Network Policy usage is inverted. It's easier to list the services that you want to connect to, but Network Policy forces you to list all clients that can connect to your pod. How would you even know that another team plans to connect your apps? But if Network Policy is not the right tool, then what should you use? In this KubeFM podcast, you will explore: How Network Policies are not as bad as you might think, but they are low-level APIs that are not always practical to use directly. Intent-based Access Control (IBAC) as a higher-level abstraction to describe your network segmentation requirements. How you can use IBAC to generate Network Policies, Istio Authorization Policies, AWS IAM & Roles, and more. Find all the links and info for this episode here: https://kube.fm/network-policies-ori Links Network policies are not the right abstraction (for developers) Kubernetes Network Policies Otterize intents operator cert-manager external-dns Let's Encrypt HAProxy Ingress Controller ingress-nginx GuardiCore Marathon Apache Mesosphere Helm Building Kubernetes controllers Zero Trust Network Segmentation We built network isolation for 1,500 services to make Monzo more secure Calico Network Policy Client Intent resources Otterize network mapper Cilium Network Policies Istio Authorization Policies CNCF sandbox IBAC People-oriented programming Systems thinking Butterfly effect Geeking Out podcast Otterize community Slack Command and Conquer Red Alert