Back to all scenarios
Scenario #202
Security
K8s v1.19, AWS EKS

Insecure Network Policies Leading to Pod Exposure

Pods intended to be isolated were exposed to unauthorized traffic due to misconfigured network policies.

Find this helpful?
What Happened

A network policy was meant to block communication between pods in different namespaces, but it was misconfigured, allowing unauthorized access between pods.

Diagnosis Steps
  • 1Used kubectl get networkpolicy to check existing network policies.
  • 2Observed that the network policy’s podSelector was incorrectly configured, allowing access between pods from different namespaces.
Root Cause

Misconfigured NetworkPolicy selectors allowed unwanted access between pods.

Fix/Workaround
• Corrected the NetworkPolicy by refining podSelector and applying stricter isolation.
• Tested the updated policy to confirm proper isolation between namespaces.
Lessons Learned

Network policies must be carefully crafted to prevent unauthorized access between pods.

How to Avoid
  • 1Implement and test network policies in a staging environment before applying to production.
  • 2Regularly audit network policies to ensure they align with security requirements.
Previous ScenarioNext Scenario