Policy rules

Control traffic to/from endpoints using namespaces, service accounts, external IPs or networks, and ICMP ping using Calico network policy rules.

Overview

Use policy rules in network policy and global network policy as match criteria using label selectors.

Use namespace in policy rules

Use namespaces and namespaceSelectors in Calico network policy to group or separate resources. Use network policies to allow or deny traffic to/from pods that belong to specific namespaces.

Use service accounts in policy rules

Use Kubernetes service accounts in policies to validate cryptographic identities and/or manage RBAC controlled high-priority rules across teams.

Use external IPs or networks in policy rules

Limit egress and ingress traffic using IP address either directly within Calico network policy or managed as Calico network sets.

Use ICMP/ping in policy rules

Control where ICMP/ping is used by creating a Calico network policy to allow and deny ICMP/ping messages for workloads and host endpoints.