Network policy: Calico Network policy vs Azure network policy Manager

Question

I would like to secure my pods in AKS and i am following best practices for it and i have came accrossed that i must use network policy in AKS for pods so that it would be secure because By default, pods are non-isolated; they accept traffic from any source. The Azure AKS solution to this security concern is Network Policy that lets developers control network access to their services.
So my concrete question is which is best to use in terms of less cost, advance features, long term use and less limitations.

Answer 1

@Jamal Ashraf Thanks for posting your query on Microsoft Q&A.

Question: Differences between Azure Network Policy Manager and Calico Network Policy and their capabilities.

Here is a side by side comparison of the two which should help you determine what would work better for your use case :

Other limitations include:

• Azure Network Policy Manager(NPM) doesn't support IPv6. Otherwise, Azure NPM fully supports the network policy spec in Linux.
• To use Azure NPM, you must use the Azure CNI plug-in
• Calico Network Policy could be used with either this same Azure CNI plug-in or with the Kubenet CNI plug-in.

You will find even more details on the same in this document : https://learn.microsoft.com/en-us/azure/aks/use-network-policies#network-policy-options-in-aks

If you have any questions, please let me know in the comments and I would be happy to answer.

----------

If this answers your query, do click “Accept the answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread.