Measures

We recommend creating a cluster-wide NetworkPolicy with the DenyAll rule:

  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    name: deny-all
    namespace: default ### should be created for all namespaces!
  spec:
    podSelector: {}
    policyTypes:
    - Ingress
    - Egress

and then allow all allowed communications between the pods again with additional NetworkPolicies. We also recommend that at least one person is responsible for the network policies.