Back to all scenarios
Scenario #186
Networking
K8s v1.21, AKS

Pod Network Isolation Failure Due to Missing NetworkPolicy

Pods that were intended to be isolated from each other could communicate freely due to a missing NetworkPolicy.

Find this helpful?
What Happened

The project had requirements for strict pod isolation, but the necessary NetworkPolicy was not created, resulting in unexpected communication between pods that should not have had network access to each other.

Diagnosis Steps
  • 1Inspected kubectl get networkpolicy and found no policies defined for pod isolation.
  • 2Verified pod-to-pod communication and observed that pods in different namespaces could communicate without restriction.
Root Cause

Absence of a NetworkPolicy meant that all pods had default access to one another.

Fix/Workaround
• Created appropriate NetworkPolicy to restrict pod communication based on the namespace and labels.
• Applied the NetworkPolicy and tested communication to ensure isolation was working.
Lessons Learned

Always implement and test network policies when security and isolation are a concern.

How to Avoid
  • 1Implement strict NetworkPolicy from the outset when dealing with sensitive workloads.
  • 2Automate the validation of network policies during CI/CD pipeline deployment.
Previous ScenarioNext Scenario