Interactive Training

In-depth product feature demonstrations showcasing Calico capabilities for Kubernetes networking and security use-cases

Calico Policy Introduction

Try this for yourself with our hands-on lab series. Click here to get started.

Calico Policy Introduction

Example 01 - Denylist Policy

Example 02 - Namespace Isolation

Example 03 - Workload Isolation

Summary

Scalable Security & DevSecOps with Calico’s Network Policy Model for Microsegmentation

Why Implement Microsegmentation

Challenges Implementing Microsegmentation

A Hierarchical Policy Model for Microsegmentation in Kubernetes - Part 1

A Hierarchical Policy Model for Microsegmentation in Kubernetes - Part 2

Building a Policy Model

Deploying the Demo Applications

Implementing the Tiers

Policy Example 1 - Cluster-wide Policy

Policy Example 2 - Tenant-isolation Policy

Policy Example 3 - Platform Policy

Policy Example 4 - Namespace-isolation Policy

Policy Example 5 - Workload-isolation Policy

Policy Example 6 - Deny Policy

Learning Track Summary

Policy Management using the Policy Board

Identify Endpoints Scoped in a Policy

Identify Policies Denying Flows

Policy Metrics

Identify Flows Matching Policies and Endpoints

Download Policies from the Policy Board

Create Policies in the Policy Board

Audit Policies

Identify All Policies Applied to an Endpoint

Using the Policy Recommender

Working with Tiers in the Policy Board

Service Graph & Flow Visualization

Service Graph Overview

Service Graph - Navigating Through Namespaces

Service Graph - Alerts

Service Graph - Identify Policies Denying Traffic

Service Graph - Creating Custom Views

Service Graph - Packet Capture

Flow Log Observability & Troubleshooting

Flow Log Dashboard Introduction

Example 01 - Identify “deny” flows

Example 02 - Inbound and Outbound bytes

Example 03 - Identify flows with “bytes_in : 0”

Example 04 - Identify Flows to and from Specific Process with eBPF Probes

Example 05 - Identify Traffic to Specific Service Ports

Example 06 - Identify Traffic to Specific FQDNs

Example 07 - Identify Traffic to Specific Destination IPs

Example 08 - Identify Flows Denied by a Policy

Example 09 - Identify All Egress Connections from a Workload

Example 10 - Filter based on IP Range

DNS Observability & Troubleshooting

01. Introduction to DNS Observability Challenges

02. Calico DNS Observability

03. Troubleshooting DNS traffic deny

04. Troubleshooting DNS “SERVFAIL” errors

05. Troubleshooting DNS "NXDOMAIN" errors

06. Troubleshooting Missing DNS Resource Records

TCP Performance Monitoring and Troubleshooting

TCP Performance Dashboard

Troubleshooting Node Specific TCP Performance Issues

Troubleshooting Pod Specific TCP Performance Issues

TCP Performance Troubleshooting for Churned Nodes and Pods

Troubleshoot - Random flow denies

Web Application Firewall

Investigate WAF events and enable WAF blocking mode

Enable & Leverage Calico WAF

Enable WAF in the Calico UI

Miscellaneous

Kibana - How to retrieve a list of namespaces

AKS-Calico-CNI

Egress Gateway

Egress Access Control

Trace & Block Flows to Suspicious Destinations with Calico ThreatFeeds

Enhance Vulnerability Management with Calico Security Dashboards

Quarantine compromised pods