diff --git a/kuryr_kubernetes/controller/drivers/utils.py b/kuryr_kubernetes/controller/drivers/utils.py
index 41c8ecf3f..9e78c7d8b 100644
--- a/kuryr_kubernetes/controller/drivers/utils.py
+++ b/kuryr_kubernetes/controller/drivers/utils.py
@@ -83,6 +83,13 @@ def is_host_network(pod):
     return pod['spec'].get('hostNetwork', False)
 
 
+def is_pod_scheduled(pod):
+    try:
+        return bool(pod['spec']['nodeName'])
+    except KeyError:
+        return False
+
+
 def get_pods(selector, namespace=None):
     """Return a k8s object list with the pods matching the selector.
 
diff --git a/kuryr_kubernetes/controller/handlers/kuryrnetworkpolicy.py b/kuryr_kubernetes/controller/handlers/kuryrnetworkpolicy.py
index 98781b87f..f98f71a95 100644
--- a/kuryr_kubernetes/controller/handlers/kuryrnetworkpolicy.py
+++ b/kuryr_kubernetes/controller/handlers/kuryrnetworkpolicy.py
@@ -273,7 +273,8 @@ class KuryrNetworkPolicyHandler(k8s_base.ResourceEventHandler):
 
         if crd_sg:
             for pod in pods_to_update:
-                if driver_utils.is_host_network(pod):
+                if (driver_utils.is_host_network(pod)
+                        or not driver_utils.is_pod_scheduled(pod)):
                     continue
                 pod_sgs = self._drv_pod_sg.get_security_groups(pod, project_id)
                 if crd_sg in pod_sgs: