Historically we’ve been using Calico as controller to provide NetworkPolicies support. This was offered as an optional feature only, considering the resource (and thus possible cost) impact of running this component. As announced in our K8s 1.27 upgrade post, the latest version of the AWS VPC CNI, responsible for providing cluster networking, now has native support for NetworkPolicies built-in.
Therefore we have now completely removed the Calico component from all our platforms and enabled the corresponding feature in the VPC CNI. In addition, NetworkPolicy support is no longer an optional feature and always enabled.
By default, Pods are non-isolated and thus accept traffic from any source. By making use of NetworkPolicies you can isolate Pods from each other and thus have more fine-grained K8s networking control. As always, please reach out to us if you are interested and require assistance in using this functionality.