Policy rules
Basic rules
Define network connectivity for Calico endpoints using policy rules and label selectors.
Use namespace rules in policy
Use namespaces and namespace selectors in Calico network policy to group or separate resources. Use network policies to allow or deny traffic to/from pods that belong to specific namespaces.
Use service rules in policy
Use Kubernetes Service names in policy rules.
Use service accounts rules in policy
Use Kubernetes service accounts in policies to validate cryptographic identities and/or manage RBAC controlled high-priority rules across teams.
Use external IPs or networks rules in policy
Limit egress and ingress traffic using IP address either directly within Calico network policy or managed as Calico network sets.
Use ICMP/ping rules in policy
Control where ICMP/ping is used by creating a Calico network policy to allow and deny ICMP/ping messages for workloads and host endpoints.
Use log rules to test network policy
Debug your policies with Log rules.