Tigera, creator and maintainer of Calico Open Source, recently announced the availability of CalicoContainer Networking Interface (CNI) for Azure Kubernetes Service (AKS), Microsoft’s managed Kubernetes service.
In addition to using Calico’s networking and security policy engine, AKS users will now be able to use Calico Open Source as a CNI for robust, scalable and higher performant networking for their environments with a choice of Windows, eBPF, and Linux data planes.
The release of Calico CNI comes on the heels of Microsoft’s BYO (Bring Your Own) CNI initiative, which allows enterprises to choose their own CNI to address their unique needs. Administrators receive access to full support from Tigera for Calico Open Source, and can deploy Tigera’s Calico Cloud-Native Application Protection Platform (CNAPP) for active zero-trust based container security across build, deploy and runtime stages via their Azure Marketplace portal.
Performance improvement and increased security
Calico Open Source serves as a foundation for zero-trust workload security for tens of thousands of companies. Calico CNI is a widely-used container networking interface recognized for its performance capabilities, scalability, flexibility, power, efficiency and support for multiple data planes including eBPF, Linux and Windows. Now, users can build zero-trust workload security, access a top-notch runtime threat defense solution, and achieve container security with the foundation of Calico CNI in AKS. Users also have the ability to seamlessly deploy Calico CNAPP for comprehensive protection for their containerized workloads on AKS.
Calico as CNI for AKS will address industry-wide pain points and provide users with key benefits.
Best-in-class security and traffic throughput: Calico’s rich security policy model makes it easy to restrict communication between endpoints as required. With built-in support for WireGuard encryption, securing pod-to-pod traffic across the network comes with overall lower CPU usage and occupancy and higher performance. Depending on user preference, Calico uses either Windows, eBPF or Linux data plane to deliver high-performance networking.
Choice and flexibility: Whichever data plane they use, users receive the same easy to use, base networking, security policy and IP address management capabilities that have made Calico Open Source the most trusted networking and security policy solution for mission-critical cloud-native applications.
Ease of use: Calico is the best suited solution to mitigate IP address exhaustion on AKS as one of the most deployed CNIs in the market offering zero-trust for workload security. Calico CNI’s IP address management (IPAM) plugin allocates IP addresses for pods out of one or more configurable IP address ranges, dynamically allocating small blocks of IPs per node as required. The result is a more efficient IP address space usage compared to many other CNI IPAM plugins, including the host local IPAM plugin, which is used in many container networking solutions.
Unified networking capabilities across disparate cloud environments
For enterprises adopting multi-cloud or hybrid environments, Calico CNI ensures these organizations have a single security policy starting from AKS, Amazon Elastic Kubernetes Service (EKS), GCP, Rancher, Red Hat OpenShift, VMware Tanzu, Upstream Kubernetes and other supported distributions without the need to familiarize themselves with an additional CNI plugin. Users can have unified networking capabilities across disparate cloud environments,leveraging Calico CNI IPAM capabilities the same way in AKS as they would in other managed cloud distributions.
Pricing and availability
Project Calico is a fundamentally open-source solution, and there is no cost for the use of Calico CNI, Calico IPAM or Calico networking and security policies on Azure AKS.