DEVOPSdigest

Tigera announced the availability of Calico Container Networking Interface (CNI) for Azure Kubernetes Service (AKS), Microsoft's managed Kubernetes service.

In addition to using Calico's networking and security policy engine, AKS users will now be able to use Calico Open Source as a CNI for robust, scalable and higher performant networking for their environments with a choice of Windows, eBPF, and Linux data planes.

The release of Calico CNI comes on the heels of Microsoft's BYO (Bring Your Own) CNI initiative, which allows enterprises to choose their own CNI to address their unique needs. Administrators receive access to full support from Tigera for Calico Open Source, and can deploy Tigera's Calico Cloud-Native Application Protection Platform (CNAPP) for active zero-trust based container security across build, deploy and runtime stages via their Azure Marketplace portal.

"With Calico Open Source under the Bring Your Own CNI (BYOCNI) initiative, Tigera is the first to bring a robust, efficient, interoperable and high-performance CNI solution to AKS users," says Amit Gupta, VP of Business Development and Product Management, Tigera. "Organizations that rely on AKS for their Kubernetes service can now benefit from Calico CNI for networking and security for all their cloud-native applications. In addition, we are pleased to offer AKS users the benefits of Calico CNAPP for their deployments, to reduce the application attack surface with zero trust, detect known and zero-day threats and actively mitigate risks from exposure."

Calico Open Source serves as a foundation for zero-trust workload security for tens of thousands of companies. Calico CNI is a widely-used container networking interface recognized for its performance capabilities, scalability, flexibility, power, efficiency and support for multiple data planes including eBPF, Linux and Windows. Now, users can build zero-trust workload security, access a top-notch runtime threat defense solution, and achieve container security with the foundation of Calico CNI in AKS. Users also have the ability to seamlessly deploy Calico CNAPP for comprehensive protection for their containerized workloads on AKS.

Calico as CNI for AKS will address industry-wide pain points and provide users with key benefits:

- Best-in-class security and traffic throughput: Calico's rich security policy model makes it easy to restrict communication between endpoints as required. With built-in support for WireGuard encryption, securing pod-to-pod traffic across the network comes with overall lower CPU usage and occupancy and higher performance. Depending on user preference, Calico uses either Windows, eBPF or Linux data plane to deliver high-performance networking.

- Choice and flexibility: Whichever data plane they use, users receive the same easy to use, base networking, security policy and IP address management capabilities that have made Calico Open Source the most trusted networking and security policy solution for mission-critical cloud-native applications.

- Ease of use: Calico is the best suited solution to mitigate IP address exhaustion on AKS as one of the most deployed CNIs in the market offering zero-trust for workload security. Calico CNI's IP address management (IPAM) plugin allocates IP addresses for pods out of one or more configurable IP address ranges, dynamically allocating small blocks of IPs per node as required. The result is a more efficient IP address space usage compared to many other CNI IPAM plugins, including the host local IPAM plugin, which is used in many container networking solutions.

For enterprises adopting multi-cloud or hybrid environments, Calico CNI ensures these organizations have a single security policy starting from AKS, Amazon Elastic Kubernetes Service (EKS), GCP, Rancher, Red Hat OpenShift, VMware Tanzu, Upstream Kubernetes and other supported distributions without the need to familiarize themselves with an additional CNI plugin. Users can have unified networking capabilities across disparate cloud environments, leveraging Calico CNI IPAM capabilities the same way in AKS as they would in other managed cloud distributions.