Policy rules

Control traffic to/from endpoints using Calico network policy rules.

Define network connectivity for Calico endpoints using policy rules and label selectors.

Use namespaces and namespace selectors in Calico network policy to group or separate resources. Use network policies to allow or deny traffic to/from pods that belong to specific namespaces.

Use Kubernetes Service names in policy rules.

Use Kubernetes service accounts in policies to validate cryptographic identities and/or manage RBAC controlled high-priority rules across teams.

Limit egress and ingress traffic using IP address either directly within Calico network policy or managed as Calico network sets.

Control where ICMP/ping is used by creating a Calico network policy to allow and deny ICMP/ping messages for workloads and host endpoints.