Control traffic to/from endpoints using namespaces, service accounts, external IPs or networks, and ICMP ping using Calico network policy rules.
Use policy rules in network policy and global network policy as match criteria using label selectors.
Use namespaces and namespaceSelectors in Calico network policy to group or separate resources. Use network policies to allow or deny traffic to/from pods that belong to specific namespaces.
Use Kubernetes service accounts in policies to validate cryptographic identities and/or manage RBAC controlled high-priority rules across teams.
Limit egress and ingress traffic using IP address either directly within Calico network policy or managed as Calico network sets.
Control where ICMP/ping is used by creating a Calico network policy to allow and deny ICMP/ping messages for workloads and host endpoints.