Host endpoints
Host endpoints
Reference overview of host endpoint protection in Calico Cloud covering the model for securing host network interfaces with policy across connected clusters.
Creating policy for basic connectivity
Reference for the Calico Cloud failsafe policy that protects host endpoints in connected clusters from being cut off by misconfigured host policy.
Creating host endpoint objects
Reference for the HostEndpoint object in Calico Cloud describing how to model a host network interface in a connected cluster so policy can select it.
Selector-based policies
Reference for ordered host endpoint policies in Calico Cloud connected clusters that match interfaces using label selectors.
Failsafe rules
Reference for the Calico Cloud failsafe inbound and outbound port lists that prevent host network policy from cutting off control-plane connectivity.
Pre-DNAT policy
Reference for pre-DNAT host endpoint policy in Calico Cloud connected clusters that applies rules to ingress traffic before destination NAT rewrites the address.
Apply on forwarded traffic
Reference for the applyOnForward field on Calico Cloud host endpoint policy that controls how rules apply to forwarded traffic in connected clusters.
Summary of host endpoint policies
Reference summary describing how the different Calico Cloud host endpoint policy types interact and affect packet flows in connected clusters.
Connection tracking
Reference covering Linux conntrack workarounds for Calico Cloud host endpoint policy when stateful tracking interferes with packet flow in connected clusters.