Compliance and security

Get reports on Kubernetes workloads and environments for regulatory compliance. Encrypt traffic in your cluster with WireGuard.

Enable compliance reports

Turn on the in-cluster compliance reporter, controller, snapshotter, and server components that produce Calico Enterprise compliance reports and CIS benchmarks.

Schedule and run compliance reports

Schedule and run Calico Enterprise compliance reports against Kubernetes workloads using archived flow logs and audit logs stored in Elasticsearch.

Configure CIS benchmark reports

Configure CIS Kubernetes benchmark reports in Calico Enterprise to assess node and cluster compliance and download results from the in-cluster reporter as CSV.

Encrypt data in transit

Turn on WireGuard in your Calico Enterprise cluster to encrypt inter-node pod and host-network traffic, with IPv4 and IPv6 support via FelixConfiguration.

Configure an outbound HTTP proxy

Route outbound Calico Enterprise container traffic through an HTTP proxy by configuring the Installation custom resource managed by the Tigera Operator.