Securing GenAI Workloads and Kubernetes Networking with Open Source Innovation

In this Expert Insights conversation, Ratan Tipirneni, President and CEO at Tigera, describes how Kubernetes adoption as the orchestrator of generative AI applications brings both opportunity and risk. 

Tipirneni has guided the company's global strategy, product vision, and business development. Before joining Tigera, he held cloud leadership roles at Actifio and Cisco, where he focused on building world-class teams, forging strategic partnerships, and driving go-to-market success.

He warns that GenAI applications often handle vast volumes of proprietary data, making them prime targets for cyber criminals, and stresses the need for security guardrails such as ingress and egress controls, micro-segmentation, and runtime scanning. 

With workloads spanning EKS, AKS, GKE, and OpenShift, fragmentation creates operational overhead and inconsistent policy enforcement.

Vishwa: Please tell us about your role at Tigera as President and CEO, and what inspires you to continue serving the open source community?

Ratan: I lead Tigera’s global strategy, product vision, and business development. Tigera provides Calico, a unified network security and observability platform to prevent, detect, and mitigate security breaches in Kubernetes clusters.

What inspires me to continue serving the open source community is the incredible innovation and collaboration it fosters. Tigera’s Project Calico remains an open source initiative with an active community, and its global adoption is a testament to the power of community-driven development. 

I am passionate about contributing to that ecosystem and helping organizations secure their cloud-native environments with scalable, open technologies.

Vishwa: Kubernetes adoption is surging in the enterprise as it becomes the orchestrator of GenAI applications. What opportunities and challenges does this present?

Ratan: The surge in Kubernetes adoption as the orchestrator of generative AI (GenAI) applications presents both transformative opportunities and critical challenges for enterprises. Kubernetes offers the scalability and flexibility needed to support the complex infrastructure GenAI demands, especially as millions of organizations deploy these applications to boost productivity and efficiency. 

Gartner predicts that by 2026, over 80% of enterprises will have GenAI-enabled applications in production, underscoring the urgency to optimize orchestration and infrastructure.

However, this rapid adoption also introduces significant security risks. GenAI applications often handle vast volumes of proprietary data, making them attractive targets for cyber criminals. 

Enterprises must implement robust security guardrails from the outset, such as ingress and egress controls, micro-segmentation, and vulnerability scanning at both build and runtime. Additionally, the combinatorial nature of GenAI, whereby multiple models and data sources interact, requires a least privileged approach to minimize exposure. 

As GenAI workloads span multiple clusters and GPUs, centralized security enforcement and rapid troubleshooting capabilities become essential to avoid costly downtime and ensure operational resilience.

Vishwa: What are the key pain points in Kubernetes networking and security today, and do you see a growing need for consolidation or modularity in how teams address them?

Ratan: One of the most pressing challenges in Kubernetes networking and security today stems from the fragmentation caused by multi-distribution deployments. As organizations increasingly run workloads across platforms like EKS, AKS, GKE, and OpenShift, they face the burden of managing incompatible networking stacks and disparate tools for ingress, egress, in-cluster, and multi-cluster traffic. 

This complexity leads to operational overhead, inconsistent policy enforcement, and delayed troubleshooting—ultimately impacting security posture and service reliability.

To address these issues, there is a growing need for consolidation. A unified approach to Kubernetes networking and security can streamline operations, reduce tool sprawl, and ensure consistent policy enforcement across environments. 

Consolidation enables portability, simplifies governance, and minimizes vendor lock-in—making it a strategic imperative for organizations operating at scale.

Vishwa: How has the role of open source networking tools evolved over the past few years, and what lessons has Tigera taken from its work on Calico in shaping that direction?

Ratan: Over the past few years, open source networking tools have transitioned from foundational enablers of container connectivity to critical components of enterprise-grade security and observability. 

Tigera’s journey with Project Calico reflects this evolution. We have consistently expanded Calico’s capabilities in response to the growing complexity of Kubernetes environments. With the release of Calico OSS 3.30, we introduced advanced features such as full traffic visibility, microsegmentation, namespace isolation, and ingress management. 

By investing in community-driven innovation and offering resources like workshops and training, we continue to foster a thriving ecosystem around Calico.

Vishwa: In your view, what responsibilities do companies have when building commercial offerings on top of open source projects like Calico?

Ratan: Prioritizing security must always be a top priority for technology providers, along with ensuring the capabilities meet the evolving needs of today’s practitioners.

Vishwa: How are container networking and observability requirements shifting in the age of AI-driven workloads? How are open source communities responding to these changes?

Ratan: The increased volume of AI-driven workloads is placing new demands on Kubernetes environments. As these workloads scale across clusters, DevOps teams face challenges in troubleshooting dynamic service-to-service communications and managing ingress traffic efficiently.

Tigera has addressed new challenges by expanding Calico Open Source with features like Goldmane, a gRPC-based API for accessing flow logs and metrics, and Whisker, a web-based tool for visualizing traffic patterns. These tools help reduce incident resolution time from days to minutes by offering granular observability and workload-specific context.

Democratization of tooling empowers developers and operators to manage AI workloads with the same precision and scalability as commercial users, reinforcing the community’s role in driving innovation and resilience in cloud-native environments.