Calico Container Networking Interface (CNI) for Azure Kubernetes Service (AKS), Microsoft’s managed Kubernetes service, is now available, according to Tigera, the creator and maintainer of Calico Open Source, the most widely used container networking and security solution and foundation for zero-trust workload security. AKS users will now be able to leverage Calico Open Source as a CNI for robust, scalable, and higher performing networking for their environments with a choice of Windows, eBPF, and Linux data planes, in addition to employing Calico’s networking and security policy engine.
Calico CNI follows Microsoft’s BYO (Bring Your Own) CNI concept, which allows businesses to choose their own CNI to meet their specific requirements. Administrators get complete Tigera support for Calico Open Source and can use the Azure Marketplace to deploy Tigera’s Calico Cloud-Native Application Protection Platform (CNAPP) for active zero-trust container security throughout the development, deploy, and runtime phases.
“With Calico Open Source under the Bring Your Own CNI (BYOCNI) initiative, Tigera is the first to bring a robust, efficient, interoperable and high-performance CNI solution to AKS users,” says Amit Gupta, vice president of business development and product management, Tigera. “Organizations that rely on AKS for their Kubernetes service can now benefit from Calico CNI for networking and security for all their cloud-native applications. In addition, we are pleased to offer AKS users the benefits of Calico CNAPP for their deployments, to reduce the application attack surface with zero trust, detect known and zero-day threats and actively mitigate risks from exposure.”
Increased security and improved performance
Calico Open Source is used by tens of thousands of businesses as a foundation for zero-trust workload security. Calico CNI is a widely used container networking interface that is known for its high performance, scalability, flexibility, power, and efficiency, as well as support for many data planes such as eBPF, Linux, and Windows. With the basis of Calico CNI in AKS, customers may now construct zero-trust workload security, access a top-notch runtime threat defence solution, and accomplish container security. Calico CNAPP may also be effortlessly deployed atop AKS to provide comprehensive protection for containerized workloads.
Calico’s role as AKS’ CNI will alleviate industry-wide pain points and bring major benefits to users.
- Calico’s comprehensive security policy paradigm makes it simple to restrict communication between endpoints as needed, resulting in best-in-class security and traffic performance. Securing pod-to-pod traffic over the network is easier with built-in support for WireGuard encryption, which results in decreased CPU consumption, occupancy, and performance. Calico delivers high-performance networking using either Windows, eBPF, or Linux data planes, depending on user selection.
- Users get the same easy-to-use base networking, security policy, and IP address management capabilities regardless of the data plane they use, making Calico Open Source the most trusted networking and security policy solution for mission-critical cloud-native applications.
- Calico is the best-suited option to minimise IP address exhaustion on AKS because it is one of the most widely deployed CNIs on the market that provides zero-trust workload security. The IP address management (IPAM) plugin in Calico CNI assigns IP addresses to pods from one or more configurable IP address ranges, dynamically allocating small blocks of IP addresses per node as needed. In comparison to many other CNI IPAM plugins, including the host local IPAM plugin, which is utilised in many container networking solutions, the outcome is more efficient IP address space consumption.
Capabilities for unified networking across many cloud environments
Calico CNI ensures that enterprises adopting multi-cloud or hybrid environments have a single security policy that spans AKS, Amazon Elastic Kubernetes Service (EKS), GCP, Rancher, Red Hat OpenShift, VMware Tanzu, Upstream Kubernetes, and other supported distributions without having to learn another CNI plugin. Users can have unified networking capabilities across many cloud environments by utilising Calico CNI IPAM features in AKS in the same way that they would in other managed cloud distributions.