What do you like best about the product?

Calico Cloud is a great CNI solution, versatile regarding the supported protocols it will easily scale in most cloud, hybrid, and on-prem deployments. The BGP backend makes it easier to manage routes at scale, and it can integrate with BGP-only layer 3 datacenter fabrics as well.

Installation is quick, and thanks to a well-documented set of CRD resources, configuration is also pretty straightforward.

Calico also bundles the whole Tigera security/observability suite, which comes in handy to write more complex network policies which extend to hosts. The built-in manager web UI is also useful to quickly visualise what policies are deployed in any environment.

What do you dislike about the product?

There are some shortcomings with some of the enterprise features, some of them suffer from small bugs which still have not been solved. Although support is quick to react, it can take a long time to obtain a proper bug fix in a next release.

The current network policy implementation, although solid, also suffers from limitations in terms of the selectors, which can lead to some rather complex workarounds. Also, the manager web UI is very limited and will not help a lot when troubleshooting denied flows. Most of the time, learning to use Kibana which is part of the installation and writing KQL queries will be more useful.

Although installation is easy, uninstalling Calico can be a bit difficult as the Tigera operator does not clean the installed resources. You will have to locate the remnants yourself, and delete them.

What problems is the product solving and how is that benefiting you?

Calico Cloud enables us to extend Kubernetes network policies, and unify the network security operations under a single Kubernetes-based declarative worflow. It provides a way to author, deploy, manage, and monitor security policies in any Kubernetes cluster.