feat: implement CiliumNetworkPolicies for namespace isolation#28
Merged
CodeBuildder merged 1 commit intomainfrom Apr 14, 2026
Merged
feat: implement CiliumNetworkPolicies for namespace isolation#28CodeBuildder merged 1 commit intomainfrom
CodeBuildder merged 1 commit intomainfrom
Conversation
CodeBuildder
added
enhancement
CodeBuildder
added a commit
that referenced
this pull request
Apr 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this does
Closes #8.
Implements zero-trust network segmentation across all Argus namespaces using CiliumNetworkPolicy. Replaces placeholder files with production policies that enforce default-deny ingress on workload namespaces and grant explicit egress only to the services that need it.
Changes
security/cilium/default-deny-ingress.yamlDefault-deny ingress policies for
prodandstaging. Any pod in these namespaces will only accept inbound traffic from:monitoringnamespace (Prometheus scraping)argus-systemnamespace (agent remediation actions)Everything else is silently dropped — and visible as dropped flows in the Hubble UI, which gives the agent a network-level signal it can correlate with Falco syscall events.
security/cilium/deny-cross-namespace.yamlTwo egress policies for the control plane namespaces:
allow-argus-agent-egress(argus-system): The AI agent needs to reach prod/staging to execute remediation (cordon, label, network isolate), reach kube-system for cluster API access, reach monitoring for context enrichment, and reachapi.anthropic.comfor Claude API calls. Both the wildcard and exact FQDN are specified — Cilium resolves these via DNS proxy and programs eBPF maps for matching egress flows.allow-monitoring-scrape(monitoring): Prometheus needs outbound access to scrape metrics endpoints in prod, staging, and kube-system. Scoped to only those three namespaces — monitoring cannot initiate connections anywhere else.README.mdAdded Cilium Network Policies section to Security status documenting the default-deny model and all explicit allow rules.
Why this matters
This completes the Module 2 security layer. Combined, Falco + Kyverno + CiliumNetworkPolicy give Argus three independent enforcement points: runtime syscall detection, admission-time policy validation, and eBPF-enforced network segmentation. A compromised pod in
prodcannot reachargus-system, cannot exfiltrate to arbitrary IPs, and any attempt to do so generates a Hubble dropped flow that feeds directly into the agent's threat reasoning pipeline.