Skip to main content

Network Policies

Why Network Policies

Picture a giant office building. Without walls or doors, anyone could walk into any room, overhear conversations, or tamper with equipment. Chaos would follow. Kubernetes faced the same challenge: by default, pods can talk to any other pod in the cluster. This openness is convenient for development but dangerous in production.

Network Policies were born as the walls and doors of Kubernetes networking, controlling which pods can talk to each other and which cannot.

The Network Policy Model

  • Pod Selector: Defines which pods the policy applies to.
  • Ingress Rules: Control incoming traffic to pods.
  • Egress Rules: Control outgoing traffic from pods.
  • Default Behavior: Without policies, all traffic is allowed. With policies, traffic is denied unless explicitly permitted.

Analogy: Network Policies are like office access cards - only authorized employees can enter certain rooms.

Global Context

  • Enterprises: Use Network Policies to isolate workloads, enforce compliance, and prevent lateral movement in case of breaches.
  • Cloud Providers: Managed Kubernetes services integrate Network Policies with cloud firewalls and security groups.
  • Community: Network Policies are taught worldwide as a cornerstone of Kubernetes security.

Hands‑On Exercise

  1. Reflect: How do these policies act as walls and doors, controlling pod communication?

Create an allow‑specific policy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-web
  namespace: dev-team
spec:
  podSelector:
    matchLabels:
      app: web
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend

kubectl apply -f allow-web.yaml

Create a deny‑all policy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
  namespace: dev-team
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

kubectl apply -f deny-all.yaml
kubectl get networkpolicies -n dev-team

The Hacker’s Notebook

  • Network Policies are walls - controlling pod communication.
  • Ingress rules are doors - deciding who can enter.
  • Egress rules are exits - deciding who can leave.
  • Lesson for engineers: Don’t leave pods exposed - use policies to enforce isolation.
  • Hacker’s mindset: Treat Network Policies as your invisible fences. With them, you can secure workloads against breaches and misconfigurations.
Tips, Tricks, Roadmaps, Resources, Networking, Motivation, Guidance, and Cool Stuff ♥
Updated on Dec 29, 2025