Policy rules

📄️ Basic rules

Define network connectivity for Calico endpoints using policy rules and label selectors.

📄️ Use namespace rules in policy

Use namespaces and namespace selectors in Calico network policy to group or separate resources. Use network policies to allow or deny traffic to/from pods that belong to specific namespaces.

📄️ Use service accounts rules in policy

Use Kubernetes service accounts in policies to validate cryptographic identities and/or manage RBAC controlled high-priority rules across teams.

📄️ Use service rules in policy

Use Kubernetes Service names in policy rules.

📄️ Use external IPs or networks rules in policy

Limit egress and ingress traffic using IP address either directly within Calico network policy or managed as Calico network sets.

📄️ Use ICMP/ping rules in policy

Control where ICMP/ping is used by creating a Calico network policy to allow and deny ICMP/ping messages for workloads and host endpoints.