I am interested to know about the design/implementation of Calico for the kubernetes network policy.
How calico notices that a network traffic is going to be sent (/is sending) to a Pod? Where in the code I should look to understand how calico receives the network traffic that is meant to be sent to a pod? Because calico can implement access/deny rules for ingress traffic. So it should somehow know that a traffic is going to be sent/ is sending to a pod. Then I assume it checks the sender IP address against the network policy rules for that pod. I am interested to know about HOW calico implements this?
Could you please shed some light on this topic? Thanks