Tutorials

Learn more about Calico Cloud and Kubernetes network policy.

Calico Cloud features

Web console tutorial

Step-by-step tutorial for the Calico Cloud web console interface, walking the left navbar from dashboards to policy, observability, threat defense, and image scanning.

Service Graph tutorial

Step-by-step tutorial for the Calico Cloud Service Graph that visualizes pod, service, and namespace communication across a managed cluster.

Understanding network sets

Step-by-step tutorial for using network sets and global network sets in Calico Cloud to model external endpoints and reuse IP and domain lists in policy.

Secure ingress and egress for applications

Secure egress access from workloads to destinations outside the cluster

Step-by-step tutorial for restricting application egress in Calico Cloud using network sets, domain wildcards, and global network sets with network policy.

Secure ingress access to a microservice or application

Step-by-step tutorial for writing Calico Cloud network policies that grant ingress access to a microservice from internal clients, services, and load balancers.

Implement enterprise security controls

Namespace isolation and access controls

Step-by-step tutorial for isolating namespaces in Calico Cloud using global network policies with Pass rules in a security tier across business units and environments.

Global egress access controls

Step-by-step tutorial for building cluster-wide egress access controls in Calico Cloud using global network sets, domains, and team-scoped policy.

Global default deny policy

Step-by-step tutorial for staging and rolling out a global default-deny policy in Calico Cloud so unwanted ingress and egress is blocked across the cluster.

Platform application access controls

Step-by-step tutorial for securing platform-tier applications in Calico Cloud with ingress and egress controls for storage, secrets, and monitoring workloads.

Kubernetes networking for beginners

What is network policy?

Reference primer for the Calico Cloud tutorials covering the basics of Kubernetes and Calico network policy and when to choose each policy API.

Kubernetes services

Reference primer for the Calico Cloud tutorials covering the three Kubernetes service types and how services interact with network policy.

Kubernetes ingress

Reference primer for the Calico Cloud tutorials covering Kubernetes ingress implementations and how ingress controllers interact with network policy.

Kubernetes egress

Reference primer for the Calico Cloud tutorials covering Kubernetes egress, NAT outgoing, egress gateways, and why restricting outbound pod traffic matters.

Kubernetes tutorials and demos

Kubernetes policy, demo

Step-by-step tutorial for running the stars demo in Calico Cloud to visualize how Kubernetes network policy allows and denies frontend, backend, and client traffic.

Get started with Kubernetes network policy

Step-by-step tutorial for learning Kubernetes network policy concepts with Calico Cloud, covering ingress, egress, selectors, and policy enforcement.

Kubernetes policy, basic tutorial

Step-by-step tutorial for writing a basic Kubernetes network policy in Calico Cloud to restrict pod-to-pod traffic using namespaces, labels, and selectors.

Kubernetes policy, advanced tutorial

Step-by-step tutorial for writing advanced Kubernetes network policies in Calico Cloud, including namespace-scoped rules and default deny for ingress and egress.