Profile
Tigera provides comprehensive networking, security, and observability solutions for containerized environments and Kubernetes platforms through its flagship product, Calico. As the creator and maintainer of Project Calico, Tigera offers both open-source and commercial solutions that address container networking, security policy enforcement, and operational visibility. The platform's architecture supports multiple deployment models including bare metal, virtual machines, and cloud environments, with proven scalability across major enterprises and cloud providers. Tigera's value proposition centers on delivering unified network security and observability while maintaining high performance and operational flexibility.
Focus
Tigera addresses fundamental challenges in container networking and security, particularly the complexity of managing network policies and visibility in dynamic, ephemeral environments. The platform solves persistent issues around microsegmentation, policy enforcement, and troubleshooting in distributed architectures where traditional perimeter-based security models fall short. Core benefits include automated policy management, deep network visibility, and seamless integration with existing security tools. The solution targets platform engineers, security teams, and operations staff managing containerized workloads who need comprehensive control over network security and observability.
Background
Project Calico originated as an open-source initiative to provide networking and security capabilities for containerized workloads, focusing on performance and scalability without overlay networking overhead. Tigera was established to commercialize and expand these capabilities, securing $53 million in venture funding. The technology has achieved widespread adoption, with notable deployments including IBM Cloud Kubernetes Services and major financial institutions. Tigera maintains control of the project's direction while fostering community participation, operating independently of foundation governance structures while maintaining active development and regular releases.
Main features
High-performance network policy enforcement
The policy engine extends Kubernetes NetworkPolicy with sophisticated capabilities including hierarchical tiers, explicit deny rules, and advanced matching criteria. The architecture supports multiple dataplanes including eBPF and iptables, allowing organizations to optimize for different performance requirements. The policy framework enables zero-trust security models through label-based selectors that automatically adapt to workload scaling and movement. This approach has proven particularly valuable in regulated industries, where financial services firms use it to implement strict microsegmentation between sensitive workloads.
Dynamic service graph and flow visualization
The observability system provides real-time visualization of service-to-service communication within Kubernetes clusters, automatically discovering dependencies and mapping traffic flows. The architecture enriches network flow data with Kubernetes metadata, maintaining context even as pods scale or move. This capability enables rapid troubleshooting of connectivity issues and validation of security policies, with practical applications in large-scale microservices deployments where understanding service dependencies is critical for both security and operational maintenance.
Integrated ingress and egress control
The gateway architecture provides standardized management of both incoming and outgoing cluster traffic, implementing the Kubernetes Gateway API standard. For ingress, it integrates hardened Envoy Gateway capabilities with comprehensive security and observability. The egress functionality enables integration with external security tools by assigning stable, routable IP addresses to namespace traffic. This feature proves essential for organizations maintaining hybrid architectures, particularly in healthcare and financial services where strict control over data flow paths is required for compliance.
