We recommend creating a cluster-wide NetworkPolicy with the DenyAll rule:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all
namespace: default ### should be created for all namespaces!
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
and then allow all allowed communications between the pods again with additional NetworkPolicies. We also recommend that at least one person is responsible for the network policies.