Explain Kubernetes network policies and how you would isolate a production namespace.

Hard Topic: Kubernetes May 24, 2026

By default, all pods in a Kubernetes cluster can communicate with each other freely. NetworkPolicies are namespace-scoped firewall rules that control which pods can talk to which.

To enforce full isolation on a namespace, start by denying all ingress and egress, then selectively allow only what’s needed:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
  namespace: production
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

Then add specific allow rules for your database, monitoring agents, and DNS (port 53).

← Previous How does the Kubernetes Horizontal Pod Autoscaler (HPA)... Next → What is a ConfigMap and when would you...

Practice Similar Questions

What is the purpose of a PodDisruptionBudget (PDB) in Kubernetes?

Medium

Explain the difference between a Liveness probe, Readiness probe, and...

Medium

How do you troubleshoot high memory usage causing OOMKilled events...

Hard

Back to Kubernetes Topics