DevOps Dictionary

Kubernetes Network Policy is a Kubernetes resource for controlling which Pods (application instances) can send or receive network traffic inside a cluster. It solves the common “flat network” problem where, by default, many Pods can talk to each other freely, making service boundaries hard to enforce and increasing the impact of a compromised workload. A network policy selects target Pods using labels (key value tags) and can scope rules by namespace, then defines allowed ingress (incoming) and egress (outgoing) connections based on sources, destinations, ports, and protocols; a CNI plugin (the cluster’s networking layer) is responsible for enforcing the rules.

With Kubernetes Network Policy, teams can implement least-privilege connectivity and reduce lateral movement and accidental exposure, while without it, internal traffic is often overly permissive and harder to audit or prove compliant. This gap exists because Kubernetes defines the policy object, but enforcement depends on the installed CNI supporting network policy semantics.