Secure Calico component communications
Configure encryption and authentication to secure Calico components
Turn on TLS authentication and encryption between Calico Open Source components using a custom certificate authority.
Schedule Typha for scaling to well-known nodes
Configure the TCP port used by Typha in a Calico Open Source cluster to reduce datastore load on large clusters.
Secure Calico Prometheus endpoints
Restrict access to Calico Open Source metric endpoints using network policy.
Secure BGP sessions
Configure BGP authentication passwords for Calico Open Source so attackers cannot inject false routing information.