nvm found the place to report bug on the software component on github
AKS Azure network policy manager not applying policies properly
Raphael
0
Reputation points
Not a question, but there's no place for bug reports
Azure network policy manager does not enforce defined network policies on the local node.
For example if you define a network policy to filter out all egress traffic from the pod, the traffic going toward the local node private ip (not the public one if any) won't be filtered out.
Consequently any listening service on the private ip can be connected to (containerd, kubelet, ssh…).
This only concerns Azure NPM, not Calico if you choose this option instead