Home Security & Privacy Kubernetes Network Policies

Kubernetes Network Policies Cheat Sheet

Namespace isolation and selectors

Last Updated: November 21, 2025

Focus Areas

Focus
Use namespace and pod selectors to scope rules
Define both ingress and egress because defaults are permissive

Commands & Queries

kubectl apply -f deny-all.yaml
Lock down networking
kubectl apply -f allow-api.yaml
Allow API server traffic
kubectl get netpol -n my-namespace
Audit active policy coverage

Summary

Keep pods isolated by default, log denied flows, and document your policy reasoning.

Related Cheat Sheets

Vault Secrets Engines

Enable engines, generate dynamic credentials, and renew leases

Incident Response

Declare incidents, contain, communicate, and learn

Node.js Security

Audit dependencies, configure CSP, and lock env variables

Passwordless Authentication

Deploy magic links, WebAuthn passkeys, and OTP flows

💡 Pro Tip: Start with deny-all policies and add selectors incrementally.

Related Cheat Sheets

Browse all Security & Privacy →

← Back to Security & Privacy | Browse all categories | View all cheat sheets