Network policy options in AKS include two ways to implement a network policy. You can choose between Azure Network Policies or Calico Network Policies. In both cases, the underlying controlling layer is based on Linux IPTables to enforce the specified policies. Policies are translated into sets of allowed and disallowed IP pairs. These pairs are then programmed as IPTable rules.
The principle of least privilege should be applied to how traffic can flow between pods in an AKS cluster. We recommend you select a preferred network policy framework and enforce granular usage-based policies on the architecture and business logic of you applications.
Updated 2 months ago