Not all NetworkPolicy implementations base themselves on Source//Destination IPs. I can think specifically of Trireme//Cilium that are using metadata in order to enable policies.
I knew that. What I didn't know was if either of these could apply network policy to these endpoints. Guessing that since they each require their own CNI, there will be probs. So, whether the CNI uses iptables, or not, not clear how network policy API can be enforced.