In Kubernetes, how do Network Policies behave when multiple policies are applied to the same set of pods?

• A. They override each other
• B. They apply only to ingress rules
• C. They are additive, where each additional policy further restricts allowed traffic
• D. They are ignored when multiple policies apply

Answer: (C)

The traffic control with Network Policies is cumulative. When multiple policies select the same pods, every applicable policy contributes its allowed paths, and the pod’s actual allowed traffic is the intersection of those allowances. In practice, that means adding more policies tends to shrink the set of doors open to traffic rather than expand them. For example, if one policy permits ingress from a certain namespace and another policy permits ingress from another namespace, traffic must satisfy both policies to be allowed, which often results in stricter or even no allowed sources. Since policies restrict both ingress and egress when they apply, they are not about overriding each other or being ignored; they stack to restrict further. That’s why the correct view is that they are additive, with each additional policy further restricting allowed traffic.