In partnership with
TechOps Examples
Hey — It's Govardhana MK 👋
Welcome to another technical edition.
Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.
Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities, and articles.
👋 👋 A big thank you to today's sponsor WISPR FLOW
Vibe code with your voice
Vibe code by voice. Wispr Flow lets you dictate prompts, PRDs, bug reproductions, and code review notes directly in Cursor, Warp, or your editor of choice. Speak instructions and Flow will auto-tag file names, preserve variable names and inline identifiers, and format lists and steps for immediate pasting into GitHub, Jira, or Docs. That means less retyping, fewer copy and paste errors, and faster triage. Use voice to dictate prompts and directions inside Cursor or Warp and get developer-ready text with file name recognition and variable recognition built in. For deeper context and examples, see our Vibe Coding article on wisprflow.ai. Try Wispr Flow for engineers.
👀 Remote Jobs
S-PRO is hiring a Junior DevOps Engineer
Remote Location: Worldwide
Miratech is hiring a Senior DevOps Engineer
Remote Location: India
Powered by: Jobsurface.com
📚 Resources
Looking to promote your company, product, service, or event to 60,000+ Cloud Native Professionals? Let's work together. Advertise With Us
🧠 DEEP DIVE USE CASE
How to Implement Network Segmentation in Azure Kubernetes Service (AKS)
If you are…
Running multiple microservices in the same Kubernetes cluster where only specific services should be allowed to communicate with each other.
Hosting workloads for different teams or environments such as development, staging, and production within a shared cluster.
Operating security sensitive applications where you must prevent unauthorized pod-to-pod or namespace-to-namespace communication.
then you need to implement network segmentation.
What Is Network Segmentation?
It is the enforcement of communication boundaries within a cluster so that only explicitly authorized workloads can exchange traffic.
Access is controlled based on defined identity, namespace, labels, or policy rules.
Workloads that meet the defined criteria are permitted to communicate with a service. Workloads that do not meet those criteria are denied by default.
Kubernetes Cluster Networking Architecture
Before enforcing communication boundaries, it is important to understand how networking works by default inside a Kubernetes cluster.
A Kubernetes cluster is composed of a control plane and multiple worker nodes. The control plane manages scheduling and desired state, while worker nodes run Pods. Each Pod hosts one or more containers and receives its own IP address.
Namespaces provide logical separation of workloads, but they do not create network isolation by themselves.
Kubernetes networking is flat by design. Every Pod can directly communicate with every other Pod across nodes without network address translation. There is no built-in restriction between namespaces, and east-west traffic flows freely unless explicit controls are introduced.
This means:
A Pod in one namespace can reach a Pod in another namespace.
A frontend service can directly access a database Pod unless policies are enforced.
Workloads across teams or environments share the same communication plane.
This default model is powerful for connectivity but introduces risk in multi tenant or security sensitive environments.
With this basic understanding of how Kubernetes networking behaves by default, let us see how to implement network segmentation in AKS.
🔴 Get my DevOps & Kubernetes ebooks! (free for Premium Club and Personal Tier newsletter subscribers)
Upgrade to Paid to read the rest.
Become a paying subscriber to get access to this post and other subscriber-only content.
UpgradePaid subscriptions get you:
- Access to archive of 250+ use cases
- Deep Dive use case editions (Thursdays and Saturdays)
- Access to Private Discord Community
- Invitations to monthly Zoom calls for use case discussions and industry leaders meetups
- Quarterly 1:1 'Ask Me Anything' power session
