Secure Calico component communications
Configure encryption and authentication to secure Calico Enterprise components
Configure TLS authentication and encryption across Calico Enterprise components, the Kubernetes control plane, Typha, Node, and shared observability traffic.
Secure Calico Enterprise Prometheus endpoints
Restrict access to Calico Enterprise Prometheus metric endpoints with network policy so only authorized scrapers can read sensitive component telemetry.
Secure BGP sessions
Configure BGP session passwords on Calico Enterprise BGP peers to block attackers from injecting false routing information into the cluster.
Provide TLS certificates for Calico Enterprise Manager
Provide TLS certificates that secure browser access to the Calico Enterprise web console user interface in place of the default self-signed certificate.
Provide TLS certificates for log storage
Provide TLS certificates that secure access to Calico Enterprise log storage as part of a zero-trust deployment model.
Provide TLS certificates for Linseed APIs
Provide TLS certificates that secure access to the Calico Enterprise Linseed APIs as part of a zero-trust deployment model.
Provide TLS certificates for the API server
Provide TLS certificates that secure access to the Calico Enterprise API server as part of a zero-trust deployment model.
Provide TLS certificates for Typha and Node
Provide a custom CA and TLS certificates for mutual TLS authentication between Calico Enterprise Node and Typha components at scale.
Provide TLS certificates for compliance
Provide TLS certificates that secure access to the Calico Enterprise compliance components as part of a zero-trust deployment model.
Provide TLS certificates for PacketCapture APIs
Provide TLS certificates that secure access to the Calico Enterprise PacketCapture APIs as part of a zero-trust deployment model.
Manage TLS certificates used by Calico Enterprise
Manage TLS certificates for Calico Enterprise components by controlling the certificate issuer through the Kubernetes Certificates API and operator configuration.