# Kubernetes Security
Network Policies *Nicholas Dille, Haufe Group*
Docker Captain
Microsoft MVP
[@nicholasdille](https://twitter.com/nicholasdille)
[@nicholasdille@freiburg.social](https://freiburg.social/@nicholasdille)
## Agenda Part 1: Platform-as-a-Service (2023-04-26) Part 2: Network Policies (2023-05-03) -
Networking / DNS -
Controlling network connections -
Auditing network conections -
Visualizing network conections Part 3: Policies (2023-05-10) Part 4: Supply Chain Security (2023-05-17) ### Hourly breaks
## Why Network Policies Kubernetes does not control inter-pod communication
### Use cases for a cluster firewall Reduce attack surface Isolate team resources Understand communication Prevent apps from calling home
##
Kubernetes Networking
##
DNS in Kubernetes
##
Network Policy

## Summary -
Kubernetes uses overlay networking (most of the time) -
Choosing a CNI plugin is hard -
No audit to understand network traffic -
Network policies allow traffic explicitly -
Resource `NetworkPolicy` is portable -
Cilium provides valuable features -
eBPF enables fast, low-overhead CNI plugin -
Cross-node flow visualization with Hubble -
Integrated observability Cilium Performance Benchmark [](https://docs.cilium.io/en/stable/operations/performance/benchmark/)
## More topics Bandwidth management [](https://docs.cilium.io/en/stable/network/kubernetes/bandwidth-manager/) Tuning: eBPF-based host routing [](https://docs.cilium.io/en/stable/operations/performance/tuning/#ebpf-host-routing)