Network Policies: Ingress and Egress Rules

You apply a NetworkPolicy to lock down your database pods. Traffic still flows. Nothing in the error logs. kubectl get networkpolicy shows the policy sitting there, spec intact. What went wrong?

Two explanations cover almost every case: your CNI doesn't enforce NetworkPolicy (Flannel doesn't, and neither does kindnet in most kind setups), or your selector isn't matching what you think. In managed clusters on EKS, GKE, or AKS, the CNI enforces it — selector misconfiguration is usually the culprit there. Either way, the policy is silently ignored. No error, no warning, no event.