Network policies should be implementedto restrict traffic between objects(pods, services etc) in the K8s cluster. By default, all containers can talk to each other in the network, something that presents a security risk if hackers gain access to a container, allowing them to traverse objects in the cluster. Network policies can control traffic at the IP and port level, similar to the concept of security groups in cloud platforms to restrict access to resources. Typically, all traffic should be denied by default, then allow rules should be put in place to allow required traffic.

Example :- Consider an application ola having 3 different components as follows:

ola-ui (frontend)

ola-api (backend)

ola-db (db)

Expected communication between these components are like ui communicates to api and api communicates to db.

But when all these components of ola application are running in a kubernetes cluster, technically ui component can communicate to db by default.

We have to configure network policies that allows only the valid communications between the pods

As well as using network policies to restrict internal traffic on your K8s cluster, you should also put a firewall in front of your K8s cluster in order to restrict requests to the API server from the outside world. IP addresses should be whitelisted and open ports restricted.