We did not consider network policies. Here, the K8s cluster is managed and used by a single single (small) team, so we don’t strictly need multi tenancy and isolation. Beside, we already have (too-many?) firewall rules with Google Compute Engine, so I don’t know how the 2 set of rules (K8s and GCE) would play together. Finally when we started with K8s (in prod) it was with the 1.7 version and I am not sure network policies were enabled or much “advertised” in GKE. We may reconsider network policy as we grow.