Policy rules

📄️Basic rules

How to write policy rules in Calico Open Source — label selectors, source and destination match criteria, and rule actions.

📄️Use namespace rules in policy

Group or separate workloads in Calico Open Source policy using namespaces and namespace selectors so policies apply only to specified namespaces.

📄️Use service rules in policy

Match on Kubernetes Service names in Calico Open Source policy rules instead of specific pod selectors.

📄️Use service accounts rules in policy

Match on Kubernetes service accounts in Calico Open Source policy rules to validate workload identity and apply RBAC-controlled rules.

📄️Use external IPs or networks rules in policy

Restrict egress and ingress to specific IP ranges in Calico Open Source policy, either inline or via reusable network sets.

📄️Use ICMP/ping rules in policy

Allow or deny ICMP and ping traffic for Calico Open Source workloads and host endpoints using policy rules.

📄️Use log rules to test network policy

Add Log actions to Calico Open Source policy rules to debug which rules are matching traffic at runtime.