Project Calico is a networking and network security solution for containers, virtual machines, and native host-based workloads.

The project offers high performance with true cloud-native scalability by providing developers and cluster operators with capabilities across public cloud or on-prem, on a single node, or across a multi-thousand node cluster.

It offers a choice of dataplanes including the pure Linux eBPF dataplane, a standard Linux networking dataplane, and a Windows HNS dataplane. 

The project’s networking options are flexible and can run without using overlays in most environments, avoiding the overheads of packet encap/decap.

Also, Calico’s network policy model makes it easy to lock down communication for security. It includes built-in support for Wireguard encryption and can secure one’s pod-to-pod traffic across the network. 

Calico can seamlessly extend to secure your existing host-based workloads (whether in the public cloud or on-prem on VMs or bare metal servers) alongside Kubernetes. All workloads are subject to the same network policy model so the only traffic that is allowed to flow is the traffic you expect to flow.

Additional details on the project are available here.