained on text datasets, capable of emulating human-like text, code, and interactions.
- [Kubernetes Debugging](https://www.tigera.io/learn/guides/kubernetes-networking/kubernetes-debugging/): Kubernetes debugging is the process of diagnosing and resolving issues within your Kubernetes clusters.
- [Prometheus Grafana](https://www.tigera.io/learn/guides/prometheus-monitoring/prometheus-grafana/): The integration of Prometheus and Grafana in cloud native environments offers significant benefits for monitoring and observability
- [Cloud Native Networking](https://www.tigera.io/learn/guides/cloud-native-security/cloud-native-networking/): Cloud Native Network Function (CNF) is a modern approach to networking, which leverages the power of the cloud to simplify and scale networking functions.
- [Kubernetes Security Context](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-security-context/): Kubernetes Security Context is a feature that enables the configuration of permission and security settings for pods and containers within a Kubernetes cluster.
- [Cilium vs Calico](https://www.tigera.io/learn/guides/cilium-vs-calico/): Calico is an open-source networking and security solution for containers and VMs, supporting platforms like Kubernetes and Docker. Cilium, based on eBPF, offers cloud-native networking and security.
- [Cloud Workload Security](https://www.tigera.io/learn/guides/cloud-security/cloud-workload-security/): Cloud workload security refers to the practices and strategies employed to protect workloads running in cloud environments from cyber threats and data breaches.
- [Container Firewall](https://www.tigera.io/learn/guides/container-security-best-practices/container-firewall/): A container firewall is a security measure that provides network security for container-based applications.
- [Service Mesh](https://www.tigera.io/learn/guides/service-mesh/): A service mesh is a dedicated infrastructure layer for managing, controlling, and observing communication between microservices in a distributed system.
- [Kubernetes CIS Benchmark](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-cis-benchmark/): The Kubernetes CIS benchmark is a set of security best practices and recommendations developed by the Center for Internet Security (CIS) for securing Kubernetes environments.
- [Kubernetes WAF](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-waf/): Kubernetes Web Application Firewall (WAF) is a security measure aimed at safeguarding applications deployed on Kubernetes clusters from a variety of web-related threats.
- [Kubernetes Federation](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-federation/): KubeFed (Kubernetes Federation) is an open-source project designed to enable the management and coordination of multiple Kubernetes clusters.
- [Container Vulnerability Scanning](https://www.tigera.io/learn/guides/container-security-best-practices/container-vulnerability-scanning/): Container vulnerability scanning is the process of identifying security vulnerabilities in software containers, thus proactively detecting and mitigating security risks.
- [Service Mesh Kubernetes](https://www.tigera.io/learn/guides/service-mesh/service-mesh-kubernetes/): A Kubernetes service mesh is a dedicated infrastructure layer designed to manage, observe, and control communication between microservices within a Kubernetes cluster.
- [Kubernetes Multi Cluster](https://www.tigera.io/learn/guides/kubernetes-networking/kubernetes-multi-cluster/): Multi-cluster Kubernetes refers to the management of multiple Kubernetes clusters, which are a group of nodes working together to orchestrate and run containerized applications.
- [Microservices Kubernetes](https://www.tigera.io/learn/guides/microservices-security/microservices-kubernetes/): Discover how Kubernetes benefits microservices-based applications by enabling scalability, high availability, load balancing, rolling updates, self-healing, and more.
- [Microservices Logging](https://www.tigera.io/learn/guides/microservices-security/56460-2/)
- [Kubernetes Network Policy](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-network-policy/): A Kubernetes network policy is a specification that defines how pods are allowed to communicate with each other and other network endpoints in a Kubernetes cluster.
- [Kubernetes Network Security](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-network-security/): Networking is a particularly complex part of Kubernetes, therefore, Kubernetes network security can be especially challenging.
- [KSPM](https://www.tigera.io/learn/guides/kubernetes-security/kspm/): Kubernetes security posture management (KSPM) refers to a set of processes and tools aimed at maintaining the security and compliance of a Kubernetes cluster and its workloads
- [Cloud Firewall](https://www.tigera.io/learn/guides/cloud-security/cloud-firewall/): Cloud-based firewalls can be used to create virtual barriers around cloud platforms, infrastructure, and applications.
- [Kubernetes Compliance](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-compliance/): To help manage compliance, security research bodies provide standardized frameworks and guidelines for managing security in the Kubernetes ecosystem.
- [Container Compliance](https://www.tigera.io/learn/guides/container-security-best-practices/container-compliance/): Containerized architectures have revolutionized software development. However, containers create security risks that can lead to compliance violations.
- [Azure PCI Compliance](https://www.tigera.io/learn/guides/pci-compliance/azure-pci-compliance/): Microsoft Azure has PCI DSS compliance certification (service provider level 1). It uses a qualified security assessor (QSA) to maintain its PCI DSS validation.
- [Kubernetes Firewall](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-firewall/): A Kubernetes firewall tracks and filters all inbound and outbound communications with production Kubernetes clusters.
- [AWS PCI Compliance](https://www.tigera.io/learn/guides/pci-compliance/aws-pci-compliance/): Understand PCI DSS requirements for cloud environments and discover your responsibilities for making your AWS environment PCI DSS compliant.
- [PCI Compliance](https://www.tigera.io/learn/guides/pci-compliance/): PCI DSS ensures companies processing, storing, or transmitting credit card information maintain a secure environment through a set of security measures.
- [Container Networking](https://www.tigera.io/learn/guides/kubernetes-networking/container-networking/): Learn about container networking standards, main network models such as “none,” “bridge,” and “overlay,” and performance best practices.
- [Prometheus Operator](https://www.tigera.io/learn/guides/prometheus-monitoring/prometheus-operator/): Get a comprehensive introduction to the Prometheus Operator: Custom Resource Definitions (CRDs), installation, and basic usage.
- [Cloud Native Architecture](https://www.tigera.io/learn/guides/cloud-native-security/cloud-native-architecture/): Learn about the pros and cons of cloud native architecture that make applications more flexible, scalable, and resilient.
- [Zero Trust Security](https://www.tigera.io/learn/guides/zero-trust/zero-trust-security/): Discover core principles of zero trust security and a 5-step methodology to designing and implementing your Zero Trust Network (ZTN).
- [Zero Trust Architecture](https://www.tigera.io/learn/guides/zero-trust/zero-trust-architecture/): Learn about the benefits of a zero trust architecture and its basic building blocks, including IAM, MFA, ZTNA, and microsegmentation.
- [Zero Trust Network](https://www.tigera.io/learn/guides/zero-trust/zero-trust-network/): Discover zero trust network (ZTN), a modern network security architecture, and how to implement it in a containerized environment.
- [Zero Trust Strategy](https://www.tigera.io/learn/guides/zero-trust/zero-trust-strategy/): Understand the importance of a zero trust strategy, why it can be challenging, and steps you can take to build your organization’s zero trust strategy.
- [Zero Trust Policy](https://www.tigera.io/learn/guides/zero-trust/zero-trust-policy/): Learn about the principles that form the basis of a zero trust policy, and the 6 essential questions zero trust policies ask and answer about every network connection.
- [Microsegmentation](https://www.tigera.io/learn/guides/microsegmentation/): Microsegmentation is a cybersecurity technique that divides a network into small, isolated segments, often called microsegments, to enhance security and control access. It's a more granular approach than traditional network segmentation and is often used to implement a zero-trust security model.
- [Application Segmentation](https://www.tigera.io/learn/guides/microsegmentation/application-segmentation/): Learn about modern approaches to application segmentation, how they leverage microsegmentation, and why they are the core of a zero-trust security approach.
- [CNAPP](https://www.tigera.io/learn/guides/cnapp/): CNAPPs unify the capabilities of cloud security posture management (CSPM), Cloud Service Network Security (CSNS), cloud workload protection platforms (CWPPs), and Kubernetes Security Posture Management (KSPM).
- [Cloud-Native Monitoring](https://www.tigera.io/learn/guides/cloud-native-security/cloud-native-monitoring/): Understand why cloud-native monitoring is complex, the four key components of cloud-native monitoring, and how to select a monitoring solution.
- [Cloud-Native Security](https://www.tigera.io/learn/guides/cloud-native-security/): Discover the 4 C’s of cloud-native security—cloud, container, cluster, and code—and five ways you can improve security for your cloud-native applications.
- [Kubernetes CNI](https://www.tigera.io/learn/guides/kubernetes-networking/kubernetes-cni/): Understand the Container Network Interface (CNI), how it works with Kubernetes, and how it enhances Kubernetes networking.
- [CWPP](https://www.tigera.io/learn/guides/cnapp/cwpp/): Cloud Workload Protection Platforms (CWPPs) provide the capabilities needed to secure workloads deployed in private, public, or hybrid clouds.
- [Cloud Security](https://www.tigera.io/learn/guides/cloud-security/): Learn about the importance of cloud security, challenges that make it difficult to secure cloud environments, and foundational tech that can secure your cloud.
- [Container Security Scanning](https://www.tigera.io/learn/guides/container-security-best-practices/container-security-scanning/): Understand the security risks of container images, technologies used for container security scanning, and best practices for effective container scanning.
- [Cloud microsegmentation](https://www.tigera.io/learn/guides/cloud-security/cloud-microsegmentation/)
- [Container Security Tools](https://www.tigera.io/learn/guides/container-security-best-practices/container-security-tools/): Understand the importance of container security, and discover 7 open-source container security tools you can use today to start securing containerized applications.
- [Docker Security](https://www.tigera.io/learn/guides/container-security-best-practices/docker-security/): Understand the basics of Docker security, and learn about key risks facing your containers and simple best practices you can use today to improve container security.
- [Container Security](https://www.tigera.io/learn/guides/container-security-best-practices/): Container security involves the implementation and maintenance of security controls that protect containers and the underlying infrastructure.
- [Docker Container Monitoring](https://www.tigera.io/learn/guides/container-security-best-practices/docker-container-monitoring/): Learn how Docker container monitoring works, why monitoring is difficult in a containerized environment, and tips for success.
- [DevSecOps Best Practices](https://www.tigera.io/learn/guides/devsecops/devsecops-best-practices/): Learn about essential DevSecOps best practices that can make the transition to DevSecOps easier, more seamless, and more effective.
- [DevSecOps](https://www.tigera.io/learn/guides/devsecops/): DevSecOps, a portmanteau of Development, Security, and Operations, is an approach that integrates security practices within the DevOps process.
- [Shift Left Security](https://www.tigera.io/learn/guides/devsecops/shift-left-security/): A practical guide to implementing shift left security in your organization. Learn how to leverage automation and collaboration to improve security without slowing down development velocity.
- [DevSecOps Tools](https://www.tigera.io/learn/guides/devsecops/devsecops-tools/): Learn about DevSecOps tools that can help you add security to your entire infrastructure, from containers and cloud resources to verifying application security.
- [Zero Trust](https://www.tigera.io/learn/guides/zero-trust/): Learn about the zero trust security model, its key principles, how to build a zero trust architecture, and key technologies making zero trust possible
- [Kubernetes Networking](https://www.tigera.io/learn/guides/kubernetes-networking/): Learn about the Kubernetes networking model, common implementations, and key concepts like services, DNS, NAT, and dual stack.
- [Prometheus Kubernetes](https://www.tigera.io/learn/guides/prometheus-monitoring/prometheus-kubernetes/): Learn the pros and cons of Prometheus monitoring for Kubernetes, how Prometheus works, deploying Prometheus on Kubernetes, and important best practices.
- [Prometheus Metrics](https://www.tigera.io/learn/guides/prometheus-monitoring/prometheus-metrics/): Use "node_cpu_seconds_total" to count CPU usage, excluding idle time. Query: sum by (cpu)(rate(node_cpu_seconds_total{mode!="idle"}[5m]))*100 to get usage rate as a percentage.
- [Prometheus Monitoring](https://www.tigera.io/learn/guides/prometheus-monitoring/): Learn about key use cases for Prometheus monitoring, and understand how Prometheus works, key metrics, and best practices for using Prometheus effectively in your organization.
- [Kubernetes Security](https://www.tigera.io/learn/guides/kubernetes-security/): Concerns around Kubernetes security are mounting. Learn about Kubernetes security threats and tips for securing Kubernetes clusters.
- [Kubernetes Security Policy](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-security-policy/)
- [Kubernetes Vulnerability](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-vulnerability/)
- [eBPF XDP](https://www.tigera.io/learn/guides/ebpf/ebpf-xdp/): Learn how XDP enables fast traffic processing in eBPF, see use cases of XDP, and learn to write and load your first XDP program.
- [Kubernetes Vulnerability Scanning](https://www.tigera.io/learn/guides/kubernetes-security/kubernetes-vulnerability-scanning/): Kubernetes vulnerability scanning lets you identify security gaps in a Kubernetes cluster and remediate them. Discover 5 open source tools to scan your clusters.
- [eBPF: When (and when not) to use it](https://www.tigera.io/learn/guides/ebpf/ebpf-when-and-when-not-to-use-it/)
- [AKS Security](https://www.tigera.io/learn/guides/kubernetes-security/aks-security/): Learn about Azure Kubernetes Service (AKS) security concepts and features, and discover best practices that will help you secure your clusters.
- [eBPF](https://www.tigera.io/learn/guides/ebpf/): Learn how extended Berkeley Packet Filter (eBPF) lets you run programs directly on the Linux kernel with huge benefits for security, networking, and observability.
- [EKS Security](https://www.tigera.io/learn/guides/kubernetes-security/eks-security/): Discover 4 built-in Amazon EKS security features and 4 best practices you must know to ensure your EKS clusters are secure.
- [OpenShift Security](https://www.tigera.io/learn/guides/kubernetes-security/openshift-security/): OpenShift security refers to the set of practices, processes, and tools used to protect the Red Hat OpenShift Container Platform from potential threats and vulnerabilities
- [Networking Concepts](https://www.tigera.io/learn/guides/kubernetes-networking/networking-concepts/)
- [Kubernetes Network Policy](https://www.tigera.io/learn/guides/kubernetes-networking/kubernetes-networking-policy/)
- [Kubernetes Egress](https://www.tigera.io/learn/guides/kubernetes-networking/kubernetes-egress/)
- [Kubernetes Monitoring Tools](https://www.tigera.io/learn/guides/kubernetes-monitoring/kubernetes-monitoring-tools/): Learn why Kubernetes monitoring is important and discover 6 great open-source Kubernetes monitoring tools you can start using today.
- [Kubernetes Logging](https://www.tigera.io/learn/guides/kubernetes-monitoring/kubernetes-logging/): Learn what to log in Kubernetes, common technical approaches to Kubernetes logging, and best practices that can help you make the most of your logs.
- [Kubernetes Monitoring](https://www.tigera.io/learn/guides/kubernetes-monitoring/): Learn all about Kubernetes monitoring: important metrics you should track, tools like Prometheus, Grafana, and Jaeger, and best practices that will make Kubernetes monitoring a success.
- [Rethinking observability for Kubernetes](https://www.tigera.io/learn/guides/kubernetes-monitoring/rethinking-observability-for-kubernetes/)

## Resources
- [Secure, Scalable, and Compliant Kubernetes with SUSE Rancher Prime + Calico Enterprise](https://www.tigera.io/resource/secure-scalable-and-compliant-kubernetes-with-suse-rancher-prime-tigera-calico-enterprise/)
- [Egress Security Checklist](https://www.tigera.io/resource/egress-security-checklist/)
- [The Complete Guide to Kubernetes Egress Security](https://www.tigera.io/resource/the-complete-guide-to-kubernetes-egress-security/)
- [Calico &#8211; Business Value of a Single Unified Platform](https://www.tigera.io/resource/calico-business-value-of-a-single-unified-platform/)
- [Calico: Securing AI Workloads in Kubernetes](https://www.tigera.io/resource/calico-securing-ai-workloads-in-kubernetes/)
- [Calico for Network Security and Observability](https://www.tigera.io/resource/calico-for-network-security-and-observability/)
- [Scalable Security and DevSecOps with Calico’s Network Policy Model for Kubernetes](https://www.tigera.io/resource/scalable-security-and-devsecops-with-calicos-network-policy-model-for-kubernetes/)
- [Networking and Security with Red Hat OpenShift Virtualization and Calico](https://www.tigera.io/resource/networking-and-security-with-red-hat-openshift-virtualization-and-calico/)
- [LLM Security: Top 10 Risks and 5 Best Practices](https://www.tigera.io/resource/llm-security-top-10-risks-and-5-best-practices/)
- [Quick Guide to OWASP Top 10 LLM: Threats, Examples &#038; Prevention](https://www.tigera.io/resource/quick-guide-to-owasp-top-10-llm-threats-examples-prevention/)
- [Generative AI Security: 6 Critical Risks and Defending Your Organization](https://www.tigera.io/resource/generative-ai-security-6-critical-risks-and-defending-your-organization/)
- [7 Generative AI Security Risks and How to Defend Your Organization](https://www.tigera.io/resource/7-generative-ai-security-risks-and-how-to-defend-your-organization/)
- [Prompt Injection: Impact, How It Works, and 4 Defense Measures](https://www.tigera.io/resource/prompt-injection-impact-how-it-works-and-4-defense-measures/)
- [Buyer&#8217;s Guide: Calico vs Cilium for Kubernetes Users](https://www.tigera.io/resource/buyers-guide-calico-vs-cilium-for-kubernetes-users/)
- [Get full stack network security and observability for your Kubernetes workloads](https://www.tigera.io/resource/get-full-stack-network-security-and-observability-for-your-kubernetes-workloads/)
- [Universal Microsegmentation For Containers, VMs, and Bare Metal with Calico](https://www.tigera.io/resource/universal-microsegmentation-for-containers-vms-and-bare-metal-with-calico/)
- [Enhance Your Kubernetes Security Posture with Egress Access Controls](https://www.tigera.io/resource/enhance-your-kubernetes-security-posture-with-egress-access-controls/)
- [The Calico Advantage: How It Drives Business Success](https://www.tigera.io/resource/the-calico-advantage-how-it-drives-business-success/)
- [Calico for container networking and security](https://www.tigera.io/resource/calico-for-container-networking-and-security-2/)
- [eBPF Explained: Use Cases, Concepts, and Architecture](https://www.tigera.io/resource/ebpf-explained-use-cases-concepts-and-architecture/)
- [Observability and Troubleshooting for Kubernetes-native Workloads](https://www.tigera.io/resource/observability-and-troubleshooting-for-kubernetes-native-workloads/)
- [Calico for Container Networking and Security](https://www.tigera.io/resource/calico-for-container-networking-and-security/)
- [S&#038;P Global 451 Market Insight: Tigera Provides Most Comprehensive CNAPP](https://www.tigera.io/resource/sp-global-451-market-insight-tigera-provides-most-comprehensive-cnapp/)
- [Tigera named a leader in GigaOM’s Sonar Report for Container Networking](https://www.tigera.io/resource/tigera-named-a-leader-in-gigaoms-sonar-report-for-container-networking/)
- [Egress Gateway for Kubernetes](https://www.tigera.io/resource/egress-gateway-for-kubernetes/)
- [How leading financial institutions safeguard their Kubernetes deployments](https://www.tigera.io/resource/calico-for-financial-services-top-use-cases/)
- [The State of Calico Open Source: Usage &#038; Adoption](https://www.tigera.io/resource/the-state-of-calico-open-source-usage-adoption/)
- [Extending Fortinet Enterprise Security Into Kubernetes Environments](https://www.tigera.io/resource/extending-fortinet-enterprise-security-into-kubernetes-environments/)
- [Deutsch – Calico for Kubernetes Security](https://www.tigera.io/resource/deutsch-calico-for-kubernetes-security/)
- [Français – Calico for Kubernetes Security](https://www.tigera.io/resource/francais-calico-for-kubernetes-security/)
- [Español – Calico for Kubernetes Security](https://www.tigera.io/resource/espanol-calico-for-kubernetes-security/)
- [Deutsch – Calico Cloud: Plug-and-Play Active Container Security](https://www.tigera.io/resource/deutsch-calico-cloud-plug-and-play-active-container-security/)
- [Français – Calico Cloud: Plug-and-Play Active Container Security](https://www.tigera.io/resource/francais-calico-cloud-plug-and-play-active-container-security/)
- [Español – Calico Cloud: Plug-and-Play Active Container Security](https://www.tigera.io/resource/espanol-calico-cloud-plug-and-play-active-container-security/)
- [Deutsch – Zero-Trust Security for Red Hat OpenShift With Calico](https://www.tigera.io/resource/deutsch-zero-trust-security-for-red-hat-openshift-with-calico/)
- [Français – Zero-Trust Security for Red Hat OpenShift With Calico](https://www.tigera.io/resource/francais-zero-trust-security-for-red-hat-openshift-with-calico/)
- [Español – Zero-Trust Security for Red Hat OpenShift With Calico](https://www.tigera.io/resource/espanol-zero-trust-security-for-red-hat-openshift-with-calico/)
- [Amazon AWS: Calico for Container Networking and Security](https://www.tigera.io/resource/why-calico-cloud-with-amazon-eks/)
- [Microsoft Azure: Calico for Container Networking and Security](https://www.tigera.io/resource/why-calico-cloud-with-microsoft-aks/)
- [The definitive CNI Landscape Chart](https://www.tigera.io/resource/the-definitive-cni-landscape-chart/)
- [Zero-Trust Security for Red Hat OpenShift With Calico](https://www.tigera.io/resource/zero-trust-security-for-red-hat-openshift-with-calico/)
- [7 security best practices for DevOps managing containerized workloads in Microsoft AKS with Calico Cloud](https://www.tigera.io/resource/7-security-best-practices-for-devops-managing-containerized-workloads-in-microsoft-aks-with-calico-cloud/)
- [HIPAA Compliance for Host, VMs, Containers, and Kubernetes](https://www.tigera.io/resource/hipaa-compliance-for-host-vms-containers-and-kubernetes/)
- [Create a multi-cluster mesh with Calico to operate Kubernetes at scale](https://www.tigera.io/resource/create-a-multi-cluster-mesh-with-calico-to-operate-kubernetes-at-scale/)
- [Definitive Guide to Container Security and Observability](https://www.tigera.io/resource/definitive-guide-to-container-networking-security-and-troubleshooting/)
- [7 Security Best Practices for DevOps Managing Workloads in EKS](https://www.tigera.io/resource/7-security-best-practices-for-devops-managing-workloads-in-eks/)
- [Zero-Trust for Cloud-Native Workloads Maturity Assessment](https://www.tigera.io/resource/zero-trust-for-cloud-native-workloads-maturity-assessment/)
- [Zero Trust Guide for Cloud-Native Workloads](https://www.tigera.io/resource/zero-trust-guide-for-cloud-native-workloads/)
- [Market report: The state of cloud-native security 2022](https://www.tigera.io/resource/market-report-the-state-of-cloud-native-security-2022/)
- [A visual guide to Calico eBPF Data Plane Validation](https://www.tigera.io/resource/a-visual-guide-to-calico-ebpf-data-plane-validation/)
- [Love Calico Open Source. Know what more you can do with Calico Cloud](https://www.tigera.io/resource/love-calico-open-source-there-is-more/)
- [Security and observability for containers and Kubernetes: Quickstart guide for Fintech companies](https://www.tigera.io/resource/security-and-observability-for-containers-and-kubernetes-quickstart-guide-for-fintech-companies/)
- [Microsegmentation](https://www.tigera.io/resource/microsegmentation/)
- [Unlock the Power of Microsegmentation with Calico](https://www.tigera.io/resource/implement-microsegmentation-for-cloud-native-workloads/)
- [Meet the powerful, versatile Calico eBPF data plane!](https://www.tigera.io/resource/meet-the-powerful-versatile-calico-ebpf-data-plane/)
- [Calico Product Offerings](https://www.tigera.io/resource/calico-product-offerings/)
- [Purpose-built, full-stack observability for microservices and containers](https://www.tigera.io/resource/purpose-built-full-stack-observability-for-microservices-and-containers/)
- [Company Onepager](https://www.tigera.io/resource/company-onepager/)
- [Best practices: Workload access controls for containers &#038; Kubernetes](https://www.tigera.io/resource/best-practices-workload-access-controls-for-containers-kubernetes/)
- [SOC 2 Security Compliance for Hosts, VMs, Containers and Kubernetes](https://www.tigera.io/resource/soc2-kubernetes/)
- [PCI compliance for Host, VMs, containers, and Kubernetes](https://www.tigera.io/resource/pci-compliance-for-host-vms-containers-and-kubernetes/)
- [O’Reilly eBook: Kubernetes Security and Observability](https://www.tigera.io/resource/oreilly-ebook-kubernetes-security-and-observability/)
- [Calico Cloud &#8211; Security and Observability as Code](https://www.tigera.io/resource/calico-cloud-security-and-observability-as-code/)
- [Calico Cloud &#8211; Observability and Troubleshooting](https://www.tigera.io/resource/calico-cloud-observability-and-troubleshooting/)
- [Calico Cloud &#8211; Enterprise Security and Compliance](https://www.tigera.io/resource/calico-cloud-enterprise-security-and-compliance/)
- [Calico Cloud &#8211; NorthSouth and EastWest Controls](https://www.tigera.io/resource/calico-cloud-northsouth-and-eastwest-controls/)
- [Mirantis and Tigera Whitepaper: Kubernetes Enterprise Security Checklist](https://www.tigera.io/resource/mirantis-and-tigera-whitepaper-kubernetes-enterprise-security-checklist-2/)
- [eBook: Introduction to Kubernetes Networking and Security](https://www.tigera.io/resource/introduction-to-kubernetes-networking/)
- [How Calico Enterprise Extends FortiGate NGFWs to Kubernetes](https://www.tigera.io/resource/how-calico-enterprise-extends-fortigate-ngfws-to-kubernetes/)
- [Calico Open Source: Architecture &#038; networking fundamentals](https://www.tigera.io/resource/tigera-calico-architecture-networking-fundamentals/)
- [Network security and compliance for Kubernetes on AWS](https://www.tigera.io/resource/network-security-and-compliance-for-kubernetes-on-aws/)
- [Five Best Practices for Kubernetes Network Security and Compliance](https://www.tigera.io/resource/five-best-practices-for-kubernetes-network-security-and-compliance/)
- [Istio Architectural Overview &#8211; Diving into the Control Plane](https://www.tigera.io/resource/istio-architectural-overview-diving-into-the-control-plane/)
- [Istio Service Mesh: Use Cases and Deployment Scenarios](https://www.tigera.io/resource/istio-service-mesh-use-cases-and-deployment-scenarios/)
- [Simplifying Policy Enforcement Across Heterogeneous Workloads](https://www.tigera.io/resource/simplifying-policy-enforcement-across-heterogeneous-workloads/)
- [Keynote: Progress Towards Zero Trust Kubernetes Networks](https://www.tigera.io/resource/keynote-progress-towards-zero-trust-kubernetes-networks/)
- [Achieving Simplicity and Scale for Your Application Connectivity Infrastructure](https://www.tigera.io/resource/simplicity-scale-application-connectivity-infrastructure/)
- [Achieving Compliance and Organizational Alignment with Hierarchical Policy](https://www.tigera.io/resource/achieving-compliance-and-organizational-alignment-with-hierarchical-policy/)
- [Project Istio Documentation](https://www.tigera.io/resource/project-istio-documentation/)
- [Project Flannel Documentation](https://www.tigera.io/resource/project-flannel-documentation/)

## Blog Posts
- [5 Reasons to Switch to the Calico Ingress Gateway (and How to Migrate Smoothly)](https://www.tigera.io/blog/5-reasons-to-switch-to-the-calico-ingress-gateway-and-how-to-migrate-smoothly/): Learn the top reasons to migrate to the Calico Ingress Gateway and how it offers a seamless path from Ingress NGINX.
- [A Detailed Look at the Calico Ingress Gateway](https://www.tigera.io/blog/a-detailed-look-at-the-calico-ingress-gateway/): Explore the Calico Ingress Gateway as a secure and modern alternative for managing Kubernetes traffic after Ingress NGINX retirement.
- [Securing Kubernetes Traffic with Calico Ingress Gateway](https://www.tigera.io/blog/securing-kubernetes-traffic-with-calico-ingress-gateway/): The NGINX Ingress controller is retiring in 2026. Learn why you should migrate to the Kubernetes Gateway API.
- [Introducing Calico AI and Istio Ambient Mode](https://www.tigera.io/blog/tigera-news-kubecon-2025/): Learn how Calico Istio Ambient Mode incorporates service mesh features to improve performance and security in Kubernetes environments.
- [Calico at CalicoCon, KubeCon + CloudNativeCon North America 2025!](https://www.tigera.io/blog/calico-at-kubecon-cloudnativecon-north-america-2025/): Join Calico at KubeCon + CloudNativeCon North America 2025! Attend CalicoCon, connect at our Happy Hour, and explore the latest in Kubernetes networking.
- [What’s New in Calico &#8211; Fall 2025 Release](https://www.tigera.io/blog/whats-new-in-calico-fall-2025-release/): Explore the exciting features of the Calico Fall 2025 Release with enhancements to resilience, performance, and visibility across Kubernetes, VMs, and bare metal.
- [Zero-Trust with Zero-Friction eBPF in Calico v3.31](https://www.tigera.io/blog/zero-trust-with-zero-friction-ebpf-in-calico-v3-31/): Discover how eBPF in Calico v3.31 removes installation hurdles, making deployment easier than ever for users and operators.
- [Calico Whisker in Action: Reading and Understanding Policy Traces](https://www.tigera.io/blog/calico-whisker-in-action-reading-and-understanding-policy-traces/): Explore how Calico Whisker helps teams visualize and refine Kubernetes network policies using real-time policy traces.
- [5 Essential Steps to Strengthen Kubernetes Egress Security](https://www.tigera.io/blog/5-essential-steps-to-strengthen-kubernetes-egress-security/): Enhance your Kubernetes egress security with five essential steps to protect data and control outbound traffic effectively.
- [What&#8217;s New in Calico v3.31: eBPF, NFTables, and More](https://www.tigera.io/blog/whats-new-in-calico-v3-31-ebpf-nftables-and-more/): Explore the Calico v3.31 release featuring new installation simplifications, improved UI, and enhanced performance.
- [When to Use BGP, VXLAN, or IP-in-IP: A Practical Guide for Kubernetes Networking](https://www.tigera.io/blog/when-to-use-bgp-vxlan-or-ip-in-ip-a-practical-guide-for-kubernetes-networking/): Explore Kubernetes networking modes and their impact on pod communication, performance, and scalability in your cluster.
- [How NRP Scales Global Scientific Research with Calico](https://www.tigera.io/blog/how-nrp-scales-global-scientific-research-with-calico/): Explore Calico Open Source at National Research Platform and its role in global high-performance computing and networking.
- [How to Deploy Calico Whisker and Goldmane in Manifest Only Setups](https://www.tigera.io/blog/how-to-deploy-whisker-and-goldmane-in-manifest-only-calico-setups/): Learn how to deploy Whisker and Goldmane manually in Calico without Helm or the Tigera operator using Kubernetes manifests.
- [SUSE and Tigera: Empowering Secure, Scalable Kubernetes with Calico Enterprise](https://www.tigera.io/blog/suse-and-tigera-empowering-secure-scalable-kubernetes-with-calico-enterprise/): Secure and scale your enterprise Kubernetes workloads with the powerful combination of Calico Enterprise and SUSE Rancher Prime.
- [How to Connect Nested KubeVirt Clusters with Calico and BGP Peering](https://www.tigera.io/blog/how-to-connect-nested-kubevirt-clusters-with-calico-and-bgp-peering/): Learn how to configure Calico BGP peering to seamlessly integrate nested Kubernetes clusters running in KubeVirt into your physical network, ensuring consistent, high-performance connectivity.
- [Kubernetes Observability: Your Q&#038;A Guide to Calico Whisker](https://www.tigera.io/blog/kubernetes-observability-your-qa-guide-to-calico-whisker/): Explore the Calico Whisker Q&A to master network traffic visibility in Kubernetes. Get answers to your pressing questions.
- [Calico Whisker vs. Traditional Observability: Why Context Matters in Kubernetes Networking](https://www.tigera.io/blog/calico-whisker-vs-traditional-observability-why-context-matters-in-kubernetes-networking/): Discover Calico Whisker: a game-changer for Kubernetes networking that simplifies visibility and enhances troubleshooting.
- [Securing AI Workloads in Kubernetes: Why Traditional Network Security Isn&#8217;t Enough](https://www.tigera.io/blog/securing-ai-workloads-in-kubernetes-why-traditional-network-security-isnt-enough/): Traditional network security models fall short when it comes to securing AI workloads in Kubernetes. Learn how to address new attack vectors and protect your mission-critical AI infrastructure with granular network security controls.
- [Navigating DORA with Calico: Strengthening Kubernetes Operational Resilience in Financial Services](https://www.tigera.io/blog/navigating-dora-with-calico-strengthening-kubernetes-operational-resilience-in-financial-services/): Learn how to navigate DORA compliance for Kubernetes. Strengthen your financial institution’s digital resilience with Calico’s network security, observability, and automated reporting.
- [Calico Egress Gateway: A Cost-Effective NAT for Kubernetes](https://www.tigera.io/blog/calico-egress-gateway-a-cost-effective-nat-for-kubernetes/): Reduce cloud costs and gain control over Kubernetes networking. Learn how Calico Egress Gateway provides a cost-effective alternative to cloud NAT gateways, giving your pods static IPs for secure, outbound traffic.
- [What&#8217;s New in Calico &#8211; Summer 2025](https://www.tigera.io/blog/whats-new-in-calico-summer-2025/): Calico’s Summer 2025 update introduces major new capabilities to simplify and strengthen Kubernetes security and observability. Highlights include policy recommendations that are now available in Calico Cloud Free Tier, to help teams easily isolate namespaces based on real traffic analysis.
- [How 1&#038;1 Mail &#038; Media Scaled Kubernetes Networking with eBPF and Calico](https://www.tigera.io/blog/how-11-mail-media-scaled-kubernetes-networking-with-ebpf-and-calico/)
- [Top 5 Kubernetes Network Issues You Can Catch Early with Calico Whisker](https://www.tigera.io/blog/top-5-kubernetes-network-issues-you-can-catch-early-with-calico-whisker/)
- [Kubernetes Is Powerful, But Not Secure (at least not by default)](https://www.tigera.io/blog/kubernetes-is-powerful-but-not-secure-at-least-not-by-default/)
- [Dry Run: Your Kubernetes network policies with Calico staged network policies](https://www.tigera.io/blog/dry-run-your-kubernetes-network-policies-with-calico-staged-network-policies/)
- [Calico Whisker &#038; Staged Network Policies: Secure Kubernetes Workloads Without Downtime](https://www.tigera.io/blog/calico-whisker-staged-network-policies-secure-kubernetes-workloads-without-downtime/)
- [A Detailed Look at Calico Cloud Free Tier](https://www.tigera.io/blog/a-detailed-look-at-calico-cloud-free-tier/)
- [Switching to eBPF One Step at a Time with Calico DNS Inline Policy](https://www.tigera.io/blog/switching-to-ebpf-one-step-at-a-time-with-calico-dns-inline-policy/)
- [Secure and Scalable Kubernetes for Multi-Cluster Management](https://www.tigera.io/blog/secure-and-scalable-kubernetes-for-multi-cluster-management/)
- [Is It Time to Migrate? A Practical Look at Kubernetes Ingress vs. Gateway API](https://www.tigera.io/blog/is-it-time-to-migrate-a-practical-look-at-kubernetes-ingress-vs-gateway-api/)
- [Why we need a unified approach to Kubernetes environments](https://www.tigera.io/blog/why-we-need-a-unified-approach-to-kubernetes-environments/)
- [What’s New in Calico: Spring 2025](https://www.tigera.io/blog/whats-new-in-calico-spring-2025/): Calico Cloud Free Tier provides enhanced observability and policy management capabilities to help visualize and troubleshoot workload communication, and simplify network security enforcement and microsegmentation.
- [Recap: KubeCon + CloudNativeCon Europe 2025](https://www.tigera.io/blog/recap-kubecon-cloudnativecon-europe-2025/)
- [How to get started with Calico Observability features](https://www.tigera.io/blog/how-to-get-started-with-calico-observability-features/)
- [Calico Open Source 3.30: Exploring the Goldmane API for custom Kubernetes Network Observability](https://www.tigera.io/blog/calico-open-source-3-30-exploring-the-goldmane-api-for-custom-kubernetes-network-observability/)
- [Calico Whisker, Your New Ally in Network Observability](https://www.tigera.io/blog/calico-whisker-your-new-ally-in-network-observability/)
- [Introducing Calico 3.30: A New Era of Open Source Network Security and Observability for Kubernetes](https://www.tigera.io/blog/introducing-calico-3-30-a-new-era-of-open-source-network-security-and-observability-for-kubernetes/): Stay updated with the Calico 3.30 Open Source Release, a leading solution powering millions of Kubernetes nodes globally.
- [How Calico Network Security Works](https://www.tigera.io/blog/how-calico-network-security-works/)
- [Calico eBPF Source IP Preservation: The Unexpected Story of High Tail Latency](https://www.tigera.io/blog/calico-ebpf-source-ip-preservation-the-unexpected-story-of-high-tail-latency/)
- [Calico at KubeCon + CloudNativeCon Europe 2025](https://www.tigera.io/blog/calico-at-kubecon-cloudnativecon-europe-2025/)
- [High-Performance Kubernetes Networking with Calico eBPF](https://www.tigera.io/blog/high-performance-kubernetes-networking-with-calico-ebpf/)
- [What’s New in Calico: Winter 2025](https://www.tigera.io/blog/whats-new-in-calico-winter-2025/)
- [Ensuring Optimal Kubernetes Cluster Health with Calico Observability](https://www.tigera.io/blog/ensuring-optimal-kubernetes-cluster-health-with-calico-observability/)
- [Kubernetes Network Security at Scale: Troubleshooting, Visibility &#038; Compliance with Calico](https://www.tigera.io/blog/kubernetes-network-security-at-scale-troubleshooting-visibility-compliance-with-calico/)
- [Securely Deploying &#038; Running Multiple Tenants on Kubernetes](https://www.tigera.io/blog/securely-deploying-running-multiple-tenants-on-kubernetes/)
- [How Calico Network Threat Detection Works](https://www.tigera.io/blog/how-calico-network-threat-detection-works/)
- [Kubernetes Security in 2025: The De Facto Platform of GenAI Applications](https://www.tigera.io/blog/kubernetes-security-in-2025-the-de-facto-platform-of-genai-applications/)
- [Introducing Low-Latency DNS Policy with eBPF in Calico Enterprise](https://www.tigera.io/blog/introducing-low-latency-dns-policy-with-ebpf-in-calico-enterprise/)
- [How Kubernetes Simplifies Configuration Security](https://www.tigera.io/blog/how-kubernetes-simplifies-configuration-security/)
- [How Calico Configuration Security Works](https://www.tigera.io/blog/how-calico-configuration-security-works/)
- [What’s New in Calico 3.29](https://www.tigera.io/blog/whats-new-in-calico-3-29/)
- [Optimizing Kubernetes DNS with NodeLocal DNSCache and Calico eBPF: A Practitioner’s Guide](https://www.tigera.io/blog/optimizing-kubernetes-dns-with-nodelocal-dnscache-and-calico-ebpf-a-practitioners-guide/)
- [How to Interconnect Security Risks for Robust Prevention and Risk Mitigation](https://www.tigera.io/blog/how-to-interconnect-security-risks-for-robust-prevention-and-risk-mitigation/)
- [The Crucial Network Security Guardrails for Ensuring GenAI Success](https://www.tigera.io/blog/the-crucial-network-security-guardrails-for-ensuring-genai-success/)
- [What’s New in Calico: Fall 2024 Enhancements for Kubernetes Networking and Security](https://www.tigera.io/blog/whats-new-in-calico-fall-2024-enhancements-for-kubernetes-networking-and-security/)
- [How Kubernetes Changes the Vulnerability Management Ball Game](https://www.tigera.io/blog/how-kubernetes-changes-the-vulnerability-management-ball-game/)
- [How Calico Helps with PCI Compliance for Containers and Kubernetes](https://www.tigera.io/blog/how-calico-helps-with-pci-compliance-for-containers-and-kubernetes/)
- [Interconnect Security Risks to Protect Your Kubernetes Environment](https://www.tigera.io/blog/interconnect-security-risks-to-protect-your-kubernetes-environment/)
- [Why Kubernetes is removing in-tree cloud-provider integration support in v1.31, and how it can affect you](https://www.tigera.io/blog/why-kubernetes-is-removing-in-tree-cloud-provider-integration-support-in-v1-31-and-how-it-can-affect-you/)
- [How to Derive Value from GenAI Application Development &#038; Deployment Without Compromising on Security](https://www.tigera.io/blog/how-to-derive-value-from-genai-application-development-deployment-without-compromising-on-security/)
- [Standalone Service Mesh Solution or Lightweight Option: Which is Right for You?](https://www.tigera.io/blog/standalone-service-mesh-solution-or-lightweight-option-which-is-right-for-you/)
- [Calico at KubeCon + CloudNativeCon North America 2024](https://www.tigera.io/blog/calico-at-kubecon-cloudnativecon-north-america-2024/)
- [What&#8217;s New in Calico Cloud Summer 2024 Release](https://www.tigera.io/blog/whats-new-in-calico-cloud-summer-2024-release/)
- [Calico monthly roundup: August 2024](https://www.tigera.io/blog/calico-monthly-roundup-august-2024/)
- [Advantages of Calico&#8217;s DNS Policy Implementation over Cilium&#8217;s DNS Policy Implementation](https://www.tigera.io/blog/advantages-of-calicos-dns-policy-implementation-over-ciliums-dns-policy-implementation/)
- [Calico monthly roundup: July 2024](https://www.tigera.io/blog/calico-monthly-roundup-july-2024/)
- [Native Kubernetes cluster mesh with Calico](https://www.tigera.io/blog/native-kubernetes-cluster-mesh-with-calico/)
- [eBPF: Enabling Security and Performance to Co-Exist](https://www.tigera.io/blog/ebpf-enabling-security-and-performance-to-co-exist/)
- [Universal Microsegmentation for VMs and Containers](https://www.tigera.io/blog/universal-microsegmentation-for-vms-and-containers/)
- [Calico monthly roundup: June 2024](https://www.tigera.io/blog/calico-monthly-roundup-june-2024/)
- [Kubernetes network policies: 4 pain points and how to address them](https://www.tigera.io/blog/kubernetes-network-policies-4-pain-points-and-how-to-address-them/)
- [How to Address Kubernetes Risks and Vulnerabilities Head-on](https://www.tigera.io/blog/how-to-address-kubernetes-risks-and-vulnerabilities-head-on/)
- [Calico monthly roundup: May 2024](https://www.tigera.io/blog/calico-monthly-roundup-may-2024/)
- [Network observability in Kubernetes clusters for better security and faster troubleshooting](https://www.tigera.io/blog/network-observability-in-kubernetes-clusters-for-better-security-and-faster-troubleshooting/)
- [Container Security: Protect your data with Calico Egress Access Controls](https://www.tigera.io/blog/container-security-protect-your-data-with-calico-egress-access-controls/)
- [Modern Egress Gateway: Assign stable IPs to traffic leaving Kubernetes clusters](https://www.tigera.io/blog/modern-egress-gateway-assign-stable-ips-to-traffic-leaving-kubernetes-clusters/)
- [What&#8217;s new in Calico – Spring 2024](https://www.tigera.io/blog/whats-new-in-calico-spring-2024/)
- [What is new in Calico 3.28](https://www.tigera.io/blog/what-is-new-in-calico-3-28/)
- [Amazon EKS networking options](https://www.tigera.io/blog/amazon-eks-networking-options/)
- [3 observability best practices for improved security in cloud-native applications](https://www.tigera.io/blog/3-observability-best-practices-for-improved-security-in-cloud-native-applications/)
- [Enhancing Kubernetes network security with microsegmentation: A strategic approach](https://www.tigera.io/blog/enhancing-kubernetes-network-security-with-microsegmentation-a-strategic-approach/)
- [What is platform engineering and when should you invest in it?](https://www.tigera.io/blog/what-is-platform-engineering-and-when-should-you-invest-in-it/)
- [Prevent Data Exfiltration in Kubernetes: The Critical Role of Egress Access Controls](https://www.tigera.io/blog/prevent-data-exfiltration-in-kubernetes-the-critical-role-of-egress-access-controls/)
- [Recap: KubeCon + CloudNativeCon EU + CalicoCon 2024](https://www.tigera.io/blog/recap-kubecon-cloudnativecon-eu-2024/)
- [What&#8217;s new in Calico – Winter 2023](https://www.tigera.io/blog/whats-new-in-calico-winter-2023/)
- [Calico monthly roundup: January 2024](https://www.tigera.io/blog/calico-monthly-roundup-january-2024/)
- [Join us at CalicoCon 2024, co-located with KubeCon + CloudNativeCon Europe 2024](https://www.tigera.io/blog/join-us-at-calicocon-2024-co-located-with-kubecon-cloudnativecon-europe-2024/)
- [Tigera Closes Out 2023 with Significant Momentum for Calico as Demand for Container Security Accelerates](https://www.tigera.io/blog/tigera-closes-out-2023-with-significant-momentum-for-calico-as-demand-for-container-security-accelerates/)
- [Cisco Acquires Isovalent: A Big Win for Cloud-Native Network Security and a Validation of Tigera&#8217;s Vision](https://www.tigera.io/blog/cisco-acquires-isovalent-a-big-win-for-cloud-native-network-security-and-a-validation-of-tigeras-vision/)
- [Calico monthly roundup: December 2023](https://www.tigera.io/blog/calico-monthly-roundup-december-2023/)
- [Calico monthly roundup: November 2023](https://www.tigera.io/blog/calico-monthly-roundup-november-2023/)
- [Tigera has achieved AWS Security Competency status!](https://www.tigera.io/blog/tigera-has-achieved-aws-security-competency-status/)
- [Recap: KubeCon + CloudNativeCon NA 2023](https://www.tigera.io/blog/recap-kubecon-cloudnativecon-na-2023/)
- [Calico monthly roundup: October 2023](https://www.tigera.io/blog/calico-monthly-roundup-october-2023/)
- [Calico monthly roundup: September 2023](https://www.tigera.io/blog/calico-monthly-roundup-september-2023/)
- [Transforming Container Network Security with Calico Container Firewall](https://www.tigera.io/blog/transforming-container-network-security-with-calico-container-firewall/)
- [Calico monthly roundup: August 2023](https://www.tigera.io/blog/calico-monthly-roundup-august-2023/)
- [New report: The state of Calico Open Source 2023](https://www.tigera.io/blog/new-report-the-state-of-calico-open-source-2023/)
- [Integrating Calico statistics with Prometheus](https://www.tigera.io/blog/integrating-calico-statistics-with-prometheus/)
- [Calico monthly roundup: July 2023](https://www.tigera.io/blog/calico-monthly-roundup-july-2023/)
- [Automated namespace isolation with Calico](https://www.tigera.io/blog/automated-namespace-isolation-with-calico/)
- [Using Web Application Firewall at container-level for network-based threats](https://www.tigera.io/blog/using-web-application-firewall-at-container-level-for-network-based-threats/)
- [Exploring AKS networking options](https://www.tigera.io/blog/exploring-aks-networking-options/)
- [Cybernews Expert Interview with Tigera President and CEO, Ratan Tipirneni](https://www.tigera.io/blog/cybernews-expert-interview-with-tigera-president-and-ceo-ratan-tipirneni/)
- [Preventing Vulnerable Container Deployments with Admission Control](https://www.tigera.io/blog/preventing-vulnerable-container-deployments-with-admission-control/)
- [Optimizing Network Performance using Topology Aware Routing with Calico eBPF and Standard Linux data plane](https://www.tigera.io/blog/optimizing-network-performance-using-topology-aware-routing-with-calico-ebpf-and-standard-linux-dataplane/)
- [Implementing workload-centric Web Application Firewall (WAF) using Calico](https://www.tigera.io/blog/implementing-workload-centric-web-application-firewall-waf-using-calico/)
- [Build and secure multi-cluster CockroachDB using the Calico clustermesh: A step-by-step guide](https://www.tigera.io/blog/build-and-secure-multi-cluster-cockroachdb-using-the-calico-clustermesh-a-step-by-step-guide/)
- [Audit and Compliance with Calico](https://www.tigera.io/blog/audit-and-compliance-with-calico/)
- [Turbocharging host workloads with Calico eBPF and XDP](https://www.tigera.io/blog/turbocharging-host-workloads-with-calico-ebpf-and-xdp/)
- [Calico monthly roundup: June 2023](https://www.tigera.io/blog/calico-monthly-roundup-june-2023/)
- [Leveraging Calico flow logs for enhanced observability](https://www.tigera.io/blog/leveraging-calico-flow-logs-for-enhanced-observability/)
- [How to Detect and Stop Ddos Attacks in a Kubernetes Environment](https://www.tigera.io/blog/how-to-detect-and-stop-ddos-attacks-in-a-kubernetes-environment/)
- [Case study: Calico helps Upwork migrate legacy system to Kubernetes on AWS and enforce zero-trust security](https://www.tigera.io/blog/case-study-calico-helps-upwork-migrate-legacy-system-to-kubernetes-on-aws-and-enforce-zero-trust-security/)
- [How to secure Kubernetes workloads using Calico DNS Security Policy](https://www.tigera.io/blog/how-to-secure-kubernetes-workloads-using-calico-dns-security-policy/)
- [Case study: Calico enables HanseMerkur to reduce infrastructure overhead and achieve ISO 27001 compliance](https://www.tigera.io/blog/case-study-calico-enables-hansemerkur-to-reduce-infrastructure-overhead-and-achieve-iso-27001-compliance/)
- [Secure egress access with DNS Policy and NetworkSets](https://www.tigera.io/blog/secure-egress-access-with-dns-policy-and-networksets/)
- [What you can&#8217;t do with Kubernetes network policies (unless you use Calico): TLS Encryption](https://www.tigera.io/blog/technical-blog-what-you-cant-do-with-kubernetes-network-policies-unless-you-use-calico-tls-encryption/)
- [How to secure the cluster in an air gap environment with Calico Cloud](https://www.tigera.io/blog/how-to-secure-the-cluster-in-an-air-gap-environment-with-calico-cloud/)
- [Case study: Calico enables zero-trust security and policy automation at scale in a multi-cluster environment for Box](https://www.tigera.io/blog/case-study-calico-enables-zero-trust-security-and-policy-automation-at-scale-in-a-multi-cluster-environment-for-box/)
- [DNS observability and troubleshooting for Kubernetes and containers with Calico](https://www.tigera.io/blog/dns-observability-and-troubleshooting-for-kubernetes-and-containers-with-calico/)
- [Visualizing service connectivity, dependencies, and traffic flows in Kubernetes clusters](https://www.tigera.io/blog/visualizing-service-connectivity-dependencies-and-traffic-flows-in-kubernetes-clusters/): Learn why and how you can visualize service connectivity, dependencies and traffic flows in Kubernetes clusters.
- [What’s new in Calico v3.26](https://www.tigera.io/blog/whats-new-in-calico-v3-26/): Calico v3.26 is here! This latest milestone brings exciting updates and enhancements that we're excited to share with the Calico community.
- [Encryption in container environments](https://www.tigera.io/blog/encryption-in-container-environments/)
- [Calico monthly roundup: May 2023](https://www.tigera.io/blog/calico-monthly-roundup-may-2023/)
- [How doNotTrack policies work in the Calico eBPF data plane](https://www.tigera.io/blog/how-donottrack-policies-work-in-the-calico-ebpf-dataplane/)
- [Case study: Calico on AWS enables turnkey networking and security for Rafay’s enterprise-grade Kubernetes Operations Platform](https://www.tigera.io/blog/case-study-calico-on-aws-enables-turnkey-networking-and-security-for-rafays-enterprise-grade-kubernetes-operations-platform/): In partnership with AWS and Tigera, Rafay shares how it leveraged Calico on AWS to secure its turnkey offering in an exclusive case study.
- [Achieving high availability (HA) Redis Kubernetes clusters with Calico Clustermesh in Microsoft AKS](https://www.tigera.io/blog/achieving-high-availabilityha-redis-kubernetes-clusters-with-calico-clustermesh-in-microsoft-aks/): Learn how you can keep High Availability Redis for microservices to consume across different regions in multiple clusters with Calico.
- [Make your FortiGate firewalls work with Kubernetes: How Calico enables Fortinet firewalls to secure Kubernetes workloads](https://www.tigera.io/blog/make-your-fortigate-firewalls-work-with-kubernetes-how-calico-enables-fortinet-firewalls-to-secure-kubernetes-workloads/): Learn about Calico’s integration with Fortinet’s FortiGate and FortiManager solutions to extend the firewall capability to Kubernetes.
- [Case study: Calico Enterprise empowers Aldagi to achieve EU GDPR compliance](https://www.tigera.io/blog/case-study-calico-enterprise-empowers-aldagi-to-achieve-eu-gdpr-compliance/): Learn how Georgia's largest insurance company, Aldagi, deployed Tigera's active container security solution, Calico, to achieve EU GDPR compliance.
- [Kubernetes network security foundations: Get started on building your Kubernetes network security policies with Calico!](https://www.tigera.io/blog/kubernetes-network-security-foundations-get-started-on-building-your-kubernetes-network-security-policies-with-calico/): Dive into the world of Kubernetes network security and learn how to protect your organization's valuable assets.
- [Detect malicious activity and protect your containerized workloads in Amazon EKS or AWS](https://www.tigera.io/blog/detect-malicious-activity-and-protect-your-containerized-workloads-in-amazon-eks-or-aws/): In this blog, we will go through a scenario where an attacker compromises a public-facing application and gains a foothold in the network of an application.
- [How to integrate Calico Image Scanner with Argo CI/CD](https://www.tigera.io/blog/how-to-integrate-calico-image-scanner-with-argo-ci-cd/): Keep your images safe from CVEs by integrating the Calico Image Scanner into your CI/CD pipeline using Argo.
- [Tigera named as one of Forbes America’s Best Startup Employers in 2023](https://www.tigera.io/blog/tigera-named-as-one-of-forbes-americas-best-startup-employers-in-2023/): Tigera is proud to announce that we have been named one of America’s Best Startup Employers 2023 by Forbes!
- [Overcoming Security Gaps with Active Vulnerability Management](https://www.tigera.io/blog/overcoming-security-gaps-with-active-vulnerability-management/): It's impossible to remove all threats and risks from your containerized application. But you can actively prevent, mitigate, and protect your environment.
- [Monitoring Kubernetes clusters activity with Azure Managed Grafana and Calico](https://www.tigera.io/blog/monitoring-kubernetes-clusters-activity-with-azure-managed-grafana-and-calico/)
- [Community Spotlight series: Calico Open Source user insights from Saurabh Mishra](https://www.tigera.io/blog/community-spotlight-series-calico-open-source-user-insights-from-saurabh-mishra/)
- [RSAC 2023 interview: Tigera talks cloud-native security on theCUBE](https://www.tigera.io/blog/rsac-2023-interview-tigera-talks-cloud-native-security-on-thecube/): Utpal Bhatt talks cloud-native security with SiliconANGLE & theCUBE host John Furrier at RSAC 2023.
- [What you can&#8217;t do with Kubernetes network policies (unless you use Calico)](https://www.tigera.io/blog/what-you-cant-do-with-kubernetes-network-policies-unless-you-use-calico/)
- [Using Calico Egress gateway and access controls to secure traffic](https://www.tigera.io/blog/using-calico-egress-gateway-and-access-controls-to-secure-traffic/)
- [Calico&#8217;s 3.26.0 update unlocks high density vertical scaling in Kubernetes](https://www.tigera.io/blog/calicos-3-26-0-update-unlocks-high-density-vertical-scaling-in-kubernetes/)
- [Tigera Named Winner of the Esteemed Global InfoSec Awards during RSA Conference 2023](https://www.tigera.io/blog/tigera-named-winner-of-the-esteemed-global-infosec-awards-during-rsa-conference-2023/)
- [Leveraging Calico policy recommender for Kubernetes clusters](https://www.tigera.io/blog/leveraging-security-policy-recommender-to-tighten-your-clusters-security-posture/)
- [Hands-on guide: How to scan and block container images to mitigate SBOM attacks](https://www.tigera.io/blog/hands-on-guide-how-to-scan-and-block-container-images-to-mitigate-sbom-attacks/): SBOM attacks are on the rise. Learn how you can scan and block vulnerable container images using Calico and mitigate SBOM attacks.
- [White paper: Addressing the MITRE ATT&amp;CK framework for containers using Calico](https://www.tigera.io/blog/white-paper-addressing-the-mitre-attck-framework-for-containers-using-calico/): To help organizations stay ahead of attackers, Tigera recently released a white paper based on the MITRE ATT&CK containers matrix.
- [What is SOC 2 and how do you achieve SOC 2 compliance for containers and Kubernetes?](https://www.tigera.io/blog/what-is-soc-2-and-how-do-you-achieve-soc-2-compliance-for-containers-and-kubernetes/): Learn what SOC 2 is and how you can apply it to containers and Kubernetes using Calico Cloud.
- [Project Calico wants to hear from you! The 2023 Calico Open Source Adoption Survey](https://www.tigera.io/blog/project-calico-wants-to-hear-from-you-the-2023-calico-open-source-adoption-survey/): We’ve created the 2023 Calico Open Source Adoption Survey, a quick survey designed specifically to help us gather your feedback and insights.
- [Introducing Calico Runtime Threat Defense—The most extensive security coverage for containers and Kubernetes](https://www.tigera.io/blog/introducing-calico-runtime-threat-defense-the-most-extensive-security-coverage-for-containers-and-kubernetes/): Tigers provides a simple plug-and-play active security solution that focuses on securing workloads and the Kubernetes platform.
- [4 ways to leverage existing kernel security features to set up process monitoring](https://www.tigera.io/blog/4-ways-to-leverage-existing-kernel-security-features-to-set-up-process-monitoring/)
- [Meet Calico at KubeCon EU 2023!](https://www.tigera.io/blog/meet-project-calico-at-kubecon-eu-2023/): Project Calico will be at KubeCon EU 2023 in Amsterdam. Read this blog to learn more about what we'll be doing there, and how you can connect!
- [WAF is woefully insufficient in today’s container-based applications: Here’s why](https://www.tigera.io/blog/waf-is-woefully-insufficient-in-todays-container-based-applications-heres-why/): Learn why relying on a perimeter WAF for application security leaves entire environments vulnerable, unless adequate security tools are implemented.
- [Kubernetes secrets management: 3 approaches and 9 best practices](https://www.tigera.io/blog/kubernetes-secrets-management-3-approaches-and-9-best-practices/): Secrets contain crtitical confidential data. Learn the best practices that will help you secure and manage your secrets in Kubernetes.
- [What’s new in Calico Enterprise 3.16: Egress gateway on AKS, Service Graph optimizations, and more!](https://www.tigera.io/blog/whats-new-in-calico-enterprise-3-16-egress-gateway-on-aks-service-graph-optimizations-and-more/): Check out the early preview of Calico Enterprise 3.16 and learn how this latest release extends the active security platform's capabilities.
- [Navigating the security challenges of multi-tenancy in a cloud environment](https://www.tigera.io/blog/navigating-the-security-challenges-of-multi-tenancy-in-a-cloud-environment/): Learn about multi-tenancy issues such as bandwidth shortage, security policy scaling, privacy impacts, and their respective solutions.
- [Process monitoring: How you can detect malicious behavior in your containers](https://www.tigera.io/blog/process-monitoring-how-you-can-detect-malicious-behavior-in-your-containers/)
- [The MITRE ATT&#038;CK framework explained: Discerning a threat actor’s mindset](https://www.tigera.io/blog/mitre-attck-framework-explained-discerning-a-threat-actors-mindset/): MITRE ATT&CK framework explained. In this blog post, we will explore stages fifth to nine, along with how Calico can help mitigate these attack techniques.
- [High throughput Kubernetes cluster networking with the Calico/VPP data plane and accelerated memif](https://www.tigera.io/blog/high-throughput-kubernetes-cluster-networking-with-the-calico-vpp-dataplane-and-accelerated-memif/): Learn about what the Calico/VPP dataplane is, and how DPDK and accelerated memif interfaces can enhance Kubernetes cluster networking for your environment.
- [Kubernetes network monitoring: What is it, and why do you need it?](https://www.tigera.io/blog/kubernetes-network-monitoring-what-is-it-and-why-do-you-need-it/)
- [Calico Open Source 2022 highlights](https://www.tigera.io/blog/calico-open-source-2022-highlights/): 2022 has been a year full of new releases, new events, and new projects for Open Source Calico. Read this blog to find out what you might've missed.
- [Accelerating cloud-native development brings opportunities and challenges for enterprises](https://www.tigera.io/blog/accelerating-cloud-native-development-brings-opportunities-and-challenges-for-enterprises/): Traditional security approaches do not transfer directly to cloud-native architectures. So what can we do? Read the blog to learn more.
- [What’s new in Calico v3.25](https://www.tigera.io/blog/whats-new-in-calico-v3-25/): Calico v3.25 includes a number of eBPF dataplane upgrades and more. Read this blog to learn more and meet our community contributors.
- [Tigera 2023 predictions: Cloud native security and the shifting landscape in 2023](https://www.tigera.io/blog/tigera-2023-predictions-cloud-native-security-and-the-shifting-landscape-in-2023/): Ratan Tipirneni, President and CEO of Tigera, offers his predictions for the shifting cloud native security landscape of 2023.
- [Case study: How Mulligan Funding built a SOC 2-compliant fintech SaaS platform with Calico Cloud](https://www.tigera.io/blog/case-study-how-mulligan-funding-built-a-soc-2-compliant-fintech-saas-platform-with-calico-cloud/): Calico Cloud enabled Mulligan Funding to launch a SOC 2-compliant fintech SaaS platform. Learn more about the case study in our blog.
- [Securing Windows workloads](https://www.tigera.io/blog/securing-windows-workloads/): Learn how you can set up a Windows-based Kubernetes environment and secure your Windows workloads using Calico Open Source.
- [How to build a service mesh with Istio and Calico](https://www.tigera.io/blog/how-to-build-a-service-mesh-with-istio-and-calico/): Learn how you can create a Calico and Istio integration to establish a service mesh that will manipulate HTTP traffic in the application layer.
- [What&#8217;s new in Calico Enterprise 3.15:  FIPS 140-2 compliance, new dashboards, egress gateway pod failover, and more!](https://www.tigera.io/blog/whats-new-in-calico-enterprise-3-15-fips-140-2-compliance-new-dashboards-egress-gateway-pod-failover-and-more/)
- [New! Free self-paced workshops for containers and Kubernetes ](https://www.tigera.io/blog/new-free-self-paced-workshops-for-containers-and-kubernetes/): Learn to achieve compliance with regulatory frameworks using Calico. Learn more about our new (and free!) self-paced compliance workshop.
- [Live next week: The CalicoCon + Cloud-Native Security Summit!](https://www.tigera.io/blog/live-next-week-the-calicocon-cloud-native-security-summit/): Find out what Tigera has in store for the 2022 CalicoCon + Cloud-Native Security Summit, a free, live, and fully virtual event.
- [Using Calico to create a Kubernetes cluster mesh for multi-cluster environments](https://www.tigera.io/blog/using-calico-to-create-a-kubernetes-cluster-mesh-for-multi-cluster-environments/): Learn how Calico enables a Kubernetes cluster mesh for security, observability, and networking in multi-cluster environments.
- [Using the MITRE ATT&amp;CK framework to understand container security](https://www.tigera.io/blog/using-the-mitre-attck-framework-to-understand-container-security/)
- [3 container security best practices to strengthen your overall security posture](https://www.tigera.io/blog/3-container-security-best-practices-to-strengthen-your-overall-security-posture/)
- [Getting started with EKS and Calico](https://www.tigera.io/blog/getting-started-with-eks-and-calico/)
- [Zero trust in the cloud: Best practices and potential pitfalls](https://www.tigera.io/blog/zero-trust-in-the-cloud-best-practices-and-potential-pitfalls/): Secure cloud-native applications with zero trust. Learn zero trust implementations best practices and pitfalls.
- [How Calico CNI solves IP address exhaustion on Microsoft AKS](https://www.tigera.io/blog/how-calico-cni-solves-ip-address-exhaustion-on-microsoft-aks/): IP address exhaustion can cause container networking problems. Discover how Calico CNI solves IP address exhaustion under Microsoft's BYOCNI program.
- [Calico at KubeCon + CloudNativeCon NA 2022](https://www.tigera.io/blog/calico-at-kubecon-cloudnativecon-na-2022/)
- [Automate Calico Cloud and EKS cluster integration using AWS Control Tower](https://www.tigera.io/blog/automate-tigera-calico-cloud-and-eks-clusters-integration-using-aws-control-tower/)
- [What&#8217;s new in Calico v3.24](https://www.tigera.io/blog/what-is-new-in-calico-v3-24/)
- [Vulnerability management: 3 best practices and tips for image building and scanning](https://www.tigera.io/blog/vulnerability-management-3-best-practices-and-tips-for-image-building-and-scanning/)
- [What’s new in Calico Cloud: General availability of new container security features](https://www.tigera.io/blog/whats-new-in-calico-cloud-general-availability-of-new-container-security-features/)
- [Implementing zero-trust workload security on Amazon EKS with Calico](https://www.tigera.io/blog/implementing-zero-trust-workload-security-on-amazon-eks-with-calico/)
- [Rethinking security roles and organizational structure for the cloud](https://www.tigera.io/blog/rethinking-security-roles-and-organizational-structure-for-the-cloud/)
- [Community Spotlight series: Calico Open Source user insights from Sr. Software Developer, Burak Tahtacıoğlu](https://www.tigera.io/blog/community-spotlight-series-calico-open-source-user-insights-from-sr-software-developer-burak-tahtacioglu/)
- [Troubleshooting microservices: Challenges and best practices](https://www.tigera.io/blog/troubleshooting-microservices-challenges-and-best-practices/)
- [Quick and easy vulnerability management with Calico Cloud](https://www.tigera.io/blog/quick-and-easy-vulnerability-management-with-calico-cloud/)
- [What is eBPF and what are its use cases?](https://www.tigera.io/blog/what-is-ebpf-and-what-are-its-use-cases/)
- [Getting started with container security](https://www.tigera.io/blog/getting-started-with-container-security/)
- [Why your security teams are not ready for containers and Kubernetes, and what you can do about it](https://www.tigera.io/blog/why-your-security-teams-are-not-ready-for-containers-and-kubernetes-and-what-you-can-do-about-it/)
- [Calico workload-centric web application firewall (WAF): A better way to secure cloud-native applications](https://www.tigera.io/blog/calico-workload-based-web-application-firewall-waf-a-better-way-to-secure-cloud-native-applications/)
- [Community Spotlight series: Calico Open Source user insights from Cloud Native Technologist, Jintao Zhang](https://www.tigera.io/blog/community-spotlight-series-calico-open-source-user-insights-from-cloud-native-technologist-jintao-zhang/)
- [BYOCNI: Introducing Calico CNI for Microsoft AKS](https://www.tigera.io/blog/byocni-introducing-calico-cni-for-azure-aks/)
- [Tigera has been awarded Microsoft&#8217;s 2022 Partner of the Year award for OSS on Azure](https://www.tigera.io/blog/tigera-has-been-awarded-microsofts-2022-partner-of-the-year-award-for-oss-on-azure/)
- [Zero trust for cloud-native workloads: Mitigating future Log4j incidents](https://www.tigera.io/blog/zero-trust-for-cloud-native-workloads-part-2-mitigating-future-log4j-incidents/)
- [Contributing Cool Community Content to Calico](https://www.tigera.io/blog/contributing-cool-community-content-to-calico/)
- [Securing cloud workloads in 5 easy steps](https://www.tigera.io/blog/securing-cloud-workloads-in-5-easy-steps/)
- [Key advantages of the Calico eBPF data plane](https://www.tigera.io/blog/key-advantages-of-the-calico-ebpf-data-plane/)
- [What’s new in Calico Enterprise 3.14: WAF, Calico CNI on AKS, and support for RKE2](https://www.tigera.io/blog/whats-new-in-calico-enterprise-3-14-waf-calico-cni-on-aks-and-support-for-rke2/)
- [Join me at PlatformCon 2022 to learn how to secure could-native applications using open source tools](https://www.tigera.io/blog/join-me-at-platformcon-2022-to-learn-how-to-secure-could-native-applications-using-open-source-tools/)
- [Boosting your cluster networking with the Calico VPP data plane (beta)!](https://www.tigera.io/blog/boosting-your-cluster-networking-with-the-calico-vpp-data-plane-beta/)
- [Introducing our brand new (and free!) Calico Azure Course](https://www.tigera.io/blog/introducing-our-brand-new-and-free-calico-azure-course/)
- [Mitigating controls for cloud-native applications: Why you need them and how Calico Cloud can help](https://www.tigera.io/blog/mitigating-controls-for-cloud-native-applications-why-you-need-them-and-how-calico-cloud-can-help/): Fixing vulnerabilities can be hard, especially so for cloud-native applications. Learn why this is, and how mitigating controls can help secure your applications.
- [What&#8217;s New in Calico v3.23](https://www.tigera.io/blog/whats-new-in-calico-v3-23/)
- [Community Spotlight series: Calico Open Source user insights from Ana Shmygla and Josef Janda, Jamf](https://www.tigera.io/blog/community-spotlight-series-calico-open-source-user-insights-from-ana-shmygla-and-josef-janda-jamf/)
- [The state of cloud-native security 2022 – Tigera’s new market report](https://www.tigera.io/blog/the-state-of-cloud-native-security-2022-tigeras-new-market-report/): This market report provides insights and recommendations to guide your organization’s cloud-native security journey.
- [Community Spotlight series: Calico Open Source user insights from cloud solutions architect, Geoff Burke](https://www.tigera.io/blog/community-spotlight-series-calico-open-source-user-insights-from-cloud-solutions-architect-geoff-burke/)
- [A practical guide to container networking](https://www.tigera.io/blog/a-practical-guide-to-container-networking/)
- [A visual guide to Calico eBPF data plane validation](https://www.tigera.io/blog/a-visual-guide-to-calico-ebpf-data-plane-validation/)
- [How to secure Kubernetes at the infrastructure level: 10 best practices](https://www.tigera.io/blog/how-to-secure-kubernetes-at-the-infrastructure-level-10-best-practices/)
- [Defense in depth with Calico Cloud](https://www.tigera.io/blog/defense-in-depth-with-calico-cloud/)
- [Zero trust for cloud-native workloads](https://www.tigera.io/blog/zero-trust-for-cloud-native-workloads/)
- [How to maximize K3s resource efficiency using Calico&#8217;s eBPF data plane](https://www.tigera.io/blog/how-to-maximize-k3s-resource-efficiency-using-calicos-ebpf-data-plane/)
- [What a more holistic approach to cloud-native security and observability looks like](https://www.tigera.io/blog/what-a-more-holistic-approach-to-cloud-native-security-and-observability-looks-like/)
- [Calico Cloud: Active build and runtime security for cloud-native applications](https://www.tigera.io/blog/calico-cloud-active-build-and-runtime-security-for-cloud-native-applications/)
- [Why you need Tigera’s new active cloud-native application security](https://www.tigera.io/blog/why-you-need-tigeras-new-active-cloud-native-application-security/)
- [Introducing our exciting new ambassador program: Calico Big Cats](https://www.tigera.io/blog/introducing-our-exciting-new-ambassador-program-calico-big-cats/)
- [Is ARM architecture the future of cloud computing?](https://www.tigera.io/blog/is-arm-architecture-the-future-of-cloud-computing/)
- [How to Monitor Calico&#8217;s eBPF Data Plane for Proactive Cluster Management](https://www.tigera.io/blog/how-to-monitor-calicos-ebpf-data-plane-for-proactive-cluster-management/): Learn how to gain visibility into the Calico eBPF data plane by understanding Kubernetes discovery services, how to enable and view Prometheus metrics endpoints on monitorable services, and how to use Grafana on a Kubernetes cluster to visualize the results.
- [Why cloud native requires a holistic approach to security and observability](https://www.tigera.io/blog/why-cloud-native-requires-a-holistic-approach-to-security-and-observability/)
- [Extending Panorama&#8217;s firewall address groups into your Kubernetes cluster using Calico NetworkSets](https://www.tigera.io/blog/extending-panoramas-firewall-address-groups-into-your-kubernetes-cluster-using-calico-networksets/)
- [Faster troubleshooting of microservices, containers, and Kubernetes with Dynamic Packet Capture](https://www.tigera.io/blog/faster-troubleshooting-of-microservices-containers-and-kubernetes-with-dynamic-packet-capture/)
- [How network security policies can protect your environment from future vulnerabilities like Log4j](https://www.tigera.io/blog/how-network-security-policies-can-protect-your-environment-from-future-vulnerabilities-like-log4j/): Learn how the use of network policies could have prevented the Log4j vulnerability, and how to secure your environment against similar future attacks
- [Experiment with Calico BGP in the Comfort of Your Own Laptop!](https://www.tigera.io/blog/experiment-with-calico-bgp-in-the-comfort-of-your-own-laptop/)
- [Introducing the New Calico eBPF Data Plane Certification](https://www.tigera.io/blog/helping-you-benefit-from-our-pluggable-ebpf-data-plane-introducing-the-new-calico-ebpf-data-plane-certification/)
- [Calico WireGuard support with Azure CNI](https://www.tigera.io/blog/calico-wireguard-support-with-azure-cni/)
- [Turbocharging AKS networking with Calico eBPF](https://www.tigera.io/blog/turbocharging-aks-networking-with-calico-ebpf/)
- [Real-time threat response for Kubernetes workloads, using threat intelligence feeds and deep packet inspection](https://www.tigera.io/blog/real-time-threat-response-for-kubernetes-workloads-using-threat-intelligence-feeds-and-deep-packet-inspection/)
- [What&#8217;s New in Calico v3.21](https://www.tigera.io/blog/whats-new-in-calico-v3-21/)
- [We’ve just published a book on container and cloud-native application security and observability](https://www.tigera.io/blog/weve-just-published-a-book-on-container-and-cloud-native-application-security-and-observability/): Read our book to learn how to adopt a holistic approach to container and cloud-native application security and observability.
- [Fast and simple troubleshooting with GUI-based Dynamic Packet Capture](https://www.tigera.io/blog/fast-and-simple-troubleshooting-with-gui-based-dynamic-packet-capture/)
- [Label standard and best practices for Kubernetes security](https://www.tigera.io/blog/label-standard-and-best-practices-for-kubernetes-security/)
- [Calico is celebrating 5 years](https://www.tigera.io/blog/calico-is-celebrating-5-years/)
- [Workload access control: Securely connecting containers and Kubernetes with the outside world](https://www.tigera.io/blog/workload-access-control-securely-connecting-containers-and-kubernetes-with-the-outside-world/)
- [Calico Cloud: What’s new in October](https://www.tigera.io/blog/calico-cloud-whats-new-in-october/)
- [Kubespray 2.17 released with Calico eBPF and WireGuard support](https://www.tigera.io/blog/kubespray-2-17-released-with-calico-ebpf-and-wireguard-support/)
- [Rethinking observability for Kubernetes](https://www.tigera.io/blog/rethinking-observability-for-kubernetes/)
- [Calico on EKS Anywhere](https://www.tigera.io/blog/calico-on-eks-anywhere/)
- [Lightning-fast Kubernetes networking with Calico &#038; VPP](https://www.tigera.io/blog/lightning-fast-kubernetes-networking-with-calico-vpp/)
- [Why securing internet-facing applications is challenging in a Kubernetes environment](https://www.tigera.io/blog/why-securing-internet-facing-applications-is-challenging-in-a-kubernetes-environment/): Internet-facing applications are targeted by threat actors. Let’s take a look at the reasons behind these security threats, and the measures you should take.
- [The importance of Calico&#8217;s pluggable data plane](https://www.tigera.io/blog/the-importance-of-calicos-pluggable-data-plane/)
- [What’s new in Calico Enterprise 3.9: Live troubleshooting and resource-efficient application-level observability](https://www.tigera.io/blog/whats-new-in-calico-enterprise-3-9-live-troubleshooting-and-resource-efficient-application-level-observability/)
- [Calico integration with WireGuard using kOps](https://www.tigera.io/blog/calico-integration-with-wireguard-using-kops/)
- [eBPF: When (and when not) to use it](https://www.tigera.io/blog/ebpf-when-and-when-not-to-use-it/)
- [kOps adds support for Calico’s eBPF data plane](https://www.tigera.io/blog/kops-adds-support-for-calicos-ebpf-data-plane/)
- [Using Calico with Kubespray](https://www.tigera.io/blog/using-calico-with-kubespray/)
- [Kubernetes observability challenges in cloud-native architecture](https://www.tigera.io/blog/kubernetes-observability-challenges-in-cloud-native-architecture/)
- [Kubernetes security issues: An examination of major attacks](https://www.tigera.io/blog/kubernetes-security-issues-an-examination-of-major-attacks/): Analysis of TTPs can benefit security operations by providing a description of how threat actors performed their attacks.
- [What&#8217;s New in Calico v3.20](https://www.tigera.io/blog/whats-new-in-calico-v3-20/)
- [A Sneak Peek at the &#8220;Certified Calico Operator: AWS Expert&#8221; Course](https://www.tigera.io/blog/a-sneak-peek-at-the-calico-certified-operator-aws-expert-course-2/)
- [Do you really need a service mesh?](https://www.tigera.io/blog/do-you-really-need-a-service-mesh/): A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. Do you really need one?
- [High-availability connectivity for Kubernetes with dual ToR](https://www.tigera.io/blog/high-availability-connectivity-for-kubernetes-with-dual-tor/)
- [Calico eBPF Data Plane Deep-Dive](https://www.tigera.io/blog/calico-ebpf-data-plane-deep-dive/): A deep dive on the Calico eBPF data plane. Learn how it works under the hood to help you make informed choices and improve your understanding!
- [Kubernetes security policy design: 10 critical best practices](https://www.tigera.io/blog/kubernetes-security-policy-10-critical-best-practices/): Learn about critical best practices that can improve your Kubernetes security policy design, including RBAC, application trust boundaries, and environment segmentation.
- [What’s new in Calico Enterprise 3.7: eBPF data plane, high availability, and more!](https://www.tigera.io/blog/whats-new-in-calico-enterprise-3-7-ebpf-data-plane-high-availability-and-more/)
- [Calico Enterprise: Leverage multiple benefits from the new eBPF data plane](https://www.tigera.io/blog/calico-enterprise-leverage-multiple-benefits-from-the-new-ebpf-data-plane/)
- [Observe &amp; Troubleshoot Your Kubernetes Environments with Dynamic Service Graph](https://www.tigera.io/blog/observe-troubleshoot-your-kubernetes-environments-with-dynamic-service-graph/)
- [Enabling You to Get the Best from AWS: Introducing the New Calico AWS Expert Certification](https://www.tigera.io/blog/enabling-you-to-get-the-best-from-aws-introducing-the-new-calico-aws-expert-certification/)
- [CVE-2021-31440: Kubernetes container escape using eBPF](https://www.tigera.io/blog/cve-2021-31440-kubernetes-container-escape-using-ebpf/): Learn about the CVE-2021-31440 vulnerability, how it works, and mitigation tactics.
- [Learn from industry experts at the Kubernetes Security and Observability Summit—next week!](https://www.tigera.io/blog/learn-from-industry-experts-at-the-kubernetes-security-and-observability-summit-next-week/)
- [Why you don’t want to miss the upcoming Kubernetes Security and Observability Summit](https://www.tigera.io/blog/why-you-dont-want-to-miss-the-upcoming-kubernetes-security-and-observability-summit/)
- [Don’t miss our session at SUSECON Digital 2021](https://www.tigera.io/blog/dont-miss-our-session-at-susecon-digital-2021/)
- [Join us at our inaugural Kubernetes Security and Observability Summit](https://www.tigera.io/blog/join-us-at-our-inaugural-kubernetes-security-and-observability-summit/)
- [What’s New in Calico v3.19](https://www.tigera.io/blog/whats-new-in-calico-v3-19/)
- [Calico Enterprise enables live view of cloud-native apps deployed in Kubernetes](https://www.tigera.io/blog/calico-enterprise-enables-live-view-of-cloud-native-apps-deployed-in-kubernetes/)
- [Announcing Calico Enterprise 3.5: New ways to automate, simplify and accelerate Kubernetes adoption and deployment](https://www.tigera.io/blog/announcing-calico-enterprise-3-5-new-ways-to-automate-simplify-and-accelerate-kubernetes-adoption-and-deployment/)
- [Join Tigera at KubeCon + CloudNativeCon Europe 2021](https://www.tigera.io/blog/join-tigera-at-kubecon-cloudnativecon-europe-2021/)
- [Calico Extends eBPF Data Plane to Offer Host Protection, Isolating Hosts as Well as Workloads](https://www.tigera.io/blog/calico-extends-ebpf-data-plane-to-offer-host-protection-isolating-hosts-as-well-as-workloads/)
- [First look: new O&#8217;Reilly eBook on Kubernetes security and observability *early release chapters*](https://www.tigera.io/blog/oreilly-ebook-kubernetes-security-and-observability-early-release/)
- [Calico Cloud now available on AWS Marketplace](https://www.tigera.io/blog/calico-cloud-now-available-on-aws-marketplace/)
- [How Calico Cloud’s runtime defense mitigates Kubernetes MITM vulnerability CVE-2020-8554](https://www.tigera.io/blog/how-calico-clouds-runtime-defense-mitigates-kubernetes-mitm-vulnerability-cve-2020-8554/): Learn how to mitigate the Kubernetes MITM vulnerability CVE-2020-8554 using runtime defense.
- [TeamTNT: Latest TTPs targeting Kubernetes (Q1-2021)](https://www.tigera.io/blog/teamtnt-latest-ttps-targeting-kubernetes/)
- [Honeypods: Applying a Traditional Blue Team Technique to Kubernetes](https://www.tigera.io/blog/honeypods-applying-a-traditional-blue-team-technique-to-kubernetes/)
- [Tigera to Provide Native Kubernetes Support for Mixed Windows/Linux Workloads on Microsoft Azure](https://www.tigera.io/blog/tigera-and-microsoft-extend-the-power-of-calico-for-windows-to-aks/)
- [How to integrate Kubernetes RBAC and Calico to achieve “Shift-Left” Security](https://www.tigera.io/blog/how-to-integrate-kubernetes-rbac-and-calico-to-achieve-shift-left-security/)
- [What’s new in Calico v3.18?](https://www.tigera.io/blog/whats-new-in-calico-v3-18/)
- [Calico and Submariner Integration: A Hands-on Walkthrough](https://www.tigera.io/blog/calico-and-submariner-integration-a-hands-on-walkthrough/)
- [Industry-First Pay-as-you-go SaaS Platform for Kubernetes Security and Observability](https://www.tigera.io/blog/industry-first-pay-as-you-go-saas-platform-for-kubernetes-security-and-observability/)
- [Kubernetes Observability Challenges: The Need for an AI-Driven Solution](https://www.tigera.io/blog/kubernetes-observability-challenges-the-need-for-an-ai-driven-solution/)
- [Calico Enterprise: An Overview](https://www.tigera.io/blog/calico-enterprise-an-overview/)
- [Calico &amp; Calico Enterprise: Now Available as AWS Quick Starts](https://www.tigera.io/blog/calico-calico-enterprise-now-available-as-aws-quick-starts/)
- [A 2020 Review of the World’s Most Popular Kubernetes CNI](https://www.tigera.io/blog/a-2020-review-of-the-worlds-most-popular-kubernetes-cni/)
- [Calico in 2020: The World’s Most Popular Kubernetes Networking and Security solution](https://www.tigera.io/blog/calico-in-2020-the-worlds-most-popular-kubernetes-cni/)
- [New Vulnerability Exposes Kubernetes to Man-in-the-Middle Attacks: How to Mitigate CVE-2020-8554](https://www.tigera.io/blog/new-vulnerability-exposes-kubernetes-to-man-in-the-middle-attacks-heres-how-to-mitigate/)
- [Automated, Simplified DNS Troubleshooting for Kubernetes: Only in Calico Enterprise](https://www.tigera.io/blog/automated-simplified-dns-troubleshooting-for-kubernetes-only-in-calico-enterprise/)
- [Tigera to Support Amazon EKS-Distro](https://www.tigera.io/blog/tigera-to-support-amazon-eks-distro/)
- [What’s new in Calico 3.17](https://www.tigera.io/blog/whats-new-in-calico-3-17/)
- [Calico Delivers “Wow Effect” with 6x Faster Encryption than Any Other Solution&#8230;    Confirms Leadership in Latest Independent CNI Benchmark Tests](https://www.tigera.io/blog/calico-delivers-wow-effect-with-6x-faster-encryption-than-any-other-solution-confirms-leadership-in-latest-independent-cni-benchmark-tests/)
- [Introducing Fast, Automated Packet Capture for Kubernetes](https://www.tigera.io/blog/introducing-fast-automated-packet-capture-for-kubernetes/): Calico Enterprise PacketCapture reduces the time and effort required for operators to rapidly and effectively troubleshoot a connectivity issue.
- [Introducing Data-in-Transit Encryption for Calico Enterprise](https://www.tigera.io/blog/introducing-data-in-transit-encryption-for-calico-enterprise/): Calico Enterprise, the leading solution for Kubernetes networking, security and observability in hybrid and multi-clouds now includes encryption for data-in-transit.
- [Solving Microservices Connectivity Issues with Network Logs](https://www.tigera.io/blog/solving-microservices-connectivity-issues-with-network-logs/): DevOps, SecOps, Network and Platform teams can use network logs to address use cases that apply within their respective domains.
- [EKS, Bottlerocket, and Calico eBPF](https://www.tigera.io/blog/eks-bottlerocket-and-calico-ebpf/)
- [Extend Your Fortinet FortiManager to Kubernetes](https://www.tigera.io/blog/extend-your-fortinet-fortimanager-to-kubernetes/): Fortinet Dynamic Cloud Security solutions integrated with Tigera Calico Enterprise bring visibility and control across cloud infrastructures.
- [Kubernetes Q3-2020: Threats, Exploits and TTPs](https://www.tigera.io/blog/kubernetes-q3-2020-threats-exploits-and-ttps/): A review of cyber-threats that have evolved in the Kubernetes ecosystem
- [Tigera Announces Open-Source Calico for Windows and Collaboration with Microsoft](https://www.tigera.io/blog/tigera-announces-open-source-calico-for-windows-and-collaboration-with-microsoft/): Tigera is pleased to announce that we have collaborated with Microsoft to bring open-sourced Calico to Windows and have made it available for free use.
- [Using Kubernetes to orchestrate VMs](https://www.tigera.io/blog/using-kubernetes-to-orchestrate-vms/): Learn how to add KubeVirt to your cluster, using Calico networking, and then use Calico network policy to secure the VMs.
- [Announcing eBPF Mode GA](https://www.tigera.io/blog/announcing-ebpf-mode-ga/): We have marked the eBPF dataplane as "GA", signalling that it is now stable and ready for wider use by the community.
- [Achieving CI Velocity at Tigera using Semaphore](https://www.tigera.io/blog/achieving-ci-velocity-at-tigera-using-semaphore/): Automating our CI pipelines enables us to thoroughly test our products and catch bugs before release.
- [The New Model for Network Security: Zero Trust](https://www.tigera.io/blog/the-new-model-for-network-security-zero-trust/): Calico Enterprise Zero Trust Network Security is one of the most effective ways to control access to Kubernetes networks, applications, and data
- [Mitigating the Risks of Instance Metadata in AWS EKS](https://www.tigera.io/blog/mitigating-the-risks-of-instance-metadata-in-aws-eks/): How can you remediate the AWS Instance Metadata vulnerability? The recommended workaround is to deploy Calico Network Policy.
- [What’s new in Calico 3.16](https://www.tigera.io/blog/whats-new-in-calico-3-16/)
- [Security Policy Self-Service for Developers and DevOps Teams](https://www.tigera.io/blog/security-policy-self-service-for-developers-and-devops-teams/): More developers and DevOps teams are taking on operational responsibilities formerly owned by platform and security teams.
- [Enforcing Enterprise Security Controls in Kubernetes using Calico Enterprise](https://www.tigera.io/blog/enforcing-enterprise-security-controls-in-kubernetes-using-calico-enterprise/): With Calico Enterprise, you can easily apply enterprise security controls to both Kubernetes nodes and pods.
- [Calico Networking For Kubernetes](https://www.tigera.io/blog/calico-networking-for-kubernetes/)
- [Enabling Microsegmentation with Calico Enterprise](https://www.tigera.io/blog/enabling-microsegmentation-with-calico-enterprise-2/): Calico Enterprise provides a common policy language for segmentation that works across all of your hybrid cloud and scales with the growth of your microservices environment.
- [Announcing the Tigera &#8211; Nutanix Partnership](https://www.tigera.io/blog/announcing-the-tigera-nutanix-partnership/)
- [A Look at the New Calico eBPF data plane](https://www.tigera.io/blog/a-look-at-the-new-calico-ebpf-dataplane/): The Calico 3.13 release introduced an exciting new eBPF (extended Berkeley Packet Filter) dataplane that pushes the Linux kernel’s latest networking capabilities to the limit.
- [Standing up a Calico powered Kubernetes cluster using kops](https://www.tigera.io/blog/standing-up-a-calico-powered-kubernetes-cluster-using-kops/)
- [Now GA: Data-in-Transit Encryption in Calico v3.15](https://www.tigera.io/blog/now-ga-data-in-transit-encryption-in-calico-v3-15/): Data-in-transit encryption is now generally available with Calico v3.15.
- [What&#8217;s new in Calico 3.15](https://www.tigera.io/blog/whats-new-in-calico-3-15/)
- [Monitoring Calico with Prometheus and Grafana](https://www.tigera.io/blog/monitoring-calico-with-prometheus-and-grafana/)
- [Kubernetes Security: Lateral Movement Detection and Defense](https://www.tigera.io/blog/kubernetes-security-lateral-movement-detection-and-defense/): Watch this on-demand webinar, Detecting Lateral Movement and Defending Against Attackers, presented by Tigera security threat researcher Garwood Pang
- [Securing the “Hipster Shop” with Calico Network Policies: A Case Study](https://www.tigera.io/blog/securing-the-hipster-shop-with-calico-network-policies/)
- [Introducing WireGuard Encryption with Calico](https://www.tigera.io/blog/introducing-wireguard-encryption-with-calico/): Learn about WireGuard and how to enable WireGuard support in Calico.
- [Video: Everything You Need to Know about Kubernetes Services Networking in Your Rancher Cluster](https://www.tigera.io/blog/everything-you-need-to-know-about-kubernetes-services-networking-2/): Calico utilizes Kubernetes Services, an abstraction layer which defines a logical set of pods and enables load balancing and service discovery for those pods.
- [Best practices for integrating Calico with Cisco ACI](https://www.tigera.io/blog/best-practices-for-integrating-calico-with-cisco-aci/)
- [Calico Egress Gateway: Universal Firewall Integration for Kubernetes](https://www.tigera.io/blog/calico-egress-gateway-universal-firewall-integration-for-kubernetes/): The Calico Egress Gateway extends the scope of firewalls to Kubernetes, enabling them to manage traffic originating from a cluster.
- [Securing Kubernetes Nodes with Calico Automatic Host Endpoints](https://www.tigera.io/blog/securing-kubernetes-nodes-with-calico-automatic-host-endpoints/)
- [Calico Enterprise 3.0 with Calico Multi-Cluster Management](https://www.tigera.io/blog/calico-enterprise-3-0-global-network-security-center-for-kubernetes/): We are thrilled to announce the release of Calico Enterprise 3.0 and our Global Network Security Center, a game-changing solution that provides centralized management for network security across every Kubernetes cluster in your organization.
- [What’s new in Calico v3.14](https://www.tigera.io/blog/whats-new-in-calico-v3-14/)
- [Egress Access Control for Kubernetes Workloads](https://www.tigera.io/blog/egress-access-control-for-kubernetes-workloads/)
- [Topology Aware IP Address Management for Kubernetes](https://www.tigera.io/blog/topology-aware-ip-management/)
- [Video: Everything you need to know about Kubernetes Ingress networking](https://www.tigera.io/blog/everything-you-need-to-know-about-kubernetes-ingress-networking/)
- [Deploying to Kubernetes: The GitOps Way](https://www.tigera.io/blog/deploying-to-kubernetes-the-gitops-way/): Kubernetes adoption has its challenges, such as consistently deploying applications to the platform. GitOps is a strategy which solves this problem and solves it at scale.
- [Hands on with Calico’s eBPF data plane native service handling](https://www.tigera.io/blog/hands-on-with-calicos-ebpf-service-handling/)
- [Everything you need to know about Kubernetes Services networking](https://www.tigera.io/blog/everything-you-need-to-know-about-kubernetes-services-networking/)
- [Designing On-Prem Kubernetes Networks for High Availability](https://www.tigera.io/blog/designing-on-prem-kubernetes-networks-for-high-availability/): Learn how to design a high-availability Kubernetes network with a dual-TOR configuration using Calico Enterprise from Tigera.
- [Calico&#8217;s eBPF data plane](https://www.tigera.io/blog/introducing-the-calico-ebpf-dataplane-2/)
- [Why use Typha in your Calico Kubernetes Deployments?](https://www.tigera.io/blog/why-use-typha-in-your-calico-kubernetes-deployments/): Typha is not optional, but is a necessary component of your Calico deployment for any decent-sized production cluster.
- [Visibility, Security and Compliance through Audit Logs in Calico Enterprise](https://www.tigera.io/blog/april-customer-newsletter/)
- [Advertising Kubernetes Service IPs with Calico and BGP](https://www.tigera.io/blog/advertising-kubernetes-service-ips-with-calico-and-bgp/)
- [How Fortinet and Tigera Protect Kubernetes in the Enterprise](https://www.tigera.io/blog/how-fortinet-and-tigera-protect-kubernetes-in-the-enterprise/)
- [How to Efficiently Detect Domain Generation Algorithms (DGA) in Kubernetes with Calico Enterprise](https://www.tigera.io/blog/how-to-efficiently-detect-domain-generation-algorithms-dga-in-kubernetes-with-calico-enterprise/)
- [What’s new in Calico v3.13](https://www.tigera.io/blog/whats-new-in-calico-v3-13/)
- [Using Calico Enterprise Flow Logs to Improve Visibility, Troubleshooting, and Collaboration](https://www.tigera.io/blog/march-customer-newsletter/)
- [Now Available: Calico for Windows on Red Hat OpenShift Container Platform](https://www.tigera.io/blog/now-available-calico-for-windows-on-red-hat-openshift-container-platform/)
- [Extend Fortinet FortiGate to Kubernetes with Calico Enterprise 2.7](https://www.tigera.io/blog/extend-fortinet-fortiguard-to-kubernetes-with-calico-enterprise-2-7/)
- [Introducing the Calico eBPF data plane](https://www.tigera.io/blog/introducing-the-calico-ebpf-dataplane/)
- [Supercharging Workload Security in Your K8s Cluster](https://www.tigera.io/blog/supercharging-workload-security-in-your-k8s-cluster/)
- [Watch: Everything you need to know about Kubernetes networking on Google Cloud](https://www.tigera.io/blog/everything-you-need-to-know-about-kubernetes-networking-on-google-cloud/)
- [What’s new in Calico v3.12](https://www.tigera.io/blog/whats-new-in-calico-v3-12/)
- [Understanding the policy enforcement options with Calico](https://www.tigera.io/blog/understanding-the-policy-enforcement-options-with-calico/)
- [Dual Stack Operation with Calico on Kubernetes](https://www.tigera.io/blog/dual-stack-operation-with-calico-on-kubernetes/)
- [Video: Everything you need to know about Kubernetes networking on Azure](https://www.tigera.io/blog/everything-you-need-to-know-about-kubernetes-networking-on-azure/)
- [Decentralized Calico Network Security Policy Deployment for GitOps &#8211; Part 2](https://www.tigera.io/blog/decentralized-calico-network-security-policy-deployment-for-gitops-part-2-2/)
- [What’s new in Calico v3.11](https://www.tigera.io/blog/whats-new-in-calico-v3-11/)
- [Enforcing Network Security Policies with GitOps – Part 1](https://www.tigera.io/blog/enforcing-network-security-policies-with-gitops-part-1/)
- [Five Ways to Quickly Uncover Malicious Activity and Protect Your Kubernetes Workloads](https://www.tigera.io/blog/five-ways-to-quickly-uncover-malicious-activity-and-protect-your-kubernetes-workloads/)
- [Live Migration from Flannel to Calico](https://www.tigera.io/blog/live-migration-from-flannel-to-calico/)
- [Security Policy as Code Now Fully Automated with Calico Enterprise 2.6](https://www.tigera.io/blog/security-policy-as-code-now-fully-automated-with-calico-enterprise-2-6/)
- [What’s new in Calico v3.10](https://www.tigera.io/blog/whats-new-in-calico-v3-10/)
- [Tigera Partners with Fortinet to Secure Kubernetes Environments and Joins the Fortinet Fabric-Ready Program](https://www.tigera.io/blog/tigera-joins-the-fortinet-fabric-ready-program-and-partners-with-fortinet-to-secure-kubernetes-environments/)
- [Enable GitOps for Kubernetes Security &#8211; Part 1](https://www.tigera.io/blog/enable-gitops-for-kubernetes-security-part-1/)
- [Watch: Everything you need to know about Kubernetes pod networking on AWS](https://www.tigera.io/blog/everything-you-need-to-know-about-kubernetes-pod-networking-on-aws/)
- [What&#8217;s new in Calico v3.9](https://www.tigera.io/blog/whats-new-in-calico-v3-9/)
- [3 Layers to Defend Your Kubernetes Workloads](https://www.tigera.io/blog/3-layers-to-defend-your-kubernetes-workloads/)
- [Single Sign-On for Kubernetes: Dashboard Experience](https://www.tigera.io/blog/single-sign-on-for-kubernetes-dashboard-experience/)
- [IBM’s Journey to Tens of Thousands of Production Kubernetes Clusters](https://www.tigera.io/blog/ibms-journey-to-tens-of-thousands-of-production-kubernetes-clusters/)
- [Istio Routing Basics: A Step-by-Step Tutorial](https://www.tigera.io/blog/istio-routing-basics/)
- [Prevent DNS (and other) Spoofing with Calico](https://www.tigera.io/blog/prevent-dns-and-other-spoofing-with-calico/)
- [Tigera Secure 2.5 &#8211; Implement Kubernetes Network Security Using Your Firewall Manager](https://www.tigera.io/blog/tigera-secure-2-5-implement-kubernetes-network-security-using-your-firewall-manager/)
- [How to Enable Serverless Computing in Kubernetes](https://www.tigera.io/blog/how-to-enable-serverless-computing-in-kubernetes/)
- [Extend CI/CD with CR for Continuous App Resilience](https://www.tigera.io/blog/extend-ci-cd-with-cr-for-continuous-app-resilience/)
- [Big Data and K8s – Why Spark and Hadoop Workloads Should Run Containerized](https://www.tigera.io/blog/big-data-and-kubernetes-why-your-spark-hadoop-workloads-should-run-containerized-1-4/)
- [Five Reasons to Use Kubernetes](https://www.tigera.io/blog/5-reasons-to-use-kubernetes/)
- [Simplify Migration from Red Hat OpenShift 3 to 4](https://www.tigera.io/blog/simplify-migration-from-openshift-3-to-4/)
- [Getting Started with Jaeger to Build an Istio Service Mesh](https://www.tigera.io/blog/getting-started-with-jaeger-to-build-an-istio-service-mesh/)
- [Solving Kubernetes Configuration Woes with a Custom Controller](https://www.tigera.io/blog/solving-kubernetes-configuration-woes-with-a-custom-controller/)
- [What&#8217;s New in Calico v3.8](https://www.tigera.io/blog/whats-new-in-calico-v3-8/)
- [kr8 &#8211; Configuration Management for Kubernetes Clusters](https://www.tigera.io/blog/kr8-configuration-management-for-kubernetes-cluster/)
- [Single Sign-On for Kubernetes: The Command Line Experience](https://www.tigera.io/blog/single-sign-on-for-kubernetes-the-command-line-experience/)
- [Klusterkit – Enable Kubernetes-based Architectures in Air-gapped Deployments](https://www.tigera.io/blog/klusterkit-enable-kubernetes-based-architectures-in-air-gapped-deployments/)
- [10 Reasons Why You Should Run Your Serverless Applications and FaaS on Kubernetes](https://www.tigera.io/blog/10-reasons-you-should-run-your-serverless-applications-faas-on-kubernetes/)
- [Tigera Adds eBPF Support to Calico](https://www.tigera.io/blog/tigera-adds-ebpf-support-to-calico/)
- [Kubernetes Issues and Solutions](https://www.tigera.io/blog/kubernetes-issues-and-solutions/): Learn about different Kubernetes issues and how you can solve them.
- [Containerized Air-Gapped Edge Platform Architecture](https://www.tigera.io/blog/containerized-air-gapped-edge-platform-architecture/)
- [Istio and Kubernetes in Production, Part 2: Tracing](https://www.tigera.io/blog/istio-and-kubernetes-in-production-part-2-tracing/)
- [Introducing XDP-Optimized Denial-of-Service Mitigation](https://www.tigera.io/blog/introducing-xdp-optimized-denial-of-service-mitigation/)
- [Complexity as the Enemy of Kubernetes Network Security](https://www.tigera.io/blog/complexity-as-the-enemy-of-security/)
- [Key Features to Consider When Evaluating an Enterprise Kubernetes Solution](https://www.tigera.io/blog/key-features-to-consider-when-evaluating-an-enterprise-kubernetes-solution/)
- [Running Istio on Kubernetes in Production, Part 1](https://www.tigera.io/blog/running-istio-on-kubernetes-in-production-part-i/)
- [Five Things Your APM Platform Should do for Your Container Application Deployments](https://www.tigera.io/blog/five-things-your-apm-platform-should-do-for-your-container-application-deployments/)
- [Tigera Secure Enterprise Edition 2.4 Extends Firewalls to Secure Dynamic Kubernetes Workloads](https://www.tigera.io/blog/tigera-secure-enterprise-edition-2-4-enables-firewalls-to-secure-dynamic-kubernetes-workloads/)
- [Key Kubernetes Concepts](https://www.tigera.io/blog/key-kubernetes-concepts/)
- [Infrastructure Ops in 2019 – An Operating Model For Hybrid Cloud Transformation, Part 2 of 2](https://www.tigera.io/blog/infrastructure-ops-in-2019-an-operating-model-for-hybrid-cloud-transformation-2-2/)
- [Infrastructure Ops in 2019 – How Legacy Technology Compounds Technical Debt, Part 1 of 2](https://www.tigera.io/blog/infrastructure-ops-in-2019-how-legacy-technology-compounds-technical-debt-1-2/)
- [What’s New in Calico v3.7](https://www.tigera.io/blog/whats-new-in-calico-v3-7/)
- [Linux Conntrack: Why it breaks down and avoiding the problem](https://www.tigera.io/blog/when-linux-conntrack-is-no-longer-your-friend/): Understand challenges with Linux Conntrack, how to measure related performance issues, and how to avoid the problems in your applications.
- [Use Kubernetes to Speed Machine Learning Development](https://www.tigera.io/blog/use-kubernetes-to-speed-machine-learning-development/)
- [Seven Key Considerations for Kubernetes in Production](https://www.tigera.io/blog/7-key-considerations-for-kubernetes-in-production/)
- [Comparing kube-proxy modes: iptables or IPVS?](https://www.tigera.io/blog/comparing-kube-proxy-modes-iptables-or-ipvs/)
- [Deploy Your First Deep Learning Model On Kubernetes With Python, Keras, Flask, and Docker](https://www.tigera.io/blog/deploy-your-first-deep-learning-model-on-kubernetes-with-python-keras-flask-and-docker/)
- [Five Predictions For Serverless In 2019](https://www.tigera.io/blog/5-predictions-for-serverless-in-2019/)
- [What Your Kubernetes Security Checklist Might Be Missing](https://www.tigera.io/blog/what-your-kubernetes-security-checklist-might-be-missing/): Kubernetes is a complex system, and securing it requires thinking about several different layers of the stack. Learn how to plan secure Kubernetes implementations.
- [A Practical Guide to the Journey from Monolith to Microservices](https://www.tigera.io/blog/a-practical-guide-to-the-journey-from-monolith-to-microservices/)
- [Using Kubeless for Kubernetes Events](https://www.tigera.io/blog/using-kubeless-for-kubernetes-events/)
- [Docker Tips: Access the Docker daemon via ssh](https://www.tigera.io/blog/docker-tips-access-the-docker-daemon-via-ssh/)
- [Configuring Route Reflectors in Calico](https://www.tigera.io/blog/configuring-route-reflectors-in-calico/)
- [The Myth of a Single Container Security Solution](https://www.tigera.io/blog/the-myth-of-a-single-container-security-solution/)
- [How to Install OpenEBS on OpenShift](https://www.tigera.io/blog/how-to-install-openebs-on-openshift/)
- [What’s New in Calico v3.6](https://www.tigera.io/blog/whats-new-in-calico-v3-6/)
- [Kubernetes Security : Are your Container Doors Open?](https://www.tigera.io/blog/kubernetes-security-are-your-container-doors-open/)
- [Using Kubernetes Labels for Analytics, Forensics and Diagnostics](https://www.tigera.io/blog/using-kubernetes-labels-for-analytics-forensics-and-diagnostics/)
- [Top OpenShift Security Lessons](https://www.tigera.io/blog/top-6-container-security-lessons-from-deploying-kubernetes-and-red-hat-openshift/): OpenShift is a Kubernetes platform for operationalizing container workloads remotely or as a hosted service. Learn 6 OpenShift security best practices.
- [Kubernetes Design and Development Explained](https://www.tigera.io/blog/kubernetes-design-and-development-explained/)
- [Navigating Network Services and Policy With Helm](https://www.tigera.io/blog/navigating-network-services-and-policy-with-helm/)
- [New Tigera Secure Enterprise 2.3 Anomaly Detection Deepens Visibility into Suspicious Kubernetes Activities](https://www.tigera.io/blog/new-tigera-secure-enterprise-2-3-anomaly-detection-deepens-visibility-into-suspicious-kubernetes-activities/)
- [Single Sign-On for Kubernetes: An Introduction](https://www.tigera.io/blog/single-sign-on-for-kubernetes-an-introduction/)
- [Achieving Full Stack Automation Through Kubernetes](https://www.tigera.io/blog/achieving-full-stack-automation-through-kubernetes/)
- [What’s New in Calico 3.5](https://www.tigera.io/blog/whats-new-in-calico-3-5/)
- [Leveraging Service Accounts for Label-based Security](https://www.tigera.io/blog/label-based-security-is-great-but-who-watches-the-watchers/)
- [Why I Changed My Mind and Embraced Managed Kubernetes Services](https://www.tigera.io/blog/why-i-changed-my-mind-and-embraced-managed-kubernetes-services/)
- [Kubernetes Networking with Calico](https://www.tigera.io/blog/kubernetes-networking-with-calico/)
- [Kubernetes Service IP Route Advertisement](https://www.tigera.io/blog/kubernetes-service-ip-route-advertisement/)
- [Tutorial: Adding CVE Scanning to a CI/CD Pipeline](https://www.tigera.io/blog/adding-cve-scanning-to-a-ci-cd-pipeline/)
- [Top 6 Kubernetes Trends for 2019](https://www.tigera.io/blog/top-5-kubernetes-trends-for-2019/)
- [Why I Love containerd…and Docker!](https://www.tigera.io/blog/why-i-love-containerdand-docker/)
- [Kubernetes Dashboard on ARM with RBAC](https://www.tigera.io/blog/kubernetes-dashboard-on-arm-with-rbac/)
- [Exposing StatefulSets in Kubernetes](https://www.tigera.io/blog/exposing-statefulsets-in-kubernetes/): Learn about Kubernetes StatefulSets and How you can properly expose a StatefulSet externally.
- [Kubernetes: Cron Jobs](https://www.tigera.io/blog/kubernetes-cron-jobs/)
- [Breaking My Kubernetes Cluster, One Day at a Time](https://www.tigera.io/blog/breaking-my-cluster1-day-at-a-time/)
- [Introduce Your Kubernetes Services to the World](https://www.tigera.io/blog/introduce-your-kubernetes-services-to-the-world/)
- [Win-Win Deployment Strategies for Modern Apps](https://www.tigera.io/blog/win-win-deployment-strategies-for-modern-apps/)
- [Four Tools That Support Your DevSecOps Process](https://www.tigera.io/blog/four-tools-that-support-your-devsecops-process/)
- [Adventures in Partitioning](https://www.tigera.io/blog/blog-adventures-in-partitioning/)
- [What’s new in Calico v3.4](https://www.tigera.io/blog/whats-new-in-calico-v3-4/)
- [RBAC, Namespaces and Cluster Roles](https://www.tigera.io/blog/rbac-namespaces-and-cluster-roles/)
- [Tigera Secure Enterprise Edition Achieves First-to-Market Certified Docker Enterprise Kubernetes Plug-in](https://www.tigera.io/blog/tigera-secure-enterprise-edition-achieves-first-to-market-certified-docker-enterprise-kubernetes-plug-in/)
- [Tigera at AWS re:Invent 2018 Highlights](https://www.tigera.io/blog/tigera-at-aws-reinvent-2018-highlights/)
- [How Does In-cluster Route Reflection Work?](https://www.tigera.io/blog/how-does-in-cluster-route-reflection-work/)
- [Calico IPAM: Explained and Enhanced](https://www.tigera.io/blog/calico-ipam-explained-and-enhanced/): In our recent release of Calico, we introduced a collection of cool new IPAM features giving users even greater control. Learn more in this article.
- [What’s new in Calico v3.3](https://www.tigera.io/blog/whats-new-in-calico-v3-3/)
- [Announcing Tigera Secure Enterprise Edition 2.2](https://www.tigera.io/blog/announcing-tigera-secure-enterprise-edition-2-2/)
- [ClearScale Secures its Client&#8217;s EKS Clusters with Tigera Calico](https://www.tigera.io/blog/clearscale-secures-its-clients-eks-clusters-with-tigera-calico/)
- [Tigera Calico Integrated with Platform 9 for Scalability, Easy Troubleshooting and Micro-segmentation](https://www.tigera.io/blog/tigera-calico-integrated-with-platform-9-for-scalability-easy-troubleshooting-and-micro-segmentation/)
- [Conversation with Monzo: Ensuring Compliance for a Digital Bank with Tigera Calico](https://www.tigera.io/blog/conversation-with-monzo-ensuring-compliance-for-a-digital-bank-with-tigera-calico/)
- [Securing Atlassian’s Path to Containers in the Cloud: A Case Study](https://www.tigera.io/blog/securing-atlassians-path-to-containers-in-the-cloud/)
- [Five Tips for Successful Kubernetes Network Security and Compliance](https://www.tigera.io/blog/five-tips-for-kubernetes-network-security-and-compliance/)
- [Inspecting Kubernetes Traffic with TLS v1.3](https://www.tigera.io/blog/inspecting-kubernetes-traffic-with-tls-v1-3/)
- [Free Trial of Tigera Secure Cloud Edition](https://www.tigera.io/blog/free-trial-for-tigera-secure-cloud-edition/)
- [Announcing Tigera Calico v3.2](https://www.tigera.io/blog/announcing-tigera-calico-v3-2/)
- [Threat Modeling in a Zero-Trust Environment: A Practical Example](https://www.tigera.io/blog/threat-modeling-in-a-zero-trust-environment-a-practical-example/)
- [Just Because It Says It&#8217;s an ID, Doesn’t Mean that It’s Reliable](https://www.tigera.io/blog/just-because-it-says-it-is-an-id-it-doesnt-mean-that-its-reliable/)
- [Policy Sandwich](https://www.tigera.io/blog/policy-sandwich/)
- [Tigera Events in NYC this Week](https://www.tigera.io/blog/tigera-nyc-events-july/)
- [How to Avoid Hijacking the Internet (or anything else) with Your Cluster](https://www.tigera.io/blog/how-to-avoid-hijacking-the-internet-or-anything-else-with-your-cluster/)
- [A Multi-part Microservice Primer for Infosec Professionals (Part 4)](https://www.tigera.io/blog/a-multi-part-microservice-primer-for-infosec-professionals-part-4/)
- [BGP Unnumbered](https://www.tigera.io/blog/bgp-unumbered/)
- [Why Naming Conventions Are Important in Kubernetes](https://www.tigera.io/blog/a-rose-by-any-other-name-cant-be-found/)
- [Tigera and Calico Events this Week](https://www.tigera.io/blog/tigera-and-calico-events-this-week/)
- [Tigera Calico Policy Generally Available on Amazon EKS](https://www.tigera.io/blog/tigera-calico-policy-generally-available-on-amazon-eks/)
- [A multi-part Microservice Primer for Infosec Professionals (part 3)](https://www.tigera.io/blog/a-multi-part-microservice-primer-for-infosec-professionals-part-3/)
- [A multi-part Microservice Primer for Infosec Professionals (part 2)](https://www.tigera.io/blog/a-multi-part-microservice-primer-for-infosec-professionals-part-2/)
- [An insider’s view into Tigera Secure design decisions (part 1)](https://www.tigera.io/blog/an-insiders-view-into-project-calicos-design-decisions-part-1/)
- [A multi-part Microservice Primer for Infosec Professionals](https://www.tigera.io/blog/a-multi-part-microservice-primer-for-infosec-professionals/)
- [Tiger Secure Enterprise Edition 2.1 General Availability](https://www.tigera.io/blog/cnx-2-1-general-availability/)
- [Tigera Calico coming to Azure Kubernetes Service (AKS)](https://www.tigera.io/blog/tigera-calico-coming-to-azure-kubernetes-service-aks/)
- [Docker and Tigera Collaborate to Simplify, Scale and Secure Kubernetes Networking](https://www.tigera.io/blog/docker-and-tigera-collaborate-to-simplify-scale-and-secure-kubernetes-networking/)
- [Announcing Calico v3.1](https://www.tigera.io/blog/announcing-calico-v3-1/)
- [If There Can Be Only One](https://www.tigera.io/blog/if-there-can-be-only-one/)
- [OpenShift from Pilot to Production, Part 2: Security and Policy as Code](https://www.tigera.io/blog/openshift-pilot-production-part-2-security-policy-as-code/)
- [Network Micropolicies](https://www.tigera.io/blog/network-micropolicies/)
- [Another Day, Another Lesson in Securing Your Infrastructure](https://www.tigera.io/blog/another-lesson-in-securing-your-infrastructure/)
- [Network Policy Generally Available on Google GKE!](https://www.tigera.io/blog/network-policy-google-gke-general-availability/)
- [The Tesla Compromise &#038; Network Policy](https://www.tigera.io/blog/tesla-compromise-network-policy/)
- [Securing Host Endpoints with Project Calico — Part 3](https://www.tigera.io/blog/securing-host-endpoints-with-calico-part-3/): This blog concludes a three part series on Securing Host Endpoints with Project Calico by explaining how to secure endpoints in Kubernetes.
- [Why Does It Take Four Months to Get a Firewall Rule Change?](https://www.tigera.io/blog/why-does-it-take-four-months-to-get-a-firewall-rule-change/): Why does it take four months to implement a firewall rule change? This blog explains how to streamline new rules through policy to speed app deployment.
- [Announcing Calico v3.0](https://www.tigera.io/blog/releasethecalico/)
- [Containers, Churn and A Changed Attack Surface](https://www.tigera.io/blog/containers-churn-and-a-changed-attack-surface/): Container churn resulting from container proliferation and ephemeral lifespan results in a changed enterprise attack surface that must be protected.
- [My week at KubeCon with Team Tigera was incredible!](https://www.tigera.io/blog/my-first-kubecon-with-team-tigera-was-incredible-and-im-excited-to-share-with-you-some-of-the-4bc9a44efb75/)
- [Tigera Secure Enterprise Edition Has Arrived](https://www.tigera.io/blog/tigera-cnx-has-arrived/): Tigera Secure Enterprise Edition provides secure application connectivity for a cloud native world. Tigera Secure Enterprise Edition provides zero trust security supporting multi-cloud and legacy apps.
- [Introducing: Application Layer Policy](https://www.tigera.io/blog/introducing-application-layer-policy/)
- [EKS-ellent news for the Kubernetes community](https://www.tigera.io/blog/eks-ellent-news-for-the-kubernetes-community-6f9d23273ae5/): Amazon Web Services Elastic Container Service for Kubernetes (EKS) will support networking with Calico, an open source project managed by Tigera.
- [Tigera Events Calendar — November &#038; December 2017](https://www.tigera.io/blog/tigera-events-calendar-november-december-2017-302ebab4f5ef/)
- [Networking with Your Head in the Clouds](https://www.tigera.io/blog/networking-with-your-head-in-the-clouds-bc8f4dfcc80f/): De-mistifying Kubernetes networking in AWS. This blog explains differences between networking infrastructure in the cloud and on premise data centers.
- [Securing Host Endpoints With Project Calico — Part 2](https://www.tigera.io/blog/securing-host-endpoints-with-project-calico-part-2-1e773e56c92d/): How to secure host endpoints with Project Calico, the open source software project managed by Tigera to provide secure networking infrastructure.
- [Enable IPv6 on Kubernetes with Project Calico](https://www.tigera.io/blog/enable-ipv6-on-kubernetes-with-project-calico/)
- [OpenShift from Pilot to Production: Connectivity and Network Policy in the Hybrid, Multi-Cloud World](https://www.tigera.io/blog/openshift-from-pilot-to-production-part-1-connectivity-and-network-policy-in-the-hybrid-multi-1e709523ec27/): Requirements to get OpenShift from initial pilot to a production deployment meeting enterprise requirements for application security and connectivity.
- [Protecting the Entire Flock](https://www.tigera.io/blog/protecting-the-entire-flock-b50ed76cb33b/): Network services at the Kubernetes cluster edge need love and protection too. This blog explains how to securely access services outside the cluster.
- [Project Calico 2.6 Released!!!](https://www.tigera.io/blog/project-calico-2-6-released/)
- [Breaking Down the Boxes: Containers](https://www.tigera.io/blog/breaking-down-the-boxes-containers/)
- [VPC Transit Routing with Calico](https://www.tigera.io/blog/vpc-transit-routing-with-calico-5a18fb29db32/)
- [Let’s Talk Training… bringing our Kubernetes, Calico and Istio knowledge to the community!](https://www.tigera.io/blog/lets-talk-training-bringing-our-kubernetes-calico-and-istio-knowledge-to-the-community-77e74158c5d5/): New Tigera training enabling enterprises to design, manage and operate new infrastructures that leverage Calico, Istio, and Kubernetes.
- [Revealing the hidden host protection superpowers of Felix, the Calico secret agent](https://www.tigera.io/blog/revealing-the-hidden-host-protection-superpowers-of-felix-the-calico-secret-agent/)
- [Securing Host Endpoints With Project Calico](https://www.tigera.io/blog/securing-host-endpoints-with-project-calico/)
- [Micro-segmentation in the Cloud Native World &#8211; Part 2](https://www.tigera.io/blog/micro-segmentation-in-the-cloud-native-world-355d2591cb6d/): Microsegmentation in cloud native environment: an architecture to implement robust network micro segmentation in a cloud native environment.
- [Micro-segmentation for Containers and Kubernetes &#8211; Part 1](https://www.tigera.io/blog/micro-segmentation-in-the-cloud-native-world-1/)
- [Q&#038;A with Ratan Tipirneni, Tigera CEO](https://www.tigera.io/blog/q-a-with-ratan-tipirneni-tigera-ceo-e19244b0b9ad/)
- [Calico: Shifting into top gear with OpenShift!](https://www.tigera.io/blog/shifting-into-top-gear-with-openshift/)
- [Project Calico 2.4 Released!!!](https://www.tigera.io/blog/project-calico-2-4-released/)
- [Introducing Tigera Essentials for Kubernetes](https://www.tigera.io/blog/introducing-tigera-essentials-kubernetes/)
- [Using Network Policy in Concert with Istio — Part 1](https://www.tigera.io/blog/using-network-policy-in-concert-with-istio/)
- [Using Network Policy in Concert with Istio — Part 2](https://www.tigera.io/blog/using-network-policy-in-concert-with-istio-part-2/)
- [Using Network Policy in Concert with Istio — Part 3](https://www.tigera.io/blog/using-network-policy-in-concert-with-istio-part-3/)
- [The New NetworkPolicy API in Kubernetes 1.7](https://www.tigera.io/blog/the-new-networkpolicy-api-in-kubernetes-1-7/)
- [Cloud Native Series: What is Cloud Native](https://www.tigera.io/blog/cloud-native-series-what-is-cloud-native/)
- [New Series: Cloud Native, Microservices, Security, &#038; Scale](https://www.tigera.io/blog/new-series-cloud-native-microservices-security-scale/)
- [Cloud Native Series: Monolithic Enterprise and Modern Needs](https://www.tigera.io/blog/cloud-native-series-monolithic-enterprise-and-modern-needs/)
- [Tigera in the news](https://www.tigera.io/blog/news001-68f9a3fe8ae2/)
- [Project Calico 2.3 Released!](https://www.tigera.io/blog/project-calico-2-3-released/)
- [Cloud Native Series: What are Microservices](https://www.tigera.io/blog/cloud-native-series-what-are-microservices/)
- [How Giant Swarm uses Calico to enable multi-tenant Kubernetes](https://www.tigera.io/blog/giantnetes-how-we-use-calico-to-enable-multi-tenant-kubernetes/)
- [Welcoming Istio to the Kubernetes networking community](https://www.tigera.io/blog/welcoming-istio-to-the-kubernetes-networking-community/)
- [Network Policy and Istio: Deep Dive](https://www.tigera.io/blog/network-policy-and-istio-deep-dive/)
- [3 Takeaways on the Future of OpenStack Networking from the Boston Summit](https://www.tigera.io/blog/3-takeaways-on-the-future-of-openstack-networking-from-the-boston-summit/)
- [Project Calico 2.2 Released!](https://www.tigera.io/blog/project-calico-2-2-released/)
- [Join Karthik at OpenStack Summit Boston](https://www.tigera.io/blog/join-karthik-at-openstack-summit-boston/)
- [DockerCon 2017: Hot Dogs, Talks, and Kitties](https://www.tigera.io/blog/dockercon-2017-hot-dogs-talks-and-kitties/)
- [From Zero to Azure: Network Policy Comes to ACS Engine](https://www.tigera.io/blog/from-zero-to-azure-network-policy-comes-to-acs-engine/)
- [Project Calico 2.1 Released!](https://www.tigera.io/blog/project-calico-2-1-released/)
- [New AWS Quick Start Features Project Calico as Default Networking Solution](https://www.tigera.io/blog/aws-quickstart-for-kubernetes-and-project-calico/)
- [Webinar: Simplify &#038; Secure Your OpenShift Network](https://www.tigera.io/blog/webinar-simplify-secure-your-openshift-network/)
- [Calico launches into Gravitational&#8217;s orbit](https://www.tigera.io/blog/calico-launches-into-gravitationals-orbit/)
- [Turbo-charged Calico](https://www.tigera.io/blog/turbo-charged-calico/)
- [The Results are In&#8230; for the 2016 Calico User Survey](https://www.tigera.io/blog/the-results-are-in-for-the-2016-calico-user-survey/)
- [Click, Deploy, Secure: Kubernetes the Easy Way](https://www.tigera.io/blog/click-deploy-secure-kubernetes-the-easy-way/)
- [Primetime Kubernetes with Kismatic + Calico](https://www.tigera.io/blog/primetime-kubernetes-with-kismatic-calico/)
- [Celebrating two Milestone Releases](https://www.tigera.io/blog/celebrating-two-milestone-releases/)
- [See you in Seattle](https://www.tigera.io/blog/see-you-in-seattle/)
- [Mesos 1.0 &#8211; Now with Calico CNI](https://www.tigera.io/blog/mesos-1-0-now-with-calico-cni/)
- [Canal brings fine-grained policy to DC/OS and Apache Mesos via CNI](https://www.tigera.io/blog/canal_brings_fine-grained_policy_to_dcos_and_apache_mesos_via_cni/)
- [Calico-DC/OS Demo: Security, Speed, and No More Port Forwarding!](https://www.tigera.io/blog/calico-dcos-demo-security-speed-and-no-more-port-forwarding/)
- [Calico visits the land of the Longhorns](https://www.tigera.io/blog/calico-visits-the-land-of-the-longhorns/)
- [DC/OS: Data center automation with a side of Calico secure networking](https://www.tigera.io/blog/dcos-data-center-automation-with-a-side-of-calico-secure-networking/)
- [See you at KubeCon in London!](https://www.tigera.io/blog/see-you-at-kubecon-in-london/)
- [Announcing Calico 1.3.0](https://www.tigera.io/blog/announcing-calico-1-3-0-2/)
- [A Sneak Peek at Kubernetes Policy](https://www.tigera.io/blog/a-sneak-peek-at-kubernetes-policy/)
- [A rocket reaches orbit, Project Calico is right there with it](https://www.tigera.io/blog/a-rocket-reaches-orbit/)
- [Announcing 1.0 Calico CNI integration for Kubernetes](https://www.tigera.io/blog/announcing-1-0-calico-cni-integration-for-kubernetes/)
- [Project Calico joins CNCF as a new member](https://www.tigera.io/blog/project-calico-joins-cncf-as-a-founding-member/)
- [Packet announces beta support for Project Calico](https://www.tigera.io/blog/packet-announces-beta-support-for-project-calico/)
- [Calico Networking for Tectonic](https://www.tigera.io/blog/calico-networking-for-tectonic/)
- [Barcelona, here we come!](https://www.tigera.io/blog/barcelona-here-we-come/)
- [Securing Namespaces and Services in Kubernetes](https://www.tigera.io/blog/securing-namespaces-and-services-in-kubernetes/)
- [Announcing Calico 1.2!](https://www.tigera.io/blog/announcing-calico-1-2/)
- [Docker 1.9 includes network plugin support and Calico is ready!](https://www.tigera.io/blog/docker-libnetwork-is-almost-here-and-calico-is-ready/)
- [Tokyo here we come and a v1.2 sneak peek](https://www.tigera.io/blog/tokyo-here-we-come-and-a-v1-2-sneak-peek/)
- [OpenStack Liberty &#8211; now with added Calico](https://www.tigera.io/blog/openstack-liberty-now-with-added-calico/)
- [Calico comes to Dublin](https://www.tigera.io/blog/calico-comes-to-dublin/)
- [Calico now works with vanilla OpenStack](https://www.tigera.io/blog/calico-now-works-with-vanilla-openstack/)
- [Calico data plane performance](https://www.tigera.io/blog/calico-dataplane-performance/)
- [Mesos Networking leaps forward with Calico](https://www.tigera.io/blog/mesos-networking-leaps-forward-with-calico/)
- [Announcing Calico v1.0](https://www.tigera.io/blog/announcing-calico-v1-0/)
- [Calico Network Policy Comes to Kubernetes](https://www.tigera.io/blog/calico-network-policy-comes-to-kubernetes/)
- [Calico and Weave Scope](https://www.tigera.io/blog/calico-and-weave-scope/)
- [Its obvious, Project Calico needs to communicate better](https://www.tigera.io/blog/project-calico-needs-to-communicate-better/)
- [Calico networking for Kubernetes](https://www.tigera.io/blog/calico-networking-for-kubernetes-1-0/)
- [When you view a scale-out network through a 1990’s enterprise lens….](https://www.tigera.io/blog/when-you-view-a-scale-out-network-through-a-1990s-enterprise-lens/)
- [Calico and containers are flip sides of the same coin](https://www.tigera.io/blog/calico-and-containers-are-flip-sides-of-the-same-coin/)
- [The Sharp Edges of Gevent](https://www.tigera.io/blog/the-sharp-edges-of-gevent/)
- [Calico adds simple, highly efficient networking with fine grained security policy to Docker 1.7 release](https://www.tigera.io/blog/calico-docker-1-7-libnetwork/)
- [Seamless OpenStack and Docker networking using Apache Brooklyn and Project Calico](https://www.tigera.io/blog/seamless-openstack-docker-networking/)
- [Using etcd for elections](https://www.tigera.io/blog/using-etcd-for-elections/)
- [Calico at Docker Randstad](https://www.tigera.io/blog/calico-at-docker-randstad/)
- [Project Calico at the Docker London May meetup](https://www.tigera.io/blog/project-calico-at-the-docker-london-may-meetup/)
- [Project Calico and Clocker](https://www.tigera.io/blog/project-calico-and-clocker/)
- [Calico version 0.16 released](https://www.tigera.io/blog/calico-version-0-16-released/)
- [IPv6, DDoS and Project Calico](https://www.tigera.io/blog/ipv6-ddos-and-project-calico/)
- [Moving Calico to a distributed data store using etcd](https://www.tigera.io/blog/moving-calico-to-a-distributed-data-store-using-etcd/)
- [Project Calico comes to New York and does a (mini) meetup marathon](https://www.tigera.io/blog/project-calico-comes-to-new-york-and-does-a-mini-meetup-marathon/)
- [Technical note on IP fabrics published](https://www.tigera.io/blog/technical-note-on-ip-fabrics-published/)
- [Calico Introduction at FOSDEM](https://www.tigera.io/blog/calico-introduction-at-fosdem/)
- [Calico at Docker Edinburgh](https://www.tigera.io/blog/calico-at-docker-edinburgh-2/)
- [Calico at the Docker Edinburgh meetup](https://www.tigera.io/blog/calico-at-docker-edinburgh/)
- [CoreOS London Meetup report](https://www.tigera.io/blog/coreos-london-meetup-report/)
- [See Project Calico in Action at #MWC15](https://www.tigera.io/blog/see-project-calico-in-action-at-mwc15/)
- [Using Ethernet as the interconnect fabric for a Calico installation](https://www.tigera.io/blog/using-ethernet-as-the-interconnect-fabric-for-a-calico-installation/)
- [Why BGP?](https://www.tigera.io/blog/why-bgp/)
- [Obtaining External Connectivity in OpenStack](https://www.tigera.io/blog/obtaining-external-connectivity-in-openstack/)
- [New packages and an award](https://www.tigera.io/blog/new-packages-and-an-award/)
- [Updating our Docker prototype to work on GCE](https://www.tigera.io/blog/updating-our-docker-prototype-to-work-on-gce/)
- [Exploring Juju with Project Calico](https://www.tigera.io/blog/exploring-juju/)
- [OpenStack London meetup](https://www.tigera.io/blog/openstack-london-meetup/)
- [Calico and Docker containers](https://www.tigera.io/blog/calico-and-docker-containers/)
- [New packages and architecture on the way](https://www.tigera.io/blog/new-packages-and-architecture-on-the-way/)
- [New Architecture, Updated Roadmap and IPv6 Support](https://www.tigera.io/blog/new-architecture-updated-roadmap-and-ipv6-support/)
- [Introducing Havana Brown!](https://www.tigera.io/blog/introducing-havana-brown/)
- [Update from the Calico Team &#8211; July 21](https://www.tigera.io/blog/update-from-the-calico-team-july-21/)
Version History

Version 111/26/2025, 4:01:53 PMvalid
146003 bytes
Visit Website

Explore the original website and see their AI training policy in action.
Visit tigera.io
Content Types

postsproductsapidocumentationguides
Recent Access

/tigera.io/llms.txt
12/1/2025, 2:11:40 AM
API Access

Canonical URL:
https://llmscentral.com/tigera.io/llms.txt
API Endpoint:
/api/llms?domain=tigera.io