Policy rules

Control traffic to/from endpoints using Calico network policy rules.

Basic rules

Define network connectivity for Calico endpoints using policy rules and label selectors.

Namespace rules

Use namespaces and namespaceSelectors in Calico network policy to group or separate resources. Use network policies to allow or deny traffic to/from pods that belong to specific namespaces.

Service accounts rules

Use Kubernetes service accounts in policies to validate cryptographic identities and/or manage RBAC controlled high-priority rules across teams.

External IPs or networks rules

Limit egress and ingress traffic using IP address either directly within Calico network policy or managed as Calico network sets.

ICMP/ping rules

Control where ICMP/ping is used by creating a Calico network policy to allow and deny ICMP/ping messages for workloads and host endpoints.