Hi @spikecurtis,
Thanks a lot for your detailed answer. So, I assume, in case applications use http, we can deny all udp traffic with Network policy and use pod security policy with cni plugin, to achieve the goal of single place to manage access restrictions.