While many teams understand the importance of transitioning to a default-deny network posture in Kubernetes, only a few manage to fully realize this vision. Using Calico, an open-source networking and security solution, this session details our journey from an open network setup to a fully secured, default-deny environment. We’ll walk through each step of the migration, from planning and implementation to user support and policy fine-tuning. This session offers practical, real-world insights on turning the concept into reality, highlighting the challenges faced and the solutions implemented.