2021 Fillmore Street #1128

}

24/7 solutions

Top 10 Cloud Providers

What is Tigera?

An AWS Advanced Technology Partner, Tigera delivers Calico and Calico Enterprise for security and networking on EKS, both of which are AWS Containers Competency certified.

What is Calico?

Calico is a network and network security solution for containers, virtual machines, and native host-based workloads that is available as an open source project. In addition to Kubernetes, OpenShift, Mirantis Kubernetes Engine (MKE), OpenStack, and bare metal services, Calico also supports a wide range of other platforms and technologies. Utilizing Kubernetes pod selectors and labels, you can use Calico network policy enforcement to implement network segmentation and tenant isolation on your EKS environment. For EKS clusters, this is useful when implementing a zero-trust network architecture, in which network traffic must be expressly permitted to reach workloads.

AWS + TIGERA

Using AWS and Tigera’s Kubernetes-native networking, security, and observability services, DevOps engineers, system administrators, and platform owners can deploy cloud-native apps in their EKS and AWS self-managed Kubernetes settings with minimal effort. Users can create their apps using AWS services while also addressing their networking and security requirements using Calico.

Bottlerocket is also supported by Calico on Amazon Elastic Kubernetes Service (Amazon EKS). Amazon created Bottlerocket, an open source Linux system, to run containers focused on security, operations, and manageability at scale. It is one of the first EKS-optimized operating systems to have eBPF support in the Linux kernel. Calico can extend this foundation to improve the base networking for EKS beyond simply adding network policy support, such as accelerating network performance, eliminating the need to run kube-proxy, and preserving client source IP addresses when accessing Kubernetes Services from outside the cluster.

Maintaining the integrity of EKS clusters

When it comes to embracing containers and Kubernetes, security is a major problem. Due to security concerns, a large number of enterprises have faced security issues or have delayed the deployment of Kubernetes applications into production as a result of security concerns. It works on top of open-source Calico to provide additional features and capabilities to secure your EKS clusters and certify compliance with various security standards. Calico Enterprise is available as a subscription service.

  • RBAC-based policy administration
  • Detection of network attacks
  • A Policy for DNS and the Application Layer
  • Compliance reports
  • firewall integration

AWS and the customer share responsibilities for security and compliance.

The following is the shared responsibility Model:

It is possible to design, monitor and troubleshoot EKS segmentation and access control rules using cloud-native tools that may be incorporated into the CI/CD pipeline with the help of these features.

Network intrusion detection identifies malicious network activity occurring both within and outside of the EKS cluster and alerts the administrator.

Troubleshooting and Visualization of Networks

Troubleshooting connectivity difficulties across microservices can be incredibly time-consuming and frustrating. It is frequently necessary to work together with multiple teams in order to identify and resolve the problem. When a connectivity issue occurs between your microservices operating on Kubernetes clusters, Calico Enterprise provides tools to quickly identify and remedy the cause of the problem. Calico Enterprise also provides capabilities to identify and resolve possible connectivity issues before they occur. Attempts to connect microservices in Calico Enterprise are logged, as are the performance metrics associated with such connections. Included in this category are DNS logs and L7 metrics such as HTTP request codes as well as the length of each request.

Each log entry contains important Kubernetes metadata, such as 

  • The source and destination namespaces, as well as the time of day.
  • A set of labels and pods for the source and the destination.
  • What policy evaluated the link, whether it was accepted or rejected, and why it was accepted or denied are all important questions.

Using Calico Enterprises, you can view and engage with a live, interactive depiction of the microservices connections within the EKS cluster called a Service Graph. This tool highlights approved and disallowed flows, displays alarms on any issues, and allows users to drill down into the details of each flow for the purpose of troubleshooting. A packet capture can also be started directly from the graph in order to obtain more precise network information.

Calico Cloud enables developers and administrators who wish to implement security policies on (EKS) or Amazon Elastic Compute Cloud clusters to get up and running in a matter of minutes with little configuration. When it comes to containers with Kubernetes, Calico Cloud delivers a comprehensive networking and security policy architecture that aids in the security of communications by managing traffic flows.

EKS includes built-in support for Calico, which allows it to provide a robust implementation of the entire Kubernetes Network Policy API without the need for other dependencies. Users of EKS who want to go beyond the capabilities of the Kubernetes network policy API can make full use of the Calico Network Policy API.

Additionally, you may utilize Calico for networking on EKS in place of the default AWS VPC networking, which eliminates the need to use IP addresses from the underlying virtual private cloud. Calico’s networking features, including its flexible IP address management capabilities, are fully accessible as a result of this configuration.

Installation

You can install Calico by following the same steps as you would for Helm or manifests. Due to the fact that the manifests are not updated by Amazon EKS, we propose that you utilize Helm instead, as the charts are maintained by Tigera.

When the new Tigera operator and Calico capability is released, Amazon EKS does not test and verify it on Amazon EKS clusters. If you have any problems with Calico during the installation or use of the software, please contact Tigera Operator and the Calico Project directly. Before installing any new Tigera operator or Calico version on your cluster, you should always check with Tigera to ensure that they are compatible with your existing cluster.

Related Articles

AWS Jumpstart Program

AWS Jumpstart Program

Do you have a startup that’s looking to build a mobile application or SaaS Platform on Amazon Web Services? Are you thinking about using AWS Services for Analytics, IOT, Machine Learning, Containers or Non-Relational Database? If the answer to both of these questions is yes then work with AllCode. We’re an AWS Consulting Partner who specializes in building out these types of applications. More importantly, AllCode is one of the select few partners that is a member of the AWS Jumpstart Program.

AWS Partner Service Tiers

AWS Partner Service Tiers

This is a status to indicate an organization has proven technical expertise that is directly compatible with AWS tools. It’s a great way to give an organization added value and there are plenty of advantages from advancing through the tiers, from funding to additional resources to funding and additional materials for marketing. The jump from one tier to another is dependent on how many certified individuals are in the organization and their relative experience working with Amazon Services.

Which AWS Certification Should You Get?

Which AWS Certification Should You Get?

Amazon Web Services cloud technology is a continuously growing field with plenty of opportunities on offer. While the inner workings of the cloud is not knowledge that can be easily picked up and utilized, the AWS cloud is not completely esoteric either. Amazon provides several different avenues for becoming certified in how to work with AWS with study material and exams to pursue as a means of further expanding potential business opportunities.

Download our 10-Step Cloud Migration ChecklistYou'll get direct access to our full-length guide on Google Docs. From here, you will be able to make a copy, download the content, and share it with your team.