NetZero: Automated Zero-Trust K8s Network Policies Using Go and eBPF
Implementing zero-trust networking in a microservice architecture is a massive pain point. In production, security best practices dictate that Service A should only be allowed to communicate with Service B, and everything else must be blocked.
But as developers, how do we actually implement this?
Usually, it involves a painful guessing game: combing through raw source code, tracing configuration files, or parsing logs to write complex Kubernetes NetworkPolicy YAML files. If you miss a single third-party API or internal caching layer, your application crashes in production.
To solve this, I built and open-sourced NetZero: a zero-configuration developer tool written in Go and C that observes actual runtime traffic directly from the Linux kernel to auto-generate flawless network policies.






