Platform Engineering
Kubernetes NetworkPolicy Validator
Paste a Kubernetes NetworkPolicy YAML to validate structure, detect overly-broad selectors, and check CIDR notation. Flags CNI compatibility requirements.
No data is transmitted โ everything runs locallyTool
About this tool
Kubernetes NetworkPolicy Validator
The Kubernetes NetworkPolicy Validator checks NetworkPolicy YAML structure, pod selector scope, CIDR notation, ingress/egress rule completeness, and CNI enforcement requirements.
โข Validate a deny-all NetworkPolicy before applying to a production namespace
โข Check that a pod selector isn't accidentally selecting all pods in the namespace
โข Verify CIDR ipBlock syntax and except notation before deploying
โข Identify that a policy requires a CNI plugin that supports NetworkPolicy enforcement
Affiliate disclosure
Developer-friendly cloud infrastructure. DigitalOcean provides cloud compute, networking, and managed databases with predictable pricing.
View Kubernetes deployment options
External site ยท Independent provider ยท We may receive a commission ยท Not a recommendation
FAQ
What does this tool tell you?
The Kubernetes NetworkPolicy Validator checks NetworkPolicy YAML structure, pod selector scope, CIDR notation, ingress/egress rule completeness, and CNI enforcement requirements.
What affects the result most?
NetworkPolicy spec validation: podSelector, ingress, egress, policyTypes structure. Empty podSelector: {} selects all pods in namespace โ often unintentionally broad. Deny-all pattern: NetworkPolicy with empty ingress [] blocks all ingress to selected pods.
How should I use the result?
Treat the tool's output as a first-pass check, not a proof of correctness. A clean pass means no issues in the patterns this tool recognizes; a failure points to a specific problem you can investigate in your source. The underlying spec is the authoritative source for edge cases.
Related tools