Basic rules

Big picture

Use Calico policy rules and label selectors that match Calico endpoints (pods, OpenStack VMs, and host interfaces) to define network connectivity.

Value

Using label selectors to identify the endpoints (pods, OpenStack VMs, host interfaces) that a policy applies to, or that should be selected by policy rules, means you can define policy without knowing the IP addresses of the endpoints. This is ideal for handling dynamic workloads with ephemeral IPs (such as Kubernetes pods).

How to

Read Get started with Calico policy and Kubernetes policy, which cover all the basics of using label selectors in policies to select endpoints the policies apply to, or in policy rules.

Additional resources