Policy for Kubernetes services
Apply policy to Kubernetes node ports, and to services that are exposed externally as cluster IPs.
Restrict access to Kubernetes node ports using Calico global network policy. Follow the steps to secure the host, the node ports, and the cluster.
Expose Kuberenetes service cluster IPs over BGP using Calico, and restrict who can access them using Calico network policy.